How Can Generative AI Boost Your Customer Experience?
Data velocity – how quickly data is generated and moved – is the key to achieving any number of business outcomes. But it’s especially important in customer experience, according to IDC’s Marci Maddox, Research Vice President Digital Experience Strategies, and Aly Pinder, Research Vice President Aftermarket Services Strategies. “We’re finding that the customer experience is […]
Cybercrime group FIN7 targets Veeam backup servers
Researchers warn that a financially motivated cybercrime group known as FIN7 is compromising Veeam Backup & Replication servers and deploying malware on them. It’s not yet clear how attackers are breaking into the servers, but a possibility is that they’re taking advantage of a vulnerability patched in the popular enterprise data replication solution last month. […]
OpenAI: ChatGPT Back in Italy After Meeting Watchdog Demands
OpenAI said ChatGPT is available again in Italy after the company met demands of regulators who temporarily blocked it over privacy concerns. The post OpenAI: ChatGPT Back in Italy After Meeting Watchdog Demands appeared first on SecurityWeek.
Why business resilience depends on software agility
Technology innovation is happening at breakneck speed, creating new opportunities and threats for companies of all sizes and industries. At the same time, ever-evolving macroeconomic conditions are pressuring leaders to drive business outcomes against tighter margins. While today’s business climate certainly feels like a test for the survival of the fittest, your goal should not […]
AWS shifts focus to LLMs, generative AI as growth continues to taper
Amazon’s cloud computing division, AWS, is shifting its focus towards large language models (LLMs) and generative AI-based offerings as it continues to see a downward spiral in overall revenue growth. Amazon Web Services (AWS) has posted 16% year-on-year growth for the first quarter of fiscal year 2023 on the back of revenue of $21.4 billion. […]
The Inside Startup: Meet Cisco’s Emerging Technologies and Incubation Group
“Startup” means risk. It prescribes small teams of individuals committed to an idea to make the world a better place…or to make themselves a little richer. Why not both? Regardless, new business ventures work under pressure to research, refine, and deliver an idea to the market. The alternative is shuttering for good. But despite the […]
Due diligence is Ever More Critical as the Battle for Cloud Sovereignty Intensifies
The IT industry has recently seen some interesting activity from global hyperscale cloud providers surrounding their cloud sovereignty ambitions, and their scrutiny by the regulators covering some basics compliance requirements, like the European Union’s (EU) General Data Protection Regulation (GDPR). Firstly, AWS made a public pledge called the “AWS Digital Sovereignty Pledge”, consisting of a commitment to […]
What is the right connectivity choice for your enterprise edge? A Q&A discussion
From quality control to revenue growth and workplace safety, digital transformation strengthens almost every aspect of the business. Those who fail to keep up with the pace of digital technology run serious risks of falling behind. To fully leverage digital transformation, businesses today are turning to edge computing. Edge computing allows you to process data at the […]
5 ways threat actors can use ChatGPT to enhance attacks
The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, […]
Cisco Working on Patch for Vulnerability Reported by NATO Pentester
Cisco is working on a patch for an XSS vulnerability found in Prime Collaboration Deployment by a pentester from NATO’s Cyber Security Centre (NCSC). The post Cisco Working on Patch for Vulnerability Reported by NATO Pentester appeared first on SecurityWeek.
Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services
Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures. The post Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services appeared first on SecurityWeek.
Google Blocked 1.4 Million Bad Apps From Google Play in 2022
Google says it prevented 1.4 million bad applications from being published on Google Play in 2022 and banned 173k developer accounts. The post Google Blocked 1.4 Million Bad Apps From Google Play in 2022 appeared first on SecurityWeek.
FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking
FDA and CISA notify healthcare providers about a component used by several Illumina medical devices being affected by serious vulnerabilities that can allow remote hacking. The post FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking appeared first on SecurityWeek.
RTM Locker Ransomware Variant Targeting ESXi Servers
A newly identified variant of the RTM Locker ransomware is targeting Linux, NAS, and ESXi hosts. The post RTM Locker Ransomware Variant Targeting ESXi Servers appeared first on SecurityWeek.
Automation for all—managing and scaling networks has never been easier
At this time of dynamic business and market changes, uncertainty, and quickly evolving consumption models for IT infrastructure, every IT executive understands the benefits and necessity of network agility. Agile networks can respond quickly to changes in the market, customer demands, employee requirements, and technology advances. Yet most businesses haven’t tapped into two major capabilities […]
Choosing the Right Cloud for Data Sovereignty
As recently spotlighted at VMware Explore US, Sovereign Cloud continues to gain momentum. Sovereign Cloud business estimated the total addressable market (TAM) will be $60bn by 2025, in no small part due to the rapid increase of data privacy laws (currently 145 countries have data privacy laws) and the complexity of compliance in highly regulated industries. […]
How Data Privacy and Sovereignty Impact Business
More countries are adopting laws designed to protect the privacy of citizens and local entities by defining how data can be securely collected, stored, and used. Many organisations are re-evaluating how to comply with the changing geo-political landscape and privacy/security regulations, which requires defining some relevant concepts: Digital sovereignty – the ability to have full control […]
Skandia’s CIO drops ‘lift and shift’ to spur consolidation
Skandia consists of several different companies, of which insurance and banking are the two largest. The insurance business has old roots: the pension company was started as early as 1855, while the bank only started in 1994, yet it was first as a purely telephone bank. In light of this, the technical basis on which each […]
Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud
Staying in control and securing your data has never been more important. As data privacy regulations continue to evolve, businesses have had to adapt how and where they store data. The EU’s General Data Protection Regulation (GDPR) has been the most newsworthy, requiring all businesses that operate in or have customers in the EU to […]
BNY Mellon banks on AI to improve master data
Data about who owes how much to whom is at the core of any bank’s business. At Bank of New York Mellon, that focus on data shows up in the org chart too. Chief Data Officer Eric Hirschhorn reports directly to the bank’s CIO and head of engineering, Bridget Engle, who also oversees CIOs for each […]
Will the Real Data Sovereign Cloud please stand up?
Simply put, and despite claims customers may hear and/or see in this infant market, the reality is that there is no one-size-fits-all definition to “data sovereignty”, and the true source of the definition to “data sovereignty” as applicable to any workload being contemplated is the legal, policy or guidelines applicable to that data that are […]
Implementing Digital Sovereignty in the Journey to Cloud
Continuing with current cloud adoption plans is a risky strategy because the challenges of managing and securing sensitive data are growing. Businesses cannot afford to maintain this status quo amid rising sovereignty concerns. Some 90% of organisations in Europe and 88% in the Middle East, Turkey, and Africa (META) now use cloud technology, which is […]
RSA Conference 2023 – ICS/OT Cybersecurity Roundup
SecurityWeek is providing a summary of ICS/OT cybersecurity announcements made at RSA Conference 2023, including talks, products, and new initiatives. The post RSA Conference 2023 – ICS/OT Cybersecurity Roundup appeared first on SecurityWeek.
Critical Vulnerability in Zyxel Firewalls Leads to Command Execution
A critical-severity vulnerability in Zyxel’s ATP, USG FLEX, VPN, and ZyWALL/USG firewalls can be exploited remotely for OS command execution. The post Critical Vulnerability in Zyxel Firewalls Leads to Command Execution appeared first on SecurityWeek.
Congratulations to the 10th anniversary SAP Innovation Awards 2023 winners!
In April 1972, entrepreneurs Dietmar Hopp, Hasso Plattner, Claus Wellenreuther, Klaus Tschira, and Hans-Werner Hector started an amazing innovation journey, which culminated in SAP’s 50th anniversary celebration in 2022. Together with our customers and partners, we are happy to celebrate the 10th Anniversary of the SAP Innovation Awards. This award program extends the co-founders’ vision […]
Modernizing applications: the importance of reducing technical debt
Technical debt is no longer just a “technical” problem. As recent, widely publicized events have shown, it is a business problem that can have serious consequences for organizations. The government and Congress are taking notice of unfair consumer experiences, and it is crucial for businesses to address their technical debt and minimize the risk of […]
Chinese Cyberspies Delivered Malware via Legitimate Software Updates
Chinese APT Evasive Panda has been observed targeting local members of an international NGO with the MgBot backdoor, delivered via legitimate software updates. The post Chinese Cyberspies Delivered Malware via Legitimate Software Updates appeared first on SecurityWeek.
Aadya Raises $5 Million for SMB-Focused Security Platform
Cybersecurity firm Aadya has raised $5 million in Series A funding for its all-in-one platform tailored for small and mid-sized businesses. The post Aadya Raises $5 Million for SMB-Focused Security Platform appeared first on SecurityWeek.
Innovation Sandbox: Cybersecurity Investors Pivot to Safeguarding AI Training Models
SecurityWeek editor-at-large Ryan Naraine expects to see an explosion of well capitalized startups promising to protect AI machine learning models behind enterprise products. The post Innovation Sandbox: Cybersecurity Investors Pivot to Safeguarding AI Training Models appeared first on SecurityWeek.
New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month
A new piece of malware named Atomic macOS Stealer (AMOS), offered for $1,000 per month, offers a wide range of data theft capabilities. The post New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month appeared first on SecurityWeek.
How enterprises can navigate ethics and responsibility of generative AI
In a few short months, generative AI has become a very hot topic. Looking beyond the hype, generative AI is a groundbreaking technology, enabling novel capabilities as it moves rapidly into the enterprise world. According to a CRM survey, 67% of IT leaders are prioritizing generative AI for their business within the next year and a half—despite looming […]
Chinese hackers launch Linux variant of PingPull malware
Chinese state-sponsored threat actor Alloy Taurus has introduced a new variant of PingPull malware, designed to target Linux systems, Palo Alto Networks said in its research. Along with the new variant, another backdoor called Sword2033 was also identified by the researchers. Alloy Taurus, a Chinese APT, has been active since 2012. The group conducts cyberespionage […]
5 most dangerous new attack techniques
Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on […]
Big Tech Crackdown Looms as EU, UK Ready New Rules
TikTok, Twitter, Facebook, Google, and Amazon are facing rising pressure from European authorities as London and Brussels advanced new rules Tuesday to curb the power of digital companies. The post Big Tech Crackdown Looms as EU, UK Ready New Rules appeared first on SecurityWeek.
Google Obtains Court Order to Disrupt CryptBot Distribution
Court grants Google a temporary restraining order to disrupt CryptBot information stealer’s distribution. The post Google Obtains Court Order to Disrupt CryptBot Distribution appeared first on SecurityWeek.
Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13
Microsoft says Cl0p ransomware operator has been exploiting a recently patched PaperCut vulnerability since April 13. The post Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13 appeared first on SecurityWeek.
Why Russia's cyber arms transfers are poor threat predictors
The history of international cyber conflict is remarkably long and storied. The timeline of major cyber threat events stretches back nearly four decades, but it is really only the last decade that has seen the widespread proliferation of national cyber forces. As of 2007, only 10 countries had operational cyber commands, three of which were […]
RSA Conference 2023 – Announcements Summary (Day 3)
Summary of announcements made at the 2023 RSA Conference, on day 3 of the cybersecurity event. The post RSA Conference 2023 – Announcements Summary (Day 3) appeared first on SecurityWeek.
Panera CIO John Meister on mastering customer experience
John Meister is the senior vice president and CIO of Panera Bread, a chain of bakery-cafe fast casual restaurants with more than 2,000 locations across the United States and Canada. Over the past decade at Panera, Meister has been instrumental in driving Panera’s customer digital experience initiatives and building an innovative IT culture that continues to stay ahead […]
CIOs in an ideal position to advance ESG goals for their organisation
Environmental, Social and Governance, or ESG, is dominating board agendas at almost every public and private sector organisation. Underpinning the actions that come from ESG are significant concerns about the environment. Organisations are looking for ways to reduce greenhouse emissions, energy use and expenditure, drive towards ambitious sustainability goals, and make a positive social impact. […]
Building the next generation of CIOs in New Zealand
Industry body IT Professionals New Zealand has the election year in its sights as it aims to grow the capability of people in tech at all levels—from those entering the industry to new CIOs. Formerly known as the New Zealand Computer Society, ITP has been operating for 65 years, and is focused on skills, talent […]
Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
A cyberespionage group believed to be associated with the Iranian government has been infecting Microsoft Exchange Servers with a new malware implant dubbed BellaCiao that acts as a dropper for additional payloads. The malware uses DNS queries to receive commands from attackers encoded into IP addresses. According to researchers from Bitdefender, the attackers appear to […]
Iranian hacking group targets Israel with improved phishing attacks
Iranian state-sponsored threat actor, Educated Manticore, has been observed deploying an updated version of Windows backdoor PowerLess to target Israel for phishing attacks, according to a new report by Check Point. Researchers have also linked Educated Maticore hackers to APT Phosphorus, which operates in the Middle East and North America. To read this article in full, please […]
Akamai's new cloud firewall capabilities aim to protect network edge
Content delivery network (CDN) and cloud security services provider Akamai Technologies has added a network cloud firewall capability to its cloud-based DDoS platform, Akamai Prolexic. The new feature is designed to allow Akamai’s customers to define and manage their own firewall rules and access control lists (ACLs) —lists of permissions for resources in a computer […]
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability
Russian cybercrime group FIN7 has been observed exploiting a Veeam Backup & Replication vulnerability patched in March 2023. The post FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability appeared first on SecurityWeek.
Cybersecurity Futurism for Beginners
How will Artificial Intelligence develop in the near term, and how will this impact us as security planners and practitioners? The post Cybersecurity Futurism for Beginners appeared first on SecurityWeek.
Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators
By now, most of the industry has realized we’re seeing a shift from the legacy perimeter-based security model to an identity-centric approach to cybersecurity. If defenders haven’t realized this, malicious actors certainly have, with 80% of web application attacks utilizing stolen credentials and 40% of breaches that don’t involve insider threats and user error involving […]
RSA Conference 2023 – Announcements Summary (Day 2)
Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco. The post RSA Conference 2023 – Announcements Summary (Day 2) appeared first on SecurityWeek.
SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200
A high-severity vulnerability in the Service Location Protocol can be exploited to launch massive DoS amplification attacks. The post SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200 appeared first on SecurityWeek.
