Security Defects in TPM 2.0 Spec Raise Alarm
Security defects in the Trusted Platform Module (TPM) 2.0 reference library specification expose devices to code execution attacks. The post Security Defects in TPM 2.0 Spec Raise Alarm appeared first on SecurityWeek.
Malicious package flood on PyPI might be sign of new attacks to come
Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository. If executed on a Windows system, these packages will download and install a Trojan program hosted on Dropbox. Flooding public package repositories with malicious packages is not entirely new. Last year researchers detected […]
Ransomware Attack Hits US Marshals Service
The US Marshals Service has confirmed that ransomware was deployed on one of its systems that contains sensitive law enforcement information. The post Ransomware Attack Hits US Marshals Service appeared first on SecurityWeek.
Trackd Snags $3.35M Seed Funding to Automate Vuln Remediation
Trackd, an early stage startup founded by former NSA engineer Mike Starr, has secured $3.35 million in seed funding to automate vulnerability remediation. The post Trackd Snags $3.35M Seed Funding to Automate Vuln Remediation appeared first on SecurityWeek.
How 3 Digital Champions Tackle Real-Time Data Challenges
By Thomas Been, DataStax Building data-driven, high-growth businesses takes a certain kind of roll-up-your-sleeves, determined, and smart builder who understands the importance of building a unified, foundational data architecture. We call these people Digital Champions. They’re visionaries in using real-time data and the cloud to deliver unprecedented value to their organizations and, in turn, to […]
Well-funded security systems fail to prevent cyberattacks in US and Europe: Report
Multilayered, well-funded cybersecurity systems are unable to protect enterprises in the US and Europe from cyberattacks, according to a report by automated security validation firm Pentera. The report, which was based on a survey of 300 CIOs, CISOs and security executives to get insights on their current IT and security budgets and cybersecurity validation practices, […]
Vulnerabilities Being Exploited Faster Than Ever: Analysis
The time from vulnerability disclosure to exploitation is decreasing, according to a new intelligence report from Rapid7. The post Vulnerabilities Being Exploited Faster Than Ever: Analysis appeared first on SecurityWeek.
33 New Adversaries Identified by CrowdStrike in 2022
CrowdStrike identified 33 new threat actors and campaigns in 2022, including many cybercrime groups and operations. The post 33 New Adversaries Identified by CrowdStrike in 2022 appeared first on SecurityWeek.
New ‘Exfiltrator-22’ Post-Exploitation Framework Linked to Former LockBit Affiliates
A recently identified post-exploitation framework ‘Exfiltrator-22’ uses the same C&C infrastructure as the LockBit ransomware. The post New ‘Exfiltrator-22’ Post-Exploitation Framework Linked to Former LockBit Affiliates appeared first on SecurityWeek.
Vouched Raises $6.3 Million for Identity Verification Platform
AI-driven identity verification platform Vouched has raised $6.3 million in a funding round led by BHG VC and SpringRock Ventures. The post Vouched Raises $6.3 Million for Identity Verification Platform appeared first on SecurityWeek.
‘Hackers’ Behind Air Raid Alerts Across Russia: Official
Russian authorities said that several television and radio stations that have recently broadcast air raid alerts had been breached by hackers. The post ‘Hackers’ Behind Air Raid Alerts Across Russia: Official appeared first on SecurityWeek.
Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites
A critical vulnerability in the Houzez premium WordPress theme and plugin has been exploited in the wild. The post Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites appeared first on SecurityWeek.
The CIO’s new C-suite mandate
JP Saini’s dual role as chief digital and technology officer at Sunbelt Rentals requires strategic relationships with his C-suite peers beyond just sharing a seat at the executive table. He’s also considered a strategic advisor and changemaker in the organization, and he’s often called on to speak with investors. He relies on his C-suite peers […]
Bringing the National Museum of African American History and Culture to the world
In 2022, with the pandemic subsiding, the National Museum of African American History and Culture at the Smithsonian Institution in Washington, DC, once again served more than 1 million visitors. But thanks to an inventive digital offering, called Searchable Museum, the museum has been able to reach even more. The searchable replica of the museum, […]
Economic pressures are increasing cybersecurity risks; a recession would amp them up more
Predictions on whether or when the global economy will fall into a recession continue to swirl. Even if one doesn’t hit anytime soon, economic volatility, more cautious corporate spending plans, and employee layoffs are already in play. For security chiefs, such news portends a tougher road ahead. CISOs have never had an easy time — […]
How to de-risk your digital ecosystem
Companies rightly see much promise for future revenues and productivity by building and participating in emerging digital ecosystems — but most have not given enough consideration to the risks and threats inherent in such ecosystems. According to the TCS Risk & Cybersecurity Study, cyber threats within digital ecosystems may be an enterprise blind spot. TCS […]
Everything-as-a-Service: Huawei Brings the Cloud Ecosystem Within Reach at MWC 2023
GSMA’s Mobile World Congress (MWC) 2023 in Barcelona—the largest and most influential event for connectivity—is expected to attract over 80,000 attendees from 200 countries and over 2,000 exhibitors. This year’s event will explore themes of 5G acceleration, immersive technology, open networks, fintech, and ‘Digital Everything’, encompassing intelligent solutions, Internet-of-Things, Industry 4.0, and how every industry […]
7 CIOs on building a consultative IT culture
How can we get our IT teams to be viewed as more consultative partners to the business? It’s one of the big questions I continue to hear from CIOs. While technology has changed dramatically over the past decade and become increasingly intertwined with the business’s success, many IT teams remain in order-taking mode, responding to […]
The Rome Call for AI Ethics: Should CIOs heed it?
As enterprises increasingly look to artificial intelligence (AI) to support, speed up, or even supplant human decision-making, calls have rung out for AI’s use and development to be subject to a higher power: our collective sense of right and wrong. One such entity weighing in on the need for AI ethics is the Vatican, which […]
IT spend in META region expected to grow in 2023 despite challenges
The year ahead is likely to be characterised by recessionary pressures in key global economies, increasing borrowing costs, unpredictable supply chains, oil price uncertainty, and volatile demand. Regardless of the challenges of the past few years and the hurdles ahead, digital transformation investments in the Middle East, Türkiye, and Africa (META) are set to more […]
US Electric Cooperative Association Launches Commercial OT Security Solution
The National Rural Electric Cooperative Association (NRECA) announces commercial launch of its OT cybersecurity solution. The post US Electric Cooperative Association Launches Commercial OT Security Solution appeared first on SecurityWeek.
Australian businesses need new servers to drive sustainability and innovation
Businesses are feeling growing pressure to act on climate change from all angles. However, despite data centres and transmission networks being responsible for nearly 1 per cent of energy-related greenhouse gas emissions, a new Deloitte study reports little over half (54 per cent) of businesses have converted to energy-efficient technologies. This number is concerning given […]
White House: No More TikTok on Gov’t Devices Within 30 Days
The White House is giving all federal agencies 30 days to wipe TikTok off all government devices. The post White House: No More TikTok on Gov’t Devices Within 30 Days appeared first on SecurityWeek.
How Blacks in Technology Foundation is ‘stomping the divide’
When Greg Greenlee joined the IT industry in 2008, the lack of representation of Black IT professionals among attendees and speakers at tech conferences and events was readily apparent. “It wasn’t a thing where I was made to feel out of place or that I did not belong,” Greenlee says, but it did make him […]
Ukraine IT’s unparalleled resilience
On the morning of Feb. 24, 2022, Russia invaded Ukraine, escalating a years-long conflict between the two countries. In the year since those first pre-dawn attacks, hundreds of thousands of troops and civilians have been wounded or killed, millions of Ukrainians have been displaced, and cities have been shattered. The previously rapidly growing IT industry […]
LastPass Says DevOps Engineer Home Computer Hacked
LastPass DevOp engineer’s home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. The post LastPass Says DevOps Engineer Home Computer Hacked appeared first on SecurityWeek.
Cyberattack on Boston Union Results in $6.4M Loss
A cyberattack on the Boston-based Pipefitters Local 537 union’s health fund resulted in the loss of $6.4 million. The post Cyberattack on Boston Union Results in $6.4M Loss appeared first on SecurityWeek.
Germany plans new visa aimed at attracting more Indian tech workers
The German government has announced plans to make it easier for IT workers from India to obtain work visas in Germany. While visiting Bengaluru, the center of India’s tech sector, German Chancellor Olaf Scholz held a televised press conference Sunday with the country’s prime minister, Narendra Modi, where he said Germany not only wants to […]
Perspectives on how cloud computing & app development trends will take shape in 2023
We’ve entered another year where current economic conditions are pressuring organizations to do more with less, all while still executing against digital transformation imperatives to keep the business running and competitive. To understand how organizations may be approaching their cloud strategies and tech investments in 2023, members of VMware’s Tanzu Vanguard community shared their insights […]
US Sanctions Several Entities Aiding Russia’s Cyber Operations
US Department of Treasury has announced a fresh set of sanctions against entities helping Russia in the war against Ukraine. The post US Sanctions Several Entities Aiding Russia’s Cyber Operations appeared first on SecurityWeek.
US National Cyber Strategy Pushes Regulation, Aggressive Hack-Back Operations
The U.S. government is set to green-light a more aggressive ‘hack-back’ approach to dealing with foreign adversaries and mandatory regulation of critical infrastructure vendors. The post US National Cyber Strategy Pushes Regulation, Aggressive Hack-Back Operations appeared first on SecurityWeek.
‘PureCrypter’ Downloader Used to Deliver Malware to Governments
Threat actor uses the PureCrypter downloader to deliver malware to government entities in Asia-Pacific and North America. The post ‘PureCrypter’ Downloader Used to Deliver Malware to Governments appeared first on SecurityWeek.
Cybersecurity in wartime: how Ukraine's infosec community is coping
Whenever shells rain down on Ukraine, Yuriy Gatupov’s colleagues put a ‘+’ sign in a chat room. Then, the pluses are counted. “We check if everybody is alive,” he says. Gatupov, the owner of two cybersecurity companies, says it is vital to stay connected during a time of war. With Russia now controlling around 18% […]
QNAP Offering $20,000 Rewards via New Bug Bounty Program
New QNAP Systems bug bounty program covers vulnerabilities in applications, cloud services, and operating systems. The post QNAP Offering $20,000 Rewards via New Bug Bounty Program appeared first on SecurityWeek.
Cloud Security Firm Wiz Raises $300 Million at $10 Billion Valuation
Cloud security company Wiz has raised $300 million in a Series D funding round that brings the total raised by the company to $900 million. The post Cloud Security Firm Wiz Raises $300 Million at $10 Billion Valuation appeared first on SecurityWeek.
Coding for the Future of U.S. National Defense
By Hock Tan, Broadcom President & CEO Since we announced our intent to acquire VMware last year, customers have expressed to me their excitement about VMware’s momentum around cloud-native apps in its Tanzu business. Tanzu is a central part of VMware’s software portfolio and its multi-cloud strategy, and will remain that way after Broadcom’s acquisition […]
Cost still biggest driver for multicloud, study finds
Italian insurer Reale Group found itself with four cloud providers running around 15% of its workloads, and no clear strategy to manage them. “It was not a result we were seeking, it was the result of reality,” said Marco Barioni, CEO of Reale ITES, the company’s internal IT engineering services unit. Since then, Barioni has […]
Palo Alto Networks Unveils Zero Trust OT Security Solution
Palo Alto Networks introduces a new OT security solution for industrial organizations that provides visibility, zero trust and simplified operations. The post Palo Alto Networks Unveils Zero Trust OT Security Solution appeared first on SecurityWeek.
Media Giant News Corp Discloses New Details of Data Breach
News Corp says a threat group, previously linked to the Chinese government, had access to its systems for two years before the breach was discovered. The post Media Giant News Corp Discloses New Details of Data Breach appeared first on SecurityWeek.
