28Apr 2023

How Can Generative AI Boost Your Customer Experience?

Data velocity – how quickly data is generated and moved – is the key to achieving any number of business outcomes. But it’s especially important in customer experience, according to IDC’s Marci Maddox, Research Vice President Digital Experience Strategies, and Aly Pinder, Research Vice President Aftermarket Services Strategies. “We’re finding that the customer experience is […]

28Apr 2023

Cybercrime group FIN7 targets Veeam backup servers

Researchers warn that a financially motivated cybercrime group known as FIN7 is compromising Veeam Backup & Replication servers and deploying malware on them. It’s not yet clear how attackers are breaking into the servers, but a possibility is that they’re taking advantage of a vulnerability patched in the popular enterprise data replication solution last month. […]

28Apr 2023

OpenAI: ChatGPT Back in Italy After Meeting Watchdog Demands

OpenAI said ChatGPT is available again in Italy after the company met demands of regulators who temporarily blocked it over privacy concerns. The post OpenAI: ChatGPT Back in Italy After Meeting Watchdog Demands appeared first on SecurityWeek.

28Apr 2023

Why business resilience depends on software agility

Technology innovation is happening at breakneck speed, creating new opportunities and threats for companies of all sizes and industries. At the same time, ever-evolving macroeconomic conditions are pressuring leaders to drive business outcomes against tighter margins. While today’s business climate certainly feels like a test for the survival of the fittest, your goal should not […]

28Apr 2023

AWS shifts focus to LLMs, generative AI as growth continues to taper

Amazon’s cloud computing division, AWS, is shifting its focus towards large language models (LLMs) and generative AI-based offerings as it continues to see a downward spiral in overall revenue growth. Amazon Web Services (AWS) has posted 16% year-on-year growth for the first quarter of fiscal year 2023 on the back of revenue of $21.4 billion. […]

28Apr 2023

The Inside Startup: Meet Cisco’s Emerging Technologies and Incubation Group

“Startup” means risk. It prescribes small teams of individuals committed to an idea to make the world a better place…or to make themselves a little richer. Why not both? Regardless, new business ventures work under pressure to research, refine, and deliver an idea to the market. The alternative is shuttering for good. But despite the […]

28Apr 2023

Due diligence is Ever More Critical as the Battle for Cloud Sovereignty Intensifies

The IT industry has recently seen some interesting activity from global hyperscale cloud providers surrounding their cloud sovereignty ambitions, and their scrutiny by the regulators covering some basics compliance requirements, like the European Union’s (EU) General Data Protection Regulation (GDPR). Firstly, AWS made a public pledge called the “AWS Digital Sovereignty Pledge”, consisting of a commitment to […]

28Apr 2023

What is the right connectivity choice for your enterprise edge? A Q&A discussion

From quality control to revenue growth and workplace safety, digital transformation strengthens almost every aspect of the business. Those who fail to keep up with the pace of digital technology run serious risks of falling behind.  To fully leverage digital transformation, businesses today are turning to edge computing. Edge computing allows you to process data at the […]

28Apr 2023

5 ways threat actors can use ChatGPT to enhance attacks

The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, […]

28Apr 2023

Cisco Working on Patch for Vulnerability Reported by NATO Pentester

Cisco is working on a patch for an XSS vulnerability found in Prime Collaboration Deployment by a pentester from NATO’s Cyber Security Centre (NCSC). The post Cisco Working on Patch for Vulnerability Reported by NATO Pentester appeared first on SecurityWeek.

28Apr 2023

Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures. The post Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services appeared first on SecurityWeek.

28Apr 2023

Google Blocked 1.4 Million Bad Apps From Google Play in 2022

Google says it prevented 1.4 million bad applications from being published on Google Play in 2022 and banned 173k developer accounts. The post Google Blocked 1.4 Million Bad Apps From Google Play in 2022 appeared first on SecurityWeek.

28Apr 2023

FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking

FDA and CISA notify healthcare providers about a component used by several Illumina medical devices being affected by serious vulnerabilities that can allow remote hacking. The post FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking appeared first on SecurityWeek.

28Apr 2023

RTM Locker Ransomware Variant Targeting ESXi Servers

A newly identified variant of the RTM Locker ransomware is targeting Linux, NAS, and ESXi hosts. The post RTM Locker Ransomware Variant Targeting ESXi Servers appeared first on SecurityWeek.

28Apr 2023

Automation for all—managing and scaling networks has never been easier

At this time of dynamic business and market changes, uncertainty, and quickly evolving consumption models for IT infrastructure, every IT executive understands the benefits and necessity of network agility. Agile networks can respond quickly to changes in the market, customer demands, employee requirements, and technology advances. Yet most businesses haven’t tapped into two major capabilities […]

28Apr 2023

Choosing the Right Cloud for Data Sovereignty

As recently spotlighted at VMware Explore US, Sovereign Cloud continues to gain momentum.​ Sovereign Cloud business estimated the total addressable market (TAM) will be $60bn by 2025, in no small part due to the rapid increase of data privacy laws (currently 145 countries have data privacy laws) and the complexity of compliance in highly regulated industries.​ […]

28Apr 2023

How Data Privacy and Sovereignty Impact Business

More countries are adopting laws designed to protect the privacy of citizens and local entities by defining how data can be securely collected, stored, and used. Many organisations are re-evaluating how to comply with the changing geo-political landscape and privacy/security regulations, which requires defining some relevant concepts: Digital sovereignty – the ability to have full control […]

