433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (727) 493-2351

CX Exchange 2023: TSA’s Niki French, Kriste Jordan Smith on the employee-customer connection

The Transportation Security Administration’s employee training aims to achieve a blend of security and customer service expertise. Jason Miller talks with the agency’s Niki French and Kriste Jordan Smith about how that plays out in reality every day.
http://news.poseidon-us.com/SnFJP5

Quick IOC Scan With Docker, (Fri, Apr 28th)

When investigating an incident, you must perform initial tasks quickly. There is one tool in my arsenal that I'm using to quickly scan for interesting IOCs (“Indicators of Compromise”). This tool is called Loki[1], the free version of the Thor scanner. I like this tool because you can scan for a computer (processes & files) or a specific directory (only files) for suspicious content. The tool has many interesting YARA rules, but you can always add your own to increase the detection capabilities.
http://news.poseidon-us.com/SnCm6l

Finance chiefs hunt for revenue-generating tech tools: Stripe

The provider’s updated tools come as enterprises seek emerging technologies to aid in key areas like revenue generation.
http://news.poseidon-us.com/SnCh0M

5 ways threat actors can use ChatGPT to enhance attacks

The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, reconnaissance, phishing, and the generation of polymorphic code. By examining these topics, the CSA said it aims to raise awareness of the potential threats and emphasize the need for robust security measures and responsible AI development. To read this article in full, please click here
http://news.poseidon-us.com/SnCgHM

BrandPost: The evolution of security service edge (SSE) and zero trust

With the recent publication of Gartner’s updated Magic Quadrant for Security Service Edge, we have been asked by several CXOs about this fast-growing solution category and how it relates to zero trust. The short answer is that they are closely intertwined. Zero trust is a framework for securing organizations in the cloud and mobile world that asserts that no user or application should be trusted by default. Zero trust is a way of thinking permeating across several areas, not just new architecture or technology. There are practical zero trust implementations from vendors, like Zscaler, that have solutions with zero trust frameworks at their core. Once deployed, zero trust technology provides secure access to public or private destinations for users, things, and workloads. To read this article in full, please click here
http://news.poseidon-us.com/SnBLrw

What’s next for agencies in their zero trust journey

A year after President Biden outlined the federal zero trust architecture strategy along with the requirements for meeting specific cybersecurity standards and objectives by fiscal year 2024, agencies are in a crucial stage of development.
http://news.poseidon-us.com/SnBGsg

PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates

Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers. The detected campaings “Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest (overlaps with FIN11 and TA505),” Microsoft shared. “Lace Tempest (DEV-0950) is a Clop ransomware affiliate that has been observed … More → The post PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates appeared first on Help Net Security.
http://news.poseidon-us.com/Sn8jL9

Why Russia’s cyber arms transfers are poor threat predictors

The history of international cyber conflict is remarkably long and storied. The timeline of major cyber threat events stretches back nearly four decades, but it is really only the last decade that has seen the widespread proliferation of national cyber forces. As of 2007, only 10 countries had operational cyber commands, three of which were members of the NATO alliance. Just eight years later, that figure jumped to 61 nations, a full two-thirds of which were outside of the NATO alliance. Clearly, national governments have become more willing to see cybersecurity as a key responsibility. States are also cooperating and sharing the burden of securing cyberspace. To read this article in full, please click here
http://news.poseidon-us.com/Sn8Q8p

The true numbers behind deepfake fraud

The use of artificial intelligence can result in the production of deepfakes that are becoming more realistic and challenging to differentiate from authentic content, according to Regula. Companies view fabricated biometric artifacts such as deepfake videos or voices as genuine menaces, with about 80% expressing concern. In the United States, this apprehension appears to be the highest, with approximately 91% of organizations believing it to be an escalating danger. AI-generated deepfakes The increasing accessibility of … More → The post The true numbers behind deepfake fraud appeared first on Help Net Security.
http://news.poseidon-us.com/Sn7vzJ

Over half of GAO’s high-risk areas stem from critical skills gaps

22 of the 37 items on GAO’s list of vulnerable federal programs and broad government challenges stem from issues of mission-critical skills gaps in the federal workforce.
http://news.poseidon-us.com/Sn7HK5