5 top threats from 2022 most likely to strike in 2023
The threat landscape is highly diverse and attacks range in sophistication from the most basic scams to nation-state-level cyberespionage. However, companies need to prioritize their defenses against the most common threats that are likely to impact them and their employees. In its newly released annual State of Malware report, cybersecurity firm Malwarebytes selected five threats […]
What Executives Should Know About Shift-Left Security
By Zachary Malone, SE Academy Manager at Palo Alto Networks The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. Often, this lifecycle is depicted as a horizontal timeline with the conceptual and coding phases “starting” the cycle on […]
US warns of cyberattacks by Russia on anniversary of Ukraine war
The US Cybersecurity and Infrastructure Security Agency has issued an advisory urging organizations to increase cybersecurity vigilance today, the anniversary of Russia’s invasion of Ukraine, in the wake of a cyberattack against several Ukrainian government websites. “The United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow […]
Evaluation Guide: How to choose the right modern BI & analytics platform
The transition to a modern business intelligence model requires IT to adopt a collaborative approach that includes the business in all aspects of the overall program. This guide focuses on the platform evaluation and selection. It is intended for IT to use collaboratively with business users and analysts as they assess each platform’s ability to […]
Aligning security and business strategies
By Sean Duca, vice president and regional chief security officer for Asia Pacific and Japan at Palo Alto Networks Some economists predict that we could soon face a global recession. Looking at history, this does not bode well for levels of cybercrime. However, there is some evidence that macroeconomic conditions can impact cybercrime. In times […]
Securing 5G for 2023 and beyond
By Anand Oswal, Senior Vice President and GM at cyber security leader Palo Alto Networks While mobile technology has been around for decades, the current generation, 5G, is increasingly being recognized for the exciting new benefits it brings to enterprises, SMBs, and public sector organizations. Specifically, when properly secured, 5G capabilities such as ultra-high speeds, […]
We’re not bluffing: Poker and other games are good models of the autonomous enterprise
ChatGPT and other artificial intelligence tools have dominated the conversation lately. Their power to imitate human writing and art is raising concerns that machines could start replacing white-collar workers, the way they took over many blue-collar jobs in the 19th century. We at Digitate are thinking about machines’ role at work too, as we develop […]
What Executives Should Know About Shift-Left Security
By Zachary Malone, SE Academy Manager at Palo Alto Networks The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. Often, this lifecycle is depicted as a horizontal timeline with the conceptual and coding phases “starting” the cycle on […]
Equifax CTO Bryson Koehler on the CIO as product chief
Bryson Koehler, Chief Product, Data, Analytics and Technology Officer at Equifax, joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss “decision intelligence” vs. data overload, advancing ethical AI, cloud native operations and more. Watch this episode: Listen to this episode: Careers, CIO, CIO […]
Microsoft tells Exchange admins to revert previously recommended antivirus exclusions
Microsoft is advising Exchange Server administrators to remove some of the endpoint antivirus exclusions that the company’s own documentation recommended in the past. The rules are no longer needed for server stability and their presence could prevent the detection of backdoors deployed by attackers. “Times have changed, and so has the cybersecurity landscape,” the Exchange […]
Enterprises aren’t using data to make business decisions: Salesforce survey
Enterprises worldwide are not tapping the potential of their data when making critical business decisions and navigating uncertain macroeconomic conditions, according to a Salesforce survey. Nearly 67% of 10,000 business leaders polled globally are not using data to set pricing in line with economic conditions such as inflation, according to the Untapped Data Research survey. […]
A Year of Conflict: Cybersecurity Industry Assesses Impact of Russia-Ukraine War
On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact. The post A Year of Conflict: Cybersecurity Industry Assesses Impact of Russia-Ukraine War appeared first on SecurityWeek.
Edgio adds advanced DDoS protection with other WAAP enhancements
Content delivery network (CDN) service provider Edgio has added a new Distributed Denial of Service (DDoS) scrubbing ability along with improved Web Application and API Interface (WAAP) to its network security offering. Designed to reduce severe damages from sophisticated DDoS attacks, Edgio’s scrubbing solution impersonates the customer’s network by routing the customer’s IP traffic through […]
11 Countries Take Part in Military Cyberwarfare Exercise
750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe. The post 11 Countries Take Part in Military Cyberwarfare Exercise appeared first on SecurityWeek.
Fortinet Shares Clarifications on Exploitation of FortiNAC Vulnerability
Fortinet provides clarifications following ‘sensationalized reports’ related to exploitation attempts targeting the FortiNAC vulnerability CVE-2022-39952 The post Fortinet Shares Clarifications on Exploitation of FortiNAC Vulnerability appeared first on SecurityWeek.
5 measures to gauge your digital portfolio maturity
The motivations to digitize client-facing solutions vary but are often both push and pull: a push from your organization to grow revenues, gain competitive advantage, and further differentiate products and services, and a pull by the market looking for the latest technologies such as AI/ML, AR/VR, and digital twins for immediate business benefit. When WGI […]
Product-based IT fuels Lufthansa’s digital CX transformation
Like many airlines, Lufthansa Group had its business upended by the COVID-19 pandemic. By April 2020, with travel bans proliferating, the airline suffered losses of €1 million per hour. Thomas Rückert, senior vice president and CIO of Lufthansa Group, says those early days of the pandemic laid bare that the airline’s digital solutions were not […]
Ransomware Attack Forces Produce Giant Dole to Shut Down Plants
Dole was forced to shut down systems in North America due to a ransomware attack, which has reportedly led to salad shortages in some grocery stores. The post Ransomware Attack Forces Produce Giant Dole to Shut Down Plants appeared first on SecurityWeek.
Introducing the CIO Tech Talk Community
At Foundry, we work hard to bring you a range of premier content and websites and strive to stay in touch with the changing needs of our audience. We proudly announce the launch of the CIO Tech Talk Community, an exclusive online community brought to you by Foundry (publisher of CIO, CSO, Computerworld, InfoWorld, Network World, […]
Companies urged to patch critical vulnerability in Fortinet FortiNAC
Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible. FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual […]
Introducing the CIO Tech Talk Community
We proudly announce the launch of the CIO Tech Talk Community, an exclusive online community brought to you by Foundry (publisher of CIO, CSO, Computerworld, InfoWorld, Network World, and other technology sites). The CIO Tech Talk Community is a safe and trusted environment to share stories, best practices, and conversations, and network with peers and industry thought […]
Puerto Rico draws business owners and investors alike through its Impeller investment platform
Puerto Rico has a lot going for it. Sixty percent of its university graduates hold a STEM degree, giving it the sixth highest availability of scientists and engineers in the world. The workforce is almost entirely bilingual, and in Latin America and the Caribbean the island is first in higher education and second in digital […]
Debunking conventional wisdom: increased security improves performance and customer experience
Conventional wisdom says businesses must balance the cost of security with user experience—implying that security is a tax on digital interactions. Conventional wisdom appears to be outdated. According to Foundry, the need for improvements in cybersecurity was cited as the No. 1 reason for the increase in tech budgets this year. Further, CEOs’ top priorities […]
KIO Networks Spain: Empowering Enterprises in Spain and Beyond to Achieve Real Sustainability in the Cloud
With the most advanced tier IV data center in Spain, and one of the most advanced in Europe, KIO Networks Spain provides a diverse array of private-sector and public-sector enterprises with Infrastructure-as-a-Service for mission-critical systems and applications. The company also offers a diverse array of cloud solutions and services. Some of the many offerings in […]
At least one open source vulnerability found in 84% of code bases: Report
At a time when almost all software contains open source code, at least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers at application security company Synopsys. In addition, 48% of all code bases analyzed by Synopsys researchers contained high-risk vulnerabilities, which are those that […]
3 reasons why every real-time application needs AI
By Bryan Kirschner, Vice President, Strategy at DataStax Imagine getting a recommendation for the perfect “rainy Sunday playlist” midway through your third Zoom meeting on Monday. Or a receiving text about a like-for-like substitute for a product that was out of stock at your preferred e-commerce site 10 minutes after you’d already paid a premium […]
CIO Leadership Live with MTF Finance Chief Technology Officer Dan Wilkinson
MTF Finance Chief Technology Officer Dan Wilkinson on why transformation needs an ignition point, how to change mindsets to embrace doing things differently, and the challenges that lie ahead as MTF acquires new businesses. Watch the episode: CIO Leadership Live
Darktrace launches AI-driven vulnerability detection, alert system Newsroom
AI-focused cybersecurity vendor Darktrace has announced the release of Newsroom, a new detection and warning system for critical vulnerabilities that uses open-source intelligence (OSINT) sources to identify threats posed to businesses. Newsroom leverages deep and AI-assisted knowledge of a customer’s external attack surface to gauge its exposure to detected vulnerabilities and provides a summary of […]
Cybersecurity VC Funding Topped $18 Billion in 2022: Report
Over 1,000 cybersecurity funding announcements were made in 2022, and startups raised $79 billion across more than 4,200 deals since 2018. The post Cybersecurity VC Funding Topped $18 Billion in 2022: Report appeared first on SecurityWeek.
Stealthy Mac Malware Delivered via Pirated Apps
Cybercriminals are delivering stealthy cryptojacking malware to Macs using pirated apps and they could use the same method for other malware. The post Stealthy Mac Malware Delivered via Pirated Apps appeared first on SecurityWeek.
Stress pushing CISOs out the door
Nearly half of CISOs will change jobs by 2025 due to stress caused by the risk of being breached while trying to retain staff, according to the Gartner report, Predicts 2023: Cybersecurity Industry Focuses on the Human Deal. The research firm found that the stressors of the cybersecurity world make the job of a cybersecurity […]
Russian Accused of Developing NLBrute Malware Extradited to US
A Russian malware developer behind the NLBrute brute-forcing tool has been extradited to the United States from Georgia. The post Russian Accused of Developing NLBrute Malware Extradited to US appeared first on SecurityWeek.
TikTok Banned From EU Commission Phones Over Cybersecurity
The European Union’s executive branch has banned TikTok from phones used by employees as a cybersecurity measure, reflecting widening worries over the Chinese-owned video app. The post TikTok Banned From EU Commission Phones Over Cybersecurity appeared first on SecurityWeek.
Webinar Today: Building Sustainable OT Cybersecurity Programs
Join this webinar to gain clear advice on the people, process and technology considerations that must be made at every stage of an OT security program’s lifecycle. The post Webinar Today: Building Sustainable OT Cybersecurity Programs appeared first on SecurityWeek.
How CIOs overcome the challenges of leading IT in smaller cities
Most enterprises globally are based in metropolitan regions because of their inherent advantages of good infrastructure and diverse customer base. But certain businesses such as manufacturing facilities and educational institutions may be in smaller cities due to cheaper land prices, government subsidies, proximity to raw materials, and lower salaries, among other reasons. While these are […]
5 hot IT budget investments — and 2 going cold
The economy may be looking uncertain, but technology continues to drive the business and CIOs are investing big in 2023. At the same time, they are defunding technologies that no longer contribute to business strategy or growth. It’s not a stretch to say that across the board, CIOs are continuing to invest in some form […]
Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch
Hackers started exploiting the Fortinet FortiNAC vulnerability CVE-2022-39952 the same day a PoC exploit was released. The post Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch appeared first on SecurityWeek.
Cisco Patches High-Severity Vulnerabilities in ACI Components
Cisco has patched DoS and CSRF vulnerabilities in the Application Policy Infrastructure Controller (APIC) and Nexus 9000 series switches. The post Cisco Patches High-Severity Vulnerabilities in ACI Components appeared first on SecurityWeek.
Why you can’t ignore cloud security
Over the past few years, enterprises across Australia have moved more and more of their systems and applications to the cloud, with the trend only gathering pace with people increasingly working outside the traditional network perimeter, often at home and other locations. Throughout 2022, several large enterprises, including NAB, doubled-down on their cloud migration plans, […]
Cyberattacks hit data centers to steal information from global companies
Cyberattacks targeting multiple data centers in several regions globally have been observed over the past year and a half, resulting in exfiltration of information pertaining to some of the world’s biggest companies and the publishing of access credentials on the dark web, according to cybersecurity company Resecurity. “Malicious cyber activity targeting data center organizations creates […]
How to Build ROI from Cloud Migration
Organizations are racing to modernize their legacy technology, architecture, infrastructure, and databases. Modernization often revolves around cloud migration. But not every approach provides the same ROI. Before committing to a migration strategy, organizations must identify the best approach for their business requirements. Each approach comes with its own benefits, time commitments, and cost. This whitepaper […]
5 top threats from 2022 most likely to strike in 2023
The threat landscape is highly diverse and attacks range in sophistication from the most basic scams to nation-state-level cyberespionage. However, companies need to prioritize their defenses against the most common threats that are likely to impact them and their employees. In its newly released annual State of Malware report, cybersecurity firm Malwarebytes selected five threats […]
Konica Minolta’s cloud play is crucial for office comeback
Aside from commercial real estate dealers, office equipment vendors were among the hardest hit by the massive office evacuation following the pandemic. But the death of the office was much exaggerated, say some affected CIOs, who point to an increasing number of corporate mandates for employees to return to the office for at least three […]
10 ways to accelerate digital transformation
The pandemic-era push to quickly boost digital touchpoints and services proved that transformation can happen fast. That has left a lasting legacy: Even as the pandemic recedes, enterprise executives continue to expect CIOs and their IT departments to deliver transformative capabilities at a rapid-fire pace. If you think you’re keeping up, think again: One recent […]
Driving Business Agility on Microsoft Cloud with a Cloud Center of Excellence (CoE)
Even as cloud spend is set to grow at a CAGR of 16.9% and surpass $1.3 trillion by 2025, the transformation journey is riddled with challenges, such as security, governance, compliance, economics, and resourcing. A cloud center of excellence (CoE) in an enterprise can make a big difference in the return on cloud investments. Cloud […]
Entitle debuts with automated SaaS permissions-management application
Cloud-based permissions management startup Entitle debuted Wednesday with the launch of its namesake SaaS-based application, designed to automate access requests and solve the problem of what it calls the “entitlement sprawl” faced by corporations. Enterprise security teams are confronted with an overwhelming amount of permission requests, the Israel-based company said. “We saw that permission management […]
Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017
Intel paid out more than $935,000 through its bug bounty program in 2022, but found over half of the vulnerabilities internally. The post Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017 appeared first on SecurityWeek.
