The methods underpinning the production machine learning systems are systematically vulnerable to a new class of vulnerabilities across the machine learning supply chain collectively known as Adversarial Machine Learning. Adversaries can exploit these vulnerabilities to manipulate AI systems in order…
The “Pyramid of Pain” is a cybersecurity concept that suggests that the more layers of an organization’s defenses that an attacker has to go through, the more difficult it becomes for the attacker to succeed. This is because each layer…
The Time-to-Compromise (TTC) metric is a useful tool for estimating the risk of cyber attacks and determining the effectiveness of a company’s cybersecurity measures. It allows organizations to quantify the potential harm of a security breach and make informed decisions…
The evolution of graphs and attack trees has played a significant role in the field of cybersecurity. These tools have helped security professionals to visualize and understand the complexity of cyber threats and to develop effective strategies for defending against…
Cognitive bias is a natural human phenomenon that occurs when we make judgments or decisions based on our own subjective experiences and beliefs. While this can be helpful in some situations, it can also lead to flawed reasoning and incorrect…
STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated Exchange of Indicator Information) are two important standards in the field of cyber threat intelligence. These standards are designed to facilitate the exchange of threat intelligence information between different organizations and…
Measuring the severity of a cyber threat can be a challenging task, as it involves evaluating the potential impact of an attack on an organization or individual. There are several factors that can be used to assess the level of…
Mobile devices share some architectural similarities with their desktop counterparts, but there are significant distinctions between personal computers and these portable information systems. In addition to cellular functionality, including a number of radios, modern smartphones and tablets typically include a…
The MITRE ATT&CK framework is a widely-used resource for understanding and mitigating cyber threats. It is a comprehensive matrix that categorizes and documents the tactics, techniques, and procedures (TTPs) used by attackers to compromise systems. The matrix is organized by…
