Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Humidifier Review’ appeared first on Security Boulevard.

For NSX customers and partners who are Star Trek fans, VMware getting absorbed into the huge Broadcom product line might remind them of the Borg collective: “Resistance is Futile!” I lived through similar events when I was at IronPort, and we got purchased by Cisco. We were able to keep interest in the email security […]

The post Did the Broadcom Acquisition of VMware Leave You Feeling High-and-Dry? appeared first on ColorTokens.

The post Did the Broadcom Acquisition of VMware Leave You Feeling High-and-Dry? appeared first on Security Boulevard.

Data privacy in healthcare is more important than ever, but few people fully understand how it works and why it’s necessary. Learn more about what data privacy in healthcare means and how medical organizations practice it in this detailed guide.

The post What is data privacy in healthcare? everything you need to know appeared first on Security Boulevard.

This is the fourth installment in a multi-part series on evaluating various RAG systems using Tonic Validate, a RAG evaluation and benchmarking platform.

The post RAG evaluation series: validating the RAG performance of Amazon Titan vs Cohere using Amazon Bedrock appeared first on Security Boulevard.

The cybercrime underground represents a vast marketplace for stolen data, hacking tools and nefarious knowledge. The steady stream of breached data that is pumped in usually gets recycled into fraud. That stream is more accurately described today as a flood. New data reveals that US companies were forced to issue over 1.7 billion data breach notifications to their customers in 2024, due primarily to cyber-attacks.

The post Why the Fight Against Fraud Begins with Data-Centric Security appeared first on Security Boulevard.

Palo Alto, USA, 30th January 2025, CyberNewsWire

The post SquareX Discloses “Browser Syncjacking” , a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk appeared first on Security Boulevard.

The post From Chaos to Control: Mastering the 3 Rs of Cybersecurity appeared first on Votiro.

The post From Chaos to Control: Mastering the 3 Rs of Cybersecurity appeared first on Security Boulevard.

The global network security market is on track to reach $38 billion by 2029, growing at a 10% annual rate, according to a report from Dell’Oro Group.

The post Network Security Market to Hit $38 Billion by 2029: Cloud, AI Drive Growth appeared first on Security Boulevard.

The popular and controversial Chinese social media app TikTok is pushing forward with Project Clover, a €12 billion, 10-year initiative aimed at bolstering the protection of European user data.

The post TikTok’s Project Clover Evolves With PETs, Data Access Controls appeared first on Security Boulevard.

DeepSeek is a Chinese artificial intelligence startup that has recently garnered significant attention for its AI chatbot, which rivals leading models like OpenAI’s ChatGPT. DeepSeek has encountered several issues recently. The U.S. Navy has banned its members from using the DeepSeek app due to concerns over potential security and ethical issues, fearing that sensitive user […]

The post Major AI Security Breach: DeepSeek’s Database Exposed Sensitive Data first appeared on StrongBox IT.

The post Major AI Security Breach: DeepSeek’s Database Exposed Sensitive Data appeared first on Security Boulevard.

In recent years, the healthcare sector has emerged as a primary target for cyberattacks, which is mainly due to the highly sensitive nature of medical information.

The post Transforming Healthcare Security: Why Zero-Trust is Essential appeared first on Security Boulevard.

Cybersecurity is no longer just an IT issue—it’s a business imperative that affects every department within an organization. Organizations must direct the responsibility for security beyond the Chief Information Security Officer (CISO) to all leaders throughout the C-Suite because cyber threats evolve and regulations grow strict. Each executive within the company contributes to enhancing security […]

The post Cybersecurity Responsibilities Across the C-Suite: A Breakdown for Every Executive first appeared on StrongBox IT.

The post Cybersecurity Responsibilities Across the C-Suite: A Breakdown for Every Executive appeared first on Security Boulevard.

Discover the top 6 DMARC solutions for MSPs to improve email security, prevent spoofing, and streamline DMARC monitoring for your clients.

The post Top 6 DMARC Solutions for MSPs in 2025 appeared first on Security Boulevard.

AI - Top-of-Mind in 2025
madhav
Thu, 01/30/2025 - 05:25

“Round and round and round we go. Where we stop, nobody knows,” goes the popular children’s refrain. The same could be said of the AI merry-go-round as security analysts, lawmakers, and consumers alike process its break-neck evolution and hold tight for the ride ahead.

