Tag:

cybersecurity

Tech

CrackArmour flaws in AppArmour risk Linux root access

by Chief Editor
written by Chief Editor

CrackArmor: The Looming Threat to Linux Security and the Future of Kernel Hardening

A critical set of vulnerabilities, dubbed “CrackArmor,” has been discovered in AppArmor, a widely used Linux kernel security module. Affecting systems since 2017, these flaws allow unprivileged local users to potentially gain root access and compromise container isolation. The discovery, made by Qualys researchers, impacts over 12.6 million enterprise Linux instances and signals a need for heightened vigilance and proactive security measures.

Understanding the Confused Deputy Problem

At the heart of CrackArmor lies a “confused deputy” vulnerability. This occurs when a low-privilege user can manipulate a trusted process into performing actions it shouldn’t be authorized to do. In this case, attackers exploit pseudo-files within the /sys/kernel/security/apparmor/ directory – specifically, the .load, .replace, and .remove interfaces – to alter AppArmor profiles. This manipulation can bypass user-namespace restrictions and potentially execute arbitrary code within the kernel.

Why AppArmor Matters: A Widespread Security Layer

AppArmor is a crucial component of the Linux security landscape. It functions as a mandatory access control system, enforcing security policies on applications. Enabled by default on major distributions like Ubuntu, Debian, and SUSE, it’s likewise heavily utilized in cloud and container environments for host hardening and workload confinement. The widespread adoption of AppArmor means the potential impact of CrackArmor is substantial.

The Ripple Effect: Containers, Namespaces, and Denial of Service

The vulnerabilities aren’t limited to privilege escalation. CrackArmor also introduces risks to container and namespace boundaries. Attackers could potentially create more permissive namespaces, weakening isolation in environments where unprivileged user namespaces are restricted. Certain removal operations can exhaust the kernel stack, potentially leading to a denial-of-service and system crashes.

Beyond Immediate Patching: A Shift in Security Thinking

While kernel updates are the primary remediation, the CrackArmor discovery highlights a broader issue: the limitations of relying solely on default security assumptions. As Dilip Bachwani, CTO at Qualys, stated, “CrackArmor proves that even the most entrenched protections can be bypassed without admin credentials.” This necessitates a re-evaluation of security postures and a move towards more proactive and layered defenses.

Future Trends in Kernel Security

The CrackArmor vulnerabilities are likely to accelerate several key trends in kernel security:

  • Increased Focus on Runtime Security: Traditional security measures often focus on static analysis and perimeter defenses. CrackArmor demonstrates the need for robust runtime security solutions that can detect and prevent malicious activity even after a system has been compromised.
  • Enhanced Mandatory Access Control (MAC) Systems: The flaws in AppArmor will likely drive further development and refinement of MAC systems like SELinux and AppArmor, focusing on preventing confused deputy attacks and strengthening profile integrity.
  • Zero-Trust Architectures: The principle of “never trust, always verify” is becoming increasingly significant. Zero-trust architectures, which assume that no user or device is inherently trustworthy, can help mitigate the impact of vulnerabilities like CrackArmor.
  • Automated Vulnerability Management: The scale of the CrackArmor impact (over 12.6 million systems) underscores the need for automated vulnerability management tools that can quickly identify and prioritize systems requiring patching.
  • Supply Chain Security: The long-standing nature of these vulnerabilities (existing since 2017) raises concerns about the security of the software supply chain. Greater scrutiny of code contributions and more rigorous testing are essential.

Pro Tip:

Regularly monitor the /sys/kernel/security/apparmor/ directory for unexpected changes. This can serve as an early indicator of potential exploitation attempts.

FAQ

What is AppArmor?
AppArmor is a Linux kernel security module that enforces mandatory access control policies on applications.

What is CrackArmor?
CrackArmor is a set of nine vulnerabilities discovered in AppArmor that could allow an unprivileged local user to gain root access.

How can I protect my systems from CrackArmor?
Apply the latest kernel updates provided by your Linux distribution. Prioritize patching for internet-facing assets.

Does CrackArmor affect containers?
Yes, CrackArmor can compromise container isolation, potentially allowing attackers to escape from containers.

Are CVE identifiers available for these vulnerabilities?
Not yet. CVE assignment typically follows fixes landing in stable kernel releases.

What should I do if I suspect my system has been compromised?
Review system logs, investigate any unusual activity, and consider performing a full system scan with a reputable security tool.

Where can I find more information about CrackArmor?
Refer to the Qualys advisory: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root

Did you know? The CrackArmor vulnerabilities have existed since 2017, highlighting the importance of continuous security monitoring and proactive patching.

Stay informed about the latest security threats and best practices. Explore our other articles on kernel security and vulnerability management to strengthen your defenses.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Microsoft patches major SQL Server flaw in March update

by Chief Editor
written by Chief Editor

March 2026 Patch Tuesday: A Deep Dive into Microsoft’s Latest Security Updates

Microsoft’s March 2026 Patch Tuesday addressed a substantial 77 security vulnerabilities across its product suite, with a notable focus on SQL Server. This release included fixes for two zero-day vulnerabilities that were publicly known before patches were available, though currently, there’s no evidence of widespread exploitation.

SQL Server Under Scrutiny: CVE-2026-21262

The most critical update centers around CVE-2026-21262, an elevation-of-privilege vulnerability impacting a wide range of SQL Server versions, from the latest 2025 release all the way back to SQL Server 2016 Service Pack 3. While the vulnerability has a CVSS v3 base score of 8.8 – just shy of “critical” – the potential impact is significant. An attacker with low-level privileges could potentially escalate to sysadmin-level rights over the database engine across a network.

