Security Boulevard

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Bridge Types’ appeared first on Security Boulevard.

At this year’s RSAC Conference, one theme loomed large: AI isn’t just a tool anymore—it’s a battleground. Industry veteran Anand Oswal discussed how AI is reshaping both sides of the cybersecurity equation: It’s amplifying the speed and scale of attacks while simultaneously offering new ways to fight back. The complexity of securing AI applications is..

The post Security in the Age of AI with Anand Oswal appeared first on Security Boulevard.

Authors/Presenters: Matteo Rizzo, Kristoffer `spq` Janke, Eduardo Vela Nava and Josh Eads

Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending the OffensiveCon 25 conference.

Permalink

The post OffensiveCon25 – Entrysign: Create Your Own x86 Microcode for Fun and Profit appeared first on Security Boulevard.

Cisco IOS XE Flaw: The security experts are all in agreement that organizations should rush to fix the vulnerability. 

The post No Lollygagging: Cisco IOS XE Flaw With 10.0 Rating Should be Patched Now appeared first on Security Boulevard.

Tel Aviv, Israel, 9th June 2025, CyberNewsWire

The post Seraphic Security Unveils BrowserTotal™ – Free AI-Powered Browser Security Assessment for Enterprises appeared first on Security Boulevard.

RSA has updated its passwordless identity management platform to add support for desktops that are connected to the Microsoft Entra ID directory service.

The post RSA Extends Reach of Passwordless Management Platform appeared first on Security Boulevard.

Contrast Security today made available an update to its application detection and response platform that leverages graph and artificial intelligence (AI) technologies to provide security operations teams with a digital twin of the applications and associated application programming interfaces (APIs) that need to be secured.

The post Contrast Security Combines Graph and AI Technologies to Secure Applications appeared first on Security Boulevard.

Explore the latest features and enhancements in CodeSentry 7.2! CodeSentry 7.2 SaaS introduces AI Component Detection, which highlights the use of Artificial Intelligence (AI) or Machine Learning (ML) software packages in the Software Bill Of Materials using component tags.  This includes the most popular open source tools such as TensorFlow and SciKit among many others. …

The post What’s New in CodeSentry 7.2  appeared first on CodeSecure.

The post What’s New in CodeSentry 7.2  appeared first on Security Boulevard.

New Zealand mandates DMARC enforcement under its new Secure Government Email framework. Learn what this means and how agencies can ensure compliance.

The post New Zealand Government Mandates DMARC Under New Secure Email Framework appeared first on Security Boulevard.

SANTA CLARA, Calif., June 9, 2025 – NSFOCUS, a global leader in cybersecurity solutions, announced the release of its annual report, the 2024 Global DDoS Landscape Report. The full report is packed with in-depth analysis and insights that can help organizations better understand the DDoS threat environment and formulate more effective countermeasures. Highlights of the […]

The post NSFOCUS Releases 2024 Global DDoS Landscape Report appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post NSFOCUS Releases 2024 Global DDoS Landscape Report appeared first on Security Boulevard.

Have you ever had a client ask, “How much risk are we facing?” and all you had was a pie chart to show them? In 2025, that doesn’t cut it. Today’s business executives expect more. They want risk explained in clear, unambiguous terms—and most of all, they want numbers. Not just because it sounds smart […]

The post Why MSSPs Must Prioritize Cyber Risk Quantification in 2025 appeared first on Centraleyes.

The post Why MSSPs Must Prioritize Cyber Risk Quantification in 2025 appeared first on Security Boulevard.

Join us as we discuss the long-awaited implementation of the REAL ID Act in the U.S. We cover the essentials you need to fly, the potential benefits of using your passport, and how new mobile IDs fit into the TSA’s plans. We also discuss the broader implications for identity surveillance and who truly benefits from […]

The post Do You Really Need a REAL ID to Fly in the US? Breaking Down the Myths appeared first on Shared Security Podcast.

The post Do You Really Need a REAL ID to Fly in the US? Breaking Down the Myths appeared first on Security Boulevard.

Overview Recently, NSFOCUS CERT has detected that DataEase has issued a security bulletin to fix multiple high-risk vulnerabilities in DataEase (CVE-2025-49001/CVE-2025-49002/CVE-2025-48999). Combined use can achieve unauthorized code execution. At present, the vulnerability details and PoC have been made public. Relevant users are requested to take measures to protect them as soon as possible. CVE-2025-49001: Due […]

The post Multiple High-Risk Vulnerabilities in DataEase (CVE-2025-49001/CVE-2025-49002/CVE-2025-48999) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Multiple High-Risk Vulnerabilities in DataEase (CVE-2025-49001/CVE-2025-49002/CVE-2025-48999) appeared first on Security Boulevard.

What is the Critical Core of NHI Management? Non-Human Identities (NHIs), the machine identities used in cybersecurity, play an essential role in maintaining an organization’s security status. Created by combining a “Secret” (an encrypted password, token, or key) and the permissions granted to that Secret by a server, they form the backbone of an organization’s […]

The post Proactive Measures for NHI Threat Detection appeared first on Entro.

The post Proactive Measures for NHI Threat Detection appeared first on Security Boulevard.

Can Enhanced NHI Safety Bring You Peace of Mind? The management of Non-Human Identities (NHIs) and Secrets has become increasingly crucial. With all the buzz around the subject, does the thought of enhanced NHI safety reassure you? Although managing NHIs and Secrets can be complex, with the right approach, you can confidently navigate the rapidly […]

The post Stay Reassured with Enhanced NHI Safety appeared first on Entro.

The post Stay Reassured with Enhanced NHI Safety appeared first on Security Boulevard.

