31Mar 2023

Supply chain decarbonization: The missing link to net zero

Over the last seven decades, global carbon emissions have increased almost eightfold. Meanwhile, since 1980, the planet’s average temperature has risen significantly, with nine out of 10 warmest years on record having been in the last nine years. For sustainable development, it is now widely agreed that we must achieve a shared global goal of cutting carbon […]

31Mar 2023

How TCS pioneered the ‘borderless workspace’ with Microsoft 365

Tata Consultancy Services (TCS) has always been a digital-first organization. Continuous transformation of the workplace has been a cornerstone of the company’s business model for several decades.   This approach proved its value during the COVID-19 crisis, when TCS pioneered location-independent “borderless workspaces” aided by Microsoft 365 and Microsoft Teams. The modern workplace solution suite was […]

31Mar 2023

TCS gives Blackhawk Network an edge with Microsoft Cloud

Blackhawk Network is shaping the future of global branded payments — from QR code payment solutions and retail gift card programs to tailored incentives and reward programs.  The Silicon Valley-based company has been expanding its global footprint through numerous creative acquisitions. While each brought a wealth of benefits, the acquired companies’ existing processes and platforms […]

31Mar 2023

Italian privacy regulator bans ChatGPT over collection, storage of personal data

Italy’s data privacy regulator has banned ChatGPT over alleged privacy violations relating to the chatbot’s collection and storage of personal data. With immediate effect, the Guarantor for the protection of personal data has ordered the temporary limitation of the processing of data of Italian users by ChatGPT parent firm OpenAI until it complies with EU […]

31Mar 2023

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches. “The zero-day exploits were used alongside n-day exploits and took advantage […]

31Mar 2023

Why 5G and edge computing are key to retail success on Microsoft Cloud

The retail industry is transforming rapidly. Modern retailers rely heavily on automation for managing inventory, shelf design, customer service, and logistics. Video cameras and sensors that allow for unique store design help to enhance the customer experience. Technology is truly powering retail transformation, setting modern stores apart from traditional brick-and-mortar ones. It is no easy […]

31Mar 2023

Report: Chinese State-Sponsored Hacking Group Highly Active

Chinese hacking group linked previously to attacks on U.S. state government computers is still “highly active” The post Report: Chinese State-Sponsored Hacking Group Highly Active appeared first on SecurityWeek.

31Mar 2023

FDA Announces New Cybersecurity Requirements for Medical Devices

The FDA is asking medical device manufacturers to provide cybersecurity-related information when submitting an application for a new product. The post FDA Announces New Cybersecurity Requirements for Medical Devices appeared first on SecurityWeek.

31Mar 2023

Lumen Technologies Hit by Two Cyberattacks

Communications and IT company Lumen Technologies fell victim to two cyberattacks that led to data theft. The post Lumen Technologies Hit by Two Cyberattacks appeared first on SecurityWeek.

31Mar 2023

Votiro Raises $11.5 Million to Prevent File-Borne Threats

Votiro raised $11.5 million in a Series A investment round led by Harvest Lane Asset Management. The post Votiro Raises $11.5 Million to Prevent File-Borne Threats appeared first on SecurityWeek.

31Mar 2023

Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months

Several cybersecurity companies have published blog posts, advisories and tools to help organizations that may have been hit by the 3CX supply chain attack. The post Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months appeared first on SecurityWeek.

31Mar 2023

Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks

Documents show that Russian IT company NTC Vulkan was requested to develop offensive tools for government-backed hacking group Sandworm. The post Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks appeared first on SecurityWeek.

31Mar 2023

Best business analyst certifications to level up your career

Business analysts are in high demand, with 24% of Fortune 500 companies currently hiring business analysts across a range of industries, including technology (27%), finance (13%), professional services (10%), and healthcare (5%), according to data from Zippia. And the Bureau of Labor Statistics predicts that business analyst jobs will grow 11% from 2021 to 2031. […]

31Mar 2023

AMD takes hybrid approach to engineering the cloud’s future

AMD CIO Hasmukh Ranjan sits at the cloud’s crossroads. As a chipmaker, AMD is a vital supplier for the public cloud’s compute engine, and among Ranjan’s key remits is to support the engineering of semiconductors that power the cloud. But as a consumer, Ranjan, like all CIOs, must decide where best to place his company’s […]

31Mar 2023

Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution

A high-severity vulnerability in Azure Service Fabric Explorer could have allowed a remote, unauthenticated attacker to execute arbitrary code. The post Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution appeared first on SecurityWeek.

30Mar 2023

Are tech layoffs inevitable, or can your company avoid them?

The headlines are clear: Recession is looming, and tech companies of all stripes are cutting thousands of employees from their rosters. Yet, despite these reductions, TOPdesk, an IT service desk software company, remains committed to growing its footprint as it continues to expand its internal teams and has no plans to change. Why? Let’s start […]

30Mar 2023

Anti-Bot Software Firm DataDome Banks $42M Financing

DataDome, a New York startup selling anti-bot and anti-fraud tech, has secured $42 million in new financing to fuel expansion plans. The post Anti-Bot Software Firm DataDome Banks $42M Financing appeared first on SecurityWeek.

30Mar 2023

Kyndryl lays off staff in search of efficiency

The layoffs are part of a restructuring initiative aimed at improving efficiency and customer service, Kyndryl says.

30Mar 2023

Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks

Water pumping systems made by ProPump and Controls are affected by several vulnerabilities that could allow hackers to cause significant problems. The post Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks appeared first on SecurityWeek.

30Mar 2023

APT group Winter Vivern exploits Zimbra webmail flaw to target government entities

An APT group known in the security industry as Winter Vivern has been exploiting a vulnerability in the Zimbra Collaboration software to gain access to mailboxes from government agencies in several European countries. While no clear links have been established between Winter Vivern and a particular country’s government, security researchers have noted that its activities […]

30Mar 2023

3CX DesktopApp compromised by supply chain attack

3CX is working on a software update for its 3CX DesktopApp, after multiple security researchers alerted the company of an active supply chain attack in it. The update will be released in the next few hours; meanwhile the company urges customers to use its PWA (progressive web application) client instead.  “As many of you have […]

30Mar 2023

500k Impacted by Data Breach at Debt Buyer NCB

NCB Management Services is informing roughly 500,000 individuals of a data breach impacting their personal information. The post 500k Impacted by Data Breach at Debt Buyer NCB appeared first on SecurityWeek.

30Mar 2023

Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data

An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward. The post Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data appeared first on SecurityWeek.

30Mar 2023

Why Endpoint Resilience Matters

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own security. The post Why Endpoint Resilience Matters appeared first on SecurityWeek.

30Mar 2023

Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks

The recently identified Melofee Linux implant allowed Chinese cyberespionage group Winnti to conduct stealthy, targeted attacks. The post Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks appeared first on SecurityWeek.

30Mar 2023

DXC Technology says global network is not compromised following Latitude Financial breach

Soon after Latitude Financial revealed it suffered a cyber attack, DXC Technology quietly published a note on its website stating its global network and customer support networks were not compromised. When Latitude Financial, which is listed in the Australian Securities Exchange (ASX), first published about the attack it said the activity was believed to have […]

30Mar 2023

3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component 

3CX confirms investigating a security breach as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack. The post 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component  appeared first on SecurityWeek.

30Mar 2023

5 ways AI will transform CRM

The potential for generative AI systems such as OpenAI’s ChatGPT and Google’s Bard to transform how businesses work is being realized. Hype still surrounds some predictions, but change is here, and one of the first product categories to be impacted is CRM systems.  Software-based services are the low-hanging fruit when it comes to this emerging […]

30Mar 2023

CIOs must evolve to stave off existential threat to their role

With digital technology increasingly vital to business, the CIO role is quickly evolving, placing IT leaders under threat from business executives who offer the blend of business and technical savvy necessary to lead transformational strategies in the future. A recent report by market intelligence firm IDC has placed IT leaders at a crossroads, predicting that, […]

30Mar 2023

UK Introduces Mass Surveillance With Online Safety Bill

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into end-to-end content The post UK Introduces Mass Surveillance With Online Safety Bill appeared first on SecurityWeek.

30Mar 2023

From CIO to CX SVP, Cisco’s Jacqueline Guichelaar takes a road less travelled

Throughout her more than 30-year career in the tech industry, Jacqueline Guichelaar has been a staunch advocate for leaning in and genuinely listening to customers in order to provide them with better experiences. It’s one of the many attributes that led her to eventually becoming global CIO with Cisco, where she charted a path that […]

30Mar 2023

Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT

A group computer scientists and tech experts are calling for a 6-month pause to consider the profound risks of AI to society and humanity. The post Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT appeared first on SecurityWeek.

29Mar 2023

Noname Security releases API security updates

API security vendor Noname Security today announced a new release of its platform, with a number of upgrades designed to enhance visibility into a user’s API environment and protect against the growing number of API-based threats. The growth in the number of those threats has been fueled by the increasing centrality of APIs to modern […]

29Mar 2023

North Korean threat actor APT43 pivots back to strategic cyberespionage

When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38). It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. However, another team that security […]

29Mar 2023

Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App

CrowdStrike threat intelligence team warns about unexpected malicious activity from a legitimate, signed version of the 3CXDesktopApp. The post Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App appeared first on SecurityWeek.

29Mar 2023

HP releases Wolf Connect solution for secure remote PC management

HP Inc. has announced the launch of HP Wolf Connect, a new IT management solution that provides resilient and secure connections to remote PCs. The solution enables IT teams to manage PCs remotely even if they are powered down or offline and was showcased at HP’s Amplify Partner Conference. HP Wolf Connect uses a cellular-based […]

29Mar 2023

LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps

New York startup LeapXpert secures funding for technology to help businesses manage the use of consumer messaging apps in the enterprise. The post LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps appeared first on SecurityWeek.

29Mar 2023

Spera Banks $10 Million to Tackle Identity and Access Sprawl

Backed by YL Ventures, Spera banks $10 million to help businesses deal with identity and access sprawl in the enterprise. The post Spera Banks $10 Million to Tackle Identity and Access Sprawl appeared first on SecurityWeek.

29Mar 2023

Blockchain Security Firm True I/O Raises $9 Million

Total Network Services rebrands to True I/O and raises $9 million to accelerate deployment of product. The post Blockchain Security Firm True I/O Raises $9 Million appeared first on SecurityWeek.

29Mar 2023

The SAP Innovation Awards 2023 Finalists Have been Selected

First and foremost, on behalf of SAP, we would like to thank all the SAP Innovation Awards 2023 participants for their hard work showcasing the many ways they are delivering impact within their businesses! We are truly grateful for and inspired by all the incredible submissions received this year. This is the perfect opportunity to […]

29Mar 2023

OpenAI Patches Account Takeover Vulnerabilities in ChatGPT

OpenAI resolved severe ChatGPT vulnerabilities that could have been exploited to take over accounts. The post OpenAI Patches Account Takeover Vulnerabilities in ChatGPT appeared first on SecurityWeek.

29Mar 2023

DarkBit puts data from Israel’s Technion university on sale

DarkBit, the group that claimed responsibility for a ransomware attack on Israel’s Technion university, is making good on its threat to sell the university’s data if the ransom went unpaid. “The price of total bulk is 104 BTC (bitcoin) if anyone buys all of it at once,” said a message on DarkBit’s Telegram channel. It also […]

29Mar 2023

Skyhawk adds ChatGPT functions to enhance cloud threat detection, incident discovery

Cloud threat detection and response (CDR) vendor Skyhawk has announced the incorporation of ChatGPT functionality in its offering to enhance cloud threat detection and security incident discovery. The firm has applied ChatGPT features to its platform in two distinct ways – earlier detection of malicious activity (Threat Detector) and explainability of attacks as they progress […]

29Mar 2023

Spera exits stealth to reveal identity-based threat hunting capabilities

The Israeli identity-based cybersecurity provider Spera is exiting stealth mode to reveal a namesake offering with identity security posture management (ISPM) capabilities. “Two of the most prominent identity-based attack vectors ­— stolen credentials and phishing—take the longest to detect and are most expensive to solve,” said Dor Fledel, co-founder and CEO of Spera. “Security professionals […]

29Mar 2023

Latin American companies, governments need more focus on cybersecurity

For the first time, over a dozen cybersecurity companies have come together to produce an agnostic study titled LATAM CISO Report 2023: Insights from Industry Leaders. More than 200 CISOs in the Americas region, in addition to the Inter-American Development Bank (IDB), Latin American Federation of Banks (FELABAN), and the World Economic Forum (WEF), contributed […]

29Mar 2023

OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023

OpenSSL 1.1.1 will reach EoL in six months and users are instructed to either upgrade to a newer version or pay for extended support to continue receiving security patches. The post OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023 appeared first on SecurityWeek.

29Mar 2023

Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims

Australian casino giant Crown Resorts says the Cl0p ransomware group contacted them to claim data theft in the GoAnywhere attack. The post Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims appeared first on SecurityWeek.

29Mar 2023

New Wi-Fi Attack Allows Traffic Interception, Security Bypass

A group of academic researchers devised an attack that can intercept Wi-Fi traffic at the MAC layer, bypassing client isolation. The post New Wi-Fi Attack Allows Traffic Interception, Security Bypass appeared first on SecurityWeek.

29Mar 2023

Managing security in the cloud through Microsoft Intune

For many years, the Group Policy feature of Microsoft’s Windows has been the go-to solution for controlling workstations, providing deployment, and in general, making a network manageable by information professionals. It does, however, require a traditional domain with an Active Directory deployment — many users already have an Active Directory (AD) and will have an […]

29Mar 2023

AI-fueled search gives more power to the bad guys

Concerns about the reach of ChatGPT and how easier it may get for bad actors to find sensitive information have increased following Microsoft’s announcement of the integration of ChatGPT into Bing and the latest update of the technology, GPT-4. Within a month of the integration, Bing had crossed the 100 million daily user threshold. Meanwhile, GPT-4 […]

29Mar 2023

5 cyber threats retailers are facing — and how they’re fighting back

There are many reasons retailers are juicy targets for hackers. They earn and handle tremendous amounts of money, store millions of customer credit card numbers, and have frontline staff who may lack cybersecurity training. To save money, some retailers use older equipment that isn’t adequately updated, secured, or monitored to deal with cyberattacks. According to […]

29Mar 2023

Over 200 Organizations Targeted in Chinese Cyberespionage Campaign

Chinese cyberespionage group Mustang Panda was seen targeting maritime, shipping, border control, and immigration organizations in recent attacks. The post Over 200 Organizations Targeted in Chinese Cyberespionage Campaign appeared first on SecurityWeek.

29Mar 2023

Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report

A new research report discusses the five most exploited vulnerabilities of 2022, and the five key risks that security teams should consider. The post Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report appeared first on SecurityWeek.

29Mar 2023

Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors

Google has linked several zero-day vulnerabilities used last year to target Android and iOS devices to commercial spyware vendors. The post Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors appeared first on SecurityWeek.

29Mar 2023

What Makes an Effective Anti-Bot Solution?

While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions. The post What Makes an Effective Anti-Bot Solution? appeared first on SecurityWeek.

29Mar 2023

QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography

Quantum cybersecurity firm QuSecure has collaborated with Accenture to develop a multi-orbit quantum-resilient satellite communications capability.  The post QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography appeared first on SecurityWeek.

29Mar 2023

Examining key disciplines to build equity in the IT workplace

As IT leader of self-regulatory body Professional Engineers Ontario (PEO), Doria Manico-Daka continues to build on her 16 years in tech, the last five of which has seen her heavily involved in leading digital transformation and modernization. Throughout her career, industries and company sizes have varied, but there’s been one constant: environments have largely been […]

29Mar 2023

12 ways to maximize your cloud investments

Over the past few years, more organizations have gone all in with migrations to the public cloud. But for some “without a concrete strategy, it has led to some obvious challenges with respect to measuring the real value from their cloud investments,” says Ricky Sundrani, a partner in the pricing assurance practice at Everest Group. […]

29Mar 2023

Legacy, password-based authentication systems are failing enterprise security, says study

Authentication-related attacks grew in 2022, taking advantage of outdated, password-based authentication systems, according to a study commissioned by HYPR, a passwordless multifactor authentication (MFA) provider based in the US. The study, conducted by independent technology market research firm Vanson Bourne, surveyed 1000 IT professionals from organizations around the world with more than 50 employees. These […]

28Mar 2023

Microsoft announces generative AI Security Copilot

Microsoft today announced its AI Security Copilot, a GPT-4 implementation that brings generative AI capabilities to its in-house security suite, and features a host of new visualization and analysis functions. AI Security Copilot’s basic interface is similar to the chatbot functionality familiar to generative AI users. It can be used in the same way, to […]

28Mar 2023

Mandiant Catches Another North Korean Gov Hacker Group

Mandiant flags APT43 as a “moderately-sophisticated cyber operator that supports the interests of the North Korean regime.” The post Mandiant Catches Another North Korean Gov Hacker Group appeared first on SecurityWeek.

