Supply chain decarbonization: The missing link to net zero
Over the last seven decades, global carbon emissions have increased almost eightfold. Meanwhile, since 1980, the planet’s average temperature has risen significantly, with nine out of 10 warmest years on record having been in the last nine years. For sustainable development, it is now widely agreed that we must achieve a shared global goal of cutting carbon […]
How TCS pioneered the ‘borderless workspace’ with Microsoft 365
Tata Consultancy Services (TCS) has always been a digital-first organization. Continuous transformation of the workplace has been a cornerstone of the company’s business model for several decades. This approach proved its value during the COVID-19 crisis, when TCS pioneered location-independent “borderless workspaces” aided by Microsoft 365 and Microsoft Teams. The modern workplace solution suite was […]
TCS gives Blackhawk Network an edge with Microsoft Cloud
Blackhawk Network is shaping the future of global branded payments — from QR code payment solutions and retail gift card programs to tailored incentives and reward programs. The Silicon Valley-based company has been expanding its global footprint through numerous creative acquisitions. While each brought a wealth of benefits, the acquired companies’ existing processes and platforms […]
Italian privacy regulator bans ChatGPT over collection, storage of personal data
Italy’s data privacy regulator has banned ChatGPT over alleged privacy violations relating to the chatbot’s collection and storage of personal data. With immediate effect, the Guarantor for the protection of personal data has ordered the temporary limitation of the processing of data of Italian users by ChatGPT parent firm OpenAI until it complies with EU […]
Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem
Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches. “The zero-day exploits were used alongside n-day exploits and took advantage […]
Report: Chinese State-Sponsored Hacking Group Highly Active
Chinese hacking group linked previously to attacks on U.S. state government computers is still “highly active” The post Report: Chinese State-Sponsored Hacking Group Highly Active appeared first on SecurityWeek.
FDA Announces New Cybersecurity Requirements for Medical Devices
The FDA is asking medical device manufacturers to provide cybersecurity-related information when submitting an application for a new product. The post FDA Announces New Cybersecurity Requirements for Medical Devices appeared first on SecurityWeek.
Lumen Technologies Hit by Two Cyberattacks
Communications and IT company Lumen Technologies fell victim to two cyberattacks that led to data theft. The post Lumen Technologies Hit by Two Cyberattacks appeared first on SecurityWeek.
Votiro Raises $11.5 Million to Prevent File-Borne Threats
Votiro raised $11.5 million in a Series A investment round led by Harvest Lane Asset Management. The post Votiro Raises $11.5 Million to Prevent File-Borne Threats appeared first on SecurityWeek.
Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
Several cybersecurity companies have published blog posts, advisories and tools to help organizations that may have been hit by the 3CX supply chain attack. The post Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months appeared first on SecurityWeek.
Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
Documents show that Russian IT company NTC Vulkan was requested to develop offensive tools for government-backed hacking group Sandworm. The post Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks appeared first on SecurityWeek.
Best business analyst certifications to level up your career
Business analysts are in high demand, with 24% of Fortune 500 companies currently hiring business analysts across a range of industries, including technology (27%), finance (13%), professional services (10%), and healthcare (5%), according to data from Zippia. And the Bureau of Labor Statistics predicts that business analyst jobs will grow 11% from 2021 to 2031. […]
AMD takes hybrid approach to engineering the cloud’s future
AMD CIO Hasmukh Ranjan sits at the cloud’s crossroads. As a chipmaker, AMD is a vital supplier for the public cloud’s compute engine, and among Ranjan’s key remits is to support the engineering of semiconductors that power the cloud. But as a consumer, Ranjan, like all CIOs, must decide where best to place his company’s […]
Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
A high-severity vulnerability in Azure Service Fabric Explorer could have allowed a remote, unauthenticated attacker to execute arbitrary code. The post Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution appeared first on SecurityWeek.
Are tech layoffs inevitable, or can your company avoid them?
The headlines are clear: Recession is looming, and tech companies of all stripes are cutting thousands of employees from their rosters. Yet, despite these reductions, TOPdesk, an IT service desk software company, remains committed to growing its footprint as it continues to expand its internal teams and has no plans to change. Why? Let’s start […]
Anti-Bot Software Firm DataDome Banks $42M Financing
DataDome, a New York startup selling anti-bot and anti-fraud tech, has secured $42 million in new financing to fuel expansion plans. The post Anti-Bot Software Firm DataDome Banks $42M Financing appeared first on SecurityWeek.
Kyndryl lays off staff in search of efficiency
The layoffs are part of a restructuring initiative aimed at improving efficiency and customer service, Kyndryl says.
Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
Water pumping systems made by ProPump and Controls are affected by several vulnerabilities that could allow hackers to cause significant problems. The post Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks appeared first on SecurityWeek.
APT group Winter Vivern exploits Zimbra webmail flaw to target government entities
An APT group known in the security industry as Winter Vivern has been exploiting a vulnerability in the Zimbra Collaboration software to gain access to mailboxes from government agencies in several European countries. While no clear links have been established between Winter Vivern and a particular country’s government, security researchers have noted that its activities […]
3CX DesktopApp compromised by supply chain attack
3CX is working on a software update for its 3CX DesktopApp, after multiple security researchers alerted the company of an active supply chain attack in it. The update will be released in the next few hours; meanwhile the company urges customers to use its PWA (progressive web application) client instead. “As many of you have […]
500k Impacted by Data Breach at Debt Buyer NCB
NCB Management Services is informing roughly 500,000 individuals of a data breach impacting their personal information. The post 500k Impacted by Data Breach at Debt Buyer NCB appeared first on SecurityWeek.
Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward. The post Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data appeared first on SecurityWeek.
Why Endpoint Resilience Matters
When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own security. The post Why Endpoint Resilience Matters appeared first on SecurityWeek.
Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
The recently identified Melofee Linux implant allowed Chinese cyberespionage group Winnti to conduct stealthy, targeted attacks. The post Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks appeared first on SecurityWeek.
DXC Technology says global network is not compromised following Latitude Financial breach
Soon after Latitude Financial revealed it suffered a cyber attack, DXC Technology quietly published a note on its website stating its global network and customer support networks were not compromised. When Latitude Financial, which is listed in the Australian Securities Exchange (ASX), first published about the attack it said the activity was believed to have […]
3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
3CX confirms investigating a security breach as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack. The post 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component appeared first on SecurityWeek.
5 ways AI will transform CRM
The potential for generative AI systems such as OpenAI’s ChatGPT and Google’s Bard to transform how businesses work is being realized. Hype still surrounds some predictions, but change is here, and one of the first product categories to be impacted is CRM systems. Software-based services are the low-hanging fruit when it comes to this emerging […]
CIOs must evolve to stave off existential threat to their role
With digital technology increasingly vital to business, the CIO role is quickly evolving, placing IT leaders under threat from business executives who offer the blend of business and technical savvy necessary to lead transformational strategies in the future. A recent report by market intelligence firm IDC has placed IT leaders at a crossroads, predicting that, […]
UK Introduces Mass Surveillance With Online Safety Bill
The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into end-to-end content The post UK Introduces Mass Surveillance With Online Safety Bill appeared first on SecurityWeek.
From CIO to CX SVP, Cisco’s Jacqueline Guichelaar takes a road less travelled
Throughout her more than 30-year career in the tech industry, Jacqueline Guichelaar has been a staunch advocate for leaning in and genuinely listening to customers in order to provide them with better experiences. It’s one of the many attributes that led her to eventually becoming global CIO with Cisco, where she charted a path that […]
Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT
A group computer scientists and tech experts are calling for a 6-month pause to consider the profound risks of AI to society and humanity. The post Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT appeared first on SecurityWeek.
Noname Security releases API security updates
API security vendor Noname Security today announced a new release of its platform, with a number of upgrades designed to enhance visibility into a user’s API environment and protect against the growing number of API-based threats. The growth in the number of those threats has been fueled by the increasing centrality of APIs to modern […]
North Korean threat actor APT43 pivots back to strategic cyberespionage
When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38). It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. However, another team that security […]
Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
CrowdStrike threat intelligence team warns about unexpected malicious activity from a legitimate, signed version of the 3CXDesktopApp. The post Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App appeared first on SecurityWeek.
HP releases Wolf Connect solution for secure remote PC management
HP Inc. has announced the launch of HP Wolf Connect, a new IT management solution that provides resilient and secure connections to remote PCs. The solution enables IT teams to manage PCs remotely even if they are powered down or offline and was showcased at HP’s Amplify Partner Conference. HP Wolf Connect uses a cellular-based […]
LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps
New York startup LeapXpert secures funding for technology to help businesses manage the use of consumer messaging apps in the enterprise. The post LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps appeared first on SecurityWeek.
Spera Banks $10 Million to Tackle Identity and Access Sprawl
Backed by YL Ventures, Spera banks $10 million to help businesses deal with identity and access sprawl in the enterprise. The post Spera Banks $10 Million to Tackle Identity and Access Sprawl appeared first on SecurityWeek.
Blockchain Security Firm True I/O Raises $9 Million
Total Network Services rebrands to True I/O and raises $9 million to accelerate deployment of product. The post Blockchain Security Firm True I/O Raises $9 Million appeared first on SecurityWeek.
The SAP Innovation Awards 2023 Finalists Have been Selected
First and foremost, on behalf of SAP, we would like to thank all the SAP Innovation Awards 2023 participants for their hard work showcasing the many ways they are delivering impact within their businesses! We are truly grateful for and inspired by all the incredible submissions received this year. This is the perfect opportunity to […]
OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
OpenAI resolved severe ChatGPT vulnerabilities that could have been exploited to take over accounts. The post OpenAI Patches Account Takeover Vulnerabilities in ChatGPT appeared first on SecurityWeek.
DarkBit puts data from Israel’s Technion university on sale
DarkBit, the group that claimed responsibility for a ransomware attack on Israel’s Technion university, is making good on its threat to sell the university’s data if the ransom went unpaid. “The price of total bulk is 104 BTC (bitcoin) if anyone buys all of it at once,” said a message on DarkBit’s Telegram channel. It also […]
Skyhawk adds ChatGPT functions to enhance cloud threat detection, incident discovery
Cloud threat detection and response (CDR) vendor Skyhawk has announced the incorporation of ChatGPT functionality in its offering to enhance cloud threat detection and security incident discovery. The firm has applied ChatGPT features to its platform in two distinct ways – earlier detection of malicious activity (Threat Detector) and explainability of attacks as they progress […]
Spera exits stealth to reveal identity-based threat hunting capabilities
The Israeli identity-based cybersecurity provider Spera is exiting stealth mode to reveal a namesake offering with identity security posture management (ISPM) capabilities. “Two of the most prominent identity-based attack vectors — stolen credentials and phishing—take the longest to detect and are most expensive to solve,” said Dor Fledel, co-founder and CEO of Spera. “Security professionals […]
Latin American companies, governments need more focus on cybersecurity
For the first time, over a dozen cybersecurity companies have come together to produce an agnostic study titled LATAM CISO Report 2023: Insights from Industry Leaders. More than 200 CISOs in the Americas region, in addition to the Inter-American Development Bank (IDB), Latin American Federation of Banks (FELABAN), and the World Economic Forum (WEF), contributed […]
OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
OpenSSL 1.1.1 will reach EoL in six months and users are instructed to either upgrade to a newer version or pay for extended support to continue receiving security patches. The post OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023 appeared first on SecurityWeek.
Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
Australian casino giant Crown Resorts says the Cl0p ransomware group contacted them to claim data theft in the GoAnywhere attack. The post Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims appeared first on SecurityWeek.
New Wi-Fi Attack Allows Traffic Interception, Security Bypass
A group of academic researchers devised an attack that can intercept Wi-Fi traffic at the MAC layer, bypassing client isolation. The post New Wi-Fi Attack Allows Traffic Interception, Security Bypass appeared first on SecurityWeek.
Managing security in the cloud through Microsoft Intune
For many years, the Group Policy feature of Microsoft’s Windows has been the go-to solution for controlling workstations, providing deployment, and in general, making a network manageable by information professionals. It does, however, require a traditional domain with an Active Directory deployment — many users already have an Active Directory (AD) and will have an […]
AI-fueled search gives more power to the bad guys
Concerns about the reach of ChatGPT and how easier it may get for bad actors to find sensitive information have increased following Microsoft’s announcement of the integration of ChatGPT into Bing and the latest update of the technology, GPT-4. Within a month of the integration, Bing had crossed the 100 million daily user threshold. Meanwhile, GPT-4 […]
5 cyber threats retailers are facing — and how they’re fighting back
There are many reasons retailers are juicy targets for hackers. They earn and handle tremendous amounts of money, store millions of customer credit card numbers, and have frontline staff who may lack cybersecurity training. To save money, some retailers use older equipment that isn’t adequately updated, secured, or monitored to deal with cyberattacks. According to […]
Over 200 Organizations Targeted in Chinese Cyberespionage Campaign
Chinese cyberespionage group Mustang Panda was seen targeting maritime, shipping, border control, and immigration organizations in recent attacks. The post Over 200 Organizations Targeted in Chinese Cyberespionage Campaign appeared first on SecurityWeek.
Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report
A new research report discusses the five most exploited vulnerabilities of 2022, and the five key risks that security teams should consider. The post Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report appeared first on SecurityWeek.
Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
Google has linked several zero-day vulnerabilities used last year to target Android and iOS devices to commercial spyware vendors. The post Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors appeared first on SecurityWeek.
What Makes an Effective Anti-Bot Solution?
While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions. The post What Makes an Effective Anti-Bot Solution? appeared first on SecurityWeek.
QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography
Quantum cybersecurity firm QuSecure has collaborated with Accenture to develop a multi-orbit quantum-resilient satellite communications capability. The post QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography appeared first on SecurityWeek.
Examining key disciplines to build equity in the IT workplace
As IT leader of self-regulatory body Professional Engineers Ontario (PEO), Doria Manico-Daka continues to build on her 16 years in tech, the last five of which has seen her heavily involved in leading digital transformation and modernization. Throughout her career, industries and company sizes have varied, but there’s been one constant: environments have largely been […]
12 ways to maximize your cloud investments
Over the past few years, more organizations have gone all in with migrations to the public cloud. But for some “without a concrete strategy, it has led to some obvious challenges with respect to measuring the real value from their cloud investments,” says Ricky Sundrani, a partner in the pricing assurance practice at Everest Group. […]
Legacy, password-based authentication systems are failing enterprise security, says study
Authentication-related attacks grew in 2022, taking advantage of outdated, password-based authentication systems, according to a study commissioned by HYPR, a passwordless multifactor authentication (MFA) provider based in the US. The study, conducted by independent technology market research firm Vanson Bourne, surveyed 1000 IT professionals from organizations around the world with more than 50 employees. These […]
Microsoft announces generative AI Security Copilot
Microsoft today announced its AI Security Copilot, a GPT-4 implementation that brings generative AI capabilities to its in-house security suite, and features a host of new visualization and analysis functions. AI Security Copilot’s basic interface is similar to the chatbot functionality familiar to generative AI users. It can be used in the same way, to […]
Mandiant Catches Another North Korean Gov Hacker Group
Mandiant flags APT43 as a “moderately-sophisticated cyber operator that supports the interests of the North Korean regime.” The post Mandiant Catches Another North Korean Gov Hacker Group appeared first on SecurityWeek.