Expat CIOs: IT leaders broaden horizons with global experiences
For many IT leaders, taking on an IT opportunity abroad can be a boon for career and life experience alike. When Richard Ventre got an opportunity to move to India from the Netherlands, he latched on to it. “We live in a world that is more global than ever before and it is important to […]
Why Ruby Life CISO George Al Koura puts people first
Beyond one’s own personal relationships, opinions on how others conduct theirs are usually none of anyone’s business. But when it comes to actual business, George Al Koura, CISO of online dating company Ruby Life, has built a career on how long-term success depends on building team cohesion within the organization, and elevating the relationship with […]
Google Paid Out $12 Million via Bug Bounty Programs in 2022
Google rewarded over 700 researchers in 2022 for contributions to its bug bounty program, with the highest single payout at $605,000. The post Google Paid Out $12 Million via Bug Bounty Programs in 2022 appeared first on SecurityWeek.
Straumann Group is transforming dentistry with data, AI
Straumann Group’s Sridhar Iyengar has a bold mission: To transform the nearly 70-year-old company’s data and technology organization into a data-as-a-service provider for the global manufacturer and supplier of dental implants, prosthetics, orthodontics, and digital dentistry — and to provide business stakeholders machine learning (ML) as a service as well. “My vision is that I […]
CI&TO Abhi Dhar on embracing challenges and growing IT leaders
Abhi Dhar has had a rich career journey, from serving as chief digital officer of a Fortune 50 company to co-founding a tech startup. In his current role as executive vice president and chief information and technology officer at TransUnion, he’s responsible for all aspects of the company’s technology, including strategy, security, applications, operations, infrastructure, […]
Twinings tech chief stirs up the IT department
As the chief business transformation and technology officer at Twinings Ovaltine (TwO), some might imagine Sandeep Seeripat’s role to be the epitome of what a senior technology executive should be, with a remit beyond IT operations, an authoritative voice in the boardroom and a reporting line straight to the CEO. But it hasn’t always been […]
Salesforce certification guide: Roles, paths, exams, cost, training, requirements
Salesforce skills are among the most sought-after in the IT industry and demand is soaring. The most performant CRM system today, Salesforce is a core technology for digital business, and its associated applications and ecosystem help make it in a leading platform for those seeking a lucrative IT career. Salesforce certification is an excellent path […]
Bridging the IT leadership gender gap
The ‘broken rung’ has long restricted women from achieving managerial positions in IT, and the latest joint LeanIn.org and McKinsey Women in the Workplace report finds underrepresentation in leadership roles is still a problem, and more so for women of color. Teradyne CIO Shannon Gath, who has a passion for helping women in STEM leadership […]
What Heineken’s CIO is brewing for better connectivity
As a 159-year-old family business, Dutch brewing company Heineken owes its longevity to a steady stream of innovation. Founded by entrepreneur Gerard Adriaan Heineken in 1864, who sought to renovate an old brewery in the center of Amsterdam, the beer company that would later bear his name has become synonymous with Dutch beer, readily recognizable […]
Editor’s note: Behind our new look
If there’s a common thread in CIO.com’s editorial coverage when it comes to transformation, it’s that coping with change is often the hardest part. But CIOs who have successfully led IT transformations say that embracing change can be richly rewarding—especially when the change is so obviously for the better. In a recent interview with CIO.com […]
What is Traffic Light Protocol? Here's how it supports CISOs in sharing threat data
Traffic Light Protocol (TLP) was created to facilitate greater sharing of potentially sensitive threat information within an organization or business and to enable more effective collaboration among security defenders, system administrators, security managers, and researchers. TLP grew out of efforts by various public-sector security incident response teams of various nations that began sharing security alerts. […]
Backdoor deployment overtakes ransomware as top attacker action
Deployment of backdoors on networks was the top action attackers made in almost a quarter of all incidents remediated in 2022. A spike in the use of the multi-purpose Emotet malware early in the year was the main culprit of this increase, accounting for 47% of backdoors deployed throughout the year, according to IBM Security […]
R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor
Hackers have been exploiting a vulnerability tracked as CVE-2022-36537 to hack hundreds of R1Soft servers. The post R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor appeared first on SecurityWeek.
Entitle Nabs $15M Seed Funding for Cloud Permissions Management Tech
Glilot Capital Partners leads a seed-round of funding for Entitle, an Israeli startup tackling entitlement sprawl in the enterprise. The post Entitle Nabs $15M Seed Funding for Cloud Permissions Management Tech appeared first on SecurityWeek.
Metomic Lands $20 Series A for Data Security Platform
Evolution Equity Partners leads a new venture capital raise by the early-stage British data security startup. The post Metomic Lands $20 Series A for Data Security Platform appeared first on SecurityWeek.
CISA Warns of Two Mitel Vulnerabilities Exploited in Wild
CISA has added two Mitel MiVoice Connect vulnerabilities to its known exploited vulnerabilities catalog and instructed federal agencies to patch them within three weeks. The post CISA Warns of Two Mitel Vulnerabilities Exploited in Wild appeared first on SecurityWeek.
VMware Plugs Critical Carbon Black App Control Flaw
VMware issues a critical fix for a vulnerability that allows hacker to gain full access to the underlying server operating system. The post VMware Plugs Critical Carbon Black App Control Flaw appeared first on SecurityWeek.
Alcatraz AI streamlines facial recognition access control with mobile update
Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration. The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics […]
Register Now: Attack Surface Management Summit – Feb. 22
In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing. The post Register Now: Attack Surface Management Summit – Feb. 22 appeared first on SecurityWeek.
Enterprise Blind Spots and Obsolete Tools – Security Teams Must Evolve
The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. The post Enterprise Blind Spots and Obsolete Tools – Security Teams Must Evolve appeared first on SecurityWeek.
DNA Diagnostic Center fined $400,000 for 2021 data breach
DNA Diagnostics Center, a DNA testing company, will pay a penalty of $400,000 to the attorneys general of Pennsylvania and Ohio for a data breach in 2021 that affected 2.1 million individuals nationwide, according to a settlement deal with the states’ attorneys general. The company will also be required to implement improvements to its data security, including […]
Cyber arms race, economic headwinds among top macro cybersecurity risks for 2023
Despite the billions of dollars poured annually into cybersecurity by investors, organizations, academia, and government, adequate and reliable cybersecurity remains an ever-elusive goal. The technological complexity and growing attack surface, along with a growing array of threat actors and increased interconnectivity, make securing digital systems and assets a perennial pipedream. Chief among the challenges for […]
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm
The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks. The post AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm appeared first on SecurityWeek.
Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities
Apple has updated its security advisories to add new iOS and macOS vulnerabilities, including ones belonging to a new class of bugs. The post Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities appeared first on SecurityWeek.
Why CISOs change jobs
Being a CISO is a hard job. You must constantly balance business, technology, and regulatory requirements against things like employee and adversary behavior. You can be a superstar, build a world-class cybersecurity program, and follow best practices, providing exceptional protection for the organization. Despite this excellence, a single employee can click on a malicious web […]
10 dark web monitoring tools
The dark web is the place where every CISO hope their company’s data will not end up. It consists of sites that are not indexed by popular search engines such as Google, and the dark web includes marketplaces for data usually obtained as a result of a cyberattack such as compromised user accounts, identity information, […]
HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance
HardBit ransomware operators want to work with victims to negotiate a ransom behind the back of cyberinsurance companies. The post HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance appeared first on SecurityWeek.
Three-quarters of businesses braced for ‘serious’ email attack this year
IT security leaders at three-out-of-four global businesses expect an email-borne attack will have serious consequences for their organization in the coming year, with the increasing sophistication of attacks a top concern, according to the 2023 State of Email Security (SOES) report. Businesses’ use of email is increasing, with 82% of companies reporting a higher volume […]
Scrut Automation Raises $7.5 Million for GRC Platform
India-based Scrut Automation has raised money to improve its risk observability and compliance automation platform and expand its presence in the US. The post Scrut Automation Raises $7.5 Million for GRC Platform appeared first on SecurityWeek.
Twitter Shuts Off Text-Based 2FA for Non-Subscribers
Twitter started a security ruckus over the weekend with the sudden decision to turn off text message/SMS method of two-factor authentication (2FA) for non-subscribers. The post Twitter Shuts Off Text-Based 2FA for Non-Subscribers appeared first on SecurityWeek.
GoDaddy connects a slew of past attacks to a multiyear hacking campaign
Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an […]
Coinbase Attack Linked to Group Behind Last Year’s Twilio, Cloudflare Hacks
Coinbase was recently targeted in a sophisticated phishing attack and the cryptocurrency exchange linked the hack to the 0ktapus group. The post Coinbase Attack Linked to Group Behind Last Year’s Twilio, Cloudflare Hacks appeared first on SecurityWeek.
New Samsung Message Guard Protects Mobile Devices Against Zero-Click Exploits
Samsung’s Message Guard provides a sandbox designed to protect phones and tablets against zero-click exploits. The post New Samsung Message Guard Protects Mobile Devices Against Zero-Click Exploits appeared first on SecurityWeek.
7 reasons to avoid investing in cyber insurance
With cyberattacks rising at an alarming rate around the world, cyber insurance has become an increasingly popular layer of protection for businesses across all sectors. However, despite its clear appeal as a means of supporting and augmenting cyber risk management, insurance might not be the right fit for all companies in every circumstance. In fact, […]
GoDaddy connects a slew of past attacks to a multi-year hacking campaign
Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an […]
Cybersecurity M&A Roundup for February 1-15, 2023
Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023. The post Cybersecurity M&A Roundup for February 1-15, 2023 appeared first on SecurityWeek.
Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb
Fortinet releases 40 security advisories to inform customers about patches, including for critical code execution vulnerabilities in FortiNAC and FortiWeb. The post Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb appeared first on SecurityWeek.
GoDaddy Says Recent Hack Part of Multi-Year Campaign
GoDaddy recently discovered a hacker attack where a sophisticated threat group infected websites and servers with malware. The post GoDaddy Says Recent Hack Part of Multi-Year Campaign appeared first on SecurityWeek.
Spain Orders Extradition of British Alleged Hacker to U.S.
Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates. The post Spain Orders Extradition of British Alleged Hacker to U.S. appeared first on SecurityWeek.
EU parliamentary committee says 'no' to EU-US data privacy framework
Progress on ratifying the Trans-Atlantic Data Policy Framework hit a snag, as a parliamentary committee rejected a draft decision to adopt the pact, saying it did not comply with the EU’s GDPR privacy regulations.
New Mirai botnet variant V3G4 targets Linux servers, IoT devices
A new variant of Mirai — the botnet malware used to launch massive DDoS attacks —has been targeting 13 vulnerabilities in IoT devices connected to Linux servers, according to researchers at Palo Alto Network’s Unit 42 cybersecurity team. Once the vulnerable devices are compromised by the variant, dubbed V3G4, they can fully controlled by attackers […]
Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks
Malwarebytes warns of a remote code execution vulnerability impacting Arris G2482A, TG2492, and SBG10 routers, which have reached end-of-life (EOL). The post Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks appeared first on SecurityWeek.
Security Experts Warn of Foreign Cyber Threat to 2024 Voting
Top state election and cybersecurity officials warned about threats posed by Russia and other foreign adversaries ahead of the 2024 elections The post Security Experts Warn of Foreign Cyber Threat to 2024 Voting appeared first on SecurityWeek.
‘Frebniis’ Malware Hijacks Microsoft IIS Function to Deploy Backdoor
The Frebniis malware abuses a Microsoft IIS feature to deploy a backdoor and monitor all HTTP traffic to the system. The post ‘Frebniis’ Malware Hijacks Microsoft IIS Function to Deploy Backdoor appeared first on SecurityWeek.
EU Organizations Warned of Chinese APT Attacks
ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union. The post EU Organizations Warned of Chinese APT Attacks appeared first on SecurityWeek.
SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities
SolarWinds advisories describe multiple high-severity vulnerabilities that a Platform update will patch by the end of February. The post SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities appeared first on SecurityWeek.
Data Security Startup CommandK Raises $3 Million in Seed Funding
CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data. The post Data Security Startup CommandK Raises $3 Million in Seed Funding appeared first on SecurityWeek.
Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023
White hat hackers received $180,000 at Pwn2Own Miami 2023 for exploits targeting widely used ICS products. The post Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023 appeared first on SecurityWeek.
Atlassian Investigating Security Breach After Hackers Leak Data
A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy. The post Atlassian Investigating Security Breach After Hackers Leak Data appeared first on SecurityWeek.