Google Cloud posts first-ever operating profit despite slowing growth
Google Cloud, the cloud computing arm of Alphabet, has turned profitable at an operating level for the first time ever, despite fears of macroeconomic uncertainty. Google Cloud posted an operating income of $191 million for the quarter ended March, compared with an operating loss of $706 million for the corresponding period last year. The […]
ChatGPT, the rise of generative AI
Over the last few months, both business and technology worlds alike have been abuzz about ChatGPT, and more than a few leaders are wondering what this AI advancement means for their organizations. Let’s explore ChatGPT, generative AI in general, how leaders might expect the generative AI story to change over the coming months, and how […]
Z Energy’s CDO: ‘First trust, then transform’
The energy sector is in a consistent state of transformation—both digital and otherwise—but the word “transformation” can be thrown around loosely, as if it just happens with an organization. In reality, it’s hard work, and hard to do. Change is challenging, and maintaining high-performance and diverse teams is fundamental to deliver success. “A main thing […]
GlobalFoundries overhauls its process owner model to drive transformation
When Brad Clay became chief digital officer of GlobalFoundries in early 2021, he knew his role would be less about technology implementation and more about process change. In 2018, the $8 billion global semiconductor manufacturer announced a pivot in its business strategy: The company would no longer develop and produce 7-nanometer and smaller chip technologies; […]
SAP aims for more digital and resilient supply chains
“Supply chains are under stress,” said Thomas Saueressig, member of the SAP executive board and head of its Product Engineering division, at the recent Hanover Fair. The past few years have shown how prone to failure global logistics chains are, and he added this also has far-reaching consequences for the German manufacturing industry. Digital supply chains, therefore, are […]
7 common IT training mistakes to avoid
It’s widely recognized that introducing IT teams to the latest technology, business, and security advancements is essential for maximum performance and productivity. What’s not often discussed, however, are the mistakes IT leaders make when establishing and supervising training programs, particularly when training is viewed as little more than an obligatory task. “Treating training as a […]
VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest
VMware this week released patches for a critical vulnerability disclosed at the Pwn2Own Vancouver 2023 hacking contest. The post VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest appeared first on SecurityWeek.
Organizations Warned of Security Risk in Default Apache Superset Configurations
Attackers can exploit Apache Superset installations with default configurations to gain administrator access and execute code on servers and databases. The post Organizations Warned of Security Risk in Default Apache Superset Configurations appeared first on SecurityWeek.
US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt
Iranian hackers broke into to a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials. The post US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt appeared first on SecurityWeek.
New DDoS amplification vector could enable massive attacks
Security researchers sounded the alert about a vulnerability in an UDP-based network service called the Service Location Protocol (SLP) that can be abused to amplify DDoS attacks. Tens of thousands of systems and devices have this service exposed to the internet. Attackers could use them to generate massive attacks, and cleaning them up will likely […]
Amazon, Facebook, Twitter on EU list of companies facing DSA content rules
The EU Commission has announced the online companies and search engines, including Bing and Google, that will have to comply with new transparency and accountability regulations by August.
Hybrid Workplaces: Fad or Future?
As the new year gets underway, organizations are looking beyond the challenges, volatility and reactive mode of the past few years and strategically planning their future to compete and thrive. Two topics that are top of mind are where work gets done and the related impact on office real estate investments and the role of […]
7 venial sins of IT management
As a CIO you can get advice about how to be more effective from any number of sources, from what you get here in CIO Survival Guide (best practice), to other sources here at CIO.com, to, if you’re desperate, various punditries like Gartner, Forrester, and McKinsey. Most of what you read lists what should be […]
Salesforce previews EinsteinGPT-powered Field Service Mobile app
Salesforce previewed new capabilities for its Field Service application suite on Tuesday, giving an early look at a new mobile application powered by the company’s EinsteinGPT generative AI engine. Salesforce Field Service, which is a part of the company’s Service Cloud, offers applications designed to boost productivity of companies’ frontline workers, lower operating costs, and […]
Accenture, IBM, Mandiant join Elite Cyber Defenders Program to secure critical infrastructure
Leading cybersecurity response firms Accenture, IBM, and Mandiant have joined the Elite Cyber Defenders Program – a new, collaborative initiative designed to help secure critical infrastructure. Led by Nozomi Networks, the program aims to provide global industrial and government customers access to strong cybersecurity defense tools, incident response teams, and threat intelligence. The Elite Cyber […]
Token Gets $30M Funding for Biometrics MFA Smart Ring
Token has raised a total of $53 million to work on a biometrics-powered wearable device featuring multi-factor authentication technologies. The post Token Gets $30M Funding for Biometrics MFA Smart Ring appeared first on SecurityWeek.
NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
XIoT security firm NetRise announced $8 million in additional funding, bringing the total raised by the company to $14 million. The post NetRise Adds $8 Million in Funding to Grow XIoT Security Platform appeared first on SecurityWeek.
Bots and beyond: How the AI revolution is shifting the paradigm for customer experience in smart banking
Today’s consumers are accustomed to smooth, frictionless online shopping – and they increasingly expect the same kind of digital experiences from their banks. Insider Intelligence found that 89% of U.S. consumers use mobile banking channels, and 70% said mobile banking is now their primary way of accessing their accounts. “Most people do not want to […]
Rethinking the IT talent pipeline
Amanda Merola had zero technical background when she came to The Hartford in 2015, despite a natural interest in computers and a proclivity for problem-solving. After stints as a call center representative and claims adjuster, Merola got wind of the HartCode Academy, an internal program designed to help nontechnical employees make the leap into software […]
Abnormal Security expands threat protection to Slack, Teams and Zoom
Cloud-based email security provider Abnormal Security has announced three new capabilities focusing on threat detection for Slack, Microsoft Teams, and Zoom. The company — focused on protecting enterprises from targeted email attacks, such as phishing, social engineering, and business email compromise — is also adding data ingestion from new sources to better its AI model, which […]
Secure Access Startup Sonet.io Emerges From Stealth With $6 Million in Funding
Cybersecurity startup Sonet.io emerges from stealth mode with $6 million in seed funding and a secure access solution for remote workers. The post Secure Access Startup Sonet.io Emerges From Stealth With $6 Million in Funding appeared first on SecurityWeek.
Apiiro Launches Application Attack Surface Exploration Tool
Apiiro’s Risk Graph Explorer helps security teams to understand their application attack surface. The post Apiiro Launches Application Attack Surface Exploration Tool appeared first on SecurityWeek.
Millions of Exposed Artifacts Found in Misconfigured Cloud Software Registries
Aqua Security found over 250 million artifacts and more than 65,000 container images in misconfigured registries. The post Millions of Exposed Artifacts Found in Misconfigured Cloud Software Registries appeared first on SecurityWeek.
Thousands of misconfigured container and artifact registries expose sensitive credentials
Researchers have found thousands of publicly exposed and misconfigured container registries and artifact repositories belonging to businesses that could give attackers access to access tokens, encryption keys, and other sensitive information about internal systems. This information can allow attackers to plan and execute attacks against production and development systems, and in some cases even inject […]
Circle Security debuts platform “purpose-built” to tackle credential-driven threats, cloud attacks
Cybersecurity company Circle Security has emerged from stealth with the release of a new platform “purpose-built” to protect against credential-driven threats and cloud attacks. Powered by a decentralized architecture, Circle is available as a device-native service, a mobile app, a browser-based solution, and via a developer-focused API, according to the firm. Circle Security boasts an […]
New AWS GuardDuty capabilities secure container, database, serverless workloads
Amazon Web Services (AWS) has added three new capabilities to its threat detection service Amazon GuardDuty. The new features expand GuardDuty protection to container runtime behavior, as well as database and serverless environments, strengthening customer security through enhanced coverage, AWS said. GuardDuty is part of a broad set of AWS security services that help customers […]
RSA Conference 2023 – Announcements Summary (Day 1)
Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco. The post RSA Conference 2023 – Announcements Summary (Day 1) appeared first on SecurityWeek.
Kaspersky Analyzes Links Between Russian State-Sponsored APTs
Kaspersky believes that Russia-linked threat actors Tomiris and Turla are cooperating at least at a minimum level. The post Kaspersky Analyzes Links Between Russian State-Sponsored APTs appeared first on SecurityWeek.
Google Audit Finds Vulnerabilities in Intel TDX
Over a nine-month audit, Google researchers identified ten security defects in Intel TDX, including nine vulnerabilities addressed with TDX code changes. The post Google Audit Finds Vulnerabilities in Intel TDX appeared first on SecurityWeek.
Insider Q&A: OpenAI CTO Mira Murati on Shepherding ChatGPT
OpenAI CTO Mira Murati discusses AI safeguards and the company’s vision for the futuristic concept of artificial general intelligence, known as AGI. The post Insider Q&A: OpenAI CTO Mira Murati on Shepherding ChatGPT appeared first on SecurityWeek.
What Oracle’s cloud expansion means for businesses in the Middle East
To meet the rapidly growing demand for its cloud services, Oracle has announced plans to open a third public cloud region in Saudi Arabia. Located in Riyadh, the new cloud region will be part of a planned $1.5 billion USD investment from Oracle to expand cloud infrastructure capabilities in the Kingdom. The new region in […]
AI’s one true X factor: Leadership
If there are any eternal truths about emerging technologies, it’s that there are always naysayers. Some who deride the value of the latest ingenuity prove prescient. Others, not so much. Ken Olson, president, chairman, and founder of Digital Equipment Corp., famously once advised, “There is no reason for any individual to have a computer in […]
Siemens focuses on zero trust, legacy hardware, supply chain challenges to ensure cybersecurity of internal systems
Siemens has been working to be on top of vulnerabilities found in its products, but more importantly, to ensure the security of its internal operations. The manufacturing giant that works across several different lines of business, including industrial, smart infrastructure, health care, financial services, is protecting its systems by focusing on three main areas: zero […]
AI-powered chatbots: the threats to national security are only beginning
The United Kingdom’s National Cyber Security Center (NCSC) recently issued a warning to its constituents on the threat posed by artificial intelligence (AI) to the national security of the UK. This was followed shortly by a similar warning from NSA cybersecurity director Rob Joyce. It is clear there is great concern from many nations surrounding […]
2023 CIO 100 UK Awards Open for Entries and Launch New Recognition Awards
The CIO 100 returns for 2023 to showcase and celebrate the top 100 CIOs and their teams across the UK. The Official CIO 100 Awards UK acknowledges the best and brightest CIOs and technology leaders in the UK, celebrating their digital transformation achievements, and reflecting on themes and ideas which emerged from submissions. The awards […]
Generative AI: A paradigm shift in enterprise and startup opportunities
Vlad Sejnoha, Partner at Glasswing Ventures, former CTO & SVP R&D at Nuance, and Kleida Martiro, Principal at Glasswing Ventures are contributing authors. Generative AI (Artificial Intelligence) and its underlying foundation models represent a paradigm shift in innovation, significantly impacting enterprises exploring AI applications. For the first time, because of generative AI models, we have […]
Investors Place Early $4 Million Bet on Stack Identity
Silicon Valley startup emerges from stealth with $4 million in seed-stage funding and ambitious plans to disrupt the IAM governance market. The post Investors Place Early $4 Million Bet on Stack Identity appeared first on SecurityWeek.
Paladin Cloud launches new tool for attack surface discovery and management
Open source, cloud security firm Paladin Cloud has launched a new SaaS-based platform for enterprise cloud attack surface discovery and vulnerability management. Built on Paladin Cloud’s open source core, the platform has a set of security policies implemented in code to serve as an extended policy management tool that integrates into various enterprise systems, providing […]
OT giants collaborate on ETHOS early threat and attack warning system
One of the greatest fears among government officials and security experts is a crippling cyberattack on industrial organizations that run essential services, including electricity, water, oil and gas production, and manufacturing systems. The proprietary and complex nature of the operational technology (OT) tools used in these systems, not to mention their rapid convergence with IT […]
Flashpoint releases Ignite platform with threat intelligence reports, rule-based alerts
Threat intelligence firm Flashpoint has announced the release of Ignite, a new intelligence platform built to accelerate cross-functional risk mitigation and prevention across vulnerability management and security teams, including those in law enforcement, state and local government, and federal civilian agencies. Designed for practitioners, Ignite delivers real-time pictures of pertinent risks while reducing silos that […]
Cloud chaos: The challenges of managing data and applications across mixed environments
Six out of ten organizations today are using a mix of infrastructures, including private cloud, public cloud, multi-cloud, on-premises, and hosted data centers, according to the 5th Annual Nutanix Enterprise Cloud Index. Managing applications and data, especially when they’re moving across these environments, is extremely challenging. Only 40% of IT decision-makers said that they have […]
Adrian Stone Joins Moderna as CISO
Former Peloton CISO Adrian Stone has been tapped to steer the security ship at pharmaceutical and biotechnology giant Moderna. The post Adrian Stone Joins Moderna as CISO appeared first on SecurityWeek.
Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw
Researchers warn that majority of Windows and macOS PaperCut installations still vulnerable to critical vulnerability already exploited in malware attacks. The post Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw appeared first on SecurityWeek.
IBM offers integrated security management with QRadar release
IBM at the RSA conference today announced the availability of its new QRadar Security Suite, which is designed to help simplify the challenges faced by security teams tasked with managing an ever-growing list of different security tools. QRadar is a largely AWS-based SaaS system that features four core products that can be managed from the […]
Akamai debuts Brand Protector service to combat phishing, online forgery
Akamai is rolling out a new service designed to provide automated detection, investigation and even takedown services for businesses looking to protect their online reputations from digital criminals and phishing campaigns. The basic concept of the new service, launched at RSA Conference in San Francisco today, is simple — Akamai, via its large array of […]
Hackers behind 3CX breach also breached US critical infrastructure
The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec. Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, […]
AT&T Cybersecurity Insights Report
This year’s Annual AT&T Cybersecurity Insights Report focuses on the edge ecosystem, with the core report focusing on connecting and securing the entire edge computing ecosystem. This includes transport infrastructure, endpoints, operating systems, application workloads, and production monitoring/management/mitigation/runtime. The 2023 AT&T Cybersecurity Insights Report presents a perspective that recognizes the essential characteristics and key differences […]
The Relationship Between Security Maturity and Business Enablement
AT&T Cybersecurity and Enterprise Strategy Group (ESG) completed a benchmark survey to better understand what a mature cybersecurity program looks like and how that maturity influences security and business outcomes. Results from the 500 security professionals surveyed on their processes, policies, and controls were mapped into the NIST Cybersecurity Framework’s (CSF) five foundational cybersecurity functions: […]
New Data Sharing Platform Serves as Early Warning System for OT Security Threats
Several OT cybersecurity firms have teamed up to create an information sharing platform designed to serve as an early warning system for critical infrastructure. The post New Data Sharing Platform Serves as Early Warning System for OT Security Threats appeared first on SecurityWeek.
Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor
Threat actors have been observed abusing Kubernetes RBAC to create backdoors and hijack cluster resources for cryptocurrency mining. The post Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor appeared first on SecurityWeek.
North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware
North Korea-linked hacking group BlueNoroff/Lazarus was seen using the RustBucket macOS malware in recent attacks. The post North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware appeared first on SecurityWeek.
Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks
Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations. The post Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks appeared first on SecurityWeek.
External Signs of Narcissism – Raising Awareness to Avoid Collateral Damage
Learning how to spot the signs of narcissism and identify narcissists will help us ensure that we do not bring these people into our security and fraud teams, or our enterprises. The post External Signs of Narcissism – Raising Awareness to Avoid Collateral Damage appeared first on SecurityWeek.
SolarWinds Platform Update Patches High-Severity Vulnerabilities
SolarWinds has patched two high-severity vulnerabilities that could lead to command execution and privilege escalation. The post SolarWinds Platform Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
EU task force to review ChatGPT
The European Data Protection Board (EDPB) wants to set up a task force to take a closer look at AI tools like ChatGPT, which is being interpreted as an indication that European data protection officers could set stricter rules for the use of AI. The Italian data protection authorities in particular got a head start a few weeks ago. Since ChatGPT operator […]
UC Riverside turns to cloud to supercharge scientific research
For research institutions, a solid IT foundation can prove to be the difference in delivering meaningful results for scientific endeavors — and thereby in securing valuable funding for further research. To that end, University of California, Riverside has launched an ambitious cloud transformation to shift from a small on-premises data center to an advanced research […]
North Dakota turns to AI to boost effectiveness and efficiency of its cybersecurity
The recent proliferation of tools that employ artificial intelligence (AI) or machine learning (ML) to perform human-like tasks has sparked a great deal of interest in the cybersecurity community. And they’ve prompted some very hard questions about the future, not the least of which is whether ChatGPT, BardAI, Bing AI, and the dozens of other […]
38 Countries Take Part in NATO’s 2023 Locked Shields Cyber Exercise
More than 3,000 participants from 38 countries took place in NATO’s 2023 Locked Shields cyber defense exercise. The post 38 Countries Take Part in NATO’s 2023 Locked Shields Cyber Exercise appeared first on SecurityWeek.
Iran cyberespionage group taps SimpleHelp for persistence on victim devices
Iranian APT hacking group MuddyWater has been observed using SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices. SimpleHelp itself, as used by the threat actors, has not been compromised — instead, the group has found a way to download the tool from the official website and use it […]
Cisco patches high and critical flaws across several products
Cisco fixed serious vulnerabilities across several of its products this week, including in its Industrial Network Director, Modeling Labs, ASR 5000 Series Routers, and BroadWorks Network Server. The flaws can lead to administrative command injection, authentication bypass, remote privilege escalation and denial of service. The Cisco Industrial Network Director (IND), a network monitoring and management […]
Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs
The North Korean hacking group behind the supply chain attack that hit 3CX also broke into two critical infrastructure organizations in the energy sector. The post Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs appeared first on SecurityWeek.
Pillars of successful multi-cloud application platforms
Software development teams can transform or constrict a modern enterprise in today’s digital economy. As such, many organizations are starting to invest in enhancing the developer experience, understanding that a frictionless process can improve business outcomes and drive higher performance. Organizations encounter friction when shifting gears to cloud and multi-cloud, especially as they scale – […]
Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform
Texas startup scores financing to build an AI-powered anti-ransomware engine to help organizations ward off data-extortion attacks. The post Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform appeared first on SecurityWeek.
Production Assurance AI answers: Can we be profitable in the future?
In the last few years, we’ve all learned how to become more agile. In the face of unplanned events like a global pandemic and various geopolitical events, we had to change and pivot on demand. This holds true for individuals and businesses alike, and notably so in the manufacturing environments where I spend much of […]
Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities
Five Eyes agencies have issued joint cybersecurity guidance and best practices for smart cities. The post Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities appeared first on SecurityWeek.
Abandoned WordPress Plugin Abused for Backdoor Deployment
Attackers are installing the abandoned Eval PHP plugin on compromised WordPress sites to inject PHP code into web pages. The post Abandoned WordPress Plugin Abused for Backdoor Deployment appeared first on SecurityWeek.
Most interesting products to see at RSA Conference 2023
Security professionals attending this year’s RSA Conference expect to learn about new tools, platforms, and services from the 600-plus vendors exhibiting there. That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here. More announcements will be made throughout the […]
Good Friday Agreement paved way for Northern Ireland’s emergence as a global cybersecurity hub
The Belfast (Good Friday) Agreement played an integral role in enabling Northern Ireland’s growth as a global cybersecurity hub, according to UK government chiefs speaking at the CyberUK conference in Belfast. The Good Friday Agreement was signed on Good Friday, April 10, 1998, following three decades of conflict known as the Troubles. In introduced several […]
Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors
A vulnerability in Google Cloud Platform allowed attackers to modify and hide OAuth applications to create a stealthy backdoor to any Google account. The post Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors appeared first on SecurityWeek.
GitHub Announces New Security Improvements
GitHub this week introduced NPM package provenance and deployment protection rules and announced general availability of private vulnerability reporting. The post GitHub Announces New Security Improvements appeared first on SecurityWeek.
The strong link between cyber threat intelligence and digital risk protection
While indicators of compromise (IoCs) and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence (CTI) needs have grown over the past few years, driven by things like digital transformation, cloud computing, SaaS propagation, and remote worker support. In fact, these changes have led to a CTI subcategory focused on […]
3CX hack highlights risk of cascading software supply-chain compromises
At the end of March, an international VoIP software company called 3CX with over 600,000 business customers suffered a serious software supply-chain compromise that resulted in both its Windows and macOS applications being poisoned with malicious code. New evidence suggests the attackers, believed to be North Korean state-sponsored hackers, gained access to the company’s network […]
Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information
Capita finally confirmed that hackers stole data after the Black Basta ransomware group offered to sell information allegedly stolen from the company. The post Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information appeared first on SecurityWeek.
House Committee Hears Testimony on DC Health Data Breach
A top administrator with Washington’s health insurance exchange apologized to House members on Wednesday for the data breach that resulted in the disclosure of personal information for thousands of users. The post House Committee Hears Testimony on DC Health Data Breach appeared first on SecurityWeek.
4 perils of being an IT pioneer
The speed at which enterprises adopt emerging technology is widely acknowledged as a key driver of success. As a result, organizations often rush to adopt new technology believing it will make them operationally more efficient and enhance their competitiveness. Proponents of early technology adoption further argue that it enables companies to build informal relationships with […]
Best project management certifications of 2023
Behind every successful IT project, you’ll find a highly skilled project manager. From hardware and software upgrades to ongoing security patches, to application development and the rollout of software itself, project managers keep your teams on task and productive. Almost any IT pro can benefit from adding a project management certification to their list of […]
Greater innovation comes with a cost: increased IT complexity
Digital transformation has changed how businesses operate, making them more agile and responsive to the markets they serve. But this transformation has come at a cost: a rambling web of software tools and applications, cloud infrastructures, and decentralized application services. And this complexity presents a big challenge to IT teams. In tandem with digital transformation […]
Demystifying hybrid cloud solutions
When we think of digital transformation, perhaps no other technology comes to mind as quickly as the cloud. Many businesses have, in some form or another, been migrating their operations to the cloud for years now. But that doesn’t mean legacy systems suddenly cease to exist. A 2022 survey of business leaders by Rocket Software […]
Cost-effective security: certainty without complexity
In a recent article, we discussed the connection between digital transformation, innovation, and rising IT complexity. And we noted that complexity presents a big challenge to cybersecurity teams. Nevertheless, organizations have armed themselves with a litany of best-of-breed tools to tackle their most pressing security challenges. Many large enterprises use upwards of 40 to 50 tools […]
VMware Patches Pre-Auth Code Execution Flaw in Logging Product
VMware warns of two critical vulnerabilities — CVE-2023-20864 and CVE-2023-20865 — in the VMware Aria Operations for Logs product. The post VMware Patches Pre-Auth Code Execution Flaw in Logging Product appeared first on SecurityWeek.
Podcast: IHH Healthcare’s Francis Yeow on talent
Francis Yeow – Country Information Security Officer of Singapore at IHH Healthcare – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about talent, risk culture in organisations, and more. To read this article in full, please click here
Consulting, software boost IBM revenue as it turns to AI
Strong performances in software and consulting helped IBM’s profit and revenue increase in the first quarter, even as a post-pandemic slowdown hit much of the technology industry. IBM’s software and consulting revenue both rose 3% year over year. In the software segment, IBM’s enterprise Linux unit, Red Hat, saw growth of 8%, while application operations […]
Microsoft Will Name APTs Actors After Weather Events
Microsoft plans to use weather-themed naming of APT actors as part of a move to simplify the way threat actors are documented. The post Microsoft Will Name APTs Actors After Weather Events appeared first on SecurityWeek.
Xage’s new IAM offering provides multilayer authentication for ICS/OT
Zero trust security provider Xage Security has added a multilayer identity and access management (IAM) solution to its decentralized access control platform Xage Fabric to secure assets in different layers of operational technology (OT) and industrial control systems (ICS) environments. “Multilayer IAM is needed for a couple of reasons,” said Roman Arutyunov, co-founder, and SVP […]
Ransomware Attack Hits Health Insurer Point32Health
Health insurer Point32Health takes systems offline after falling victim to ransomware attack. The post Ransomware Attack Hits Health Insurer Point32Health appeared first on SecurityWeek.
Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App
3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm. The post Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App appeared first on SecurityWeek.
Phylum Adds Open Policy Agent to Open Source Analysis Engine
The software supply chain security firm adds the Open Policy Agent to its risk analysis engine, increasing flexibility for the creation and enforcement of custom policies on the use of open source software. The post Phylum Adds Open Policy Agent to Open Source Analysis Engine appeared first on SecurityWeek.
Air Force Unit in Document Leaks Case Loses Intel Mission
The Air Force is investigating how a lone airman could access and distribute possibly hundreds of highly classified documents, and in the meantime has taken away the intelligence mission from the unit where the leaks took place The post Air Force Unit in Document Leaks Case Loses Intel Mission appeared first on SecurityWeek.
Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs
Cisco this week released patches for critical-severity vulnerabilities impacting its Industrial Network Director and Modeling Labs applications. The post Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs appeared first on SecurityWeek.
Five Eye nations release new guidance on smart city cybersecurity
New guidance, Cybersecurity Best Practices for Smart Cities, wants to raise awareness among communities and organizations implementing smart city technologies that these beneficial technologies can also have potential vulnerabilities. A collaboration among the Five Eye nations (Australia, Canada, New Zealand, the UK, and the US), it advises communities considering becoming smart cities to assess and […]
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management
Cyber insurance provider At-Bay has announced the launch of a new InsurSec solution to help small-to-mid sized businesses (SMBs) improve their security and risk management postures through their insurance policy. The firm describes the At-Bay Stance platform as a “world’s first” that aims to addresses major security technology and skills access gaps by centralizing and […]
PaperCut Warns of Exploited Vulnerability in Print Management Solutions
Print management solutions provider PaperCut warns that exploitation of a recently patched vulnerability has commenced. The post PaperCut Warns of Exploited Vulnerability in Print Management Solutions appeared first on SecurityWeek.
UK Warns of Russian Hackers Targeting Critical Infrastructure
The UK government’s information security arm warns of Russian state-aligned groups aiming to disrupt and destroy critical infrastructure in Western countries. The post UK Warns of Russian Hackers Targeting Critical Infrastructure appeared first on SecurityWeek.
CDIO Salumeh Companieh on putting the product mindset into action
Making the shift from project- to product-based IT requires more than just an operational map of capabilities and the cross-functional teams that will own them. It takes an organization-wide shift in mindset that gets people thinking and working in ways that align with the client’s definition of value. Salumeh “Sal” Companieh, chief digital and information […]
What CIOs need to become better enablers of sustainability
Over 90 wildfires ravaged Spain’s Asturias principality in March this year. Though not as cold and wet as northern Europe, March is still the tail end of winter in northwest Spain, a region not typically considered a tinder box. But the climate emergency is steadily changing that. But Spain’s predicament isn’t unique. Across the world, […]
Global intelligence assessments: you are the target
The duty and responsibility of every intelligence service is to collect, analyze, and disseminate intelligence information to its country’s policymakers. In a prior piece, we discussed the US Office of the Director of National Intelligence (ODNI) global threat assessment in the cyber domain. What follows is the perspective from other countries’ intelligence services on what […]
Fortra Completes Investigation Into GoAnywhere Zero-Day Incident
Fortra has shared a summary of its investigation into the GoAnywhere zero-day incident that hit dozens of the company’s customers earlier this year. The post Fortra Completes Investigation Into GoAnywhere Zero-Day Incident appeared first on SecurityWeek.
DC Health Link Data Breach Blamed on Human Error
The recent data breach of personal information for thousands of users of Washington D.C.’s health insurance exchange, including members of Congress, was caused by basic human error The post DC Health Link Data Breach Blamed on Human Error appeared first on SecurityWeek.