Leadership superpower: Succeeding sustainably
Value Stream Management (VSM) is a powerful methodology that not only streamlines value streams and optimizes processes but also promotes sustainability and creates positive impact. As today’s great leaders recognize, true success is not solely measured by the bottom line but also by the impact a business has on its stakeholders, including employees, partners, and […]
Hackers changed tactics, went cross-platform in 2022, says Trend Micro
Payouts from ransomware victims declined by 38% in 2022, prompting hackers to adopt more professional and corporate tactics to ensure higher returns, according to Trend Micro’s Annual Cybersecurity Report. Many ransomware groups have structured their organizations to operate like legitimate businesses, including leveraging established networks and offering technical support to victims. There is an increasing […]
AI bots for customer experience: trends, insights, and examples
The hype surrounding AI-based voice and chatbots is evident, but do they deliver? Most still perform only extremely basic tasks and often mirror the poor practices of traditional IVRs. Customers may be open to the idea, but only 30% believe that chatbots and virtual assistants make it easier to address their service issues. The things customers say bots are good […]
Helping the C-suite leverage their network as a business-boosting asset
By: Larry Lunetta, VP Portfolio Solutions Marketing at Aruba, a Hewlett Packard Enterprise company. As customer-centric innovators, we’re constantly looking at how we can better help businesses reach their goals by leveraging technology. That’s why hearing from them first-hand is so valuable. This year, we kicked off our quest for insights with a survey run […]
Video: How to Build Resilience Against Emerging Cyber Threats
Enjoy this session as we walk through three recent use cases where a new threat caught organizations off-guard. The post Video: How to Build Resilience Against Emerging Cyber Threats appeared first on SecurityWeek.
Microsoft Puts ChatGPT to Work on Automating Cybersecurity
Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks. The post Microsoft Puts ChatGPT to Work on Automating Cybersecurity appeared first on SecurityWeek.
Data loss from insider events increase despite IRM programs: Report
A vast majority of companies are struggling with data losses from insider events despite having dedicated insider risk management (IRM) programs in place, according to a data exposure report commissioned by Code 42. The study conducted by Vanson Bourne, an independent research firm for technology companies, interviewed 700 cybersecurity professionals, managers, and leaders in the US […]
CIOs to learn about the art of persuasive communication.
Persuasive Communication Workshop, FutureIT | Dallas, March 29th. Hosted by Dan Roberts, Host, Tech Whisperers Podcast, CEO, Ouellette & Associates and Larry Bonfante, Senior Consultant, Ouellette & Associates. IDG Don’t miss CIO’s FutureIT | March 29 at the Tower Club, Dallas presented by CIO, CSO and ComputerWorld. A pre-conference workshop will be exclusively offered to […]
China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
A South Asian espionage group named Bitter has been observed targeting the Chinese nuclear energy sector. The post China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign appeared first on SecurityWeek.
Nigerian BEC Scammer Sentenced to Prison in US
Solomon Ekunke Okpe was sentenced to four years in prison in the US for his role in a BEC fraud ring. The post Nigerian BEC Scammer Sentenced to Prison in US appeared first on SecurityWeek.
ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an actively exploited vulnerability. The post ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation appeared first on SecurityWeek.
SecurityScorecard Guarantees Accuracy of Its Security Ratings
SecurityScorecard is offering free digital forensics and incident response (DFIR) services to customers that have scored an ‘A’ rating if they have been breached. The post SecurityScorecard Guarantees Accuracy of Its Security Ratings appeared first on SecurityWeek.
Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
The UK’s National Crime Agency has been running several DDoS-for-hire websites to collect information about individuals looking to launch such attacks. The post Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police appeared first on SecurityWeek.
14 Million Records Stolen in Data Breach at Latitude Financial Services
Australian financial services provider Latitude says roughly 14 million user records were stolen in a recent cyberattack. The post 14 Million Records Stolen in Data Breach at Latitude Financial Services appeared first on SecurityWeek.
5 hard questions every IT leader must answer
Leadership is not something that just happens. Leadership must be measured, managed, and invested in. After all, how IT leaders are selected, trained, evaluated, and compensated materially impacts the future performance of the enterprise. So, again, when was the last time you had a substantive conversation about leadership with your direct reports? How frequently do […]
CIOs address the impact of hybrid work
After recent rounds of high-profile layoffs, a lot of technologists are looking for work in a market that’s different from any they’ve experienced. More companies are now set up to support remote work, which offers candidates a wider range of potential employers. The new working models benefit companies, too, since they can now hire people […]
PwC UK partners with ReversingLabs to bring software supply chain security to third-party risk management
Advisory and professional services giant PwC UK is partnering with security firm ReversingLabs to develop a third-party risk management (TPRM) platform to help businesses address software supply chain security risks. Alongside ReversingLabs, the firm aims to help customers modernize traditional TPRM programs to better suit the modern software supply chain, operationalizing detection and mitigation of […]
Office of the Director of National Intelligence highlights cyber threats in 2023 Intelligence Threat Assessment
When the Office of the Director of National Intelligence (ODNI) highlights a threat in its unclassified assessment and intimates that there is substantive supporting evidence available, one should not sit back and let the data points pass idly by — and we aren’t. The ODNI minced no words as they addressed China, Russia, North Korea, […]
5 ways to tell you are not CISO material
As the role of the CISO continues to grow in importance and gain more responsibility, many cybersecurity practitioners may wonder if they have what it takes to be successful in the role. Technical expertise and experience are obviously huge assets. An effective CISO has the ability to evaluate and select security technology, communicate with technical […]
iOS Security Update Patches Exploited Vulnerability in Older iPhones
Apple has released security updates for older iPhones to address a vulnerability exploited in attacks. The post iOS Security Update Patches Exploited Vulnerability in Older iPhones appeared first on SecurityWeek.
Biden administration seeks to tamp down the spyware market with a new ban
In a significant signal to spyware vendors, the Biden administration issued an executive order (EO) prohibiting federal government agencies from using commercial spyware “that poses significant counterintelligence or security risks to the United States Government.” The spyware covered by the EO is predominately malware designed to track and collect data from mobile phones that can […]
Huawei’s F5G rollout plan signals new wave of green technology and digital transformation
The emphasis Huawei has placed on a wave of investment in optical fixed line networks is bearing fruit. At MWC 2023, the company unveiled a range of F5G(Fifth generation fixed network) solutions for vertical industries. For Gu Yunbo, who manages the part of Huawei that sells optical network products to enterprises, this is the start […]
Researchers warn of two new variants of potent IcedID malware loader
Security researchers have seen attack campaigns using two new variants of IcedID, a banking Trojan program that has been used to deliver ransomware in recent years. The two new variants, one of which appears to be connected to the Emotet botnet, are lighter compared to the standard one because certain functionality has been stripped. “It […]
Huawei launches intelligent data storage solutions at MWC to satisfy rising multi-cloud demand
Peter Zhou, President of Huawei’s IT Product Line, is the public face of data storage technologies at the Chinese telecoms to IT giant. At MWC 2023, in between meetings with many of the 2,500 Huawei clients who made the trip to Barcelona, Peter described Europe’s buoyant market as one of the drivers behind 40% year-on-year […]
Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April
Microsoft says it has evidence that Russian APT actors were exploiting a nasty Outlook zero-day as far back as April 2022, upping the stakes on organizations to start hunting for signs of compromise. The post Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April appeared first on SecurityWeek.
State of the CIO, 2023: Building business strategy
When he’s not immersed in cybersecurity, hybrid cloud strategy, or app modernization, David Reis, CIO at the University of Miami Health System and the Miller School of Medicine, spends his time working with the board of directors and top leadership to reimagine healthcare and take the lead driving digital transformation. A business objective to “arrive” […]
Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
Security researchers raked in more than $1 million in prizes at this year’s CanSecWest Pwn2Own software exploitation contest. The post Hackers Earn Over $1 Million at Pwn2Own Exploit Contest appeared first on SecurityWeek.
US to Adopt New Restrictions on Using Commercial Spyware
Executive order will require the head of any U.S. agency using commercial spyware programs to certify that the program doesn’t pose a significant counterintelligence or other security risk. The post US to Adopt New Restrictions on Using Commercial Spyware appeared first on SecurityWeek.
Part of Twitter source code leaked on GitHub
Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the post after the social media platform requested it to do so on Friday. Twitter has also filed a case in the US District Court for the Northern District of California seeking to order GitHub to identify the […]
GoAnywhere Zero-Day Attack Hits Major Orgs
Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra’s GoAnywhere software. The post GoAnywhere Zero-Day Attack Hits Major Orgs appeared first on SecurityWeek.
Australia Dismantles BEC Group That Laundered $1.7 Million
Law enforcement in Australia announce the arrest of four individuals accused of running business email compromise (BEC) schemes. The post Australia Dismantles BEC Group That Laundered $1.7 Million appeared first on SecurityWeek.
France bans TikTok, all social media apps from government devices
The French government has banned TikTok and all other “recreational apps” from phones issued to its employees. The Minister of Transformation and the Public Service Stanislas Guerini, said in a statement that recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment. This prohibition applies immediately and […]
Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks
Webinar on third-party identity access risks will discuss topics such as unauthorized access, data breaches, and the manipulation or theft of sensitive information The post Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks appeared first on SecurityWeek.
‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Criminals are set to take advantage of artificial intelligence like ChatGPT to commit fraud and other cybercrimes, Europe’s policing agency warned. The post ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns appeared first on SecurityWeek.
GitHub Rotates Publicly Exposed RSA SSH Private Key
GitHub replaced the RSA SSH private key used to secure Git operations for GitHub.com after it was exposed in a public GitHub repository. The post GitHub Rotates Publicly Exposed RSA SSH Private Key appeared first on SecurityWeek.
Best practices for protecting AWS RDS and other cloud databases
It’s no surprise that organizations are increasingly using cloud-native services, including for data storage. Cloud storage offers tremendous benefits such as replication, geographic resiliency, and the potential for cost-reduction and improved efficiency. The Amazon Web Services (AWS) Relational Database Service (RDS) is one of the most popular cloud database and storage services. At a high-level, […]
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware
Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools. What is lateral security? It leverages both access control and advanced […]
GitHub Suspends Repository Containing Leaked Twitter Source Code
Twitter sent a copyright notice to code hosting service GitHub to request the removal of a repository that contained Twitter source code. The post GitHub Suspends Repository Containing Leaked Twitter Source Code appeared first on SecurityWeek.
Why data leaders struggle to produce strategic results
Chief data and analytics officers (CDAOs) are poised to be of increasing strategic importance to their organizations, but many are struggling to make headway, according to data presented last week by Gartner at the Gartner Data & Analytics Summit 2023. Fewer than half (44%) of data and analytics leaders say their teams are effective in […]
How Infosys and Tennis Australia are harnessing technology for good
Marching resolutely alongside artificial intelligence (AI), cloud computing and digital advancement are customers demanding organisations be more environmentally sustainable, inclusive and responsible. It’s a situation raising a critical question for every IT and business leader: How can we increasingly harness technology not just for technology’s sake, but for the good we can do with it? […]
Google Leads $16 Million Investment in Dope.security
Dope.security raised $16 million in Series A funding for its fly-direct Secure Web Gateway (SWG). The post Google Leads $16 Million Investment in Dope.security appeared first on SecurityWeek.
Intel Co-founder, Philanthropist Gordon Moore Dies at 94
Intel Corp. co-founder Gordon Moore, who the breakneck pace of progress in the digital age with a simple 1965 prediction of how quickly engineers would boost the capacity of computer chips, has died. He was 94. The post Intel Co-founder, Philanthropist Gordon Moore Dies at 94 appeared first on SecurityWeek.
US Charges 20-Year-Old Head of Hacker Site BreachForums
The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers. The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.
Critical flaw in WooCommerce can be used to compromise WordPress websites
WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch. “Although what we know at this time is limited, what we do […]
How to power a sustainable enterprise on Microsoft Cloud
Now, more than ever, global businesses have an opportunity. With people and infrastructure touching every point on the planet — and new technology empowering us to radically change the way we consume resources — we can lead the world toward a better, more sustainable future. That optimism stems from three core beliefs: We can build […]
How retailers are empowering business transformation with TCS and Microsoft Cloud
The retail industry is always in motion. Shifting macro-economic influences and changing customer expectations spark new business models, channel strategies, and strategic partnerships. To keep pace, retailers require a strong digital core that delivers powerful data-driven insights while staying compliant, maintaining security, and preventing fraud. Shree Venkat, chief architect at TCS, and GV Krishnan, Head […]
Powering a sustainable future: How data can save the world – and your business
Data is the powerhouse of digital transformation. That’s no surprise. But did you know that data is also one of the most significant factors in whether a company can achieve its sustainability goals? Business leaders are at a crossroads. On one hand, a perilous financial landscape threatens to stall growth, with companies of all sizes […]
Cyberpion rebrands as Ionix, offering new EASM visibility improvements
SaaS-based external attack surface management (EASM) company Cyberpion has rebranded as Ionix, at the same time adding a clutch of new cybersecurity capabilities to its namesake offering. Designed to provide a “wider coverage and deeper focus” into its customers’ internet-facing assets and connected dependencies, the revamp of Ionix’s system will feature new abilities such as extending […]
Tesla Hacked Twice at Pwn2Own Exploit Contest
Researchers at French offensive hacking shop Synacktiv demonstrated successful exploit chains against Tesla’s newest electric car to take top billing at the annual Pwn2Own contest. The post Tesla Hacked Twice at Pwn2Own Exploit Contest appeared first on SecurityWeek.
CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
The U.S. government’s cybersecurity agency ships a new tool to help network defenders hunt for signs of compromise in Microsoft’s Azure and M365 cloud deployments. The post CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections appeared first on SecurityWeek.
Android-based banking Trojan Nexus now available as malware-as-a-service
Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available […]
PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
Proof-of-concept code to exploit a just-patched security hole in the Veeam Backup & Replication product has been published online. The post PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw appeared first on SecurityWeek.
Critical WooCommerce Payments Vulnerability Leads to Site Takeover
A critical-severity flaw in the WooCommerce Payments WordPress plugin could allow attackers to take over site administrator accounts. The post Critical WooCommerce Payments Vulnerability Leads to Site Takeover appeared first on SecurityWeek.
UK parliament follows government by banning TikTok over cybersecurity concerns
The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and the wider parliamentary network,” a move that TikTok has described as “misguided” and “based on fundamental […]
Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for mitigating security issues. The post Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions appeared first on SecurityWeek.
CISA Gets Proactive With New Pre-Ransomware Alerts
CISA has sent notifications to more than 60 organizations as part of a new initiative to alert entities of early-stage ransomware attacks. The post CISA Gets Proactive With New Pre-Ransomware Alerts appeared first on SecurityWeek.
TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
A nearly six-hour grilling of TikTok’s CEO by lawmakers brought the platform’s 150 million U.S. users no closer to an answer as to whether the app will be wiped from their devices. The post TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content appeared first on SecurityWeek.
What is data governance? Best practices for managing data assets
Data governance definition Data governance is a system for defining who within an organization has authority and control over data assets and how those data assets may be used. It encompasses the people, processes, and technologies required to manage and protect data assets. The Data Governance Institute defines it as “a system of decision rights […]
Industry clouds prove their business value
Companies across nearly every vertical are finding a transformational lifeline in industry clouds. Swiss biopharmaceutical Idorsia is one such company, having embraced a partnership with industry cloud provider Veeva to survive. In June 2017, Idorsia had a lot on its plate, namely a new company to stand up, with 650 scientists and employees, a robust […]
Russian hacktivists deploy new AresLoader malware via decoy installers
Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software. Security researchers from threat intelligence firm Intel 471 first spotted AresLoader […]
Don’t buy into the hype of network observability to realize digital transformation success
Figure 1: Source: IDC’s Future Enterprise Resiliency and Spending Survey, Wave 2, March 2022 Broadcom For today’s teams, it is exceedingly complex and costly to support multiple generations of infrastructure and applications. What’s worse, according to an IDC report on network observability, this is the number one challenge to achieving digital transformation success. The right […]
Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud
Staying in control and securing your data has never been more important! As data privacy regulations continue to evolve, businesses have had to adapt how and where they store data. The EU’s General Data Protection Regulation (GDPR) has been the most newsworthy, requiring all businesses that operate in or have customers in the EU to […]
Security at the core of Intel’s new vPro platform
Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise a 70% reduction in attack surface compared to four-year-old PCs. Windows 11 systems can also take […]
Accenture to lay off 19,000 to cut costs amid economic uncertainty
IT services and consultancy firm Accenture said it would lay off 19,000 staffers, or 2.5% of its workforce, over the next 18 months to reduce costs amid uncertain macroeconomic conditions. “While we continue to hire, especially to support our strategic growth priorities, during the second quarter of fiscal 2023, we initiated actions to streamline our […]
CISA, NSA Issue Guidance for IAM Administrators
New CISA and NSA guidance includes recommended best practices for identity and access management (IAM) administrators. The post CISA, NSA Issue Guidance for IAM Administrators appeared first on SecurityWeek.
Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
On March 15, 2023, the SEC announced a proposal for new cybersecurity requirements for covered entities. The post Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy appeared first on SecurityWeek.
Advice from procurement: How to evaluate and propose new IT investments
Gartner recently cut their expected IT budget prediction from 5.1% to just 2.2% in 2023. This is three times lower than the projected 6.5% global inflation rate. As the world continues to experience economic uncertainty, IT leaders look to tighten budgets, consolidate tools and resources, and generally become more risk-averse when evaluating new investments. So […]
Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
Intel shares information on the security improvements brought by its new vPro platform powered by 13th Gen Core processors. The post Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform appeared first on SecurityWeek.
Why AI is key to hiring and retaining developers
By Bryan Kirschner, Vice President, Strategy at DataStax It’s high time to treat HR as every bit as important to your company’s artificial intelligence strategy as IT. Alongside all the evidence that getting your developers working on AI is good for your business, there’s mounting proof that even providing the opportunity to work on—and work […]
New vulnerabilities found in industrial control systems of major vendors
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors. The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight. To read this article […]
Critical flaw in AI testing framework MLflow can lead to server and data compromise
MLflow, an open-source framework that’s used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn’t implement authentication by […]
Cisco Patches High-Severity Vulnerabilities in IOS Software
Cisco’s semiannual security updates for IOS and IOS XE software resolve high-severity DoS, command injection, and privilege escalation vulnerabilities. The post Cisco Patches High-Severity Vulnerabilities in IOS Software appeared first on SecurityWeek.
‘Nexus’ Android Trojan Targets 450 Financial Applications
Promoted as a MaaS, the Nexus Android trojan targets 450 financial applications for account takeover. The post ‘Nexus’ Android Trojan Targets 450 Financial Applications appeared first on SecurityWeek.
Tackling the Challenge of Actionable Intelligence Through Context
Making threat intelligence actionable requires more than automation; it also requires contextualization and prioritization. The post Tackling the Challenge of Actionable Intelligence Through Context appeared first on SecurityWeek.
4 hard truths of multivendor outsourcing
How many IT services vendors do you rely on? Splitting responsibility for the IT organization into multiple outsourcing vendors, overseen (or overlooked in some unfortunate cases) by a small IT management team, has become a popular practice. Hardly “best practice” — a meaningless but popular justification for doing things a certain way — but popular […]
12 job-hunting mistakes no IT leader should make
You might think that senior-level IT leaders have a lock on the art of landing jobs. After all, that’s partly how they reached such lofty heights, right? But you’d be wrong. CIOs, vice presidents, directors — all make similar mistakes when they are on a job prowl, executive recruiters say. The two most common, and […]
How training and recognition can reduce cybersecurity stress and burnout
Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility and are subject to long hours of work and high pressure in an unpredictable and constantly […]
Dole Says Employee Information Compromised in Ransomware Attack
Dole has admitted in an SEC filing that its investigation into the recent ransomware attack found that the hackers had accessed employee information. The post Dole Says Employee Information Compromised in Ransomware Attack appeared first on SecurityWeek.
Closing the gender gap: What needs to be done
Companies around the world are being urged to close the digital gender gap, especially after International Women’s Day. Although progress has been made, the gap remains in many countries, prompting questions about whether those in the industry are doing enough to address it. The development of new technologies has created demand for specialized workers with […]
SMRT Corporation’s Huang Shao Fei on AI and other technologies
Huang Shao Fei – Group Chief Information Security Officer of SMRT Corporation – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about artificial intelligence, other technologies, and more. To read this article in full, please click here
How can CIOs protect Personal Identifiable Information (PII) for a new class of data consumers?
Industries increasingly rely on data and AI to enhance processes and decision-making. However, they face a significant challenge in ensuring privacy due to sensitive Personally Identifiable Information (PII) in most enterprise datasets. Safeguarding PII is not a new problem. Conventional IT and data teams query data containing PII, but only a select few require access. […]
55 zero-day flaws exploited last year show the importance of security risk management
Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available — the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don’t have a patch […]
Splunk adds new security and observability features
New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.
ServiceNow continues workflow platform expansion with Utah release
With its Utah release, ServiceNow is expanding the reach of its Now Platform for workflow automation into new areas, and enhancing its performance in others. Since ServiceNow introduced role-based workspaces as part of its new user interface, Next Experience, in March 2022, coverage has grown with each passing release. Utah’s additions include dedicated workspaces for […]
‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
Black Lantern Security introduces Badsecrets, an open source tool for identifying known or weak cryptographic secrets across multiple platforms. The post ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks appeared first on SecurityWeek.
Backslash Snags $8M Seed Financing for AppSec Tech
Backslash Security banks seed-stage capital to build new technology to identify and mitigate “toxic code flows” in cloud-native applications. The post Backslash Snags $8M Seed Financing for AppSec Tech appeared first on SecurityWeek.
Backslash AppSec solution targets toxic code flows, threat model automation
Backslash Security has announced its launch with a new cloud-native application security (AppSec) solution designed to identify toxic code flows and automate threat models. The solution is built to address time-consuming and manual methods for discovering and mapping applications code risks, along with filling the cloud-native context gaps left by traditional static application security testing […]
Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks
The average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited. That’s according to Continuity’s State of Storage and Backup Security Report 2023, which revealed a significant gap in the state of enterprise storage and backup security compared to other […]
Landmark UK-Israeli agreement to boost mutual cybersecurity development, tackle shared threats
The UK and Israeli governments have signed a landmark agreement to define bilateral relations between the two countries and boost mutual cybersecurity advancement until 2030. The 2030 Roadmap for Israel-UK Bilateral Relations is the culmination of efforts that began with the signing of a Memorandum of Understanding in November 2021 to work more closely over […]
Chrome 111 Update Patches High-Severity Vulnerabilities
The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers. The post Chrome 111 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
Cisco Talos researchers found two high-severity vulnerabilities in WellinTech’s KingHistorian industrial data historian software. The post High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian appeared first on SecurityWeek.
Malware Trends: What’s Old is Still New
Many of the most successful cybercriminals are shrewd; they want good ROI, but they don’t want to have to reinvent the wheel to get it. The post Malware Trends: What’s Old is Still New appeared first on SecurityWeek.
CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
CISA announces adding more experts to its Cybersecurity Advisory Committee and updating the Cybersecurity Performance Goals. The post CISA Expands Cybersecurity Committee, Updates Baseline Security Goals appeared first on SecurityWeek.
BreachForums Shut Down Over Law Enforcement Takeover Concerns
The popular cybercrime forum BreachForums is being shut down following the arrest of Conor Brian Fitzpatrick, who is accused of running the website. The post BreachForums Shut Down Over Law Enforcement Takeover Concerns appeared first on SecurityWeek.
Sharing sensitive business data with ChatGPT could be risky
The furor surrounding ChatGPT remains at a fever pitch as the ins and outs of the AI chatbot’s potential continue to make headlines. One issue that has caught the attention of many in the security field is whether the technology’s ingestion of sensitive business data puts organizations at risk. There is some fear that if […]
Spain Needs More Transparency Over Pegasus: EU Lawmakers
Spain needs more transparency over the Pegasus spyware hacking scandal, a European Parliament committee said. The post Spain Needs More Transparency Over Pegasus: EU Lawmakers appeared first on SecurityWeek.
Burnout in Cybersecurity – Can it be Prevented?
Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress. The post Burnout in Cybersecurity – Can it be Prevented? appeared first on SecurityWeek.
Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
Ransomware and data related attacks are the top cybersecurity threats to the transport sector in the EU, ENISA says. The post Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA appeared first on SecurityWeek.
CIO Karriem Shakoor on harnessing the power of data democratization
At UL Solutions, CIO Karriem Shakoor has identified clear cultural and architectural requirements for achieving data democratization so that IT can get out of the reports business and into driving revenue. Recently, I had the chance to speak at length with Shakoor about data strategy at the global safety science company, which has over 15,000 […]
10 things CIOs wish they knew from the start
“Life can only be understood backwards but it must be lived forwards,” wrote Danish philosopher Søren Kierkegaard. That’s true, but what if by some stroke of magic we could go back in time and give a pep talk to our younger selves. What would we say? To provide some indirect counsel for first-time CIOs, we asked […]
How culture and strategic partnerships help fuel transformation
Multinational insurance and finance corporation AIA New Zealand’s dream is to help make the country one of the healthiest and best protected nations in the world. That’s no small undertaking, and as CTO for the company, it’s Marc Hale’s core responsibility to help achieve that goal by providing a secure and stable platform on which […]
Virtual Event Today: Supply Chain & Third-Party Risk Summit
Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for mitigating security issues. The post Virtual Event Today: Supply Chain & Third-Party Risk Summit appeared first on SecurityWeek.
As critical Microsoft vulnerabilities drop, attackers may adopt new techniques
While the total number of recorded Microsoft vulnerabilities was higher in 2022 than ever before, the number of critical vulnerabilities declined to its lowest point, according to the latest Microsoft Vulnerability Report by BeyondTrust, released Tuesday. In 2022, only 6.9% of Microsoft’s vulnerabilities were rated as critical — less than half the number of critical […]
Ping Identity debuts decentralized access management system in early access
Ping Identity, a Colorado-based IAM software vendor, is making a new product, PingOne Neo, available in a limited early access program. PingOne Neo is designed as a decentralized platform, as opposed to the heavily federated systems commonly in use. It allows for data decentralization, storing credentials and keys on the user’s mobile device, and lets […]
Accenture acquires Flutura to boost industrial AI services
Accenture on Tuesday said that it was acquiring Flutura, an internet of things (IoT) and data science services firm, for an undisclosed sum to boost the industrial AI services that it sells under the umbrella of Applied Intelligence. The acquisition assumes significance as the Asia-Pacific region constitutes 70% of Accenture’s Applied Intelligence market, according to […]
Google Suspends Chinese Shopping App Amid Security Concerns
Google has suspended the Chinese shopping app Pinduoduo on its app store after malware was discovered in versions of the app from other sources. The post Google Suspends Chinese Shopping App Amid Security Concerns appeared first on SecurityWeek.
Nvidia accelerates enterprise adoption of generative AI
As the generative AI bandwagon gathers pace, Nvidia is promising tools to accelerate it still further. On March 21, CEO Jensen Huang (pictured) told attendees at the company’s online-only developer conference, GTC 2023, about a string of new services Nvidia hopes enterprises will use to train and run their own generative AI models. When they […]
BrandPost: Stop the Sprawl: How Vendor Consolidation Can Reduce Security Risks in the Cloud
Managing multiple security vendors is proving to be a significant challenge for organizations, leading to difficulties in integration, visibility, and control. Recent surveys and reports have identified numerous problems associated with managing an assortment of security products from different vendors, and that managing multiple vendors was cited as the top challenge in achieving an effective […]
Verosint Launches Account Fraud Detection and Prevention Platform
443ID is refocusing its solution to tackle account fraud detection and prevention, and has changed its name to Verosint. The post Verosint Launches Account Fraud Detection and Prevention Platform appeared first on SecurityWeek.
Developed countries lag emerging markets in cybersecurity readiness
Organizations in developed countries are not as prepared for cybersecurity incidents compared to those in developing countries, according to Cisco’s Cybersecurity Readiness Index, released today. Countries that were found to be most mature in their overall cybersecurity readiness included Asia-Pacific countries such as Indonesia, with 39% of organizations in what Cisco considers a “mature stage” […]
What’s next for network operations
By Serge Lucio, Vice President and General Manager, Agile Operations Division This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. Enterprise networks are undergoing a profound transformation. These changes are being […]
4 Factors That Influence Modern App Success in a Multi-Cloud Environment
How are modern CIOs making an impact with multi-cloud? A recently released VMware report, “CIO Essential Guidance: Modernizing Applications in a Multi-Cloud World,” outlines these four key factors that influence success: Drive Developer Velocity The best applications are created by the most talented developers, so it’s crucial to attract and retain the best talent. Taking […]
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware
Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools. What is lateral security? It leverages both access control and advanced […]
The Era of Multi-Cloud Services Has Arrived
Multi-cloud environments offer significant business benefits from increasing agility to improving efficiency. The challenge, however, is that each cloud sits in an isolated silo with its own development and operating model, taxonomy, services, APIs and management tools. This lack of consistency across clouds forces companies to manage their multi-cloud environments through a patchwork of off-the-shelf, […]
Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
The Play ransomware gang has published data stolen from Dutch maritime services company Royal Dirkzwager. The post Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager appeared first on SecurityWeek.
Zoom Paid Out $3.9 Million in Bug Bounties in 2022
Zoom says it paid out $3.9 million in bug bounty rewards in 2022, with a total of over $7 million awarded to researchers since 2019. The post Zoom Paid Out $3.9 Million in Bug Bounties in 2022 appeared first on SecurityWeek.
Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
Mandiant has conducted an analysis of the zero-day vulnerabilities disclosed in 2022 and over a dozen were linked to cyberespionage groups. The post Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant appeared first on SecurityWeek.
Oleria Scores $8M Seed Funding for ID Authentication Technology
Seattle startup founded by former Salesforce CISO Jim Alkove banks $8 million to build technology in the identity and authentication space. The post Oleria Scores $8M Seed Funding for ID Authentication Technology appeared first on SecurityWeek.
9 attack surface discovery and management tools
Cyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. The goal with CAASM tools is to give the adversary as little information about the security posture of the business as possible while still maintaining critical business services. If you’ve […]
Malicious NuGet Packages Used to Target .NET Developers
Software developers have been targeted in a new attack via malicious packages in the NuGet repository. The post Malicious NuGet Packages Used to Target .NET Developers appeared first on SecurityWeek.
News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
SecurityWeek spoke to VC firm Quantum Exponential about the UK National Quantum Strategy and investments in quantum computing. The post News Analysis: UK Commits $3 Billion to Support National Quantum Strategy appeared first on SecurityWeek.
Arvest Bank reskills IT to support its banking core refresh
When Arvest, a regional bank operating in Arkansas, Kansas, Missouri and Oklahoma, hired Laura Merling as chief transformation and operations officer in 2021, one of the first things she changed was its digital transformation plan. The 60-year-old bank, formed from the successive mergers of 14 regional banks, was planning to launch a neobank, an online-only […]
10 cloud mistakes that can sink your business
The cloud has changed the IT and business worlds forever, and generally for the better. But when misused or abused the cloud can backfire, leading to a serious business setback or, in a worst-case situation, long-term competitive damage. Ensuing proper cloud use is essential in today’s high-stakes, fast-paced business environment. Learn from the following 10 […]
Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
Industrial organizations using HMI and SCADA products from Aveva have been informed about potentially serious vulnerabilities. The post Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products appeared first on SecurityWeek.
Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
A vulnerability in Google Pixel phones allows for the recovery of an original, unedited screenshot from the cropped version. The post Google Pixel Vulnerability Allows Recovery of Cropped Screenshots appeared first on SecurityWeek.
Ferrari Says Ransomware Attack Exposed Customer Data
Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations. The post Ferrari Says Ransomware Attack Exposed Customer Data appeared first on SecurityWeek.
ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure […]
Amazon to lay off 9,000 more workers, including some at AWS
Amazon will fire about 9,000 more workers from several business units, including AWS, in the coming weeks, according to a statement released today by company CEO Andy Jassy. The announcement comes two months after Amazon unveiled plans to lay off 18,000 employees. In his official statement, Jassy said that most of the layoffs in this […]
ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure […]
Aembit Scores $16.6M Seed Funding for Workload IAM Technology
Maryland startup Aembit gets funding to build an identity platform designed to manage, enforce, and audit access between federated workloads. The post Aembit Scores $16.6M Seed Funding for Workload IAM Technology appeared first on SecurityWeek.
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers […]
CEO directives: Top 5 initiatives for IT leaders
CIO Talvis Love has weathered a tsunami of rapid and significant changes at Baxter International over the past year — with little reprieve in sight. In late 2021, the med tech company completed the $12.4 billion acquisition of Hillrom, the largest in its history, to expand the company’s digital health and connected care offerings. While […]
Digital transformation obstacles: Stubborn challenges, what to do about them
The transformation imperatives In recent years, global enterprises have gone through tectonic shifts, responding to massive changes in their societal, competitive, and geopolitical realities. These trends have had many consequences, but they’ve all served to intensify a key imperative: rapid digital transformation. While progress has been made, many organizations still have a lot of work […]
Waterfall Security, TXOne Networks Launch New OT Security Appliances
Waterfall Security Solutions and TXOne Networks have each announced launching new OT security appliances. The post Waterfall Security, TXOne Networks Launch New OT Security Appliances appeared first on SecurityWeek.
Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars’ worth of crypto-coins. The post Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes appeared first on SecurityWeek.
BianLian ransomware group shifts focus to extortion
Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. The shift in the operating model comes as a result of Avast’s release of a decryption tool that […]
Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra’s GoAnywhere solution. The post Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm appeared first on SecurityWeek.
Topgolf Callaway tees up digital transformation for global expansion
At Topgolf Callaway Brands, digital transformation has been a key enabler of strategic growth and expansion, laying the foundation for the company’s future. Ely Callaway Jr. founded the company in 1982, buying Hickory Stick USA golf clubs after that maker started running low on funds. In 1986, the company released the Big Bertha driver using […]
7 guidelines for identifying and mitigating AI-enabled phishing campaigns
The emergence of effective natural language processing tools such as ChatGPT means it’s time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to […]
New York Man Arrested for Running BreachForums Cybercrime Website
Conor Brian Fitzpatrick of New York was arrested and charged last week for allegedly running the popular cybercrime forum BreachForums. The post New York Man Arrested for Running BreachForums Cybercrime Website appeared first on SecurityWeek.
Adobe Acrobat Sign Abused to Distribute Malware
Cybercriminals are abusing the Adobe Acrobat Sign service in a campaign distributing the RedLine information stealer malware. The post Adobe Acrobat Sign Abused to Distribute Malware appeared first on SecurityWeek.
NBA Notifying Individuals of Data Breach at Mailing Services Provider
NBA is notifying individuals that their information was stolen in a data breach at a third-party mailing services provider. The post NBA Notifying Individuals of Data Breach at Mailing Services Provider appeared first on SecurityWeek.
Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
Huawei has replaced thousands of product components banned by the US with homegrown versions, its founder has said. The post Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder appeared first on SecurityWeek.
Signals from space: SD-WAN marks the next stage in commercialized space-based comms
Despite popular belief, most of today’s smartphones don’t connect directly with satellites orbiting our planet. The vast majority connect to nearby cell towers rooted in the earth. For the everyday consumer, space-based communications are largely limited to phone packages for use during localized emergencies when network coverage is down, or on remote camping trips via […]
Building your own web application platform is locking you in
Organizations have been transitioning away from legacy, monolithic platforms as these decades-old IT systems bog down management, flexibility, and agility with their tightly entangled components. CIOs have shifted toward building their own web application platforms with a set of best-in-class tools for more flexibility, customizations, and agile DevOps. This choice, however, isn’t right in all […]
7 ways to help your neurodiverse team deliver its best work
Technology work attracts neurodivergent people. So if you are leading a tech team, it’s likely that someone in your crew may be on the autism spectrum (ASD), be living with ADHD, or have an auditory processing disorder, learning disability, or other mental difference. Without the right accommodations, many neurodiverse professionals can struggle and, eventually, leave. […]
New ‘Trigona’ Ransomware Targets US, Europe, Australia
The recently identified Trigona ransomware has been highly active, targeting tens of organizations globally. The post New ‘Trigona’ Ransomware Targets US, Europe, Australia appeared first on SecurityWeek.
US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
Three US government agencies have issued a joint warning to organizations about LockBit 3.0 ransomware attacks. The post US Government Warns Organizations of LockBit 3.0 Ransomware Attacks appeared first on SecurityWeek.
Latitude Financial Services Data Breach Impacts 300,000 Customers
Latitude Financial Services says the personal information of 300,000 customers was stolen in a cyberattack. The post Latitude Financial Services Data Breach Impacts 300,000 Customers appeared first on SecurityWeek.
Two Patch Tuesday flaws you should fix right now
Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released. One vulnerability affects all supported versions of Outlook for Windows and allows attackers to steal Net-NTLMv2 hashes and then use them in NTLM (New […]
New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries
A newly identified threat actor named YoroTrooper is targeting organizations in Europe and the CIS region for espionage and data theft. The post New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries appeared first on SecurityWeek.
A CIO’s 10-part guide to personal branding
In addition to showcasing your executive experience and accomplishments, effective and targeted personal branding can demonstrate thought leadership and expertise within specific domain areas, as well as make a statement about your core values, character, and attitude. It can also help you move roles, whether from an operational “keep the lights on” CIO position to […]
Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
Mandiant links exploitation of the Fortinet zero-day CVE-2022-41328, exploited in government attacks, to a Chinese cyberespionage group. The post Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies appeared first on SecurityWeek.
BrandPost: 1Password integrates with Okta SSO
Single Sign-On (SSO) providers like Okta protect businesses by combining all company-approved sites and services in a single dashboard. Employees can then use a single, strongly vetted identity to log in to those sites and services using a single set of credentials. It’s better for security, and easier for employees. Now, 1Password Business customers can […]
Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits
Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs the victim’s phone number. The post Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits appeared first on SecurityWeek.
KPN CloudNL: providing customers with full say and control over their data and applications
KPN, the largest infrastructure provider in the Netherlands, offers a high-performance fixed-line and mobile network in addition to enterprise-class IT infrastructure and a wide range of cloud offerings, including Infrastructure-as-a-Service (IaaS) and Security-as-a-Service. Drawing on its extensive track record of success providing VMware Cloud Verified services and solutions, KPN is now one of a distinguished […]
Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111
Firefox 111 patches 13 CVEs, including several vulnerabilities classified as high severity. The post Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111 appeared first on SecurityWeek.
Inside Meta’s Kill Chain Thesis
Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of models. The post Inside Meta’s Kill Chain Thesis appeared first on SecurityWeek.
Private 5G and edge computing: a perfect match for manufacturing
Private 5G is the next evolution of networking for mission-critical applications used in factories, logistics centers and hospitals. In fact, any environment that needs the reliability, security and speed of a wired connection combined with the movement of people, things and data. The element of movement is often a factor in Industry 4.0 digital transformation – […]
UK bans TikTok on government devices over data security fears
Social media app TikTok has been banned on UK government electronic devices, the Cabinet Office has announced. The ban, announced by the chancellor of the Duchy of Lancaster, Oliver Dowden, comes in the wake of a security review into the risks posed to government data by social media apps on devices along with the potential […]
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
Microsoft says Russia targeted at least 17 European nations in 2023 — mostly governments — and 74 countries since the start of the Ukraine war. The post Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up appeared first on SecurityWeek.
Webinar Today: How to Build Resilience Against Emerging Cyber Threats
Join us for this webinar as we walk through three recent use cases where a new threat caught organizations off-guard. The post Webinar Today: How to Build Resilience Against Emerging Cyber Threats appeared first on SecurityWeek.
CISA Seeks Public Opinion on Cloud Application Security Guidance
CISA this week announced it is seeking public input on draft guidance for securing cloud business applications. The post CISA Seeks Public Opinion on Cloud Application Security Guidance appeared first on SecurityWeek.
Poland Breaks up Russian Spy Ring
Polish counter-intelligence has dismantled a Russian spy ring that gathered information on military equipment deliveries to Ukraine. The post Poland Breaks up Russian Spy Ring appeared first on SecurityWeek.
Russia-Linked APT ‘Winter Vivern’ Targeting Governments in Europe, Asia
Russia-backed threat group Winter Vivern has targeted government entities in Poland, Ukraine, Italy, and India in recent campaigns The post Russia-Linked APT ‘Winter Vivern’ Targeting Governments in Europe, Asia appeared first on SecurityWeek.
Data Breach at Independent Living Systems Impacts 4 Million Individuals
Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals. The post Data Breach at Independent Living Systems Impacts 4 Million Individuals appeared first on SecurityWeek.
Make Your Picks: Cyber Madness Bracket Challenge Starts Today
SecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting events. The post Make Your Picks: Cyber Madness Bracket Challenge Starts Today appeared first on SecurityWeek.
Cybercriminals, APT Exploited Telerik Vulnerability in Attacks on US Government Agency
Cyberspies and cybercriminals exploited a Telerik vulnerability tracked as CVE-2019-18935 on a government agency’s IIS server. The post Cybercriminals, APT Exploited Telerik Vulnerability in Attacks on US Government Agency appeared first on SecurityWeek.
CTO Dwayne Allen on delivering transcendent business impact
Dwayne Allen is an ORBIE-award winning technology executive primed for times like these. Equipped with experiences across a range of industries, a healthy dose of self-awareness, and a passion for learning and people, Allen is redefining the art of the possible as a strategic and innovative CTO. In his current role as senior vice president […]
What an IT career will look like in 5 years
While crystal ball technology is notoriously fallible, tech leaders say there are a handful of changes to IT work that we’ll likely see half a decade from now. IT pros will work in environments that are more task-based than position-based, experts say, relying more on automation and AI, and using tools that are increasingly portable […]
Russian hacktivist group targets India’s health ministry
A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens. “On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website,” cybersecurity firm CloudSek said […]
Why red team exercises for AI should be on a CISO's radar
AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct red team exercises against AI models and AI-enabled applications — just as security teams do with […]
When and how to report a breach to the SEC
New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents. Under the proposal, the SEC would implement three new rules that public companies will […]
Facebook ‘Unlawfully’ Used Dutch Personal Data: Court
Social media platform Facebook unlawfully processed Dutch users’ personal details without consent for advertising purposes for almost a decade, Amsterdam-based judges ruled on Wednesday. The post Facebook ‘Unlawfully’ Used Dutch Personal Data: Court appeared first on SecurityWeek.
Sunway Group’s Eddie Hau on cybersecurity as a business enabler for diversified businesses
Eddie Hau – Chief Information Security Officer of Sunway Group – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the challenges of protecting a conglomerate, Sunway Group’s digital transformation, and more. To read this article in full, please click here
What your CFO really needs in periods of economic uncertainty
The pressure is on to navigate economic uncertainty. Gartner’s downward revision of projected worldwide IT spending in 2023 from 5.1% to 2.4% growth underscores how inflation, interest rate fluctuations, and consumer spending are reshaping forecasts, investment portfolios, and the CIO agenda. Regardless of your company’s investment posture during this period of instability, interactions with the […]
Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million
Rapid7 spends $38 million to acquire Israeli anti-ransomware startup Minerva Labs to beef up its managed detection and response portfolio. The post Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million appeared first on SecurityWeek.
How to better secure your fleet of mobile devices
While mobile devices are the symbol of business continuity, they are also the mark of easy prey for cybercriminals. In fact, 75% of companies experienced a “major” mobile-related security compromise in 2022. And that risk brings high costs with it. When remote workers are the root cause of a data breach, mitigation costs rise 20% […]
IT productivity secrets: how to streamline management and tasks
It’s time to get back to the basics of productivity. The IT pendulum is swinging back toward operational excellence as companies must now recover from a whirlwind of digital transformation investments made over the past three years. Today, CIOs need to operationalize new technologies and online business models. But with IT teams already overexerted, how […]
5 strategies for boosting endpoint management
Cloud architectures and remote workforces have effectively dissolved the network perimeter, the traditional line of defense for IT security. Lacking that decisive boundary, the work of security teams has changed. Now to guard against data breaches, ransomware, and other types of cyber threats, protecting network endpoints is more important than ever. But protecting endpoints is a […]
Top 5 Security Trends for CIOs
The post-pandemic reality. Macroeconomic turbulence. Explosive technology innovations. Generational shifts in technological expectations. All these forces and more drive rapid, often confusing change in organizations large and small. With every such change comes opportunity–for bad actors looking to game the system. Cybersecurity cannot stand still, or the waves of innovation will overrun the shores. Adversaries […]
Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script
Microsoft blames a “Russian-based threat actor” for in-the-wild attacks hitting its flagship Microsoft Outlook and has released a detection script to help defenders. The post Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script appeared first on SecurityWeek.
Software bill of materials: a critical component of software supply chain security
Ensuring strong software security and integrity has never been more important because software drives the modern digital business. High-profile vulnerabilities discovered over the past few years, with the potential to lead to attacks against organizations using the software, have hammered home the need to be vigilant about vulnerability management. Perhaps the most dramatic recent example […]
Proactive cybersecurity: sometimes offence is the best defense
In today’s cybersecurity environment—with new types of incidents and threat vectors constantly emerging—organizations can’t afford to sit back and wait to be attacked. They need to be proactive and on the offensive when it comes to defending their networks, systems, and data. It’s important to understand that launching an offensive cybersecurity strategy does not mean […]
Think your attack surface is too large? You don’t know the half of it
Purchase a cheap card swipe cloner off the Dark Web. Distract a hotel housekeeper for a moment and clone their master key. Use your mark’s email address to access a login page. Choose to reset the password and have the code sent to the mark’s phone. Check their voicemail using the default last four digits […]
Unified commerce elevates customer experience for Hippo Stores
One of the biggest challenges confronting retailers today is ensuring convergence between customers’ traditional in-store shopping experience and their digital journey, thereby delivering a seamless customer experience (CX). For brick-and-mortar stores, legacy technologies often make migrating online difficult. Over time, as they explore online opportunities, traditional retailers often find it challenging to unravel all they […]
Huawei Democratises Digital Infrastructure for SMEs through Global Partnerships
In today’s era of economic uncertainty, enterprises must embrace digital transformation to stay relevant. By 2026, global spending on digital transformation is expected to reach US$3.4 trillion, and this trend is accelerating. For most enterprises, digital transformation encompasses the infrastructure needed to facilitate computing, storage, and networking, while digital technologies such as the cloud, Artificial […]
Oracle extends its MyLearn program to NetSuite
Oracle is extending its MyLearn program, offered via the company’s University portal, to cover its NetSuite midmarket ERP products. Like the Oracle University version of MyLearn, NetSuite’s MyLearn program — which offers courses on Oracle Cloud Infrastructure (OCI) and SaaS offerings such as Fusion applications — will offer courses on its product fundamentals and implementation. […]
4 tips to cut cloud costs: IaaS, SaaS, and UCaaS
One of the key advantages of the cloud is cost savings, and yet cloud costs are on the rise and overspending by as much as 70% is commonplace, according to Gartner. Much like gyms make their money off members who never actually use the equipment, cloud providers profit from those who underutilize their resources. That’s […]
SD-WAN & SASE call for smarter IT service management
Today’s digital era has triggered a mass modernization of corporate IT infrastructures. But in upgrading networks and security systems with technologies like SD-WAN and SASE, IT teams face a paradigm shift in managing a cacophony of new tools and service providers behind them. SD-WAN and SASE: essential for secure innovation and remote work Company leaders […]
5 best practices for managing your mobile fleet
The effective management of mobile devices is a game of high risk. While every company is dependent on their devices to generate revenue, they also increase vulnerability to ransomware attacks costing an average $4.5 million and consume 34% of IT’s time and productivity. Keeping the corporate fleet securely up and running is top of mind […]
Your next hero move: using AI to automate IT expense optimization
Every business leader wants to be the next hero, praised for sharpening the corporate competitive edge. Business heroes are the ones who solve big problems by leveraging emerging technology to awaken new powers accelerating strategic outcomes. So, why not use artificial intelligence (AI) to step into your higher potential, automating a system that drives more […]
Dell beefs up security portfolio with new threat detection and recovery tools
Dell Technologies has added a slew of in-house as well as partnered capabilities to its security portfolio in a bid to beef up its capabilities in areas including threat security, management, and incident response. “Through ongoing innovation and a powerful ecosystem of partners, we’re committed to helping organizations protect against threats, withstand and recover from […]
US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing
Sagar Singh and Nicholas Ceraolo have been charged for their alleged roles in a doxing operation that involved hacking a law enforcement platform and email account. The post US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing appeared first on SecurityWeek.
