Securin Inc.

🎙 Securin's Ram Movva joined Ivanti’s Chris Goettl on the Security Insights podcast to talk all things vulnerability intelligence, from risk-based prioritization to attack surface management and emerging trends in ransomware. If you’ve ever wondered… 🔥 How machine learning algorithms adapted from war zones help predict which software vulnerabilities will be weaponized - and when. 🔥What the top five attack surfaces are. 🔥Why external attack surface management matters.    Have a listen and find out 👇 #ProactiveSecurity #AttackSurfaceManagement #Cybersecurity https://lnkd.in/epbWDHWg

🔒✨ October is Cybersecurity Awareness Month! ✨🔒At Securin, we are dedicated to keeping organizations protected against cyber threats all year round. Now, more than ever, it is crucial to stay vigilant and proactive in safeguarding our digital assets. Join us in spreading awareness and promoting a safer online environment. Together, we can build a stronger cybersecurity culture and protect what matters most. Stay tuned for more updates and tips throughout Cybersecurity Awareness Month! #Securin #CybersecurityAwarenessMonth #StaySecure

Securin is excited to be hosting the AI Vulnerability Hunt at this year's Response Con! Who will win the grand prize?! Sign up and it might be you! #pentesting #penetrationtesting #cybersecurityevent #cybersecurity

Vulnerability Intelligence with Securin Inc. Ram Movva joins the show to talk about all things vulnerability intelligence: how to prioritize according to risk, manage your external attack surface and emerging trends in ransomware and security. https://lnkd.in/dmidrid5

🚨Arkansas City’s rapid switch to manual operations no doubt played a significant role in averting a more serious outcome, but cyberattacks on water facilities and other critical infrastructure remain a significant threat – and the best strategy for mitigation is risk-based, proactive cybersecurity. ⚠️ Critical infrastructure and municipal systems often operate in environments where poorly configured remote access/default password use and unpatched/outdated software are widespread. ⚠️ While the specific details around this attack are still emerging (unconfirmed reports suggest ransomware was involved), CISA recently issued an advisory on Iran-based attackers targeting US operational technology through what it called “unsophisticated means” – mainly internet-exposed Industrial Control Systems (ICS) and operational technology (OT). With more than 150,000 public water systems in the US, there is growing concern and awareness around what’s at stake. 💡 What can critical infrastructure organizations do to protect their systems? Proactive cybersecurity is a long-term strategy, but some very quick wins include: 1️⃣ Vet and secure all remote access services *now* - LogMeIn, VNC cloud connection etc. 2️⃣ Vet and secure all systems exposed to the business internet. 3️⃣ Eliminate the use of default credentials.  4️⃣ Prioritize and patch outdated systems *before* they become an issue. Effective incident response is crucial, but it’s only one aspect of a best practice strategy underpinned by a proactive approach to cybersecurity. #proactivecybersecurity #criticalinfrastructure https://lnkd.in/gqMti6ks

🤖 Both the USA and EU have mandated a risk-based approach to AI development. What does that mean for software and application developers? Securin's Ram Movva and Aviral Verma share their thoughts in this InfoWorld opinion piece. 🔺 For many organizations, the risk will vary, depending on the data they use. But however you slice it, proactive security will be at the heart of driving security by design, as regulations increasingly require the ability to find weaknesses *before* they become vulnerabilities. Get the full story 👇 https://lnkd.in/guDDqvPV #AI #SecureByDesign #ProactiveSecurity

Now that the dust has settled on the summer cybersecurity conferences, what are some of the top priorities security leaders should continue to consider in 2024?  Securin’s Aviral Verma gave us his top 3: 💡 Finding the signal in the noise - adopting a proactive approach to security. Building the capacity not just to identify but to prioritize risk. 💡 Understanding the nature of weakness in code as it applies to your organization. If you focus your priorities exclusively on the MITRE Top 25, there’s a good chance you’ll miss the highly weaponized, less known weakness that is highly relevant to your specific systems. Until it finds you. 💡 Software supply chain risk: supply chain and third-party risks accounted for 15% of breaches last year. It’s a harsh reality that organizations need to confront this trend and evaluate their partners’ cybersecurity practices. It’s time we asked more of them, starting with areas such as completing a standardized security questionnaire based on frameworks, like the NIST Cybersecurity Framework (CSF) or ISO 27001. These could cover topics like network segmentation and access controls, patch management and vulnerabilities management, among others. We’re still seeing vulnerabilities like XSS (CWE-79) being coded into modern applications - there is really no need for this to be happening in 2024. 🎯 Remember: if we want secure coding practices, and a focus on eliminating repeatedly exploited software bugs and weaknesses, we have to equip developers with the knowledge and insights they need. As a security leader, what will your top priorities for the coming months be? #cybersecurity #vulnerabilitymanagement #proactivesecurity

🚨 Ransomware is hitting harder than ever in 2024 – payments in H1 2024 totaled almost $460m. Unfortunately, that’s likely to be the tip of a very large iceberg… Research from Chainalysis found that over $1bn in cryptocurrency was paid out to ransomware groups by victims in 2023. With median ransomware payments increasing from $200,000 in 2023 to $1.5m by June this year, something clearly has to give. 🛑 At the heart of the problem: Weakness in software continues to provide attackers with a rich vein of access to big payouts. And because they’re often designed by non-security-focused engineers and are publicly accessible, web applications have become a primary target. Research by Securin analysts earlier this year showed 109 weaknesses linked to vulnerabilities known to be exploited by ransomware and threat actor groups. With an average of 55 days to remediate 50% of critical vulnerabilities, ransomware groups are having a field day. 💡 What can you do? We can start by making software more secure. Our blog gives you some of the key actions developers and DevSecOps can take, including: input validation and sanitization, memory safety practices, and privilege management. Link in the comments 👇 https://lnkd.in/gwa6WRvR #proactivesecurity #ransomware #cybersecurity

Exciting Announcement from El Paso InfraGard! We are thrilled to announce our two-day Response Con on October 17th and 18th, 2024! This event will feature top-notch subject matter experts in emergency response and cyber incident response. Spaces are limited. Reserve your seat today! Don’t miss this opportunity to enhance your knowledge and network with professionals in the field. #ResponseCon2024 #EmergencyResponse #IncidentResponse #ElPasoInfraGard

It’s always been clear that AI impacts cybersecurity, but it’s a two-way street: where AI is increasingly being used to predict and mitigate attacks, the applications are themselves vulnerable – the same automation, scale and speed everyone’s excited about are also available to cybercriminals and threat actors. Although far from mainstream  - yet - malicious use of AI has been growing. From generative adversarial networks to massive botnets and automated DDoS attacks, the potential is there for a new breed of cyberattack that can adapt and learn to evade detection and mitigation. In this environment, how can we defend AI systems from attack? What forms will offensive AI take? What will the threat actors’ AI models look like? Can we PenTest AI - when should we start and why? As businesses and governments expand their AI pipelines, how will we protect the massive volumes of data they depend on? For insight into exactly what vulnerability looks like in AI /ML libraries, Securin’s analysts took a deep dive into the programming libraries and packages that form the foundation of today’s AI and ML developments. Here’s what they found: https://lnkd.in/gyK_c6As #proactivesecurity #AI  #cybersecurity