LATEST CYBER SECURITY NEWS AND VIEWS

Home > News

WordPress AI Plugins: Tell me a secret 

Posted on

In our previous blog ‘WordPress Plugins: AI-dentifying Chatbot Weak Spots’ (https://prisminfosec.com/wordpress-plugins-ai-dentifying-chatbot-weak-spots/) a series of Issues were identified within AI related WordPress plugins:   Today, we will be looking at further vulnerability types within these plugins that don’t provide us with the same adrenaline rush as popping a shell, but clearly show how AI plugins are being rushed […]

Read full post

Why CISOs Need an Adversarial Mindset in Cybersecurity

Posted on

Chief Information Security Officers (CISOs) are tasked with safeguarding an organisation’s most valuable assets: its data, intellectual property, and reputation. The role of a CISO has evolved from being an overseer of IT security to a strategic leader who must: anticipate and mitigate complex cyber threats, act as the board’s expert in cybersecurity matters which […]

Read full post

Linux RCE – Critical Vulnerability (CVE9.9) in CUPS – Security Awareness Messaging

Posted on

An inadvertent data leak from a GitHub push update identified an RCE in the Linux Common Unix Printing System (CUPS) service, as an unauthenticated Remote Code Execution vulnerability with a CVE score of 9.9. The vulnerabilities: CUPS and cups-browsed (a service responsible for discovering new printers and automatically adding them to the system) ship with […]

Read full post

Layered Defences: Building Blocks of Secure Organisations

Posted on

Every organisation is different in terms of how it uses data, how its processes work, and how their staff conduct themselves. As a result no single security tool, deployment, implementation, or capability can protect them. Layered defences, also known as “defence in depth,” is the approach of implementing multiple layers of security controls to protect […]

Read full post

Managing Risk in Red Team Engagements

Posted on

In today’s rapidly evolving digital landscape, organizations face an ever-growing array of cyber threats. To stay ahead, many are turning to red team testing – a proactive approach where skilled cybersecurity professionals simulate real-world attacks to uncover misconfigurations, vulnerabilities, and inconsistent security behaviours. However, as with any initiative, red team testing carries its own set […]

Read full post

Understanding the Difference Between Red Teams and Penetration Testing in Cybersecurity

Posted on

Penetration Testing and Red Teaming are both valuable, important, and focussed in their own ways. Too often Penetration Tests are used to assess a system and it is a rinse and repeat of the previous year’s test results, and the organisation states that they have documented and accepted the risks often due to budgetary reasons […]

Read full post

The Value of Red Teams – Delivering Impact through Analogies

Posted on

In this blog post, we will explore how red teaming helps identify and then translate intricate technical risks into comprehensible business language, ensuring that stakeholders understand the implications and can take appropriate actions to safeguard their organisations. Understanding Red Teaming Red teaming is a structured process where cybersecurity professionals simulate real world threats to help […]

Read full post

Prism Infosec launches PULSE agile red team engagement service

Posted on

Prism Infosec, the independent cybersecurity consultancy, has announced the launch of its innovative PULSE testing service to enable organisations which may not have the bandwidth or resource to dedicate to a full-scale red team exercise to assess their defence capabilities against real-world threats. PULSE addresses the gap that currently exists between penetration testing and red […]

Read full post

WordPress Plugins: AI-dentifying Chatbot Weak Spots

Posted on

AI chatbots have become increasingly prevalent across various industries due to their ability to simulate human-like conversations and perform a range of tasks. This trend is evident in the WordPress ecosystem, where AI chatbot plugins are becoming widely adopted to enhance website functionality and user engagement. Prism Infosec reviewed the security postures of several open-source […]

Read full post

The Dark side of AI Part 2: Big brother  

Posted on

AI: Data source or data sink? The idea of artificial intelligence is not a new one. For decades, people have been finding ways to emulate the pliable nature of the human brain, with machine learning being mankind’s latest attempt. Artificial intelligence models are expected to be learn how to form appropriate responses to given set […]

Read full post

FILTER RESULTS

Latest tweets

Data #leakage is just one of numerous risks associated with #GenAI necessitating the use of an #AI #risk framework, as Phil Robinson explains via  @governance_and. #cybersecurity

We interview Phil Robinson, Principal Security Consultant and Founder at @prisminfosec, who shares his views on ethical hackers and the latest ransomware trends.

Sign up to our newsletter

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.