NSA Shares Guidance on Maturing ICAM Capabilities for Zero Trust
NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections. The post NSA Shares Guidance on Maturing ICAM Capabilities for Zero Trust appeared first on SecurityWeek.
Huawei: Transition to cloud native and democratisation of AI among changes needed for smarter, greener finance
During MWC 2023, Jason Cao, CEO of Huawei Global Digital Finance shares Huawei’s latest progress in digitalising financial services. Huawei The financial services industry (FSI) today is poised for disruption. According to IDC, changes in consumer behaviour arising from the global pandemic, consumer perceptions, technological innovation and an inclination towards During MWC 2023, Jason Cao, […]
Are Encryption and Zero Trust Breaking Key Protections?
Compliance and ZTNA are driving encryption into every aspect of an organization’s network and enterprise and, in turn, forcing us to change how we think about protecting our environments. The post Are Encryption and Zero Trust Breaking Key Protections? appeared first on SecurityWeek.
Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs
The Chinese hacker group Tick has targeted an East Asian data loss prevention firm whose customers include military and other government organizations. The post Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs appeared first on SecurityWeek.
Beyond Identity launches Zero Trust Authentication to align verification with zero-trust principles
Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with […]
Palo Alto announces new SD-WAN features for IoT security, compliance support
Cybersecurity vendor Palo Alto has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the prevention of unknown and evasive man-in-the-middle (MitM) and SaaS platform phishing attacks. SD-WAN for IoT […]
Cybercriminals target SVB customers with BEC and cryptocurrency scams
Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware. SVB was shut down on March 10 by the California Department of Financial Protection and Innovation, after the bank failed to raise capital to keep running. […]
Dero, Monero Cryptojackers Fighting for Same Kubernetes Clusters
Dero cryptojacking operation infecting Kubernetes infrastructure is being targeted by Monero criptojackers for control over the same clusters. The post Dero, Monero Cryptojackers Fighting for Same Kubernetes Clusters appeared first on SecurityWeek.
Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks
Russia-linked APT29 was seen abusing the legitimate information exchange systems used by European countries in attacks aimed at governments. The post Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks appeared first on SecurityWeek.
The Rise of the BISO in Contemporary Cybersecurity
While the BISO might appear to be a new role, it is not – and understanding its past provides insights into its present. The post The Rise of the BISO in Contemporary Cybersecurity appeared first on SecurityWeek.
Don’t do IT yourself: The trick to ensuring business alignment
Picture this: A newly hired CIO of a large Fortune 500 company meets with all the C-level executives of the firm in the CEO’s office. During the meet and greet, after saying how he looks forward to setting up one-on-ones with all of them to discuss their thoughts on the IT department, he notices a […]
6 signs it’s time to restructure your IT organization
Nothing lasts forever in IT, and that includes your organizational structure. Deciding on whether to scrap or keep existing infrastructure of any stripe isn’t easy. A complete rebuild can be disruptive, time-consuming, and risky. And if the initiative misses its goal, or runs over budget, the CIO’s job may be at stake. Yet, as any […]
Trustwave teams up with Trellix for better managed security
Managed cybersecurity vendor Trustwave said Tuesday that it will be partnering with extended detection and response company Trellix for a combined XDR/MDR offering. MDR, as offered by Trustwave, essentially works as a remote, third-party security operations center. The idea is, given the growing complexity of modern security threat landscapes, to let end user companies simply […]
Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit
Cybersecurity firm Rubrik has confirmed being hit by the GoAnywhere zero-day exploit after the Cl0p ransomware group named the company on its leak website. The post Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit appeared first on SecurityWeek.
Hawaii Health Department Says Death Records Compromised in Recent Data Breach
The Hawaii DOH says roughly 3,400 death records were accessed via the compromised account of a former employee. The post Hawaii Health Department Says Death Records Compromised in Recent Data Breach appeared first on SecurityWeek.
SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day
SAP has released 19 new notes on March 2023 Security Patch Day, including five notes rated hot news. The post SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day appeared first on SecurityWeek.
How tech companies could benefit from investing in Saudi Arabia
LEAP, one of the biggest tech events in the Middle East took place recently in Riyadh for the second year with more than 172,000 people in attendance. During the opening, Abdullah Alswaha, the Minister of Communication and Information Technology of Saudi Arabia has announced that the Arab kingdom has received US$9 billion in investments to […]
DNS data shows one in 10 organizations have malware traffic on their networks
During every quarter last year, between 10% and 16% of organizations had DNS traffic originating on their networks towards command-and-control (C2) servers associated with known botnets and various other malware threats, according to a report from cloud and content delivery network provider Akamai. More than a quarter of that traffic went to servers belonging to […]
How an immigrant back story builds up tech leaders
Covid-19 briefly immobilized the world, but as order steadily resumes, so do opportunities for those looking to advance their tech careers. For a specific section of that talent, immigrants have always been a key to the industry, and a source of inspiration for many. Yet career paths sometimes depend on networks and connections, and uprooting […]
Mitigating cloud sprawl: Controlling XaaS resources, costs, and security
In the age of digital innovation and work-from-anywhere, every company has a lengthening list of cloud services and applications compounding complexity for their IT team. Consider today’s trends that make cloud resources more prolific — sometimes without any regard for cost or risk to the company: The advantages of cloud scalability and management off-loading have […]
Is your BYOD mobile strategy costing more than you think?
As mobile work experiences redefine how business gets done, managing an increasing number of devices across a modern workforce has become a growing challenge. Imagine the retail associate using a tablet to check inventory and pricing for customers, the UPS driver recording deliveries and updating the system, and the construction foreman referring to a device […]
5 steps to buckle up your IT belt for a bumpy ride
When it comes to predicting the economic future, there are a lot of mixed signals right now, but one thing remains clear: Recession or no recession, cost-cutting initiatives are always a smart idea, particularly given today’s inflation rates. Economic concerns are increasing the pressures on IT to do more with less. Consider that 92% of […]
Microsoft Patches 80 Security Vulns, Warns of Outlook Zero-Day Exploitation
Patch Tuesday: Redmond calls special attention to a pair of Windows security flaws marked as ‘actively exploited’ in the wild. The post Microsoft Patches 80 Security Vulns, Warns of Outlook Zero-Day Exploitation appeared first on SecurityWeek.
Microsoft SmartScreen Zero-Day Exploited to Deliver Magniber Ransomware
A cybercrime group has been exploiting a Microsoft SmartScreen zero-day vulnerability tracked as CVE-2023-24880 to deliver the Magniber ransomware. The post Microsoft SmartScreen Zero-Day Exploited to Deliver Magniber Ransomware appeared first on SecurityWeek.
Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day
Adobe issues urgent warning for “very limited attacks” exploiting a zero-day vulnerability in its ColdFusion web app development platform. The post Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day appeared first on SecurityWeek.
ReversingLabs adds new context-based secret detection capabilities
ReversingLabs has added new secret detection capabilities to its software supply chain security (SSCS) tool to help developers prioritize remediation with context-based data on secrets. In a development environment, secrets refer to digital authentication credentials used in software components including login credentials, API tokens, and encryption keys. “We are using our knowledge of exposed secrets […]
Universities and colleges cope silently with ransomware attacks
Although some cybersecurity researchers say that ransomware attacks are on the downswing as cybercriminals face declining payments, a spate of recent ransomware attacks makes it feel like the scourge is continuing at the same, or even an elevated, pace. Nowhere is this more apparent than in the higher education sector, with at least eight colleges […]
Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor
The LockBit ransomware group claims to have stolen valuable SpaceX data after breaching the systems of Maximum Industries. The post Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor appeared first on SecurityWeek.
Cloud Forensics Startup Mitiga Completes $45M Series A
Israeli cloud security startup Mitiga adds Samsung Next as an investor in a completed $45 million Series A financing round. The post Cloud Forensics Startup Mitiga Completes $45M Series A appeared first on SecurityWeek.
ChatGPT and the Growing Threat of Bring Your Own AI to the SOC
Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring your own AI (BYO-AI). The post ChatGPT and the Growing Threat of Bring Your Own AI to the SOC appeared first on SecurityWeek.
CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks
A new CISA pilot program to warn critical infrastructure organizations if their systems are unpatched against vulnerabilities exploited in ransomware attacks. The post CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks appeared first on SecurityWeek.
How the Best CISOs Drive Operational Resilience
Cyberattacks have exposed a myriad of vulnerabilities in our healthcare infrastructure, and will continue to do so as new and innovative medical technologies are developed. The post How the Best CISOs Drive Operational Resilience appeared first on SecurityWeek.
Can a quantum algorithm crack RSA cryptography? Not yet
Every CISO has encryption implementation decisions to make at a variety of levels and instances as they sort the support needed for business operations such as production, sales, support, data retention, and communication. These decisions tend to lean heavily on the “ease of use” doctrine and ubiquitousness of the various product offerings being considered. Therefore […]
Amazon-owned Ring reportedly suffers ransomware attack
Ring, a home security and smart home company owned by Amazon, has reportedly suffered a ransomware attack by Russia-linked ALPHV group, according to a tweet by VX-Underground. The ALPHV ransomware group, also known as BlackCat, has posted the company’s logo on its website along with a message that reads, “There’s always an option to let us leak your […]
Ring Denies Falling Victim to Ransomware Attack
Ring says it has no indications it has fallen victim to a ransomware attack after cybergang threatens to publish supposedly stolen data. The post Ring Denies Falling Victim to Ransomware Attack appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens, Schneider Electric Address Over 100 Vulnerabilities
Siemens and Schneider Electric have addressed more than 100 vulnerabilities with their March 2023 Patch Tuesday security advisories. The post ICS Patch Tuesday: Siemens, Schneider Electric Address Over 100 Vulnerabilities appeared first on SecurityWeek.
Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach
Fortinet says recently patched FortiOS vulnerability was exploited in sophisticated attacks targeting government entities. The post Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach appeared first on SecurityWeek.
AI and automation will play an increasing role in technology
By Ram Velaga, Senior Vice President and General Manager, Core Switching Group This article is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. It is clear that artificial intelligence, machine learning, and […]
US Military undergoes shift in CIO ranks
The US Military is undergoing major changes in its CIO ranks as it finalizes its joint warfighting cloud platform. On Feb. 10, US Army CIO Dr. Raj Iyer concluded his two-year contract and was awarded the Distinguished Civilian Service Medal, the highest honor that can be granted to a civilian employee, for his efforts to […]
SAP 2023 outlook: 7 predictions for customers
With the threat of a recession looming, cost pressures increasing, and the deadline to move off SAP ECC swiftly approaching, SAP customers have a lot to consider as they plan for the year ahead. Here are some of the trends we expect to play out as the year goes on, specifically for SAP customers. 1. […]
Decoding the Qualtrics deal: Was the firm a good fit for SAP?
SAP’s acquisition of a majority stake at customer experience (CX) software firm Qualtrics back in 2018 for $8 billion was never a match made in heaven. Both companies remained incongruous to each other’s progress before Qualtrics was sold to Silver Lake and CPP Investments earlier this week, according to experts and analysts. “Even though Qualtrics […]
CIOs take aim at Silicon Valley talent
Signs of a tech talent shift are under way, with IT pros increasingly turning away from Silicon Valley and tech stalwarts in favor of new roles outside the technology industry. For Andreea Bodnari and Chris Jones, both of whom left Silicon Valley tech companies to work at healthcare organization Optum, the lure was not concern […]
Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia
The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ. The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, 2023, ElectricIQ […]
Healthcare providers focus on quality for the next phase of digital transformation
As healthcare providers emerge from the operational disruptions caused by the global pandemic, IT and business leaders are renewing their focus on “quality”– specifically, have digital investments provided quality and value for IT systems; is technology improving quality for caregivers inside facilities; and have digital transformation efforts enhanced the patient experience and the quality of care […]
A feat of skill: Moving SAP workloads to the cloud
Moving SAP workloads to the cloud promises to be transformational, but it’s not for the faint of heart. Goals for an ERP modernization initiative often range from lowering costs through infrastructure savings to adding cloud-based capabilities to ERP tasks with minimal disruption to day-to-day business. Achieving these objectives takes perceptive analysis, meticulous planning, and skillful […]
How to overcome the data silo challenge
Organizations that are investing in analytics, artificial intelligence (AI), and other data-driven initiatives have exposed a growing challenge: a lack of integration across data sources that is limiting their ability to extract true value from these investments. It’s imperative for IT and business leaders to eliminate these data silos – some of which are operational, […]
Dark Pink APT group linked to new KamiKakiBot attacks in Southeast Asia
The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ. The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, 2023, ElectricIQ […]
Delta takes off with modernized blend of mainframes and cloud
When it comes to IT, Delta Air Lines is climbing higher into the clouds even as it keeps its footing on solid ground. The Atlanta-based airlines, which is partnering with Amazon Web Services on the cloud front and Kyndryl for its mainframe systems, is very content with its choice for a hybrid infrastructure, says Matt […]
How the cloud helps banking and finance companies tackle core modernization challenges
Two decades of technology-driven transformation has left many financial services firms with significant complexity and technical debt. While banking and finance organizations have aggressively moved workloads and apps to the cloud to meet changing customer needs, some remain hesitant to tackle modernization of core infrastructure and systems, fearing a disruption to the business. In a […]
A critical next phase of cloud transformation: Reducing WAN complexity
Over the past two decades, cloud computing has evolved from a method that utilized extra data center capacity to the mission-critical infrastructure across enterprises that we see today. But along the way, the transformation and dramatic growth of the cloud have created increasingly complex, multi-account, and multi-region environments that can hinder, rather than accelerate, a company’s […]
Assessing the impact of layoffs on Africa’s IT talent
While much of the news around tech layoffs has focused on US giants like Amazon, Microsoft, Google, Oracle, Meta and Twitter, dismissals are also happening closer to home. Since December, Chipper Cash, an African cross-border payments business and one of Africa’s few tech unicorns, has laid off about 150 staff, with the brand’s engineering team taking […]
New ‘GoBruteforcer’ Botnet Targets Web Servers
The recently identified Golang-based GoBruteforcer botnet is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. The post New ‘GoBruteforcer’ Botnet Targets Web Servers appeared first on SecurityWeek.