28Mar 2023

Leadership superpower: Succeeding sustainably

Value Stream Management (VSM) is a powerful methodology that not only streamlines value streams and optimizes processes but also promotes sustainability and creates positive impact. As today’s great leaders recognize, true success is not solely measured by the bottom line but also by the impact a business has on its stakeholders, including employees, partners, and […]

28Mar 2023

Hackers changed tactics, went cross-platform in 2022, says Trend Micro

Payouts from ransomware victims declined by 38% in 2022, prompting hackers to adopt more professional and corporate tactics to ensure higher returns, according to Trend Micro’s Annual Cybersecurity Report.  Many ransomware groups have structured their organizations to operate like legitimate businesses, including leveraging established networks and offering technical support to victims. There is an increasing […]

28Mar 2023

AI bots for customer experience: trends, insights, and examples

The hype surrounding AI-based voice and chatbots is evident, but do they deliver? Most still perform only extremely basic tasks and often mirror the poor practices of traditional IVRs. Customers may be open to the idea, but only 30% believe that chatbots and virtual assistants make it easier to address their service issues. The things customers say bots are good […]

28Mar 2023

Helping the C-suite leverage their network as a business-boosting asset

By: Larry Lunetta, VP Portfolio Solutions Marketing at Aruba, a Hewlett Packard Enterprise company. As customer-centric innovators, we’re constantly looking at how we can better help businesses reach their goals by leveraging technology. That’s why hearing from them first-hand is so valuable. This year, we kicked off our quest for insights with a survey run […]

28Mar 2023

Video: How to Build Resilience Against Emerging Cyber Threats

Enjoy this session as we walk through three recent use cases where a new threat caught organizations off-guard. The post Video: How to Build Resilience Against Emerging Cyber Threats appeared first on SecurityWeek.

28Mar 2023

Microsoft Puts ChatGPT to Work on Automating Cybersecurity

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks. The post Microsoft Puts ChatGPT to Work on Automating Cybersecurity appeared first on SecurityWeek.

28Mar 2023

Data loss from insider events increase despite IRM programs: Report

A vast majority of companies are struggling with data losses from insider events despite having dedicated insider risk management (IRM) programs in place, according to a data exposure report commissioned by Code 42. The study conducted by Vanson Bourne, an independent research firm for technology companies, interviewed 700 cybersecurity professionals, managers, and leaders in the US […]

28Mar 2023

CIOs to learn about the art of persuasive communication.

Persuasive Communication Workshop, FutureIT | Dallas, March 29th. Hosted by Dan Roberts, Host, Tech Whisperers Podcast, CEO, Ouellette & Associates and Larry Bonfante, Senior Consultant, Ouellette & Associates. IDG Don’t miss CIO’s FutureIT | March 29 at the Tower Club, Dallas presented by CIO, CSO and ComputerWorld. A pre-conference workshop will be exclusively offered to […]

28Mar 2023

China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign 

A South Asian espionage group named Bitter has been observed targeting the Chinese nuclear energy sector. The post China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign  appeared first on SecurityWeek.

28Mar 2023

Nigerian BEC Scammer Sentenced to Prison in US

Solomon Ekunke Okpe was sentenced to four years in prison in the US for his role in a BEC fraud ring. The post Nigerian BEC Scammer Sentenced to Prison in US appeared first on SecurityWeek.

28Mar 2023

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an actively exploited vulnerability. The post ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation appeared first on SecurityWeek.

28Mar 2023

SecurityScorecard Guarantees Accuracy of Its Security Ratings

SecurityScorecard is offering free digital forensics and incident response (DFIR) services to customers that have scored an ‘A’ rating if they have been breached. The post SecurityScorecard Guarantees Accuracy of Its Security Ratings appeared first on SecurityWeek.

28Mar 2023

Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police

The UK’s National Crime Agency has been running several DDoS-for-hire websites to collect information about individuals looking to launch such attacks. The post Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police appeared first on SecurityWeek.

28Mar 2023

14 Million Records Stolen in Data Breach at Latitude Financial Services

Australian financial services provider Latitude says roughly 14 million user records were stolen in a recent cyberattack. The post 14 Million Records Stolen in Data Breach at Latitude Financial Services appeared first on SecurityWeek.

28Mar 2023

5 hard questions every IT leader must answer

Leadership is not something that just happens. Leadership must be measured, managed, and invested in. After all, how IT leaders are selected, trained, evaluated, and compensated materially impacts the future performance of the enterprise. So, again, when was the last time you had a substantive conversation about leadership with your direct reports? How frequently do […]

28Mar 2023

CIOs address the impact of hybrid work

After recent rounds of high-profile layoffs, a lot of technologists are looking for work in a market that’s different from any they’ve experienced. More companies are now set up to support remote work, which offers candidates a wider range of potential employers. The new working models benefit companies, too, since they can now hire people […]

28Mar 2023

PwC UK partners with ReversingLabs to bring software supply chain security to third-party risk management

Advisory and professional services giant PwC UK is partnering with security firm ReversingLabs to develop a third-party risk management (TPRM) platform to help businesses address software supply chain security risks. Alongside ReversingLabs, the firm aims to help customers modernize traditional TPRM programs to better suit the modern software supply chain, operationalizing detection and mitigation of […]

28Mar 2023

Office of the Director of National Intelligence highlights cyber threats in 2023 Intelligence Threat Assessment

When the Office of the Director of National Intelligence (ODNI) highlights a threat in its unclassified assessment and intimates that there is substantive supporting evidence available, one should not sit back and let the data points pass idly by — and we aren’t. The ODNI minced no words as they addressed China, Russia, North Korea, […]

28Mar 2023

5 ways to tell you are not CISO material

As the role of the CISO continues to grow in importance and gain more responsibility, many cybersecurity practitioners may wonder if they have what it takes to be successful in the role. Technical expertise and experience are obviously huge assets. An effective CISO has the ability to evaluate and select security technology, communicate with technical […]

28Mar 2023

iOS Security Update Patches Exploited Vulnerability in Older iPhones

Apple has released security updates for older iPhones to address a vulnerability exploited in attacks. The post iOS Security Update Patches Exploited Vulnerability in Older iPhones appeared first on SecurityWeek.

28Mar 2023

Biden administration seeks to tamp down the spyware market with a new ban

In a significant signal to spyware vendors, the Biden administration issued an executive order (EO) prohibiting federal government agencies from using commercial spyware “that poses significant counterintelligence or security risks to the United States Government.” The spyware covered by the EO is predominately malware designed to track and collect data from mobile phones that can […]

27Mar 2023

Huawei’s F5G rollout plan signals new wave of green technology and digital transformation

The emphasis Huawei has placed on a wave of investment in optical fixed line networks is bearing fruit. At MWC 2023, the company unveiled a range of F5G(Fifth generation fixed network) solutions for vertical industries. For Gu Yunbo, who manages the part of Huawei that sells optical network products to enterprises, this is the start […]

27Mar 2023

Researchers warn of two new variants of potent IcedID malware loader

Security researchers have seen attack campaigns using two new variants of IcedID, a banking Trojan program that has been used to deliver ransomware in recent years. The two new variants, one of which appears to be connected to the Emotet botnet, are lighter compared to the standard one because certain functionality has been stripped. “It […]

27Mar 2023

Huawei launches intelligent data storage solutions at MWC to satisfy rising multi-cloud demand

Peter Zhou, President of Huawei’s IT Product Line, is the public face of data storage technologies at the Chinese telecoms to IT giant. At MWC 2023, in between meetings with many of the 2,500 Huawei clients who made the trip to Barcelona, Peter described Europe’s buoyant market as one of the drivers behind 40% year-on-year […]

27Mar 2023

Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April

Microsoft says it has evidence that Russian APT actors were exploiting a nasty Outlook zero-day as far back as April 2022, upping the stakes on organizations to start hunting for signs of compromise. The post Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April appeared first on SecurityWeek.

27Mar 2023

State of the CIO, 2023: Building business strategy

When he’s not immersed in cybersecurity, hybrid cloud strategy, or app modernization, David Reis, CIO at the University of Miami Health System and the Miller School of Medicine, spends his time working with the board of directors and top leadership to reimagine healthcare and take the lead driving digital transformation. A business objective to “arrive” […]

27Mar 2023

Hackers Earn Over $1 Million at Pwn2Own Exploit Contest

Security researchers raked in more than $1 million in prizes at this year’s CanSecWest Pwn2Own software exploitation contest. The post Hackers Earn Over $1 Million at Pwn2Own Exploit Contest appeared first on SecurityWeek.

27Mar 2023

US to Adopt New Restrictions on Using Commercial Spyware

Executive order will require the head of any U.S. agency using commercial spyware programs to certify that the program doesn’t pose a significant counterintelligence or other security risk. The post US to Adopt New Restrictions on Using Commercial Spyware appeared first on SecurityWeek.

27Mar 2023

Part of Twitter source code leaked on GitHub

Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the post after the social media platform requested it to do so on Friday. Twitter has also filed a case in the US District Court for the Northern District of California seeking to order GitHub to identify the […]

27Mar 2023

GoAnywhere Zero-Day Attack Hits Major Orgs

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra’s GoAnywhere software. The post GoAnywhere Zero-Day Attack Hits Major Orgs appeared first on SecurityWeek.

27Mar 2023

Australia Dismantles BEC Group That Laundered $1.7 Million

Law enforcement in Australia announce the arrest of four individuals accused of running business email compromise (BEC) schemes. The post Australia Dismantles BEC Group That Laundered $1.7 Million appeared first on SecurityWeek.

27Mar 2023

France bans TikTok, all social media apps from government devices

The French government has banned TikTok and all other “recreational apps” from phones issued to its employees. The Minister of Transformation and the Public Service Stanislas Guerini, said in a statement that recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment. This prohibition applies immediately and […]

27Mar 2023

Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks

Webinar on third-party identity access risks will discuss topics such as unauthorized access, data breaches, and the manipulation or theft of sensitive information The post Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks appeared first on SecurityWeek.

27Mar 2023

‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns    

Criminals are set to take advantage of artificial intelligence like ChatGPT to commit fraud and other cybercrimes, Europe’s policing agency warned. The post ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns     appeared first on SecurityWeek.

27Mar 2023

GitHub Rotates Publicly Exposed RSA SSH Private Key

GitHub replaced the RSA SSH private key used to secure Git operations for GitHub.com after it was exposed in a public GitHub repository. The post GitHub Rotates Publicly Exposed RSA SSH Private Key appeared first on SecurityWeek.

27Mar 2023

Best practices for protecting AWS RDS and other cloud databases

It’s no surprise that organizations are increasingly using cloud-native services, including for data storage. Cloud storage offers tremendous benefits such as replication, geographic resiliency, and the potential for cost-reduction and improved efficiency. The Amazon Web Services (AWS) Relational Database Service (RDS) is one of the most popular cloud database and storage services. At a high-level, […]

27Mar 2023

How the metaverse will help financial organizations transform employee and customer experience on Microsoft Cloud

The metaverse—a fast-emerging combination of technologies including augmented and virtual reality, IoT, and blockchain—is poised to change the way financial services organizations and other companies do business.    “By blending the physical and the digital worlds, the metaverse is changing the rules of engagement and enabling us to connect without barriers,” says Anupam Singhal, a […]

27Mar 2023

How to Build ROI from Cloud Migration

Organizations are racing to modernize their legacy technology, architecture, infrastructure, and databases. Modernization often revolves around cloud migration. But not every approach provides the same ROI. Before committing to a migration strategy, organizations must identify the best approach for their business requirements.   Each approach comes with its own benefits, time commitments, and cost. This whitepaper […]

27Mar 2023

Why CISOs Are Looking to Lateral Security to Mitigate Ransomware

Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools. What is lateral security?  It leverages both access control and advanced […]

27Mar 2023

GitHub Suspends Repository Containing Leaked Twitter Source Code

Twitter sent a copyright notice to code hosting service GitHub to request the removal of a repository that contained Twitter source code. The post GitHub Suspends Repository Containing Leaked Twitter Source Code appeared first on SecurityWeek.

27Mar 2023

Why data leaders struggle to produce strategic results

Chief data and analytics officers (CDAOs) are poised to be of increasing strategic importance to their organizations, but many are struggling to make headway, according to data presented last week by Gartner at the Gartner Data & Analytics Summit 2023. Fewer than half (44%) of data and analytics leaders say their teams are effective in […]

26Mar 2023

How Infosys and Tennis Australia are harnessing technology for good

Marching resolutely alongside artificial intelligence (AI), cloud computing and digital advancement are customers demanding organisations be more environmentally sustainable, inclusive and responsible. It’s a situation raising a critical question for every IT and business leader: How can we increasingly harness technology not just for technology’s sake, but for the good we can do with it? […]

26Mar 2023

Google Leads $16 Million Investment in Dope.security

Dope.security raised $16 million in Series A funding for its fly-direct Secure Web Gateway (SWG). The post Google Leads $16 Million Investment in Dope.security appeared first on SecurityWeek.

26Mar 2023

Intel Co-founder, Philanthropist Gordon Moore Dies at 94

Intel Corp. co-founder Gordon Moore, who the breakneck pace of progress in the digital age with a simple 1965 prediction of how quickly engineers would boost the capacity of computer chips, has died. He was 94. The post Intel Co-founder, Philanthropist Gordon Moore Dies at 94 appeared first on SecurityWeek.

25Mar 2023

US Charges 20-Year-Old Head of Hacker Site BreachForums

The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers. The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.

24Mar 2023

Retail innovation playbook: Fast, economical transformation on Microsoft Cloud

Inflation, high energy prices, and a looming recession have dampened consumer purchasing. All this while retailers are still dealing with pandemic-related disruptions to supply chains and consumer shopping habits. To win back consumers and protect profit margins, retailers need to optimize operations across the enterprise. That means fixing their supply chains, understanding shifting consumer preferences, […]

24Mar 2023

Critical flaw in WooCommerce can be used to compromise WordPress websites

WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch. “Although what we know at this time is limited, what we do […]

24Mar 2023

How to power a sustainable enterprise on Microsoft Cloud

Now, more than ever, global businesses have an opportunity. With people and infrastructure touching every point on the planet — and new technology empowering us to radically change the way we consume resources — we can lead the world toward a better, more sustainable future.  That optimism stems from three core beliefs:  We can build […]

24Mar 2023

Improving ESG performance in financial services on Microsoft Cloud

Anxious to meet international standards, satisfy investors, and profit from a growing array of sustainable products, financial services firms are intensifying their focus on environmental, social, and governance (ESG) goals. While the incentives for ESG are compelling, managing programs and demonstrating success are fraught with challenges. But by adhering to the right standards and using […]

24Mar 2023

How to power a sustainable enterprise on Microsoft Cloud

Now, more than ever, global businesses have an opportunity. With people and infrastructure touching every point on the planet — and new technology empowering us to radically change the way we consume resources — we can lead the world toward a better, more sustainable future.  That optimism stems from three core beliefs:  We can build […]

24Mar 2023

How retailers are empowering business transformation with TCS and Microsoft Cloud

The retail industry is always in motion. Shifting macro-economic influences and changing customer expectations spark new business models, channel strategies, and strategic partnerships. To keep pace, retailers require a strong digital core that delivers powerful data-driven insights while staying compliant, maintaining security, and preventing fraud.   Shree Venkat, chief architect at TCS, and GV Krishnan, Head […]

24Mar 2023

Powering a sustainable future: How data can save the world – and your business

Data is the powerhouse of digital transformation. That’s no surprise. But did you know that data is also one of the most significant factors in whether a company can achieve its sustainability goals?  Business leaders are at a crossroads. On one hand, a perilous financial landscape threatens to stall growth, with companies of all sizes […]

24Mar 2023

Cyberpion rebrands as Ionix, offering new EASM visibility improvements

SaaS-based external attack surface management (EASM) company Cyberpion has rebranded as Ionix, at the same time adding a clutch of new cybersecurity capabilities to its namesake offering. Designed to provide a “wider coverage and deeper focus” into its customers’ internet-facing assets and connected dependencies, the revamp of Ionix’s system will feature new abilities such as extending […]

24Mar 2023

Tesla Hacked Twice at Pwn2Own Exploit Contest

Researchers at French offensive hacking shop Synacktiv demonstrated successful exploit chains against Tesla’s newest electric car to take top billing at the annual Pwn2Own contest. The post Tesla Hacked Twice at Pwn2Own Exploit Contest appeared first on SecurityWeek.

24Mar 2023

CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections

The U.S. government’s cybersecurity agency ships a new tool to help network defenders hunt for signs of compromise in Microsoft’s Azure and M365 cloud deployments. The post CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections appeared first on SecurityWeek.

24Mar 2023

Android-based banking Trojan Nexus now available as malware-as-a-service

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available […]

24Mar 2023

PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw

Proof-of-concept code to exploit a just-patched security hole in the Veeam Backup & Replication product has been published online. The post PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw appeared first on SecurityWeek.

24Mar 2023

Critical WooCommerce Payments Vulnerability Leads to Site Takeover

A critical-severity flaw in the WooCommerce Payments WordPress plugin could allow attackers to take over site administrator accounts. The post Critical WooCommerce Payments Vulnerability Leads to Site Takeover appeared first on SecurityWeek.

24Mar 2023

UK parliament follows government by banning TikTok over cybersecurity concerns

The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and the wider parliamentary network,” a move that TikTok has described as “misguided” and “based on fundamental […]

24Mar 2023

Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions

Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for mitigating security issues. The post Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions appeared first on SecurityWeek.

