Security Boulevard

The post How Can Generative AI be Used in Cybersecurity appeared first on AI Security Automation.

The post How Can Generative AI be Used in Cybersecurity appeared first on Security Boulevard.

President Biden’s detailed executive order relating to cybersecurity is great to see.

Biden’s order reflects the importance of cybersecurity at the highest levels – it is an issue of national security and should be treated as such.

One of the … (more…)

The post GUEST ESSAY: President Biden’s cybersecurity executive order is an issue of national security first appeared on The Last Watchdog.

The post GUEST ESSAY: President Biden’s cybersecurity executive order is an issue of national security appeared first on Security Boulevard.

Author/Presenter: Bill Graydon

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Bypass 101 appeared first on Security Boulevard.

Explore the revolutionary Grok AI system in this comprehensive guide. From its sophisticated architecture to real-world applications, discover how this advanced AI assistant integrates with the X platform while maintaining robust privacy and security measures.

The post The Comprehensive Guide to Understanding Grok AI: Architecture, Applications, and Implications appeared first on Security Boulevard.

Gary Perkins, CISO at CISO Global Cybersecurity may seem complex, but it boils down to consistent implementation of best practices. Disabling unnecessary services, securing cloud configurations, enforcing MFA, training employees, and adopting a proactive security mindset are crucial steps to safeguarding your business. In 2025, prioritize these basics to significantly reduce your exposure to threats […]

The post Back to the Basics For 2025: Securing Your Business appeared first on CISO Global.

The post Back to the Basics For 2025: Securing Your Business appeared first on Security Boulevard.

President Biden in the last few days of his administration issued an expansive cybersecurity EO that touched on issues like software supply chain, AI, and foreign adversaries. Many approved of the effort, though there were concerns that the incoming administration will simply shelve it.

The post The Good, the Bad, and the Politics of Biden’s Cybersecurity Order appeared first on Security Boulevard.

Wow. Just Wow: Joseph Robinette Biden Jr. hits the emergency “do something” button.

The post This is HUGE: Biden’s Cybersecurity Exec. Order — Big Parting Gift to Trump appeared first on Security Boulevard.

Prepare for the March 2025 PCI DSS 4.0 compliance deadline! Secure payment data, block skimming attacks, and simplify compliance with DataDome Page Protect.

The post Why PCI Compliance is Critical for Payment Data Protection—and How DataDome Page Protect Can Help appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Uncanceled Units’ appeared first on Security Boulevard.

Cohesity has extended its Cyber Event Response Team (CERT) service to include third-party providers of incident response platforms, including Palo Alto Networks Unit 42, Arctic Wolf, Sophos, Fenix24 and Semperis.

The post Cohesity Extends Services Reach to Incident Response Platforms appeared first on Security Boulevard.

by Source Defense In 2024, Magecart attacks reached new levels of sophistication, targeting thousands of e-commerce websites worldwide. At Source Defense Research, we tracked dozens of campaigns leveraging advanced techniques, from exploiting Google Tag Manager to innovative uses of WebSockets and payment form forgeries. These attacks highlight the adaptability of attackers in the face of

The post Unveiling 2024’s Attack Trends: Insights from Source Defense Research appeared first on Source Defense.

The post Unveiling 2024’s Attack Trends: Insights from Source Defense Research appeared first on Security Boulevard.

AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats Artificial Intelligence (AI) is revolutionizing the cybersecurity landscape, offering advanced tools to predict, detect, and respond to threats with unprecedented speed and accuracy. Among these advancements, Generative […]

The post AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats appeared first on Cyber security services provider, data privacy consultant | Secureflo.

The post AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats appeared first on Security Boulevard.

Authors/Presenters: Ege Feyzioglu & Andrew M

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – RFID 101 appeared first on Security Boulevard.

We created a new tool to help you install and manage BloodHound instances, BloodHound CLI!

GitHub - SpecterOps/bloodhound-cli

Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use whichever operating system you like as your host system for BloodHound. You only need to have Docker installed.

BloodHound CLI dramatically simplifies installation and server management. You can use BloodHound CLI to pull logs and monitor your containers. Read on to learn more about a few of the specific commands.

$ ./bloodhound-cli
BloodHound CLI is a command line interface for managing BloodHound and
associated containers and services. Commands are grouped by their use.

Usage:
bloodhound-cli [command]

Available Commands:
completion Generate the autocompletion script for the specified shell
config Display or adjust the configuration
containers Manage BloodHound containers with subcommands
help Help about any command
install Builds containers and performs first-time setup of BloodHound
logs Fetch logs for BloodHound services
running Print a list of running BloodHound services
version Displays BloodHound CLI's version information

Flags:
-h, --help help for bloodhound-cli

Use "bloodhound-cli [command] --help" for more information about a command. Installing BloodHound

Recently, we talked with some of our community members to learn about their experiences with BloodHound Community Edition. One problem they reported was retrieving the initial password for the default admin user. Previously, installing BloodHound required pulling down the Docker YML file, running the Docker Compose commands, and monitoring the output to grab the initial password.

