Security Boulevard

Permalink

The post Randall Munroe’s XKCD ‘METAR’ appeared first on Security Boulevard.

Picture this scenario: You’ve used every tool you have to secure your web pages and forms so patient information is safe. One day, a potential patient Googles “hysterectomy options” and ends up on your hospital’s website. They browse around, maybe even schedule an appointment online. You have no reason to worry, right? Because you’ve done […]

The post Is Your Website Leaking Sensitive Patient Information to Facebook? A disturbing story about HIPAA (and How to Avoid It) appeared first on Feroot Security.

The post Is Your Website Leaking Sensitive Patient Information to Facebook? A disturbing story about HIPAA (and How to Avoid It) appeared first on Security Boulevard.

Technology is transforming teaching and learning in today’s classrooms by providing teachers and students with an ever-increasing array of digital tools and resources. The possibilities for innovation are endless, from video conferencing to virtual reality and artificial intelligence (AI). While implementing these tools comes with a learning curve, teachers are embracing them due to their ...

The post Classroom Manager: Online Classroom Management, Instruction, and Learning Made Easy appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Classroom Manager: Online Classroom Management, Instruction, and Learning Made Easy appeared first on Security Boulevard.

The cybersecurity landscape over the past 12 months shows that It’s been a banner year of compromised credential data collection.

The post Reflecting on a Year of Compromised Data appeared first on Security Boulevard.

Last week, Balbix was recognized in the Forrester Cyber Risk Quantification (CRQ) Solutions Landscape, Q4 2024. You can read the report here. Increasingly, CRQ has become a key tool for security leaders for executive reporting, risk prioritization, ROI analysis, and more. Balbix is at the forefront of these discussions. While many view CRQ as a …

Read More

The post Balbix is recognized in Forrester’s CRQ Solutions Landscape, Q4 2024 appeared first on Security Boulevard.

Author/Presenter: Aapo Oksman

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Leveraging Private APNs For Mobile Network Traffic Analysis appeared first on Security Boulevard.

Protecting your computer in the hyper-connected world of today goes beyond merely preventing bothersome viruses. Smarter, quicker, and far more invasive than ever before are modern dangers. Cybercriminals no longer depend on simple strategies; they leverage flaws, fool unsuspecting consumers, […]

The post 5 Modern Computer Safety Tips You Should Know About appeared first on TechSpective.

The post 5 Modern Computer Safety Tips You Should Know About appeared first on Security Boulevard.

Cybersecurity vendor Wallarm, using a honeypot, found that hackers can discover new APIs in 29 seconds and that APIs are now more targeted than web applications, highlighting the need to put a security focus on the increasingly popular business tools.

The post Attackers Can Find New APIs in 29 Seconds: Wallarm appeared first on Security Boulevard.

As a passionate cybersecurity enthusiast & a professional with ColorTokens, participating in the recently concluded 19th Annual Information Security Summit (AISS) 2024, organized by NASSCOM-DSCI, was an invaluable opportunity to immerse myself in the latest trends, innovations, and discussions shaping our industry.  AISS 2024 lived up to its reputation as India’s premier platform for cybersecurity […]

The post Bits & Bytes: A Recap of AISS 2024 appeared first on ColorTokens.

The post Bits & Bytes: A Recap of AISS 2024 appeared first on Security Boulevard.

A review of some interesting briefings and tools found at Blackhat EMEA 2024.

The post Review of Blackhat EMEA 2024 appeared first on The Cyber Hut.

The post Review of Blackhat EMEA 2024 appeared first on Security Boulevard.

APIs are essential for modern digital business operations, enabling smooth connectivity and data exchange between applications. However, the growing dependence on APIs has unintentionally widened the attack surface, making strong API security a vital concern for organizations. Traditional security measures often prove inadequate in effectively safeguarding this changing landscape.

To address this challenge, integrating specialized API security solutions with comprehensive security platforms creates a multi-layered defense strategy. A notable example of this approach is the integration of Salt Security with CrowdStrike's Next-Generation SIEM (NG-SIEM).