24Mar 2023

CISA Gets Proactive With New Pre-Ransomware Alerts

CISA has sent notifications to more than 60 organizations as part of a new initiative to alert entities of early-stage ransomware attacks. The post CISA Gets Proactive With New Pre-Ransomware Alerts appeared first on SecurityWeek.

24Mar 2023

TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content

A nearly six-hour grilling of TikTok’s CEO by lawmakers brought the platform’s 150 million U.S. users no closer to an answer as to whether the app will be wiped from their devices. The post TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content appeared first on SecurityWeek.

24Mar 2023

What is data governance? Best practices for managing data assets

Data governance definition Data governance is a system for defining who within an organization has authority and control over data assets and how those data assets may be used. It encompasses the people, processes, and technologies required to manage and protect data assets. The Data Governance Institute defines it as “a system of decision rights […]

24Mar 2023

Industry clouds prove their business value

Companies across nearly every vertical are finding a transformational lifeline in industry clouds. Swiss biopharmaceutical Idorsia is one such company, having embraced a partnership with industry cloud provider Veeva to survive. In June 2017, Idorsia had a lot on its plate, namely a new company to stand up, with 650 scientists and employees, a robust […]

23Mar 2023

Russian hacktivists deploy new AresLoader malware via decoy installers

Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software. Security researchers from threat intelligence firm Intel 471 first spotted AresLoader […]

23Mar 2023

Don’t buy into the hype of network observability to realize digital transformation success

Figure 1: Source: IDC’s Future Enterprise Resiliency and Spending Survey, Wave 2, March 2022 Broadcom For today’s teams, it is exceedingly complex and costly to support multiple generations of infrastructure and applications. What’s worse, according to an IDC report on network observability, this is the number one challenge to achieving digital transformation success. The right […]

23Mar 2023

Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud

Staying in control and securing your data has never been more important! As data privacy regulations continue to evolve, businesses have had to adapt how and where they store data. The EU’s General Data Protection Regulation (GDPR) has been the most newsworthy, requiring all businesses that operate in or have customers in the EU to […]

23Mar 2023

Security at the core of Intel’s new vPro platform

Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise a 70% reduction in attack surface compared to four-year-old PCs. Windows 11 systems can also take […]

23Mar 2023

Accenture to lay off 19,000 to cut costs amid economic uncertainty

IT services and consultancy firm Accenture said it would lay off 19,000 staffers, or 2.5% of its workforce,  over the next 18 months to reduce costs amid uncertain macroeconomic conditions. “While we continue to hire, especially to support our strategic growth priorities, during the second quarter of fiscal 2023, we initiated actions to streamline our […]

23Mar 2023

CISA, NSA Issue Guidance for IAM Administrators

New CISA and NSA guidance includes recommended best practices for identity and access management (IAM) administrators. The post CISA, NSA Issue Guidance for IAM Administrators appeared first on SecurityWeek.

23Mar 2023

Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy

On March 15, 2023, the SEC announced a proposal for new cybersecurity requirements for covered entities. The post Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy appeared first on SecurityWeek.

23Mar 2023

Advice from procurement: How to evaluate and propose new IT investments

Gartner recently cut their expected IT budget prediction from 5.1% to just 2.2% in 2023. This is three times lower than the projected 6.5% global inflation rate. As the world continues to experience economic uncertainty, IT leaders look to tighten budgets, consolidate tools and resources, and generally become more risk-averse when evaluating new investments. So […]

23Mar 2023

Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform 

Intel shares information on the security improvements brought by its new vPro platform powered by 13th Gen Core processors. The post Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform  appeared first on SecurityWeek.

23Mar 2023

Why AI is key to hiring and retaining developers

By Bryan Kirschner, Vice President, Strategy at DataStax It’s high time to treat HR as every bit as important to your company’s artificial intelligence strategy as IT. Alongside all the evidence that getting your developers working on AI is good for your business, there’s mounting proof that even providing the opportunity to work on—and work […]

23Mar 2023

New vulnerabilities found in industrial control systems of major vendors

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors. The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight. To read this article […]

23Mar 2023

Critical flaw in AI testing framework MLflow can lead to server and data compromise

MLflow, an open-source framework that’s used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn’t implement authentication by […]

23Mar 2023

Cisco Patches High-Severity Vulnerabilities in IOS Software

Cisco’s semiannual security updates for IOS and IOS XE software resolve high-severity DoS, command injection, and privilege escalation vulnerabilities. The post Cisco Patches High-Severity Vulnerabilities in IOS Software appeared first on SecurityWeek.

23Mar 2023

‘Nexus’ Android Trojan Targets 450 Financial Applications

Promoted as a MaaS, the Nexus Android trojan targets 450 financial applications for account takeover. The post ‘Nexus’ Android Trojan Targets 450 Financial Applications appeared first on SecurityWeek.

23Mar 2023

Tackling the Challenge of Actionable Intelligence Through Context

Making threat intelligence actionable requires more than automation; it also requires contextualization and prioritization. The post Tackling the Challenge of Actionable Intelligence Through Context appeared first on SecurityWeek.

23Mar 2023

4 hard truths of multivendor outsourcing

How many IT services vendors do you rely on? Splitting responsibility for the IT organization into multiple outsourcing vendors, overseen (or overlooked in some unfortunate cases) by a small IT management team, has become a popular practice. Hardly “best practice” — a meaningless but popular justification for doing things a certain way — but popular […]

23Mar 2023

12 job-hunting mistakes no IT leader should make

You might think that senior-level IT leaders have a lock on the art of landing jobs. After all, that’s partly how they reached such lofty heights, right? But you’d be wrong. CIOs, vice presidents, directors — all make similar mistakes when they are on a job prowl, executive recruiters say. The two most common, and […]

23Mar 2023

How training and recognition can reduce cybersecurity stress and burnout

Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility and are subject to long hours of work and high pressure in an unpredictable and constantly […]

23Mar 2023

Dole Says Employee Information Compromised in Ransomware Attack

Dole has admitted in an SEC filing that its investigation into the recent ransomware attack found that the hackers had accessed employee information. The post Dole Says Employee Information Compromised in Ransomware Attack appeared first on SecurityWeek.

23Mar 2023

Closing the gender gap: What needs to be done

Companies around the world are being urged to close the digital gender gap, especially after International Women’s Day. Although progress has been made, the gap remains in many countries, prompting questions about whether those in the industry are doing enough to address it. The development of new technologies has created demand for specialized workers with […]

23Mar 2023

SMRT Corporation’s Huang Shao Fei on AI and other technologies

Huang Shao Fei – Group Chief Information Security Officer of SMRT Corporation – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about artificial intelligence, other technologies, and more. To read this article in full, please click here

22Mar 2023

How can CIOs protect Personal Identifiable Information (PII) for a new class of data consumers?

Industries increasingly rely on data and AI to enhance processes and decision-making. However, they face a significant challenge in ensuring privacy due to sensitive Personally Identifiable Information (PII) in most enterprise datasets. Safeguarding PII is not a new problem. Conventional IT and data teams query data containing PII, but only a select few require access. […]

22Mar 2023

55 zero-day flaws exploited last year show the importance of security risk management

Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available — the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don’t have a patch […]

22Mar 2023

Splunk adds new security and observability features

New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.

22Mar 2023

ServiceNow continues workflow platform expansion with Utah release

With its Utah release, ServiceNow is expanding the reach of its Now Platform for workflow automation into new areas, and enhancing its performance in others. Since ServiceNow introduced role-based workspaces as part of its new user interface, Next Experience, in March 2022, coverage has grown with each passing release. Utah’s additions include dedicated workspaces for […]

22Mar 2023

‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks

Black Lantern Security introduces Badsecrets, an open source tool for identifying known or weak cryptographic secrets across multiple platforms. The post ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks appeared first on SecurityWeek.

22Mar 2023

Backslash Snags $8M Seed Financing for AppSec Tech

Backslash Security banks seed-stage capital to build new technology to identify and mitigate “toxic code flows” in cloud-native applications. The post Backslash Snags $8M Seed Financing for AppSec Tech appeared first on SecurityWeek.

22Mar 2023

Backslash AppSec solution targets toxic code flows, threat model automation

Backslash Security has announced its launch with a new cloud-native application security (AppSec) solution designed to identify toxic code flows and automate threat models. The solution is built to address time-consuming and manual methods for discovering and mapping applications code risks, along with filling the cloud-native context gaps left by traditional static application security testing […]

22Mar 2023

Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks

The average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited. That’s according to Continuity’s State of Storage and Backup Security Report 2023, which revealed a significant gap in the state of enterprise storage and backup security compared to other […]

22Mar 2023

Landmark UK-Israeli agreement to boost mutual cybersecurity development, tackle shared threats

The UK and Israeli governments have signed a landmark agreement to define bilateral relations between the two countries and boost mutual cybersecurity advancement until 2030. The 2030 Roadmap for Israel-UK Bilateral Relations is the culmination of efforts that began with the signing of a Memorandum of Understanding in November 2021 to work more closely over […]

22Mar 2023

Chrome 111 Update Patches High-Severity Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers. The post Chrome 111 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.

22Mar 2023

High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian

Cisco Talos researchers found two high-severity vulnerabilities in WellinTech’s KingHistorian industrial data historian software. The post High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian appeared first on SecurityWeek.

22Mar 2023

Malware Trends: What’s Old is Still New

Many of the most successful cybercriminals are shrewd; they want good ROI, but they don’t want to have to reinvent the wheel to get it. The post Malware Trends: What’s Old is Still New appeared first on SecurityWeek.

22Mar 2023

CISA Expands Cybersecurity Committee, Updates Baseline Security Goals

CISA announces adding more experts to its Cybersecurity Advisory Committee and updating the Cybersecurity Performance Goals. The post CISA Expands Cybersecurity Committee, Updates Baseline Security Goals appeared first on SecurityWeek.

22Mar 2023

BreachForums Shut Down Over Law Enforcement Takeover Concerns

The popular cybercrime forum BreachForums is being shut down following the arrest of Conor Brian Fitzpatrick, who is accused of running the website. The post BreachForums Shut Down Over Law Enforcement Takeover Concerns appeared first on SecurityWeek.

22Mar 2023

Sharing sensitive business data with ChatGPT could be risky

The furor surrounding ChatGPT remains at a fever pitch as the ins and outs of the AI chatbot’s potential continue to make headlines. One issue that has caught the attention of many in the security field is whether the technology’s ingestion of sensitive business data puts organizations at risk. There is some fear that if […]

22Mar 2023

Spain Needs More Transparency Over Pegasus: EU Lawmakers

Spain needs more transparency over the Pegasus spyware hacking scandal, a European Parliament committee said. The post Spain Needs More Transparency Over Pegasus: EU Lawmakers appeared first on SecurityWeek.

22Mar 2023

Burnout in Cybersecurity – Can it be Prevented?

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress. The post Burnout in Cybersecurity – Can it be Prevented? appeared first on SecurityWeek.

22Mar 2023

Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA

Ransomware and data related attacks are the top cybersecurity threats to the transport sector in the EU, ENISA says. The post Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA appeared first on SecurityWeek.

22Mar 2023

CIO Karriem Shakoor on harnessing the power of data democratization

At UL Solutions, CIO Karriem Shakoor has identified clear cultural and architectural requirements for achieving data democratization so that IT can get out of the reports business and into driving revenue. Recently, I had the chance to speak at length with Shakoor about data strategy at the global safety science company, which has over 15,000 […]

22Mar 2023

10 things CIOs wish they knew from the start

“Life can only be understood backwards but it must be lived forwards,” wrote Danish philosopher Søren Kierkegaard. That’s true, but what if by some stroke of magic we could go back in time and give a pep talk to our younger selves. What would we say? To provide some indirect counsel for first-time CIOs, we asked […]

22Mar 2023

How culture and strategic partnerships help fuel transformation

Multinational insurance and finance corporation AIA New Zealand’s dream is to help make the country one of the healthiest and best protected nations in the world. That’s no small undertaking, and as CTO for the company, it’s Marc Hale’s core responsibility to help achieve that goal by providing a secure and stable platform on which […]

22Mar 2023

Virtual Event Today: Supply Chain & Third-Party Risk Summit

Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for mitigating security issues. The post Virtual Event Today: Supply Chain & Third-Party Risk Summit appeared first on SecurityWeek.

22Mar 2023

As critical Microsoft vulnerabilities drop, attackers may adopt new techniques

While the total number of recorded Microsoft vulnerabilities was higher in 2022 than ever before, the number of critical vulnerabilities declined to its lowest point, according to the latest Microsoft Vulnerability Report by BeyondTrust, released Tuesday. In 2022, only 6.9% of Microsoft’s vulnerabilities were rated as critical — less than half the number of critical […]

22Mar 2023

Ping Identity debuts decentralized access management system in early access

Ping Identity, a Colorado-based IAM software vendor, is making a new product, PingOne Neo, available in a limited early access program. PingOne Neo is designed as a decentralized platform, as opposed to the heavily federated systems commonly in use. It allows for data decentralization, storing credentials and keys on the user’s mobile device, and lets […]

22Mar 2023

Accenture acquires Flutura to boost industrial AI services

Accenture on Tuesday said that it was acquiring Flutura, an internet of things (IoT) and data science services firm, for an undisclosed sum to boost the industrial AI services that it sells under the umbrella of Applied Intelligence. The acquisition assumes significance as the Asia-Pacific region constitutes 70% of Accenture’s Applied Intelligence market, according to […]

22Mar 2023

Google Suspends Chinese Shopping App Amid Security Concerns

Google has suspended the Chinese shopping app Pinduoduo on its app store after malware was discovered in versions of the app from other sources. The post Google Suspends Chinese Shopping App Amid Security Concerns appeared first on SecurityWeek.

21Mar 2023

Nvidia accelerates enterprise adoption of generative AI

As the generative AI bandwagon gathers pace, Nvidia is promising tools to accelerate it still further. On March 21, CEO Jensen Huang (pictured) told attendees at the company’s online-only developer conference, GTC 2023, about a string of new services Nvidia hopes enterprises will use to train and run their own generative AI models. When they […]

21Mar 2023

BrandPost: Stop the Sprawl: How Vendor Consolidation Can Reduce Security Risks in the Cloud

Managing multiple security vendors is proving to be a significant challenge for organizations, leading to difficulties in integration, visibility, and control. Recent surveys and reports have identified numerous problems associated with managing an assortment of security products from different vendors, and that managing multiple vendors was cited as the top challenge in achieving an effective […]

21Mar 2023

Verosint Launches Account Fraud Detection and Prevention Platform

443ID is refocusing its solution to tackle account fraud detection and prevention, and has changed its name to Verosint. The post Verosint Launches Account Fraud Detection and Prevention Platform appeared first on SecurityWeek.

21Mar 2023

Developed countries lag emerging markets in cybersecurity readiness

Organizations in developed countries are not as prepared for cybersecurity incidents compared to those in developing countries, according to Cisco’s Cybersecurity Readiness Index, released today. Countries that were found to be most mature in their overall cybersecurity readiness included Asia-Pacific countries such as Indonesia, with 39% of organizations in what Cisco considers a “mature stage” […]

21Mar 2023

What’s next for network operations

By Serge Lucio, Vice President and General Manager, Agile Operations Division This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT.  Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. Enterprise networks are undergoing a profound transformation. These changes are being […]

21Mar 2023

4 Factors That Influence Modern App Success in a Multi-Cloud Environment

How are modern CIOs making an impact with multi-cloud? A recently released VMware report, “CIO Essential Guidance: Modernizing Applications in a Multi-Cloud World,” outlines these four key factors that influence success: Drive Developer Velocity The best applications are created by the most talented developers, so it’s crucial to attract and retain the best talent. Taking […]

21Mar 2023

Why CISOs Are Looking to Lateral Security to Mitigate Ransomware

Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools. What is lateral security?  It leverages both access control and advanced […]

21Mar 2023

The Era of Multi-Cloud Services Has Arrived

Multi-cloud environments offer significant business benefits from increasing agility to improving efficiency. The challenge, however, is that each cloud sits in an isolated silo with its own development and operating model, taxonomy, services, APIs and management tools. This lack of consistency across clouds forces companies to manage their multi-cloud environments through a patchwork of off-the-shelf, […]

21Mar 2023

Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager

The Play ransomware gang has published data stolen from Dutch maritime services company Royal Dirkzwager. The post Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager appeared first on SecurityWeek.

21Mar 2023

Zoom Paid Out $3.9 Million in Bug Bounties in 2022

Zoom says it paid out $3.9 million in bug bounty rewards in 2022, with a total of over $7 million awarded to researchers since 2019. The post Zoom Paid Out $3.9 Million in Bug Bounties in 2022 appeared first on SecurityWeek.

21Mar 2023

Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant

Mandiant has conducted an analysis of the zero-day vulnerabilities disclosed in 2022 and over a dozen were linked to cyberespionage groups. The post Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant appeared first on SecurityWeek.

21Mar 2023

Oleria Scores $8M Seed Funding for ID Authentication Technology

Seattle startup founded by former Salesforce CISO Jim Alkove banks $8 million to build technology in the identity and authentication space. The post Oleria Scores $8M Seed Funding for ID Authentication Technology appeared first on SecurityWeek.