28Apr 2023

Skandia’s CIO drops ‘lift and shift’ to spur consolidation

Skandia consists of several different companies, of which insurance and banking are the two largest. The insurance business has old roots: the pension company was started as early as 1855, while the bank only started in 1994, yet it was first as a purely telephone bank. In light of this, the technical basis on which each […]

28Apr 2023

Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud

Staying in control and securing your data has never been more important. As data privacy regulations continue to evolve, businesses have had to adapt how and where they store data. The EU’s General Data Protection Regulation (GDPR) has been the most newsworthy, requiring all businesses that operate in or have customers in the EU to […]

28Apr 2023

BNY Mellon banks on AI to improve master data

Data about who owes how much to whom is at the core of any bank’s business. At Bank of New York Mellon, that focus on data shows up in the org chart too. Chief Data Officer Eric Hirschhorn reports directly to the bank’s CIO and head of engineering, Bridget Engle, who also oversees CIOs for each […]

28Apr 2023

Will the Real Data Sovereign Cloud please stand up?

Simply put, and despite claims customers may hear and/or see in this infant market, the reality is that there is no one-size-fits-all definition to “data sovereignty”, and the true source of the definition to “data sovereignty” as applicable to any workload being contemplated is the legal, policy or guidelines applicable to that data that are […]

28Apr 2023

Implementing Digital Sovereignty in the Journey to Cloud

Continuing with current cloud adoption plans is a risky strategy because the challenges of managing and securing sensitive data are growing. Businesses cannot afford to maintain this status quo amid rising sovereignty concerns. Some 90% of organisations in Europe and 88% in the Middle East, Turkey, and Africa (META) now use cloud technology, which is […]

28Apr 2023

RSA Conference 2023 – ICS/OT Cybersecurity Roundup

SecurityWeek is providing a summary of ICS/OT cybersecurity announcements made at RSA Conference 2023, including talks, products, and new initiatives. The post RSA Conference 2023 – ICS/OT Cybersecurity Roundup appeared first on SecurityWeek.

28Apr 2023

Critical Vulnerability in Zyxel Firewalls Leads to Command Execution

A critical-severity vulnerability in Zyxel’s ATP, USG FLEX, VPN, and ZyWALL/USG firewalls can be exploited remotely for OS command execution. The post Critical Vulnerability in Zyxel Firewalls Leads to Command Execution appeared first on SecurityWeek.

27Apr 2023

Congratulations to the 10th anniversary SAP Innovation Awards 2023 winners!

In April 1972, entrepreneurs Dietmar Hopp, Hasso Plattner, Claus Wellenreuther, Klaus Tschira, and Hans-Werner Hector started an amazing innovation journey, which culminated in SAP’s 50th anniversary celebration in 2022. Together with our customers and partners, we are happy to celebrate the 10th Anniversary of the SAP Innovation Awards. This award program extends the co-founders’ vision […]

27Apr 2023

Modernizing applications: the importance of reducing technical debt

Technical debt is no longer just a “technical” problem. As recent, widely publicized events have shown, it is a business problem that can have serious consequences for organizations. The government and Congress are taking notice of unfair consumer experiences, and it is crucial for businesses to address their technical debt and minimize the risk of […]

27Apr 2023

Chinese Cyberspies Delivered Malware via Legitimate Software Updates

Chinese APT Evasive Panda has been observed targeting local members of an international NGO with the MgBot backdoor, delivered via legitimate software updates. The post Chinese Cyberspies Delivered Malware via Legitimate Software Updates appeared first on SecurityWeek.

27Apr 2023

Aadya Raises $5 Million for SMB-Focused Security Platform

Cybersecurity firm Aadya has raised $5 million in Series A funding for its all-in-one platform tailored for small and mid-sized businesses. The post Aadya Raises $5 Million for SMB-Focused Security Platform appeared first on SecurityWeek.

27Apr 2023

Innovation Sandbox: Cybersecurity Investors Pivot to Safeguarding AI Training Models

SecurityWeek editor-at-large Ryan Naraine expects to see an explosion of well capitalized startups promising to protect AI machine learning models behind enterprise products. The post Innovation Sandbox: Cybersecurity Investors Pivot to Safeguarding AI Training Models appeared first on SecurityWeek.

27Apr 2023

New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month

A new piece of malware named Atomic macOS Stealer (AMOS), offered for $1,000 per month, offers a wide range of data theft capabilities. The post New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month appeared first on SecurityWeek.

27Apr 2023

How enterprises can navigate ethics and responsibility of generative AI

In a few short months, generative AI has become a very hot topic. Looking beyond the hype, generative AI is a groundbreaking technology, enabling novel capabilities as it moves rapidly into the enterprise world.  According to a CRM survey, 67% of IT leaders are prioritizing generative AI for their business within the next year and a half—despite looming […]

27Apr 2023

Chinese hackers launch Linux variant of PingPull malware

Chinese state-sponsored threat actor Alloy Taurus has introduced a new variant of PingPull malware, designed to target Linux systems, Palo Alto Networks said in its research. Along with the new variant, another backdoor called Sword2033 was also identified by the researchers. Alloy Taurus, a Chinese APT, has been active since 2012. The group conducts cyberespionage […]

27Apr 2023

5 most dangerous new attack techniques

Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on […]

27Apr 2023

Big Tech Crackdown Looms as EU, UK Ready New Rules

TikTok, Twitter, Facebook, Google, and Amazon are facing rising pressure from European authorities as London and Brussels advanced new rules Tuesday to curb the power of digital companies. The post Big Tech Crackdown Looms as EU, UK Ready New Rules appeared first on SecurityWeek.

