Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

By Trevor Hilligoss

Passwords have been the cornerstone of basic cybersecurity hygiene for decades.

Related: Passwordless workpace long way off

However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

But as secure and user-friendly as these authentication methods are, cybercriminals are already busily sidestepping all forms of authentication – passwords, MFA, and passkeys – to sometimes devastating effect.

Passwordless work arounds

Without a doubt, passwordless authentication is a significant improvement over traditional passwords and effectively addresses the persistent risk of easy to guess passwords and password reuse. Most passkeys available to consumers leverage unique biometric authentication data and cryptographically secure means to authenticate users when they access websites and applications.

This new authentication technique is gaining traction, especially since the FIDO Alliance has advocated for its implementation over the last year. Moreover, leading tech companies like Google, Microsoft, and Apple have developed robust frameworks to integrate this system of authentication. (more…)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

RSAC Fireside Chat: Madison Horn’s quest to add cyber expertise, restore ethics to Congress

By Byron V. Acohido

At a time of devolving politics, Madison Horn stands out as a breath of fresh air.

Related: The Biden-Harris National Cybsecurity Strategy

I had the chance to sit down with Horn at RSAC 2024 to learn all about her measured decision to put an ascendent cybersecurity career on hold to run for political office.

I came away very impressed by Horn’s determination to inject technical expertise and ethical reform into an arena starkly bereft of both: the U.S. Congress. For a full drill down, please give the accompanying podcast a listen.

Horn’s background is as compelling as it is unorthodox. A seventh generation Oklahoman and a proud member of the Cherokee Nation, she grew up in a rural community with few socio-economic advantages. Her professional career began by happenstance at a small cyber firm that specialized in assessing critical infrastructure vulnerabilities. (more…)

RSAC Fireside Chat: Amplifier Security taps LLMs to help organizations foster a security culture

By Byron V. Acohido

Security teams rely on an ever-growing stack of cybersecurity tools to keep their organization safe.

Related: The worst year ever for breaches

Yet there remains a glaring disconnect between security systems and employees.

Now comes a start-up, Amplifier Security, with a bold new approach to orchestrate security actions.

Just after RSAC 2024, I spoke with Thomas Donnelly, Amplifier’s co-founder and CTO, about how that they’re utilizing large language models (LLMs) and to emphasize continual employee engagements. For a full drill down, on how Amplifier aims to help companies shape a security culture — without sacrificing productivity — please give the accompanying podcast a listen.

At the heart of Amplifier’s solution is Ampy, an AI security buddy. Ampy interacts directly with each employee to facilitate automated security fixes. Ultimately Ampy offloads a ton of manual work that security teams typically have to do by chasing employees themselves. (more…)

New Tech Q&A: Adaptiva – CrowdStrike alliance highlights trend of blending IT and security systems

By Byron V. Acohido

The coalescing of the next-gen security platforms that will carry us forward continues.

Related: Jump starting vulnerability management

Adaptiva, a leader in autonomous endpoint management, recently announced the launch of OneSite Patch for CrowdStrike. This new solution integrates with CrowdStrike’s Falcon XDR platform to improve the efficiency and speed of patching critical vulnerabilities in enterprise systems.

This strategic alliance between Adaptiva and CrowdStrike makes a lot of sense. OneSite Patch leverages CrowdStrike’s rich threat intelligence and vulnerability data to prioritize and automate patch deployments.

Thus it provides a smooth path for companies to patch vulnerabilities and install updates much more efficiently. This pain point is intensifying at large and mid-sized enterprises as operations become more globally distributed and interconnected at the cloud edge.

The State of Patch Management in the Digital Workplace Report, for instance, underscores how legacy vulnerability management practices are by and large bereft of any meaningful strategic intent; for instance, some 79% of respondents said patch deployments are scheduled ad hoc or use a one-size fits all approach.

Last Watchdog engaged Davinder Singh, Chief Technology Officer at Adaptiva, to drill down on the current state of securing networks. Here’s that exchange, edited for clarity and length. (more…)

News Alert: INE Security lays out strategies for optimizing security teams to mitigate AI risks

Cary, NC, June 20, 2024, CyberNewsWire — 2024 is rapidly shaping up to be a defining year in generative AI.