Euler Loses Nearly $200 Million to Flash Loan Attack
London, UK based De-Fi platform company Euler has lost a reported $196 million to a flash loan attack. The post Euler Loses Nearly $200 Million to Flash Loan Attack appeared first on SecurityWeek.
CISA Warns of Plex Vulnerability Linked to LastPass Hack
CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Plex Vulnerability Linked to LastPass Hack appeared first on SecurityWeek.
Cybercrime Losses Exceeded $10 Billion in 2022: FBI
The FBI received more than 800,000 cybercrime-related complaints in 2022, with losses totaling over $10 billion. The post Cybercrime Losses Exceeded $10 Billion in 2022: FBI appeared first on SecurityWeek.
Blackbaud penalized $3M for not disclosing the full scope of ransomware attack
Software firm Blackbaud has agreed to pay a $3 million penalty for failing to disclose the full scope of the ransomware attack it suffered in 2020, according to the US Securities and Exchange Commission (SEC). South Carolina headquartered Blackbaud provides donor relationship management software to various non-profit organizations, including charities, higher education institutions, K-12 schools, […]
NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry
NMFTA appoints Antwan Banks as director of enterprise security as the organization shifts focus to end-to-end security for the trucking industry. The post NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry appeared first on SecurityWeek.
Zoll Medical Data Breach Impacts 1 Million Individuals
Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year. The post Zoll Medical Data Breach Impacts 1 Million Individuals appeared first on SecurityWeek.
SAP-owned Qualtrics to be sold to Silver Lake, CPP Investments for $12.5 billion
Customer Experience management company Qualtrics on Monday said private equity firm Silver Lake and Canada Pension Plan Investment Board (CPP Investments) have agreed to buy the entire company for $12.5 billion in an all-cash transaction. CPP Investments, according to a joint statement, will pay $1.75 billion in equity and another $1 billion in debt […]
6 reasons why your anti-phishing strategy isn’t working
Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on. “Bad actors are highly motivated and funded with the sole […]
Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms
Reports published by various industrial cybersecurity companies provide different numbers on ICS vulnerabilities — here’s why. The post Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms appeared first on SecurityWeek.
BrandPost: Cybersecurity Automation: Leveling the Playing Field
Many things challenge how we practice cybersecurity these days. Digital transformation has brought significant adoption of new technology and business models, including cloud solutions, e-commerce platforms, smart devices, and a significantly more distributed workforce. These, in turn, have brought with them an increase in new threats, risks, and cybercrime. As organizations emerge post-pandemic, many of […]
Cybersecurity Automation: Leveling the Playing Field
By Leonard Kleinman, Field Chief Technology Officer (CTO) ) Cortex for Palo Alto Networks JAPAC Many things challenge how we practice cybersecurity these days. Digital transformation has brought significant adoption of new technology and business models, including cloud solutions, e-commerce platforms, smart devices, and a significantly more distributed workforce. These, in turn, have brought with […]
New variant of the IceFire ransomware targets Linux enterprise systems
A novel Linux version of the IceFire ransomware that exploits a vulnerability in IBM’s Aspera Faspex file-sharing software has been identified by SentinelLabs, a research division of cybersecurity company Sentinel One. The exploit is for CVE-2022-47986, a recently patched Aspera Faspex vulnerability. Known up to now to target only Windows systems, the IceFire malware detected by […]
Silicon Valley Bank Seized by FDIC as Depositors Pull Cash
The FDIC seized the assets of Silicon Valley Bank on Friday, which could impact cybersecurity firms that use the bank’s services. The post Silicon Valley Bank Seized by FDIC as Depositors Pull Cash appeared first on SecurityWeek.
Cyber Madness Bracket Challenge – Register to Play
SecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting events. The post Cyber Madness Bracket Challenge – Register to Play appeared first on SecurityWeek.
Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying
Researchers discover a dozen serious vulnerabilities in Akuvox smart intercom, but the vendor has not released any patches. The post Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying appeared first on SecurityWeek.
Blackbaud Fined $3M For ‘Misleading Disclosures’ About 2020 Ransomware Attack
Blackbaud has been slapped with a $3 million civil penalty by the SEC for “making misleading disclosures” about a 2020 ransomware attack that impacted more than 13,000 customers. The post Blackbaud Fined $3M For ‘Misleading Disclosures’ About 2020 Ransomware Attack appeared first on SecurityWeek.
Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website
Authorities seized a domain distributing the NetWire RAT and arrested a Croatian individual who administered the website. The post Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website appeared first on SecurityWeek.
AT&T informs 9M customers about data breach
AT&T is informing customers about a data breach at a vendor’s system that allowed threat actors to gain access to AT&T’s Customer Proprietary Network Information (CPNI). The incident came to light after customers posted the email communication from AT&T on community forums to know if it was legitimate or email fraud. “We recently determined that […]
Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor
AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor. The post Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor appeared first on SecurityWeek.
Cerebral Informing 3.1 Million Individuals of Inadvertent Data Exposure
Cerebral is informing 3.1 million individuals that their PHI was inadvertently exposed via third-party tracking technologies. The post Cerebral Informing 3.1 Million Individuals of Inadvertent Data Exposure appeared first on SecurityWeek.
Serious Vulnerability Patched in Veeam Data Backup Solution
A serious vulnerability in Veeam Backup & Replication may allow attackers to obtain encrypted credentials from the configuration database. The post Serious Vulnerability Patched in Veeam Data Backup Solution appeared first on SecurityWeek.
Attacks on SonicWall appliances linked to Chinese campaign: Mandiant
A persistent malware targeting unpatched SonicWall Secure Mobile Access (SMA) appliances has been linked to a Chinese campaign dating back to 2021, according to a Mandiant research done in partnership with SonicWall’s in-house research team. The responsible malware, dubbed UNC4540, has been found to be stealing user credentials, providing shell access, and persisting through firmware […]
White House Budget Plan Seeks to Boost Cybersecurity Spending
President Biden’s new $6.9 trillion budget proposal for 2024 shows that the administration wants to increase cybersecurity spending. The post White House Budget Plan Seeks to Boost Cybersecurity Spending appeared first on SecurityWeek.
Driving Customer Loyalty with Secure and Modern Apps
According to a PwC report, one in three consumers (32%) say they will walk away from a brand they love after just one bad experience. Unlike personal relationships, loyalty in the consumer world can be surprisingly transitory. This gets worse in the digital world where it takes just a few clicks and minutes to uninstall […]
8 ways to retain top developer talent
Human-centric work is a growing movement that focuses on the needs of people, reaping business rewards in the process. As recent Gartner research shows, human-centric work practices leads to better employee performance, with workers 3.8 times more likely to be considered high performing in these environments. As some of your most valuable employees, software developers […]
Unilever leverages ChatGPT to deliver business value
The past several years have thrown numerous challenges at consumer packaged goods (CPG) companies. The pandemic has led to shifting consumer channel preferences, a supply chain crunch, and cost pressure, to name just a few. CPG titan Unilever has been answering the challenge with analytics and artificial intelligence (AI). The 93-year-old, London-based CPG company is […]
Acronis Clarifies Hack Impact Following Data Leak
Acronis said a single customer’s account was compromised after a hacker leaked gigabytes of information on a cybercrime forum. The post Acronis Clarifies Hack Impact Following Data Leak appeared first on SecurityWeek.
OCI demand for AI workloads, Cerner boost Oracle’s third quarter revenue
Oracle on Thursday reported third quarter total revenue of $12.4 billion, up 18% year-on-year, boosted by the demand for AI workloads in Oracle Cloud Infrastructure (OCI) and Cerner’s contribution to the topline. “So, we have a lot of business, a lot of new AI companies coming to Oracle because we’re the only ones who can […]
Stolen credentials increasingly empower the cybercrime underground
The cybercrime underground has long functioned as an open market where sellers of products and services are paired with buyers and contractors. One of the most valuable commodities on this market are stolen credentials since they can provide attackers with access into networks, databases, and other assets owned by organizations. It’s no surprise to see […]
New Chinese regulatory body expected to streamline data governance rules
A new data regulation body that China is reportedly set to create is expected to clarify and establish new data sovereigny rules for multinational companies and accelerate tech-based initatives such as public administration services built on anonymized citizen data. The new governent body will streamline data governance policies in the country, amid increasing confusion from […]
Congressional health insurance service hit by data breach
A health insurance marketplace that provides coverage for members of the US Congress and congressional staffers was found to be compromised on Wednesday, according to a letter apparently sent from House Chief Administrative Officer Catherine L. Szpindor to members of that chamber. Szpindor’s office would not directly confirm or deny the authenticity of the letter, […]
4 Reasons to Outsource Large IT Projects During Economic Headwinds
Large IT projects are hard to execute, particularly when in-house staff are often pulled into their day jobs and distracted by other priorities. This can be costly for organizations. In fact, McKinsey suggests that early cost and schedule overruns can cause projects to cost twice as much as anticipated. One common resolution to this challenge […]
GitHub begins 2FA rollout for code contributors
GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub first announced its intention to mandate 2FA for all code contributors in May 2022, and will begin the first group’s enrolment on Monday, March 13. […]
Custom Chinese Malware Found on SonicWall Appliance
Malware deployed by Chinese hackers on a SonicWall SMA appliance includes credential theft, shell access, and persistence functionality. The post Custom Chinese Malware Found on SonicWall Appliance appeared first on SecurityWeek.
Learn from IT Innovators at CIO’s FutureIT Dallas
Leading a technically complex initiative can feel like you’re climbing Mount Everest. Find out what it’s actually like to scale the world’s tallest peak – and how it really does relate to your digital journey – from extreme adventurer Jamie Clark. Clark will join prominent IT leaders from around the region at CIO’s FutureIT Dallas […]
Lazarus group infiltrated South Korean finance firm twice last year
Lazarus group was spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year. The North Korea-linked group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability, according to a research by AhnLab Security Emergency Response Center (ASEC). ASEC […]
Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks
Cisco has released patches for a high-severity DoS vulnerability in IOS XR software for several enterprise-grade routers. The post Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks appeared first on SecurityWeek.
Jenkins Server Vulnerabilities Chained for Remote Code Execution
Two vulnerabilities recently addressed in Jenkins server can be chained to achieve arbitrary code execution. The post Jenkins Server Vulnerabilities Chained for Remote Code Execution appeared first on SecurityWeek.
Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List
An analysis found that over 40 exploited vulnerabilities, mostly leveraged by botnets, are missing from CISA’s ‘must patch’ catalog. The post Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List appeared first on SecurityWeek.
QuSecure Unveils Quantum-Resilient Communications Satellite Link
QuSecure announced an end-to-end quantum resilient encrypted communications link that protects data delivered by satellite. The post QuSecure Unveils Quantum-Resilient Communications Satellite Link appeared first on SecurityWeek.
Fortinet Patches Critical Unauthenticated RCE Vulnerability in FortiOS
Fortinet has patched a critical buffer underflow vulnerability in FortiOS and FortiProxy that could lead to remote code execution without authentication. The post Fortinet Patches Critical Unauthenticated RCE Vulnerability in FortiOS appeared first on SecurityWeek.
Congress Members Warned of Significant Health Data Breach
House and Senate members informed that hackers may have gained access to their sensitive personal data in DC Health Link breach. The post Congress Members Warned of Significant Health Data Breach appeared first on SecurityWeek.
Cado Security Banks $20M in Series B Funding
French investment firm Eurazeo leads a $20 million bet on Cado Security, a British cloud forensics technology startup. The post Cado Security Banks $20M in Series B Funding appeared first on SecurityWeek.
ChatGPT Integrated Into Cybersecurity Products as Industry Tests Its Capabilities
ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations. The post ChatGPT Integrated Into Cybersecurity Products as Industry Tests Its Capabilities appeared first on SecurityWeek.
Google Discontinuing Chrome Tool for Removing Unwanted Software
Google has announced the discontinuation of the Chrome Cleanup Tool, an application for identifying and removing unwanted software. The post Google Discontinuing Chrome Tool for Removing Unwanted Software appeared first on SecurityWeek.
Defeating the Deepfake Danger
Deepfakes are becoming increasingly popular with cybercriminals, and as these technologies become even easier to use, organizations must become even more vigilant. The post Defeating the Deepfake Danger appeared first on SecurityWeek.
Why IT communications fail to communicate
One of my client’s business analysts solicited my opinion: “Is this a good specification document?” he asked. Long ago I’d learned — the hard way — the wisdom of the adage “When someone asks for advice, they’re usually looking for an accomplice.” So I answered his question with a question of my own, asking him why […]
The CIO’s guide to smarter vendor negotiation: 10 tips
In an IT marketplace marked by turbulence, inflation, and economic uncertainty, the process of contracting with vendors for technology products and services has gotten significantly more challenging for CIOs. IT leaders may find that prices are going up without an accompanying increase in benefits, with technology providers — less dependent on any one industry or […]
Revelstoke Security Raises $20 Million for SOAR Platform
Revelstoke Security has raised $20 million in a Series B funding round co-led by ClearSky Security and SYN Ventures. The post Revelstoke Security Raises $20 Million for SOAR Platform appeared first on SecurityWeek.
Vendor consolidation a hot-button topic for CIOs as they try to manage the tensions between innovation and efficiency
CIOs have always had to find a balance between the need to deliver innovation and the need to establish operational excellence. However, this tension has become even more challenging in recent years. After several years in which businesses of all sizes and across all sectors were forced to transform rapidly in response to the pandemic, […]
A refocus on the hybrid working technology experience is now critical to employee satisfaction and retention
Flexibility and lifestyle are critical concerns for the modern employee. While the “Great Resignation” – a trend that has caused unprecedented rates of employees quitting and churn over the past few years – looks like it is finally starting to ease, the changes it drove in how business is done will persist. Companies were incentivised […]
How CIOs Can Drive Positive Disruption Through Global Macro-Economic Challenges
CIOs have a significant opportunity to drive a transformation and innovation agenda in 2023. Despite the global economic outlook pointing to ongoing market disruption, inflation, and recession in many parts of the world, organisations are going to want to continue to invest in technology, and this will benefit both employees and customers. Research in the […]
Support the development of your IT professionals. Become an ACS partner.
ACS (Australian Computer Society) is the professional association for Australia’s technology sector. With 35,000+ members, ACS is dedicated to growing the nation’s digital skills and capacity. ACS members benefit from professional training and skills certification, networking and events, liability insurance cover and access to technology and innovation hubs. In addition, ACS has developed a Professional […]
What it’s going to take for advanced AI to reshape the enterprise landscape
According to Infosys research, data and artificial intelligence (AI) could generate $467 billion in incremental profits worldwide and become the cornerstone of enterprises gaining a competitive edge. But while opportunities to use AI are very real – and ChatGPT’s democratisation is accelerating generative AI test-and-learn faster than QR code adoption during the Covid pandemic – […]
SANS, Google launch academy to promote cloud security, diversity in workforce
SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in partnership with Google, to help provide training and certifications to women, ethnic minorities, Indigenous people and other groups that are currently underrepresented in the cybersecurity sector. A 2022 report by Cybersecurity Ventures found that women make up only 25% of the cybersecurity workforce globally, […]
Don’t let NetOps “gotchas” derail your digital transformation
Over the past few years, technological and business advancements have created increasingly grand expectations. Your customers expect an “always on” experience. (Today, you can also add “always fast,” “always intuitive,” “always successful,” and so on.) Fundamentally, if customers find it too difficult to engage digitally with your business, they’ll engage elsewhere. Digital transformation: The implications […]
SAP rounds out data warehouse cloud functionality, renamed Datasphere
SAP’s Data Warehouse Cloud is evolving, gaining new features and a new name, Datasphere, as the company addresses continued diversification of the enterprise data. It’s part of SAP’s move to become a more significant player in the business data fabric space, said Irfan Khan, SAP’s chief product officer for its HANA database and analytics. Khan […]
Hard-coded secrets up 67% as secrets sprawl threatens software supply chain
The number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded secrets and accelerating secrets sprawl (storing secrets in many different places) are threatening the security […]
Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking
Threat actors really only stop when their infrastructure is disrupted and their flow of funds disappears. The post Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking appeared first on SecurityWeek.