What if there was a way to drastically reduce the security risks in your cloud environment? Imagine having the ability to identify and mitigate any risk proactively, without any hassles. It turns out that method exists, and it’s called Non-Human Identity (NHI) management. According to a study on leadership in the cybersecurity industry, the confidence […]

The post Confidence in Handling NHIs Effectively appeared first on Entro.

The post Confidence in Handling NHIs Effectively appeared first on Security Boulevard.

Authors/Presenters: Fish and Ling Hanqin

Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending the OffensiveCon 25 conference.

Permalink

The post OffensiveCon25 – Skin In The Game: Survival Of GPU IOMMU Irregular Damage appeared first on Security Boulevard.

At one time, having a personal coach was just for top-tier athletes, but no longer. Whether you prefer the term "mentor" or "life coach," there’s growth potential for us all to consider.

The post From Quarterbacks to CxOs: Why We All Need a Coach appeared first on Security Boulevard.

And what does it tell us about Cybersecurity?

As the founding CEO of StackStorm and now DeepTempo, I’ve seen how the needs of CISOs and SOCs have changed over the last 10+ years.

New challenges and a better color scheme!

When we started StackStorm, the cybersecurity landscape was different. Our power users rarely asked for more alerts — rather, they just wanted context and to handle the alerts they received in a better manner. Signatures, rules, and predefined playbooks formed the cornerstone of defense.

Incidentally — a little bit about StackStorm. Think of it as a SOAR that is more broadly applicable than only security. In fact recently an analyst called it one of the top 5 open source SOARs:

https://research.aimultiple.com/open-source-soar/

We called what we did event-driven automation. We sold StackStorm back in 2017 — our seed investor wanted a quick win — and the project lives on as a Linux Foundation project. It is used in security by many more advanced shops, including many managed security providers, sometimes just for the ChatOps support and other times for its ability to stitch together an enormous number of systems with rules and workflows before sending alerts downstream to Splunk. StackStorm is Python under the hood and saves enormous time even vs. vibe coding your way to system control and integrations.

Fast-forward to today, and the threat landscape has dramatically evolved. CISOs bellowing “don’t give me any more indicators” sound a bit less credible now that their systems cannot see or isolate common attacks. Signatures and traditional rule-based detections simply aren’t keeping up. According to CrowdStrike’s recent Threat Report, over 80% of today’s attacks bypass traditional signature-based systems, exploiting the gaps in rules and static detections. Novel attacks, including zero-days and advanced persistent threats (APTs), have soared. The National Vulnerability Database reported a record-setting 26,448 new Common Vulnerabilities and Exposures (CVEs) in 2022 alone, up sharply from approximately 12,000 when StackStorm was sold in 2017.

Living-off-the-Land (LotL) attacks have become common, using legitimate system tools to remain undetected by traditional methods. Symantec reports a staggering 150% increase in LoL techniques since 2019. Attackers are also leveraging Large Language Models (LLMs) to dynamically alter malware, craft sophisticated phishing campaigns, and evade legacy detection methods, further eroding the efficacy of static signatures.

According to the annual State of Cybersecurity survey by Scale Venture Partners — the #1 concern as of April 2025 by buyers is — you guessed it — AI-enabled attacks.

Customers are vulnerable, and they know it.

Despite these alarming shifts, many investors and a few users are chasing SOC-focused “AI” agentic solutions — essentially smarter but integration-limited variants of StackStorm’s approach. While AI-powered SOCs promise smarter correlation, they’re still reactive, focusing largely on known threats and requiring extensive configuration and training tailored to each environment. And the next time you hear a CISO bellowing about “we don’t need more indicators,” remind them that you cannot correlate, or automate, what you cannot see.

Machine Learning has earned a reputation as complex and unwieldy, often needing significant retraining for every new environment, resulting in high false positives and operational fatigue.

When I decide to again address security use cases, I started, as many founders would, from trying to deeply understand the real pain of security teams. What we want in cybersecurity isn’t actually better handling of alerts — it is to be safe.

By designing and pretraining a foundation Log Language Model (LogLM) — a deep learning model pretrained on vast quantities of flow logs — we can detect anomalies indicative of all sorts of attacks, including novel and stealthy attacks. This approach doesn’t just amplify traditional detection or address some of the drudgery of working in a SOC — it transforms it by much more accurately seeing attacks while providing the SOC with useful context. Because our LogLM is a foundation model, it requires little to no fine-tuning. Recently, we had an experience with a large public network provider where our LogLM was at 94% accuracy before fine-tuning and achieved 99% accuracy after 45 minutes of fine-tuning. Traditional ML would have required a number of bespoke models for that same customer, taking months to retrain and combine.

The rapid adaptability of the LogLM also allows it to be improved via our patent-pending active learning. This system catches changes in the distribution of the underlying data and allows for micro adjustments.

I would welcome your feedback. Having already helped to address event handling by building a top open source SOAR 10 years ago — this time around I decided to radically improve the accuracy and ease of use of systems to actually see what is happening. What am I missing? Do you agree that we actually need more indicators now, as long as they are the right ones, with low false positives, are adaptable, and can see the vast majority of today’s ever-evolving attacks?

From StackStorm to DeepTempo was originally published in DeepTempo on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post From StackStorm to DeepTempo appeared first on Security Boulevard.

Is Your Organization Implementing Scalable Solutions for NHI Management? Is your business laying a solid groundwork for efficient Non-Human Identity (NHI) management? If not, you’re likely exposing your organization to unnecessary risks. Data leaks and breaches could be lurking around the corner, jeopardizing your company’s reputation and bottom line. Understanding Non-Human Identities (NHIs) Non-Human Identities, […]

The post Scalable Solutions for NHI Management appeared first on Entro.

The post Scalable Solutions for NHI Management appeared first on Security Boulevard.