27Apr 2023

Google Obtains Court Order to Disrupt CryptBot Distribution

Court grants Google a temporary restraining order to disrupt CryptBot information stealer’s distribution. The post Google Obtains Court Order to Disrupt CryptBot Distribution appeared first on SecurityWeek.

27Apr 2023

Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13

Microsoft says Cl0p ransomware operator has been exploiting a recently patched PaperCut vulnerability since April 13. The post Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13 appeared first on SecurityWeek.

27Apr 2023

10 highest-paying IT jobs

The past year was rough for the tech industry, with several companies reporting layoffs and the looming threat of a recession. But despite the bumpy year, demand for technology skills remains strong, with the US tech unemployment rate dropping to 1.5% as of January. For technologists with the right skills and expertise, the demand for […]

27Apr 2023

Why Russia's cyber arms transfers are poor threat predictors

The history of international cyber conflict is remarkably long and storied. The timeline of major cyber threat events stretches back nearly four decades, but it is really only the last decade that has seen the widespread proliferation of national cyber forces. As of 2007, only 10 countries had operational cyber commands, three of which were […]

27Apr 2023

RSA Conference 2023 – Announcements Summary (Day 3)

Summary of announcements made at the 2023 RSA Conference, on day 3 of the cybersecurity event. The post RSA Conference 2023 – Announcements Summary (Day 3) appeared first on SecurityWeek.

27Apr 2023

Panera CIO John Meister on mastering customer experience

John Meister is the senior vice president and CIO of Panera Bread, a chain of bakery-cafe fast casual restaurants with more than 2,000 locations across the United States and Canada. Over the past decade at Panera, Meister has been instrumental in driving Panera’s customer digital experience initiatives and building an innovative IT culture that continues to stay ahead […]

27Apr 2023

CIOs in an ideal position to advance ESG goals for their organisation

Environmental, Social and Governance, or ESG, is dominating board agendas at almost every public and private sector organisation. Underpinning the actions that come from ESG are significant concerns about the environment. Organisations are looking for ways to reduce greenhouse emissions, energy use and expenditure, drive towards ambitious sustainability goals, and make a positive social impact. […]

27Apr 2023

Building the next generation of CIOs in New Zealand

Industry body IT Professionals New Zealand has the election year in its sights as it aims to grow the capability of people in tech at all levels—from those entering the industry to new CIOs. Formerly known as the New Zealand Computer Society, ITP has been operating for 65 years, and is focused on skills, talent […]

26Apr 2023

Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers

A cyberespionage group believed to be associated with the Iranian government has been infecting Microsoft Exchange Servers with a new malware implant dubbed BellaCiao that acts as a dropper for additional payloads. The malware uses DNS queries to receive commands from attackers encoded into IP addresses. According to researchers from Bitdefender, the attackers appear to […]

26Apr 2023

Iranian hacking group targets Israel with improved phishing attacks

Iranian state-sponsored threat actor, Educated Manticore, has been observed deploying an updated version of Windows backdoor PowerLess to target Israel for phishing attacks, according to a new report by Check Point. Researchers have also linked Educated Maticore hackers to APT Phosphorus, which operates in the Middle East and North America. To read this article in full, please […]

26Apr 2023

Akamai's new cloud firewall capabilities aim to protect network edge

Content delivery network (CDN) and cloud security services provider Akamai Technologies has added a network cloud firewall capability to its cloud-based DDoS platform, Akamai Prolexic. The new feature is designed to allow Akamai’s customers to define and manage their own firewall rules and access control lists (ACLs) —lists of permissions for resources in a computer […]

26Apr 2023

FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability

Russian cybercrime group FIN7 has been observed exploiting a Veeam Backup & Replication vulnerability patched in March 2023. The post FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability appeared first on SecurityWeek.

26Apr 2023

Cybersecurity Futurism for Beginners

How will Artificial Intelligence develop in the near term, and how will this impact us as security planners and practitioners? The post Cybersecurity Futurism for Beginners appeared first on SecurityWeek.

26Apr 2023

Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators

By now, most of the industry has realized we’re seeing a shift from the legacy perimeter-based security model to an identity-centric approach to cybersecurity. If defenders haven’t realized this, malicious actors certainly have, with 80% of web application attacks utilizing stolen credentials and 40% of breaches that don’t involve insider threats and user error involving […]

26Apr 2023

RSA Conference 2023 – Announcements Summary (Day 2)

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco. The post RSA Conference 2023 – Announcements Summary (Day 2) appeared first on SecurityWeek.

26Apr 2023

SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200

A high-severity vulnerability in the Service Location Protocol can be exploited to launch massive DoS amplification attacks. The post SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200 appeared first on SecurityWeek.