Ceiling breakers: Women IT execs shake up the status quo
Early in her life Ricki J. Koinig saw the immense impact that technology could have on individuals and their ability to move through life. To pay for horseback riding lessons while growing up, Koinig worked in a program for children and young adults with special needs who used assistive technologies. Those early professional experiences in […]
Parlay insights from the edge across your enterprise for real business value
Companies capture more data and compute capacity at the edge. At the same time, they are laying the groundwork for a distributed enterprise that can capitalize on a multiplier effect to maximize intended business outcomes. The number of edge sites — factory floors, retail shops, hospitals, and countless other locations — is growing. This gives […]
Best practices for developing an actionable cyberresilience road map
Pandemic-era ransomware attacks have highlighted the need for robust cybersecurity safeguards. Now, leading organizations are going further, embracing a cyberresilience paradigm designed to bring agility to incident response while ensuring sustainable business operations, whatever the event or impact. Cyberresilience, as defined by the Ponemon Institute, is an enterprise’s capacity for maintaining its core business in the face of […]
Secure data-first modernization? Leverage a trusted ecosystem of partners
As companies lean into data-first modernization to deliver best-in-class experiences and drive innovation, protecting and managing data at scale become core challenges. Given the diversity of data and range of data-inspired use cases, it’s important to align with a robust partner ecosystem. This can help IT teams map the right set of services to unique […]
Bringing Your Employees Together Under a Shared Customer Experience Ownership Model
Breaking communication siloes between contact center and non-contact center employees is paramount to improving customer satisfaction, employee engagement, and operating costs. The average contact center agent spends 15% of their working day chasing down information needed to serve customers. These hours can add up to a financial loss of $1.5 million annually for a 200-agent contact center, according […]
Tapping high-performance computing for new business value
Many people associate high-performance computing (HPC), also known as supercomputing, with far-reaching government-funded research or consortia-led efforts to map the human genome or to pursue the latest cancer cure. But HPC can also be used to advance more traditional business outcomes — from fraud detection and intelligent operations to digital transformation. The challenge: making complex […]
Which workloads are best suited for cloud vs. on-premises or edge?
Enterprises driving toward data-first modernization need to determine the optimal multicloud strategy, starting with which applications and data are best suited to migrate to cloud and what should remain in the core and at the edge. A hybrid approach is clearly established as the optimal operating model of choice. A Flexera report found the shift to hybrid […]
Understanding the security shared responsibility model in an as-a-service world
As organizations shape the contours of a secure edge-to-cloud strategy, it’s important to align with partners that prioritize both cybersecurity and risk management, with clear boundaries of shared responsibility. The security-shared-responsibility model is essential when choosing as-a-service offerings, which make a third-party partner responsible for some element of the enterprise operational model. Outsourcing IT operations […]
‘Sys01 Stealer’ Malware Targeting Government Employees
The Sys01 Stealer has been observed targeting the Facebook accounts of critical government infrastructure employees. The post ‘Sys01 Stealer’ Malware Targeting Government Employees appeared first on SecurityWeek.
Chrome 111 Patches 40 Vulnerabilities
Google has released Chrome 111 in the stable channel with patches for 40 vulnerabilities, including eight high-severity bugs The post Chrome 111 Patches 40 Vulnerabilities appeared first on SecurityWeek.
How CISOs can do more with less in turbulent economic times
CISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington, DC, and I wondered what was going on. I went straight to the office where […]
TSA Requires Aviation Sector to Enhance Cybersecurity Resilience
TSA instructs airport and aircraft operators to improve their cybersecurity resilience and prevent infrastructure disruption and degradation. The post TSA Requires Aviation Sector to Enhance Cybersecurity Resilience appeared first on SecurityWeek.
Salesforce not ready to unleash generative AI on its customers
Salesforce was an early adopter of artificial intelligence (AI) with its Einstein recommendation tools, but it is taking a cautious approach to deploying the latest AI trend, generative AI. It’s been a month since Salesforce CEO Marc Benioff tweeted, “Get ready to be wowed by Salesforce EinsteinGPT! It generates leads, closes deals, and even makes […]
Keeping customers at the center of everything
By Hock Tan, Broadcom President and CEO During the 17 years I have led Broadcom, solving problems for customers and giving them the tools they need to succeed have been the most rewarding parts of my job. It’s important to me that whether we’re inventing the future through innovative R&D or co-creating new solutions with […]
Exploring the digital impact in Northern Ireland’s health and social care system
The pandemic accelerated the urgency for reform in health and social care around the world, which strained resources to unprecedented levels. The effects are still being felt and in Northern Ireland specifically, ongoing political instability is further complicating approaches to digital transformation. Although progress is being made that should be recognized and celebrated, Dan West, […]
Leaders That Reboot Their Game to Become a Future Enterprise
If digital transformation was about driving fundamental change within the company, then its next chapter will be far more outward-looking. This is about being digital-first: to build digital businesses that are viable and sustainable in the long term. Rather than just leveraging digital technology to seize new opportunities, such organisations are poised to create operating […]
Salesforce earmarks $250 million for AI startup investment
CRM giant Salesforce today said that it would commit $250 million to investments in startups focused on generative AI, even as the company warned of the dangers of the technology. The company emphasized the potential gains for application software possible through the use of AI in its initial announcement of investments in four AI-driven companies. […]
Enterprise IT moves forward — cautiously — with generative AI
Vince Kellen understands the well-documented limitations of ChatGPT, DALL-E and other generative AI technologies — that answers may not be truthful, generated images may lack compositional integrity, and outputs may be biased — but he’s moving ahead anyway. Kellen, CIO at the University of California San Diego (UCSD), says employees are already using ChatGPT to […]
Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit
Register for SecurityWeek’s Ransomware Resilience & Recovery Summit, a virtual event designed to help businesses to plan, prepare, and recover from a ransomware incident. The post Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit appeared first on SecurityWeek.
Pre-Deepfake Campaign Targets Putin Critics
Russia is continuing its campaign of disinformation around the Ukraine war through advanced social engineering delivered by a threat group tracked as TA499. The post Pre-Deepfake Campaign Targets Putin Critics appeared first on SecurityWeek.
Akamai releases new threat hunting tool backed by Guardicore capabilities
Akamai on Tuesday launched Akamai Hunt, a visibility tool that uses the infrastructure of microsegmentation platform Guardicore to allow customers to identify and remediate threats and risks in their cloud environments. Akamai acquired Guardicore in October 2022 for about $600 million. Akamai Hunt combines Akamai’s historic data with Guardicore’s network segmentation and visualization capabilities to […]
Attack campaign uses PHP-based infostealer to target Facebook business accounts
Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP. “We have […]
Vulnerability in Toyota Management Platform Provided Access to Customer Data
A vulnerability in Toyota Customer 360 CRM platform provided a security researcher with full access to the car maker’s Mexican customers The post Vulnerability in Toyota Management Platform Provided Access to Customer Data appeared first on SecurityWeek.
New Oman-Australia undersea cable promises alternate, reliable route
Australian investment firm Subco is offering an alternative route for internet connectivity between Australia, Middle East and Europe through the Oman Australia Cable (OAC) by avoiding the earthquake prone route that currently goes through Malacca Strait. Subco OAC is already 9,800 km long, with landing points in Perth, West Island, and Cocos Islands in Australia, […]
Acer Confirms Breach After Hacker Offers to Sell Stolen Data
Acer said one of its document servers was hacked after a hacker claimed to have stolen 160 Gb of data from the company. The post Acer Confirms Breach After Hacker Offers to Sell Stolen Data appeared first on SecurityWeek.
What is zero trust? A model for more effective security
Security leaders are embracing zero trust, with the vast majority of organizations either implementing or planning to adopt the strategy. The 2022 State of Zero-Trust Security report found that 97% of those surveyed either have or plan to have a zero-trust initiative in place within 18 months. In fact, the percentage of organizations with zero […]
Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia
Kaspersky has seen a surge in attacks on ICS computers in Russia and blames it on the exploitation of a Bitrix CMS vulnerability tracked as CVE-2022-27228. The post Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia appeared first on SecurityWeek.
Edgeless Systems Raises $5m for Trustworthy Data Processing
German cybersecurity start-up Edgeless Systems raises $5 million to build an open-source stack for confidential computing. The post Edgeless Systems Raises $5m for Trustworthy Data Processing appeared first on SecurityWeek.
Talking Cyberinsurance With Munich Re
SecurityWeek spoke to Chris Storer, head of the cyber center of excellence at reinsurance giant Munich Re, for the cyber insurers’ view of cyberinsurance. The post Talking Cyberinsurance With Munich Re appeared first on SecurityWeek.
Android’s March 2023 Updates Patch Over 50 Vulnerabilities
Google has released patches for more than 50 vulnerabilities as part of the March 2023 security updates for the Android platform. The post Android’s March 2023 Updates Patch Over 50 Vulnerabilities appeared first on SecurityWeek.
Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing
Wallarm Detect warns of ongoing exploitation of a critical vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V). The post Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing appeared first on SecurityWeek.
IT leaders tackle the high price of talent
Since the onset of the pandemic, IT has risen in prominence as an engine for business sustainability and growth across all industries. The subsequent demand for enterprise IT talent has led to a sharp spike in salaries CIOs must pay to staff their teams. “Demand for tech talent was up by 50% to 60% in […]
3 force multipliers for digital transformation
Many CIOs will face a challenging year grappling with growing pressure from transformation initiatives, weekly layoff announcements, and the prospect of a recession. While digital initiatives and talent are the board directors’ top strategic business priorities in 2023-2024, IT spending is forecasted to grow by only 2.4% in 2023. Tech companies have laid off over […]
PayPal sued for negligence in data breach that affected 35,000 users
A pending class action lawsuit accuses online payments giant PayPal of failing to adequately safeguard the personal information of its users, leaving them vulnerable to identity theft and related ills at the hands of the unidentified perpetrators of a data breach that occurred late last year. Nearly 35,000 people were affected by the cyberattack, which […]
Cyberattack Hits Major Hospital in Spanish City of Barcelona
A ransomware attack on one of Barcelona’ s main hospitals has crippled the center’s computer system and forced the cancellation of non-urgent operations and patient checkups. The post Cyberattack Hits Major Hospital in Spanish City of Barcelona appeared first on SecurityWeek.
Generative AI to be a key priority for senior IT leaders: Salesforce report
Generative AI has become a top priority among businesses even though IT leaders are expressing concerns about potential ethical issues posed by the technology, according to a new Salesforce survey. Sixty-seven percent of senior IT leaders surveyed said they will be prioritizing the technology over the next 18 months, and 33% claimed it would be […]
Police Looking for Russian Suspects Following DoppelPaymer Ransomware Crackdown
Several locations in Germany and Ukraine were raided recently as part of an international law enforcement operation targeting the DoppelPaymer ransomware. The post Police Looking for Russian Suspects Following DoppelPaymer Ransomware Crackdown appeared first on SecurityWeek.
Shutterstock capitalizes on the cloud’s cutting edge
When you store and deliver data at Shutterstock’s scale, the flexibility and elasticity of the cloud is a huge win, freeing you from the burden of costly, high-maintenance data centers. But for the New York-based provider of stock photography, footage, and music, it’s the innovation edge that makes the cloud picture perfect for its business. […]
Next CIO Champions the Rising Stars of IT in the UK
Next CIO returns for 2023 to continue to support the career development of aspiring IT and Tech leaders. Next CIO is the annual awards and mentoring programme helping aspiring IT leaders to develop their careers, build their network and improve their skill sets. It is an opportunity for aspiring digital, data, and technology leaders to […]
Open letter demands OWASP overhaul, warns of mass project exodus
For more than two decades, the Open Worldwide Application Security Project (OWASP) has provided free and open resources for improving the security of software. Led by the non-profit OWASP Foundation, OWASP has brought together community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and educational and training conferences for developers […]
New ATM Malware ‘FiXS’ Emerges
Metabase Q documents FiXS, a new malware family targeting ATMs in Latin America. The post New ATM Malware ‘FiXS’ Emerges appeared first on SecurityWeek.
BetterHelp Shared Users’ Sensitive Health Data, FTC Says
The online counseling service BetterHelp has agreed to return $7.8 million to customers to settle with the Federal Trade Commission for sharing health data it had promised to keep private The post BetterHelp Shared Users’ Sensitive Health Data, FTC Says appeared first on SecurityWeek.
Ransomware Operators Leak Data Allegedly Stolen From City of Oakland
Play ransomware operators have leaked data allegedly stolen from the City of Oakland last month. The post Ransomware Operators Leak Data Allegedly Stolen From City of Oakland appeared first on SecurityWeek.
European Police, FBI Bust International Cybercrime Gang
Authorities disrupted an international cybercrime gang which has been blackmailing large companies and institutions for years. The post European Police, FBI Bust International Cybercrime Gang appeared first on SecurityWeek.
New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems
Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems. The post New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems appeared first on SecurityWeek.
Tracking device technology: A double-edged sword for CISOs
The transportation industry has doubled down in the area of fleet tracking in recent years, which has come with great benefits and not a few security headaches. On the consumer side, we’ve spoken of Apple’s AirTag and how it has been used to find personal items of import — and also its potential to be […]
557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022
There are nearly 900 vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog, including nearly 100 discovered in 2022. The post 557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022 appeared first on SecurityWeek.
Cybercrime Marketplace Leaks Over 2.1 Million Payment Cards
Carding marketplace BidenCash last week released information on more than 2.1 million credit and debit cards. The post Cybercrime Marketplace Leaks Over 2.1 Million Payment Cards appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 35 Deals Announced in February 2023
Thirty-five cybersecurity-related M&A deals were announced in February 2023 The post Cybersecurity M&A Roundup: 35 Deals Announced in February 2023 appeared first on SecurityWeek.
How Pick n Pay’s migration to the cloud is paying off
Pick n Pay’s bold plan to modernize infrastructure and drive efficiency is beginning to pay dividends as its migration to AWS was successfully completed last year, signaling the digital ambitions of this retail giant. This move to the cloud lays the foundation for further expansion into other cloud-based applications to deliver deeper insights and better […]
Transforming IT for cloud success
As CIO Neil Holden moved his company, Halfords Group, further into the cloud, he sought to do more than simply “lift-and-shift” IT operations. Rather, Holden — like most CIOs — wanted his increasing use of cloud to enable and shape the company’s transformation agenda. To succeed in that objective, he knew he had to transform […]
Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs
Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs). The post Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs appeared first on SecurityWeek.