21Mar 2023

9 attack surface discovery and management tools

Cyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. The goal with CAASM tools is to give the adversary as little information about the security posture of the business as possible while still maintaining critical business services. If you’ve […]

21Mar 2023

Malicious NuGet Packages Used to Target .NET Developers

Software developers have been targeted in a new attack via malicious packages in the NuGet repository. The post Malicious NuGet Packages Used to Target .NET Developers appeared first on SecurityWeek.

21Mar 2023

News Analysis: UK Commits $3 Billion to Support National Quantum Strategy

SecurityWeek spoke to VC firm Quantum Exponential about the UK National Quantum Strategy and investments in quantum computing. The post News Analysis: UK Commits $3 Billion to Support National Quantum Strategy appeared first on SecurityWeek.

21Mar 2023

Arvest Bank reskills IT to support its banking core refresh

When Arvest, a regional bank operating in Arkansas, Kansas, Missouri and Oklahoma, hired Laura Merling as chief transformation and operations officer in 2021, one of the first things she changed was its digital transformation plan. The 60-year-old bank, formed from the successive mergers of 14 regional banks, was planning to launch a neobank, an online-only […]

21Mar 2023

10 cloud mistakes that can sink your business

The cloud has changed the IT and business worlds forever, and generally for the better. But when misused or abused the cloud can backfire, leading to a serious business setback or, in a worst-case situation, long-term competitive damage. Ensuing proper cloud use is essential in today’s high-stakes, fast-paced business environment. Learn from the following 10 […]

21Mar 2023

Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products

Industrial organizations using HMI and SCADA products from Aveva have been informed about potentially serious vulnerabilities. The post Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products appeared first on SecurityWeek.

21Mar 2023

Google Pixel Vulnerability Allows Recovery of Cropped Screenshots

A vulnerability in Google Pixel phones allows for the recovery of an original, unedited screenshot from the cropped version. The post Google Pixel Vulnerability Allows Recovery of Cropped Screenshots appeared first on SecurityWeek.

21Mar 2023

Ferrari Says Ransomware Attack Exposed Customer Data

Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations. The post Ferrari Says Ransomware Attack Exposed Customer Data appeared first on SecurityWeek.

21Mar 2023

ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure […]

20Mar 2023

Amazon to lay off 9,000 more workers, including some at AWS

Amazon will fire about 9,000 more workers from several business units, including AWS, in the coming weeks, according to a statement released today by company CEO Andy Jassy. The announcement comes two months after Amazon unveiled plans to lay off 18,000 employees. In his official statement, Jassy said that most of the layoffs in this […]

20Mar 2023

ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure […]

20Mar 2023

Aembit Scores $16.6M Seed Funding for Workload IAM Technology

Maryland startup Aembit gets funding to build an identity platform designed to manage, enforce, and audit access between federated workloads. The post Aembit Scores $16.6M Seed Funding for Workload IAM Technology appeared first on SecurityWeek.

20Mar 2023

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers […]

20Mar 2023

CEO directives: Top 5 initiatives for IT leaders

CIO Talvis Love has weathered a tsunami of rapid and significant changes at Baxter International over the past year — with little reprieve in sight. In late 2021, the med tech company completed the $12.4 billion acquisition of Hillrom, the largest in its history, to expand the company’s digital health and connected care offerings. While […]

20Mar 2023

Digital transformation obstacles: Stubborn challenges, what to do about them

The transformation imperatives In recent years, global enterprises have gone through tectonic shifts, responding to massive changes in their societal, competitive, and geopolitical realities. These trends have had many consequences, but they’ve all served to intensify a key imperative: rapid digital transformation. While progress has been made, many organizations still have a lot of work […]

20Mar 2023

Waterfall Security, TXOne Networks Launch New OT Security Appliances

Waterfall Security Solutions and TXOne Networks have each announced launching new OT security appliances. The post Waterfall Security, TXOne Networks Launch New OT Security Appliances appeared first on SecurityWeek.

20Mar 2023

Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars’ worth of crypto-coins. The post Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes appeared first on SecurityWeek.

20Mar 2023

BianLian ransomware group shifts focus to extortion

Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. The shift in the operating model comes as a result of Avast’s release of a decryption tool that […]

20Mar 2023

Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm

Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra’s GoAnywhere solution. The post Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm appeared first on SecurityWeek.

20Mar 2023

Topgolf Callaway tees up digital transformation for global expansion

At Topgolf Callaway Brands, digital transformation has been a key enabler of strategic growth and expansion, laying the foundation for the company’s future. Ely Callaway Jr. founded the company in 1982, buying Hickory Stick USA golf clubs after that maker started running low on funds. In 1986, the company released the Big Bertha driver using […]

20Mar 2023

7 guidelines for identifying and mitigating AI-enabled phishing campaigns

The emergence of effective natural language processing tools such as ChatGPT means it’s time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to […]

20Mar 2023

New York Man Arrested for Running BreachForums Cybercrime Website

Conor Brian Fitzpatrick of New York was arrested and charged last week for allegedly running the popular cybercrime forum BreachForums. The post New York Man Arrested for Running BreachForums Cybercrime Website appeared first on SecurityWeek.

20Mar 2023

Adobe Acrobat Sign Abused to Distribute Malware

Cybercriminals are abusing the Adobe Acrobat Sign service in a campaign distributing the RedLine information stealer malware. The post Adobe Acrobat Sign Abused to Distribute Malware appeared first on SecurityWeek.

20Mar 2023

NBA Notifying Individuals of Data Breach at Mailing Services Provider

NBA is notifying individuals that their information was stolen in a data breach at a third-party mailing services provider. The post NBA Notifying Individuals of Data Breach at Mailing Services Provider appeared first on SecurityWeek.

19Mar 2023

Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder

Huawei has replaced thousands of product components banned by the US with homegrown versions, its founder has said. The post Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder appeared first on SecurityWeek.

17Mar 2023

Signals from space: SD-WAN marks the next stage in commercialized space-based comms

Despite popular belief, most of today’s smartphones don’t connect directly with satellites orbiting our planet. The vast majority connect to nearby cell towers rooted in the earth. For the everyday consumer, space-based communications are largely limited to phone packages for use during localized emergencies when network coverage is down, or on remote camping trips via […]

17Mar 2023

Building your own web application platform is locking you in

Organizations have been transitioning away from legacy, monolithic platforms as these decades-old IT systems bog down management, flexibility, and agility with their tightly entangled components. CIOs have shifted toward building their own web application platforms with a set of best-in-class tools for more flexibility, customizations, and agile DevOps. This choice, however, isn’t right in all […]

17Mar 2023

7 ways to help your neurodiverse team deliver its best work

Technology work attracts neurodivergent people. So if you are leading a tech team, it’s likely that someone in your crew may be on the autism spectrum (ASD), be living with ADHD, or have an auditory processing disorder, learning disability, or other mental difference. Without the right accommodations, many neurodiverse professionals can struggle and, eventually, leave. […]

17Mar 2023

New ‘Trigona’ Ransomware Targets US, Europe, Australia

The recently identified Trigona ransomware has been highly active, targeting tens of organizations globally. The post New ‘Trigona’ Ransomware Targets US, Europe, Australia appeared first on SecurityWeek.

17Mar 2023

US Government Warns Organizations of LockBit 3.0 Ransomware Attacks

Three US government agencies have issued a joint warning to organizations about LockBit 3.0 ransomware attacks. The post US Government Warns Organizations of LockBit 3.0 Ransomware Attacks appeared first on SecurityWeek.

17Mar 2023

Latitude Financial Services Data Breach Impacts 300,000 Customers

Latitude Financial Services says the personal information of 300,000 customers was stolen in a cyberattack. The post Latitude Financial Services Data Breach Impacts 300,000 Customers appeared first on SecurityWeek.

17Mar 2023

Two Patch Tuesday flaws you should fix right now

Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released. One vulnerability affects all supported versions of Outlook for Windows and allows attackers to steal Net-NTLMv2 hashes and then use them in NTLM (New […]

17Mar 2023

New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries

A newly identified threat actor named YoroTrooper is targeting organizations in Europe and the CIS region for espionage and data theft. The post New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries appeared first on SecurityWeek.

17Mar 2023

A CIO’s 10-part guide to personal branding

In addition to showcasing your executive experience and accomplishments, effective and targeted personal branding can demonstrate thought leadership and expertise within specific domain areas, as well as make a statement about your core values, character, and attitude. It can also help you move roles, whether from an operational “keep the lights on” CIO position to […]

17Mar 2023

Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies

Mandiant links exploitation of the Fortinet zero-day CVE-2022-41328, exploited in government attacks, to a Chinese cyberespionage group. The post Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies appeared first on SecurityWeek.

16Mar 2023

BrandPost: 1Password integrates with Okta SSO

Single Sign-On (SSO) providers like Okta protect businesses by combining all company-approved sites and services in a single dashboard. Employees can then use a single, strongly vetted identity to log in to those sites and services using a single set of credentials. It’s better for security, and easier for employees. Now, 1Password Business customers can […]

16Mar 2023

Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs the victim’s phone number. The post Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits appeared first on SecurityWeek.

16Mar 2023

KPN CloudNL: providing customers with full say and control over their data and applications

KPN, the largest infrastructure provider in the Netherlands, offers a high-performance fixed-line and mobile network in addition to enterprise-class IT infrastructure and a wide range of cloud offerings, including Infrastructure-as-a-Service (IaaS) and Security-as-a-Service. Drawing on its extensive track record of success providing VMware Cloud Verified services and solutions, KPN is now one of a distinguished […]

16Mar 2023

Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111

Firefox 111 patches 13 CVEs, including several vulnerabilities classified as high severity. The post Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111 appeared first on SecurityWeek.

16Mar 2023

Inside Meta’s Kill Chain Thesis

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of models. The post Inside Meta’s Kill Chain Thesis appeared first on SecurityWeek.

16Mar 2023

Private 5G and edge computing: a perfect match for manufacturing

Private 5G is the next evolution of networking for mission-critical applications used in factories, logistics centers and hospitals. In fact,  any environment that needs the reliability, security and speed of a wired connection combined with the movement of people, things and data. The element of movement is often a factor in Industry 4.0 digital transformation – […]

16Mar 2023

UK bans TikTok on government devices over data security fears

Social media app TikTok has been banned on UK government electronic devices, the Cabinet Office has announced. The ban, announced by the chancellor of the Duchy of Lancaster, Oliver Dowden, comes in the wake of a security review into the risks posed to government data by social media apps on devices along with the potential […]

16Mar 2023

Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

Microsoft says Russia targeted at least 17 European nations in 2023 — mostly governments — and 74 countries since the start of the Ukraine war. The post Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up appeared first on SecurityWeek.

16Mar 2023

Webinar Today: How to Build Resilience Against Emerging Cyber Threats

Join us for this webinar as we walk through three recent use cases where a new threat caught organizations off-guard. The post Webinar Today: How to Build Resilience Against Emerging Cyber Threats appeared first on SecurityWeek.

16Mar 2023

CISA Seeks Public Opinion on Cloud Application Security Guidance

CISA this week announced it is seeking public input on draft guidance for securing cloud business applications. The post CISA Seeks Public Opinion on Cloud Application Security Guidance appeared first on SecurityWeek.

16Mar 2023

Poland Breaks up Russian Spy Ring

Polish counter-intelligence has dismantled a Russian spy ring that gathered information on military equipment deliveries to Ukraine. The post Poland Breaks up Russian Spy Ring appeared first on SecurityWeek.

16Mar 2023

Russia-Linked APT ‘Winter Vivern’ Targeting Governments in Europe, Asia

Russia-backed threat group Winter Vivern has targeted government entities in Poland, Ukraine, Italy, and India in recent campaigns The post Russia-Linked APT ‘Winter Vivern’ Targeting Governments in Europe, Asia appeared first on SecurityWeek.

16Mar 2023

Data Breach at Independent Living Systems Impacts 4 Million Individuals

Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals. The post Data Breach at Independent Living Systems Impacts 4 Million Individuals appeared first on SecurityWeek.

16Mar 2023

Make Your Picks: Cyber Madness Bracket Challenge Starts Today

SecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting events. The post Make Your Picks: Cyber Madness Bracket Challenge Starts Today appeared first on SecurityWeek.

16Mar 2023

Cybercriminals, APT Exploited Telerik Vulnerability in Attacks on US Government Agency

Cyberspies and cybercriminals exploited a Telerik vulnerability tracked as CVE-2019-18935 on a government agency’s IIS server. The post Cybercriminals, APT Exploited Telerik Vulnerability in Attacks on US Government Agency appeared first on SecurityWeek.

16Mar 2023

CTO Dwayne Allen on delivering transcendent business impact

Dwayne Allen is an ORBIE-award winning technology executive primed for times like these. Equipped with experiences across a range of industries, a healthy dose of self-awareness, and a passion for learning and people, Allen is redefining the art of the possible as a strategic and innovative CTO. In his current role as senior vice president […]

16Mar 2023

What an IT career will look like in 5 years

While crystal ball technology is notoriously fallible, tech leaders say there are a handful of changes to IT work that we’ll likely see half a decade from now. IT pros will work in environments that are more task-based than position-based, experts say, relying more on automation and AI, and using tools that are increasingly portable […]

16Mar 2023

Russian hacktivist group targets India’s health ministry

A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens. “On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website,” cybersecurity firm CloudSek said […]

16Mar 2023

Why red team exercises for AI should be on a CISO's radar

AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct red team exercises against AI models and AI-enabled applications — just as security teams do with […]

16Mar 2023

When and how to report a breach to the SEC

New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents. Under the proposal, the SEC would implement three new rules that public companies will […]

16Mar 2023

Facebook ‘Unlawfully’ Used Dutch Personal Data: Court

Social media platform Facebook unlawfully processed Dutch users’ personal details without consent for advertising purposes for almost a decade, Amsterdam-based judges ruled on Wednesday. The post Facebook ‘Unlawfully’ Used Dutch Personal Data: Court appeared first on SecurityWeek.

16Mar 2023

Sunway Group’s Eddie Hau on cybersecurity as a business enabler for diversified businesses

Eddie Hau – Chief Information Security Officer of Sunway Group – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the challenges of protecting a conglomerate, Sunway Group’s digital transformation, and more. To read this article in full, please click here

15Mar 2023

What your CFO really needs in periods of economic uncertainty

The pressure is on to navigate economic uncertainty. Gartner’s downward revision of projected worldwide IT spending in 2023 from 5.1% to 2.4% growth underscores how inflation, interest rate fluctuations, and consumer spending are reshaping forecasts, investment portfolios, and the CIO agenda. Regardless of your company’s investment posture during this period of instability, interactions with the […]

15Mar 2023

Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million

Rapid7 spends $38 million to acquire Israeli anti-ransomware startup Minerva Labs to beef up its managed detection and response portfolio. The post Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million appeared first on SecurityWeek.

15Mar 2023

How to better secure your fleet of mobile devices

While mobile devices are the symbol of business continuity, they are also the mark of easy prey for cybercriminals. In fact, 75% of companies experienced a “major” mobile-related security compromise in 2022. And that risk brings high costs with it. When remote workers are the root cause of a data breach, mitigation costs rise 20% […]

15Mar 2023

IT productivity secrets: how to streamline management and tasks

It’s time to get back to the basics of productivity. The IT pendulum is swinging back toward operational excellence as companies must now recover from a whirlwind of digital transformation investments made over the past three years. Today, CIOs need to operationalize new technologies and online business models. But with IT teams already overexerted, how […]

15Mar 2023

5 strategies for boosting endpoint management

Cloud architectures and remote workforces have effectively dissolved the network perimeter, the traditional line of defense for IT security. Lacking that decisive boundary, the work of security teams has changed. Now to guard against data breaches, ransomware, and other types of cyber threats, protecting network endpoints is more important than ever.  But protecting endpoints is a […]

15Mar 2023

Top 5 Security Trends for CIOs

The post-pandemic reality. Macroeconomic turbulence. Explosive technology innovations. Generational shifts in technological expectations. All these forces and more drive rapid, often confusing change in organizations large and small. With every such change comes opportunity–for bad actors looking to game the system. Cybersecurity cannot stand still, or the waves of innovation will overrun the shores. Adversaries […]

15Mar 2023

Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script

Microsoft blames a “Russian-based threat actor” for in-the-wild attacks hitting its flagship Microsoft Outlook and has released a detection script to help defenders. The post Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script appeared first on SecurityWeek.