How Ukraine War Has Shaped US Planning for a China Conflict
A look at some of the lessons from the Ukraine war and how they could apply to a Taiwan conflict. The post How Ukraine War Has Shaped US Planning for a China Conflict appeared first on SecurityWeek.
Malware authors leverage more attack techniques that enable lateral movement
A new study of over a half-million malware samples collected from various sources in 2022 revealed that attackers put a high value on lateral movement, incorporating more techniques that would allow them to spread through corporate networks. Several of the most prevalent tactics, as defined by the MITRE ATT&CK framework, that were identified in the […]
Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk
The evolution of cybercrime is weighing heavily on digital forensics and incident response (DFIR) teams, leading to significant burnout and potential regulatory risk. That’s according to the 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions. The firm surveyed 492 DFIR professionals in North America and Europe, the Middle […]
Published XIoT Vulnerabilities Trend Down, but Vigilance Must Remain High: Report
While the total number of new XIoT vulnerabilities is reducing, the difficulty in securing these devices remains high – especially in OT situations. The post Published XIoT Vulnerabilities Trend Down, but Vigilance Must Remain High: Report appeared first on SecurityWeek.
Chris Inglis Steps Down as US National Cyber Director
The former NSA deputy director Chris Inglis was picked 17 months ago to be President Joe Biden’s top advisor on cybersecurity issues. The post Chris Inglis Steps Down as US National Cyber Director appeared first on SecurityWeek.
Firefox Updates Patch 10 High-Severity Vulnerabilities
Mozilla releases Firefox 110 and Firefox ESR 102.8 with patches for 10 high-severity vulnerabilities. The post Firefox Updates Patch 10 High-Severity Vulnerabilities appeared first on SecurityWeek.
BEC groups are using Google Translate to target high value victims
Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide. The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, […]
Mirai Variant V3G4 Targets 13 Vulnerabilities to Infect IoT Devices
A recent variant of the Mirai malware has been observed targeting 13 IoT vulnerabilities to ensnare devices into a botnet. The post Mirai Variant V3G4 Targets 13 Vulnerabilities to Infect IoT Devices appeared first on SecurityWeek.
How automation in CSPM can improve cloud security
With the rapid growth and increasing complexity of cloud environments, organizations are increasingly at risk from various security threats. Cloud security posture management (CSPM) is a process that helps organizations continuously monitor, identify, and remediate security risks in the cloud. The use of automation in CSPM is crucial to ensuring the security and compliance of […]
Critical Vulnerability Patched in Cisco Security Products
Cisco updates endpoint, cloud, and web security products to address a critical vulnerability in third-party scanning library ClamAV. The post Critical Vulnerability Patched in Cisco Security Products appeared first on SecurityWeek.
Surge in ESXiArgs Ransomware Attacks as Questions Linger Over Exploited Vulnerability
Hundreds of new servers were compromised in the past days as part of ESXiArgs ransomware attacks, but it’s still unclear which vulnerability is being exploited. The post Surge in ESXiArgs Ransomware Attacks as Questions Linger Over Exploited Vulnerability appeared first on SecurityWeek.
Funding Societies’ Shakthi Priya Kathirvelu on overcoming challenges in securing fintech startups
Shakthi Priya Kathirvelu – Vice President and Head of Information Security and IT at Funding Societies | Modalku Group – joins Xiou Ann Lim for this CSO Executive Sessions interview. They discuss the challenges of securing fintech firms, cultivating a good cybersecurity culture, and more. To read this article in full, please click here
Security tool adoption jumps, Okta report shows
A report from identity and access management (IAM) vendor Okta says that zero trust and new types of security tooling are in increasingly widespread use, as businesses tackle a changing security landscape.
5 biggest risks of using third-party services providers
As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work that would otherwise require significant effort and potentially drain in-house resources to those who can do […]
Cybersecurity startup Oligo debuts with new application security tech
Israel-based startup Oligo Security is exiting stealth mode with the public launch of its namesake software, offering a new wrinkle in library-based application security monitoring, observability, and remediation. Utilizing a technology called extended Berkeley Packet Filter (eBPF), it is able to provide agentless security coverage for open source code. Given the prevalence of open source […]
China-based cyberespionage actor seen targeting South America
China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team. The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday. DEV-0147’s attacks in South America included post-exploitation activity involving […]
Ransomware Attack Pushes City of Oakland Into State of Emergency
The city of Oakland, California issued a local state of emergency as a result of the impacts from a ransomware attack. The post Ransomware Attack Pushes City of Oakland Into State of Emergency appeared first on SecurityWeek.
PE Firm Francisco Partners to Take Sumo Logic Private in $1.7B Deal
Private equity firm Francisco Partners is acquiring cloud monitoring, log management and SIEM solutions provider Sumo Logic. The post PE Firm Francisco Partners to Take Sumo Logic Private in $1.7B Deal appeared first on SecurityWeek.
Mentoring tomorrow’s Black IT leaders
Daryl Hammett saw the continued underrepresentation of Black leaders across industries — tech in particular — and decided to take action. Hammett, general manager of global demand and operations at Amazon Web Services, in 2022 founded Enable, a mentoring and leadership program that creates “an environment where Black leaders could know that they are not […]
Splunk Enterprise Updates Patch High-Severity Vulnerabilities
Splunk updates for Enterprise products resolve multiple high-severity vulnerabilities, including several in third-party packages. The post Splunk Enterprise Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Descope launches authentication and user management SaaS
Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants […]
Dozens of Vulnerabilities Patched in Intel Products
Intel has released patches for multiple critical- and high-severity vulnerabilities across its product portfolio. The post Dozens of Vulnerabilities Patched in Intel Products appeared first on SecurityWeek.
Russian Businessman Guilty in Hacking, Insider Trade Scheme
Vladislav Klyushin was found guilty on all charges against him, including wire fraud and securities fraud, after a two-week trial in federal court in Boston. The post Russian Businessman Guilty in Hacking, Insider Trade Scheme appeared first on SecurityWeek.
Oligo Security Exits Stealth with $28M for AppSec, Open Source Security
Israeli startup Oligo Security raises $28 million to build technology to detect and mitigate open source code vulnerabilities. The post Oligo Security Exits Stealth with $28M for AppSec, Open Source Security appeared first on SecurityWeek.
ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric
Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories. The post ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric appeared first on SecurityWeek.
Recently Patched IBM Aspera Faspex Vulnerability Exploited in the Wild
A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks. The post Recently Patched IBM Aspera Faspex Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Descope Targets Customer Identity Market with Massive $53M Seed Round
Descope raises an abnormally large $53 million seed-stage funding round for technology in the customer identity and authentication space. The post Descope Targets Customer Identity Market with Massive $53M Seed Round appeared first on SecurityWeek.
Bijoy Sagar on driving digital transformation at Bayer and beyond
Bayer is using drones to collect farming data across 80 million acres and satellite data to predict soil moisture down to the square meter. These are just two examples in a transformation that is impacting every part of the business and all 100,000 employees, as undertaken under the helm of Bijoy Sagar, the multinational’s chief […]
8 signs you’ve mistimed a major IT initiative
Planning and launching a major IT initiative can be a CIO’s biggest challenge. Everything has to go right: the technology, the goals, the financial platform, and most important of all, the timing. Launch an initiative too soon and the technology may be premature and flawed. On the other hand, failing to start the project a […]
Defending against attacks on Azure AD: Goodbye firewall, hello identity protection
Not too long ago, guarding access to the network was the focal point of defense for security teams. Powerful firewalls ensured that attackers were blocked on the outside while on the inside things might get “squishy,” allowing users fairly free rein within. Those firewalls were the ultimate defense—no one undesirable got access. Until they did. […]
ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage
Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge. The post ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage appeared first on SecurityWeek.
SAP’s February 2023 Security Updates Patch High-Severity Vulnerabilities
SAP has released 21 notes on February 2023 Security Patch Day, including three notes addressing high-severity vulnerabilities in SAP Start Service and BusinessObjects. The post SAP’s February 2023 Security Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps
Citrix released patches for multiple vulnerabilities in Virtual Apps and Desktops, and Workspace apps for Windows and Linux. The post Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps appeared first on SecurityWeek.
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that’s capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% […]
Zscaler to Acquire Israeli Startup Canonic Security
Zcaler plans to acquire Israeli startup Canonic Security to expand into the red-hot software supply chain security business. The post Zscaler to Acquire Israeli Startup Canonic Security appeared first on SecurityWeek.
Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days
Microsoft’s Patch Tuesday machine is humming loudly with software updates to fix at least 76 vulnerabilities in Windows and OS components. The post Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days appeared first on SecurityWeek.
Unlocking the Power of AI with a Real-Time Data Strategy
By George Trujillo, Principal Data Strategist, DataStax Increased operational efficiencies at airports. Instant reactions to fraudulent activities at banks. Improved recommendations for online transactions. Better patient care at hospitals. Investments in artificial intelligence are helping businesses to reduce costs, better serve customers, and gain competitive advantage in rapidly evolving markets. Titanium Intelligent Solutions, a global […]
2023 CCaaS Trends, Insights, and Statistics to Know
We know that the Contact Center-as-a-Service (CCaaS) market is growing; an increasing number of companies are choosing this flexible model to support their CX operations, and this will continue through 2023. Vendors are also increasingly expanding the capabilities of their CCaaS solutions and evolving them at speed. What can we expect over the next 12 months? Here’s where Avaya […]
Maximizing the Business Benefits of Multi-Cloud Adoption
Experts reveal that by 2027, cloud adoption will be mainstream, with 90% of enterprises implementing some kind of cloud strategy. What’s key is that, in the process, the cloud won’t just be a technology disruptor — it will be a business disruptor. What does this mean for your business? If you don’t tackle the challenges […]
Adobe Plugs Critical Security Holes in Illustrator, After Effects Software
Patch Tuesday: Adobe ships security fixes for at least a half dozen vulnerabilities that expose Windows and macOS users to malicious hacker attacks. The post Adobe Plugs Critical Security Holes in Illustrator, After Effects Software appeared first on SecurityWeek.
Florida Crystals concentrates SAP in hosting sweet spot
“I inherited a gift from the previous CIO,” says Florida Crystals CIO Kevin Grayling. “I had a modern S/4HANA landscape for the majority of the business.” That would have been an enviable situation for many of his contemporaries in the consumer packaged goods (CPG) industry — “Some have 20 or 30 different ERP solutions,” he […]
Open Systems launches Ontinue MDR division, new MXDR service Ontinue ION
Managed security services provider Open Systems has announced the launch of Ontinue, a new managed detection and response (MDR) division. It has also unveiled a new managed extended detection and response (MXDR) service, Ontinue ION, along with a new add-on service called Managed Vulnerability Mitigation (MVM). Ontinue ION offers advanced capabilities that enable faster detection […]
EnterpriseDB adds Transparent Data Encryption to PostgreSQL
The new Transparent Data Encryption (TDE) feature will be shipped along with the company’s enterprise version of its database.
Spanish, US Authorities Dismantle Cybercrime Ring That Defrauded Victims of $5.3 Million
Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million. The post Spanish, US Authorities Dismantle Cybercrime Ring That Defrauded Victims of $5.3 Million appeared first on SecurityWeek.
CISO Conversations: The Role of the vCISO
SecurityWeek examines the role of the virtual CISO in a conversation with Chris Bedel and Greg Schaffer. The post CISO Conversations: The Role of the vCISO appeared first on SecurityWeek.
2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged
Dragos ICS/OT Cybersecurity Year in Review 2022 report covers state-sponsored attacks, ransomware, and vulnerabilities. The post 2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged appeared first on SecurityWeek.
Expel announces MDR for Kubernetes with MITRE ATT&CK framework alignment
Security operations provider Expel has announced the general availability of Expel managed detection and response (MDR) for Kubernetes. The firm said the product enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. It has also been designed to align with the MITRE […]
GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact
Organizations hit by exploitation of the GoAnywhere MFT zero-day vulnerability CVE-2023-0669 have started coming forward. The post GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact appeared first on SecurityWeek.
Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare
Cloudflare over the weekend mitigated a record-setting DDoS attack that peaked at 71 million requests per second. The post Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare appeared first on SecurityWeek.
Pepsi Bottling Ventures Discloses Data Breach
Pepsi Bottling Ventures, the largest privately-held bottler of Pepsi-Cola products in the United States, says data was stolen from its systems following a malware attack. The post Pepsi Bottling Ventures Discloses Data Breach appeared first on SecurityWeek.
