RSS_Virtulization

Thousands and thousands of components go into the assembly of contemporary vehicles. It is impossible for any original equipment manufacturer (OEM) to produce all these components themselves. The demand for just-in-time delivery and customization for all these parts has created a huge, unusually integrated supply chain. If even one supplier experiences a cybersecurity breach, the impact can be exponentially damaging for the automotive industry. The weeks of plant downtime not only cause huge production losses…

Amazon Prime Day has become a major shopping event, with 2023 setting a record as customers purchased over 375 million items worldwide, up from 300 million in 2022. As more people rush to find deals, scammers are using increasingly advanced tactics to exploit unsuspecting consumers. What’s Different This Year? The use of AI has significantly changed how scams are created and deployed. Tools like ChatGPT have seen explosive growth, reaching 100 million users in the…

The cybersecurity landscape is a complex and ever-evolving ecosystem. At its core lies a fundamental paradox: the more tools we deploy to protect our digital assets, the more complex and vulnerable our security posture becomes. This is a challenge faced by security teams worldwide, but it’s particularly acute for Chief Information Security Officers (CISOs). The average CISO juggles a staggering array of security tools – often more than 75 – sourced from a multitude of…

Ransomware attacks remain a significant threat to organizations worldwide, with cybercriminals continuously evolving tactics. Despite long-standing advice from cybersecurity experts against paying ransoms, many businesses still opt to pay, hoping for the safe return of their data. However, this approach often fails and perpetuates the cybercrime cycle, increasing calls for making ransom payments illegal. Recent data indicates a positive shift: only 34% of organizations now pay ransoms, marking an all-time low. This suggests that nearly…

Having served on the MITRE.org CVE (OVAL) advisory board, I have spent years analyzing vulnerabilities and how they impact global cybersecurity. The challenge has always been prioritization—how do we determine which threats are most critical before they are exploited? Traditional vulnerability scoring systems, while useful, often fail to provide the necessary context for real-world threat mitigation. That’s why I’m so impressed with the Exploit Prediction Scoring System (EPSS), an initiative by FIRST.org designed to bring…

Organizations are continually balancing seamless user experiences and implementing robust defenses against evolving threats. Passwords, as the first line of defense, remain a primary vulnerability, often exploited due to poor password management practices. While some multi-factor authentication (MFA) methods and password managers have become common practice, they remain insufficient in countering the sophisticated techniques used by advanced adversaries. Hardware security keys are an underutilized tool that offers substantial improvements in fortifying an organization’s defenses against…

Supply chain operations are often stymied by inefficiencies that result in higher costs, longer lead times, and dissatisfied customers. These inefficiencies stem from manual processes that slow operations down, data silos that worsen decision making and a lack of visibility into supply chain activities, including procurement. By implementing cutting-edge AI solutions into supply chain operations, procurement teams can overcome these challenges. Since data is the fuel for AI, unlocking its full potential is only possible…

Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this activity towards the end of January 2025, when the M365 account of one of its customers was successfully compromised in a highly targeted attack. The technique is more effective at successfully compromising accounts than most other spear-phishing campaigns, according to the researchers. In the campaign, the attackers impersonate…

With incidences of ransomware on the rise, nobody should even be thinking that an attack is something that couldn’t happen to them, let alone speak those words into existence. And for organizations that believe a breach couldn’t happen to them because they store their data in the cloud are burying their heads in the sand. All companies are vulnerable to ransomware. According to analyst estimates, cybercriminals were able to extort more than $1 billion in cryptocurrency…

The UK’s AI Safety Institute has rebranded to the AI Security Institute as the government shifts its AI strategy to focus on serious AI risks with security implications, including malicious cyber-attacks, cyber fraud and other cybercrimes. The UK Technology Secretary Peter Kyle announced the pivot at the Munich Security Conference, three days after the AI Action Summit in Paris. “The changes I’m announcing today represent the logical next step in how we approach responsible AI development –…