RiskInsight

Cybersecurity: an essential part of the Due Diligence

1 year ago
Read Time: 5 minutes
by Florian Chabre
Leave a comment

Confidential and strategic, the due diligence phase that precedes an acquisition regularly takes place behind closed doors. This phase aims to analyse the target company for an acquisition, in order to determine its level of maturity and compliance on various…

1 year ago
Read Time: 13 minutes
by Florian Pouchet, Thomas Argheria and Valentine Tauzin
Leave a comment

AI: Discover the 5 most frequent questions asked by our clients!

The dawn of generative Artificial Intelligence (GenAI) in the corporate sphere signals a turning point in the digital narrative. It is exemplified by pioneering tools like OpenAI’s ChatGPT (which found its way into Bing as “Bing Chat, leveraging the GPT-4…

1 year ago
Read Time: 8 minutes
by Christophe Berenguer, Valentin Vie and Théo Dagron
Leave a comment

CI/CD in AWS: The Solution to All Your Problems? What You Need to Know.

Integrating security directly into the configuration of CI/CD pipelines, especially through the practice of DevSecOps, enables the development of secure applications while increasing delivery frequency. This relieves pressure on security teams, which can often be a limiting factor in the…

1 year ago
Read Time: 12 minutes
by Zakariae Eljemli and Paul Fauchet
Leave a comment

Cybersecurity, a new challenge for the digital design of built assets using BIM

On a daily basis, stakeholders within construction handle a variety of data that may be of interest to malicious parties. They are subjected to the same types of malware attacks as players in other industries (e.g. theft, espionage, phishing, etc.).…

1 year ago
Read Time: 6 minutes
by Gérôme Billois, Thomas Argheria and coraline.joly
Leave a comment

The industrialization of AI by cybercriminals: should we really be worried?

Back in 2021, a video of Tom Cruise making a coin disappear went viral. It was one of the first deepfake videos, videos that both amused and frightened Internet users. Over the years, artificial intelligence in all its forms has…

1 year ago
Read Time: 7 minutes
by Maxime Meignan
Leave a comment

A universal EDR bypass built in Windows 10

While studying internals of a mechanism used by all EDR software to get information about processes activities on Windows, we came across a way for malicious processes to disable the generation of some security events related to process interactions. This…

1 year ago
Read Time: 8 minutes
by Thomas Argheria, Pierre Aubret and Youssef Khouchaf
Leave a comment

Language as a sword: the risk of prompt injection on AI Generative

As you know, artificial intelligence is already revolutionising many aspects of our lives: it translates our texts, makes document searches easier, and is even capable of training us. The added value is undeniable, and it's no surprise that individuals and…

1 year ago
Read Time: 7 minutes
by Yoann DEQUEKER
Leave a comment

Process Injection using NtSetInformationProcess

Process injection is a family of malware development techniques allowing an attacker to execute a malicious payload into legitimate addressable memory space of a legitimate process. These techniques are interesting because the malicious payload is executed by a legitimate process…

1 year ago
Read Time: 5 minutes
by Noëmie Honoré and Caroline Boyer
Leave a comment

How to activate gamification for an impactful Cyber Month

Cyber Month is to cybersecurity awareness what the Olympics are to sports: the time to shine, with all eyes on you. Given that human-risk remains significant, with human error accounting for 82% of data breaches according to the 2022 Verizon…

1 year ago
Read Time: 7 minutes
by Perrine Viard and Victoire GAULTIER
Leave a comment

Cyber regulatory landscape: challenges and prospects

A 38% increase of cyber-attacks was estimated in 2022[1]. As this figure illustrates, the cyber threat continues to grow, and has become a major concern for businesses worldwide. To counter this growing threat and maintain digital confidence, governments have long…

Access management: how is authorisation evolving to meet the challenges and needs of organisations?

Electric Mobility – How can charging point operators secure their charging infrastructure?

AI and personal data protection: new challenges requiring adaptation of tools and procedures

Segmentation in mainframe z/OS and LPM

Practical use of MITRE ATLAS framework for CISO teams

Cybersecurity: an essential part of the Due Diligence

AI: Discover the 5 most frequent questions asked by our clients!

CI/CD in AWS: The Solution to All Your Problems? What You Need to Know.

Cybersecurity, a new challenge for the digital design of built assets using BIM

The industrialization of AI by cybercriminals: should we really be worried?

A universal EDR bypass built in Windows 10

Language as a sword: the risk of prompt injection on AI Generative

Process Injection using NtSetInformationProcess

How to activate gamification for an impactful Cyber Month