Benefits of Integration

• Enhanced Threat Detection: By integrating Salt Security's advanced API inspection capabilities with CrowdStrike's threat intelligence, organizations can proactively identify malicious behavior and potential vulnerabilities throughout the entire API ecosystem. This integration detects sophisticated attacks, including data exfiltration, injection, and DDoS attacks targeting APIs.
• Accelerated Threat Response: The seamless integration of these technologies facilitates a rapid response to API-specific threats, streamlining the flow of alerts and threat information into the CrowdStrike NG-SIEM dashboard. This enables security teams to address API threats promptly within the broader context of their security operations.
• Comprehensive Visibility and Context: Gaining in-depth visibility into API activity and broader system-level insights provide valuable context for effectively understanding and responding to threats. Salt Security excels in offering visibility into the API lifecycle by identifying all APIs—including shadow and zombie APIs—and analyzing their behaviors.
• Automated Incident Response: Automating incident generation within the NG-SIEM based on API threat thresholds enhances the efficiency of security investigations and remediation efforts. This integration allows security analysts to leverage valuable contextual intelligence from Salt Security, enriching CrowdStrike's NG-SIEM with actionable data related to API-specific attack vectors and vulnerabilities.
• Proactive Risk Management: Organizations can prioritize and address potential API risks before they escalate into critical issues. Organizations can implement proactive risk mitigation strategies by utilizing Salt Security's API discovery and vulnerability assessment capabilities alongside CrowdStrike's NG-SIEM.
• Enhanced Compliance Reporting: Simplify regulatory compliance with robust API monitoring and detailed logging from Salt Security, which integrates seamlessly with CrowdStrike's NG-SIEM reporting features.

Technical Highlights of the Integration

• Seamless Data Flow: A secure, data exchange ensures that the Crowdstrike NG-SIEM platforms are consistently updated with the latest threat information from the Salt Security platform
• Customizable Alerts and Dashboards: Users can personalize their dashboards within the CrowdStrike NG-SIEM to incorporate data from the Salt Security API, enabling them to tailor alert systems to meet their organization's specific needs.
• API Anomaly Correlation: CrowdStrike's NG-SIEM enhances detection capabilities by correlating API-specific data from Salt Security with broader system activities, offering a comprehensive view of potential threats.

Conclusion

In conclusion, integrating Salt Security with CrowdStrike's NG-SIEM marks a significant advancement in API security. This combination of specialized API security capabilities with a comprehensive security platform enables organizations to enhance threat detection, accelerate response times, gain valuable context, and automate incident response workflows. This integrated approach empowers businesses to confidently protect their APIs, sensitive data, and critical assets in today’s dynamic digital environment.

If you want to learn more about Salt and how we can help you on your API Security journey and our Crowdstrike Integrations through discovery, posture governance, and run-time threat protection, please contact us, schedule a demo, or check out our website.

‍

The post Seamless API Threat Detection and Response: Integrating Salt Security and CrowdStrike NG-SIEM appeared first on Security Boulevard.

Best cybersecurity tips for digital nomads in Japan: Keep your data safe, avoid cyber threats, and work securely from anywhere in Japan.

The post Cybersecurity Best Practices for Digital Nomads in Japan appeared first on Security Boulevard.

We're sharing top 5 cryptographic key protection best practices.

The post Top 5 Cryptographic Key Protection Best Practices appeared first on Zimperium.

The post Top 5 Cryptographic Key Protection Best Practices appeared first on Security Boulevard.

Continuing our look back at 2024, part two of Last Watchdog’s year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics.

Part two of a four-part series

The explosion of AI-driven phishing, insider threats, and business logic abuse … (more…)

The post LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025 first appeared on The Last Watchdog.

The post LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025 appeared first on Security Boulevard.

Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage
madhav
Tue, 12/17/2024 - 05:10

Cybersecurity is a remarkably dynamic industry. New trends, technologies, and techniques reshape the landscape at an extraordinary pace, meaning keeping up can be challenging. Protecting data, the driving force of modern businesses, will continue to be the primary focus of organizations throughout 2025. So, as we race into the new year, and as technology and risks evolve, efforts will be focused on varying frontiers. Here are our predictions for data security in 2025.

Data Privacy Regulations Take Center Stage

The United Nations Trade and Development (UNCTAD) states that 80% of countries now have or are working on data protection and privacy legislation. These regulations mandate that data will be stored and processed within specific jurisdictions to address risks associated with international law enforcement.

