Tag: detection
-
Dataminr Launches Cyber Defense Suite That Fuses External Threat Signals With Internal Telemetry
Dataminr used RSAC 2026 to roll out Dataminr for Cyber Defense, a new product suite the company says is designed to move security teams from alert-driven response to preemptive, risk-prioritized action. The suite aims to combine Dataminr’s real-time event and threat detection with an organization’s internal telemetry so teams can quickly determine what matters to..…
-
Expel Launches Managed SIEM to Take Detection Engineering Off Security Teams’ Plates
Expel launched Managed SIEM on Monday at RSAC 2026, a co-managed service that puts the company’s detection engineers directly inside customers’ Microsoft Sentinel and Splunk Enterprise Security environments. The service is designed to address what Expel calls a fundamental mismatch between what SIEMs promise and what security teams actually end up spending time on. Most..…
-
Tuskira Unveils Federated Detection Engine at RSAC 2026
Tuskira announced its Federated Detection Engine at RSA Conference 2026, adding a new capability to its Agentic SecOps platform that lets security teams detect threats in real time directly across cloud, identity, endpoint, network, SaaS, infrastructure, and legacy SIEM environments without centralizing logs first. The traditional model of detection engineering depends on pulling data into..…
-
BSidesSLC 2025 So You Think You Can Detect? Lisa Li On Detection Testing In Production
Author, Creator & Presenter: Lisa Li , Security Engineer at Scale AI Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-so-you-think-you-can-detect-lisa-li-on-detection-testing-in-production/
-
Defenseless Defenders: Exploring Endpoint Detection and Response (EDR) Inhibitors
Learn how adversaries are shifting from evasion to systematically dismantling endpoint defenses to eliminate visibility, enforcement, and response. Explore how modern EDR inhibition techniques abuse legitimate system features and vulnerable drivers to quietly degrade protections with minimal detection. Understand why this once-advanced tradecraft is now standard practice”, and how it creates a critical blind spot…
-
Straiker Launches Discover AI and Expands Defend AI to Secure Enterprise Agent Deployments
Straiker arrived at RSAC 2026 with two products aimed squarely at the growing security gap in enterprise AI deployments: Discover AI, a new agent inventory and risk detection tool, and an expanded version of Defend AI built to handle the specific behaviors of coding agents, productivity agents, and custom-built agent platforms. The premise behind both..…
-
SentinelOne Announces AI Agent Security, Red Teaming, and Auto Investigation GA at RSAC 2026
SentinelOne used RSAC 2026 to push deeper into AI-native security, announcing four new offerings that extend its platform from threat detection into the governance and testing of AI systems themselves. The first is Prompt AI Agent Security, a real-time discovery and governance control plane built for AI agents and agentic workflows. It monitors and enforces..…
-
Kritische Lücke zwischen Erkennung und Eindämmung von Cyberangriffen
98 % der deutschen Organisationen sind überzeugt, Angriffe erkennen zu können doch fast 40 % haben Schwierigkeiten, sie zu stoppen, während die Anzahl KI-gestützter Angriffe weiter zunimmt. Die Studie »The Containment Gap Exploring the Distance Between Detection and Resilience« hat CyberEdge Group im Auftrag von Illumio durchgeführt (Bildquelle: Illumio) Eine neue… First seen on ap-verlag.de…
-
When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com Part Three
Dear blog readers, Continuing the “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Two” blog post series in this post I’ll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. …
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Your Lateral Movement Detection Tools Are Missing 90% of Attacks. Here’s Why.