While 2023 saw its emergence as a potent new technology, business leaders are now grappling with how to best leverage its transformative power to grow efficiency, security, and revenue. With the near-universal integration of AI into global technology, the need for AI-ready cybersecurity teams is more critical than ever.

INE Security, a leading global cybersecurity training and cybersecurity certification provider, predicts large language model (LLM) applications like chatbots and AI-drive virtual assistants will be at particular risk.

“AI systems are invaluable, enabling us to process vast amounts of data with unmatched speed and accuracy, detect anomalies, predict threats, and respond to incidents in real-time. But these revolutionary technologies are also empowering attackers, leveling the playing field in unprecedented ways,” said Lindsey Rinehart, COO and Head of AI Integration at INE Security. “As automated attacks increase, our defense strategies must also be automated and intelligent. The accelerating arms race between cyber attackers and defenders underscores the vital need for ongoing training and development for cybersecurity teams.” (more…)

RSAC Fireside Chat: Tightened budgets impose discipline on CISOs, resets security investments

By Byron V. Acohido

CISOs have been on something of a wild roller coaster ride the past few years.

Related: Why breaches persist

When Covid 19 hit in early 2020, the need to secure company networks in a new way led to panic spending on cybersecurity tools. Given carte blanche, many CISOs purchased a hodge podge of unproven point solutions, adding to complexity.

By mid-2022, with interest rates climbing and the stock market cratering, CFOs began demanding proof of a reasonable return on investment. Today, with purse strings tightened – and cyber risks and compliance pressures mounting — CISOs must recalibrate.

I had a fascinating discussion about this with Ryan Benevides, a principal at WestCap, the growth equity firm founded by Laurence Tosi, former CFO of Blackstone and Airbnb. WestCap’s cybersecurity partnerships  includes HUMAN Security, Bishop Fox and Dragos.

Benevides shared his perspective of how the cybersecurity realm has become saturated with over 4,000 venture-backed vendors who are under tighter scrutiny as well. For a full drill down, please give the accompanying podcast a listen. (more…)

NEWS ANALYSIS Q&A: Striving for contextual understanding as digital transformation plays out

By Byron V. Acohido

The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment.

Related: The advance of LLMs

For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

I first tapped Gunter Ollmann’s insights about botnets and evolving malware some 20 years when he was a VP Research at Damballa and I was covering Microsoft for USA TODAY. Today, Ollmann is the CTO of IOActive, a Seattle-based cybersecurity firm specializing in full-stack vulnerability assessments, penetration testing and security consulting. We recently reconnected. Here’s what we discussed, edited for clarity and length?

LW: In what ways are rules-driven cybersecurity solutions being supplanted by context-based solutions?

Ollmann: I wouldn’t describe rules-based solutions as being supplanted by context-based systems. It’s the dimensionality of the rules and the number of parameters consumed by the rules that have expanded to such an extent that a broad enough contextual understanding is achieved. Perhaps the biggest change lies in the way the rules are generated and maintained, where once a pool of highly skilled and experienced cybersecurity analysts iterated and codified actions as lovingly-maintained rules, today big data systems power machine learning systems to train complex classifiers and models. These complex models now adapt to the environments they’re deployed in without requiring a pool of analyst talent to tweak and tune. (more…)

SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux

By Byron V. Acohido

Identity and Access Management (IAM) is at a crossroads.

Related: Can IAM be a growth engine?

A new Forrester Trends Report dissects ten IAM trends now in play, notably how AI is  influencing IAM technologies to meet evolving identity threats.

IAM is a concept that arose in the 1970s when usernames and passwords first got set up to control access mainframe computers.

By the 1990s, single sign-on (SSO) solutions had caught, and with the explosion of web apps that followed came more sophisticated IAM solutions. Federated identity management emerged, allowing users to use the same identity across different domains and organizations, and standards like SAML (Security Assertion Markup Language) were developed to support this.

The emergence of cloud computing further pushed the need for robust IAM systems. Identity as a Service (IDaaS) began to gain traction, offering IAM capabilities through cloud providers. (more…)

RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery

By Byron V. Acohido

Business data today gets scattered far and wide across distributed infrastructure.