Dimension Data: Dedicated to Making the Greatest Impact on the Planet, the Economy and the Communities it Serves
Dimension Data is widely known for bold innovations and stalwart cloud solutions and services that enable enterprises to dramatically improve their businesses; now it is on mission to benefit the planet – and in the process, the communities it services and the economies it influences. Whether it is using the Internet of Things (IoT) to […]
Taking the Friction out of Work
As organisations seek to re-establish long-term working models, it’s becoming increasingly clear that business cultures must fundamentally change. To create a productive and motivated hybrid-working model, companies need to actively increase empathy, according to a recent CIO virtual roundtable entitled “Taking the Friction Out of Work”. At the forefront of this move towards a more […]
Measuring cybersecurity: The what, why, and how
A core pillar of a mature cyber risk program is the ability to measure, analyze, and report cybersecurity threats and performance. That said, measuring cybersecurity is not easy. On one hand business leaders struggle to understand information risk (because they usually are from a non-cyber background), while on the other, security practitioners get caught up […]
Apple Patches Actively Exploited WebKit Zero-Day Vulnerability
Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529. The post Apple Patches Actively Exploited WebKit Zero-Day Vulnerability appeared first on SecurityWeek.
Hackers Target Bahrain Airport, News Sites to Mark Uprising
Hackers took down the websites of Bahrain’s international airport and state news agency to mark the 12-year anniversary of an Arab Spring uprising in the small Gulf country. The post Hackers Target Bahrain Airport, News Sites to Mark Uprising appeared first on SecurityWeek.
PLC vulnerabilities can enable deep lateral movement inside OT networks
Threat groups who target operational technology (OT) networks have so far focused their efforts on defeating segmentation layers to reach field controllers such as programmable logic controllers (PLCs) and alter the programs (ladder logic) running on them. However, researchers warn that these controllers should themselves be treated as perimeter devices and flaws in their firmware […]
Mayor of London’s CDO turns smart city visions into reality
Theo Blackwell MBE, Chief Digital Officer at the London Mayor’s Office, sits down with CIO UK editor Doug Drinkwater on CIO UK Leadership Live to give a whistle-stop tour on CDO misconceptions, smart city futures, fostering local government collaboration and balancing technological innovation with digital inclusion. Watch the episode: Listen to the episode: CIO Leadership […]
CIO Leadership Live with Mandy Simpson, Chief Digital Officer at Z Energy
Mandy Simpson, Chief Digital Officer at Z Energy, on why she embraces working for high-change organisations, the need for IT teams to build up trust across the business, and why you should always go for a job that scares you a little. Watch the episode: CIO Leadership Live
Helping the Federal Government Navigate Its Multi-Cloud Future
By Brian McNeice, Vice President Federal Sales, Broadcom Software Federal government agencies in the United States must navigate a number of considerations when evaluating solutions from cloud service providers. At Broadcom, we also understand the importance of choice and flexibility when making strategic cloud investments that won’t disrupt the mission-critical daily operations of these agencies. […]
Key Pillars to Future-Proofing Your Cloud Management Strategy
The onset of the COVID-19 pandemic led many organizations to further adopt public clouds, and geopolitical conflicts have demonstrated the importance and need for sovereign clouds. Today, many organizations are already embracing or are moving to multi-cloud environments, but this multi-cloud reality does not come without its challenges. As the nature of the cloud evolves, […]
Must Read: New Trends for Digital Transformation in 2023 – Value Stream Management
For many of today’s global enterprises, it’s a struggle to adapt quickly to emerging challenges. With supply chain issues and the impending recession, digital transformation remains a pressing strategic imperative. However, key digital transformation milestones remain out of reach for far too many teams. To make real strides in each of these areas, Value Stream […]
CIO Leadership Live with Lekan Olawoye, Founder and CEO, BPTN & Obsidi
Lekan Olawoye, Founder and CEO, BPTN & Obsidi, talks about the Obsidi platform and building community and networking for Black technology professionals. To learn more about how Obsidi is working with partners to hire incredible Black talent, there’s Obsidi Recruit: https://obsidi.com/obsidi-recruit/ To join Obsidi, the URL is https://obsidi.com/ or the direct login page is: https://app.obsidi.com […]
3.3 Million Impacted by Ransomware Attack at California Healthcare Provider
The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group. The post 3.3 Million Impacted by Ransomware Attack at California Healthcare Provider appeared first on SecurityWeek.
The Lessons From Cyberwar, Cyber-in-War and Ukraine
The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question the nature of modern warfare and the role of cyber in its operation. The post The Lessons From Cyberwar, Cyber-in-War and Ukraine appeared first on SecurityWeek.
City of Oakland Hit by Ransomware Attack
The City of Oakland has disclosed a ransomware attack that impacted several non-emergency systems. The post City of Oakland Hit by Ransomware Attack appeared first on SecurityWeek.
Hackers attack Israel’s Technion University, demand over $1.7 million in ransom
Israel’s Technion University on Sunday suffered a ransomware attack, which has forced the university to proactively block all communication networks. A new group calling itself DarkBit has claimed responsibility for the attack. “The Technion is under cyber attack. The scope and nature of the attack are under investigation,” Technion University, Israel’s top public university in Haifa […]
Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT
Cybersecurity company Group-IB claims it was repeatedly targeted by a Chinese APT called Tonto Team, CactusPete, and Karma Panda. The post Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT appeared first on SecurityWeek.
SecurityWeek Cyber Insights 2023 Series
SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present new and expanded risk for cybersecurity teams in 2023 and beyond. The post SecurityWeek Cyber Insights 2023 Series appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 40 Deals Announced in January 2023
Forty cybersecurity-related M&A deals were announced in January 2023. The post Cybersecurity M&A Roundup: 40 Deals Announced in January 2023 appeared first on SecurityWeek.
Play Ransomware Group Claims Attack on A10 Networks
The Play ransomware group has claimed responsibility for a cyberattack on application delivery controller maker A10 Networks The post Play Ransomware Group Claims Attack on A10 Networks appeared first on SecurityWeek.
What is Six Sigma? Streamlining quality management
What is Six Sigma? Six Sigma is a quality management methodology used to help businesses improve current processes, products, or services by discovering and eliminating defects. The goal is to streamline quality control in manufacturing or business processes so there is little to no variance throughout. Six Sigma was trademarked by Motorola in 1993. The […]
Plan now to avoid a communications failure after a cyberattack
Responses to recent cyber breaches suggest organizations can struggle to get the message right in the midst of an incident. While managing the communications around an incident is outside the direct purview of the CISO, having an existing communications plan in place is an essential element of cyber preparedness. “Communications are a critical component of […]
US Blacklists 6 Chinese Entities Over Balloon Program
The United States on Friday blacklisted six Chinese entities it said were linked to Beijing’s aerospace programs as part of its retaliation over an alleged Chinese spy balloon that traversed U.S. airspace. The economic restrictions followed the Biden administration’s pledge to consider broader efforts to address Chinese surveillance activities and will make it more difficult […]
Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks
It’s common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial wireless IoT devices, increase the attack surface of OT networks and can provide remote attackers […]
Broadcom: 2023 Tech Trends That Transform IT
At Broadcom, we see challenges companies face first-hand, and in turn how technology trends impact the world’s largest companies. We’re sharing the top 5 predictions that you should be planning for in 2023. Stay tuned for future blogs that dive into the technology behind these predictions from Broadcom’s industry-leading experts: AI and automation will play […]
Episode 3: How one startup is removing friction (and paper) from the healthcare experience
Digital platforms and technologies are transforming healthcare by providing secure, seamless access to disjointed islands of data and siloed technology. The goal is improving the experience for both healthcare providers and their patients, which ultimately leads to better healthcare and, hopefully, better outcomes for patients. And that’s a pretty good KPI. In this episode of […]
NIST Picks Ascon Algorithms to Protect Data on IoT, Small Electronic Devices
The National Institute of Standards and Technology (NIST) has selected a group of cryptographic algorithms called Ascon as the lightweight cryptography standard to protect data flowing through IoT devices. Following a multi-year effort that included security code reviews, NIST announced the Ascon family of algorithms will soon be the standard to protect data created and […]
Siemens Drives Rise in ICS Vulnerabilities Discovered in 2022: Report
The number of vulnerabilities discovered in industrial control systems (ICS) continues to increase, and many of them have a ‘critical’ or ‘high’ severity rating, according to a new report from industrial cybersecurity firm SynSaber. The report compares the number of ICS and ICS medical advisories published by CISA between 2020 and 2022. While the number […]
Microsoft OneNote Abuse for Malware Delivery Surges
Organizations worldwide have been warned of an increase in the number of attacks abusing Microsoft OneNote documents for malware delivery. Part of the Office suite, OneNote is typically used within organizations for note taking and task management, among other operations. What makes OneNote documents an attractive target for threat actors includes the fact that they […]
Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool
A newly identified threat actor has been targeting military organizations in Pakistan with sophisticated malware, BlackBerry reports. Tracked as NewsPenguin, the adversary has been observed sending phishing emails that use the upcoming Pakistan International Maritime Expo & Conference (PIMEC-2023) as bait and which carry weaponized documents to deliver an advanced espionage tool. Running February 10-12, […]
Security Awareness Training Startup Riot Raises $12 Million
Riot Security, a startup focused on security awareness training, has secured $12 million in a Series A funding round led by San Francisco-based VC fund Base10. Riot’s SaaS-based platform provides personalized awareness programs that can be consistently sent to employees in order to foster cybersecurity culture within companies. The programs are run through an interactive […]
GoAnywhere MFT Zero-Day Exploitation Linked to Ransomware Attacks
The recent exploitation of a zero-day vulnerability in the GoAnywhere managed file transfer (MFT) software has been linked by a cybersecurity firm to a known cybercrime group that has likely attempted to exploit the flaw in a ransomware attack. On February 1, Fortra alerted GoAnywhere MFT users about a zero-day remote code injection exploit. The […]
US, South Korea: Ransomware Attacks Fund North Korea’s Cyber Operations
The United States and South Korea have issued a joint advisory on ransomware attacks on critical infrastructure that are funding North Korea’s malicious cyber activities. North Korean government-backed threat actors have been using ransomware in attacks against critical infrastructure for years, with at least two ransomware families attributed to them, namely Maui and H0lyGh0st. In […]
Documents, Code, Business Systems Accessed in Reddit Hack
Reddit on Thursday informed users that its systems were hacked as a result of what the company described as a sophisticated and highly targeted phishing attack aimed at employees. According to Reddit, the intrusion was detected on February 5. The hackers gained access to some internal documents, source code, internal dashboards and business systems. Up […]
What is predictive analytics? Transforming data into future insights
Predictive analytics definition Predictive analytics is a category of data analytics aimed at making predictions about future outcomes based on historical data and analytics techniques such as statistical modeling and machine learning. The science of predictive analytics can generate future insights with a significant degree of precision. With the help of sophisticated predictive analytics tools […]
FINRA CIO Steve Randich pushes the public cloud forward
The CIO of a regulatory agency that reports to the US Securities and Exchange Commission — one of the biggest cloud consumers in the world — has made it his mission to help other CIOs — and Amazon Web Services itself — improve cloud computing. The Financial Industry Regulatory Authority, an operational and IT service […]
Top cybersecurity M&A deals for 2023
Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the world’s biggest tech companies as predictions of recession loomed and war in Ukraine dragged on […]
Australian Defense Department to Remove Chinese-Made Cameras
Australia’s Defense Department will remove surveillance cameras made by Chinese Communist Party-linked companies from its buildings, the government said Thursday after the U.S. and Britain made similar moves. The Australian newspaper reported Thursday that at least 913 cameras, intercoms, electronic entry systems and video recorders developed and manufactured by Chinese companies Hikvision and Dahua are […]
Effective File Feed Monitoring Is Essential for Smooth Business Operations
Companies’ core systems, business applications, and hosting environments all depend on the integrity of the file feeds they process — no matter the industry. When enterprises don’t effectively monitor their file feeds, damaged files can go undetected, and serious business consequences can — and do — occur. This was the case for the U.S. Federal […]
Unifying Multi-Cloud Operations to Tackle Complexity and Control Cost
Over the last decade, many organizations have turned to cloud technologies on their journey to become a digital business. The advantages of multi-cloud are well-documented: efficiency, flexibility, speed, agility, and more. Yet without consistent, comprehensive management across all clouds – private, hybrid, public, and even edge – the intended benefits of multi-cloud adoption may backfire. […]
Glendale, Ariz., CIO Feroz Merchhiya on prepping IT for the Super Bowl
Feroz Merchhiya, CIO of the city of Glendale, Ariz., joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss the Super Bowl host city’s IT challenges, “smarter city” tech horizons, innovations in broadband & 5G, and more. Watch this episode: Listen to this episode: […]
HTML smuggling campaigns impersonate well-known brands to deliver malware
Trustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. The firm has detailed four recent HTML smuggling campaigns attempting to lure users into saving and opening malicious payloads, impersonating well-known brands such as Adobe Acrobat, Google […]
UK/US cybercrime crackdown sees 7 ransomware criminals sanctioned
A UK/US campaign to tackle international cybercrime has seen Seven Russian cybercriminals linked to a notorious ransomware group exposed and sanctioned. The sanctions were announced today by the UK’s Foreign, Commonwealth and Development Office (FCDO) alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). This follows a lengthy investigation by the […]
VMware ESXi server ransomware evolves, after recovery script released
The FBI and CISA have released a recovery script for the global ESXiArgs ransomware campaign targeting VMware ESXi servers, but the ransomware has since been updated to elude former attempts at remediation.