26Apr 2023

Google Cloud posts first-ever operating profit despite slowing growth

Google Cloud, the cloud computing arm of Alphabet, has turned profitable at an operating level for the first time ever, despite fears of macroeconomic uncertainty.   Google Cloud posted an operating income of $191 million for the quarter ended March, compared with an operating loss of $706 million for the corresponding period last year. The […]

26Apr 2023

ChatGPT, the rise of generative AI

Over the last few months, both business and technology worlds alike have been abuzz about ChatGPT, and more than a few leaders are wondering what this AI advancement means for their organizations. Let’s explore ChatGPT, generative AI in general, how leaders might expect the generative AI story to change over the coming months, and how […]

26Apr 2023

Z Energy’s CDO: ‘First trust, then transform’

The energy sector is in a consistent state of transformation—both digital and otherwise—but the word “transformation” can be thrown around loosely, as if it just happens with an organization. In reality, it’s hard work, and hard to do. Change is challenging, and maintaining high-performance and diverse teams is fundamental to deliver success. “A main thing […]

26Apr 2023

GlobalFoundries overhauls its process owner model to drive transformation

When Brad Clay became chief digital officer of GlobalFoundries in early 2021, he knew his role would be less about technology implementation and more about process change. In 2018, the $8 billion global semiconductor manufacturer announced a pivot in its business strategy: The company would no longer develop and produce 7-nanometer and smaller chip technologies; […]

26Apr 2023

SAP aims for more digital and resilient supply chains

“Supply chains are under stress,” said Thomas Saueressig, member of the SAP executive board and head of its Product Engineering division, at the recent Hanover Fair. The past few years have shown how prone to failure global logistics chains are, and he added this also has far-reaching consequences for the German manufacturing industry. Digital supply chains, therefore, are […]

26Apr 2023

7 common IT training mistakes to avoid

It’s widely recognized that introducing IT teams to the latest technology, business, and security advancements is essential for maximum performance and productivity. What’s not often discussed, however, are the mistakes IT leaders make when establishing and supervising training programs, particularly when training is viewed as little more than an obligatory task. “Treating training as a […]

26Apr 2023

VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest

VMware this week released patches for a critical vulnerability disclosed at the Pwn2Own Vancouver 2023 hacking contest. The post VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest appeared first on SecurityWeek.

26Apr 2023

Organizations Warned of Security Risk in Default Apache Superset Configurations

Attackers can exploit Apache Superset installations with default configurations to gain administrator access and execute code on servers and databases. The post Organizations Warned of Security Risk in Default Apache Superset Configurations appeared first on SecurityWeek.

26Apr 2023

US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt

Iranian hackers broke into to a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials. The post US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt appeared first on SecurityWeek.

25Apr 2023

New DDoS amplification vector could enable massive attacks

Security researchers sounded the alert about a vulnerability in an UDP-based network service called the Service Location Protocol (SLP) that can be abused to amplify DDoS attacks. Tens of thousands of systems and devices have this service exposed to the internet. Attackers could use them to generate massive attacks, and cleaning them up will likely […]

25Apr 2023

Amazon, Facebook, Twitter on EU list of companies facing DSA content rules

The EU Commission has announced the online companies and search engines, including Bing and Google, that will have to comply with new transparency and accountability regulations by August.

25Apr 2023

Hybrid Workplaces: Fad or Future?

As the new year gets underway, organizations are looking beyond the challenges, volatility and reactive mode of the past few years and strategically planning their future to compete and thrive. Two topics that are top of mind are where work gets done and the related impact on office real estate investments and the role of […]

25Apr 2023

7 venial sins of IT management

As a CIO you can get advice about how to be more effective from any number of sources, from what you get here in CIO Survival Guide (best practice), to other sources here at CIO.com, to, if you’re desperate, various punditries like Gartner, Forrester, and McKinsey. Most of what you read lists what should be […]

25Apr 2023

Salesforce previews EinsteinGPT-powered Field Service Mobile app

Salesforce previewed new capabilities for its Field Service application suite on Tuesday, giving an early look at a new mobile application powered by the company’s EinsteinGPT generative AI engine. Salesforce Field Service, which is a part of the company’s Service Cloud, offers applications designed to boost productivity of companies’ frontline workers, lower operating costs, and […]

25Apr 2023

Accenture, IBM, Mandiant join Elite Cyber Defenders Program to secure critical infrastructure

Leading cybersecurity response firms Accenture, IBM, and Mandiant have joined the Elite Cyber Defenders Program – a new, collaborative initiative designed to help secure critical infrastructure. Led by Nozomi Networks, the program aims to provide global industrial and government customers access to strong cybersecurity defense tools, incident response teams, and threat intelligence. The Elite Cyber […]

25Apr 2023

Token Gets $30M Funding for Biometrics MFA Smart Ring

Token has raised a total of $53 million to work on a biometrics-powered wearable device featuring multi-factor authentication technologies. The post Token Gets $30M Funding for Biometrics MFA Smart Ring appeared first on SecurityWeek.

25Apr 2023

NetRise Adds $8 Million in Funding to Grow XIoT Security Platform

XIoT security firm NetRise announced $8 million in additional funding, bringing the total raised by the company to $14 million. The post NetRise Adds $8 Million in Funding to Grow XIoT Security Platform appeared first on SecurityWeek.

25Apr 2023

Bots and beyond: How the AI revolution is shifting the paradigm for customer experience in smart banking

Today’s consumers are accustomed to smooth, frictionless online shopping – and they increasingly expect the same kind of digital experiences from their banks. Insider Intelligence found that 89% of U.S. consumers use mobile banking channels, and 70% said mobile banking is now their primary way of accessing their accounts.   “Most people do not want to […]

25Apr 2023

Rethinking the IT talent pipeline

Amanda Merola had zero technical background when she came to The Hartford in 2015, despite a natural interest in computers and a proclivity for problem-solving. After stints as a call center representative and claims adjuster, Merola got wind of the HartCode Academy, an internal program designed to help nontechnical employees make the leap into software […]

25Apr 2023

Abnormal Security expands threat protection to Slack, Teams and Zoom

Cloud-based email security provider Abnormal Security has announced three new capabilities focusing on threat detection for Slack, Microsoft Teams, and Zoom. The company — focused on protecting enterprises from targeted email attacks, such as phishing, social engineering, and business email compromise — is also adding data ingestion from new sources to better its AI model, which […]

25Apr 2023

Secure Access Startup Sonet.io Emerges From Stealth With $6 Million in Funding

Cybersecurity startup Sonet.io emerges from stealth mode with $6 million in seed funding and a secure access solution for remote workers. The post Secure Access Startup Sonet.io Emerges From Stealth With $6 Million in Funding appeared first on SecurityWeek.