According to Rapid7’s Lead Software Engineer, Adam Barnett, this isn’t a typical SQL Server patch. The ability to gain sysadmin access over a network is a serious concern. Despite Microsoft rating exploitation as less likely, the public disclosure of the vulnerability increases the urgency for administrators to apply the patch.

Even organizations that don’t directly expose SQL Server to the internet are at risk. Internet scanning reveals a considerable number of accessible SQL Server instances, amplifying the potential impact should reliable exploits emerge. Successful exploitation could allow attackers to access or alter data and potentially pivot to the underlying operating system using features like xp_cmdshell, which, while disabled by default, can be re-enabled by a sysadmin.

.NET Denial-of-Service Vulnerability (CVE-2026-26127)

Another key vulnerability addressed this month is CVE-2026-26127, affecting .NET applications and potentially leading to denial-of-service (DoS) conditions. Public disclosure of this vulnerability has also occurred. Exploitation could cause service crashes, creating brief windows where monitoring and security tools are offline, potentially allowing attackers to evade detection.

Repeated exploitation, even by less sophisticated attackers, could disrupt online services and lead to breaches of service-level agreements.

Authenticator App Vulnerability (CVE-2026-26123)

Microsoft also patched a vulnerability in the Microsoft Authenticator mobile app for iOS and Android (CVE-2026-26123). This flaw, related to custom URL schemes and improper authorisation, could allow a malicious app to impersonate Microsoft Authenticator and intercept authentication information, potentially leading to account compromise. While requiring user interaction – specifically, choosing a malicious app to handle the sign-in flow – Microsoft considers this an important vulnerability.

Organizations managing mobile devices should review app installation policies and default handler settings for authentication apps to restrict potentially harmful sign-in flows.

End of Life for SQL Server 2012 Parallel Data Warehouse

Beyond security patches, Microsoft announced the end of extended support for SQL Server 2012 Parallel Data Warehouse at the end of March. Customers continuing to use this platform will no longer receive security updates, leaving them vulnerable to potential exploits.

Future Trends in Vulnerability Management

These updates highlight several emerging trends in vulnerability management. The increasing speed of public disclosure before patches are available is a major concern. Attackers are actively scanning for vulnerabilities and sharing information, reducing the window of opportunity for defenders. This necessitates a shift towards proactive threat hunting and robust intrusion detection systems.

The focus on vulnerabilities in authentication mechanisms, like the Microsoft Authenticator app, underscores the growing importance of securing identity and access management (IAM) systems. Multi-factor authentication is becoming increasingly prevalent, making these applications prime targets for attackers.

The continued patching of older SQL Server versions, even those nearing end-of-life, demonstrates the long-tail challenge of maintaining security in complex environments. Organizations must prioritize patching critical vulnerabilities across all systems, regardless of age, and consider implementing compensating controls where patching is not immediately feasible.

Did you know?

Publicly disclosed vulnerabilities, even without known exploits, significantly increase the risk of attack. Attackers actively monitor vulnerability databases and security blogs for new disclosures.

FAQ

Q: What is Patch Tuesday?
A: Patch Tuesday is the unofficial name for the regular schedule when Microsoft releases security updates for its products.

Q: What is a zero-day vulnerability?
A: A zero-day vulnerability is a flaw that is unknown to the vendor and for which no patch is available, giving attackers a window of opportunity to exploit it.

Q: What is the CVSS score?
A: The Common Vulnerability Scoring System (CVSS) is an industry standard for assessing the severity of software vulnerabilities.

Q: Should I patch all vulnerabilities immediately?
A: Prioritize patching based on the severity of the vulnerability, the potential impact to your organization, and the availability of exploits.

Q: What is xp_cmdshell?
A: xp_cmdshell is a stored procedure in SQL Server that allows execution of operating system commands.

Pro Tip: Regularly scan your network for vulnerable systems and prioritize patching based on risk assessment.

Stay informed about the latest security threats and updates by subscribing to security advisories and following reputable security blogs. Proactive vulnerability management is essential for protecting your organization from cyberattacks.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Iran Cyberattack: Stryker Breach Signals Escalation of Retaliatory Hacks

by Chief Editor
written by Chief Editor

Iran’s Cyber Retaliation: A New Era of Digital Warfare?

The recent cyberattack on medical technology firm Stryker, allegedly carried out by the Iran-linked hacking group Handala, marks a significant escalation in the ongoing conflict between the United States and Iran. This attack, which reportedly disabled tens of thousands of computers, isn’t an isolated incident, but a harbinger of a potentially new and dangerous phase of warfare – one fought increasingly in the digital realm.

From Hacktivism to State-Sponsored Chaos

For some time, Handala operated with limited notoriety. However, cybersecurity experts now believe the group functions as a front for Iran’s Ministry of Intelligence (MOIS). This evolution highlights a broader trend: Iranian state-sponsored hacking agencies increasingly cloaking themselves as hacktivists to inflict disruption and sow chaos. Previously, Handala engaged in data-destroying and hack-and-leak operations targeting entities like the Albanian government and Israeli businesses.

The Stryker Attack: A Turning Point?

