Posts for: #Cybersecurity

Passkeys, FIDO Keys, and the Death of SMS MFA: What Small Businesses Should Actually Do Next

#security  #mfa  #passkeys  #fido2  #smb  #authentication 
On January 9, 2024, the official U.S. Securities and Exchange Commission Twitter account announced that the SEC had approved Bitcoin ETFs. Bitcoin’s price spiked roughly 10 percent in minutes. The announcement was fake — attackers had SIM-swapped the phone number linked to the SEC’s account, intercepted the verification code, and posted on the SEC’s behalf. The actual approval came the next day. The SEC is not a small business. It has a legal team, a security team, and a public-facing communications infrastructure.
[Read more]

The Ransomware Playbook Has Been Rewritten: How AI Is Automating the Attack Chain

#ransomware  #ai  #cybersecurity  #threat-intelligence  #attack-chain  #llm  #edr  #byovd  #smb  #extortion 
The Ransomware Playbook Has Been Rewritten: How AI Is Automating the Attack Chain Abstract Between 2024 and 2026, artificial intelligence transformed ransomware from a skilled-labor-intensive crime into an automated industrial operation. Threat actors now leverage large language models for reconnaissance and target profiling, generative AI for flawless spear-phishing and deepfake-enabled business email compromise, AI-orchestrated lateral movement that compresses breakout times to a median of 29 minutes, and emerging Ransomware-as-a-Service platforms that advertise AI-powered negotiation as a core product feature.
[Read more]

Post-Quantum Cryptography: The Race Before Q-Day

#post-quantum-cryptography  #pqc  #quantum-computing  #cryptography  #nist  #encryption  #harvest-now-decrypt-later  #lattice-cryptography  #cybersecurity  #key-management  #crypto-agility  #compliance 
Post-Quantum Cryptography: The Race Before Q-Day The threat that keeps cryptographers awake isn’t a breach happening today. It’s the data that was stolen last year — sitting in an adversary’s archive, waiting for a quantum computer that doesn’t exist yet. By the time that computer arrives, the window to do anything about it will have already closed. Why This Problem Is Different Most security threats are reactive — an attacker exploits a vulnerability, a defender patches it.
[Read more]

Shadow AI: The New Shadow IT

#shadow-ai  #shadow-it  #ai-security  #vibe-coding  #ai-governance  #data-exfiltration  #compliance  #cybersecurity  #enterprise-security 
Shadow AI: The New Shadow IT Shadow AI is what happens when the productivity pull of generative AI outruns the governance infrastructure of organizations trying to contain it. It is Shadow IT with a faster clock speed, a bigger blast radius, and a compliance liability your legal team hasn’t fully priced in yet. The Pattern We’ve Seen Before Security teams have spent the better part of two decades chasing Shadow IT — the proliferation of unsanctioned applications, services, and devices that employees adopt because approved tools are too slow, too clunky, or simply don’t exist yet.
[Read more]