Now, you only need to run ./bloodhound-cli install and wait. BloodHound CLI will pull the Docker Compose file (if it doesn’t exist), randomly generate an initial password, and then display the initial credentials at the end of the installation.

$ ./bloodhound-cli install
[+] Checking the status of Docker and the Compose plugin...
[+] Starting BloodHound environment installation
[+] Downloading the production YAML file from https://raw.githubusercontent.com/SpecterOps/BloodHound_CLI/refs/heads/main/docker-compose.yml
[+] Downloading the development YAML file from https://raw.githubusercontent.com/SpecterOps/BloodHound_CLI/refs/heads/main/docker-compose.dev.yml
graph-db Pulling
app-db Pulling
bloodhound Pulling
graph-db Pulled
app-db Pulled
bloodhound Pulled
Container bloodhound_cli-graph-db-1 Running
Container bloodhound_cli-app-db-1 Running
Container bloodhound_cli-bloodhound-1 Running
Container bloodhound_cli-app-db-1 Waiting
Container bloodhound_cli-graph-db-1 Waiting
Container bloodhound_cli-app-db-1 Healthy
Container bloodhound_cli-graph-db-1 Healthy
[+] BloodHound is ready to go!
[+] You can log in as `admin` with this password: JqNmrSuFWb5k8qj5EVL0f2OtUppzmZ4Y
[+] You can get your admin password by running: bloodhound-cli config get default_password
[+] You can access the BloodHound UI at: http://127.0.0.1:8080/ui/login

You can customize your installation by setting your initial password or adjusting the default username.

Customizing BloodHound

The config command is here to help you manage your server settings. As mentioned above, you can use it to set the initial username and password manually or set any other value you need in the bloodhound.config.json file. You can also use the config and config get commands to retrieve all config or individual values.

Wrap Up

Whether you’re starting fresh with BHCE or a veteran user, BloodHound CLI makes everything simpler. The tool can manage your configuration, monitor running containers, and pull logs. We will continue developing this new tool to simplify server updates and other maintenance tasks.

You can grab the first release, v0.1.0, here:

Release BloodHound CLI v0.1.0 · SpecterOps/bloodhound-cli

Introducing BloodHound CLI was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Introducing BloodHound CLI appeared first on Security Boulevard.

Advanced persistent threats (APTs) use sophisticated tools and techniques to breach systems and maintain access—all while remaining undetected. Unlike other cyberattacks, APTs work over an extended period, using more resources to achieve specific objectives, such as stealing sensitive data or bringing down operations.

The post Advanced Persistent Threat (APT): Examples and Prevention appeared first on Security Boulevard.

As software applications are built and developed over the years, engineering teams continuously shift perspective on what features to prioritize or de-prioritize. A feature developed five years ago may have no significance today. However, features deemed low priority may still be kept operational for legacy, compatibility, or business requirement reasons. Praetorian discovered such a legacy […]

The post Tarbomb Denial of Service via Path Traversal appeared first on Praetorian.

The post Tarbomb Denial of Service via Path Traversal appeared first on Security Boulevard.

As Southern California continues to battle devastating wildfires, cybercriminals have seized the opportunity to exploit the chaos, targeting vulnerable individuals and organizations.

The post California Wildfires Spark Phishing Scams Exploiting Chaos appeared first on Security Boulevard.

Shopping for OT systems? A new CISA guide outlines OT cyber features to look for. Meanwhile, the U.S. government publishes a playbook for collecting AI vulnerability data. Plus, a White House EO highlights AI security goals. And get the latest on IoT security; secure app dev; and tougher HIPAA cyber rules.

Dive into six things that are top of mind for the week ending Jan. 17.

1 - How to choose cybersecure OT products

Is your organization evaluating operational technology (OT) products for purchase? If so, a new guide from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) aims to help OT operators choose OT products designed with strong cybersecurity features.

The publication, titled “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products,” highlights 12 cybersecurity elements that OT products should have, including:

• Support for controlling and tracking modifications to configuration settings
• Logging of all actions using open-standard logging formats
• Rigorous testing for vulnerabilities and timely provision of free and easy-to-install patches and updates
• Strong authentication methods such as role-based access control and phishing-resistant multi-factor authentication to prevent unauthorized access
• Protection of the integrity and confidentiality of data at rest and in transit

According to CISA, many OT products aren’t designed and developed securely, so they ship with security issues such as weak authentication, known vulnerabilities and insecure default settings. 

In fact, the agency says it’s common for hackers to target handpicked OT products instead of going after specific organizations. Thus, it’s critical for organizations, especially those in critical infrastructure sectors, to pick OT products built securely by using CISA’s “Secure by Design” principles.