The attack on Stryker is notable for its scale and target. Unlike previous operations, this breach directly impacted a critical infrastructure provider in the United States. Sergey Shykevich of Check Point emphasizes that Iranian hackers are now “all in,” utilizing every available tool and foothold to retaliate against the US and Israel. Handala has become “probably the most dominant group” in this effort, acting as “the main face” of Iran’s cyber offensive.

Beyond Retaliation: The Strategic Implications

While the immediate impetus for these attacks is retaliation for US and Israeli actions – including a missile strike that reportedly killed over 165 civilians at a school in Iran – the long-term implications are far-reaching. The attacks demonstrate a willingness to target Western interests and a growing sophistication in Iranian cyber capabilities. Experts suggest that the current campaign may be less about a meticulously planned strategy and more about seizing “targets of opportunity” to demonstrate a retaliatory effect.

The Expanding Landscape of Iranian Cyber Activity

Iran has a documented history of cyber warfare, as evidenced by numerous hacking operations. The recent escalation suggests a shift towards more destructive activity. This includes not only data breaches and system disruptions but similarly potential attacks on critical infrastructure, such as energy grids, financial institutions, and healthcare systems. The targeting of Stryker, a medical technology company, underscores the vulnerability of these essential services.

Did you understand? The Handala character, from which the hacking group takes its name, is a symbol of Palestinian resistance in political cartoons.

Future Trends in Cyber Warfare

Several trends are likely to shape the future of cyber warfare involving Iran:

  • Increased Frequency and Sophistication: Expect a continued rise in the frequency and sophistication of Iranian cyberattacks, particularly in response to perceived provocations.
  • Targeting of Critical Infrastructure: Critical infrastructure will remain a primary target, as disrupting essential services can inflict significant economic and social damage.
  • Blurring Lines Between State and Non-State Actors: The use of proxy groups and hacktivist fronts will likely continue, making attribution and response more challenging.
  • Expansion of Attack Vectors: Iranian hackers will likely explore new attack vectors, including supply chain attacks and the exploitation of zero-day vulnerabilities.
  • AI-Powered Cyberattacks: The integration of artificial intelligence (AI) into cyberattacks could lead to more automated, targeted, and evasive threats.

What Can Organizations Do to Protect Themselves?

Organizations, particularly those in critical infrastructure sectors, must prioritize cybersecurity and implement robust defenses. This includes:

  • Enhanced Threat Intelligence: Staying informed about the latest threats and vulnerabilities is crucial.
  • Stronger Access Controls: Implementing multi-factor authentication and least privilege access can limit the impact of breaches.
  • Regular Security Audits and Penetration Testing: Identifying and addressing vulnerabilities proactively is essential.
  • Incident Response Planning: Having a well-defined incident response plan can minimize damage and recovery time.
  • Employee Training: Educating employees about phishing and other social engineering tactics can reduce the risk of successful attacks.

Pro Tip: Regularly back up your data and store it offline to protect against ransomware and data loss.

FAQ

Q: What is Handala?
A: Handala is an Iranian-linked hacking group believed to be a front for Iran’s Ministry of Intelligence.

Q: Why was Stryker targeted?
A: The attack on Stryker was reportedly in retaliation for US and Israeli actions in Iran.

Q: Is critical infrastructure at risk?
A: Yes, critical infrastructure is a primary target for Iranian cyberattacks.

Q: What can organizations do to protect themselves?
A: Organizations should prioritize cybersecurity, implement robust defenses, and stay informed about the latest threats.

This evolving cyber landscape demands vigilance and proactive security measures. The attack on Stryker serves as a stark reminder that the digital battlefield is expanding, and the consequences of cyber warfare are becoming increasingly severe.

Explore further: Read more about the increasing threats to critical infrastructure on the CISA website.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Kevin Mandia raised $190 million Armadin after prior sale to Google

by Chief Editor
written by Chief Editor

The AI-Powered Cybersecurity Revolution: From Mandiant’s Legacy to Armadin’s Future

Four years after selling cybersecurity firm Mandiant to Google for $5.4 billion, Kevin Mandia is back, leading a new venture poised to reshape the industry. Armadin, Mandia’s AI-focused cybersecurity startup, recently secured $190 million in funding, signaling a significant shift in how organizations will defend against increasingly sophisticated cyber threats.

The Rise of Agentic AI in Cybersecurity

The core of Armadin’s innovation lies in “agentic AI.” Unlike traditional cybersecurity systems that rely on pre-programmed responses, agentic AI utilizes autonomous agents capable of consistently scanning for threats and completing tasks that previously required days to accomplish – now done in minutes. This represents a fundamental change in the cybersecurity landscape.

Mandia’s motivation for returning to the field stems from the rapid evolution of AI itself. He recognized the need to proactively address the challenges and opportunities presented by this technology, stating, “I wasn’t going to sit on the sidelines watching another shift change in cybersecurity without leveraging 30 years in the industry to do something.”

Google’s Continued Investment and the Broader Trend

Notably, Google Ventures participated in Armadin’s funding round, demonstrating Google’s continued commitment to cybersecurity innovation even after acquiring Mandiant. This investment underscores a broader trend across the tech industry: companies are actively acquiring cyber capabilities and developing AI-enabled tools to bolster their defenses.

The urgency is driven by the escalating sophistication, speed, and intensity of cyberattacks. As threats develop into more complex, traditional security measures are proving insufficient, necessitating the adoption of advanced technologies like agentic AI.