15Mar 2023

Software bill of materials: a critical component of software supply chain security

Ensuring strong software security and integrity has never been more important because software drives the modern digital business. High-profile vulnerabilities discovered over the past few years, with the potential to lead to attacks against organizations using the software, have hammered home the need to be vigilant about vulnerability management. Perhaps the most dramatic recent example […]

15Mar 2023

Proactive cybersecurity: sometimes offence is the best defense

In today’s cybersecurity environment—with new types of incidents and threat vectors constantly emerging—organizations can’t afford to sit back and wait to be attacked. They need to be proactive and on the offensive when it comes to defending their networks, systems, and data. It’s important to understand that launching an offensive cybersecurity strategy does not mean […]

15Mar 2023

Think your attack surface is too large? You don’t know the half of it

Purchase a cheap card swipe cloner off the Dark Web. Distract a hotel housekeeper for a moment and clone their master key. Use your mark’s email address to access a login page. Choose to reset the password and have the code sent to the mark’s phone. Check their voicemail using the default last four digits […]

15Mar 2023

Unified commerce elevates customer experience for Hippo Stores

One of the biggest challenges confronting retailers today is ensuring convergence between customers’ traditional in-store shopping experience and their digital journey, thereby delivering a seamless customer experience (CX). For brick-and-mortar stores, legacy technologies often make migrating online difficult. Over time, as they explore online opportunities, traditional retailers often find it challenging to unravel all they […]

15Mar 2023

Huawei Democratises Digital Infrastructure for SMEs through Global Partnerships

In today’s era of economic uncertainty, enterprises must embrace digital transformation to stay relevant. By 2026, global spending on digital transformation is expected to reach US$3.4 trillion, and this trend is accelerating. For most enterprises, digital transformation encompasses the infrastructure needed to facilitate computing, storage, and networking, while digital technologies such as the cloud, Artificial […]

15Mar 2023

Oracle extends its MyLearn program to NetSuite

Oracle is extending its MyLearn program, offered via the company’s University portal, to cover its NetSuite midmarket ERP products. Like the Oracle University version of MyLearn, NetSuite’s MyLearn program — which offers courses on Oracle Cloud Infrastructure (OCI) and SaaS offerings such as Fusion applications — will offer courses on its product fundamentals and implementation. […]

15Mar 2023

4 tips to cut cloud costs: IaaS, SaaS, and UCaaS

One of the key advantages of the cloud is cost savings, and yet cloud costs are on the rise and overspending by as much as 70% is commonplace, according to Gartner. Much like gyms make their money off members who never actually use the equipment, cloud providers profit from those who underutilize their resources. That’s […]

15Mar 2023

SD-WAN & SASE call for smarter IT service management

Today’s digital era has triggered a mass modernization of corporate IT infrastructures. But in upgrading networks and security systems with technologies like SD-WAN and SASE, IT teams face a paradigm shift in managing a cacophony of new tools and service providers behind them. SD-WAN and SASE: essential for secure innovation and remote work Company leaders […]

15Mar 2023

5 best practices for managing your mobile fleet

The effective management of mobile devices is a game of high risk. While every company is dependent on their devices to generate revenue, they also increase vulnerability to ransomware attacks costing an average $4.5 million and consume 34% of IT’s time and productivity. Keeping the corporate fleet securely up and running is top of mind […]

15Mar 2023

Your next hero move: using AI to automate IT expense optimization

Every business leader wants to be the next hero, praised for sharpening the corporate competitive edge. Business heroes are the ones who solve big problems by leveraging emerging technology to awaken new powers accelerating strategic outcomes. So, why not use artificial intelligence (AI) to step into your higher potential, automating a system that drives more […]

15Mar 2023

Dell beefs up security portfolio with new threat detection and recovery tools

Dell Technologies has added a slew of in-house as well as partnered capabilities to its security portfolio in a bid to beef up its capabilities in areas including threat security, management, and incident response. “Through ongoing innovation and a powerful ecosystem of partners, we’re committed to helping organizations protect against threats, withstand and recover from […]

15Mar 2023

US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing

Sagar Singh and Nicholas Ceraolo have been charged for their alleged roles in a doxing operation that involved hacking a law enforcement platform and email account. The post US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing appeared first on SecurityWeek.

15Mar 2023

NSA Shares Guidance on Maturing ICAM Capabilities for Zero Trust

NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections. The post NSA Shares Guidance on Maturing ICAM Capabilities for Zero Trust appeared first on SecurityWeek.

15Mar 2023

Huawei: Transition to cloud native and democratisation of AI among changes needed for smarter, greener finance

During MWC 2023, Jason Cao, CEO of Huawei Global Digital Finance shares Huawei’s latest progress in digitalising financial services. Huawei The financial services industry (FSI) today is poised for disruption. According to IDC, changes in consumer behaviour arising from the global pandemic, consumer perceptions, technological innovation and an inclination towards During MWC 2023, Jason Cao, […]

15Mar 2023

Are Encryption and Zero Trust Breaking Key Protections?

Compliance and ZTNA are driving encryption into every aspect of an organization’s network and enterprise and, in turn, forcing us to change how we think about protecting our environments. The post Are Encryption and Zero Trust Breaking Key Protections? appeared first on SecurityWeek.

15Mar 2023

Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs

The Chinese hacker group Tick has targeted an East Asian data loss prevention firm whose customers include military and other government organizations. The post Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs appeared first on SecurityWeek.

15Mar 2023

Beyond Identity launches Zero Trust Authentication to align verification with zero-trust principles

Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with […]

15Mar 2023

Palo Alto announces new SD-WAN features for IoT security, compliance support

Cybersecurity vendor Palo Alto has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the prevention of unknown and evasive man-in-the-middle (MitM) and SaaS platform phishing attacks. SD-WAN for IoT […]

15Mar 2023

Cybercriminals target SVB customers with BEC and cryptocurrency scams

Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware. SVB was shut down on March 10 by the California Department of Financial Protection and Innovation, after the bank failed to raise capital to keep running. […]

15Mar 2023

Dero, Monero Cryptojackers Fighting for Same Kubernetes Clusters

Dero cryptojacking operation infecting Kubernetes infrastructure is being targeted by Monero criptojackers for control over the same clusters. The post Dero, Monero Cryptojackers Fighting for Same Kubernetes Clusters appeared first on SecurityWeek.

15Mar 2023

Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks

Russia-linked APT29 was seen abusing the legitimate information exchange systems used by European countries in attacks aimed at governments. The post Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks appeared first on SecurityWeek.

15Mar 2023

The Rise of the BISO in Contemporary Cybersecurity

While the BISO might appear to be a new role, it is not – and understanding its past provides insights into its present. The post The Rise of the BISO in Contemporary Cybersecurity appeared first on SecurityWeek.

15Mar 2023

Don’t do IT yourself: The trick to ensuring business alignment

Picture this: A newly hired CIO of a large Fortune 500 company meets with all the C-level executives of the firm in the CEO’s office. During the meet and greet, after saying how he looks forward to setting up one-on-ones with all of them to discuss their thoughts on the IT department, he notices a […]

15Mar 2023

6 signs it’s time to restructure your IT organization

Nothing lasts forever in IT, and that includes your organizational structure. Deciding on whether to scrap or keep existing infrastructure of any stripe isn’t easy. A complete rebuild can be disruptive, time-consuming, and risky. And if the initiative misses its goal, or runs over budget, the CIO’s job may be at stake. Yet, as any […]

15Mar 2023

Trustwave teams up with Trellix for better managed security

Managed cybersecurity vendor Trustwave said Tuesday that it will be partnering with extended detection and response  company Trellix for a combined XDR/MDR offering. MDR, as offered by Trustwave, essentially works as a remote, third-party security operations center. The idea is, given the growing complexity of modern security threat landscapes, to let end user companies simply […]

15Mar 2023

Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit

Cybersecurity firm Rubrik has confirmed being hit by the GoAnywhere zero-day exploit after the Cl0p ransomware group named the company on its leak website. The post Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit appeared first on SecurityWeek.

15Mar 2023

Hawaii Health Department Says Death Records Compromised in Recent Data Breach

The Hawaii DOH says roughly 3,400 death records were accessed via the compromised account of a former employee. The post Hawaii Health Department Says Death Records Compromised in Recent Data Breach appeared first on SecurityWeek.

15Mar 2023

SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day

SAP has released 19 new notes on March 2023 Security Patch Day, including five notes rated hot news. The post SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day appeared first on SecurityWeek.

15Mar 2023

How tech companies could benefit from investing in Saudi Arabia

LEAP, one of the biggest tech events in the Middle East took place recently in Riyadh for the second year with more than 172,000 people in attendance. During the opening, Abdullah Alswaha, the Minister of Communication and Information Technology of Saudi Arabia has announced that the Arab kingdom has received US$9 billion in investments to […]

15Mar 2023

DNS data shows one in 10 organizations have malware traffic on their networks

During every quarter last year, between 10% and 16% of organizations had DNS traffic originating on their networks towards command-and-control (C2) servers associated with known botnets and various other malware threats, according to a report from cloud and content delivery network provider Akamai. More than a quarter of that traffic went to servers belonging to […]

14Mar 2023

How an immigrant back story builds up tech leaders

Covid-19 briefly immobilized the world, but as order steadily resumes, so do opportunities for those looking to advance their tech careers. For a specific section of that talent, immigrants have always been a key to the industry, and a source of inspiration for many. Yet career paths sometimes depend on networks and connections, and uprooting […]

14Mar 2023

Mitigating cloud sprawl: Controlling XaaS resources, costs, and security

In the age of digital innovation and work-from-anywhere, every company has a lengthening list of cloud services and applications compounding complexity for their IT team. Consider today’s trends that make cloud resources more prolific — sometimes without any regard for cost or risk to the company: The advantages of cloud scalability and management off-loading have […]

14Mar 2023

Is your BYOD mobile strategy costing more than you think?

As mobile work experiences redefine how business gets done, managing an increasing number of devices across a modern workforce has become a growing challenge. Imagine the retail associate using a tablet to check inventory and pricing for customers, the UPS driver recording deliveries and updating the system, and the construction foreman referring to a device […]

14Mar 2023

5 steps to buckle up your IT belt for a bumpy ride

When it comes to predicting the economic future, there are a lot of mixed signals right now, but one thing remains clear: Recession or no recession, cost-cutting initiatives are always a smart idea, particularly given today’s inflation rates. Economic concerns are increasing the pressures on IT to do more with less. Consider that 92% of […]

14Mar 2023

Microsoft Patches 80 Security Vulns, Warns of Outlook Zero-Day Exploitation

Patch Tuesday: Redmond calls special attention to a pair of Windows security flaws marked as ‘actively exploited’ in the wild. The post Microsoft Patches 80 Security Vulns, Warns of Outlook Zero-Day Exploitation appeared first on SecurityWeek.

14Mar 2023

Microsoft SmartScreen Zero-Day Exploited to Deliver Magniber Ransomware

A cybercrime group has been exploiting a Microsoft SmartScreen zero-day vulnerability tracked as CVE-2023-24880 to deliver the Magniber ransomware. The post Microsoft SmartScreen Zero-Day Exploited to Deliver Magniber Ransomware appeared first on SecurityWeek.

14Mar 2023

Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day

Adobe issues urgent warning for “very limited attacks” exploiting a zero-day vulnerability in its ColdFusion web app development platform. The post Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day appeared first on SecurityWeek.

14Mar 2023

ReversingLabs adds new context-based secret detection capabilities

ReversingLabs has added new secret detection capabilities to its software supply chain security (SSCS) tool to help developers prioritize remediation with context-based data on secrets. In a development environment, secrets refer to digital authentication credentials used in software components including login credentials, API tokens, and encryption keys. “We are using our knowledge of exposed secrets […]

14Mar 2023

Universities and colleges cope silently with ransomware attacks

Although some cybersecurity researchers say that ransomware attacks are on the downswing as cybercriminals face declining payments, a spate of recent ransomware attacks makes it feel like the scourge is continuing at the same, or even an elevated, pace. Nowhere is this more apparent than in the higher education sector, with at least eight colleges […]

14Mar 2023

Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor

The LockBit ransomware group claims to have stolen valuable SpaceX data after breaching the systems of Maximum Industries. The post Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor appeared first on SecurityWeek.

14Mar 2023

Cloud Forensics Startup Mitiga Completes $45M Series A

Israeli cloud security startup Mitiga adds Samsung Next as an investor in a completed $45 million Series A financing round. The post Cloud Forensics Startup Mitiga Completes $45M Series A appeared first on SecurityWeek.

14Mar 2023

ChatGPT and the Growing Threat of Bring Your Own AI to the SOC

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring your own AI (BYO-AI). The post ChatGPT and the Growing Threat of Bring Your Own AI to the SOC appeared first on SecurityWeek.

14Mar 2023

CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks

A new CISA pilot program to warn critical infrastructure organizations if their systems are unpatched against vulnerabilities exploited in ransomware attacks. The post CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks appeared first on SecurityWeek.

14Mar 2023

How the Best CISOs Drive Operational Resilience

Cyberattacks have exposed a myriad of vulnerabilities in our healthcare infrastructure, and will continue to do so as new and innovative medical technologies are developed. The post How the Best CISOs Drive Operational Resilience appeared first on SecurityWeek.

14Mar 2023

Can a quantum algorithm crack RSA cryptography? Not yet

Every CISO has encryption implementation decisions to make at a variety of levels and instances as they sort the support needed for business operations such as production, sales, support, data retention, and communication. These decisions tend to lean heavily on the “ease of use” doctrine and ubiquitousness of the various product offerings being considered. Therefore […]

14Mar 2023

Amazon-owned Ring reportedly suffers ransomware attack

Ring, a home security and smart home company owned by Amazon, has reportedly suffered a ransomware attack by Russia-linked ALPHV group, according to a tweet by VX-Underground. The ALPHV ransomware group, also known as BlackCat, has posted the company’s logo on its website along with a message that reads, “There’s always an option to let us leak your […]

14Mar 2023

Ring Denies Falling Victim to Ransomware Attack

Ring says it has no indications it has fallen victim to a ransomware attack after cybergang threatens to publish supposedly stolen data. The post Ring Denies Falling Victim to Ransomware Attack appeared first on SecurityWeek.

14Mar 2023

ICS Patch Tuesday: Siemens, Schneider Electric Address Over 100 Vulnerabilities

Siemens and Schneider Electric have addressed more than 100 vulnerabilities with their March 2023 Patch Tuesday security advisories. The post ICS Patch Tuesday: Siemens, Schneider Electric Address Over 100 Vulnerabilities appeared first on SecurityWeek.

14Mar 2023

Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach

Fortinet says recently patched FortiOS vulnerability was exploited in sophisticated attacks targeting government entities. The post Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach appeared first on SecurityWeek.

14Mar 2023

AI and automation will play an increasing role in technology

By Ram Velaga, Senior Vice President and General Manager, Core Switching Group This article is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT.  Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. It is clear that artificial intelligence, machine learning, and […]

14Mar 2023

US Military undergoes shift in CIO ranks

The US Military is undergoing major changes in its CIO ranks as it finalizes its joint warfighting cloud platform. On Feb. 10, US Army CIO Dr. Raj Iyer concluded his two-year contract and was awarded the Distinguished Civilian Service Medal, the highest honor that can be granted to a civilian employee, for his efforts to […]

14Mar 2023

SAP 2023 outlook: 7 predictions for customers

With the threat of a recession looming, cost pressures increasing, and the deadline to move off SAP ECC swiftly approaching, SAP customers have a lot to consider as they plan for the year ahead. Here are some of the trends we expect to play out as the year goes on, specifically for SAP customers. 1. […]

14Mar 2023

Decoding the Qualtrics deal: Was the firm a good fit for SAP?

SAP’s acquisition of a majority stake at customer experience (CX) software firm Qualtrics back in 2018 for $8 billion was never a match made in heaven. Both companies remained incongruous to each other’s progress before Qualtrics was sold to Silver Lake and CPP Investments earlier this week, according to experts and analysts. “Even though Qualtrics […]

14Mar 2023

CIOs take aim at Silicon Valley talent

Signs of a tech talent shift are under way, with IT pros increasingly turning away from Silicon Valley and tech stalwarts in favor of new roles outside the technology industry. For Andreea Bodnari and Chris Jones, both of whom left Silicon Valley tech companies to work at healthcare organization Optum, the lure was not concern […]

13Mar 2023

Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia

The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ. The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, 2023, ElectricIQ […]

13Mar 2023

Healthcare providers focus on quality for the next phase of digital transformation

As healthcare providers emerge from the operational disruptions caused by the global pandemic, IT and business leaders are renewing their focus on “quality”– specifically, have digital investments provided quality and value for IT systems; is technology improving quality for caregivers inside facilities; and have digital transformation efforts enhanced the patient experience and the quality of care […]

13Mar 2023

A feat of skill: Moving SAP workloads to the cloud

Moving SAP workloads to the cloud promises to be transformational, but it’s not for the faint of heart. Goals for an ERP modernization initiative often range from lowering costs through infrastructure savings to adding cloud-based capabilities to ERP tasks with minimal disruption to day-to-day business. Achieving these objectives takes perceptive analysis, meticulous planning, and skillful […]

13Mar 2023

How to overcome the data silo challenge

Organizations that are investing in analytics, artificial intelligence (AI), and other data-driven initiatives have exposed a growing challenge: a lack of integration across data sources that is limiting their ability to extract true value from these investments. It’s imperative for IT and business leaders to eliminate these data silos – some of which are operational, […]

13Mar 2023

Dark Pink APT group linked to new KamiKakiBot attacks in Southeast Asia

The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ. The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, 2023, ElectricIQ […]

13Mar 2023

Delta takes off with modernized blend of mainframes and cloud

When it comes to IT, Delta Air Lines is climbing higher into the clouds even as it keeps its footing on solid ground. The Atlanta-based airlines, which is partnering with Amazon Web Services on the cloud front and Kyndryl for its mainframe systems, is very content with its choice for a hybrid infrastructure, says Matt […]

13Mar 2023

How the cloud helps banking and finance companies tackle core modernization challenges

Two decades of technology-driven transformation has left many financial services firms with significant complexity and technical debt. While banking and finance organizations have aggressively moved workloads and apps to the cloud to meet changing customer needs, some remain hesitant to tackle modernization of core infrastructure and systems, fearing a disruption to the business. In a […]

13Mar 2023

A critical next phase of cloud transformation: Reducing WAN complexity

Over the past two decades, cloud computing has evolved from a method that utilized extra data center capacity to the mission-critical infrastructure across enterprises that we see today. But along the way, the transformation and dramatic growth of the cloud have created increasingly complex, multi-account, and multi-region environments that can hinder, rather than accelerate, a company’s […]

13Mar 2023

Assessing the impact of layoffs on Africa’s IT talent

While much of the news around tech layoffs has focused on US giants like Amazon, Microsoft, Google, Oracle, Meta and Twitter, dismissals are also happening closer to home. Since December, Chipper Cash, an African cross-border payments business and one of Africa’s few tech unicorns, has laid off about 150 staff, with the brand’s engineering team taking […]

13Mar 2023

New ‘GoBruteforcer’ Botnet Targets Web Servers

The recently identified Golang-based GoBruteforcer botnet is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. The post New ‘GoBruteforcer’ Botnet Targets Web Servers appeared first on SecurityWeek.