These requirements have a profound impact. Cloud providers and businesses must comply with local data sovereignty laws. Organizations must embed privacy-by-design principles in new systems and applications. Privacy-enhancing technologies will be the leading technical measures implemented to mitigate these risks.

The U.S. has traditionally struggled to implement federal regulations concerning data privacy, often leaving this issue to be addressed state-by-state. Some states, like California, have introduced their own unique data privacy laws. However, in 2024, the U.S. Federal American Privacy Rights Act (APRA) was proposed but it is still pending approval. This act marks a significant step toward establishing federal data privacy regulations.

Although the future of APRA remains uncertain, it is reasonable to expect that APRA and data privacy will continue to be vital discussion topics in the upcoming year.

Companies Proactively Embrace Compliance

With the acceleration of cyberattacks, companies are taking steps to better regulate their digital space. They are adapting compliance frameworks to harmonize and enforce the responsibilities over their digital assets (workload, data, identities) while maintaining business continuity and resilience.

In response to these developments, the cybersecurity landscape in 2025 will see a shift from reactive to proactive measures. Continuous monitoring and getting ahead of potential threats will become standard practice, along with more robust authentication measures. Compliance with new regulations, such as NIS2, DORA, PCI DSS 4.0, the UK Cyber Resilience Act, and the EU AI Act, will be crucial. As a result, some organizations will move more data on-premises, necessitating the same or more stringent security postures as cloud environments.

Organizations Shift to a Risk-Focused Approach

As AI increases the frequency and scale of cyberattacks, organizations will face resource and staffing constraints in 2025. Relying solely on reactive measures to keep data secure will be unsustainable. Consequently, businesses will explore ways to prioritize risk effectively, focusing resources and efforts where they will have the most significant impact.

In 2025, organizations must transition from a purely compliance-focused approach to a more proactive risk-focused strategy. This requires a clear understanding of risks across key dimensions, including organizational, asset, and regulatory risks. Risk visibility must be prioritized according to its potential impact on the business. By leveraging key data risk indicators across the entire data estate, organizations can create an actionable view that empowers them to make informed and effective decisions to strengthen their data security.

As part of risk management, deploying a Zero Trust architecture will continue to be essential for most companies. Companies will adopt comprehensive security measures to protect data from the edge to the core of their IT systems.

AI Tools Support, Not Replace, Security Roles

AI and ML will play an increasingly central role in cybersecurity. They will enhance threat detection and response, improve threat hunting, and combine security posture management with behavioral analytics to help monitor and secure large datasets in real-time, spotting risks such as data exfiltration attempts or unusual data access patterns.

Cybersecurity vendors are increasingly integrating AI-assisted Copilots to enhance their services for customers. These tools are great for helping to fill talent shortage gaps, which ISC2 currently estimates at 4.8 million worldwide, but aren’t a replacement for internal teams. In the year ahead, it will be less about adopting these tools and more about how security teams leverage AI tools' capabilities. Those looking to remain agile will likely utilize these tools to bring their threat investigation abilities to the next level.

Gen AI-Powered Breaches Skyrocket

Adopting AI technologies is also a reality for cyber threats, with hackers leveraging AI to amplify their attacks and lower the skills bar through the development of automated scripts.

With enterprises being targeted by an influx of advanced phishing attacks, the likelihood that someone within their organization falls victim to an attack is at an all-time high, and we expect to see a steady rise in these across 2025. Once credentials are compromised, an enterprise’s entire network security crumbles, and with generative AI rapidly advancing social engineering methods, typical defense measures for credential compromise won’t be able to keep pace.

Critical Infrastructure Attacks Increase

Attacks targeting critical infrastructure have grown exponentially over the last few years. The overwhelming majority of these attacks start within the internal IT infrastructure. Given that critical infrastructure will always be a prime target for cybercriminals due to its potential for widespread impact, the disconnect between IT, OT, and geopolitical issues creates the perfect storm for insider threats to thrive in 2025. Addressing this gap will be crucial to safeguarding critical infrastructure in the year ahead.

Data Fortification and Supply Chain Resilience Intensify

In 2025, securing the software supply chain will be a top priority. Organizations will conduct more profound security assessments on their third-party vendors, including cloud providers, to ensure their software and services are secure. Protecting data from being compromised through uncontrolled third-party applications or services will become even more critical, with organizations needing more visibility into the services they rely on.