Mandiant’s Evolution: From Incident Response to AI Innovation

Mandiant, originally founded in 2004 as Red Cliff Consulting, built a strong reputation for incident response and threat intelligence. The 2013 report implicating China in cyber espionage brought the firm into the spotlight. Later acquired by FireEye in 2013 for $1 billion, and then by Google in 2022 for $5.4 billion, Mandiant’s journey reflects the evolving nature of the cybersecurity industry.

Mandia’s leadership at Mandiant, from CEO in 2016 through the Google acquisition, established a foundation of expertise that now informs Armadin’s approach to AI-driven security. He also currently serves as a Strategic Advisor at Google Cloud Security and is a Partner at Ballistic Ventures.

The Future of Cybersecurity: Autonomous Defense

Armadin’s rapid growth – hiring over 60 employees in the past six months and already working with Fortune 100 companies – highlights the demand for this new approach. The company’s name, inspired by the 1588 Spanish Armada, symbolizes a proactive defense against overwhelming forces.

The shift towards autonomous AI agents in cybersecurity isn’t just about speed and efficiency; it’s about scalability. As the volume of cyber threats continues to grow exponentially, organizations need solutions that can adapt and respond in real-time without overwhelming human security teams.

Frequently Asked Questions

What is “agentic AI”?

Agentic AI refers to artificial intelligence systems that can act autonomously to achieve specific goals, in this case, proactively identifying and mitigating cybersecurity threats.

Why did Kevin Mandia start Armadin after selling Mandiant to Google?

Mandia felt compelled to leverage his 30 years of experience in cybersecurity to address the challenges and opportunities presented by the emergence of artificial intelligence.

What is the significance of Google’s investment in Armadin?

Google’s participation in the funding round demonstrates its continued commitment to cybersecurity innovation and its belief in the potential of AI-driven security solutions.

Is AI a threat *and* a solution to cybersecurity?

Yes. AI can be used by attackers to create more sophisticated threats, but it also provides powerful tools for defenders to proactively identify and neutralize those threats.

Pro Tip: Regularly update your security software and educate employees about phishing and other social engineering tactics. Even the most advanced AI systems require a strong human element for optimal effectiveness.

What are your thoughts on the future of AI in cybersecurity? Share your insights in the comments below!

0 comments
0 FacebookTwitterPinterestEmail
Tech

AI and Geopolitics in Mexico

by Chief Editor
written by Chief Editor

The Evolving Cybersecurity Landscape: Mexico at a Crossroads

Cybersecurity is no longer solely a technical concern; it’s a core business strategy. Organizations in Mexico, and globally, face a complex environment shaped by geopolitical instability, the rapid adoption of artificial intelligence, and increasingly distributed technology infrastructures. The question isn’t if an incident will occur, but whether companies are prepared to operate resiliently when they do.

Geopolitics and AI: Amplifying the Risks

Large corporations remain prime targets, with attacks often cascading down to smaller organizations. Disruptions affecting major cloud providers demonstrate how interconnectedness can amplify risk across the entire digital supply chain, impacting even SMEs. Large-scale distributed denial-of-service (DDoS) attacks and ransomware campaigns targeting critical infrastructure represent tangible threats.

Artificial intelligence introduces another layer of complexity. Uncontrolled employee use of AI tools – often termed “Shadow AI” – poses a risk. Data leakage through insecure prompts and the development of misaligned AI models are also concerns. Adversaries are leveraging AI to automate phishing, generate sophisticated malware, and enhance social engineering tactics.

Did you know? In February 2026, a hacker exploited Anthropic’s Claude AI chatbot to steal a massive 150 gigabytes of Mexican government data, including taxpayer and voter records.

Architectural Resilience: A Shift in Approach

Traditional perimeter-based security models are proving inadequate in today’s hybrid and multicloud environments. Security must be embedded by design, incorporating controls from the earliest stages of technology projects. But, many organizations still add security as an afterthought.

Zero Trust Architecture (ZTA) is gaining prominence, operating on the principle of “never trust, always verify.” Limiting lateral movement, encrypting data by default, and prioritizing critical use cases like ransomware containment are essential elements. Cyber Security Mesh Architecture (CSMA) integrates distributed controls under a shared analytics layer, enabling correlation of information from various security tools.

Network Detection and Response (NDR) provides deep network visibility and advanced threat-hunting capabilities, particularly valuable in distributed environments.

Beyond Technology: A Holistic Strategy

The focus should shift from simply deploying more security solutions to achieving architectural coherence, and integration. Business resilience depends on aligning security architecture with business strategy and continuous risk management.

Organizations that embrace principles like security by design, zero trust, mesh integration, and advanced network visibility will be better positioned to navigate the evolving threat landscape. This requires early collaboration between network, cloud, and security operations center (SOC) teams, proof-of-value testing, and phased deployment.

The Role of Standards and Regulation

Internationally recognized standards such as ISO/IEC 42001, ISO/IEC 27001, and ISO/IEC 27701 can aid strengthen data protection and build resilient AI governance frameworks. Mexican courts are beginning to interpret AI-related disputes through existing legal frameworks, highlighting emerging judicial criteria.

Future Trends to Watch

Several trends will shape the future of cybersecurity in Mexico:

  • AI-Powered Security Automation: Increased use of AI and machine learning for threat detection, incident response, and vulnerability management.
  • Supply Chain Security: Greater emphasis on securing the entire digital supply chain, including third-party vendors and partners.
  • Quantum-Resistant Cryptography: Preparation for the potential threat of quantum computing by adopting quantum-resistant cryptographic algorithms.
  • Increased Regulation: Further development of AI-specific regulations and data privacy laws.