25Apr 2023

Apiiro Launches Application Attack Surface Exploration Tool

Apiiro’s Risk Graph Explorer helps security teams to understand their application attack surface. The post Apiiro Launches Application Attack Surface Exploration Tool appeared first on SecurityWeek.

25Apr 2023

Millions of Exposed Artifacts Found in Misconfigured Cloud Software Registries

Aqua Security found over 250 million artifacts and more than 65,000 container images in misconfigured registries. The post Millions of Exposed Artifacts Found in Misconfigured Cloud Software Registries appeared first on SecurityWeek.

25Apr 2023

Thousands of misconfigured container and artifact registries expose sensitive credentials

Researchers have found thousands of publicly exposed and misconfigured container registries and artifact repositories belonging to businesses that could give attackers access to access tokens, encryption keys, and other sensitive information about internal systems. This information can allow attackers to plan and execute attacks against production and development systems, and in some cases even inject […]

25Apr 2023

Circle Security debuts platform “purpose-built” to tackle credential-driven threats, cloud attacks

Cybersecurity company Circle Security has emerged from stealth with the release of a new platform “purpose-built” to protect against credential-driven threats and cloud attacks. Powered by a decentralized architecture, Circle is available as a device-native service, a mobile app, a browser-based solution, and via a developer-focused API, according to the firm. Circle Security boasts an […]

25Apr 2023

New AWS GuardDuty capabilities secure container, database, serverless workloads

Amazon Web Services (AWS) has added three new capabilities to its threat detection service Amazon GuardDuty. The new features expand GuardDuty protection to container runtime behavior, as well as database and serverless environments, strengthening customer security through enhanced coverage, AWS said. GuardDuty is part of a broad set of AWS security services that help customers […]

25Apr 2023

RSA Conference 2023 – Announcements Summary (Day 1)

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco. The post RSA Conference 2023 – Announcements Summary (Day 1) appeared first on SecurityWeek.

25Apr 2023

Kaspersky Analyzes Links Between Russian State-Sponsored APTs

Kaspersky believes that Russia-linked threat actors Tomiris and Turla are cooperating at least at a minimum level. The post Kaspersky Analyzes Links Between Russian State-Sponsored APTs appeared first on SecurityWeek.

25Apr 2023

Google Audit Finds Vulnerabilities in Intel TDX

Over a nine-month audit, Google researchers identified ten security defects in Intel TDX, including nine vulnerabilities addressed with TDX code changes. The post Google Audit Finds Vulnerabilities in Intel TDX appeared first on SecurityWeek.

25Apr 2023

Insider Q&A: OpenAI CTO Mira Murati on Shepherding ChatGPT

OpenAI CTO Mira Murati discusses AI safeguards and the company’s vision for the futuristic concept of artificial general intelligence, known as AGI. The post Insider Q&A: OpenAI CTO Mira Murati on Shepherding ChatGPT appeared first on SecurityWeek.

25Apr 2023

What Oracle’s cloud expansion means for businesses in the Middle East

To meet the rapidly growing demand for its cloud services, Oracle has announced plans to open a third public cloud region in Saudi Arabia. Located in Riyadh, the new cloud region will be part of a planned $1.5 billion USD investment from Oracle to expand cloud infrastructure capabilities in the Kingdom.  The new region in […]

25Apr 2023

AI’s one true X factor: Leadership

If there are any eternal truths about emerging technologies, it’s that there are always naysayers. Some who deride the value of the latest ingenuity prove prescient. Others, not so much. Ken Olson, president, chairman, and founder of Digital Equipment Corp., famously once advised, “There is no reason for any individual to have a computer in […]

25Apr 2023

Siemens focuses on zero trust, legacy hardware, supply chain challenges to ensure cybersecurity of internal systems

Siemens has been working to be on top of vulnerabilities found in its products, but more importantly, to ensure the security of its internal operations. The manufacturing giant that works across several different lines of business, including industrial, smart infrastructure, health care, financial services, is protecting its systems by focusing on three main areas: zero […]

25Apr 2023

AI-powered chatbots: the threats to national security are only beginning

The United Kingdom’s National Cyber Security Center (NCSC) recently issued a warning to its constituents on the threat posed by artificial intelligence (AI) to the national security of the UK. This was followed shortly by a similar warning from NSA cybersecurity director Rob Joyce. It is clear there is great concern from many nations surrounding […]

25Apr 2023

2023 CIO 100 UK Awards Open for Entries and Launch New Recognition Awards

The CIO 100 returns for 2023 to showcase and celebrate the top 100 CIOs and their teams across the UK. The Official CIO 100 Awards UK acknowledges the best and brightest CIOs and technology leaders in the UK, celebrating their digital transformation achievements, and reflecting on themes and ideas which emerged from submissions. The awards […]

24Apr 2023

Generative AI: A paradigm shift in enterprise and startup opportunities

Vlad Sejnoha, Partner at Glasswing Ventures, former CTO & SVP R&D at Nuance, and Kleida Martiro, Principal at Glasswing Ventures are contributing authors. Generative AI (Artificial Intelligence) and its underlying foundation models represent a paradigm shift in innovation, significantly impacting enterprises exploring AI applications. For the first time, because of generative AI models, we have […]

24Apr 2023

Investors Place Early $4 Million Bet on Stack Identity 

Silicon Valley startup emerges from stealth with $4 million in seed-stage funding and ambitious plans to disrupt the IAM governance market. The post Investors Place Early $4 Million Bet on Stack Identity  appeared first on SecurityWeek.