Former convicted hacker Hieu Minh Ngo on top cybersecurity vulnerabilities to watch out for
Hieu Minh Ngo – Cybersecurity Specialist at the National Cyber Security Center of Vietnam – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about his past as a black-hat hacker, common cybersecurity pitfalls to avoid, and more. To read this article in full, please click here
Hong Kong Baptist University’s Allan Wong on his award-winning implementation of zero trust security
Allan Wong – Director of Information Technology at Hong Kong Baptist University – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the stumbling blocks in the adoption of zero trust, how to create security policies without hampering employee productivity, and more. To read this article in full, please click here
IHH Healthcare’s Francis Yeow on talent
Francis Yeow – Country Information Security Officer of Singapore at IHH Healthcare – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about talent, risk culture in organisations, and more. To read this article in full, please click here
BrandPost: The status quo for DNS security isn’t working
The Domain Name System (DNS) is often referred to as the phone book of the internet. DNS translates web addresses, which people use, into IP addresses, which machines use. But DNS was not designed with security in mind. And even though companies have invested incredible amounts of money into their security stack (and even though […]
Russian cyber spy group APT28 backdoors Cisco routers via SNMP
APT28, the hacking arm of Russia’s GRU military intelligence agency has been backdooring Cisco routers by exploiting a remote code execution vulnerability in the Cisco IOS implementation of the simple network management protocol (SNMP), according to a statement by Western security agencies. The malware deployed on compromised routers patches the router’s authentication mechanism to always […]
How to succeed as a fractional CIO
What is a fractional CIO? Fractional CIOs operate in a sphere that’s significantly different from their traditional, full-time counterparts. A fractional CIO is a technology leader hired on a temporary or part-time basis, explains Peter Kirkwood, corporate strategy leader at management consulting and strategy advisory firm Zinnov. A fractional CIO is typically an experienced IT […]
Top considerations for data modernization initiatives
Most organizations are already well under way with their digital transformation journeys, particularly data modernization. For most companies, the drive for data modernization is attributed to the massive growth of data and a business goal to harness as much data as possible to unlock its potential in transformative ways. Adopting cloud-based solutions is, perhaps, one […]
Investors Bet Big on Safe Security for Cyber Risk Management
Safe Security, a startup building technology to help organizations manage cyber risk, has secured a $50 million Series B funding round. The post Investors Bet Big on Safe Security for Cyber Risk Management appeared first on SecurityWeek.
Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced
Russian national Denis Dubnikov has been sentenced to time served after he pleaded guilty to charges related to laundering money for the Ryuk ransomware group. The post Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced appeared first on SecurityWeek.
OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks
The Open Source Security Foundation (OpenSSF) has announced the release of Supply-chain Levels for Software Artifacts (SLSA) v.1.0 with structure changes designed to make the software supply chain security framework more accessible and specific to individual areas of the software delivery lifecycle. SLSA is a community-driven supply chain security standards project that outlines increasing security […]
Darwinium upgrades its payment fraud protection platform
Security and fraud prevention vendor Darwinium has updated its Continuous Customer Protection platform to provide shared intelligence on anonymized data sets. The company claims that the update ensures customers remain in control of users’ data while also preventing Darwinian from becoming a target of cybercrime. Use cases for the Darwinium platform include account security, scam […]
Lacework adds vulnerability risk management to its flagship offering
Cloud security provider Lacework has added a new vulnerability risk management capability to its cloud-native application protection (CNAPP) offering. The SaaS capability will combine active package detection, attack path analysis, and in-house data on active exploits to generate personalized vulnerability risk scores. “Lacework takes a risk-based approach that goes beyond a common vulnerability scoring system […]
Dasera Scores $12M Funding for Cloud Data Security
The Series A funding round was led by Storm Ventures and brings the total raised by Dasera to $20 million. The post Dasera Scores $12M Funding for Cloud Data Security appeared first on SecurityWeek.
Cleaning Up Costs: Avaya and Stemmer Distribution
Stemmer Distribution, the largest French company to provide dental products to healthcare professionals since 1978, was able to reduce costs while improving their customer experience with the help of Avaya. With 250 employees and 14 companies across six sites, Stemmer needed a flexible and fluid communication solution for their customers as the brand experienced a […]
Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers
Discarded enterprise routers are often not wiped and contain secrets that could be highly useful to malicious hackers. The post Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers appeared first on SecurityWeek.
Top risks and best practices for securely offboarding employees
Employees won’t work for the same organization forever and dealing with their departures is just part and parcel of business. But the security risks posed by departing staff can be significant. Without secure off-boarding processes, organizations expose themselves to a variety of cybersecurity risks ranging from the innocuously accidental to the maliciously deliberate. High turnover […]
UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure
The UK National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert states that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, […]
Coro Raises $75 Million for Mid-Market Cybersecurity Platform
Coro, an enterprise cybersecurity platform for mid-market organizations, has raised $75 million from Energy Impact Partners. The post Coro Raises $75 Million for Mid-Market Cybersecurity Platform appeared first on SecurityWeek.
Oracle Releases 433 New Security Patches With April 2023 CPU
Oracle’s April 2023 critical patch update (CPU) includes 433 new security patches, including more than 70 that fix critical vulnerabilities. The post Oracle Releases 433 New Security Patches With April 2023 CPU appeared first on SecurityWeek.
Google Patches Second Chrome Zero-Day Vulnerability of 2023
Google warns of another zero-day vulnerability in Chrome, only days after addressing a similar issue. The post Google Patches Second Chrome Zero-Day Vulnerability of 2023 appeared first on SecurityWeek.
Oracle adds AI, automation capabilities to SCM, HCM Fusion apps
Oracle on Wednesday said it is adding new AI and automation capabilities to its Fusion Supply Chain Management (SCM) and Fusion Human Capital Management (HCM) suites to help enterprises increase efficiency across divisions. The updates to the SCM suite, which have been made generally available, include an AI-based planning tool, an enhanced quote-to-cash process for […]
CIO Fletcher Previn on designing the future of work
It has been three years since COVID sent us into remote work, and we now find ourselves with a new challenge: employees who have never met in person. The hybrid work paradigm has exposed the importance of getting in front of evolving changes in the way employees will work together in the future, accelerating IT […]
Will Taiwan be the next supply chain bottleneck for IT?
Taiwan’s semiconductor factories, the source of many of the chips used in the world’s PCs, servers, and mobile phones, operate under a constant threat of disruption. The threats are both geological (earthquakes frequently force high-tech plants to shut down despite them being built to withstand seismic shocks) and geopolitical: China considers Taiwan to be part […]
Deutsche Bahn CIO on track to decentralize IT
Bernd Rattey has been Group CIO and CDO of Deutsche Bahn (DB) since 2021, after being in charge of IT at subsidiary DB Fernverkehr AG for five years. And it was during that time he got to know the railways from a different business area. In his eyes, the entire DB group works like a federal system, […]
How to know it’s time for a new CIO gig
It’s no secret that the labor market has been volatile in recent years, with workers moving positions in record numbers. But it’s not just lower-level staffers making moves: Plenty of CIOs have been shuffling jobs during the past few years, too. In its 2022 Global Leadership Monitor survey, executive search firm Russell Reynolds Associates reported […]
Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure
A subgroup of Iran-linked APT Phosphorus (Mint Sandstorm) has started to quickly adopt PoC exploit code targeting vulnerabilities in internet-facing applications. The post Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure appeared first on SecurityWeek.
US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers
US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability. The post US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers appeared first on SecurityWeek.
App cyberattacks jump 137%, with healthcare, manufacturing hit hard, Akamai says
An analysis of customer data collected by content delivery network and internet services giant Akamai found that attacks targeting web applications rose by 137% over the course of last year, as the healthcare and manufacturing sectors in particular were targeted with an array of API and application-based intrusions. Local file intrusions — in which attackers […]
Hard-to-detect malware loader distributed via AI-generated YouTube videos
Security researchers warn of a new malware loader that’s used as part of the infection chain for the Aurora information stealer. The loader uses anti-virtual-machine (VM) and unusual compilation techniques that seem to make it quite successful at avoiding detection by security solutions. The Aurora infostealer is written in Go and is operated as a […]
6 ways to drive Wi-Fi operational efficiencies
By: Gayle Levin, Senior Product Marketing Manager for Wireless at Aruba, A Hewlett Packard Enterprise Company. If you’re like me and you’ve been reading the news lately, the economic outlook is all over the place. It’s difficult enough to prioritize IT spending and align efforts to support business initiatives without trying to predict the future […]
IT Leadership – and Networking – Take Center Stage at FutureIT Event Series
The room was abuzz. People were standing, talking intensely, mingling, and meeting new people. This was our first in-person conference in 2023, and it was going exactly as planned: Participants were engaged and networking. In all of our surveys, networking is always one of the top two reasons attendees come to our events (the other […]
Daon’s TrustX to offer SaaS-based, no-code identity journeys
Identity and access management provider Daon has launched a SaaS-based identity proofing and authentication platform TrustX, designed to help customers create and manage user identity journeys across organizational workflows. The fully managed offering will use artificial intelligence (AI) and machine learning (ML) tools to support identity journeys, which will include building, verifying, and authenticating identities, along […]
SpinOne adds new capabilities to secure SaaS applications and data
SaaS data protection provider Spin.ai has launched two new service modules — SaaS security posture management (SSPM) and SaaS data leak prevention/loss protection (SDLP) — along with a few new capabilities for existing modules, to its flagship SaaS security platform SpinOne. The enhancements to the SaaS-based offering aim to protect SaaS applications, automate manual processes, […]
SpecterOps Scores $25M Funding to Secure ID Attack Paths
Seattle startup SpecterOps secures $25 million in Series A funding to boost its BloodHound Enterprise platform. The post SpecterOps Scores $25M Funding to Secure ID Attack Paths appeared first on SecurityWeek.
New ‘Domino’ Malware Linked to FIN7 Group, Ex-Conti Members
New Domino backdoor brings together former members of the Conti group and the FIN7 threat actors. The post New ‘Domino’ Malware Linked to FIN7 Group, Ex-Conti Members appeared first on SecurityWeek.
Takedown of GitHub Repositories Disrupts RedLine Malware Operations
Four GitHub repositories used by RedLine stealer control panels were suspended, disrupting the malware’s operations. The post Takedown of GitHub Repositories Disrupts RedLine Malware Operations appeared first on SecurityWeek.
Businesses detect cyberattacks faster despite increasingly sophisticated adversaries
Global organizations are improving their attack detection capabilities despite facing increasingly sophisticated, persistent, and creative adversaries. The Mandiant M-Trends 2023 report, now in its fourteenth year, revealed that the global median dwell time – calculated as the median number of days an attacker is present in a target’s environment before detection – dropped to 16 […]
NSO Group Used at Least 3 iOS Zero-Click Exploits in 2022: Citizen Lab
NSO Group used at least three iOS zero-click exploits in Pegasus attacks in 2022: FindMyPwn, PwnYourHome, and LatentImage. The post NSO Group Used at Least 3 iOS Zero-Click Exploits in 2022: Citizen Lab appeared first on SecurityWeek.
Elon Musk Says He’ll Create ‘TruthGPT’ to Counter AI ‘Bias’
Elon Musk plans to create an alternative to the popular AI chatbot ChatGPT that he is calling “TruthGPT,” which will be a “maximum truth-seeking AI that tries to understand the nature of the universe.” The post Elon Musk Says He’ll Create ‘TruthGPT’ to Counter AI ‘Bias’ appeared first on SecurityWeek.
The classified document leak: let’s talk about Jack Teixeira’s need-to-know
The arrest of 21-year-old Airman First Class Jack Teixeira last week has inspired myriad reactions from armchair pundits declaring 21 is too young to be trusted with classified information to the need to reform the Department of Defense and the intelligence community to the US Speaker of the House calling for hearings on how the […]
19 startups to check out at RSA Conference 2023
This year’s RSA Conference showcases promising startups from all over the world, many of which are making their first public appearance. Most will be exhibiting in the Early Stage Expo, which features 50 new security solution providers. Other startup exhibitors are finalists in RSA’s Innovation Sandbox competition. Perhaps the most interesting aspect about startups is […]
Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks
Threat actors are getting more adept at exploiting common, everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most […]
New Qbot campaign delivers malware by hijacking business emails
Cyberattacks that use banking trojans of the Qbot family have been targeting companies in Germany, Argentina, and Italy since April 4 by hijacking business emails, according to a research by cybersecurity firm Kaspersky. In the latest campaign, the malware is delivered through emails written in English, German, Italian, and French. The messages are based on […]
Lockr Raises $2.5 Million for Identity and Data Protection Platform
Personal identity and data protection provider Lockr has raised $2.5 million in pre-seed funding. The post Lockr Raises $2.5 Million for Identity and Data Protection Platform appeared first on SecurityWeek.
Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends
In a year dominated by kinetic/cyber war in Ukraine, North Korea doubles down on cryptocurrency thefts, China and Iran continue to take advantage, and a new form of personal intimidation of company personnel emerges. The post Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends appeared first on SecurityWeek.
Cyberinsurance Backstop: Can the Industry Survive Without One?
The purpose of a backstop would be to make cyberinsurance more widely available and affordable to the whole market – but it isn’t yet clear whether this can be achieved. The post Cyberinsurance Backstop: Can the Industry Survive Without One? appeared first on SecurityWeek.
CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog
CISA has added two vulnerabilities to its ‘must patch’ list, including a recently fixed Chrome flaw and a macOS flaw exploited by the DazzleSpy malware. The post CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog appeared first on SecurityWeek.
Why IT surveys can’t be trusted for strategic decisions
Information, according to the mathematical theory that bears its name, reduces uncertainty. If, for example, I tell you I tossed a coin twice, you’ll know there were four equally probable outcomes. But if I then tell you the first toss came up tails, the number of possible outcomes cuts in half: tails/heads or tails/tails. In […]
Cybersecurity M&A Roundup for April 1-15, 2023
Sixteen cybersecurity-related M&A deals were announced in the first half of April 2023. The post Cybersecurity M&A Roundup for April 1-15, 2023 appeared first on SecurityWeek.
Creative Software Maker Affinity Informs Customers of Forum Breach
UK-based creative software developer Affinity recently informed the 175,000 users of its forum of a data breach that occurred on April 6. The post Creative Software Maker Affinity Informs Customers of Forum Breach appeared first on SecurityWeek.