FAQ

Q: What is Zero Trust Architecture?
A: A security framework based on the principle of “never trust, always verify,” requiring continuous validation of identity and context.

Q: How does AI impact cybersecurity?
A: AI can be used by both attackers (to automate attacks) and defenders (to enhance threat detection and response).

Q: What is Cyber Security Mesh Architecture?
A: An architecture that integrates distributed controls under a shared analytics layer, improving visibility and correlation of security data.

Pro Tip

Regularly assess your organization’s risk profile and update your security architecture accordingly. Don’t treat cybersecurity as a one-time project; it’s an ongoing process.

Learn More: Explore SGS Mexico’s white paper on Cybersecurity and Data Privacy in the Face of AI for in-depth insights.

What steps is your organization taking to build cybersecurity resilience? Share your thoughts in the comments below!

0 comments
0 FacebookTwitterPinterestEmail
Tech

Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums

by Chief Editor
written by Chief Editor

Data Breaches Cost Consumers Billions: A Growing Crisis

American consumers have lost over $20 billion due to identity theft stemming from breaches at just four major data broker firms, a recent report from Congress’s Joint Economic Committee revealed. The investigation, spurred by reporting from The Markup and CalMatters, highlights the significant financial toll exacted by these often-overlooked companies.

The Hidden World of Data Brokers

Data brokers collect and sell personal information, operating with limited transparency. This lack of visibility makes it difficult for individuals to understand what data is being collected and how it’s being used, ultimately increasing their vulnerability to scams and identity theft. The recent congressional report directly followed up on investigations that showed some data brokers were actively hiding the pages where individuals can request data deletion, further hindering consumer control.

Senator Hassan Leads the Charge

Senator Maggie Hassan, ranking member of the Joint Economic Committee, initiated the investigation last July as part of a broader examination of financial scams. Following initial reporting, Senator Hassan pressed data brokers to explain their practices, leading to changes in how some companies handle consumer data requests. Still, the scale of the financial damage already inflicted is substantial.

Beyond Financial Loss: Privacy Concerns Escalate

The risks extend beyond direct financial losses. Emerging technologies are amplifying privacy concerns. A new Android app, Nearby Glasses, can detect smart glasses in the vicinity, raising alarms about surreptitious recording. This follows reports of smart glasses being used for potentially invasive surveillance, including instances involving law enforcement and unauthorized filming in private settings.

AI and the Future of Surveillance

The intersection of artificial intelligence and surveillance is creating new challenges. Anthropic, an AI company, is facing scrutiny over potential contracts with the Department of Defense that could enable the leverage of its models for autonomous weapons and mass surveillance. This has sparked internal dissent, with employees signing open letters protesting such applications. Meanwhile, research indicates that AI models, when placed in simulated war game scenarios, frequently opt for the deployment of tactical nuclear weapons.

The Vulnerability of Everyday Devices

Even seemingly innocuous devices pose security risks. A security researcher discovered a vulnerability in a robotic vacuum cleaner that allowed him to remotely access and control thousands of devices worldwide, including live video and audio feeds. This incident underscores the potential for widespread privacy breaches through insecure Internet of Things (IoT) gadgets.

CISA Under Pressure

Protecting against these threats requires a robust cybersecurity infrastructure. However, the Cybersecurity and Infrastructure Security Agency (CISA), the nation’s primary cyber defender, has faced significant challenges, including staffing cuts and political interference. Recent leadership changes within CISA raise further questions about its ability to effectively address the growing cyber threat landscape.

FAQ

  • What are data brokers? Data brokers are companies that collect personal information about individuals and sell it to other organizations.
  • How much money have consumers lost due to data breaches? Over $20 billion has been lost due to identity theft linked to breaches at four major data broker firms.
  • What is Senator Hassan’s role in this issue? Senator Hassan is the ranking member of the Joint Economic Committee and launched an investigation into financial scams, including those involving data brokers.
  • What are the privacy concerns surrounding smart glasses? Smart glasses can record audio and video without a person’s knowledge, raising concerns about surreptitious surveillance.

Pro Tip: Regularly check your credit report and consider using a credit monitoring service to detect potential identity theft.

Stay informed about your data privacy rights and take proactive steps to protect your personal information. Explore resources from organizations like The Markup and CalMatters to learn more about data brokers and how to control your data.

0 comments
0 FacebookTwitterPinterestEmail
Tech

AI-Powered Cybersecurity for OT & ICS: Protecting Critical Infrastructure | NVIDIA

by Chief Editor
written by Chief Editor

The Fortification of Critical Infrastructure: How AI is Revolutionizing OT and ICS Cybersecurity

The convergence of operational technology (OT) and information technology (IT) is reshaping industries from energy and manufacturing to transportation and utilities. This interconnectedness, while boosting efficiency and capability, dramatically expands the attack surface for cyber threats. Traditional security measures, designed for IT environments, often fall short in protecting the unique demands of OT and industrial control systems (ICS). A new era of cybersecurity, powered by artificial intelligence and accelerated computing, is emerging to address these challenges.