“When security is not prioritized nor incorporated directly into OT products, it is difficult and costly for owners and operators to defend their OT assets against compromise,” reads the guide, published in collaboration with other U.S. and international agencies.

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “OT Security Master Class: Understanding the Key Principles, Challenges, and Solutions” (on-demand webinar)

2 - JCDC publishes playbook to collect AI security info 

A new playbook published by the U.S. government aims to facilitate the collective, voluntary sharing of information among AI providers, developers and users about AI vulnerabilities and cyber incidents.

The “AI Cybersecurity Collaboration Playbook” from CISA’s Joint Cyber Defense Collaborative (JCDC) details ways in which AI community members in government and in the private sector – both in the U.S. and abroad – can collaborate to help boost AI security for everybody.

“The development of this playbook is a major milestone in our efforts to secure AI systems through active collaboration,” CISA Director Jen Easterly said in a statement.

AI systems introduce unique cybersecurity challenges which make them vulnerable to attacks including model poisoning, data manipulation and malicious inputs. “These vulnerabilities, coupled with the rapid adoption of AI systems, demand comprehensive strategies and public-private partnership to address evolving risks,” the 33-page playbook reads.

By collecting, analyzing and enriching information on AI vulnerabilities and cyber incidents, CISA would be able to help the AI community in a variety of ways, including by:

• Sharing information to improve detection and prevention of AI threats
• Exposing attackers’ tactics and infrastructure
• Identifying and notifying victims
• Generating threat advisories and intelligence reports
• Offering tailored recommendations, vulnerability management strategies and cyber defense best practices

The playbook’s target audience is operational cybersecurity professionals, including incident responders and security analysts, and its goal is to help them collaborate and share information with CISA and JCDC about AI security.

In addition, CISA also envisions organizations adopting the document’s guidance internally “to enhance their own information-sharing practices, contributing to a unified approach to AI-related threats across critical infrastructure.”

For more information about industry efforts for collaborating on AI security:

• Cloud Security Alliance’s “AI Safety Initiative”
• MITRE’s “AI Incident Sharing initiative”
• Open Worldwide Application Security Project’s “AI Exchange”
• U.S. government’s “Testing Risks of AI for National Security (TRAINS) Taskforce”

3 - New White House cybersecurity EO includes AI requirements

The Biden Administration issued a sweeping cybersecurity executive order (EO) this week aimed at boosting U.S. cyberdefenses, and AI security is one area that it says must be strengthened.

The “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity” calls for promoting security “with and in” AI, saying it can speed up the identification of new vulnerabilities, scale up threat detection and automate cyberdefenses.

“The Federal Government must accelerate the development and deployment of AI, explore ways to improve the cybersecurity of critical infrastructure using AI, and accelerate research at the intersection of AI and cybersecurity,” the executive order reads.

Among the executive order’s requirements for AI are:

• Launching a pilot program on using AI to improve cyberdefense of critical infrastructure in the energy sector. The Secretaries of Energy, Defense and Homeland Security would be in charge of the program, in collaboration with private-sector critical infrastructure organizations. The program may include:
  • vulnerability detection
  • automatic patch management
  • identification and categorization of anomalous and malicious activity across IT or OT systems
• The Secretary of Defense must establish a program to use advanced AI models for cyberdefense.
• The Secretaries of Commerce, Energy and Homeland Security, and the National Science Foundation Director, must prioritize funding for their respective programs that encourage the development of “large-scale, labeled datasets needed to make progress on cyber defense research.”
• The Secretaries of Defense and Homeland Security, and the Director of National Intelligence must incorporate management of AI software vulnerabilities and compromises into their agencies’ process and “and interagency coordination mechanisms for vulnerability management.” These efforts should include incident tracking, response, reporting and sharing AI systems’ indicators of compromise.

These AI-related actions all must be completed at various dates during 2025.

The executive order covers multiple other areas. To get all the details and expert analysis, read our blog “New Cybersecurity Executive Order: What It Means for Federal Agencies” from Robert Huber, Tenable’s Chief Security Officer, Head of Research and President of Tenable Public Sector.

4 - CISA publishes secure software development best practices

Software makers interested in improving the security of their development process and of their products have fresh guidance to peruse.

As part of its “Secure by Design” program, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published cybersecurity recommendations for protecting organizations’ software development lifecycle.

The best practices are organized into two categories — Software development process goals; and Product design goals — and include:

• Software development process goals:
  • Address vulnerabilities before releasing the software product, and publish a vulnerability disclosure policy.
  • Separate all software development environments, including development, build and test, to reduce the lateral movement risk.
  • Enforce multi-factor authentication across all software development environments.
  • Securely store and transmit credentials.
• Product design goals
  • Reduce entire classes of preventable vulnerabilities, such as SQL injection vulnerabilities, memory safety vulnerabilities and cross-site scripting vulnerabilities.
  • Provide timely security patches to customers.
  • Don’t use default password in your products.
  • Let users know when your products are nearing end-of-life status and you will no longer provide security patches for them.