US, UK Slap Sanctions on Trickbot Cybercrime Gang
The US Treasury on Thursday slapped sanctions against seven Russians accused of running the notorious Trickbot cybercrime operation, freezing assets in multiple countries and imposing travel bans. The seven individuals are being blamed for a series of major ransomware attacks targeting organizations in the US and the United Kingdom and the Treasury Department said it […]
VulnCheck Raises $3.2M Seed Round for Threat Intel
VulnCheck, a Massachusetts startup with ambitious plans in the vulnerability intelligence space, has attracted $3.2 million in seed-stage funding from several prominent investors. The early-stage financing round was led by Sorensen Ventures and included equity stakes for In-Q-Tel, Lux Capital, and Aviso Ventures. Based in Lexington, Mass., VulnCheck is building technology that promises exploit intelligence […]
Google Describes Privacy, Security Improvements in Android 14
Google this week announced the availability of the first Android 14 developer preview and also shared details on some of the security and privacy improvements the platform update will bring. Expected to arrive on devices sometime in fall, Android 14 brings new features and APIs, as well as behavioral changes that might impact applications. The […]
US Says Chinese Military Behind Vast Aerial Spy Program
China’s balloon that crossed the United States was equipped to collect intelligence signals and was part of a huge, military-linked aerial spy program that targeted more than 40 countries, the Biden administration said Thursday, outlining the scope and capabilities of the huge balloon that captivated the country’s attention before being shot down. The fleet of […]
Android’s February 2023 Updates Patch 40 Vulnerabilities
Google this week announced the release of patches for 40 vulnerabilities as part of the February 2023 security updates for the Android operating system. The first part of the update arrives on devices as a 2023-02-01 security patch level and resolves a total of 17 high-severity vulnerabilities impacting components such as Framework, Media Framework, and […]
Vulnerabilities in Popular DMS Products Can Expose Sensitive Documents
Multiple cross-site scripting (XSS) vulnerabilities in popular document management system (DMS) products could allow attackers to access sensitive documents, Rapid7 reports. DMS solutions help users manage the production, storage, and distribution of documents. They may also provide collaboration capabilities and support for managing other types of files. A total of eight XSS vulnerabilities were identified […]
How to unleash the power of an effective security engineering team
Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams are typically made up of software and infrastructure engineers, architects, and product managers. The collective […]
Yes, CISOs should be concerned about the types of data spy balloons can intercept
The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit […]
Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras
Researchers have discovered a vulnerability that can be exploited by remote hackers to tamper with the timestamp of videos recorded by Dahua security cameras. The flaw, tracked as CVE-2022-30564, was discovered last year by India-based CCTV and IoT cybersecurity company Redinent Innovations. Advisories describing the vulnerability were published on Wednesday by both Dahua and Redinent. […]
Cybercrime Gang Uses Screenlogger to Identify High-Value Targets in US, Germany
A recently identified financially motivated threat actor is targeting companies in the United States and Germany with custom malware, including a screenlogger it uses for reconnaissance, Proofpoint reports. Tracked as TA866, the adversary appears to have started the infection campaign in October 2022, with the activity continuing into January 2023. As part of the campaign, […]
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware
There have been some new developments in the case of the ESXiArgs ransomware attacks, including related to the encryption method used by the malware, victims, and the vulnerability exploited by the hackers. After the US Cybersecurity and Infrastructure Security Agency (CISA) announced the availability of an open source tool designed to help some victims of […]
Coaching IT pros for leadership roles
When you’ve spent your career mastering complex technologies, stepping into a leadership role might not be the first item on your wish list. As a CIO, you’ve already made this transition. But how do you prepare others on your team for this next career step? This is one of the more challenging steps in any […]
Minister: Cybercrimes Now 20% of Spain’s Registered Offenses
Spain’s government on Wednesday pledged stronger action against cybercrime, saying it has come to account for about a fifth of all offenses registered in the country. Interior Minister Fernando Grande-Marlaska said police would be given additional staff, funding and resources to address online crime. He said reported cases of cybercrime were up 72% last year […]
Threat group targets over 1,000 companies with screenshotting and infostealing malware
Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of infected computers. Tracked as TA866 by researchers from security firm Proofpoint, the group’s tooling seems […]
Growing number of endpoint security tools overwhelm users, leaving devices unprotected
Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group. Between the ongoing influence of remote work and IoT, the number and diversity of devices that have to be managed by endpoint […]
Episode 2: How AI can help bridge the employee-employer expectations gap
Microsoft CEO Satya Nadella observed last year that every organization in every industry will need to infuse technology into every business process and function so that they can do more with less. But he wasn’t talking about working harder or longer – he was talking about the need to apply technology to augment and amplify […]
Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery
Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack […]
Spies, Hackers, Informants: How China Snoops on the US
An alleged Chinese surveillance balloon over the United States last week sparked a diplomatic furore and renewed fears over how Beijing gathers intelligence on its largest strategic rival. FBI Director Christopher Wray said in 2020 that Chinese spying poses “the greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality”. […]
Skybox Security Raises $50M, Hires New CEO
Skybox Security, a late-stage California startup in the security analytics space, has closed a $50 million financing round and hired a new chief executive. The San Jose company announced Wednesday that former Digital Guardian CEO Mordecai (Mo) Rosen will take the reins at Skybox and manage the company through a new financing round that brings […]
Surge of swatting attacks targets corporate executives and board members
At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would harm first responders, too. Groveland police chief Jeffrey Gillen summoned […]
Application Security Protection for the Masses
I’ve always found it entertaining that so many sales pitches are essentially a listing of features for the product or service being sold. The reason I find this entertaining is that for anyone who has worked on the customer side or has ever listened to customers, it is obvious that customers buy solutions, not products. […]
Chrome 110 Patches 15 Vulnerabilities
Google this week announced that the first stable release of Chrome 110 brings 15 security fixes, including 10 that address vulnerabilities reported by external researchers. Of the externally reported bugs, three are rated ‘high severity’. These include a type confusion flaw in the V8 engine, an inappropriate implementation issue in full screen mode, and an […]
Australian Man Sentenced for Scam Related to Optus Hack
Australian authorities this week announced the sentencing of a Sydney man for attempting to blackmail Optus customers using leaked data stolen during a September 2022 data breach at the wireless carrier. The Optus hack resulted in the theft of personal information belonging to 9.8 million customers, including names, birth dates, physical and email addresses, and […]
EVs: what’s light got to do with it?
Climate change is the pre-eminent issue of our present and our future. And figures suggest that our attempts at staving it off so far are falling well short. If we are to achieve a cleaner, greener future, one of the most significant overhauls will be a shift to electric vehicles (EVs). Unsurprisingly, lining our roads […]
No choice? No problem!
In 2022, the European Commission announced that it is outlawing the use of general-purpose compact fluorescent lamps (CFL). The lamps, which have been in common use for decades, had been shown to emit toxic levels of mercury. The move is a no-brainer — and authorities across other continents have either followed suit or put the […]
Siemens License Manager Vulnerabilities Allow ICS Hacking
The Siemens Automation License Manager is affected by two serious vulnerabilities that could be chained to hack industrial control systems (ICS), according to industrial cybersecurity firm Otorio. On January 10, Siemens released its first round of Patch Tuesday updates for 2023, addressing a total of 20 vulnerabilities affecting the company’s products. One of the six […]
Tor Network Under DDoS Pressure for 7 Months
For the past seven months, the Tor anonymity network has been hit with numerous distributed denial-of-service (DDoS) attacks, its maintainers announced this week. Some of the attacks have been severe enough to prevent users from loading pages or accessing onion services, the Tor Project says. Publicly released in 2003, Tor directs traffic through a global […]
Russian Admits in US Court to Laundering Money for Ryuk Ransomware Gang
Denis Mihaqlovic Dubnikov, of Russia, has admitted in a United States court to laundering cryptocurrency for the Ryuk ransomware gang. Ryuk is a file-encrypting ransomware that emerged in 2018 and which was operated by the same cybercriminals as the Trickbot botnet. In early 2021, security researchers estimated the Ryuk operation to be worth over $150 […]
UN Experts: North Korean Hackers Stole Record Virtual Assets
North Korean hackers working for the government stole record-breaking virtual assets last year estimated to be worth between $630 million and more than $1 billion, U.N. experts said in a new report. The panel of experts said in the wide-ranging report seen Tuesday by The Associated Press that the hackers used increasingly sophisticated techniques to gain access to digital networks involved […]
CISA Releases Open Source Recovery Tool for ESXiArgs Ransomware
The US Cybersecurity and Infrastructure Security Agency (CISA) has released an open source tool that could help some victims of the recent ESXiArgs ransomware attacks recover their files. The ESXiArgs ransomware attacks, first observed on February 3, involve exploitation of CVE-2021-21974, a high-severity ESXi remote code execution vulnerability that VMware patched in February 2021. Hackers […]
A Deep Dive Into the Growing GootLoader Threat
GootLoader was born from GootKit, a banking trojan that first appeared around 2014. In recent years GootKit has evolved into a sophisticated and evasive loader — and it was given a new name to reflect its new purpose in 2021. The same group is responsible for both versions of the malware, and is monitored by […]
CIOs Discuss how to Enhance the Digital Experience Across the Business
Both customer and employee experience have seen an accelerated transformation with the introduction of cloud technologies, were significantly affected by the pandemic, and now see a remarkable shift in terms of new approaches in leadership. In customer experience, the introduction of cloud-based solutions has accelerated automation and enhanced client success prediction accuracy. As a result, […]
How MaRS Discovery District’s André Allen helps nurture a hub of talent
Toronto’s MaRS Discovery District is a renowned urban innovation hub supporting ventures and startups tackling key challenges in the health, cleantech, fintech and enterprise sectors. And André Allen, MaRS’ VP of IT, chief privacy officer and CISO, is at the center of its growth, ambition, and success. “I’ve been with MaRS for just over a […]
Software project management challenges — and how to handle them
The need for efficient software development has taken on greater importance as enterprises introduce more and more digital services and add automation capabilities to enhance business processes. Managing software projects might not be at the top of CIOs’ priority lists, but it is something that IT leaders will have to master. There are plenty of […]
Patient Information Compromised in Data Breach at San Diego Healthcare Provider
San Diego healthcare services provider Sharp HealthCare is informing patients that some of their information was compromised in a recent data breach. A not-for-profit healthcare provider, Sharp operates multiple hospitals and facilities in San Diego County, has 19,000 employees and works with roughly 2,700 affiliated physicians. The incident took place on January 12, when an […]
CIO Leadership Live with Marc Hale, Chief Technology Officer, AIA NZ
Marc Hale, Chief Technology Officer, AIA NZ, on enabling healthier outcomes for customers and his approach to his own career transformation. Watch the episode: Listen to the episode: CIO Leadership Live
How to ensure security in a cloud migration
For as long as organizations have been interested in moving resources to the cloud, they’ve been concerned about security. That interest is only getting stronger as cloud usage grows – making it a perfect topic for the latest #CIOTechTalk Twitter chat. The chat brought together a host of security consultants and practitioners who weren’t shy about […]
Germany Appoints Central Bank IT Chief to Head Cybersecurity
The German government announced the appointment Tuesday of the European Central Bank’s head of IT systems to lead the national cybersecurity agency, months after her predecessor was removed following reports of possible problematic ties to Russia. Interior Minister Nancy Faeser said Claudia Plattner “brings the experience and expertise with her that we need for cybersecurity […]
OpenSSL Ships Patch for High-Severity Flaws
The OpenSSL Project on Tuesday shipped a major security update to cover at least eight documented security flaws that expose OpenSSL users to malicious hacker attacks. The most serious of the bugs, a type confusion issue tracked as CVE-2023-0286, may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read […]
Fresh start: Time to reset passwords and rethink your password management strategy
Most people have probably broken their new year’s resolutions by now, but here’s one I plan to stick with: resetting my passwords and rethinking the strategy behind password management solutions. Here’s why. If you work in information security, you already know how severe the LastPass breach of security, announced in late December 2022, was. By […]
Customer service, especially field service, helps companies outperform competitors and drive growth
In economic uncertainty, it’s natural for executives to explore where to reduce spending, trim the fat, so to speak, and cut enterprising investments as a matter of caution. But this thinking is also counter-productive for all the reasons that make uncertainty so predictable. We can expect that every company is going to react this way […]
How the UK tech industry is failing Black women
Black women in technology are burnt out and impatient with an IT industry slow to change. More than a dozen Black women working in technology roles, across a wide range of industries and at varying levels of seniority, spoke to CIO.com on the back of a British Computer Society (BCS) and Coding Black Females (CBF) […]
CIO Leadership Live with George Eapen, Group Chief Information Officer at Petrofac
Why a CISO can become a CIO: Before working for Petrofac, George Eapen spent 12 years with General Electric where he had multiple IT leadership roles. At Petrofac, Eapen was appointed CISO in 2018 and was promoted to CIO in 2020. Watch the episode: Listen to the episode: CIO Leadership Live
Mario Foster to become Al Ghurair Group group CIO
Mario Foster is an experienced CIO who has been in the industry and the region for over 15 years. Before joining Al Ghurair Group, he worked for Saeed & Mohammed Al Naboodah Group based in Dubai for almost eight years leading the digital charter of the organization by exploring the business potential of new technologies […]
Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
A patch has been released for the GoAnywhere managed file transfer (MFT) software zero-day vulnerability whose existence came to light recently. News of active exploitation emerged roughly a week ago, but details about the attacks are still not available. Fortra, known until recently as HelpSystems, alerted GoAnywhere MFT users on February 1 about a ‘zero-day […]
Vulnerability Provided Access to Toyota Supplier Management Network
A severe vulnerability in the web portal of Toyota’s global supplier management network allowed a security researcher to gain access to sensitive information. The issue was identified by US-based researcher Eaton Zveare in Toyota’s Global Supplier Preparation Information Management System (GSPIMS), a web portal that provides Toyota employees and suppliers with access to ongoing projects, […]
ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
Industrial control systems (ICS) cybersecurity company Opscura announced its launch on Tuesday with $9.4 million in Series A funding. Opscura is a new brand and the company has a new global management team, but it’s not new in the ICS cybersecurity sector. The company was founded in Spain as Enigmedia and it has been around […]
Software Supply Chain Security Firm Lineaje Raises $7 Million
Software supply chain security startup Lineaje today announced that it has raised $7 million in a seed funding round led by Tenable Ventures. Dreamit Ventures and Veear Capital also participated in the investment round, along with various angel investors. Founded in 2021, the Saratoga, California-based company helps organizations secure their software supply chain, regardless of […]
What CISOs need to know about the renewal of FISA Section 702