With the proliferation of data via collaboration platforms, companies will need to focus on data activity monitoring and data watermarking to protect sensitive information. Supply chain security will also be a significant concern, as vulnerabilities in the supply chain can lead to widespread security breaches. User generation of personal data through various apps and services will increase the risk of data exposure, necessitating stronger data protection measures.

Post-Quantum Cryptography Spotlights Crypto Agility

Earlier this year, NIST released its first set of post-quantum computing encryption algorithms, along with guidance to be prepared for a potential quantum computing attack as early as 2030. This timeframe drives the need to start planning for and building quantum safe networks now. Even though some protocols, like TLS and SSH, have already been updated to meet NIST's new standards, NIST is already working on its next set of algorithms, meaning that the algorithms implemented in protocols today may be different by the time a production quantum computer arrives.

This highlights the importance of crypto agility in adapting to these evolving security recommendations. Enterprises must place agility at the center of their quantum readiness strategy, making sure that crypto-agile solutions can keep up with the emerging quantum-resistant cryptographic standards. In 2025, Companies will need to invest time and resources to identify their exposure and take inventory of their assets. This will manifest in a steady rise of cryptographic centers of excellence among major enterprises.

Data Security Regulation and compliance Insider Threat Encryption

Todd Moore | Vice President, Data Security Products, Thales
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage",
"description": "Explore key data security predictions for 2025, including regulations, AI-powered threats, Zero Trust strategies, supply chain resilience, and post-quantum cryptography.",
"author": {
"@type": "Person",
"name": "Todd Moore",
"url": "https://cpl.thalesgroup.com/blog/author/tmoore",
"sameAs": [
"https://www.thalesgroup.com/en/speakers-bureau/todd-moore",
"https://www.linkedin.com/in/todd-moore-a21a143"
]
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2024-12-17",
"dateModified": "2024-12-17",
"url": "https://cpl.thalesgroup.com/blog/data-security/data-security-predictions-2025",
"mainEntityOfPage": "https://cpl.thalesgroup.com/blog/data-security/data-security-predictions-2025",
"articleSection": "Data Security",
"keywords": "Data Security, Predictions 2025, AI Threats, Zero Trust, Quantum Cryptography, Data Privacy, Supply Chain Security"
}

basic

The post Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage appeared first on Security Boulevard.

How many times you’ve clicked the “I’m not a robot” CAPTCHA checkbox without a second thought? We’ve all done it … countless times. It’s such a familiar step that we don’t question it. And, cybercriminals have taken note of that.  

The post FakeCaptcha scams—When the “I’m not a robot” button is a trap appeared first on Security Boulevard.

We have seen how cyber attacks have disrupted organisations and businesses repeatedly. Mitigating emerging threats is crucial more than ever, and many organisations are at the forefront of combating them. One such organisation is the National Institute of Standards and Technology (NIST). NIST has released many Special Publications (SP) regulations, each containing guidelines for improving […]

The post An easy to follow NIST Compliance Checklist appeared first on Security Boulevard.

Who wants a free phone or gift cards? Perhaps a free vacation? It’s easy to understand the allure of giveaways on social media. But here's the catch: not all giveaways are real. Fake giveaways are one of the many traps scammers use to steal your personal data, money, or even gain access to your accounts.

The post 10 telltale signs of a fake giveaway on social media appeared first on Security Boulevard.

Are We Overlooking Machine Identity Management in Cloud Security? As businesses continually shift their operations to the cloud, the prospect of security becomes increasingly vital. To ensure complete cloud security control, the management of Non-Human Identities (NHIs) and secrets is crucial. This is where innovations related to machine identity management come into play. The question […]

The post Innovations in Machine Identity Management for the Cloud appeared first on Entro.

The post Innovations in Machine Identity Management for the Cloud appeared first on Security Boulevard.

Are You Ready to Manage Secrets Sprawl Effectively? One particular challenge that requires nerves of steel is managing secrets sprawl. This phenomenon occurs when sensitive data like encrypted passwords, tokens, or keys (the “Secrets”) used by Non-Human Identities (NHIs), are scattered across a system. So, what do you need to know to manage secrets sprawl […]

The post Stay Calm: Techniques to Manage Secrets Sprawl Effectively appeared first on Entro.

The post Stay Calm: Techniques to Manage Secrets Sprawl Effectively appeared first on Security Boulevard.