The recommendations “will help to protect the sector from cyber incidents, identify and address vulnerabilities prior to product release, improve incident response, and significantly improve software security,” reads a CISA statement.

To get more details, read the full “Information Technology (IT) Sector-Specific Goals (SSGs)” fact sheet.

For more information about secure software development:

• “CISA Tells Tech Vendors To Squash Command Injection Bugs, as OpenSSF Calls on Developers To Boost Security Skills” (Tenable)
• “Secure Development” (Software Engineering Institute, Carnegie Mellon Univ.)
• “Secure Software Development Framework” (NIST)
• “Secure development and deployment guidance” (UK NCSC)
• “OWASP Developer Guide” (Open Worldwide Application Security Project )

5 - U.S. gov’t launches security label for IoT products

To encourage the development of safer internet of things (IoT) devices for consumers, the U.S. government has introduced a new label for IoT products that meet National Institute of Standards and Technology (NIST) cybersecurity standards.

Called the U.S. Cyber Trust Mark, the label will also help U.S. consumers know which IoT products are more secure, as they shop for internet-connected ware, such as baby monitors, security cameras, refrigerators, garage door openers and thermostats.

“These devices are part of Americans’ daily lives. But Americans are worried about the rise of criminals remotely hacking into home security systems to unlock doors, or malicious attackers tapping into insecure home cameras to illicitly record conversations,” reads a White House statement.

IoT manufacturers will soon be able to seek the U.S. Cyber Trust Mark label by submitting their IoT products to accredited labs for testing. Tests will cover areas including password authentication, data protection, software updates and incident detection. 

IoT products that earn the label will also have a QR code that’ll link consumers to information such as:

• How to change default passwords
• How to configure the device securely
• How to access software updates and patches if they’re not delivered automatically
• The end date of the product’s support period

Participation in the U.S. Cyber Trust Mark program is voluntary for IoT manufacturers. IoT devices excluded from the program include motor vehicles, medical devices, and products used for manufacturing, industrial control and enterprise applications.

To get more details, visit the U.S. Cyber Trust Mark home page.

For more information about securing consumer IoT devices, check out resources from the IoT Security Foundation; the European Telecommunications Standards Institute; TechAccord; Internet Society; the U.K. National Cyber Security Centre; and the International Organization for Standardization (ISO). 

6 - U.S. gov’t seeks tougher cybersecurity rules for health providers

Doctors, hospitals, health insurers and other healthcare organizations may face stricter cybersecurity regulations in the U.S.

That’s because the U.S. government is seeking to tighten the cybersecurity requirements in the Health Insurance Portability and Accountability Act (HIPAA).

The new cybersecurity rules proposed by the Department of Health and Human Services (HHS) include:

• Develop and revise on an ongoing basis a technology asset inventory and a network map that illustrates the movement of electronic protected health information (ePHI) throughout the organization’s electronic information systems.
• Make risk analysis more specific by submitting written assessments that include:
  • A review of the technology asset inventory and network map
  • Reasonably anticipated threats to ePHI’s confidentiality, availability and integrity
  • Potential vulnerabilities to the organization’s electronic information systems
  • A risk-level assessment of identified threats and vulnerabilities
• Strengthen contingency planning and security incident response with steps including:
  • Draft written plans to restore certain electronic information systems and data within 72 hours.
  • Prioritize restoration by analyzing criticality of systems and tech assets.
  • Outline in writing how employees and the organization will respond to known or suspected security incidents.
• Conduct an audit at least once per year to ensure the organization’s compliance with HIPAA’s cybersecurity rules.
• With limited exceptions, encrypt ePHI at rest and in transit and require the use of multi-factor authentication.
• Conduct vulnerability scanning at least every six months, and penetration testing at least once a year.

For more details about HHS’ new proposed HIPAA cybersecurity rules and to submit public comments about them, go to the Federal Register’s “HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information” page. The comment period ends on March 7, 2025.

The post Cybersecurity Snapshot: CISA Lists Security Features OT Products Should Have and Publishes AI Collaboration Playbook appeared first on Security Boulevard.

The dark web is a thriving underground market where stolen data and corporate vulnerabilities are openly traded. This hidden economy poses a direct and growing threat to businesses worldwide. Recent breaches highlight the danger.  

The post How Much of Your Business is Exposed on the Dark Web?  appeared first on Security Boulevard.

While cloud adoption continues to drive digital transformation, the shift to the cloud introduces critical security challenges that organizations must address.

The post Security Concerns Complicate Multi-Cloud Adoption Strategies appeared first on Security Boulevard.