Diversity in UK tech on the rise, but not for senior leadership
The sixth annual report from Tech Talent Charter (TTC) has revealed that while companies in the UK are making progress toward improving diversity in their overall workforce, there is still a significant lack of diversity among senior technology leaders. The not-for-profit charity, which focuses on tracking diversity in technology, compiled its report using data from […]
Little Caesars’ CIO on achieving ‘Mission Impossible’
With a talent for developing people and inspiring innovation from her teams, Anita Klopfenstein has built a powerhouse IT organization since joining Little Caesars in 2017 as its CIO. One of the secrets behind her success as a leader is her love of learning. After majoring in both computer science and radio, television and film, […]
A CIO’s first rule for automation: Have a clear business case
By virtue of their position between IT and effecting business strategy, CIOs can identify what processes their organizations need in order to modernize and automate. When it comes to updating core systems to drive operational efficiencies, they also have to ensure that a sound business case exists to automate them, says Laurie Shotton, VP and […]
Are you protected against vulnerabilities with known exploits?
No IT leader wants to tell the C-suite about a serious breach that took advantage of a known infrastructure vulnerability. Hackers develop new attack strategies so often that it’s easy to forget a fundamental truth about cybersecurity: hackers don’t have to rely on finding new vulnerabilities. The inability of organizations to promptly address the rapidly […]
Give them a break: How to unstress IT security teams overburdened with vulnerability patching
IT teams are exhausted. The tech talent shortage has led to severe understaffing even as cybercriminals ramp up their attacks. The ever-increasing shift toward hybrid working models has only compounded the issue, with IT teams struggling to deploy patches and other fixes across an expanded attack surface transcending the corporate firewall. Nearly three-quarters (74%) of […]
Macquarie Government: Providing Australia’s Federal Agencies with the Cloud and Security Solutions They Need to Safeguard the Most Sensitive Data
With five state-of-art data centers located in the Sydney and Canberra metropolitan areas, including a facility created to manage cloud applications and data that require PROTECTED, SECRET and higher classifications, Macquarie Government, as part of the ASX listed Macquarie Telecom Group, was one of the first companies to provide sovereign IT services to Australia’s government […]
Mulesoft, Tableau uptake fuels Salesforce growth spurt
Despite a tumultuous couple of months, strong user uptake of Tableau business intelligence and MuleSoft data automation and integration software fueled a surprising 14% year-over-year jump in revenue for Salesforce’s fourth quarter. Posting revenue of $8.38 billion after stock market trading closed on Wednesday, the company beat the expectations of analysts, whose average forecast for […]
Sports venues advance goals, enhance fan experience with data analytics
Sports fans today have more ways than ever to watch their favorite teams beyond the traditional, live stadium experience, including television, streaming services, even highlights on social media. For years, fans have been less inclined to choose the live stadium experience, with game attendance across major North American professional sports in decline. In 2020, financial […]
AI value begins with managing the C-suite conversation
Every futurist and forecaster I have talked to is convinced the transformative technology of the next seven years is artificial intelligence. Everyone seems to be talking about AI. Unfortunately, most of these conversations do not lead to value creation or greater understanding. And, as an IT leader, you can bet these same conversations are reverberating […]
EPA Mandates States Report on Cyber Threats to Water Systems
The Biden administration said it would require states to report on cybersecurity threats in their audits of public water systems, a day after it released a broader plan to protect critical infrastructure against cyberattacks. The post EPA Mandates States Report on Cyber Threats to Water Systems appeared first on SecurityWeek.
HPE to acquire Axis Security to deliver a unified SASE offering
Hewlett Packard Enterprise has agreed to buy cloud security services provider Axis Security, its third acquistion since January, to deliver a unified secure access service edge (SASE) offering. The acquisition is aimed at incorporating the Axis security service edge (SSE) platform into HPE’s edge-to-cloud network security capabilities with to deliver integrated networking and security solutions […]
Iron Tiger updates malware to target Linux platform
Iron Tiger, an advanced persistent threat (APT) group, has updated their SysUpdate malware to include new features and add malware infection support for the Linux platform, according to a report by Trend Micro. The earliest sample of this version was observed in July 2022 and after finding multiple similar payloads in late October 2022, Trend […]
Thousands of Websites Hijacked Using Compromised FTP Credentials
Cybersecurity startup Wiz warns of a widespread redirection campaign in which thousands of websites have been compromised using legitimate FTP credentials. The post Thousands of Websites Hijacked Using Compromised FTP Credentials appeared first on SecurityWeek.
Organizations Warned of Royal Ransomware Attacks
FBI and CISA have issued an alert to warn organizations of the risks associated with Royal ransomware attacks. The post Organizations Warned of Royal Ransomware Attacks appeared first on SecurityWeek.
White House Cybersecurity Strategy Stresses Software Safety
Some say the White House cybersecurity strategy is largely aspirational. Its boldest initiatives — including stricter rules on breach reporting and software liability — are apt to meet resistance from business and Republicans in Congress. The post White House Cybersecurity Strategy Stresses Software Safety appeared first on SecurityWeek.
Industry Experts Analyze US National Cybersecurity Strategy
Feedback Friday: Industry professionals commented on various aspects of the new national cybersecurity strategy, its impact, and implications. The post Industry Experts Analyze US National Cybersecurity Strategy appeared first on SecurityWeek.
Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts
Chick-fil-A is informing users that their accounts have been compromised in a two-month-long credential stuffing campaign. The post Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts appeared first on SecurityWeek.
White House releases an ambitious National Cybersecurity Strategy
The White House released its long-anticipated National Cybersecurity Strategy, a comprehensive document that offers fundamental changes in how the US allocates “roles, responsibilities, and resources in cyberspace.” The strategy involved months of discussions among more than 20 government agencies and countless consultations with private sector organizations. It encompasses virtually all the weaknesses and challenges inherent […]
IBM partners up with Cohesity for better data defense in new storage suite
Data security and protection are the main upside for IBM’s upcoming storage offering, which combines the company’s own products with those from third parties.
Gitpod flaw shows cloud-based development environments need security assessments
Researchers from cloud security firm Snyk recently discovered a vulnerability that would have allowed attackers to perform full account takeover and remote code execution (RCE) in Gitpod, a popular cloud development environment (CDE). Cloud-based development environments are popular because they’re easier to deploy and maintain than local ones and promise better security. However, organizations should properly […]
Software liability reform is liable to push us off a cliff
Like “SBOMs will solve everything,” there is a regular cry to reform software liability, specifically in the case of products with insecurities and vulnerabilities. US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly’s comments this week brought the topic back into focus, but it’s still a thorny issue. (There’s a reason certain things are […]
Microsoft Intune Suite consolidates endpoint management and protection
Intune Suite will streamline endpoint management with added features for controlled and secure access.
Booking.com account takeover flaw shows possible pitfalls in OAuth implementations
Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link. The attack combined three separate issues that on their own could be categorized as low risk […]
Critical Vulnerabilities Allowed Booking.com Account Takeover
Booking.com recently patched several vulnerabilities that could have been exploited to take control of a user’s account. The post Critical Vulnerabilities Allowed Booking.com Account Takeover appeared first on SecurityWeek.
Advancing Women in Cybersecurity – One CMO’s Journey
Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. The post Advancing Women in Cybersecurity – One CMO’s Journey appeared first on SecurityWeek.
BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems
ESET says the BlackLotus UEFI bootkit can bypass secure boot on fully updated Windows 11 systems. The post BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems appeared first on SecurityWeek.
Best and worst data breach responses highlight the do's and don'ts of IR
In theory, enterprises should not only have security measures in place to prevent a data breach but should also have detailed plans for a response in the event of a breach. And they should periodically conduct drills to test those plans. Industry-wide best practices for incident response are well established. “In general, you want breach […]
Unpatched old vulnerabilities continue to be exploited: Report
Known vulnerabilities as old as 2017 are still being successfully exploited in wide-ranging attacks as organizations fail to patch or remediate them successfully, according to a new report by Tenable. The report is based on Tenable Research team’s analysis of cybersecurity events, vulnerabilities and trends throughout 2022, including an analysis of 1,335 data breach incidents […]
White House Releases National Cybersecurity Strategy
The U.S. government released its widely anticipated National Cybersecurity Strategy on Tuesday. The post White House Releases National Cybersecurity Strategy appeared first on SecurityWeek.
Information of European Hotel Chain’s Customers Found on Unprotected Server
The personal information of many customers of European hotel chain Falkensteiner was discovered by a researcher on an unprotected server. The post Information of European Hotel Chain’s Customers Found on Unprotected Server appeared first on SecurityWeek.
Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack
Canadian bookstore chain Indigo this week confirmed that employee data was stolen in a ransomware attack last month. The post Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack appeared first on SecurityWeek.
New CISA Tool ‘Decider’ Maps Attacker Behavior to ATT&CK Framework
CISA has released a free and open source tool that makes it easier to map an attacker’s TTPs to the Mitre ATT&CK framework. The post New CISA Tool ‘Decider’ Maps Attacker Behavior to ATT&CK Framework appeared first on SecurityWeek.
Cisco Patches Critical Vulnerability in IP Phones
Cisco has released patches for a critical remote code execution vulnerability in certain IP phones. The post Cisco Patches Critical Vulnerability in IP Phones appeared first on SecurityWeek.
GitHub Secret Scanning Now Generally Available
GitHub this week made secret scanning generally available and free for all public repositories. The post GitHub Secret Scanning Now Generally Available appeared first on SecurityWeek.
AWS makes its Lift program available in India
Amazon Web Services on Wednesday made its global Lift program available in India, targeting small and medium-size businesses with revenue ranging from 800 million to 6.25 billion rupees. The Lift program, according to AWS, offers promotional credits and nearly 200 AWS services to help enterprises move on-premises workloads to the cloud. The India Lift program […]
Coca-Cola Beverages Philippines’ Trisha Liu-Ventura on the manufacturing industry
Trisha Liu-Ventura – Head of Cybersecurity, Governance, Risk and Compliance at Coca-Cola Beverages Philippines – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about challenges in securing the manufacturing industry, oversharing on social media, and more. To read this article in full, please click here
Internet Access, Privacy ‘Essential for Freedom’: Proton Chief
Proton, perhaps best known for its encrypted email service, sees its mission of ensuring privacy and online access as a vital tool in shoring up democracy in the digital age. The post Internet Access, Privacy ‘Essential for Freedom’: Proton Chief appeared first on SecurityWeek.
3 ways to invest in IT during a recession while keeping costs low
The world is experiencing an onslaught of economic uncertainty, and the IT industry is facing headwinds just like any other. Gartner recently lowered their expectations for IT budgets to increase by just 2.2% in 2023 on average – lower than the projected 6.5% global inflation rate. But the economic turmoil doesn’t mean your competitors are […]
Why TikTok Is Being Banned on Gov’t Phones in US and Beyond
So how serious is the threat of using TikTok? Should TikTok users who don’t work for the government be worried about the app, too? The post Why TikTok Is Being Banned on Gov’t Phones in US and Beyond appeared first on SecurityWeek.
Mainframe modernization and the importance of security
At a time when businesses are pushing the limits of digital transformation and modernization, security, particularly in the mainframe, is critical. But while most firms know this, research has shown that widespread understanding has not manifested much in the way of action. And when asked to rank their most important mainframe security features, respondents said […]
Real-time artificial intelligence for everyone
By Chet Kapoor, Chairman & CEO of DataStax Every business needs an artificial intelligence strategy, and the market has been validating this for years. Gartner® predicts that, “By 2027, over 90% of new software applications that are developed in the business will contain ML models or services, as enterprises utilize the massive amounts of data […]
Webinar Tomorrow: Entering the Cloud Native Security Era
Join SecuityWeek and LogRhythm as we dive into security risks associated with SaaS, as well as best practices for mitigating these risks and protecting data. The post Webinar Tomorrow: Entering the Cloud Native Security Era appeared first on SecurityWeek.
Cisco to Acquire Valtix for Cloud Network Security Tech
Cisco announced plans to acquire Valtix, an early-stage Silicon Valley startup in the cloud network security business. The post Cisco to Acquire Valtix for Cloud Network Security Tech appeared first on SecurityWeek.
Top 10 Security, Operational Risks From Open Source Code
Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS). The post Top 10 Security, Operational Risks From Open Source Code appeared first on SecurityWeek.
Top 10 open source software risks for 2023
Known vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs. The other major open source software risks, according to the report, include unmaintained software, outdated software, untracked dependencies, license risk, immature software, unapproved changes, […]
BlackLotus bootkit can bypass Windows 11 Secure Boot: ESET
A Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus is found to be capable of bypassing an essential platform security feature, UEFI Secure Boot, according to researchers from Slovakia-based cybersecurity firm ESET. BlackLotus uses an old vulnerability and can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled, the researchers found. UEFI […]
Two Hacking Groups Seen Targeting Materials Sector in Asia
Two APTs, named Winnti and Clasiopa, have been observed targeting Asian organizations in the materials sector. The post Two Hacking Groups Seen Targeting Materials Sector in Asia appeared first on SecurityWeek.
Ransomware Attacks: Don’t Let Your Guard Down
History has shown that when it comes to ransomware, organizations cannot let their guards down. The post Ransomware Attacks: Don’t Let Your Guard Down appeared first on SecurityWeek.
Several Law Firms Targeted in Malware Attacks
In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns. The post Several Law Firms Targeted in Malware Attacks appeared first on SecurityWeek.
Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar
Google this week made client-side encryption for Gmail and Calendar available for Workspace customers. The post Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar appeared first on SecurityWeek.
US Officials Make Case for Renewing FISA Surveillance Powers
The Biden administration urged Congress to renew the Foreign Intelligence Surveillance Act (FISA) that the government sees as vital in countering overseas terrorism, and cyberattacks. The post US Officials Make Case for Renewing FISA Surveillance Powers appeared first on SecurityWeek.
South American Cyberspies Impersonate Colombian Government in Recent Campaign
The South American cyberespionage group Blind Eagle has been observed impersonating a Colombian government tax agency in recent attacks. The post South American Cyberspies Impersonate Colombian Government in Recent Campaign appeared first on SecurityWeek.
CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles
In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person. The post CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles appeared first on SecurityWeek.
How security leaders can effectively manage Gen Z staff
In 2022, I started a podcast aimed at converting more Gen Z to seek careers in cybersecurity. In doing so, I had to educate myself on what they value and realized the many differences between Gen Z and previous generations. Gen Z refers to those born between mid-to-late 1990s and 2010, making them between the […]
Dish Network Says Outage Caused by Ransomware Attack
Satellite TV giant Dish Network has confirmed rumors that a recent outage was the result of a cyberattack and admitted that data was stolen. The post Dish Network Says Outage Caused by Ransomware Attack appeared first on SecurityWeek.
From CIO to CEO: XPO’s Mario Harik on leveling up
With technology increasingly central to business value, CIOs stepping up to plus-size roles and even making the leap from CIO to CEO is no longer the rare feat it once was. Still, earning that corner office is an achievement few IT leaders can list among their career accomplishments. As XPO’s first CIO, Mario Harik played […]
Think carefully before considering cloud repatriation
Most IT leaders have assets moved to the cloud to achieve some combination of better, faster, or cheaper compute and storage services. They also expect to benefit from the expertise of cloud providers—expertise that isn’t easy for companies to develop and maintain in house, unless your company happens to be a technology provider. “While computing […]
Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products
Several ThingWorx and Kepware products are affected by two vulnerabilities that can be exploited for DoS attacks and unauthenticated remote code execution. The post Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products appeared first on SecurityWeek.
Huawei unveils plans to target Small and Medium Enterprise market at MWC
Huawei’s Enterprise Business Group (EBG) arrived at Mobile World Congress in Barcelona this year with a proposition fit for the times, emphasizing the value created by digital transformation across multiple industries and use case scenarios. Huawei has developed more than 100 scenario-based solutions, covering over 10 industries. EBG’s strategy of ‘Weaving Technologies for Industry Scenarios’ […]
Hacked home computer of engineer led to second LastPass data breach
Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches […]
New cyberattack tactics rise up as ransomware payouts increase
While phishing, business email compromise (BEC), and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint. “While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and […]