Buying advice for CIOs as low-code/no-code spending rises
Faced with a long-running shortage of experienced professional developers, enterprise IT leaders have been exploring fresh ways of unlocking software development talent by training up non-IT staff and deploying tools that enable even business users to build or customize applications to suit their needs. A broad spectrum of tools has arisen to facilitate software development […]
The golden path to cloud success
As IT organizations attempt wide-scale cloud adoption, the importance of common best practices across applications and products is growing, sparking an exciting new conversation about platform teams and related disciplines like platform engineering. The problem statement driving the investment in platform teams is clear: developing, operating, and optimizing a modern application is becoming too complex […]
Norco Industries jumpstarts digital transformation with RPA
Chris Richner signed on as CIO of Norco Industries with a clear mission: To guide the US-based manufacturer through wholesale digital transformation. “I was brought on board to be a change agent,” says Richner, who is now 18 months into the job. “The first order of business was to get my infrastructure shored up, because […]
5 hot digital transformation trends — and 2 going cold
Digital transformation has always been a continuous journey, one that should become an organizational core competency, with the introduction of digital services an ongoing imperative to evolve the business and stave off disruption. While this may remain the case, subtleties are emerging about how digital transformation should be thought of, impacting how it should be […]
How TCS is helping to fight financial crime with AI and Microsoft Cloud
As consumers embrace ecommerce, digital banking, and online payment applications, the risk of fraud and other financial crimes has increased dramatically. Every new portal and mobile app expand the attack surface and give hackers new opportunities to exploit vulnerabilities. The stakes for financial organizations are growing as well. In 2021, U.S. fraud losses amounted to […]
Copaco Cloud: Increasing the sustainability of enterprises in Belgium, Luxembourg, and the Netherlands
Eindhoven-based Copaco is well-known for the cloud services and solutions it offers for managed service providers – including managed security service providers – independent software vendors and systems integrators throughout Belgium, Luxembourg, and the Netherlands. Delivered from the company’s highly advanced data centers, the Copaco Cloud, powered by VMware technologies, provides the core of the […]
Google urges users to update Chrome to address zero-day vulnerability
Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed. Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects […]
The Security and Productivity Implications of Low Code/No Code Development
The low code/no code movement provides simplified app generation – but it needs to be understood to be safe. The post The Security and Productivity Implications of Low Code/No Code Development appeared first on SecurityWeek.
7 countries unite to push for secure-by-design development
Ten agencies from across seven countries have joined forces to create a guide for software developer organizations to ensure their products are both secure by design and by default. The joint guidance, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default, comes after several recently identified critical vulnerabilities in vendor software. […]
CISA updates zero trust maturity model to provide an easier launch
The United States Cybersecurity and Infrastructure Security Agency (CISA) has published its Zero Trust Maturity Model (ZTMM) version 2, which incorporates recommendations from public comments it received on its first version of ZTMM. “CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” […]
LockBit Ransomware Group Developing Malware to Encrypt Files on macOS
The LockBit ransomware gang is developing malware designed to encrypt files on macOS systems and researchers have analyzed if it poses a real threat. The post LockBit Ransomware Group Developing Malware to Encrypt Files on macOS appeared first on SecurityWeek.
ZeroFox to Acquire Threat Intelligence Firm LookingGlass for $26 Million
Web security and threat intelligence firm ZeroFox is acquiring threat intelligence company LookingGlass for $26 million. The post ZeroFox to Acquire Threat Intelligence Firm LookingGlass for $26 Million appeared first on SecurityWeek.
7 cybersecurity mindsets that undermine practitioners and how to avoid them
It’s no secret that cybersecurity jobs are burning people out. It’s a high-pressure environment that ever seems to be ratcheting up the daily demand on security professionals. There are many reasons for this, but underlying them all is the way we think about security. By consciously recognizing these mindsets we can change them and better […]
Payments Giant NCR Hit by Ransomware
US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit. The post Payments Giant NCR Hit by Ransomware appeared first on SecurityWeek.
Mobb Raises $5.4 Million in Seed Funding for Automatic Vulnerability Fixing Tool
Boston-based Mobb has raised $5.4 million in seed funding for a product that automatically fixes vulnerabilities found in applications developed by customers. The post Mobb Raises $5.4 Million in Seed Funding for Automatic Vulnerability Fixing Tool appeared first on SecurityWeek.
Online Gaming Chats Have Long Been Spy Risk for US Military
Online gaming forums have long been a particular worry of the military because of their lure for young service members. The post Online Gaming Chats Have Long Been Spy Risk for US Military appeared first on SecurityWeek.
Mandiant’s new solution allows exposure hunting for a proactive defense
Google-owned cybersecurity provider Mandiant has launched Mandiant Proactive Exposure Management, a suite of products and services to help organizations focus on “attackable exposures” rather than just vulnerabilities. “Exposures go beyond vulnerabilities and are potential exploitable entry points that can be used by an adversary to gain initial compromise into an organization or supply chain ecosystem,” […]
The Engagement You’ll Find at Our Virtual Events
A record number of participants turned out for a discussion group with one of our speakers, Tom Kouloupolous, futurist and chairman and founder of Delphi Group, during our April virtual summit, CIO’s Future of Cloud and Data. Nearly all of the almost 300 viewers of his virtual session on “Living in the Cloud” jumped onto […]
Google Warns of New Chrome Zero-Day Attack
The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. The post Google Warns of New Chrome Zero-Day Attack appeared first on SecurityWeek.
EU privacy regulators to create taskforce to investigate ChatGPT
The move comes after a number of data privacy regulators from across Europe raised concerns about whether the chatbot is compliant with the EU’s GDPR privacy law.
Building the Generative AI-Driven Enterprise: Today’s Use Cases
Generative AI (GenAI) is taking the world by storm. During my career, I’ve seen many technologies disrupt the status quo, but none with the speed and magnitude of GenAI. Yet, we’ve only just begun to scratch the surface of what is possible. Now, GenAI is emerging from the consumer realm and moving into the enterprise […]
Stolen ChatGPT premium accounts up for sale on the dark web
Trade of stolen ChatGPT account credentials, especially those of the premium accounts, is on a rise on the dark web since March, enabling cybercriminals to get around OpenAI’s geofencing restrictions and get unlimited access to ChatGPT, according to research by Check Point. “During the last month, CPR (Check Point Research) observed an increase in the chatter in underground […]
CISA Introduces Secure-by-design and Secure-by-default Development Principles
CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products. The post CISA Introduces Secure-by-design and Secure-by-default Development Principles appeared first on SecurityWeek.
FBI Arrests 21-Year-Old Guardsman in Leak of Classified Military Documents
A Massachusetts Air National Guard member was arrested Thursday in connection with the disclosure of highly classified military documents about the Ukraine war and other top national security issues. The post FBI Arrests 21-Year-Old Guardsman in Leak of Classified Military Documents appeared first on SecurityWeek.
Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation
The Android vulnerability CVE-2023-20963, reportedly exploited as a zero-day by a Chinese app against millions of devices, was added to CISA’s KEV catalog. The post Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation appeared first on SecurityWeek.
Microsoft Warns Accounting, Tax Return Preparation Firms of Remcos RAT Attacks
A new Remcos RAT campaign is targeting US accounting and tax return preparation firms as Tax Day approaches. The post Microsoft Warns Accounting, Tax Return Preparation Firms of Remcos RAT Attacks appeared first on SecurityWeek.
Mandiant’s new solution allows exposure hunting for a proactive defense
Google-owned cybersecurity provider Mandiant has launched Mandiant Proactive Exposure Management offering, a suite of products and services to help organizations focus on “attackable exposures” rather than just vulnerabilities. “Exposures go beyond vulnerabilities and are potential exploitable entry points that can be used by an adversary to gain initial compromise into an organization or supply chain […]
Juniper Networks Patches Critical Third-Party Component Vulnerabilities
Juniper Networks this week announced patches for tens of vulnerabilities across its product portfolio, including critical bugs in Junos OS and STRM. The post Juniper Networks Patches Critical Third-Party Component Vulnerabilities appeared first on SecurityWeek.
Cerbos Raises $7.5 Million for Authorization Platform
Authorization layer solution provider Cerbos has raised $7.5 million in an extended seed round led by Omers Ventures. The post Cerbos Raises $7.5 Million for Authorization Platform appeared first on SecurityWeek.
6 best practices to develop a corporate use policy for generative AI
While there’s an open letter calling for all AI labs to immediately pause training of AI systems more powerful than GPT-4 for six months, the reality is the genie is already out of the bottle. Here are ways to get a better grasp of what these systems are capable of, and utilize them to construct […]
Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site
Cybersecurity firm Darktrace has issued a statement after it was listed on the leak website of the LockBit ransomware group. The post Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site appeared first on SecurityWeek.
Russian cyberspies hit NATO and EU organizations with new malware toolset
The Polish government warns that a cyberespionage group linked to Russia’s intelligence services is targeting diplomatic and foreign ministries from NATO and EU member states in an ongoing campaign that uses previously undocumented malware payloads. The group, known in the security industry as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia’s […]
How to find and retain talent, according to CIOs
At the recent IDC CIO Summit in Dubai – themed Enabling the Digital Economy’s Leaders – the topic of talent attraction and retention was a key talking point for those at the event. Finding and keeping tech talent has never been easy but as the world of work continues to evolve and organisations shift to […]
Circular innovation: how to create sustainable products
If you recycle, you’re living your belief that using and regenerating products or components in environmentally friendly ways is good for our planet and its people. By extension, you’ll likely find value in the circular economy concept. According to the renowned Ellen MacArthur Foundation, “Through design, we can eliminate waste and pollution, circulate products and […]
4 ways to enable explainability in generative AI
Have you ever gazed upon a Monet painting and lost yourself for a time? I have. I love great works of art. The University of London’s research says beautiful art catalyzes an instant release of dopamine into the brain. I feel that jolt of reward and motivation when I see a masterpiece. As an artist […]
Google Proposes More Transparent Vulnerability Management Practices
New Google paper calls for increased transparency from vendors regarding their vulnerability management practices. The post Google Proposes More Transparent Vulnerability Management Practices appeared first on SecurityWeek.
Microsoft patches vulnerability used in Nokoyawa ransomware attacks
Microsoft has released a patch for a Windows zero day vulnerability that has been exploited by cybercriminals in ransomware attacks. The vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver. CLFS is a general purpose logging service that can be used by dedicated client applications and that […]
Cisco to offer Webex air-gapped cloud system for security, defense work
The upcoming cloud system will provide an added layer of network and data handling security for companies working on national security and defense projects and collaborating through the Webex app.
4 strategies to help reduce the risk of DNS tunneling
Domain name system (DNS) tunneling is a pervasive threat that enables hackers to get any data in and out of a company’s internal network while bypassing most firewalls. The domain name system translates numeric internet protocol addresses that browsers can then use to load web pages — threat actors use tunneling to exploit this process […]
Dissecting threat intelligence lifecycle problems
In my last CSO article, I looked at a few challenges related to enterprise threat intelligence programs. Security pros pointed to issues like dealing with too many manual processes, sorting through noisy threat intelligence feeds, establishing clear ROI benefits, and managing threat intelligence programs that are little more than an academic exercise for the cyber-threat […]
ChatGPT Could Return to Italy if OpenAI Complies With Rules
ChatGPT could return to Italy if its maker, OpenAI, complies with measures to satisfy regulators who imposed a temporary ban on the AI software over privacy worries. The post ChatGPT Could Return to Italy if OpenAI Complies With Rules appeared first on SecurityWeek.
Cyfirma Raises $6 Million for Threat Management Platform
Threat intelligence and attack surface management company Cyfirma has raised $6 million in a pre-Series B funding round. The post Cyfirma Raises $6 Million for Threat Management Platform appeared first on SecurityWeek.
Data leader Tejasvi Addagada on the value of data governance
The emergence of business models driven by data along with the evolution of modern analytics and cloud capabilities have increased the interest in data management multifold. As a result, enterprises are breaking down data siloes, transforming their data architectures, and democratizing access to data tools to accelerate decision-making. But the journey to the data-driven enterprise […]
Microsoft Shares Resources for BlackLotus UEFI Bootkit Hunting
Microsoft has shared details on how threat hunters can check their systems for BlackLotus UEFI bootkit infections. The post Microsoft Shares Resources for BlackLotus UEFI Bootkit Hunting appeared first on SecurityWeek.
Looking for a New Security Technology? Choose a Partner, not a Vendor
An important area of differentiation to evaluate when you make your next security investment is the vendor’s effectiveness when it comes to customer success. The post Looking for a New Security Technology? Choose a Partner, not a Vendor appeared first on SecurityWeek.
Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data
Hikvision patches CVE-2023-28808, a critical authentication bypass vulnerability that exposes video data stored on its Hybrid SAN and cluster storage products. The post Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data appeared first on SecurityWeek.
CIO Digital Enterprise Forum 2023: How CIOs can strategically and ethically use generative AI
The CIO Digital Enterprise Forum will be held in London on Thursday 11th May at Prospero House, London Bridge. Amit Sen from the United Nations Refugee Agency and Howard Pyle from Experience Futures will host the opening keynote. They will focus on the importance of organizations linking analytics with social impact goals and standards of […]
5 CIOs on building a service-oriented IT culture
There was a time in the not-too-distant past when the prevailing thinking among IT organizations was that what we deliver is more important than how we deliver it. Today’s most successful CIOs recognize that service missteps can make or break their team’s reputation. A culture of service excellence ensures that the IT organization is viewed […]
Why IT leaders are putting more business spin on security spend
Gartner projects that spending on information security and risk management products and services will grow 11.3% to reach more than $188.3 billion this year. But despite those expenditures, there have already been at least 13 major data breaches, including at Apple, Meta and Twitter. To better focus security spend, some chief information security officers (CISOs) are shifting […]
Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS
Irrigation systems were disrupted recently in Israel in an attack that once again shows how easy it is to hack industrial control systems (ICS). The post Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS appeared first on SecurityWeek.
Hong Kong Baptist University’s Allan Wong on his award-winning implementation of zero trust security
Allan Wong – Director of Information Technology at Hong Kong Baptist University – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the stumbling blocks in the adoption of zero trust, how to create security policies without hampering employee productivity, and more. To read this article in full, please click here
Google launches dependency API and curated package repository with security metadata
This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming languages. Today, the company also announced the general availability of its Assured Open Source Software (Assured OSS) service, which provides development teams with a Google-curated repository of security-tested […]
Why you should patch the Windows QueueJumper vulnerability immediately
Microsoft patched over 100 vulnerabilities this week in its products, including a zero-day privilege escalation flaw used in the wild by a ransomware gang. However, another critical vulnerability that can be easily exploited to take over Windows systems remotely over local networks and the internet is likely to be of more interest to attackers and […]
Where is the AI?
The recent mass media love affair with ChatGPT has led many to believe that AI is a “here and now” technology, expected to become pervasive in enterprise and consumer products in the blink of an eye. Indeed, Microsoft’s $10B investment in OpenAI, the company behind ChatGPT, has many people expecting a complete and thorough integration […]
Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments
When every environment is treated the same, teams get consistent visibility, a unified view, and a common language to describe what’s happening for detection, investigation, and response across dispersed multi-cloud and hybrid environments. The post Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments appeared first on SecurityWeek.