But the AI roller coaster is just one ride at the park. Also worth noting are impending advancements in quantum computing, a rise in deepfakes prompting a crack-down on identities, and data privacy conversations moving to priority one for many of the world’s largest stages.

Here’s a look at what we think is in store for artificial intelligence in 2025.

Where AI is heading in 2025

It’s hard to believe that ChatGPT was released just a little over 24 months ago (opening the floodgates for generative AI). Nothing has taken up so much mindshare in the security space since the internet became, well, the internet. Now we are here, grappling with the challenges and gearing up for whatever 2025 will bring.

And what is that exactly? We predict a few things:

• AI-based social engineering running rampant | Sophisticated, word-perfect AI-based phishing attacks will increase the number of breaches due to increasingly persuasive social engineering techniques. These include perfect spelling and grammar, the ability to communicate perfectly in virtually any language, and AI-generated profiles of users that analyze and copy their style of writing and speech, as well as voice-changing techniques and deepfake videos.
• New IAM tools to respond to AI-based threats | Synthetic AI-generated content will drive the adoption of identity and access management (IAM) tools like digital identity wallets, biometric identity verification, and AI/ML-powered document verification, especially in the financial sector.
• Enforcement of the EU AI Act | Countries grappling with the EU AI Act and other AI-based legislation as they struggle to meet mandated requirements for the safe and ethical use of artificial intelligence. Phased compliance deadlines range from 2 February 2025 to 2031, with at least one new metric to meet yearly.
• A Global AI legislative evolution | Other AI-based mandates will continue to emerge, such as a potential AI bill from the US (currently, no comprehensive AI legislation exists). The UK will continue to enforce its AI regulatory framework, outlined in a 2023 White Paper, and other countries will look to adopt additional AI-governing policies to establish data sovereignty and ensure data privacy.
• AI regulatory sandboxes | We might see the rise of AI regulatory sandboxes, or controlled environments in which organizations can safely test and develop their AI-based offerings before putting them on the market (and subjecting them to legislative oversight).

Quantum Computing and Crypto Agility

If GenAI is powerful, GenAI plus the power of quantum computing has the potential to “catapult AI’s capabilities into a realm where it can solve complex problems faster, generate more sophisticated and nuanced outputs, and unlock mysteries across various fields." As has been true so far, this can be both good and bad.

In anticipation, NIST released its first sets of post-quantum encryption standards. System admins are encouraged to transition over “as soon as possible,” and NIST already has its second set of algorithms underway. Hence, we anticipate crypto agility will be a major business imperative of 2025, with crypto centers of excellence cropping up among major enterprises. Large organizations will need to stay (or become) crypto-agile to keep pace with quantum-resistant cryptography.

Third Parties and B2B Identities

Third-party identities will face increased scrutiny as supply chain attacks continue to gain prominence in the public security consciousness. Enterprises are expanding their third-party reach in the inevitable growth towards increased digital connectedness, and that trend is only likely to continue. External identities will soon outnumber internal identities 3:1.

This will drive an increased need for organizations to understand business-to-business (B2B) identities, which has not been an area of much focus historically. We predict this will change in 2025, with B2B identity security taking up an increased share of organizations’ strategic security planning.

Data Security and Privacy Legislation

Currently, the US lags behind other international entities, like the EU, in comprehensive data privacy legislation. Typically allocated to states’ decision-making processes, we predict that the data privacy discussion in the US will evolve along more federal lines in the coming year.

The American Privacy Rights Act (ARPA), introduced in 2024, is still awaiting approval. The needle will likely continue to move in this direction as advances in AI (and geopolitical threats) bring increased risk to personally identifiable data (PII) and other federally held classified information pertaining to national security. As risks to critical infrastructure increase, we predict that comprehensive federal data privacy laws will become an ever-bigger topic of discussion in the US.

Internationally and domestically, new regulations such as NIS2, DORA, PCI DSS 4.0, the UK Cyber Resilience Act, and the EU AI Act will likely push companies to re-examine their practices and double down on governance, risk, and compliance.

Conclusion

We are in a time when changes come quickly, and organizations must stay light on their feet. Those hoping to weather 2025 well will need to stay attuned to current trends because they are coming regardless of whether teams are ready.