Just knowing where to look – or even how to look – much less enforcing security policies, has become next to impossible for many organizations.

At RSAC 2024, I visited with Pranava Adduri, co-founder and CEO of Bedrock Security which has just rolled out its AI Reasoning (AIR) Engine to help solve this problem in a bold new way.

The start-up leverages serverless architectures to discover patterns in large datasets and then maps out data boundaries without having to examine every single data point.

This “commoditization” of data discovery, as Adduri puts it, slashes the cost of data discovery at scale. For instance, Amazon’s AWS Macie service charges around $1,000 per terabyte for data discovery, or $1 million per petabyte, Adduri told me. (more…)

GUEST ESSAY: Taking a systematic approach to achieving secured, ethical AI model development

By Harish Mandadi

AI has the potential to revolutionize industries and improve lives, but only if we can trust it to operate securely and ethically.

Related: The key to the GenAI revolution

By prioritizing security and responsibility in AI development, we can harness its power for good and create a safer, more unbiased future.

Developing a secured AI system is essential because artificial intelligence is a transformative technology, expanding its capabilities and societal influence. Initiatives focused on trustworthy AI understand the profound impacts this technology can have on individuals and society. They are committed to steering its development and application towards responsible and positive outcomes.

Security considerations

Securing artificial intelligence (AI) models is essential due to their increasing prevalence and criticality across various industries. They are used in healthcare, finance, transportation, and education, significantly impacting society. Consequently, ensuring the security of these models has become a top priority to prevent potential risks and threats.

•Data security. Securing training data is crucial for protecting AI models. Encrypting data during transmissionwill prevent unauthorized access. Storing training data in encrypted containers or secure databases adds a further layer of security. (more…)

RSAC Fireside Chat: Dispersive adapts WWII radio-signal masking tool to obfuscating network traffic

By Byron V. Acohido

Spread spectrum technology helped prevent the jamming of WWII radio-controlled torpedoes and subsequently became a cornerstone of modern-day telecom infrastructure.

For its next act, could spread spectrum undergird digital resiliency? I had an evocative discussion about this at RSAC 2024 with Dispersive CEO Rajiv Plimplaskar. For a full drill down, please give the accompanying podcast a listen.

For historical context, the U.S. military scattered radio-signals and added noise to radio transmissions — to prevent the jamming of torpedo controls. Decades later, the telecom industry figured out how to spread WiFi, GPS, BlueTooth and 5G signals over a wide bandwidth and then also added pseudo-random codes — to prevent tampering.

Dispersive launched in 2021 to adapt these same concepts to protecting sensitive network transmissions in a highly dynamic environment. Here what Plimplaskar told me: (more…)

News analysis Q&A: Shake up of the SIEM, UEBA markets continues as LogRhythm-Exabeam merge

By Byron V. Acohido

It’s easy to compile a checklist on why the announced merger of LogRhythm and Exabeam could potentially make strategic sense.

Related: Cisco pays $28 billion for Splunk

LogRhythm’s is a long established SIEM provider and Exabeam has been making hay since its 2013 launch advancing its UEBA capabilities. Combining these strengths falls in line with the drive to make cloud-centric, hyper-interconnected company networks more resilient.

Forrester Principal Analyst Allie Mellen observes: “The combined organization is likely to push hard in the midmarket, where LogRhythm’s existing suite has had success and the Exabeam user experience makes it a more natural fit.”

Despite the promising synergies, Mellen cautioned that the merger alone would not resolve all challenges. “Both of these companies have faced challenges in recent years that are not solved by a merger,” she adds. “These include difficulty keeping pace with market innovation and with the transition to the cloud.” she said.

Last Watchdog engaged Mellon in a drill down on other ramifications. Here’s that exchange, edited for clarity and length.

LW: How difficult is it going to be for LogRhythm and Exabeam to align their differing market focuses; what potential conflicts are they going to have to resolve? (more…)

News alert: AI SPERA integrates its ‘Criminal IP’ threat intelligence tool into AWS Marketplace

Torrance,Calif., May 22, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP, is now available on the AWS Marketplace.

This integration ensures efficient software procurement and deployment, aligning seamlessly with customers’ existing cloud architectures.