Building a vision for real-time artificial intelligence
By George Trujillo, Principal Data Strategist, DataStax I recently had a conversation with a senior executive who had just landed at a new organization. He had been trying to gather new data insights but was frustrated at how long it was taking. (Sound familiar?) After walking his executive team through the data hops, flows, integrations, […]
Inside-Out Defense launches privilege access abuse detection, remediation platform
Cybersecurity vendor Inside-Out Defense has emerged from stealth with the launch of a new privilege access abuse detection and remediation platform. The SaaS, agentless platform supports all environments and applications, complementing existing identity and access management (IAM), privilege access management (PAM), and custom identity solutions, the firm said. Stolen access credentials are highly attractive to […]
Searchlight Cyber launches Stealth Browser for safe dark web access
Dark web intelligence company Searchlight Cyber has announced the launch of Stealth Browser – a new, secure virtual machine for cyber professionals to access the dark web and conduct investigations anonymously, reducing the risk to themselves and their organization. Stealth Browser is an enhancement to Searchlight’s Cerberus investigation platform, which is used by law enforcement […]
Wazuh launches version 4.4 with a suite of new capabilities
Open source security provider Wazuh has launched the latest version of its unified extended detection and response (XDR) and security information and event management (SIEM) platform with a suite of upgraded capabilities. Wazuh 4.4 adds a string of new features to Wazuh agents and managers, which users deploy on endpoints and servers respectively. These features […]
Biden Administration Seeks Input on AI Safety Measures
The Biden administration wants stronger measures to test the safety of artificial intelligence tools such as ChatGPT before they are publicly released. The post Biden Administration Seeks Input on AI Safety Measures appeared first on SecurityWeek.
400,000 Users Hit by Data Breach at Media Player Maker Kodi
Media player maker Kodi has started rebuilding its user forum after hackers stole databases containing user posts, messages, and login credentials. The post 400,000 Users Hit by Data Breach at Media Player Maker Kodi appeared first on SecurityWeek.
Fortinet Patches Critical Vulnerability in Data Analytics Solution
A critical vulnerability in Fortinet’s FortiPresence data analytics solution leads to remote, unauthenticated access to Redis and MongoDB instances. The post Fortinet Patches Critical Vulnerability in Data Analytics Solution appeared first on SecurityWeek.
Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks
A Windows zero-day tracked as CVE-2023-28252 and fixed by Microsoft with its April Patch Tuesday updates has been exploited in Nokoyawa ransomware attacks. The post Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks appeared first on SecurityWeek.
Going nuts: California’s largest almond cooperative streamlines its supply chain
During the pandemic, nut lovers were alarmed to see shelves in their favorite part of the supermarket empty–and devoid of the roasted delicacies they craved. Now, we finally understand why. In addition to the usual threats–droughts, wildfires, and weather–California almond growers had to contend with wild fluctuations in supply and demand while transportation resources became […]
How Microsoft’s Shared Key authorization can be abused and how to fix it
When many of us moved our server and application needs to the cloud, we rejoiced that we no longer had to worry about the drudgery of patching. We didn’t have to monitor servers and their Patch Tuesday deployments; it was all in Microsoft’s hands. But as often occurs with cloud deployments, a solution that means […]
OpenAI starts bug bounty program with cash rewards up to $20,000
Microsoft-backed OpenAI has launched a bug bounty program and is inviting the global community of security researchers, ethical hackers, and technology enthusiasts to help the company identify and address vulnerabilities in its artificial intelligent systems. “We are excited to build on our coordinated disclosure commitments by offering incentives for qualifying vulnerability information,” OpenAI said in […]
SAP Patches Critical Vulnerabilities in Diagnostics Agent, BusinessObjects
Two critical vulnerabilities in SAP Diagnostics Agent allow attackers to execute malicious commands on all monitored systems. The post SAP Patches Critical Vulnerabilities in Diagnostics Agent, BusinessObjects appeared first on SecurityWeek.
CISA Publishes New Guidance for Achieving Zero Trust Maturity
CISA has published the second version of its guide describing the necessary strategies and policies to achieve zero trust maturity. The post CISA Publishes New Guidance for Achieving Zero Trust Maturity appeared first on SecurityWeek.
Virtual Event Today: Zero Trust Strategies Summit
Join us for SecurityWeek’s 2023 Zero Trust Strategies Summit as we decipher the confusing world of zero trust and share war stories on securing an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. The post Virtual Event Today: Zero Trust Strategies Summit appeared first on SecurityWeek.
Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers
3CX has confirmed previous reports that the recently disclosed supply chain attack was likely conducted by North Korean hackers. The post Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers appeared first on SecurityWeek.
How Canadian Tire CIO & CTO balances lessons learned and leading with purpose
Having celebrated its 100th anniversary last year, Canadian Tire has had to perform some deft manoeuvring in the last couple of years to become more agile. And with his dual titles at the company—CIO and CTO—Rex Lee is in the driver’s seat to support digital transformation and implement shared knowledge across teams and management. No […]
5 tips for tackling technical debt
CIOs have contended with technical debt for decades, yet many still struggle to adequately manage it. And it’s costing them. Management consulting firm Protiviti surveyed more than 1,000 tech execs for its 2023 Global Technology Executive Survey and found that technical debt is a leading obstacle to innovation for nearly 70% of organizations. Executives also […]
Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware
Microsoft and Citizen Lab release information on the activities, malware and victims of Israeli spyware vendor QuaDream. The post Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware appeared first on SecurityWeek.
CIO Digital Enterprise Forum 2023: How CIOs can strategically and ethically use generative AI
The CIO Digital Enterprise Forum will be held in London on Thursday 11th May at Prospero House, London Bridge. Amit Sen from the United Nations Refugee Agency and Howard Pyle from Experience Futures will host the opening keynote. They will focus on the importance of organizations linking analytics with social impact goals and standards of […]
Accelerating innovation with cloud-native apps on Microsoft Cloud
The financial services sector is undergoing rapid change as fintechs develop convenient, consumer-focused services that were once the province of traditional banks. We spoke with Siddhartha Gupta, Global Head of Application Modernization on Azure at Tata Consultancy Services (TCS), about this trend and what financial services organizations need to do to improve their capacity for […]
plusserver: Offering a sovereign GDPR-compliant cloud “made in Germany”
Alexander Wallner, CEO of plusserver, believes the importance of the sovereign cloud services and solutions needed to ensure that data is protected, safe, and compliant cannot be overemphasized. He is also quick to point out that plusserver takes responsibility for the cloud-based operations of its growing customer base, which includes enterprises across industries and throughout […]
Cohesity aims an OpenAI-powered chatbot to secure your data sets
Generative AI is coming to both line-of-business data analysis as well as security, as Cohesity deepens its ties to Microsoft.
ChatGPT Creator OpenAI Ready to Pay Hackers for Security Flaws
ChatGPT creator OpenAI announced a new bug bounty program that will pay up to $20,000 for advance notice on security vulnerabilities found by hackers. The post ChatGPT Creator OpenAI Ready to Pay Hackers for Security Flaws appeared first on SecurityWeek.
Aruba AIOps for NaaS IT efficiency
By: Trent Fierro, Head of Content and Operations at Aruba, a Hewlett Packard Enterprise company. When doing something on your own, you’ll usually give yourself a little leeway, but bringing in help that is paid often creates an expectation gap. This happens because most customers expect that a service provider will meet or exceed what they’re […]
Virtual Event Tomorrow: Zero Trust Strategies Summit
Join this virtual event as we decipher the confusing world of zero trust and share war stories on securing organizations by eliminating implicit trust. The post Virtual Event Tomorrow: Zero Trust Strategies Summit appeared first on SecurityWeek.
Microsoft Patches Another Already-Exploited Windows Zero-Day
For the second month in a row, Microsoft patches for an already-exploited vulnerability in its flagship Windows operating system. The post Microsoft Patches Another Already-Exploited Windows Zero-Day appeared first on SecurityWeek.
Iranian APT group launches destructive attacks in hybrid Azure AD environments
Recent destructive attacks against organizations that masquerade as a ransomware operation called DarkBit are likely performed by an advanced persistent threat (APT) group that’s affiliated with the Iranian government. During some of these operations the attackers didn’t limit themselves to on-premises systems but jumped into victims’ Azure AD environments where they deleted assets including entire […]
Adobe Plugs Gaping Security Holes in Reader, Acrobat
Adobe documents 56 security defects in multiple products, some serious enough to expose Windows and macOS users to code execution attacks. The post Adobe Plugs Gaping Security Holes in Reader, Acrobat appeared first on SecurityWeek.
Capitalizing on the Cloud: Research Reveals Key Reason Companies Struggle
After years of compounded digital transformation, the downsides of the cloud are starting to reveal themselves. As cloud investments increase, benefits remain elusive without also investing in optimization efforts targeted at reducing cloud waste and lowering costs, that’s according to a new study published by CIO.com. Research reveals that while most companies are investing more […]
ZeroFox partners with Google Cloud to warn users against phishing domains
Cybersecurity provider ZeroFox has announced a partnered capability with Google Cloud to warn users of malicious URLs and fake websites in a bid to disrupt phishing campaigns. As part of the partnership, ZeroFox will automatically detect phishing domains for customers and submit verified, malicious URLs through Google Cloud’s Web Risk Submission API, disrupting attacks and […]
CrowdStrike expands Falcon platform with XDR for IoT assets
Cybersecurity vendor CrowdStrike has announced the release of new extended detection and response (XDR) capabilities within its Falcon platform to secure extended internet of things (XIoT) assets including IoT, Industrial IoT, OT, and medical devices. CrowdStrike Falcon Insight for IoT delivers tailored threat prevention, rapid patch management, and interoperability across XIoT assets to help customers […]
OSINT Company Fivecast Raises $20 Million
Australian OSINT software company Fivecast has raised $20 million in a Series A funding round led by Ten Eleven. The post OSINT Company Fivecast Raises $20 Million appeared first on SecurityWeek.
3 key mistakes leaders make today and how to overcome them
By Chet Kapoor, Chairman & CEO,DataStax Mistakes: we all make them. Whether it’s screwing up a demo in front of the entire leadership team or hiring the wrong person for a role, I can’t even count how many times I’ve made mistakes throughout my career. These moments are never easy, but they are always learning […]
ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities
Siemens and Schneider Electric’s Patch Tuesday advisories for April 2023 address a total of 38 vulnerabilities found in their products. The post ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities appeared first on SecurityWeek.
Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse
Microsoft Azure shared key authorization can be exploited to access business data and achieve remote code execution. The post Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse appeared first on SecurityWeek.
Why reporting an incident only makes the cybersecurity community stronger
Reporting an incident to the correct authorities or vulnerability clearinghouses can be an experience fraught with frustration. You pour time, energy, and resources into fighting an intrusion, all while keeping company officials and stakeholders up to date and preventing sensitive information from getting into the wild. Explaining what happened might seem just like another layer […]
GitGuardian’s honeytokens in codebase to fish out DevOps intrusion
Code security provider GitGuardian has added a new honeytoken module to its platform to help customers secure their software development life cycle and software supply chains with intrusion and code leakage detection assistance. Honeytokens are code scripts containing decoy credentials, which can be placed within a customer’s development environments to lure out attackers looking to […]
Battle could be brewing over new FCC data breach reporting rules
On January 6, the United States Federal Communications Commission (FCC) launched a notice of proposed rulemaking (NPRM) to update its data breach reporting rules for telecommunications carriers. “The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect […]
Apple Rolls Out Zero-Day Patches to Older iOS, macOS Devices
Three days after announcing patches for new zero-days affecting iOS and macOS, Apple released fixes for devices running older operating system versions. The post Apple Rolls Out Zero-Day Patches to Older iOS, macOS Devices appeared first on SecurityWeek.
Yum Brands Discloses Data Breach Following Ransomware Attack
KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack. The post Yum Brands Discloses Data Breach Following Ransomware Attack appeared first on SecurityWeek.
Potential Outcomes of the US National Cybersecurity Strategy
The national strategy outlined by the Federal Government on March 1, 2023, is a monumental attempt to weave a consistent approach to cybersecurity for the whole nation. The post Potential Outcomes of the US National Cybersecurity Strategy appeared first on SecurityWeek.
Multi-cloud is the future of enterprise
By Andy Nallappan, Chief Technology Officer & Head of Software Business Operations, Broadcom This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. Multi-cloud is the future of enterprise IT. The evidence is […]
Novanta’s Sarah Betadam on transforming the IT model status quo
Over the next five years, the healthcare industry is expected to go through dramatic changes as service providers expand value-based care models and equipment manufacturers strive to keep pace in a digital-first world. One factor driving global transformation is the push to bring healthcare services, as well as responsibilities and control, closer to consumers. By […]
3 ‘phase 0’ digital transformation errors no IT leader should make
Digital transformation has embedded IT at the center of business strategy, making all organizations technology enterprises today, irrespective of their industry. Business processes, culture, workflow, and systems are all necessarily impacted by digital transformation efforts, which by definition overhaul how business gets done, expediting efficiencies, modernizing the enterprise, and — when executed well — enhancing […]
Microsoft Exchange Server 2013 Reaches End of Support
Microsoft Exchange Server 2013 has reached end of support on April 11, 2023, and will no longer receive security patches. The post Microsoft Exchange Server 2013 Reaches End of Support appeared first on SecurityWeek.
Australian Finance Company Refuses Hackers’ Ransom Demand
Latitude Financial said it had recently received a ransom threat from the group behind the cyberattack, which it was ignoring in line with government advice. The post Australian Finance Company Refuses Hackers’ Ransom Demand appeared first on SecurityWeek.
Tesla Sued Over Workers’ Alleged Access to Car Video Imagery
A Tesla owner is seeking class action status for a lawsuit accusing the automaker of allowing its workers to use intimate or embarrassing imagery captured by the electric vehicles. The post Tesla Sued Over Workers’ Alleged Access to Car Video Imagery appeared first on SecurityWeek.
Toyota pushes IT automation into overdrive
Automation has long been the lifeblood of IT work. In pockets throughout the organization, the call to automate processes has always been a key driver of IT agendas, whether it be to overhaul targeted processes within the sales or marketing function, or within IT itself. But the rise of digital capabilities such as AI and […]
Crafting IT innovation strategies for real-world value
Jeff Dirks is fascinated by new technologies like generative AI. But when it comes to implementation, the chief information and technology officer of workforce augmentation firm TrueBlue chooses a path that trails early adopters. “We’re in the early majority,” is the CIO/CTO’s blunt self-assessment. Although many IT leaders would like to think of themselves — […]
Veritas Vulnerabilities Exploited in Ransomware Attacks Added to CISA ‘Must Patch’ List
CISO ordered federal agencies to patch Veritas Backup Exec vulnerabilities exploited in ransomware attacks. The post Veritas Vulnerabilities Exploited in Ransomware Attacks Added to CISA ‘Must Patch’ List appeared first on SecurityWeek.