13Mar 2023

Euler Loses Nearly $200 Million to Flash Loan Attack

London, UK based De-Fi platform company Euler has lost a reported $196 million to a flash loan attack. The post Euler Loses Nearly $200 Million to Flash Loan Attack appeared first on SecurityWeek.

13Mar 2023

CISA Warns of Plex Vulnerability Linked to LastPass Hack

CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Plex Vulnerability Linked to LastPass Hack appeared first on SecurityWeek.

13Mar 2023

Cybercrime Losses Exceeded $10 Billion in 2022: FBI

The FBI received more than 800,000 cybercrime-related complaints in 2022, with losses totaling over $10 billion. The post Cybercrime Losses Exceeded $10 Billion in 2022: FBI appeared first on SecurityWeek.

13Mar 2023

Blackbaud penalized $3M for not disclosing the full scope of ransomware attack

Software firm Blackbaud has agreed to pay a $3 million penalty for failing to disclose the full scope of the ransomware attack it suffered in 2020, according to the US Securities and Exchange Commission (SEC). South Carolina headquartered Blackbaud provides donor relationship management software to various non-profit organizations, including charities, higher education institutions, K-12 schools, […]

13Mar 2023

NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry 

NMFTA appoints Antwan Banks as director of enterprise security as the organization shifts focus to end-to-end security for the trucking industry. The post NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry  appeared first on SecurityWeek.

13Mar 2023

Zoll Medical Data Breach Impacts 1 Million Individuals

Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year. The post Zoll Medical Data Breach Impacts 1 Million Individuals appeared first on SecurityWeek.

13Mar 2023

SAP-owned Qualtrics to be sold to Silver Lake, CPP Investments for $12.5 billion

Customer Experience management company Qualtrics on Monday said private equity firm Silver Lake and Canada Pension Plan Investment Board (CPP Investments) have agreed to buy the entire company for $12.5 billion in an all-cash transaction.   CPP Investments, according to a joint statement, will pay $1.75 billion in equity and another $1 billion in debt […]

13Mar 2023

6 reasons why your anti-phishing strategy isn’t working

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on. “Bad actors are highly motivated and funded with the sole […]

13Mar 2023

Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms

Reports published by various industrial cybersecurity companies provide different numbers on ICS vulnerabilities — here’s why. The post Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms appeared first on SecurityWeek.

13Mar 2023

Women in tech statistics: The hard truths of an uphill battle

Diversity is critical to IT performance. Diverse teams perform better, hire better talent, have more engaged members, and retain workers better than those that do not focus on diversity and inclusion, according to a 2020 report from McKinsey. Despite this, women remain widely underrepresented in IT roles.  And the numbers back up this assertion, often […]

10Mar 2023

BrandPost: Cybersecurity Automation: Leveling the Playing Field

Many things challenge how we practice cybersecurity these days. Digital transformation has brought significant adoption of new technology and business models, including cloud solutions, e-commerce platforms, smart devices, and a significantly more distributed workforce. These, in turn, have brought with them an increase in new threats, risks, and cybercrime. As organizations emerge post-pandemic, many of […]

10Mar 2023

Cybersecurity Automation: Leveling the Playing Field

By Leonard Kleinman, Field Chief Technology Officer (CTO) ) Cortex for Palo Alto Networks JAPAC Many things challenge how we practice cybersecurity these days. Digital transformation has brought significant adoption of new technology and business models, including cloud solutions, e-commerce platforms, smart devices, and a significantly more distributed workforce. These, in turn, have brought with […]

10Mar 2023

New variant of the IceFire ransomware targets Linux enterprise systems

A novel Linux version of the IceFire ransomware that exploits a vulnerability in IBM’s Aspera Faspex file-sharing software has been identified by SentinelLabs, a research division of cybersecurity company  Sentinel One. The exploit is for CVE-2022-47986, a recently patched Aspera Faspex vulnerability. Known up to now to target only Windows systems, the IceFire malware detected by […]

10Mar 2023

Silicon Valley Bank Seized by FDIC as Depositors Pull Cash

The FDIC seized the assets of Silicon Valley Bank on Friday, which could impact cybersecurity firms that use the bank’s services. The post Silicon Valley Bank Seized by FDIC as Depositors Pull Cash appeared first on SecurityWeek.

10Mar 2023

Cyber Madness Bracket Challenge – Register to Play

SecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting events. The post Cyber Madness Bracket Challenge – Register to Play appeared first on SecurityWeek.

10Mar 2023

Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying

Researchers discover a dozen serious vulnerabilities in Akuvox smart intercom, but the vendor has not released any patches. The post Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying appeared first on SecurityWeek.

10Mar 2023

Blackbaud Fined $3M For ‘Misleading Disclosures’ About 2020 Ransomware Attack

Blackbaud has been slapped with a $3 million civil penalty by the SEC for “making misleading disclosures” about a 2020 ransomware attack that impacted more than 13,000 customers. The post Blackbaud Fined $3M For ‘Misleading Disclosures’ About 2020 Ransomware Attack appeared first on SecurityWeek.

10Mar 2023

Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website

Authorities seized a domain distributing the NetWire RAT and arrested a Croatian individual who administered the website. The post Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website appeared first on SecurityWeek.

10Mar 2023

AT&T informs 9M customers about data breach

AT&T is informing customers about a data breach at a vendor’s system that allowed threat actors to gain access to AT&T’s Customer Proprietary Network Information (CPNI). The incident came to light after customers posted the email communication from AT&T on community forums to know if it was legitimate or email fraud. “We recently determined that […]

10Mar 2023

Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor. The post Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor appeared first on SecurityWeek.

10Mar 2023

Cerebral Informing 3.1 Million Individuals of Inadvertent Data Exposure

Cerebral is informing 3.1 million individuals that their PHI was inadvertently exposed via third-party tracking technologies. The post Cerebral Informing 3.1 Million Individuals of Inadvertent Data Exposure appeared first on SecurityWeek.

10Mar 2023

Serious Vulnerability Patched in Veeam Data Backup Solution

A serious vulnerability in Veeam Backup & Replication may allow attackers to obtain encrypted credentials from the configuration database. The post Serious Vulnerability Patched in Veeam Data Backup Solution appeared first on SecurityWeek.

10Mar 2023

Attacks on SonicWall appliances linked to Chinese campaign: Mandiant

A persistent malware targeting unpatched SonicWall Secure Mobile Access (SMA) appliances has been linked to a Chinese campaign dating back to 2021, according to a Mandiant research done in partnership with SonicWall’s in-house research team. The responsible malware, dubbed UNC4540, has been found to be stealing user credentials, providing shell access, and persisting through firmware […]

10Mar 2023

White House Budget Plan Seeks to Boost Cybersecurity Spending

President Biden’s new $6.9 trillion budget proposal for 2024 shows that the administration wants to increase cybersecurity spending. The post White House Budget Plan Seeks to Boost Cybersecurity Spending appeared first on SecurityWeek.

10Mar 2023

Driving Customer Loyalty with Secure and Modern Apps

According to a PwC report, one in three consumers (32%) say they will walk away from a brand they love after just one bad experience. Unlike personal relationships, loyalty in the consumer world can be surprisingly transitory. This gets worse in the digital world where it takes just a few clicks and minutes to uninstall […]

10Mar 2023

8 ways to retain top developer talent

Human-centric work is a growing movement that focuses on the needs of people, reaping business rewards in the process. As recent Gartner research shows, human-centric work practices leads to better employee performance, with workers 3.8 times more likely to be considered high performing in these environments.  As some of your most valuable employees, software developers […]

10Mar 2023

Unilever leverages ChatGPT to deliver business value

The past several years have thrown numerous challenges at consumer packaged goods (CPG) companies. The pandemic has led to shifting consumer channel preferences, a supply chain crunch, and cost pressure, to name just a few. CPG titan Unilever has been answering the challenge with analytics and artificial intelligence (AI). The 93-year-old, London-based CPG company is […]

10Mar 2023

Acronis Clarifies Hack Impact Following Data Leak

Acronis said a single customer’s account was compromised after a hacker leaked gigabytes of information on a cybercrime forum. The post Acronis Clarifies Hack Impact Following Data Leak appeared first on SecurityWeek.

10Mar 2023

OCI demand for AI workloads, Cerner boost Oracle’s third quarter revenue

Oracle on Thursday reported third quarter total revenue of $12.4 billion, up 18% year-on-year, boosted by the demand for AI workloads in Oracle Cloud Infrastructure (OCI) and Cerner’s contribution to the topline. “So, we have a lot of business, a lot of new AI companies coming to Oracle because we’re the only ones who can […]

10Mar 2023

Stolen credentials increasingly empower the cybercrime underground

The cybercrime underground has long functioned as an open market where sellers of products and services are paired with buyers and contractors. One of the most valuable commodities on this market are stolen credentials since they can provide attackers with access into networks, databases, and other assets owned by organizations. It’s no surprise to see […]

09Mar 2023

New Chinese regulatory body expected to streamline data governance rules

A new data regulation body that China is reportedly set to create is expected to clarify and establish new data sovereigny rules for multinational companies and accelerate tech-based initatives such as public administration services built on anonymized citizen data. The new governent body will streamline data governance policies in the country, amid increasing confusion from […]

09Mar 2023

Congressional health insurance service hit by data breach

A health insurance marketplace that provides coverage for members of the US Congress and congressional staffers was found to be compromised on Wednesday, according to a letter apparently sent from House Chief Administrative Officer Catherine L. Szpindor to members of that chamber. Szpindor’s office would not directly confirm or deny the authenticity of the letter, […]

09Mar 2023

4 Reasons to Outsource Large IT Projects During Economic Headwinds

Large IT projects are hard to execute, particularly when in-house staff are often pulled into their day jobs and distracted by other priorities. This can be costly for organizations. In fact, McKinsey suggests that early cost and schedule overruns can cause projects to cost twice as much as anticipated. One common resolution to this challenge […]

09Mar 2023

GitHub begins 2FA rollout for code contributors

GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub first announced its intention to mandate 2FA for all code contributors in May 2022, and will begin the first group’s enrolment on Monday, March 13. […]

09Mar 2023

Custom Chinese Malware Found on SonicWall Appliance

Malware deployed by Chinese hackers on a SonicWall SMA appliance includes credential theft, shell access, and persistence functionality. The post Custom Chinese Malware Found on SonicWall Appliance appeared first on SecurityWeek.

09Mar 2023

Learn from IT Innovators at CIO’s FutureIT Dallas

Leading a technically complex initiative can feel like you’re climbing Mount Everest. Find out what it’s actually like to scale the world’s tallest peak – and how it really does relate to your digital journey – from extreme adventurer Jamie Clark. Clark will join prominent IT leaders from around the region at CIO’s FutureIT Dallas […]

09Mar 2023

Lazarus group infiltrated South Korean finance firm twice last year

Lazarus group was spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year.  The North Korea-linked group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability, according to a research by AhnLab Security Emergency Response Center (ASEC).  ASEC […]

09Mar 2023

Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks

Cisco has released patches for a high-severity DoS vulnerability in IOS XR software for several enterprise-grade routers. The post Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks appeared first on SecurityWeek.

09Mar 2023

Jenkins Server Vulnerabilities Chained for Remote Code Execution 

Two vulnerabilities recently addressed in Jenkins server can be chained to achieve arbitrary code execution. The post Jenkins Server Vulnerabilities Chained for Remote Code Execution  appeared first on SecurityWeek.

09Mar 2023

Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List

An analysis found that over 40 exploited vulnerabilities, mostly leveraged by botnets, are missing from CISA’s ‘must patch’ catalog. The post Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List appeared first on SecurityWeek.

09Mar 2023

QuSecure Unveils Quantum-Resilient Communications Satellite Link

QuSecure announced an end-to-end quantum resilient encrypted communications link that protects data delivered by satellite. The post QuSecure Unveils Quantum-Resilient Communications Satellite Link appeared first on SecurityWeek.

09Mar 2023

Fortinet Patches Critical Unauthenticated RCE Vulnerability in FortiOS

Fortinet has patched a critical buffer underflow vulnerability in FortiOS and FortiProxy that could lead to remote code execution without authentication. The post Fortinet Patches Critical Unauthenticated RCE Vulnerability in FortiOS appeared first on SecurityWeek.

09Mar 2023

Congress Members Warned of Significant Health Data Breach

House and Senate members informed that hackers may have gained access to their sensitive personal data in DC Health Link breach. The post Congress Members Warned of Significant Health Data Breach appeared first on SecurityWeek.

09Mar 2023

Cado Security Banks $20M in Series B Funding

French investment firm Eurazeo leads a $20 million bet on Cado Security, a British cloud forensics technology startup. The post Cado Security Banks $20M in Series B Funding appeared first on SecurityWeek.

09Mar 2023

ChatGPT Integrated Into Cybersecurity Products as Industry Tests Its Capabilities

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations. The post ChatGPT Integrated Into Cybersecurity Products as Industry Tests Its Capabilities appeared first on SecurityWeek.

09Mar 2023

Google Discontinuing Chrome Tool for Removing Unwanted Software

Google has announced the discontinuation of the Chrome Cleanup Tool, an application for identifying and removing unwanted software. The post Google Discontinuing Chrome Tool for Removing Unwanted Software appeared first on SecurityWeek.

09Mar 2023

Defeating the Deepfake Danger

Deepfakes are becoming increasingly popular with cybercriminals, and as these technologies become even easier to use, organizations must become even more vigilant. The post Defeating the Deepfake Danger appeared first on SecurityWeek.

09Mar 2023

Why IT communications fail to communicate

One of my client’s business analysts solicited my opinion: “Is this a good specification document?” he asked. Long ago I’d learned — the hard way — the wisdom of the adage “When someone asks for advice, they’re usually looking for an accomplice.” So I answered his question with a question of my own, asking him why […]

09Mar 2023

The CIO’s guide to smarter vendor negotiation: 10 tips

In an IT marketplace marked by turbulence, inflation, and economic uncertainty, the process of contracting with vendors for technology products and services has gotten significantly more challenging for CIOs. IT leaders may find that prices are going up without an accompanying increase in benefits, with technology providers — less dependent on any one industry or […]

09Mar 2023

Revelstoke Security Raises $20 Million for SOAR Platform

Revelstoke Security has raised $20 million in a Series B funding round co-led by ClearSky Security and SYN Ventures. The post Revelstoke Security Raises $20 Million for SOAR Platform appeared first on SecurityWeek.

09Mar 2023

Vendor consolidation a hot-button topic for CIOs as they try to manage the tensions between innovation and efficiency

CIOs have always had to find a balance between the need to deliver innovation and the need to establish operational excellence. However, this tension has become even more challenging in recent years. After several years in which businesses of all sizes and across all sectors were forced to transform rapidly in response to the pandemic, […]

09Mar 2023

A refocus on the hybrid working technology experience is now critical to employee satisfaction and retention

Flexibility and lifestyle are critical concerns for the modern employee. While the “Great Resignation” – a trend that has caused unprecedented rates of employees quitting and churn over the past few years – looks like it is finally starting to ease, the changes it drove in how business is done will persist. Companies were incentivised […]

09Mar 2023

How CIOs Can Drive Positive Disruption Through Global Macro-Economic Challenges

CIOs have a significant opportunity to drive a transformation and innovation agenda in 2023. Despite the global economic outlook pointing to ongoing market disruption, inflation, and recession in many parts of the world, organisations are going to want to continue to invest in technology, and this will benefit both employees and customers. Research in the […]

09Mar 2023

Support the development of your IT professionals. Become an ACS partner.