24Apr 2023

Paladin Cloud launches new tool for attack surface discovery and management

Open source, cloud security firm Paladin Cloud has launched a new SaaS-based platform for enterprise cloud attack surface discovery and vulnerability management. Built on Paladin Cloud’s open source core, the platform has a set of security policies implemented in code to serve as an extended policy management tool that integrates into various enterprise systems, providing […]

24Apr 2023

OT giants collaborate on ETHOS early threat and attack warning system

One of the greatest fears among government officials and security experts is a crippling cyberattack on industrial organizations that run essential services, including electricity, water, oil and gas production, and manufacturing systems. The proprietary and complex nature of the operational technology (OT) tools used in these systems, not to mention their rapid convergence with IT […]

24Apr 2023

Flashpoint releases Ignite platform with threat intelligence reports, rule-based alerts

Threat intelligence firm Flashpoint has announced the release of Ignite, a new intelligence platform built to accelerate cross-functional risk mitigation and prevention across vulnerability management and security teams, including those in law enforcement, state and local government, and federal civilian agencies. Designed for practitioners, Ignite delivers real-time pictures of pertinent risks while reducing silos that […]

24Apr 2023

Cloud chaos: The challenges of managing data and applications across mixed environments

Six out of ten organizations today are using a mix of infrastructures, including private cloud, public cloud, multi-cloud, on-premises, and hosted data centers, according to the 5th Annual Nutanix Enterprise Cloud Index. Managing applications and data, especially when they’re moving across these environments, is extremely challenging. Only 40% of IT decision-makers said that they have […]

24Apr 2023

Adrian Stone Joins Moderna as CISO

Former Peloton CISO Adrian Stone has been tapped to steer the security ship at pharmaceutical and biotechnology giant Moderna. The post Adrian Stone Joins Moderna as CISO appeared first on SecurityWeek.

24Apr 2023

Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw

Researchers warn that majority of Windows and macOS PaperCut installations still vulnerable to critical vulnerability already exploited in malware attacks. The post Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw appeared first on SecurityWeek.

24Apr 2023

IBM offers integrated security management with QRadar release

IBM at the RSA conference today announced the availability of its new QRadar Security Suite, which is designed to help simplify the challenges faced by security teams tasked with managing an ever-growing list of different security tools. QRadar is a largely AWS-based SaaS system that features four core products that can be managed from the […]

24Apr 2023

Akamai debuts Brand Protector service to combat phishing, online forgery

Akamai is rolling out a new service designed to provide automated detection, investigation and even takedown services for businesses looking to protect their online reputations from digital criminals and phishing campaigns. The basic concept of the new service, launched at RSA Conference in San Francisco today, is simple — Akamai, via its large array of […]

24Apr 2023

Hackers behind 3CX breach also breached US critical infrastructure

The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec.  Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, […]

24Apr 2023

AT&T Cybersecurity Insights Report

This year’s Annual AT&T Cybersecurity Insights Report focuses on the edge ecosystem, with the core report focusing on connecting and securing the entire edge computing ecosystem. This includes transport infrastructure, endpoints, operating systems, application workloads, and production monitoring/management/mitigation/runtime. The 2023 AT&T Cybersecurity Insights Report presents a perspective that recognizes the essential characteristics and key differences […]

24Apr 2023

The Relationship Between Security Maturity and Business Enablement

AT&T Cybersecurity and Enterprise Strategy Group (ESG) completed a benchmark survey to better understand what a mature cybersecurity program looks like and how that maturity influences security and business outcomes. Results from the 500 security professionals surveyed on their processes, policies, and controls were mapped into the NIST Cybersecurity Framework’s (CSF) five foundational cybersecurity functions: […]

24Apr 2023

New Data Sharing Platform Serves as Early Warning System for OT Security Threats

Several OT cybersecurity firms have teamed up to create an information sharing platform designed to serve as an early warning system for critical infrastructure. The post New Data Sharing Platform Serves as Early Warning System for OT Security Threats appeared first on SecurityWeek.

24Apr 2023

Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor

Threat actors have been observed abusing Kubernetes RBAC to create backdoors and hijack cluster resources for cryptocurrency mining. The post Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor appeared first on SecurityWeek.

24Apr 2023

North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware

North Korea-linked hacking group BlueNoroff/Lazarus was seen using the RustBucket macOS malware in recent attacks. The post North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware appeared first on SecurityWeek.

24Apr 2023

Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks

Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations. The post Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks appeared first on SecurityWeek.

24Apr 2023

External Signs of Narcissism – Raising Awareness to Avoid Collateral Damage

Learning how to spot the signs of narcissism and identify narcissists will help us ensure that we do not bring these people into our security and fraud teams, or our enterprises. The post External Signs of Narcissism – Raising Awareness to Avoid Collateral Damage appeared first on SecurityWeek.