Microsoft: Iranian Gov Hackers Caught in Azure Wiper Attacks
Microsoft catches an Iranian government-backed APT launching destructive Azure wiper attacks disguised as ransomware. The post Microsoft: Iranian Gov Hackers Caught in Azure Wiper Attacks appeared first on SecurityWeek.
MSI Confirms Cyberattack, Issues Firmware Download Guidance
Tech giant MSI confirms a cyberattack that resulted in system disruptions and possible exposure to firmware image manipulations. The post MSI Confirms Cyberattack, Issues Firmware Download Guidance appeared first on SecurityWeek.
Most Attack Paths Are Dead Ends, but 2% Lead to Critical Assets: Report
Security posture management firm XM Cyber took tens of thousands of attack path assessments involving more than 60 million exposures affecting 20 million entities during 2022. The post Most Attack Paths Are Dead Ends, but 2% Lead to Critical Assets: Report appeared first on SecurityWeek.
What is the true potential impact of artificial intelligence on cybersecurity?
Will artificial intelligence become clever enough to upend computer security? AI is already surprising the world of art by producing masterpieces in any style on demand. It’s capable of writing poetry while digging up arcane facts in a vast repository. If AIs can act like a bard while delivering the comprehensive power of the best […]
AI: A Hidden Key to Brand Trust and Loyalty
By Bryan Kirschner, Vice President, Strategy at DataStax Artificial intelligence is something developers are excited to work on. So much so that many enterprises give their AI systems names to better tout their innovations and aspirations to the world (Halo at Priceline or Michelangelo at Uber, for example). But, as the saying goes, when it […]
What business executives don’t understand about IT
When I graduated from college, I worked as an assembler language programmer for Sears. At that time, Sears was the world’s largest retailer and it was just beginning to use the new System 360 from IBM. IT was looked upon as a group of techies that performed some unexplainable job that was supposed to revolutionize […]
Bridging the developer skills gaps in enterprises
About 20 years ago, during the “dot-com” era, technology impacted a relatively small portion of the enterprise, and very few would consider themselves tech companies. Today, every company needs to think and act like a software company to compete in our digital world. As mainstream companies race to modernize their business and migrate to the […]
CISA warns of critical flaws in ICS and SCADA software from multiple vendors
The US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories this week covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors. Some of the flaws are rated critical and two of them already have public exploits. The impacted products include: Scadaflex II controllers made by […]
Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days
The newest iOS 16.4.1 and iPadOS 16.4.1 patches a pair of code execution flaws that have already been exploited in the wild. The post Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days appeared first on SecurityWeek.
Putting AI to Work: Generative AI Meets the Enterprise
Five days after its launch, ChatGPT exceeded 1 million users1. Generative AI (GenAI), the basis for tools like OpenAI ChatGPT, Google Bard and Meta LLaMa, is a new AI technology that has quickly moved front and center into the global limelight. GenAI’s hallmark is the ability to answer almost any question on demand, converting text-based queries […]
DoJ: Estonian Man Tried to Acquire US-Made Hacking Tools for Russia
Andrey Shevlyakov was charged in the US for helping the Russian government and military purchase US-made electronics and hacking tools. The post DoJ: Estonian Man Tried to Acquire US-Made Hacking Tools for Russia appeared first on SecurityWeek.
NTC Vulkan leak shows evolving Russian cyberwar capabilities
National habits and perspectives on waging war are not just apparent in terrestrial conflict. In cyberspace, national ways of cyberwar clearly exist. From the unusually aggressive style of Israeli responses to regional cyber threat activities to the consistent correlation between Communist Party interests and China-attributed cyber espionage, a host of examples show that diverse geopolitical […]
Secret US Documents on Ukraine War Plan Spill Onto Internet: Report
Secret documents that reportedly provide details of US and NATO plans to help prepare Ukraine for a spring offensive against Russia have spilled onto social media platforms. The post Secret US Documents on Ukraine War Plan Spill Onto Internet: Report appeared first on SecurityWeek.
Technical, Legal Action Taken to Prevent Abuse of Cobalt Strike, Microsoft Software
Microsoft, Fortra and Health-ISAC have taken legal and technical action to prevent the abuse of the Cobalt Strike exploitation tool and Microsoft software. The post Technical, Legal Action Taken to Prevent Abuse of Cobalt Strike, Microsoft Software appeared first on SecurityWeek.
Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance
Sophos patches critical unauthenticated code execution vulnerability in Sophos Web Appliance. The post Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance appeared first on SecurityWeek.
Tesla Retail Tool Vulnerability Led to Account Takeover
A vulnerability in Tesla’s Retail Tool application allowed a researcher to take over accounts of former employees. The post Tesla Retail Tool Vulnerability Led to Account Takeover appeared first on SecurityWeek.
CIOs step in to help upgrade Africa’s account management systems
As globalization evolves, accounting becomes more central to the development of a modern economy, with the need for greater trust in digital financial transactions. Some African entrepreneurs have begun to address this urgency by developing atypical accounting automation and new management systems where CIOs drive the ins and outs of the processes to keep up […]
OpenAI to Offer Remedies to Resolve Italy’s ChatGPT Ban
The company behind ChatGPT will propose measures to resolve data privacy concerns that sparked a temporary Italian ban on the artificial intelligence chatbot The post OpenAI to Offer Remedies to Resolve Italy’s ChatGPT Ban appeared first on SecurityWeek.
Seized Genesis malware market's infostealers infected 1.5 million computers
Infamous hacker marketplace Genesis, which was taken down this week by an international law enforcement operation involving 17 countries, was selling access to millions of victim computers gained via the DanaBot infostealer and likely other malware. Trellix, the cybersecurity firm that assisted in the takedown of the Genesis site, said that malware used by Genesis […]
How Foodstuffs North Island’s IT team weathered recent NZ storms to keep stores operational
New Zealand’s start to 2023 has been challenging, with Auckland hit by torrential flooding in January followed by Cyclone Gabrielle in February, which left a trail of destruction across Northland, Hawkes Bay, and the East Coast. For Foodstuffs North Island, the supermarket cooperative behind well-known brands like New World, Pak’nSave, and Four Square, several of […]
Default static key in ThingsBoard IoT platform can give attackers admin access
Developers of ThingsBoard, an open-source platform for managing IoT devices that’s used in various industry sectors, have fixed a vulnerability that could allow attackers to escalate their privileges on a server and send requests with administrative privileges. The vulnerability, tracked as CVE-2023-26462, was discovered and privately reported by researchers from IBM Security X-Force. It stems […]
Empowering the Edge: Five Best Practices to Unlock Manufacturing Potential
Across the manufacturing industry, innovation is happening at the edge. Edge computing allows manufacturers to process data closer to the source where it is being generated, rather than sending it offsite to a cloud or data center for analysis and response. For an industry defined by machinery and supply chains, this comes as no surprise. The […]
Google Wants Android Users to Have More Control Over Their Data
Developers of Android applications will be required by Google to allow users to delete their account and data from within the app and online. The post Google Wants Android Users to Have More Control Over Their Data appeared first on SecurityWeek.
Cisco Patches Code and Command Execution Vulnerabilities in Several Products
Cisco has released patches for high-severity vulnerabilities impacting Secure Network Analytics and Identity Services Engine (ISE) products. The post Cisco Patches Code and Command Execution Vulnerabilities in Several Products appeared first on SecurityWeek.
CREST publishes guide for enhancing cyber resilience in developing countries
International information security accreditation and certification body CREST has published a new guide to fostering financial sector cyber resilience in developing countries. The nonprofit’s Resilience in Developing Countries paper forms part of its work in encouraging greater cyber readiness and resilience in emerging nations to help protect key industries from cyberattacks. The guide outlines that, […]
Thieves Use CAN Injection Hack to Steal Cars
An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars. The post Thieves Use CAN Injection Hack to Steal Cars appeared first on SecurityWeek.
Financial Fraud-Focused Cybercrime Marketplace ‘Styx’ Emerges
Recently identified dark web portal Styx Marketplace focuses on financial fraud, identity theft, and money laundering. The post Financial Fraud-Focused Cybercrime Marketplace ‘Styx’ Emerges appeared first on SecurityWeek.
Industry leaders show the wisdom of going all-in on AI
Despite all the attention generative AI is getting right now, most organizations have done little with artificial intelligence. That is a big mistake, says Tom Davenport, senior advisor to Deloitte’s Analytics practice. Enterprises, especially industry leaders, need to be all-in on AI if they are to remain competitive. To truly benefit from AI investments, organizations […]
The 4-year debate: Do degree requirements still matter for IT?
Antonio Taylor landed his first IT job in 1999, having decided to leave his pre-law studies at college and get into tech instead. He earned a Novell certification, believing it was a quick, effective way to get into a well-paying field with growth potential. Plus, he liked technology, saying, “Computers were always easy to me.” […]
Cyber threat intelligence programs: Still crazy after all these years
When I asked CISOs about their cyber threat intelligence (CTI) programs about five years ago, I got two distinct responses. Large, well-resourced enterprises were investing their threat intelligence programs with the goal of better operationalizing it for tactical, operational, and strategic purposes. Smaller, resource-constrained and SMB organizations often recognized the value of threat intelligence, but […]
Success of Genesis Market Takedown Attempt Called Into Question
Law enforcement announced the takedown of Genesis Market, but the impact on the cybercrime marketplace’s infrastructure may be limited. The post Success of Genesis Market Takedown Attempt Called Into Question appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 41 Deals Announced in March 2023
Forty-one cybersecurity-related M&A deals were announced in March 2023. The post Cybersecurity M&A Roundup: 41 Deals Announced in March 2023 appeared first on SecurityWeek.
IHH Healthcare’s Francis Yeow on talent
Francis Yeow – Country Information Security Officer of Singapore at IHH Healthcare – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about talent, risk culture in organisations, and more. To read this article in full, please click here
To Improve Customer Experience, Improve the Digital Employee Experience
You heard about a nightmare scenario playing out for peers at other companies and hope it doesn’t affect yours. Trouble tickets are rolling in, and there’s a lack of qualified people to address security alerts and help desk issues right when customer demand, supply shortages, and potential threats are at their peak. Even with flexible […]
Improving employee experience in the hybrid workplace with Microsoft 365
Though three-quarters of U.S. employers now offer hybrid work, some banks and insurance companies have been slow to embrace this emerging work model. We spoke with Ashok Krish, Global Head of Digital Workplace at TCS, about how hybrid work will impact employers – and their employees – in the financial services industry. How will hybrid […]
Increase customer protection with edge security
Traditional IT security methods are increasingly flawed and the volume and sophistication of threats continue to increase. According to NETSCOUT, one DDoS attack occurs every three seconds, and the Cybersecurity and Infrastructure Security Agency recently added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, with new common vulnerabilities and exposures (CVEs) growing over 25% […]
Your digital transformation formula for success
Your digital transformations may have turned your network operations on its head. You’ve moved workloads out to the cloud, adopted SD-WAN technologies and most of your critical applications are now hosted in a SaaS environment. So how do you manage operations when your users aren’t even using your enterprise network anymore? Join Broadcom for our […]
Micro Logic’s Projet Cirrus – Bringing Sovereign Cloud to Canada
Stéphane Garneau, the president of Quebec-based Micro Logic, still sees the same forces driving private sector enterprises and public sector agencies to seek out sovereign cloud solutions now that he witnessed nearly a decade ago. “We first made the commitment to create and offer sovereign cloud solutions and services in 2014,” says Garneau. “At the […]
What you need to know to accelerate your cloud and data strategy
At Choice Hotels, cloud is a tool to help the hospitality giant achieve corporate goals. That can include making progress on immediate objectives, such as environmental sustainability, while keeping an eye on trendy topics such as the metaverse and ChatGPT. “We’re investing in technology, we’re investing in leveraging the cloud to do meaningful things while […]
Why Financial Institutions are Banking on AI
Today, AI-powered banks see advantages in applying the technology to a gamut of mission-critical needs—from customer service and fraud prevention to meeting environmental, social and governance standards. With AI to enhance every line of business and function, banks report significant return on investment (ROI) including the ability to increase productivity, reduce risk and keep customers […]
Obsidian launches new SaaS security and compliance tools
Cybersecurity firm Obsidian has launched its SaaS security posture management (SSPM) solution with new security and compliance tools to help organizations manage third-party SaaS integrations. The SaaS-based deployment will feature three primary modules including Obsidian Compliance Posture Management (CPM), Obsidian Integration Risk Management, and Obsidian Extend. “Obsidian not only provides posture hardening and third-party SaaS […]
Push Security Raises $15 Million in Series A Funding
Push Security has raised $15 million in a Series A funding round led by Google Ventures. The post Push Security Raises $15 Million in Series A Funding appeared first on SecurityWeek.
Tax Return Filing Service eFile.com Caught Serving Malware
Online tax return filing service eFile.com was injected with malicious JavaScript code serving malware to visitors. The post Tax Return Filing Service eFile.com Caught Serving Malware appeared first on SecurityWeek.
In a Time of Environmental Disruption, DSM ‘Does Something Meaningful’
“Doing Something Meaningful.” The term is instilled in employees at Dutch health, nutrition, and bioscience company Royal DSM N.V. (DSM), a Heerlen-based organization committed to improving global health by setting ambitious environmental, social, and governance (ESG) targets. It’s a lofty ambition in a volatile era in which global businesses are impacted by ongoing inflation and restrained […]
Cybercrime Website Genesis Market Seized by FBI
The FBI has seized Genesis Market, a major cybercrime website offering stolen device fingerprints. The post Cybercrime Website Genesis Market Seized by FBI appeared first on SecurityWeek.
Android’s April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities
Android’s April 2023 security updates were released this week with patches for two critical-severity vulnerabilities leading to remote code execution. The post Android’s April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities appeared first on SecurityWeek.
Chrome 112 Patches 16 Security Flaws
Chrome 112 was released to the stable channel this week with 16 security fixes, including 14 for vulnerabilities reported by external researchers. The post Chrome 112 Patches 16 Security Flaws appeared first on SecurityWeek.