The Evolving Threat Landscape in Operational Technology

OT systems, controlling real-world processes, face unique risks. Unlike IT systems managing data, a cyber incident in OT can have immediate, physical consequences – impacting safety, availability, and operational continuity. Many legacy OT systems weren’t designed with modern cyber threats in mind, creating a significant vulnerability. As these environments modernize with increased connectivity, they turn into more susceptible to adaptive, software-driven attacks.

NVIDIA and Partners Lead the Charge with AI-Powered Defenses

NVIDIA is collaborating with key cybersecurity leaders – Akamai, Forescout, Palo Alto Networks, and Xage Security – alongside industrial automation innovator Siemens, to integrate accelerated computing and AI into OT cybersecurity. This collaboration aims to advance real-time threat detection and response across critical infrastructure.

Zero Trust Security for the Industrial Edge

A core principle of this new approach is Zero Trust, a security model that eliminates implicit trust. Every user, device, and workload must be continuously verified. Implementing Zero Trust in OT environments has historically been difficult due to legacy devices and safety-critical operations. Forescout is working with NVIDIA to overcome these hurdles, providing agentless discovery and classification of OT assets, real-time risk assessment, and policy enforcement. NVIDIA BlueField DPUs run security services at the industrial edge, protecting operational systems without impacting critical processes.

Embedding Security into Industrial Automation with Siemens and Palo Alto Networks

Industrial automation demands consistent performance, low latency, and high availability. Siemens is demonstrating an AI-ready Industrial Automation DataCenter, a unified platform consolidating decades of automation expertise with a robust cybersecurity architecture. Integrating NVIDIA BlueField enables a zero-trust solution tailored for industrial automation. Palo Alto Networks’ Prisma AIRS AI Runtime Security delivers deep visibility into industrial traffic and continuous monitoring for abnormal behavior, running on NVIDIA BlueField to strengthen security and drive operational uptime.

Akamai’s Agentless Segmentation Powered by NVIDIA

Akamai has extended its Guardicore Platform to run on NVIDIA BlueField, enabling agentless segmentation – isolating applications and workloads into controlled security zones. This eliminates the need for agents incompatible with legacy OT systems. Segmentation is enforced at full network speed, without disrupting time-sensitive workloads.

Securing the Energy Infrastructure with Xage Security

As AI’s reliance on energy infrastructure grows, securing the energy supply chain becomes paramount. Xage Security is collaborating with NVIDIA to bring zero-trust security to both energy infrastructure and the AI systems it supports. A new integration running on NVIDIA BlueField demonstrates how zero-trust enforcement can be embedded directly into energy and AI environments, protecting assets and managing third-party access at scale.

A Coordinated Defense: Edge Intelligence and Centralized AI

A consistent architecture is emerging: security services run at the edge on NVIDIA BlueField DPUs, while OT data is sent to centralized AI factories for analysis. This coordinated defense improves visibility, accelerates response, and scales protection consistently across OT and IT environments. Security actions are enforced locally, with insights shared centrally, strengthening resilience and maintaining uptime.

FAQ: AI and OT Cybersecurity

What is the biggest challenge in securing OT environments?
Legacy systems not designed for modern cyber threats and the need to maintain operational uptime are key challenges.

What is agentless segmentation?
It’s the ability to isolate applications and workloads without requiring software agents to be installed on every device, crucial for compatibility with legacy OT systems.

How does NVIDIA BlueField contribute to OT security?
BlueField DPUs run security services on dedicated hardware at the edge, providing continuous protection without disrupting critical operations.

What is Zero Trust?
A security model that removes implicit trust, requiring continuous verification of every user, device, and workload.

What is the role of AI in OT cybersecurity?
AI analyzes OT data to identify patterns, anomalies, and emerging threats, enabling faster and more accurate threat detection and response.

Did you know? Approximately 60% of U.S. Midstream pipeline infrastructure is already protected by Xage Security, demonstrating the growing adoption of advanced cybersecurity solutions in critical sectors.

Pro Tip: Prioritize network segmentation as a foundational step in securing your OT environment. It limits the blast radius of potential attacks and contains lateral movement.

Explore more about the future of industrial cybersecurity and how NVIDIA is partnering to build a more secure and resilient world. Share your thoughts and experiences in the comments below!

0 comments
0 FacebookTwitterPinterestEmail
Tech

Tenable warns of widening AI exposure gap in cloud

by Chief Editor
written by Chief Editor

The Widening AI Exposure Gap: Why Cloud Security is Falling Behind

Organisations are facing a growing cybersecurity challenge: an “AI exposure gap.” This isn’t about AI *causing* breaches, but rather the rapid integration of AI, cloud technologies, and third-party software creating vulnerabilities that security teams struggle to identify and address. A recent report from Tenable highlights this critical mismatch between engineering speed and security capabilities.

The Software Supply Chain: A Major Weak Point

The report reveals a significant risk within the software supply chain. A staggering 86% of organisations have third-party code packages installed containing critical-severity vulnerabilities. Even more concerning, 13% have deployed packages with a known history of compromise, including instances linked to the s1ngularity and Shai-Hulud worms. This demonstrates that vulnerabilities aren’t just theoretical; they’re actively being exploited.

The increasing use of AI and Model Context Protocol third-party packages – found in 70% of organisations – further complicates matters. These integrations often bypass traditional security oversight, embedding AI deeper into systems and expanding the attack surface.

Identity and Access Management: A Critical Control Point

Identity controls are proving to be a major pressure point. “Ghost” secrets – unused or unrotated cloud credentials – plague 65% of organisations. Alarmingly, 17% of these unused credentials grant critical administrative privileges. Nearly half (49%) of identities with excessive permissions remain dormant, representing a significant potential entry point for attackers.

