As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.
On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.
Read more…
Source: Rapid7
Related:
- Enzo Biochem ordered to cough up $4.5 million over lousy security that led to ransomware disaster
August 14, 2024
Biotech biz Enzo Biochem is being forced to pay three state attorneys general a $4.5 million penalty following a 2023 ransomware attack that compromised the data of more than 2.4 million people. New York’s attorney general Letitia James announced the news on Tuesday after an investigation into Enzo’s incident concluded, finding various cybersecurity malpractices that led ...
- Musk Blames DDoS Attack For 40-Minute Delayed Start to Trump’s X Livestream
August 13, 2024
Technical difficulties delayed former President Donald Trump’s live conversation with Elon Musk on X by over 40 minutes. Musk blamed the issues on a distributed denial-of-service (DDoS) cyberattack, in which a bad actor seeks to overload a target server with traffic, rendering it unusable. His claims could not be verified. “We unfortunately had a massive distributed ...
- Indirect prompt injection in the real world: how people manipulate neural networks
August 12, 2024
Large language models (LLMs) – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. Systems built on instruction-executing LLMs may be vulnerable to prompt injection attacks. A prompt is a text description of a task that the system is to perform, for example: “You are a ...
- Keys to the Kingdom – Gaining access to the Physical Facility through Internal Access
August 9, 2024
This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization. This is one of those occasions. This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt by the client to discover how vulnerable internal systems were to lateral movement by an attacker ...
- Bringing Security Back into Balance
August 4, 2024
A growing tension has been proliferating in the modern enterprise, shallow, but just under the surface. The recent CrowdStrike outage punctuated this tension in dramatic fashion — and what we saw coming all along, is here now. Revolutionary technology shifts come fast and are integrated quickly into the day-to-day operations of the business. In return, ...
- Optus and Medibank Data Breach Cases Allege Cyber Security Failures
August 2, 2024
2022 was a big year for cyber security breaches in Australia. Both telecommunications provider Optus and private health insurer Medibank suffered large-scale data breaches affecting tens of millions of Australians, leading to heightened regulatory and business focus on cyber security in the years since. The two data breaches also led to legal action, with recent court ...