In our hyperconnected world, multinational organizations operate within and across multiple nation-states. Those who do business within the United States will want to keep their eye on the status of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which sets out procedures for physical and electronic surveillance and collection of foreign intelligence. Section 702 […]
VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
VMware has urged customers to take action as unpatched ESXi servers continue to be targeted in ESXiArgs ransomware attacks. Hackers are exploiting CVE-2021-21974, a high-severity ESXi remote code execution vulnerability related to OpenSLP that VMware patched in February 2021. Following successful exploitation, unidentified threat actors have deployed file-encrypting ransomware that targets virtual machines. Technical details […]
Linux Variant of Cl0p Ransomware Emerges
A Cl0p ransomware variant targeting Linux systems emerged recently, but a flaw in the encryption algorithm has already allowed for the creation of a free decryptor for it. Cl0p has been one of the most active ransomware families over the past several years, targeting numerous private and public organizations globally, in sectors such as aerospace, […]
Redefining the Role of IT in a Modern BI World
IntroductionSince its inception decades ago, the primary objective of business intelligence has been the creation of a top-down single source of truth from which organizations would centrally track KPIs and performance metrics with static reports and dashboards. This stemmed from the proliferation of data in spreadsheets and reporting silos throughout organizations, often yielding different and […]
8 steps to turning around a toxic IT culture
Despite greater emphasis on empathy and inclusivity, toxic behavior is still an issue for many IT organizations. And when toxicity takes root, friendliness, kindness, and basic civility quickly fall by the wayside, replaced by selfishness, harassment, and even outright emotional and physical abuse. Identifying and neutralizing an emerging toxic IT culture before it can begin […]
MKS Instruments falls victim to ransomware attack
Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission. MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards. An email sent […]
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition
Cybersecurity insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022. The predictions are a part of the company’s Cyber Threat Index, which was compiled using data gathered by the company’s active risk management and reduction technology, combining data from underwriting […]
Massive ransomware attack targets VMware ESXi servers worldwide
A global ransomware attack has hit thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world. The Computer Emergency Response Team of France (CERT-FR) was the first to notice and send an alert about the attack. “On February […]
Comcast Wants a Slice of the Enterprise Cybersecurity Business
Telco and media conglomerate Comcast has jumped headfirst into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace. The Philadelphia technology giant has created a new cybersecurity business unit led by former Zscaler executive Nicole Bucala to develop and sell what Comcast is describing as […]
Are SMBs invited to the business intelligence (BI) party?
Executive leaders of small businesses and startups frequently lament that they lack the same access to data and insights that enterprise competitors and other more entrenched players enjoy. Most SMBs haven’t fully adopted business intelligence (BI) analytics, citing various reasons such as a lack of scalable technology infrastructure or skilled human capital. They’re also hesitant […]
New York Attorney General Fines Vendor for Illegally Promoting Spyware
The New York Office of the Attorney General has announced punitive measures against Patrick Hinchy and 16 of the companies he owns, for illegally promoting spyware. Since 2011, Hinchy has owned and operated numerous companies, including the 16 investigated by the New York OAG, for selling and promoting spyware targeting Android and iOS devices, including […]
Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
A critical vulnerability affecting wireless communication base stations from Baicells Technologies can be exploited to cause disruption in telecom networks or take complete control of data and voice traffic, according to a researcher. Baicells Technologies is a US-based telecommunications equipment provider for 4G and 5G networks. The company says more than 100,000 of its base […]
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition
Cyber insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022. The predictions are a part of the company’s Cyber Threat Index, which was compiled using data gathered by the company’s active risk management and reduction technology, combining data from underwriting […]
Attacks targeting employees are the main cause of avoidable breaches
As many CIOs know, cyber security incidents are one of an organisation’s most significant threats. Unfortunately, these incidents have become increasingly costly and complex as technology advances rapidly. A UK study has revealed that employee-targeted attacks are the leading cause of avoidable cybersecurity incidents. The report by Tanium delves deep into the modern security landscape, […]
Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group
Microsoft’s Digital Threat Analysis Center (DTAC) has attributed a recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor. Microsoft dubbed the threat group, which calls itself Holy Souls, NEPTUNIUM. It has also been identified as Emennet Pasargad by the US Department of Justice. In January, the group claimed to […]
OPSWAT mobile hardware offers infrastructure security for the air gap
Infrastructure protection vendor OPSWAT has announced the availability of its new MetaDefender Kiosk K2100 hardware, designed to provide a mobile option for users who want the company’s media-scanning capabilities to work in the field. OPSWAT’s MetaDefender line of kiosks is designed to address a potential security weakness for critical infrastructure defended by air gaps. In […]
20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
PeopleConnect-owned background check services Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users. In individual data breach notices published on February 3, the organizations informed users that the incident was discovered after cybercriminals started sharing databases stolen from the two companies on underground forums. The databases – […]
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021 An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of 455 deals, compared to 435 in 2021. The US and UK continue to […]
Albemarle supercharges employee experience with federated automation
One of the first things Patrick Thompson (pictured) did on becoming chief information and digital transformation officer of specialty chemicals manufacturer Albemarle in 2017 was to introduce an annual survey to gauge employee attitudes toward services IT staff provides. Now he has a self-service bot delivering some of those services through Microsoft Teams, and providing real-time […]
Will your incident response team fight or freeze when a cyberattack hits?
If there’s an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there’s still a chance they might freeze up when the pressure is on, says Bec […]
Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
Tallahassee Memorial HealthCare (TMH) has canceled procedures and is diverting some patients following a cyberattack that forced it to take some IT systems offline. Founded in 1948, the not-for-profit community healthcare system provides acute and other types of healthcare services to a 21-county area in North Florida, South Georgia and South Alabama. On February 3, […]
European Police Arrest 42 After Cracking Covert App
European police arrested 42 suspects and seized guns, drugs and millions in cash, after cracking another encrypted online messaging service used by criminals, Dutch law enforcement said Friday. Police launched raids on 79 premises in Belgium, Germany and the Netherlands following an investigation that started back in September 2020 and led to the shutting down […]
Cyber Insights 2023 | Zero Trust and Identity and Access Management
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023 | The Coming of Web3
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Insurance IT leaders herald new era for digital customer experience
The insurance industry is undergoing a sea change, with IT playing a crucial role in rolling out digital customer experiences for policyholders and agents, as in-person meetings all but vanish in the post-pandemic era. This pivot to digital customer experiences has become a new insurance industry imperative, as John Aflac, Liberty Mutual, MassMutual, MetLife, and […]
Many VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
Unpatched and unprotected VMware ESXi servers around the world have been targeted over the past few days in a large-scale ransomware attack exploiting a vulnerability patched in 2021. The attacks, dubbed ESXiArgs, are still being analyzed by the cybersecurity community, but based on the information available to date, it appears that threat actors are exploiting […]
Why IT professionalism matters to BCS CEO Rashik Parmar
Rashik Parmar MBE, the chief executive of BCS, The Chartered Institute for IT, discusses a 40-year career in IT, his new role as CEO of the UK’s leading accreditation body, the BCS mission to drive IT professionalism and tech for good, and how the industry can finally move the dial on diversity, equity and inclusion. […]
Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. It is not new. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores – giving them greater apparent validity to targets. The scam is a version […]
US Downs Chinese Balloon Off Carolina Coast
President Joe Biden said on Saturday that he ordered U.S. officials to shoot down the suspected Chinese spy balloon earlier this week and that national security leaders decided the best time for the operation was when the it got over water. “They successfully took it down and I want to complement our aviators who did […]
Feds Say Cyberattack Caused Suicide Helpline’s Outage
A cyberattack caused a nearly daylong outage of the nation’s new 988 mental health helpline late last year, federal officials told The Associated Press Friday. Lawmakers are now calling for the federal agency that oversees the program to prevent future attacks. “On December 1, the voice calling functionality of the 988 Lifeline was rendered unavailable […]
Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
After the French satirical magazine Charlie Hebdo launched a cartoon contest to mock Iran’s ruling cleric, a state-backed Iranian cyber unit struck back with a hack-and-leak campaign that was designed to provoke fear with the claimed pilfering of a big subscriber database, Microsoft security researchers say. The FBI blames the same Iranian cyber operators, Emennet […]
Critical vulnerability patched in Jira Service Management Server and Data Center
A critical vulnerability was fixed this week in Jira Service Management Server, a popular IT services management platform for enterprises, that could allow attackers to impersonate users and gain access to access tokens. If the system is configured to allow public sign-up, external customers can be affected as well. The bug was introduced in Jira […]
Google Cloud growth slows as Alphabet net income plunges
Even though Google Cloud revenue growth showed signs of slowing, it nevertheless provided something of a bright spot as parent company Alphabet — hit hard by the tightening of customer budgets — posted a year-over-year decline in net income for its 2022 fourth quarter. Fourth-quarter gross revenue for Alphabet was $76.05 billion, up just 1% […]
How New Data Tools Can Expand Expertise at the Enterprise
The increasing amounts of data generated by today’s modern enterprise continues to challenge organizations as they look to extract valuable insights from that data. The inability to leverage all kinds of data and the amount of expertise required from data scientists to prep data put a strain on many enterprises. IT groups need a new […]
Big China Spy Balloon Moving East Over US, Pentagon Says
The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China’s claims that it was not being used for surveillance. Brig. Gen. Pat Ryder, Pentagon press secretary, refused to provide details on exactly where the balloon was or whether […]
AWS growth slows further by persistent macroeconomic uncertainty
Revenue growth at Amazon’s cloud computing division, Amazon Web Services, continued to slow in the fourth quarter as enterprises advanced their cost-cutting measures, brought on by uncertain macroeconomic environment. Despite a 20% year-on-year increase in revenue, reaching $21.4 billion in Q4 2022, this growth rate is slower compared to the 27.5% and 33% growth seen […]
How Data Governance Enables Analytics and Drives Business Growth
When it comes to data, the first question isn’t whether you can measure something, it’s whether you should. What you can or should measure impacts what you can do as a business, potentially affecting your business model. Along with respecting regulatory compliance requirements and the privacy rights of individuals, it’s necessary to consider the business […]
High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
VMware has informed users about the availability of patches for a Workstation vulnerability that could be exploited by malicious hackers for privilege escalation. The flaw, tracked as CVE-2023-20854 and rated ‘high severity’, has been described by VMware as an arbitrary file deletion vulnerability affecting version 17.x on Windows. “A malicious actor with local user privileges […]
Atlassian Warns of Critical Jira Service Management Vulnerability
Atlassian this week warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow attackers to impersonate Jira users. Tracked as CVE-2023-22501 (CVSS score of 9.4), the flaw impacts Jira Service Management Server and Data Center versions 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0. “An authentication vulnerability was discovered […]
Cyber Insights 2023: Venture Capital
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort the company, the Department of Justice announced. Sharp, 37, of Portland, Oregon, worked at the New York City-based IoT device maker between August 2018 and April 2021, as a senior developer who had access […]
GoAnywhere MFT Users Warned of Zero-Day Exploit
Users of the GoAnywhere secure managed file transfer (MFT) software have been warned about a zero-day exploit that malicious actors can target directly from the internet. The GoAnywhere MFT is made by Fortra, known until recently as HelpSystems, and it’s designed to enable organizations to automate and secure the exchange of data with their trading […]
China Says It’s Looking Into Report of Spy Balloon Over US
China said Friday it is looking into reports that a Chinese spy balloon has been flying in U.S. airspace and urged calm, adding that it has “no intention of violating the territory and airspace of any sovereign country.” Foreign Ministry spokesperson Mao Ning also said she had no information about whether a trip to China […]
Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
Exploitation attempts targeting a critical-severity Oracle E-Business Suite vulnerability have been observed shortly after proof-of-concept (PoC) code was published. One of the major Oracle product lines, the E-Business Suite is a set of enterprise applications that help organizations automate processes such as supply chain management (SCM), enterprise resource planning (ERP), and customer relationship management (CRM). […]
The Royal Mint’s diversification means all change for IT and security
It’s a new era for The Royal Mint, Britain’s oldest recognised company and the official maker of UK coins. Six months have passed since the death of Queen Elizabeth II, but that’s not all that’s changed at an institution established back in 886 AD. More recently, The Royal Mint has evolved its business model in […]
Top 24 RPA tools available today
Even the modern workplace can be boring and repetitive. Enter robotic process automation (RPA): a smart set of tools that deploys AI and low-code options to simplify workflows and save everyone time while also adding safeguards that can prevent costly mistakes. What is RPA? Robotic process automation (RPA) is an application of technology, governed by […]
Remote code execution exploit chain available for VMware vRealize Log Insight
VMware published patches last week for four vulnerabilities in its vRealize Log Insight product that, if combined, could allow attackers to take over the log collection and analytics platform. This week, a proof-of-concept exploit chain has been released by security researchers, along with detailed explanations for each vulnerability, meaning in-the-wild attacks could soon follow. “Gaining […]
Practical advice to optimize savings with cloud migrations
As organizations of all stripes continue their migration to the cloud, they are coming face to face with sometimes perplexing cost issues, forcing them to think hard about how best to optimize workloads, what to migrate, and who exactly is responsible for what. It’s an issue that’s coming to the fore with the steady migration […]
Manufacturing CIOs see bright future for the industry, thanks to IT
The manufacturing industry is undergoing a renaissance, thanks in part to advances in information technology. Two IT leaders who have been on the forefront of that are Kim Mackenroth and Chris Nardecchia. Kim Mackenroth is vice president and global CIO of Textron, a Fortune 302 multi-industry company with around 33,000 employees worldwide. Her global IT […]
Networking tips for IT leaders: A guide to building connections
Networking isn’t just for holiday parties. It’s something you should do all year long and, if approached correctly, it works no matter where you are on the career ladder. The two cardinal rules of networking, according to CIOs and career coaches, are to schedule time to do it for at least an hour every month, […]
Google Shells Out $600,000 for OSS-Fuzz Project Integrations
Google this week announced an extension to its OSS-Fuzz rewards program, an initiative meant to reward contributors for integrating projects into OSS-Fuzz. Launched in 2016, OSS-Fuzz is meant to help identify vulnerabilities in open source software through continuous fuzzing, with a declared goal of making common software infrastructure more secure. Six months after the launch, […]
What’s Next for the Future of Work?