24Apr 2023

SolarWinds Platform Update Patches High-Severity Vulnerabilities

SolarWinds has patched two high-severity vulnerabilities that could lead to command execution and privilege escalation. The post SolarWinds Platform Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.

24Apr 2023

EU task force to review ChatGPT

The European Data Protection Board (EDPB) wants to set up a task force to take a closer look at AI tools like ChatGPT, which is being interpreted as an indication that European data protection officers could set stricter rules for the use of AI. The Italian data protection authorities in particular got a head start a few weeks ago. Since ChatGPT operator […]

24Apr 2023

UC Riverside turns to cloud to supercharge scientific research

For research institutions, a solid IT foundation can prove to be the difference in delivering meaningful results for scientific endeavors — and thereby in securing valuable funding for further research. To that end, University of California, Riverside has launched an ambitious cloud transformation to shift from a small on-premises data center to an advanced research […]

24Apr 2023

North Dakota turns to AI to boost effectiveness and efficiency of its cybersecurity

The recent proliferation of tools that employ artificial intelligence (AI) or machine learning (ML) to perform human-like tasks has sparked a great deal of interest in the cybersecurity community. And they’ve prompted some very hard questions about the future, not the least of which is whether ChatGPT, BardAI, Bing AI, and the dozens of other […]

24Apr 2023

38 Countries Take Part in NATO’s 2023 Locked Shields Cyber Exercise

More than 3,000 participants from 38 countries took place in NATO’s 2023 Locked Shields cyber defense exercise. The post 38 Countries Take Part in NATO’s 2023 Locked Shields Cyber Exercise appeared first on SecurityWeek.

22Apr 2023

Iran cyberespionage group taps SimpleHelp for persistence on victim devices

Iranian APT hacking group MuddyWater has been observed using SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices.  SimpleHelp itself, as used by the threat actors, has not been compromised — instead, the group has found a way to download the tool from the official website and use it […]

22Apr 2023

Cisco patches high and critical flaws across several products

Cisco fixed serious vulnerabilities across several of its products this week, including in its Industrial Network Director, Modeling Labs, ASR 5000 Series Routers, and BroadWorks Network Server. The flaws can lead to administrative command injection, authentication bypass, remote privilege escalation and denial of service. The Cisco Industrial Network Director (IND), a network monitoring and management […]

21Apr 2023

Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs

The North Korean hacking group behind the supply chain attack that hit 3CX also broke into two critical infrastructure organizations in the energy sector. The post Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs appeared first on SecurityWeek.

21Apr 2023

Pillars of successful multi-cloud application platforms

Software development teams can transform or constrict a modern enterprise in today’s digital economy. As such, many organizations are starting to invest in enhancing the developer experience, understanding that a frictionless process can improve business outcomes and drive higher performance. Organizations encounter friction when shifting gears to cloud and multi-cloud, especially as they scale – […]

21Apr 2023

Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform

Texas startup scores financing to build an AI-powered anti-ransomware engine to help organizations ward off data-extortion attacks. The post Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform appeared first on SecurityWeek.

21Apr 2023

Production Assurance AI answers: Can we be profitable in the future?

In the last few years, we’ve all learned how to become more agile. In the face of unplanned events like a global pandemic and various geopolitical events, we had to change and pivot on demand.  This holds true for individuals and businesses alike, and notably so in the manufacturing environments where I spend much of […]

21Apr 2023

Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities

Five Eyes agencies have issued joint cybersecurity guidance and best practices for smart cities. The post Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities appeared first on SecurityWeek.

21Apr 2023

Abandoned WordPress Plugin Abused for Backdoor Deployment

Attackers are installing the abandoned Eval PHP plugin on compromised WordPress sites to inject PHP code into web pages. The post Abandoned WordPress Plugin Abused for Backdoor Deployment appeared first on SecurityWeek.

21Apr 2023

Most interesting products to see at RSA Conference 2023

Security professionals attending this year’s RSA Conference expect to learn about new tools, platforms, and services from the 600-plus vendors exhibiting there. That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here. More announcements will be made throughout the […]

21Apr 2023

Good Friday Agreement paved way for Northern Ireland’s emergence as a global cybersecurity hub

The Belfast (Good Friday) Agreement played an integral role in enabling Northern Ireland’s growth as a global cybersecurity hub, according to UK government chiefs speaking at the CyberUK conference in Belfast. The Good Friday Agreement was signed on Good Friday, April 10, 1998, following three decades of conflict known as the Troubles. In introduced several […]

21Apr 2023

Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors

A vulnerability in Google Cloud Platform allowed attackers to modify and hide OAuth applications to create a stealthy backdoor to any Google account. The post Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors appeared first on SecurityWeek.

21Apr 2023

GitHub Announces New Security Improvements

GitHub this week introduced NPM package provenance and deployment protection rules and announced general availability of private vulnerability reporting. The post GitHub Announces New Security Improvements appeared first on SecurityWeek.

21Apr 2023

The strong link between cyber threat intelligence and digital risk protection

While indicators of compromise (IoCs) and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence (CTI) needs have grown over the past few years, driven by things like digital transformation, cloud computing, SaaS propagation, and remote worker support. In fact, these changes have led to a CTI subcategory focused on […]

21Apr 2023

3CX hack highlights risk of cascading software supply-chain compromises

At the end of March, an international VoIP software company called 3CX with over 600,000 business customers suffered a serious software supply-chain compromise that resulted in both its Windows and macOS applications being poisoned with malicious code. New evidence suggests the attackers, believed to be North Korean state-sponsored hackers, gained access to the company’s network […]

21Apr 2023

Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information

Capita finally confirmed that hackers stole data after the Black Basta ransomware group offered to sell information allegedly stolen from the company. The post Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information appeared first on SecurityWeek.