ACS (Australian Computer Society) is the professional association for Australia’s technology sector. With 35,000+ members, ACS is dedicated to growing the nation’s digital skills and capacity. ACS members benefit from professional training and skills certification, networking and events, liability insurance cover and access to technology and innovation hubs. In addition, ACS has developed a Professional […]

08Mar 2023

What it’s going to take for advanced AI to reshape the enterprise landscape

According to Infosys research, data and artificial intelligence (AI) could generate $467 billion in incremental profits worldwide and become the cornerstone of enterprises gaining a competitive edge. But while opportunities to use AI are very real – and ChatGPT’s democratisation is accelerating generative AI test-and-learn faster than QR code adoption during the Covid pandemic – […]

08Mar 2023

SANS, Google launch academy to promote cloud security, diversity in workforce

SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in partnership with Google, to help provide training and certifications to women, ethnic minorities, Indigenous people and other groups that are currently underrepresented in the cybersecurity sector. A 2022 report by Cybersecurity Ventures found that women make up only 25% of the cybersecurity workforce globally, […]

08Mar 2023

Don’t let NetOps “gotchas” derail your digital transformation

Over the past few years, technological and business advancements have created increasingly grand expectations. Your customers expect an “always on” experience. (Today, you can also add “always fast,” “always intuitive,” “always successful,” and so on.) Fundamentally, if customers find it too difficult to engage digitally with your business, they’ll engage elsewhere. Digital transformation: The implications […]

08Mar 2023

SAP rounds out data warehouse cloud functionality, renamed Datasphere

SAP’s Data Warehouse Cloud is evolving, gaining new features and a new name, Datasphere, as the company addresses continued diversification of the enterprise data. It’s part of SAP’s move to become a more significant player in the business data fabric space, said Irfan Khan, SAP’s chief product officer for its HANA database and analytics. Khan […]

08Mar 2023

Hard-coded secrets up 67% as secrets sprawl threatens software supply chain

The number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded secrets and accelerating secrets sprawl (storing secrets in many different places) are threatening the security […]

08Mar 2023

Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking

Threat actors really only stop when their infrastructure is disrupted and their flow of funds disappears. The post Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking appeared first on SecurityWeek.

08Mar 2023

Ceiling breakers: Women IT execs shake up the status quo

Early in her life Ricki J. Koinig saw the immense impact that technology could have on individuals and their ability to move through life. To pay for horseback riding lessons while growing up, Koinig worked in a program for children and young adults with special needs who used assistive technologies. Those early professional experiences in […]

08Mar 2023

Parlay insights from the edge across your enterprise for real business value

Companies capture more data and compute capacity at the edge. At the same time, they are laying the groundwork for a distributed enterprise that can capitalize on a multiplier effect to maximize intended business outcomes. The number of edge sites — factory floors, retail shops, hospitals, and countless other locations — is growing. This gives […]

08Mar 2023

Best practices for developing an actionable cyberresilience road map

Pandemic-era ransomware attacks have highlighted the need for robust cybersecurity safeguards. Now, leading organizations are going further, embracing a cyberresilience paradigm designed to bring agility to incident response while ensuring sustainable business operations, whatever the event or impact. Cyberresilience, as defined by the Ponemon Institute, is an enterprise’s capacity for maintaining its core business in the face of […]

08Mar 2023

Secure data-first modernization? Leverage a trusted ecosystem of partners

As companies lean into data-first modernization to deliver best-in-class experiences and drive innovation, protecting and managing data at scale become core challenges. Given the diversity of data and range of data-inspired use cases, it’s important to align with a robust partner ecosystem. This can help IT teams map the right set of services to unique […]

08Mar 2023

Bringing Your Employees Together Under a Shared Customer Experience Ownership Model

Breaking communication siloes between contact center and non-contact center employees is paramount to improving customer satisfaction, employee engagement, and operating costs.  The average contact center agent spends 15% of their working day chasing down information needed to serve customers. These hours can add up to a financial loss of $1.5 million annually for a 200-agent contact center, according […]

08Mar 2023

Tapping high-performance computing for new business value

Many people associate high-performance computing (HPC), also known as supercomputing, with far-reaching government-funded research or consortia-led efforts to map the human genome or to pursue the latest cancer cure.  But HPC can also be used to advance more traditional business outcomes — from fraud detection and intelligent operations to digital transformation. The challenge: making complex […]

08Mar 2023

Which workloads are best suited for cloud vs. on-premises or edge?

Enterprises driving toward data-first modernization need to determine the optimal multicloud strategy, starting with which applications and data are best suited to migrate to cloud and what should remain in the core and at the edge. A hybrid approach is clearly established as the optimal operating model of choice. A Flexera report found the shift to hybrid […]

08Mar 2023

Understanding the security shared responsibility model in an as-a-service world

As organizations shape the contours of a secure edge-to-cloud strategy, it’s important to align with partners that prioritize both cybersecurity and risk management, with clear boundaries of shared responsibility. The security-shared-responsibility model is essential when choosing as-a-service offerings, which make a third-party partner responsible for some element of the enterprise operational model. Outsourcing IT operations […]

08Mar 2023

‘Sys01 Stealer’ Malware Targeting Government Employees

The Sys01 Stealer has been observed targeting the Facebook accounts of critical government infrastructure employees. The post ‘Sys01 Stealer’ Malware Targeting Government Employees appeared first on SecurityWeek.

08Mar 2023

Chrome 111 Patches 40 Vulnerabilities

Google has released Chrome 111 in the stable channel with patches for 40 vulnerabilities, including eight high-severity bugs The post Chrome 111 Patches 40 Vulnerabilities appeared first on SecurityWeek.

08Mar 2023

How CISOs can do more with less in turbulent economic times

CISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington, DC, and I wondered what was going on. I went straight to the office where […]

08Mar 2023

TSA Requires Aviation Sector to Enhance Cybersecurity Resilience

TSA instructs airport and aircraft operators to improve their cybersecurity resilience and prevent infrastructure disruption and degradation. The post TSA Requires Aviation Sector to Enhance Cybersecurity Resilience appeared first on SecurityWeek.

08Mar 2023

Salesforce not ready to unleash generative AI on its customers

Salesforce was an early adopter of artificial intelligence (AI) with its Einstein recommendation tools, but it is taking a cautious approach to deploying the latest AI trend, generative AI. It’s been a month since Salesforce CEO Marc Benioff tweeted, “Get ready to be wowed by Salesforce EinsteinGPT! It generates leads, closes deals, and even makes […]

08Mar 2023

Keeping customers at the center of everything

By Hock Tan, Broadcom President and CEO During the 17 years I have led Broadcom, solving problems for customers and giving them the tools they need to succeed have been the most rewarding parts of my job. It’s important to me that whether we’re inventing the future through innovative R&D or co-creating new solutions with […]

08Mar 2023

Exploring the digital impact in Northern Ireland’s health and social care system

The pandemic accelerated the urgency for reform in health and social care around the world, which strained resources to unprecedented levels. The effects are still being felt and in Northern Ireland specifically, ongoing political instability is further complicating approaches to digital transformation. Although progress is being made that should be recognized and celebrated, Dan West, […]

08Mar 2023

Leaders That Reboot Their Game to Become a Future Enterprise

If digital transformation was about driving fundamental change within the company, then its next chapter will be far more outward-looking. This is about being digital-first: to build digital businesses that are viable and sustainable in the long term. Rather than just leveraging digital technology to seize new opportunities, such organisations are poised to create operating […]

08Mar 2023

Salesforce earmarks $250 million for AI startup investment

CRM giant Salesforce today said that it would commit $250 million to investments in startups focused on generative AI, even as the company warned of the dangers of the technology. The company emphasized the potential gains for application software possible through the use of AI in its initial announcement of investments in four AI-driven companies. […]

07Mar 2023

Enterprise IT moves forward — cautiously — with generative AI

Vince Kellen understands the well-documented limitations of ChatGPT, DALL-E and other generative AI technologies — that answers may not be truthful, generated images may lack compositional integrity, and outputs may be biased — but he’s moving ahead anyway. Kellen, CIO at the University of California San Diego (UCSD), says employees are already using ChatGPT to […]

07Mar 2023

Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit

Register for SecurityWeek’s Ransomware Resilience & Recovery Summit, a virtual event designed to help businesses to plan, prepare, and recover from a ransomware incident. The post Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit appeared first on SecurityWeek.

07Mar 2023

Pre-Deepfake Campaign Targets Putin Critics

Russia is continuing its campaign of disinformation around the Ukraine war through advanced social engineering delivered by a threat group tracked as TA499. The post Pre-Deepfake Campaign Targets Putin Critics appeared first on SecurityWeek.

07Mar 2023

Akamai releases new threat hunting tool backed by Guardicore capabilities

Akamai on Tuesday launched Akamai Hunt, a visibility tool that uses the infrastructure of microsegmentation platform Guardicore to allow customers to identify and remediate threats and risks in their cloud environments. Akamai acquired Guardicore in October 2022 for about $600 million. Akamai Hunt combines Akamai’s historic data with Guardicore’s network segmentation and visualization capabilities to […]

07Mar 2023

Attack campaign uses PHP-based infostealer to target Facebook business accounts

Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP. “We have […]

07Mar 2023

Vulnerability in Toyota Management Platform Provided Access to Customer Data

A vulnerability in Toyota Customer 360 CRM platform provided a security researcher with full access to the car maker’s Mexican customers The post Vulnerability in Toyota Management Platform Provided Access to Customer Data appeared first on SecurityWeek.

07Mar 2023

New Oman-Australia undersea cable promises alternate, reliable route

Australian investment firm Subco is offering an alternative route for internet connectivity between Australia, Middle East and Europe through the Oman Australia Cable (OAC) by avoiding the earthquake prone route that currently goes through Malacca Strait. Subco OAC is already 9,800 km long, with landing points in Perth, West Island, and Cocos Islands in Australia, […]

07Mar 2023

Acer Confirms Breach After Hacker Offers to Sell Stolen Data

Acer said one of its document servers was hacked after a hacker claimed to have stolen 160 Gb of data from the company. The post Acer Confirms Breach After Hacker Offers to Sell Stolen Data appeared first on SecurityWeek.

07Mar 2023

What is zero trust? A model for more effective security

Security leaders are embracing zero trust, with the vast majority of organizations either implementing or planning to adopt the strategy. The 2022 State of Zero-Trust Security report found that 97% of those surveyed either have or plan to have a zero-trust initiative in place within 18 months. In fact, the percentage of organizations with zero […]

07Mar 2023

Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia

Kaspersky has seen a surge in attacks on ICS computers in Russia and blames it on the exploitation of a Bitrix CMS vulnerability tracked as CVE-2022-27228. The post Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia appeared first on SecurityWeek.

07Mar 2023

Edgeless Systems Raises $5m for Trustworthy Data Processing

German cybersecurity start-up Edgeless Systems raises $5 million to build an open-source stack for confidential computing. The post Edgeless Systems Raises $5m for Trustworthy Data Processing appeared first on SecurityWeek.

07Mar 2023

Talking Cyberinsurance With Munich Re

SecurityWeek spoke to Chris Storer, head of the cyber center of excellence at reinsurance giant Munich Re, for the cyber insurers’ view of cyberinsurance. The post Talking Cyberinsurance With Munich Re appeared first on SecurityWeek.

07Mar 2023

Android’s March 2023 Updates Patch Over 50 Vulnerabilities

Google has released patches for more than 50 vulnerabilities as part of the March 2023 security updates for the Android platform. The post Android’s March 2023 Updates Patch Over 50 Vulnerabilities appeared first on SecurityWeek.

07Mar 2023

Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing

Wallarm Detect warns of ongoing exploitation of a critical vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V). The post Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing appeared first on SecurityWeek.

07Mar 2023

IT leaders tackle the high price of talent

Since the onset of the pandemic, IT has risen in prominence as an engine for business sustainability and growth across all industries. The subsequent demand for enterprise IT talent has led to a sharp spike in salaries CIOs must pay to staff their teams. “Demand for tech talent was up by 50% to 60% in […]

07Mar 2023

3 force multipliers for digital transformation

Many CIOs will face a challenging year grappling with growing pressure from transformation initiatives, weekly layoff announcements, and the prospect of a recession. While digital initiatives and talent are the board directors’  top strategic business priorities in 2023-2024,  IT spending is forecasted to grow by only 2.4% in 2023. Tech companies have laid off over […]

06Mar 2023

PayPal sued for negligence in data breach that affected 35,000 users

A pending class action lawsuit accuses online payments giant PayPal of failing to adequately safeguard the personal information of its users, leaving them vulnerable to identity theft and related ills at the hands of the unidentified perpetrators of a data breach that occurred late last year. Nearly 35,000 people were affected by the cyberattack, which […]

06Mar 2023

Cyberattack Hits Major Hospital in Spanish City of Barcelona

A ransomware attack on one of Barcelona’ s main hospitals has crippled the center’s computer system and forced the cancellation of non-urgent operations and patient checkups. The post Cyberattack Hits Major Hospital in Spanish City of Barcelona appeared first on SecurityWeek.

06Mar 2023

Generative AI to be a key priority for senior IT leaders: Salesforce report

Generative AI has become a top priority among businesses even though IT leaders are expressing concerns about potential ethical issues posed by the technology, according to a new Salesforce survey. Sixty-seven percent of senior IT leaders surveyed said they will be prioritizing the technology over the next 18 months, and 33% claimed it would be […]

06Mar 2023

Police Looking for Russian Suspects Following DoppelPaymer Ransomware Crackdown

Several locations in Germany and Ukraine were raided recently as part of an international law enforcement operation targeting the DoppelPaymer ransomware. The post Police Looking for Russian Suspects Following DoppelPaymer Ransomware Crackdown appeared first on SecurityWeek.

06Mar 2023

Shutterstock capitalizes on the cloud’s cutting edge

When you store and deliver data at Shutterstock’s scale, the flexibility and elasticity of the cloud is a huge win, freeing you from the burden of costly, high-maintenance data centers. But for the New York-based provider of stock photography, footage, and music, it’s the innovation edge that makes the cloud picture perfect for its business. […]

06Mar 2023

Next CIO Champions the Rising Stars of IT in the UK

Next CIO returns for 2023 to continue to support the career development of aspiring IT and Tech leaders.  Next CIO is the annual awards and mentoring programme helping aspiring IT leaders to develop their careers, build their network and improve their skill sets. It is an opportunity for aspiring digital, data, and technology leaders to […]

06Mar 2023

Open letter demands OWASP overhaul, warns of mass project exodus

For more than two decades, the Open Worldwide Application Security Project (OWASP) has provided free and open resources for improving the security of software. Led by the non-profit OWASP Foundation, OWASP has brought together community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and educational and training conferences for developers […]

06Mar 2023

New ATM Malware ‘FiXS’ Emerges

Metabase Q documents FiXS, a new malware family targeting ATMs in Latin America. The post New ATM Malware ‘FiXS’ Emerges appeared first on SecurityWeek.

06Mar 2023

BetterHelp Shared Users’ Sensitive Health Data, FTC Says

The online counseling service BetterHelp has agreed to return $7.8 million to customers to settle with the Federal Trade Commission for sharing health data it had promised to keep private The post BetterHelp Shared Users’ Sensitive Health Data, FTC Says appeared first on SecurityWeek.

06Mar 2023

Ransomware Operators Leak Data Allegedly Stolen From City of Oakland

Play ransomware operators have leaked data allegedly stolen from the City of Oakland last month. The post Ransomware Operators Leak Data Allegedly Stolen From City of Oakland appeared first on SecurityWeek.

06Mar 2023

European Police, FBI Bust International Cybercrime Gang

Authorities disrupted an international cybercrime gang which has been blackmailing large companies and institutions for years. The post European Police, FBI Bust International Cybercrime Gang appeared first on SecurityWeek.

06Mar 2023

New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems. The post New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems appeared first on SecurityWeek.

06Mar 2023

Tracking device technology: A double-edged sword for CISOs

The transportation industry has doubled down in the area of fleet tracking in recent years, which has come with great benefits and not a few security headaches. On the consumer side, we’ve spoken of Apple’s AirTag and how it has been used to find personal items of import — and also its potential to be […]

06Mar 2023

557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022

There are nearly 900 vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog, including nearly 100 discovered in 2022. The post 557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022 appeared first on SecurityWeek.

06Mar 2023

Cybercrime Marketplace Leaks Over 2.1 Million Payment Cards

Carding marketplace BidenCash last week released information on more than 2.1 million credit and debit cards. The post Cybercrime Marketplace Leaks Over 2.1 Million Payment Cards appeared first on SecurityWeek.

06Mar 2023

Cybersecurity M&A Roundup: 35 Deals Announced in February 2023

Thirty-five cybersecurity-related M&A deals were announced in February 2023 The post Cybersecurity M&A Roundup: 35 Deals Announced in February 2023 appeared first on SecurityWeek.

06Mar 2023

How Pick n Pay’s migration to the cloud is paying off

Pick n Pay’s bold plan to modernize infrastructure and drive efficiency is beginning to pay dividends as its migration to AWS was successfully completed last year, signaling the digital ambitions of this retail giant. This move to the cloud lays the foundation for further expansion into other cloud-based applications to deliver deeper insights and better […]

06Mar 2023

Transforming IT for cloud success

As CIO Neil Holden moved his company, Halfords Group, further into the cloud, he sought to do more than simply “lift-and-shift” IT operations. Rather, Holden — like most CIOs — wanted his increasing use of cloud to enable and shape the company’s transformation agenda. To succeed in that objective, he knew he had to transform […]

06Mar 2023

Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs). The post Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs appeared first on SecurityWeek.