Under new iterations of remote and hybrid work, the solution for some companies may involve monitoring employees electronically. For CIOs asked to implement such tools, it’s critical to understand the legal and ethical aspects of new technologies. “No one’s saying you can’t do it. You need to have a really good justification for doing it,” […]
NTT, Palo Alto partner for managed SASE with AIOps
Using a managed services provider to deliver SASE can streamline deployment and free up enterprise resources.
CIO Leadership Live with Bill Moses, Chief Digital Officer at Te Kawa Mataaho/Public Service Commission
Bill Moses, Chief Digital Officer at Te Kawa Mataaho/Public Service Commission, on the organisation’s ‘spirit of service’, keeping up to date on emerging trends, why digital leaders don’t need to come from technology backgrounds, and the growth in ‘wiggly line’ career paths. Watch the episode: Listen to the episode: CIO Leadership Live
Foreign states already using ChatGPT maliciously, UK IT leaders believe
Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That’s according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of respondents see ChatGPT as generally being used for “good” purposes, 72% are concerned by its […]
UK Car Retailer Arnold Clark Hit by Ransomware
UK-based car retailer Arnold Clark is informing customers that their personal information may have been stolen as a result of a cyberattack. A ransomware group has taken credit for the attack, claiming to have obtained gigabytes of sensitive information. Arnold Clark has more than 200 dealerships in England and Scotland, selling vehicles from over 25 […]
Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
Cisco on Wednesday announced patches for a high-severity command injection vulnerability in the IOx application hosting environment that could allow malicious code to persist across reboots. Tracked as CVE-2023-20076, the security defect exists because parameters that are passed for the activation of an application are not completely sanitized. “An attacker could exploit this vulnerability by […]
F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution
F5 warns of a high-severity format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service (DoS) condition and potentially execute arbitrary code. Tracked as CVE-2023-22374, the security defect impacts iControl SOAP, an open API that enables communication between systems, which runs as root. The SOAP interface is accessible from the […]
HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
A sophisticated piece of malware named HeadCrab has ensnared at least 1,200 Redis servers worldwide, Aqua Security reports. Designed to run on secure networks, Redis servers do not have authentication enabled and are prone to unauthorized access if exposed to the internet. Redis servers can be set up in clusters, which allows for data to […]
Dealing with the Carcinization of Security
Recently, a friend brought up the term “carcinization” and I must admit, I had to look it up! Turns out the term was coined more than 100 years ago to describe the phenomenon of crustaceans evolving into crab-shaped forms. Today, there are even memes for it. So, what does this example of convergent evolution have […]
Cyber Insights 2023: Ransomware
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: Quantum Computing and the Coming Cryptopocalypse
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023 | Supply Chain Security
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: Regulations
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns. At the same time, […]
EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
Researchers warn that many electric vehicle (EV) charging management systems are affected by vulnerabilities that could allow hackers to cause disruption, steal energy, or obtain driver information. The vulnerabilities were discovered by researchers working for SaiFlow, an Israel-based company that specializes in protecting EV charging infrastructure and distributed energy resources. The security holes are related […]
CIO Leadership Live with Andre Allen, VP Technology and CISO, MaRS Incubator
André Allen, Vice President Information Technology at MaRS Discovery District, Chief Privacy Officer & Chief Information Security Officer discusses building innovation and how inclusion is a major part of building teams and sustaining businesses. Watch this episode: Listen to this episode: CIO, CIO Leadership Live
The Connection between EX and CX
It is no longer a point of discussion that any organisation’s success depends on its relationships with its customers and employees. Especially as economies mature towards becoming a service industry, a relentless focus on and alignment between customer experience (CX) and employee experience (EX) is critical to an organisation’s success. Companies that spend time ensuring […]
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs
A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, led by OX Security, evaluates software supply chain security threats, covering a wide range of attack vectors […]
3 Ways to Discover Your Authentic Leadership Style
By Chet Kapoor, Chairman and CEO, DataStax Everyone has a point of view on leadership. There are tons of books, articles, and case studies with frameworks for becoming a great leader. These resources can absolutely help you find inspiration and hone your perspective, but here is the truth: There is no perfect model. After 20+ […]
5 Reasons Data Security Works Best with Open Standards
Open standards are a critical consideration when evaluating data security platforms. Why should you care? A data security platform is an enterprise solution that will likely span your entire data ecosystem, touching and requiring integration with many different systems, unlike standalone or point solutions. When dealing with enterprise systems, standards matter. What critical component of […]
98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
The digital supply chain is probably more extensive and more complicated than you realize. Upward of 98% of organizations have a relationship with at least one third party that has experienced a breach in the last two years – and these figures are almost certainly no exaggeration. The figures come from a report by SecurityScorecard. […]
VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
The urgency to patch a trio of dangerous security flaws in a VMware virtual appliance product escalated this week after exploit code was published on the internet. VMware confirmed the publication of exploit code in an update to its VMSA-2023-0001 bulletin and called on customers using its VMware vRealize Log Insight product to implement mitigations […]
Malicious NPM, PyPI Packages Stealing User Information
Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors are increasingly relying on software supply chain attacks to infect both developers and users with malware. According to […]
Silver Spring Pathfinder’s Secret to Innovation: Avaya Experience Platform
The government of Singapore recognizes that Persons with Disabilities (PWDs) have historically suffered from substantially reduced prospects of securing and retaining employment and is actively encouraging employers to look for ways to utilize this very capable but often overlooked group. Silver Spring Pathfinder (SSP) is championing change on this front, seeing the strengths and skills that PWDs […]
Misconfiguration and vulnerabilities biggest risks in cloud security: Report
The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed that least privilege access rights, an underpinning of zero trust architecture, are not properly enforced. Almost 90% […]
Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
Israeli venture group Team8 has bankrolled an $11 million seed-stage investment in Gem Security, a startup with ambitious plans in the cloud threat detection and incident response space. Gem Security, based in Tel Aviv, emerged from stealth Wednesday with technology that promises to give corporate security teams a practical way to manage threat detection, investigation […]
Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
Dutch cyber authorities said Wednesday that several hospital websites in the Netherlands and Europe were likely targeted by a pro-Kremlin hacking group because of their countries’ support for Ukraine. The UMCG hospital in the northern Dutch city of Groningen, one of the largest in the country, saw its website crash in a cyberattack on Saturday. […]
Boxx Insurance Raises $14.4 Million in Series B Funding
Cyberinsurance and protection firm Boxx Insurance has raised $14.4 million in a Series B funding round that brings the total investment in the company to $24.5 million. Led by Zurich Insurance, the new funding round comes hot on the heels of Boxx acquiring cyber threat intelligence platform Templarbit in November 2022, only two months after […]
Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
As we reflect on 2022, we’ve seen that malicious actors are constantly coming up with new ways to weaponize technologies at scale to cause more disruption and devastation. The dangers are showing up everywhere – and more frequently. The volume and variety of threats, including Ransomware-as-a-Service (RaaS) and novel attacks on previously less conventional targets, […]
Ransomware Leads to Nantucket Public Schools Shutdown
For the second day in a row, public schools on the tiny island of Nantucket remained closed Wednesday as administrators scrambled to cope with a ransomware attack on its computer systems. According to published reports, Nantucket’s five public schools shut its doors to students and teachers after a data encryption and extortion attack prompted staff […]
Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data
The point-of-sale (PoS) malware named Prilex has been modified to block contactless transactions in an effort to force users to insert their credit cards into terminals and steal their information. Initially detailed in 2017, Prilex has evolved from targeting ATMs into an advanced PoS malware that can perform a broad range of nefarious activities leading […]
Why you might not be done with your January Microsoft security patches
The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the patches and updates you need to evaluate if you haven’t already done so. […]
US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy
The US Department of Justice (DOJ) has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act (FCPA) in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney General Kenneth A. Polite, Jr., shared the 2022 success of the Criminal Division of the DOJ […]
Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
A researcher has discovered two potentially serious vulnerabilities affecting Econolite traffic controllers. Exploitation of the security flaws can have serious real-world impact, but they remain unpatched. Cyber offensive researcher Rustam Amin informed the US Cybersecurity and Infrastructure Security Agency (CISA) that he had identified critical and high-severity vulnerabilities in Econolite EOS, a traffic controller software […]
Cyber Insights 2023: ICS and Operational Technology
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: The Geopolitical Effect
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: Criminal Gangs
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability
Attack surface management firm Censys has identified roughly 30,000 internet-exposed QNAP network-attached storage (NAS) appliances that are likely affected by a recently disclosed critical-severity code injection vulnerability. Tracked as CVE-2022-27596 (CVSS score of 9.8), the security defect is described as an SQL injection bug that allows remote attackers to inject malicious code into vulnerable NAS […]
Digital transformation – from mainframes to the ‘deeply digital’ organisation
The next generation of successful organisations will be the ones that embrace the potential of digital transformation, or so it has been said with increasing frequency in the last decade. But is the term as useful in understanding the future of organisations as its advocates claim? While some see digital transformation as a trend that […]
Google Fi Data Breach Reportedly Led to SIM Swapping
The Google Fi telecommunications service has informed customers about a data breach that appears to be related to the recently disclosed T-Mobile cyberattack. Google Fi, which provides wireless phone and internet services, has told customers that the breach is related to its primary network provider, without naming it. However, T-Mobile is Google Fi’s primary network […]
Dynamic talent sourcing gains traction for filling skills needs
Michael Edmunds needed top-notch consulting expertise, and he needed it fast. But getting strategy guidance for his startup from one of the big consultancies would be prohibitively expensive and time-consuming. Edmunds is senior vice president for global operations and quality at Witricity, which is developing magnetic resonance electrical charging technology for automobiles, industrial vehicles, and […]