The report also raises concerns about permissions granted to AI services themselves, with 18% of organisations giving them rarely-audited administrative access. Non-human identities, like AI agents and service accounts, now pose a higher risk (52%) than human users (37%), due to “toxic combinations” of permissions across fragmented systems.

The Rise of “Invisible” Exposure

Tenable defines this challenge as an issue of “exposure management” – the process of identifying, evaluating, and prioritizing risks across all potential attacker entry points. AI adoption dramatically expands the number of systems and components that can inherit risk, adding new layers to applications, infrastructure, identities, and data. This creates a largely invisible exposure that many security teams are ill-equipped to manage.

The report identified severe risks in four key areas: AI security posture, supply chain attack vectors, least-privilege implementation, and cloud workload exposure.

What Can Organisations Do?

The report recommends a multi-faceted approach. Improving visibility of AI integrations is paramount, alongside tightening identity-centric controls. Implementing least-privilege practices for AI roles, removing “ghost” identities, and eliminating exposure from static secrets are also crucial steps. Recognizing that third-party code and external accounts now function as extensions of an organisation’s infrastructure is vital.

Liat Hayun, Senior Vice President of Product Management and Research at Tenable, emphasizes the demand for security teams to proactively account for AI systems embedded within infrastructure. She states that a lack of visibility and governance leaves teams vulnerable to new exposures, including over-privileged identities in the cloud.

Hayun advocates for focusing on the “unified exposure path” to move beyond managing “security debt” and towards managing actual business risk.

Pro Tip

Regularly audit and rotate cloud credentials. Implement multi-factor authentication (MFA) wherever possible to add an extra layer of security.

Future Trends to Watch

The AI exposure gap isn’t a static problem; it’s likely to worsen as AI becomes more pervasive. Several trends will exacerbate the challenge:

  • Increased AI Complexity: AI models will develop into more complex, making it harder to understand their internal workings and potential vulnerabilities.
  • AI-Powered Attacks: Attackers will increasingly leverage AI to automate and refine their attacks, making them more sophisticated and tough to detect.
  • Expansion of Non-Human Identities: The number of AI agents and service accounts will continue to grow, increasing the risk associated with non-human identities.
  • Decentralized AI Development: More AI development will occur outside of centralized IT departments, leading to shadow AI and increased security risks.

FAQ

Q: What is the “AI exposure gap”?
A: It’s the growing mismatch between the speed of AI and cloud adoption and the ability of security teams to assess and remediate associated risks.

Q: How significant is the risk from third-party code?
A: 86% of organisations have third-party code packages with critical vulnerabilities, and 13% have deployed compromised packages.

Q: What is exposure management?
A: It’s the process of identifying, evaluating, and prioritizing risks across all potential attacker entry points.

Did you know?

Non-human identities (AI agents, service accounts) now present a higher risk profile than human users, according to Tenable’s research.

Want to learn more about securing your cloud environment? Explore our other articles on cloud security best practices.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Cybersecurity not just technical concern, needs to be Board-level business priority, says Elastic chief

by Chief Editor
written by Chief Editor

The Evolving Cybersecurity Landscape: From IT Issue to Boardroom Imperative

The relentless march of artificial intelligence (AI) and the ever-increasing digitization of modern life are fundamentally reshaping the cybersecurity landscape. No longer solely a technical concern for IT departments, cybersecurity is rapidly ascending the corporate agenda to become a critical business priority demanding the attention of boards and senior leadership.

The Data Deluge: Fueling AI and Expanding Risk

We are living in an age of unprecedented data growth. Estimates suggest that downloading all the internet data generated in a single year – 2024 – would take 181 million years. However, a significant portion of this data isn’t entirely new; approximately 90% consists of replicated or reformatted information circulating across various platforms. This data surge isn’t merely a logistical challenge; it’s the very foundation upon which AI systems operate.

As Mandy Andress, Chief Information Security Officer at Elastic, points out, “What makes AI operate is data. Training models, making decisions, analysing logic – all of that is driven by massive amounts of data.” This reliance on data creates a powerful engine for innovation, but also expands the potential attack surface and introduces new vulnerabilities.

The Rise of Autonomous AI and the “Malicious Insider” Problem

The increasing autonomy of AI systems presents a unique set of challenges. Automation is now essential for managing the complexity of digital environments, but poorly defined guardrails can lead to unintended consequences. Andress warns that an AI agent acting outside of its intended parameters can pose a risk equivalent to a malicious insider.

This highlights a crucial shift in thinking: cybersecurity is no longer just about defending against external threats. It’s about mitigating the risks associated with the systems we create, even those designed to protect us.

From Resilience to Anti-Fragility: A New Approach to Security

Traditional cybersecurity strategies have focused on resilience – the ability to recover quickly from disruption, whether caused by ransomware, data breaches, or system intrusions. While resilience remains vital, Andress advocates for a more ambitious goal: anti-fragility.

“Anti-fragility is getting stronger in the face of chaos,” she explains. This means building systems that not only withstand attacks but actually improve and adapt as a result of them. Achieving anti-fragility requires a proactive approach to security, including regular scenario planning exercises that involve not only technical teams but also executives, legal counsel, and communications leaders.