06Mar 2023

Diversity in UK tech on the rise, but not for senior leadership

The sixth annual report from Tech Talent Charter (TTC) has revealed that while companies in the UK are making progress toward improving diversity in their overall workforce, there is still a significant lack of diversity among senior technology leaders. The not-for-profit charity, which focuses on tracking diversity in technology, compiled its report using data from […]

06Mar 2023

Little Caesars’ CIO on achieving ‘Mission Impossible’

With a talent for developing people and inspiring innovation from her teams, Anita Klopfenstein has built a powerhouse IT organization since joining Little Caesars in 2017 as its CIO. One of the secrets behind her success as a leader is her love of learning. After majoring in both computer science and radio, television and film, […]

06Mar 2023

A CIO’s first rule for automation: Have a clear business case

By virtue of their position between IT and effecting business strategy, CIOs can identify what processes their organizations need in order to modernize and automate. When it comes to updating core systems to drive operational efficiencies, they also have to ensure that a sound business case exists to automate them, says Laurie Shotton, VP and […]

06Mar 2023

Are you protected against vulnerabilities with known exploits?

No IT leader wants to tell the C-suite about a serious breach that took advantage of a known infrastructure vulnerability.  Hackers develop new attack strategies so often that it’s easy to forget a fundamental truth about cybersecurity: hackers don’t have to rely on finding new vulnerabilities. The inability of organizations to promptly address the rapidly […]

06Mar 2023

Give them a break: How to unstress IT security teams overburdened with vulnerability patching

IT teams are exhausted. The tech talent shortage has led to severe understaffing even as cybercriminals ramp up their attacks. The ever-increasing shift toward hybrid working models has only compounded the issue, with IT teams struggling to deploy patches and other fixes across an expanded attack surface transcending the corporate firewall. Nearly three-quarters (74%) of […]

06Mar 2023

Macquarie Government: Providing Australia’s Federal Agencies with the Cloud and Security Solutions They Need to Safeguard the Most Sensitive Data

With five state-of-art data centers located in the Sydney and Canberra metropolitan areas, including a facility created to manage cloud applications and data that require PROTECTED, SECRET and higher classifications, Macquarie Government, as part of the ASX listed Macquarie Telecom Group, was one of the first companies to provide sovereign IT services to Australia’s government […]

06Mar 2023

Mulesoft, Tableau uptake fuels Salesforce growth spurt

Despite a tumultuous couple of months, strong user uptake of Tableau business intelligence and MuleSoft data automation and integration software fueled a surprising 14% year-over-year jump in revenue for Salesforce’s fourth quarter. Posting revenue of $8.38 billion after stock market trading closed on Wednesday, the company beat the expectations of analysts, whose average forecast for […]

06Mar 2023

Sports venues advance goals, enhance fan experience with data analytics

Sports fans today have more ways than ever to watch their favorite teams beyond the traditional, live stadium experience, including television, streaming services, even highlights on social media.   For years, fans have been less inclined to choose the live stadium experience, with game attendance across major North American professional sports in decline. In 2020, financial […]

06Mar 2023

AI value begins with managing the C-suite conversation

Every futurist and forecaster I have talked to is convinced the transformative technology of the next seven years is artificial intelligence. Everyone seems to be talking about AI. Unfortunately, most of these conversations do not lead to value creation or greater understanding. And, as an IT leader, you can bet these same conversations are reverberating […]

04Mar 2023

EPA Mandates States Report on Cyber Threats to Water Systems

The Biden administration said it would require states to report on cybersecurity threats in their audits of public water systems, a day after it released a broader plan to protect critical infrastructure against cyberattacks. The post EPA Mandates States Report on Cyber Threats to Water Systems appeared first on SecurityWeek.

03Mar 2023

HPE to acquire Axis Security to deliver a unified SASE offering

Hewlett Packard Enterprise has agreed to buy cloud security services provider Axis Security, its third acquistion since January, to deliver a unified secure access service edge (SASE) offering. The acquisition is aimed at incorporating the Axis security service edge (SSE) platform into HPE’s edge-to-cloud network security capabilities with to deliver integrated networking and security solutions […]

03Mar 2023

Iron Tiger updates malware to target Linux platform

Iron Tiger, an advanced persistent threat (APT) group, has updated their SysUpdate malware to include new features and add malware infection support for the Linux platform, according to a report by Trend Micro. The earliest sample of this version was observed in July 2022 and after finding multiple similar payloads in late October 2022, Trend […]

03Mar 2023

Thousands of Websites Hijacked Using Compromised FTP Credentials

Cybersecurity startup Wiz warns of a widespread redirection campaign in which thousands of websites have been compromised using legitimate FTP credentials. The post Thousands of Websites Hijacked Using Compromised FTP Credentials appeared first on SecurityWeek.

03Mar 2023

Organizations Warned of Royal Ransomware Attacks

FBI and CISA have issued an alert to warn organizations of the risks associated with Royal ransomware attacks. The post Organizations Warned of Royal Ransomware Attacks appeared first on SecurityWeek.

03Mar 2023

White House Cybersecurity Strategy Stresses Software Safety

Some say the White House cybersecurity strategy is largely aspirational. Its boldest initiatives — including stricter rules on breach reporting and software liability — are apt to meet resistance from business and Republicans in Congress. The post White House Cybersecurity Strategy Stresses Software Safety appeared first on SecurityWeek.

03Mar 2023

Industry Experts Analyze US National Cybersecurity Strategy

Feedback Friday: Industry professionals commented on various aspects of the new national cybersecurity strategy, its impact, and implications.  The post Industry Experts Analyze US National Cybersecurity Strategy appeared first on SecurityWeek.

03Mar 2023

Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts

Chick-fil-A is informing users that their accounts have been compromised in a two-month-long credential stuffing campaign. The post Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts appeared first on SecurityWeek.

03Mar 2023

White House releases an ambitious National Cybersecurity Strategy

The White House released its long-anticipated National Cybersecurity Strategy, a comprehensive document that offers fundamental changes in how the US allocates “roles, responsibilities, and resources in cyberspace.” The strategy involved months of discussions among more than 20 government agencies and countless consultations with private sector organizations. It encompasses virtually all the weaknesses and challenges inherent […]

03Mar 2023

IBM partners up with Cohesity for better data defense in new storage suite

Data security and protection are the main upside for IBM’s upcoming storage offering, which combines the company’s own products with those from third parties.

02Mar 2023

Gitpod flaw shows cloud-based development environments need security assessments

Researchers from cloud security firm Snyk recently discovered a vulnerability that would have allowed attackers to perform full account takeover and remote code execution (RCE) in Gitpod, a popular cloud development environment (CDE). Cloud-based development environments are popular because they’re easier to deploy and maintain than local ones and promise better security. However, organizations should properly […]

02Mar 2023

Software liability reform is liable to push us off a cliff

Like “SBOMs will solve everything,” there is a regular cry to reform software liability, specifically in the case of products with insecurities and vulnerabilities. US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly’s comments this week brought the topic back into focus, but it’s still a thorny issue. (There’s a reason certain things are […]

02Mar 2023

Microsoft Intune Suite consolidates endpoint management and protection

Intune Suite will streamline endpoint management with added features for controlled and secure access.

02Mar 2023

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link. The attack combined three separate issues that on their own could be categorized as low risk […]

02Mar 2023

Critical Vulnerabilities Allowed Booking.com Account Takeover

Booking.com recently patched several vulnerabilities that could have been exploited to take control of a user’s account. The post Critical Vulnerabilities Allowed Booking.com Account Takeover appeared first on SecurityWeek.

02Mar 2023

Advancing Women in Cybersecurity – One CMO’s Journey

Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. The post Advancing Women in Cybersecurity – One CMO’s Journey appeared first on SecurityWeek.

02Mar 2023

BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems

ESET says the BlackLotus UEFI bootkit can bypass secure boot on fully updated Windows 11 systems. The post BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems appeared first on SecurityWeek.

02Mar 2023

Best and worst data breach responses highlight the do's and don'ts of IR

In theory, enterprises should not only have security measures in place to prevent a data breach but should also have detailed plans for a response in the event of a breach. And they should periodically conduct drills to test those plans. Industry-wide best practices for incident response are well established. “In general, you want breach […]

02Mar 2023

Unpatched old vulnerabilities continue to be exploited: Report

Known vulnerabilities as old as 2017 are still being successfully exploited in wide-ranging attacks as organizations fail to patch or remediate them successfully, according to a new report by Tenable.  The report is based on Tenable Research team’s analysis of cybersecurity events, vulnerabilities and trends throughout 2022, including an analysis of 1,335 data breach incidents […]

02Mar 2023

White House Releases National Cybersecurity Strategy

The U.S. government released its widely anticipated National Cybersecurity Strategy on Tuesday. The post White House Releases National Cybersecurity Strategy appeared first on SecurityWeek.

02Mar 2023

Information of European Hotel Chain’s Customers Found on Unprotected Server

The personal information of many customers of European hotel chain Falkensteiner was discovered by a researcher on an unprotected server. The post Information of European Hotel Chain’s Customers Found on Unprotected Server appeared first on SecurityWeek.

02Mar 2023

Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack

Canadian bookstore chain Indigo this week confirmed that employee data was stolen in a ransomware attack last month. The post Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack appeared first on SecurityWeek.

02Mar 2023

New CISA Tool ‘Decider’ Maps Attacker Behavior to ATT&CK Framework

CISA has released a free and open source tool that makes it easier to map an attacker’s TTPs to the Mitre ATT&CK framework. The post New CISA Tool ‘Decider’ Maps Attacker Behavior to ATT&CK Framework appeared first on SecurityWeek.

02Mar 2023

Cisco Patches Critical Vulnerability in IP Phones

Cisco has released patches for a critical remote code execution vulnerability in certain IP phones. The post Cisco Patches Critical Vulnerability in IP Phones appeared first on SecurityWeek.

02Mar 2023

GitHub Secret Scanning Now Generally Available

GitHub this week made secret scanning generally available and free for all public repositories. The post GitHub Secret Scanning Now Generally Available appeared first on SecurityWeek.

02Mar 2023

AWS makes its Lift program available in India

Amazon Web Services on Wednesday made its global Lift program available in India, targeting small and medium-size businesses with revenue ranging from 800 million to 6.25 billion rupees. The Lift program, according to AWS, offers promotional credits and nearly 200 AWS services to help enterprises move on-premises workloads to the cloud. The India Lift program […]

02Mar 2023

Coca-Cola Beverages Philippines’ Trisha Liu-Ventura on the manufacturing industry

Trisha Liu-Ventura – Head of Cybersecurity, Governance, Risk and Compliance at Coca-Cola Beverages Philippines – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about challenges in securing the manufacturing industry, oversharing on social media, and more. To read this article in full, please click here

02Mar 2023

Internet Access, Privacy ‘Essential for Freedom’: Proton Chief

Proton, perhaps best known for its encrypted email service, sees its mission of ensuring privacy and online access as a vital tool in shoring up democracy in the digital age. The post Internet Access, Privacy ‘Essential for Freedom’: Proton Chief appeared first on SecurityWeek.

01Mar 2023

3 ways to invest in IT during a recession while keeping costs low

The world is experiencing an onslaught of economic uncertainty, and the IT industry is facing headwinds just like any other. Gartner recently lowered their expectations for IT budgets to increase by just 2.2% in 2023 on average – lower than the projected 6.5% global inflation rate. But the economic turmoil doesn’t mean your competitors are […]

01Mar 2023

Why TikTok Is Being Banned on Gov’t Phones in US and Beyond

So how serious is the threat of using TikTok? Should TikTok users who don’t work for the government be worried about the app, too? The post Why TikTok Is Being Banned on Gov’t Phones in US and Beyond appeared first on SecurityWeek.

01Mar 2023

Mainframe modernization and the importance of security

At a time when businesses are pushing the limits of digital transformation and modernization, security, particularly in the mainframe, is critical. But while most firms know this, research has shown that widespread understanding has not manifested much in the way of action. And when asked to rank their most important mainframe security features, respondents said […]

01Mar 2023

Real-time artificial intelligence for everyone

By Chet Kapoor, Chairman & CEO of DataStax Every business needs an artificial intelligence strategy, and the market has been validating this for years. Gartner® predicts that, “By 2027, over 90% of new software applications that are developed in the business will contain ML models or services, as enterprises utilize the massive amounts of data […]

01Mar 2023

Webinar Tomorrow: Entering the Cloud Native Security Era

Join SecuityWeek and LogRhythm as we dive into security risks associated with SaaS, as well as best practices for mitigating these risks and protecting data. The post Webinar Tomorrow: Entering the Cloud Native Security Era appeared first on SecurityWeek.

01Mar 2023

Cisco to Acquire Valtix for Cloud Network Security Tech

Cisco announced plans to acquire Valtix, an early-stage Silicon Valley startup in the cloud network security business. The post Cisco to Acquire Valtix for Cloud Network Security Tech appeared first on SecurityWeek.

01Mar 2023

Top 10 Security, Operational Risks From Open Source Code

Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS). The post Top 10 Security, Operational Risks From Open Source Code appeared first on SecurityWeek.

01Mar 2023

Top 10 open source software risks for 2023

Known vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs. The other major open source software risks, according to the report, include unmaintained software, outdated software, untracked dependencies, license risk, immature software, unapproved changes, […]

01Mar 2023

BlackLotus bootkit can bypass Windows 11 Secure Boot: ESET

A Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus is found to be capable of bypassing an essential platform security feature, UEFI Secure Boot, according to researchers from Slovakia-based cybersecurity firm ESET. BlackLotus uses an old vulnerability and can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled, the researchers found. UEFI […]

01Mar 2023

Two Hacking Groups Seen Targeting Materials Sector in Asia

Two APTs, named Winnti and Clasiopa, have been observed targeting Asian organizations in the materials sector. The post Two Hacking Groups Seen Targeting Materials Sector in Asia appeared first on SecurityWeek.

01Mar 2023

Ransomware Attacks: Don’t Let Your Guard Down

History has shown that when it comes to ransomware, organizations cannot let their guards down. The post Ransomware Attacks: Don’t Let Your Guard Down appeared first on SecurityWeek.

01Mar 2023

Several Law Firms Targeted in Malware Attacks

In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns. The post Several Law Firms Targeted in Malware Attacks appeared first on SecurityWeek.

01Mar 2023

Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar

Google this week made client-side encryption for Gmail and Calendar available for Workspace customers. The post Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar appeared first on SecurityWeek.

01Mar 2023

US Officials Make Case for Renewing FISA Surveillance Powers

The Biden administration urged Congress to renew the Foreign Intelligence Surveillance Act (FISA) that the government sees as vital in countering overseas terrorism, and cyberattacks. The post US Officials Make Case for Renewing FISA Surveillance Powers appeared first on SecurityWeek.

01Mar 2023

South American Cyberspies Impersonate Colombian Government in Recent Campaign

The South American cyberespionage group Blind Eagle has been observed impersonating a Colombian government tax agency in recent attacks. The post South American Cyberspies Impersonate Colombian Government in Recent Campaign appeared first on SecurityWeek.

01Mar 2023

CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person. The post CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles appeared first on SecurityWeek.

01Mar 2023

How security leaders can effectively manage Gen Z staff

In 2022, I started a podcast aimed at converting more Gen Z to seek careers in cybersecurity. In doing so, I had to educate myself on what they value and realized the many differences between Gen Z and previous generations. Gen Z refers to those born between mid-to-late 1990s and 2010, making them between the […]

01Mar 2023

Dish Network Says Outage Caused by Ransomware Attack

Satellite TV giant Dish Network has confirmed rumors that a recent outage was the result of a cyberattack and admitted that data was stolen. The post Dish Network Says Outage Caused by Ransomware Attack appeared first on SecurityWeek.

01Mar 2023

From CIO to CEO: XPO’s Mario Harik on leveling up

With technology increasingly central to business value, CIOs stepping up to plus-size roles and even making the leap from CIO to CEO is no longer the rare feat it once was. Still, earning that corner office is an achievement few IT leaders can list among their career accomplishments. As XPO’s first CIO, Mario Harik played […]

01Mar 2023

Think carefully before considering cloud repatriation

Most IT leaders have assets moved to the cloud to achieve some combination of better, faster, or cheaper compute and storage services. They also expect to benefit from the expertise of cloud providers—expertise that isn’t easy for companies to develop and maintain in house, unless your company happens to be a technology provider. “While computing […]

01Mar 2023

18 organizations advancing women in tech

Despite national conversations about a lack of women in IT, women remain largely underrepresented in STEM roles, according to a study by the National Science Foundation. And the pipeline doesn’t suggest a near-term correction, as only 19% of computer science degrees were awarded to women in 2016, down from 27% in 1997. Women also typically make […]

01Mar 2023

Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products

Several ThingWorx and Kepware products are affected by two vulnerabilities that can be exploited for DoS attacks and unauthenticated remote code execution. The post Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products appeared first on SecurityWeek.

01Mar 2023

Huawei unveils plans to target Small and Medium Enterprise market at MWC

Huawei’s Enterprise Business Group (EBG) arrived at Mobile World Congress in Barcelona this year with a proposition fit for the times, emphasizing the value created by digital transformation across multiple industries and use case scenarios. Huawei has developed more than 100 scenario-based solutions, covering over 10 industries. EBG’s strategy of ‘Weaving Technologies for Industry Scenarios’ […]

01Mar 2023

Hacked home computer of engineer led to second LastPass data breach

Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches […]

01Mar 2023

New cyberattack tactics rise up as ransomware payouts increase

While phishing, business email compromise (BEC), and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint. “While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and […]