After meeting specific technical and security standards set by AWS, the SaaS-based Criminal IP search engine ensures reliability and seamless integration with AWS services. The AWS Marketplace, a significant platform primarily used in the US, provides Criminal IP with access to a vast global customer base, enhancing its visibility and credibility. This listing demonstrates the critical role of AWS Marketplace in the software’s adoption and success.

<Criminal IP, a comprehensive threat intelligence tool, is now available on the AWS Marketplace>

Criminal IP excels in threat detection, empowering cybersecurity with unparalleled intelligence.

Criminal IP is the industry’s leading IP address intelligence tool, leveraging AI and machine learning to provide unparalleled visibility into the risks associated with internet-connected devices. It offers comprehensive solutions for fraud detection, (more…)

MY TAKE: RSAC 2024’s big takeaway: rules-based security is out; contextual security is taking over

KINGSTON, Wash.  — U.S. Secretary of State Antony Blinken opened RSA Conference 2024 last week issuing a clarion call for the cybersecurity community to defend national security, nurture economic prosperity and reinforce democratic values.

Related: The power of everyman conversing with AI

Blinken

That’s a tall order. My big takeaway from RSAC 2024 is this: the advanced technology and best practices know-how needed to accomplish the high ideals Secretary Blinken laid out are readily at hand.

I was among some 40,000 conference attendees who trekked to San Francisco’s Moscone Center to get a close look at a dazzling array of cybersecurity solutions representing the latest iterations of the hundreds of billions of dollars companies expended on cybersecurity technology over the past 20 years.

And now, over the next five years,  hundreds of billions more  will be poured into shedding the last vestiges of on-premises, reactive defenses and completing the journey to edge-focused, tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

This paradigm shift is both daunting and essential; it must fully play out in order to adequately protect data and systems (more…)

RSAC Fireside Chat: How the open-source community hustled to identify LLM vulnerabilities

By Byron V. Acohido

SAN FRANCISCO — It took some five years to get to 100 million users of the World Wide Web and it took just one year to get to 100 million Facebook users.

Related: LLM risk mitigation strategies

Then along came GenAI and Large Language Models (LLM) and it took just a couple of weeks to get to 100 million ChatGPT users.

LLM is a game changer in the same vein as the Gutenberg Press and the Edison light bulb. It gives any literate human the ability to extract value from data.

Companies in all sectors are in a mad scramble to reap its benefits, even as cyber criminals feast on a new tier of exposures. As RSAC 2024 gets under way next week in San Francisco, the encouraging news is that the cybersecurity industry is racing to protect business networks, as well.

Case in point, the open-source community has coalesced to produce the OWASP Top Ten for Large Language Model Applications. Amazingly, just a little over a year ago this was a mere notion dreamt up by Exabeam CPO Steve Wilson. (more…)

RSAC Fireside Chat: Secure, flexible web browsers finally available, thanks to open-source code

By Byron V. Acohido

SAN FRANCISCO — At the end of 2000, I was hired by USA Today to cover Microsoft, which at the time was being prosecuted by the U.S. Department of Justice.

Related: Why proxies aren’t enough

Microsoft had used illegal monopolistic practices to crush Netscape Navigator thereby elevating Internet Explorer (IE) to become far and away the No. 1 web browser.

IE’s reign proved to be fleeting. Today Google’s Chrome browser —  based on the open-source code  Chromium — reigns supreme.

I bring all this up, because in 2019 Microsoft ditched its clunky browser source code and launched its Edge browser, based on open-source Chromium. (more…)

MY TAKE: GenAI revolution — the transformative power of ordinary people conversing with AI

By Byron V. Acohido

SAN FRANCISCO — The amazing digital services we have today wouldn’t have come to fruition without the leading technology and telecom giants investing heavily in R&D.

Related: GenAi empowers business

I had the chance to attend NTT Research’s Upgrade Reality 2024 conference here  last week to get a glimpse at some of what’s coming next.

My big takeaway: GenAI is hyper-accelerating advancements in upcoming digital systems – and current ones too. This is about to become very apparent as the software tools and services we’re familiar with become GenAI-enabled in the weeks and months ahead.

