David Strom


Latest from David Strom

Software supply chain attacks are multiplying, but so are strategies to avoid them

By now most information technology managers are painfully aware of the consequences of software supply chain attacks. Thanks to exploits affecting the supply chains of SolarWinds,  Log4Shell and 3CX, the power and widespread damage inflicted by these attacks on thousands of businesses are certainly well-known. To try to remedy things, a raft of new supply ...

Well-known security consultant ‘Mudge’ is once again on the move

The former hacker known as Mudge is once again on the move. Mudge, the alias for Peiter Zatko (pictured, center), was the former head of security back when X Corp. was known as Twitter. He is now a consultant for the U.S. Cybersecurity and Infrastructure Security Agency, the Washington Post reported yesterday. Zatko has worked ...

It’s the summer of adversarial chatbots. Here’s how to defend against them

This has been the summer of adversarial chatbots. Researchers from SlashNext Inc. and Netenrich discovered two such efforts, named WormGPT and FraudGPT. These cyberattack weapons are certainly just the beginning in a long line of products that will be developed for nefarious purposes such as creating very targeted phishing emails and new hacking tools. Both are ...

How Kremlin-backed social media campaigns continue to spread disinformation

A new report sponsored by the European Commission has found that social media has played a key role in the spread of Russian-backed disinformation campaigns since their war with Ukraine began. “Over the course of 2022, the audience and reach of Kremlin-aligned social media accounts increased substantially all over Europe,” the researchers stated in the ...
ANALYSIS

Google’s new use of generative AI could boost ‘fuzzing,’ a longtime cybersecurity defense tool

Google LLC’s new application of generative AI to a tried-and-true cybersecurity method called fuzzing could help elevate it into the top tray of enterprises’ defensive tool chests. Fuzzing is the process by which security researchers use various automated tools to cycle rapidly through random data inputs to make the target code crash or yield unexpected ...

Phishing as a service continues to plague business users

Greatness isn’t always a good thing. This past year has seen a lot of it — that is, in the form of an innovative phishing-as-a-service malware construction kit of the same name now in active usage. The Greatness malware attempts to put everything an attacker needs into one tidy package, so that anyone can fill ...

North Korea Lazarus Group beefs up its malware attacks once again

A group of North Korean hackers group continues to threaten networks and businesses around the world, now with ever more sophisticated new attacks. Lazarus has been behind some very nasty exploits, including the double software supply chain attack on 3CX this past March and one of the largest thefts of cryptocurrency from the Ronin Network in ...

Pam Baker’s new book ‘ChatGPT for Dummies’ illuminates chatbots for pros and neophytes alike

Readers who have somehow escaped learning about ChatGPT and other AI-based chatbots should read a new book by my longtime freelancing colleague Pam Baker, “ChatGPT for Dummies.” Baker has been covering various AI-related topics for nearly a decade, including writing several books on machine learning and data science. She has a long business-to-business tech resume, ...

Microsoft once again revokes VeriSign digital certificates: Here’s why it matters

Once again, Microsoft Corp. has revoked a collection of what once were VeriSign Inc.’s digital certificates, another sign of how fragile that foundational digital ecosystem is. The action was confirmed by security firm Airlock Digital in a blog post last week, after it received customer complaints that certificates using VeriSign’s Class 3 Public Primary Certification Authority ...
ANALYSIS

Meta’s Facebook finally supports end-to-end message encryption: four lessons for IT managers

The importance of end-to-end encryption of digital messages is getting new attention with the announcement that Meta Platforms Inc.’s Facebook will partly add the feature to its Messenger product now, and eventually for all use cases such as group chats by year-end. It’s an important step, since E2EE, as it’s known for short, is a ...