The Board’s Role: Cybersecurity as Existential Risk

The implications for corporate governance are clear. Cybersecurity can no longer be treated as a purely operational or IT function. It’s an existential business risk that demands the attention of the board. Boards and senior leadership teams must prioritize cyber preparedness as central to corporate survival.

Preparing for the Future: Key Considerations

Scenario Planning and Simulation

Regularly conduct realistic cyber crisis simulations involving all relevant stakeholders. This ensures a coordinated response when – not if – an incident occurs.

Data Governance and Minimization

Implement robust data governance policies to minimize the amount of sensitive data stored and processed. Focus on collecting only the data that is truly necessary.

AI Security Best Practices

Develop and implement security best practices specifically tailored to AI systems, including robust testing and validation procedures.

Continuous Monitoring and Threat Intelligence

Invest in continuous monitoring and threat intelligence capabilities to detect and respond to emerging threats in real-time.

FAQ

Q: What is anti-fragility in the context of cybersecurity?
A: Anti-fragility is the ability of a system to not only withstand shocks but to actually improve and become stronger as a result of them.

Q: Why is cybersecurity now a board-level concern?
A: Because the potential impact of a cyberattack can be catastrophic, threatening the very survival of the organization.

Q: What role does data play in AI security?
A: Data is the fuel that powers AI systems. Securing data is therefore paramount to securing AI.

Q: What is the difference between resilience and anti-fragility?
A: Resilience is about bouncing back from disruption. Anti-fragility is about getting stronger *because* of disruption.

Did you know? The amount of data generated globally is increasing exponentially, creating both opportunities and challenges for cybersecurity.

Pro Tip: Regularly review and update your cybersecurity policies and procedures to ensure they are aligned with the latest threats and best practices.

Desire to learn more about building a resilient cybersecurity posture? Explore our other articles on the topic or subscribe to our newsletter for the latest insights.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Is China’s ‘reverse Great Firewall’ quietly blocking global access to official data?

by Chief Editor
written by Chief Editor

China’s “Reverse Great Firewall”: A Growing Information Blackout

Access to Chinese public information is becoming increasingly restricted for those outside the country, according to a recent study. A growing number of official Chinese government websites are inaccessible to overseas researchers, policymakers, businesses, and even casual internet users. This isn’t a sudden shift, but a gradual contraction that experts are calling a “reverse Great Firewall.”

The Rise of Geo-Blocking

For years, the “Great Firewall” has been synonymous with China’s control over information *within* its borders, censoring content and restricting access to foreign websites. Now, China appears to be implementing similar tactics to control the flow of information *out* of the country. This new approach centers on geo-blocking – a technique that identifies a user’s location via their IP address and restricts access accordingly.

Vincent Brussee, a PhD candidate at Leiden University in the Netherlands and author of a recent paper on the subject published in the Journal of Cybersecurity, notes that China is “pioneering geo-blocking in the same way as they pioneered the ‘original’ Great Firewall.” This suggests a deliberate strategy to prevent foreign data mining and open-source intelligence gathering.

Why the Change? Concerns Over Data Security and Control

The motivations behind this shift are likely multifaceted. Increased concerns over data security and the desire to control the narrative surrounding China are key drivers. By limiting access to official information, Beijing can potentially shape the understanding of its policies and actions on the international stage.

This also impacts businesses operating in or researching the Chinese market. Access to official data is crucial for due diligence, market analysis, and risk assessment. The shrinking availability of this information creates challenges and uncertainties for foreign companies.

Implications for Open-Source Intelligence

Open-source intelligence (OSINT) relies heavily on publicly available data. The “reverse Great Firewall” directly undermines OSINT efforts focused on China. Researchers and analysts who previously relied on Chinese government websites for information will now face significant obstacles. This could lead to a greater reliance on less reliable sources or increased costs associated with alternative data collection methods.

What Does This Mean for the Future?

The trend towards increased information control is likely to continue. We can anticipate several potential developments:

  • Expansion of Geo-Blocking: More Chinese government websites and databases will likely turn into inaccessible from outside the country.
  • Sophisticated Blocking Techniques: China may employ more advanced techniques to circumvent VPNs and other tools used to bypass geo-restrictions.
  • Increased Focus on Domestic Narratives: Beijing will likely prioritize the dissemination of information through state-controlled media channels, further shaping the global perception of China.
  • Greater Scrutiny of Data Collection: Increased regulation and oversight of data collection activities by foreign entities within China.
Pro Tip: When researching China, diversify your sources. Relying solely on official Chinese government websites is no longer a viable strategy. Explore academic databases, international organizations, and reputable news outlets.

FAQ

Q: What is the Great Firewall?
A: The Great Firewall is the combination of legislative actions and technologies used by China to regulate the internet within its borders.

Q: What is geo-blocking?
A: Geo-blocking restricts access to online content based on a user’s geographic location, typically determined by their IP address.

Q: Will VPNs still work to access blocked websites?
A: While VPNs can sometimes bypass geo-restrictions, China is actively working to block VPN services, so their effectiveness is not guaranteed.

Q: What impact will this have on businesses?
A: Businesses may face challenges in gathering market intelligence and conducting due diligence in China due to limited access to official data.

Q: Is this a new phenomenon?
A: While the term “reverse Great Firewall” is recent, the trend of restricting access to information for foreign entities has been gradually increasing.

Want to learn more about cybersecurity and information control? Explore our other articles or subscribe to our newsletter for the latest updates.

0 comments
0 FacebookTwitterPinterestEmail
Newer Posts
Older Posts