Compare lateral movement detection tools vs. Attack Path Discovery. Understand how Morpheus AI correlates full attack paths in under 2 minutes. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/your-lateral-movement-detection-tools-are-missing-90-of-attacks-heres-why/
-
TDL 018 – How To Think, Not What To Think – Mitch Prior
Tags: access, ai, apple, attack, backup, blockchain, business, cctv, china, ciso, cloud, computer, conference, control, credentials, cvss, cyber, cybersecurity, data, defense, detection, exploit, finance, firmware, google, infrastructure, intelligence, Internet, iot, jobs, law, mail, malware, military, network, phone, privacy, resilience, risk, router, software, strategy, switch, technology, threat, tool, vulnerability, wifi, zero-trustThe Human Algorithm in a Zero-Trust World In the latest episode of The Defender’s Log, host David Redekop sits down with cybersecurity expert Mitch Prior to discuss the intersection of high-tech security and human intuition. From their first meeting in 2018″, the early days of Zero Trust”, the duo explores why the “why” behind technical…
-
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result, First seen…
-
The espionage reality: Your infrastructure is already in the collection path
Tags: access, apt, attack, authentication, breach, ciso, cloud, country, cyber, data, detection, espionage, exploit, governance, government, group, identity, infrastructure, injection, insurance, intelligence, network, risk, risk-assessment, service, spyware, theft, threat, toolCommercial spyware as an intelligence channel: Criminal operators deploying Predator, a spyware suite sold by the sanctioned Intellexa consortium, have been documented across more than a dozen countries. US sanctions haven’t slowed them down an iota. Their targets are not random: journalists, activists, politicians, human”‘rights defenders, government employees and contractors, and other high”‘value individuals. Why?…
-
The espionage reality: Your infrastructure is already in the collection path
Tags: access, apt, attack, authentication, breach, ciso, cloud, country, cyber, data, detection, espionage, exploit, governance, government, group, identity, infrastructure, injection, insurance, intelligence, network, risk, risk-assessment, service, spyware, theft, threat, toolCommercial spyware as an intelligence channel: Criminal operators deploying Predator, a spyware suite sold by the sanctioned Intellexa consortium, have been documented across more than a dozen countries. US sanctions haven’t slowed them down an iota. Their targets are not random: journalists, activists, politicians, human”‘rights defenders, government employees and contractors, and other high”‘value individuals. Why?…
-
54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers.EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize security…
-
Automated Threat Detection for Quantum-Enabled Adversarial Attacks on AI Context
Learn how to protect Model Context Protocol (MCP) from quantum-enabled adversarial attacks using automated threat detection and post-quantum security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/automated-threat-detection-for-quantum-enabled-adversarial-attacks-on-ai-context/
-
Automated Threat Detection for Quantum-Enabled Adversarial Attacks on AI Context
Learn how to protect Model Context Protocol (MCP) from quantum-enabled adversarial attacks using automated threat detection and post-quantum security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/automated-threat-detection-for-quantum-enabled-adversarial-attacks-on-ai-context/
-
Cybercriminals are Winning with AI
AI has become the most powerful tool for financial fraud since the dawn of the Internet. As predicted, criminals are exploiting it faster, more effectively, and at scale. According to the latest Interpol Global Financial Fraud Report, AI-enhanced fraud is now 4.5 times more profitable than traditional schemes. That’s a significant shift and we’re still…
-
That cheap KVM device could expose your network to remote compromise
Stealthy backdoors: A compromised KVM device can become a powerful backdoor in any environment. An attacker can inject keystrokes to execute commands or access UEFI settings to disable security features such as disk encryption and Secure Boot.Because the device operates outside the controlled system’s OS, endpoint detection tools and host firewalls cannot see it. These…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 34 vulnerable drivers.EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize security…
-
SIEM Is Not Dead. It Just Stopped Moving Fast Enough.
I recently joined Tim Peacock and Anton Chuvakin on the Google Cloud Security Podcast to talk about SIEM, AI SOC, pricing, federated architecture, detection engineering, and why network telemetry is quietly becoming important again. The short version is simple: SIEM is not dead. Calling it obsolete makes for good marketing, but it is not a……
-
SIEM Is Not Dead. It Just Stopped Moving Fast Enough.
I recently joined Tim Peacock and Anton Chuvakin on the Google Cloud Security Podcast to talk about SIEM, AI SOC, pricing, federated architecture, detection engineering, and why network telemetry is quietly becoming important again. The short version is simple: SIEM is not dead. Calling it obsolete makes for good marketing, but it is not a……
-
Bolster your defenses and close the codecloud gap with Tenable and OX
Tags: access, ai, application-security, attack, business, ciso, cloud, container, control, data, data-breach, defense, detection, endpoint, exploit, framework, identity, infrastructure, intelligence, Internet, risk, service, software, strategy, technology, threat, tool, training, vulnerabilityToday, cloud security teams face fragmented visibility and the challenge of prioritizing risks while identifying fix owners. A new joint solution from Tenable and OX helps you close the code-to-cloud gap from development through runtime. By combining CNAPP with deep AppSec, this integration is designed to eliminate visibility gaps and accelerate remediation. Key takeaways Bridge…