And by the same token, GenAI, or more specifically Large Language Model (LLM,) has added a turbo boost to the pet projects that R&D teams across the technology and telecom sectors have in the works.

The ramifications are staggering. The ability for any human to extract value from a large cache of data – using conversational language opens up a whole new universe of possibilities. (more…)

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

By Byron V. Acohido

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available.

Related: Data privacy vs data security

However, this remains a novel concept at most companies. Now comes a Forrester Research report that vividly highlights why attaining and sustaining a robust cybersecurity posture translates into a competitive edge.

The report, titled “Embed Cybersecurity And Privacy Everywhere To Secure Your Brand And Business,” argues for a paradigm shift. It’s logical that robust cybersecurity and privacy practices need become intrinsic in order to tap the full potential of massively interconnected, highly interoperable digital systems.

Forrester’s report lays out a roadmap for CIOs, CISOs and privacy directors to drive this transformation – by weaving informed privacy and security practices into every facet of their business; this runs the gamut from physical and information assets to customer experiences and investment strategies.

Last Watchdog engaged Forrester analyst Heidi Shey, the report’s lead author, in a discussion about how this could play out well, and contribute to an overall greater good. Here’s that exchange, edited for clarity and length. (more…)

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

By Zac Amos

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions.

Related: The security case for AR, VR

AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. This helps them improve their performance over time by gaining data from interactions.

In 2022, 88% of users relied on chatbots when interacting with businesses. These tools saved 2.5 billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 to $0.70 per interaction. Forty-eight percent of consumers favor their efficiency prioritization. (more…)

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

By Byron V. Acohido

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints.

Related: The role of ‘attribute based encryption’

There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

That could be about to change. Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights.

I had the chance to visit with , senior scientist at NTT Research’s Cryptography & Information Security (CIS) Lab, to learn more about the progress being made on a promising concept called “privacy preserving aggregate statistics.” (more…)

STEPS FORWARD: How decentralizing IoT could help save the planet — by driving decarbonization

By Byron V. Acohido

The Internet of Things (IoT) is on the threshold of ascending to become the Internet of Everything (IoE.)

Related:Why tech standards matter

IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf.

This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge. Yet IoE, at this nascent stage, holds much promise to tilt us towards a utopia where technology helps to resolve our planet’s most intractable problems.

This was the theme of Infineon Technologies’ OktoberTech 2023 conference, which I had the privilege of attending at the Computer History Museum in the heart of Silicon Valley. I had the chance to visit with Thomas Rosteck, Infineon’s Division President of Connected Secure Systems (CSS.)

Infineon supplies semiconductors embedded in smart systems, most notably in automotive, power and IoT. What I found most commendable (more…)

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

By Erin Kapcynski

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. OneRep provides a consumer service that scrubs your personal information from Google and dozens of privacy-breaching websites. Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.)

For the first expert interview on our blog, we welcomed Pulitzer-winning investigative reporter Byron V. Acohido to share his ideas about the current cyber threat landscape, the biggest threats for businesses today, the role of AI and machine learning in cyberattacks and cyberdefence, and the most effective methods for companies to protect themselves.

Byron is the founder and editor-in-chief of The Last Watchdog on Privacy & Security. He previously chronicled the emergence of cybercrime while covering Microsoft for USA TODAY. His news analysis columns, podcasts, and videos are crafted to foster a useful understanding of complex privacy and cybersecurity developments for (more…)

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

By Byron V. Acohido

Something simply must be done to slow, and ultimately reverse, attack surface expansion.

Related: What Cisco’s buyout of Splunk really signals

We’re in the midst of driving towards a dramatically scaled-up and increasingly connected digital ecosystem. Companies are obsessed with leveraging cloud-hosted IT infrastructure and the speedy software development and deployment that goes along with that.

And yet it remains all too easy for malicious hackers to get deep access, steal data, spread ransomware, disrupt infrastructure and attain long run unauthorized access.

I heard a cogent assessment of the shift that must take at the Omdia Analyst Summit at Black Hat USA 2023. In a keynote address, Omdia’s Eric Parizo, managing prinicipal analyst, and Andrew Braunberg, principal analyst, unveiled an (more…)

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

By Byron V. Acohido

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth?