AI will play an ever-larger role in “business as usual” within the digital realm. Supply chains will continue to grow, so long-term plans for scaling them securely need to be in place. Companies must start planning now to adjust to future changes in computing and compliance.

As teams plan for what’s ahead, one underlying theme unifies what might seem like otherwise disparate directions. Protecting access to sensitive data still matters most, and organizations that can maintain strong data protection policies will keep the “big picture” in sight.

Data Security Cloud Computing Regulation and compliance

Chris Harris | Associate VP, Sales Engineering
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "How AI is Shaping Cybersecurity Trends in 2025",
"description": "Discover the key cybersecurity trends for 2025, including AI advancements, quantum computing, and evolving data privacy legislation, and learn how to prepare your organization.",
"image": "https://cpl.thalesgroup.com/sites/default/files/content/white-paper/tn/2025-AI-Security-Predictions.webp",
"author": {
"@type": "Person",
"name": "Chris Harris",
"url": "https://cpl.thalesgroup.com/blog/author/charris"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2025-01-30",
"mainEntityOfPage": "https://cpl.thalesgroup.com/blog/data-security/how-ai-is-shaping-cybersecurity-trends-2025",
"dateModified": "2025-01-30"
}

basic

The post AI – Top-of-Mind in 2025 appeared first on Security Boulevard.

OpenAI and Microsoft suspect theft, highlighting the need for better AI security

The post One Explanation for DeepSeek’s Dramatic Savings: IP Theft appeared first on Security Boulevard.

Discover how Alibaba's Qwen 2.5-Max AI model with Mixture-of-Experts architecture outperforms DeepSeek V3 in key benchmarks, challenges OpenAI, and revolutionizes healthcare, finance, and content creation. Explore technical breakthroughs and industry implications.

The post Alibaba’s Qwen 2.5-Max: The AI Marathoner Outpacing DeepSeek and Catching OpenAI’s Shadow appeared first on Security Boulevard.

Author/Presenter: Gregory Carpenter, DrPH

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Tough Adversary Don’t Blame Sun Tzu appeared first on Security Boulevard.

Security teams can now validate WAF rules before they hit production, thanks to Impart Security's new WAF Rule Tester. No more crossing fingers and hoping for the best when deploying new rules.

The Old Way: Hope-Driven Security

‍

Traditionally, testing WAF rules has been a nerve-wracking experience:

- Push rules to production in monitor mode

- Wait anxiously for days to spot issues

- Hope nothing breaks while you wait

- Struggle to simulate sophisticated attacks and edge cases

- Cross your fingers and promote to blocking mode

The Better Way: Test-Driven Security

‍

WAF Rule Tester brings confidence and speed to WAF management through powerful test cases that let you:

- Validate rules against synthetic HTTP traffic in seconds, not days

- Simulate complex scenarios including business logic attacks

- Test rule interactions and chain effects

- Verify blocking, rate limiting, and detection behaviors

- Integrate WAF testing directly into your CI/CD pipeline

How It Works

‍

1. Define your test case with synthetic HTTP requests/responses

2. Configure your expected behaviors and assertions

3. Run the test and get results in seconds

4. Deploy with confidence knowing exactly how your rules will behave

‍

Ready to bring confidence to your WAF management?

- Follow us on LinkedIn for product updates

- Schedule a demo to see WAF Rule Tester in action

Don't let WAF testing be your security team's bottleneck. With WAF Rule Tester, you can move fast AND stay secure.

‍

The post Introducing WAF Rule Tester: Test with Confidence, Deploy without Fear | Impart Security appeared first on Security Boulevard.

Instantly assess your website’s vulnerability to bot attacks with DataDome’s free Bot Vulnerability Assessment. Get real-time insights & secure your business today.

The post How to Instantly Assess Your Vulnerability to Bot Attacks appeared first on Security Boulevard.

Identity management has long been a pillar of any sound cybersecurity program, ensuring that only authorized persons and machines have access to specific data and systems. Today, the rapid adoption of artificial intelligence (AI) is making it much more complicated to manage the identities of machines, making the appearance of the OWASP Non-Human Identities Top 10 very timely.

The post The OWASP NHI Top 10 and AI risk: What you need to know appeared first on Security Boulevard.