KPMG Tackles AI Security With Cranium Spinout
Consulting giant KPMG spins out a startup building technology to secure AI (artificial intelligence) applications and deployments. The post KPMG Tackles AI Security With Cranium Spinout appeared first on SecurityWeek.
Let’s pump the brakes on the rush to incorporate AI into cybersecurity
It seems that everyone is rushing to embed artificial intelligence into their solutions, and security offerings are among the latest to obtain this shiny new thing. Like many, I see the potential for AI to help bring about positive change, but also its potential as a threat vector. To some, recent AI developments are a […]
Strategic risk analysis is key to ensure customer trust in product, customer-facing app security
CISOs are no longer only responsible for the cybersecurity of systems used internally. In many organizations they also focus on securing products and public-facing applications, and one way to do this well is through risk assessment. Assessing risk requires identifying baseline security criteria around key elements such as customer contracts and regulatory requirements, Neil Lappage, […]
Leveraging CIO experience into corporate board work
You’ve had a great CIO career filled with transformational triumphs and award-winning projects and teams. What’s next for your career before you retire? Board service, of course! With cybersecurity keeping CEOs up at night and digital transformation all the rage, the number of CIOs on corporate boards is increasing. For experienced IT leaders looking to […]
6 steps to measure the business value of IT
IT is no longer perceived as a cost factor or a pure support function at many organizations, according to management consultancy 4C Group’s Markus Matschi. And the digitization push during the pandemic accelerated this. But despite such advances, the question of the value contribution of IT isn’t always clearly answered. “Due to the increasing relevance and added value […]
5 methods to adopt responsible generative AI practice at work
Midjourney, ChatGPT, Bing AI Chat, and other AI tools that make generative AI accessible have unleashed a flood of ideas, experimentation and creativity. If you want to harness that in your organization, questions remain about where to start putting AI to work and how to do it without running into ethical dilemmas, copyright infringement, or […]
Nexx Ignores Vulnerabilities Allowing Hackers to Remotely Open Garage Doors
Nexx has ignored repeated attempts to report critical product vulnerabilities that can be exploited to remotely open garage doors, and take control of alarms and smart plugs. The post Nexx Ignores Vulnerabilities Allowing Hackers to Remotely Open Garage Doors appeared first on SecurityWeek.
How to Navigate Market Pressures with Cloud-based Network Management
By: Shruthi Kalale Prakashan, Sr. Manager, Product Marketing, Aruba Central. For many organizations large and small, the COVID-19 pandemic was the tipping point for cloud adoption. Unsurprisingly, more than half of enterprise IT spending in key market segments will shift to the cloud by 2025, according to Gartner. [1] As the cloud continues to play […]
Your Data Architecture Holds the Key to Unlocking AI’s Full Potential
In the words of J.R.R. Tolkien, “shortcuts make long delays.” I get it, we live in an age of instant gratification, with Doordash and Grubhub meals on-demand, fast-paced social media and same-day Amazon Prime deliveries. But I’ve learned that in some cases, shortcuts are just not possible. Such is the case with comprehensive AI implementations; […]
New Rorschach ransomware hits with unique features and very fast encryption
Researchers warn of a new strain of ransomware dubbed Rorschach that doesn’t appear to be related to previously known threats and uses several unique features in its implementation, including one of the fastest file encryption routines observed so far. “A behavioral analysis of the new ransomware suggests it is partly autonomous, spreading itself automatically when […]
Snyk bolsters developer security with fresh devsecop, cloud capabilities
Cybersecurity application provider Snyk has added fresh capabilities to its flagship developer security platform to improve programming productivity and help secure software supply chains. The series of enhancements to Snyk’s namesake platform includes security support for C/C++ applications, new capabilities for infrastructure as code (IaC), automated security for container supply chains, and new devsecops collaboration […]
UK fines TikTok $15.8 million for GDPR violation of children's privacy
The UK’s Information Commissioner’s Office announced today that it has levied a nearly $16 million fine against TikTok for “a number of breaches” of the country’s data protection law. Central to the ICO’s decision to fine TikTok are the estimated 1.4 million UK children under 13 years of age, who were allowed to sign up […]
Hackers steal crypto assets by defeating 2FA with rogue browser extension
Multiple attacker groups are using a malicious browser extension for Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera that’s aimed at stealing cryptocurrency assets from multiple websites and online wallets. The extension works by injecting rogue code into websites locally in the browser to defeat two-factor authentication and delete automated alerts from […]
UK data regulator issues warning over generative AI data protection concerns
The UK’s data regulator has issued a warning to tech companies about protecting personal information when developing and deploying large language, generative AI models. Less than a week after Italy’s data privacy regulator banned ChatGPT over alleged privacy violations, the Information Commission’s Office (ICO) published a blog post reminding organizations that data protection laws still […]
Strivacity Scores $20M for CIAM Expansion Plans
Strivacity, a Virginia startup working on technology to simplify and secure customer logins, has attracted $20 million in funding to fuel global expansion plans. The post Strivacity Scores $20M for CIAM Expansion Plans appeared first on SecurityWeek.
Unlocking value and success for partners
By Hock Tan, Broadcom President & CEO In the years that I have led Broadcom, I have found two things to be true for technology leaders: First, success with your customers starts with success with your ecosystem partners; and second, driving ecosystem growth is key to maintaining the growth of your own business. This is […]
TrustCloud releases TrustRegister to help gauge business impact of risks
Trust assurance platform TrustCloud has announced the release of the TrustRegister application to help software companies identify risks and understand risk-related revenue/business impact. TrustRegister is the newest addition to the TrustCloud platform and is built to automatically assign, notify, and prioritize tasks and remediation plans to help businesses elevate governance, risk management, and compliance (GRC) […]
Self-Propagating, Fast-Encrypting ‘Rorschach’ Ransomware Emerges
The sophisticated, self-propagating Rorschach ransomware is one of the fastest at encrypting victim’s files. The post Self-Propagating, Fast-Encrypting ‘Rorschach’ Ransomware Emerges appeared first on SecurityWeek.
CardinalOps Extends MITRE ATT&CK-based Detection Posture Management
Tel Aviv- and Boston-based CardinalOps has extended its detection posture management capability with MITRE ATT&CK Security Layers. The post CardinalOps Extends MITRE ATT&CK-based Detection Posture Management appeared first on SecurityWeek.
TikTok’s Trials and Tribulations Continue With UK Data Protection Fine
The UK’s data protection regulator fined TikTok £12.7 million for “failing to use children’s personal data lawfully” The post TikTok’s Trials and Tribulations Continue With UK Data Protection Fine appeared first on SecurityWeek.
Trustle Raises $6M Seed Funding for Access Management Tech
California startup Trustle banks a $6 million seed round to join the competitive cloud access management technology space. The post Trustle Raises $6M Seed Funding for Access Management Tech appeared first on SecurityWeek.
Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA ‘Must Patch’ List
CISA has added to its Known Exploited Vulnerabilities catalog a Zimbra vulnerability exploited in attacks targeting NATO countries The post Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA ‘Must Patch’ List appeared first on SecurityWeek.
Views of a hot cyberwar — the Ukrainian perspective on Russia’s online assault
In a recent report issued by the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) titled “Russia’s Cyber Tactics: Lessons Learned in 2022 — SSSCIP analytical report on the year of Russia’s full-scale cyberwar against Ukraine” readers obtained a 10,000-foot overview of what a hot cyberwar entails from the Ukrainian perspective. The […]
3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms
3CX supply chain attack appears to have been conducted by North Korean hackers with the goal of targeting cryptocurrency firms. The post 3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms appeared first on SecurityWeek.
Cybereason Raises $100 Million, Appoints New CEO
Cybereason appoints new CEO as it receives $100 million in venture funding from SoftBank Corp. The post Cybereason Raises $100 Million, Appoints New CEO appeared first on SecurityWeek.
NATO Seeks Contractors to Test Security of Web Assets
NATO is looking for penetration testing vendors to assess the security of its internet-facing web assets. The post NATO Seeks Contractors to Test Security of Web Assets appeared first on SecurityWeek.
3 ways CIOs should drive the future of work
“Who owns and oversees employee experience and the future of work at your organization” is a question I’ve been asking CIOs and IT leaders a lot of late. The ensuing conversation usually reveals a telling disconnect that CIOs should remedy for the health of their companies. Most IT leaders pause before responding to this question. […]
CIOs and CDOs: A vital partnership for data value
CIOs collaborate with C-suite colleagues on a regular basis. Given the high value of data and analytics to business, among the most important of these relationships is the one a CIO develops with their chief data officer (CDO). A CDO is responsible for enterprise-wide governance and use of information as an asset, through data analysis, processing, mining, […]
China to probe Micron over cybersecurity, in chip war’s latest battle
The Chinese government will investigate US-based Micron as a potential cyberthreat, in the latest move in an ongoing semiconductor trade dispute that is disrupting the chip supply chain.
Cloud ROI: Getting Innovation Economics Right with FinOps
Is the cloud a good investment? Does it deliver strong returns? How can we invest responsibly in the cloud? These are questions IT and finance leaders are wrestling with today because the cloud has left many companies in a balancing act—caught somewhere between the need for cloud innovation and the fiscal responsibility to ensure they […]
Cisco to Acquire Cloud Security Firm Lightspin for Reported $200 Million
Cisco is set to acquire Israel-based cloud security company Lightspin for a reported $200-250 million. The post Cisco to Acquire Cloud Security Firm Lightspin for Reported $200 Million appeared first on SecurityWeek.
12 ways IT leaders can build business buy-in
CEOs continue to see the need for more collaboration between IT and the business units, so much so that in a recent survey CEOs listed that as the No. 1 objective for the IT function. The State of the CIO Study 2023 from Foundry, an IDG company and publisher of CIO.com, found strengthening IT and […]
How to Cut Costs by 20+%: Lessons from Managing $34B in IT Spend
Evaluating and managing billions of dollars in IT spending across 400 tech providers in 200 countries provides valuable experience in verified ways to cut costs and accelerate IT financial management tasks. Want to tap into a wealth of cost-cutting knowledge gleaned from 60 IT cost management consultants who are engaged in hundreds of cost-reduction projects […]
3 Ways Companies Will Double Down on Agent Experience in 2023
The current state of the contact center agent is clear, but for those unaware or overlooking this opportunity for improvement: agent attrition rates currently hover around 40%, the cost of replacing just one agent is between $10k-$20k, and 97% of agents are sometimes or almost always burned out. Unengaged employees (undoubtedly including contact center agents) collectively cost $7.8 trillion in lost productivity, or about 11% of […]
Israeli cybersecurity firm launches managed services offering for MSPs
Israel-based managed cybersecurity provider Guardz has announced the general availability of its first cybersecurity offering for managed service providers (MSP) and IT professionals. “The launch of this dedicated MSP platform brings Guardz one step closer to our goal of democratizing enterprise-grade level cybersecurity technologies,” said Dor Eisner, co-founder and CEO of Guardz. “MSPs will be […]
Elementor Pro Plugin Vulnerability Exploited to Hack WordPress Websites
A severe vulnerability in the Elementor Pro WordPress plugin is being exploited to inject malware into vulnerable websites. The post Elementor Pro Plugin Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.
ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications
Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it. The post ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications appeared first on SecurityWeek.
Western Digital Shuts Down Services Due to Cybersecurity Breach
Western Digital shuts down several of its services after discovering a network security breach. The post Western Digital Shuts Down Services Due to Cybersecurity Breach appeared first on SecurityWeek.
US Defense Department Launches ‘Hack the Pentagon’ Website
New ‘Hack the Pentagon’ website helps DoD organizations launch bug bounty programs and recruit security researchers. The post US Defense Department Launches ‘Hack the Pentagon’ Website appeared first on SecurityWeek.
Microsoft OneNote Starts Blocking Dangerous File Extensions
Microsoft is boosting the security of OneNote users by blocking embedded files with extensions that are considered dangerous. The post Microsoft OneNote Starts Blocking Dangerous File Extensions appeared first on SecurityWeek.
The future of trust—no more playing catch up
By Eric Chien, Director of Security Response, Symantec Enterprise Division, Broadcom This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. It is difficult to overestimate the impact Covid had on the […]
MLSE looks to revolutionize sports experience with digital R&D lab
Digital solutions and data analytics are changing the world of sports entertainment at a rapid clip. From how players train, to how teams make strategic decisions during games, to how venues operate and fans engage, sports organizations are turning to software engineers and data scientists to help transform the sport experience. In Toronto, Maple Leaf […]
5 strategies to manage cybersecurity risks in mergers and acquisitions
Mergers and acquisitions (M&A) have the potential to introduce significant cybersecurity risks for organizations. M&A teams are generally limited in size and focused on financials and business operations, with IT and cybersecurity taking a back seat early in the process, according to Doug Saylors, partner and co-lead of cybersecurity with global technology research and advisory […]
Europe, North America Most Impacted by 3CX Supply Chain Hack
Europe, the United States and Australia seem to be the most impacted by the 3CX supply chain hack, according to data from two cybersecurity firms. The post Europe, North America Most Impacted by 3CX Supply Chain Hack appeared first on SecurityWeek.
4.8 Million Impacted by Data Breach at TMX Finance
Consumer loan provider TMX Finance is informing over 4.8 million individuals that their personal information was stolen in a data breach. The post 4.8 Million Impacted by Data Breach at TMX Finance appeared first on SecurityWeek.
Darktrace/Email upgrade enhances generative AI email attack defense
Darktrace has announced a new upgrade to its Darktrace/Email product with enhanced features that defend organizations from evolving cyberthreats including generative AI business email compromise (BEC) and novel social engineering attacks. Among the new capabilities are an AI-employee feedback loop; account takeover protection; insights from endpoint, network, and cloud; and behavioral detections of misdirected emails, […]
TikTok Attorney: China Can’t Get U.S. Data Under Plan
TikTok general counsel says company is trying to make it physically impossible for any government, including China, to access to U.S. user data. The post TikTok Attorney: China Can’t Get U.S. Data Under Plan appeared first on SecurityWeek.
Italy Temporarily Blocks ChatGPT Over Privacy Concerns
Italy is temporarily blocking the artificial intelligence software ChatGPT in the wake of a data breach as it investigates a possible violation of stringent European Union data protection rules. The post Italy Temporarily Blocks ChatGPT Over Privacy Concerns appeared first on SecurityWeek.