Preserving privacy for a greater good

A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Last August, NTT, the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community leaders onto a more enlightened path. NTT, in short, has set out to usher in a new era of human wellness.

Towards this end it has begun sharing videos, whitepapers and reports designed to rally decision makers from all quarters to a common cause. The blue-sky mission is to bring modern data mining and machine learning technologies to bear delivering personalized services that ameliorate not just physical ailments, but also mental and even emotional ones.

That’s a sizable fish to fry. I had a lively discussion with Craig Hinkley, CEO of NTT Application Security, about the thinking behind this crusade. I came away encouraged that some smart folks are striving to pull us in a well-considered direction. For a full drill down, please give the accompanying podcast a listen. Here are a few key takeaways:

A new starting point

Modern medicine has advanced leaps and bounds in my lifetime when it comes to diagnosing and treating severe illnesses. Even so, for a variety of reasons, healthcare sectors in the U.S. and other jurisdictions have abjectly failed over the past 20 years leveraging Big Data to innovate personalized healthcare services. (more…)

MY TAKE: Study shows most folks haven’t considered bequeathing their ‘digital’ inheritances

By Byron V. Acohido

In our digital age, managing passwords effectively is crucial not just for our security while we’re alive, but also for ensuring our digital legacies are secure after we’re gone.

Related: Understanding digital footprints

A recent study by All About Cookies sheds light on the alarming lack of preparation most internet users have for their digital assets.

The All About Cookies study surveyed 1,000 U.S. adults to understand how prepared Americans are to pass on their digital inheritances. The results revealed that 67 percent of respondents have a plan to share banking account information, but only 24 percent include online account details in their wills.

Furthermore, only 30 percent of people in relationships say their partner could easily access their online accounts in the event of their death. This indicates a significant gap in planning for digital assets compared to physical ones. Here are the key findings

•Digital Asset Planning is Inadequate: While 65 percent of people have a will, only a quarter include information about their online accounts. This omission could leave families struggling to access essential digital information during an already difficult time.

•Storing Passwords in Memory: An astonishing 39 percent of respondents store their digital information in their heads, which poses two significant risks: the potential loss of access if something happens to the individual and the increased likelihood of using simple, easily hackable passwords. (more…)

News Alert: Infinidat introduces advanced cyber resiliency and recovery solution for enterprises

Waltham, Mass., June 27, 2024, CyberNewsWire — Infinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks.

Infinidat’s InfiniSafe® Automated Cyber Protection (ACP) is a first-of-its-kind cybersecurity integration solution that is designed to reduce the threat window of cyberattacks, such as ransomware. Sophisticated cyberattacks, including new sinister forms of AI-driven attacks, are increasingly targeting the data storage infrastructure of enterprises.

Infinidat’s InfiniSafe ACP enables enterprises to easily integrate with their Security Operations Centers (SOC), Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) cybersecurity software applications, and simple syslog functions for less complex environments. A security-related incident or event triggers immediate automated immutable snapshots of data, providing the ability to protect InfiniBox® and InfiniBox™ SSA block-based volumes and/or file systems and ensure near instantaneous cyber recovery. (more…)

News Alert: FireTail unveils free access to its enterprise-level API security platform — to all

McLean, Va., June 26, 2024, CyberNewsWire — FireTail today announced a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes.

•FireTail’s unique combination of open-source code libraries, inline API call evaluation, security posture management, and centralized audit trails helps eliminate vulnerabilities and protect APIs in real-time.

•The free plan covers up to 5 APIs, includes 1M API call logs per month, offers 7 days of data retention, and provides clear developer support.

FireTail, a disruptor in API security, unveils free access for all to its cutting-edge API security platform. This initiative opens the door for developers and organizations of any size to access enterprise-level API security tools.

Today, over 80% of all internet traffic is computer-to-computer communication via APIs. Every mobile app, IoT device, and most modern software applications use APIs, creating a broad attack surface for potential threats. FireTail’s hybrid approach to API security blends open-source code libraries with a feature-packed cloud platform and equips businesses with a unique suite of tools to eliminate API vulnerabilities and provide robust runtime API protection. (more…)