21Apr 2023

House Committee Hears Testimony on DC Health Data Breach

A top administrator with Washington’s health insurance exchange apologized to House members on Wednesday for the data breach that resulted in the disclosure of personal information for thousands of users. The post House Committee Hears Testimony on DC Health Data Breach appeared first on SecurityWeek.

21Apr 2023

4 perils of being an IT pioneer

The speed at which enterprises adopt emerging technology is widely acknowledged as a key driver of success. As a result, organizations often rush to adopt new technology believing it will make them operationally more efficient and enhance their competitiveness. Proponents of early technology adoption further argue that it enables companies to build informal relationships with […]

20Apr 2023

Best project management certifications of 2023

Behind every successful IT project, you’ll find a highly skilled project manager. From hardware and software upgrades to ongoing security patches, to application development and the rollout of software itself, project managers keep your teams on task and productive. Almost any IT pro can benefit from adding a project management certification to their list of […]

20Apr 2023

Greater innovation comes with a cost: increased IT complexity

Digital transformation has changed how businesses operate, making them more agile and responsive to the markets they serve. But this transformation has come at a cost: a rambling web of software tools and applications, cloud infrastructures, and decentralized application services. And this complexity presents a big challenge to IT teams. In tandem with digital transformation […]

20Apr 2023

Demystifying hybrid cloud solutions

When we think of digital transformation, perhaps no other technology comes to mind as quickly as the cloud. Many businesses have, in some form or another, been migrating their operations to the cloud for years now. But that doesn’t mean legacy systems suddenly cease to exist. A 2022 survey of business leaders by Rocket Software […]

20Apr 2023

Cost-effective security: certainty without complexity

In a recent article, we discussed the connection between digital transformation, innovation, and rising IT complexity. And we noted that complexity presents a big challenge to cybersecurity teams. Nevertheless, organizations have armed themselves with a litany of best-of-breed tools to tackle their most pressing security challenges. Many large enterprises use upwards of 40 to 50 tools […]

20Apr 2023

VMware Patches Pre-Auth Code Execution Flaw in Logging Product

VMware warns of two critical vulnerabilities — CVE-2023-20864 and CVE-2023-20865 — in the VMware Aria Operations for Logs product. The post VMware Patches Pre-Auth Code Execution Flaw in Logging Product appeared first on SecurityWeek.

20Apr 2023

Podcast: IHH Healthcare’s Francis Yeow on talent

Francis Yeow – Country Information Security Officer of Singapore at IHH Healthcare – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about talent, risk culture in organisations, and more. To read this article in full, please click here

20Apr 2023

The fast track to intelligent retail modernization with TCS and Microsoft Cloud

Retail organizations face an urgent need to accelerate digital transformation efforts in response to economic insecurity, persistent inflation, and growing consumer price sensitivity. Consumer product goods manufacturers (CPGs) and physical and online retail stores need to increase investments in strategic real-time pricing, supply chain resiliency, and customer experience management to keep pace with the competition. […]

20Apr 2023

Consulting, software boost IBM revenue as it turns to AI

Strong performances in software and consulting helped IBM’s profit and revenue increase in the first quarter, even as a post-pandemic slowdown hit much of the technology industry. IBM’s software and consulting revenue both rose 3% year over year. In the software segment, IBM’s enterprise Linux unit, Red Hat, saw growth of 8%, while application operations […]

20Apr 2023

Microsoft Will Name APTs Actors After Weather Events

Microsoft plans to use weather-themed naming of APT actors as part of a move to simplify the way threat actors are documented. The post Microsoft Will Name APTs Actors After Weather Events appeared first on SecurityWeek.

20Apr 2023

Xage’s new IAM offering provides multilayer authentication for ICS/OT

Zero trust security provider Xage Security has added a multilayer identity and access management (IAM) solution to its decentralized access control platform Xage Fabric to secure assets in different layers of operational technology (OT) and industrial control systems (ICS) environments. “Multilayer IAM is needed for a couple of reasons,” said Roman Arutyunov, co-founder, and SVP […]

20Apr 2023

Ransomware Attack Hits Health Insurer Point32Health

Health insurer Point32Health takes systems offline after falling victim to ransomware attack. The post Ransomware Attack Hits Health Insurer Point32Health appeared first on SecurityWeek.

20Apr 2023

Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App

3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm. The post Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App appeared first on SecurityWeek.

20Apr 2023

Phylum Adds Open Policy Agent to Open Source Analysis Engine

The software supply chain security firm adds the Open Policy Agent to its risk analysis engine, increasing flexibility for the creation and enforcement of custom policies on the use of open source software. The post Phylum Adds Open Policy Agent to Open Source Analysis Engine appeared first on SecurityWeek.

20Apr 2023

Air Force Unit in Document Leaks Case Loses Intel Mission

The Air Force is investigating how a lone airman could access and distribute possibly hundreds of highly classified documents, and in the meantime has taken away the intelligence mission from the unit where the leaks took place The post Air Force Unit in Document Leaks Case Loses Intel Mission appeared first on SecurityWeek.

20Apr 2023

Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs

Cisco this week released patches for critical-severity vulnerabilities impacting its Industrial Network Director and Modeling Labs applications. The post Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs appeared first on SecurityWeek.

20Apr 2023

Five Eye nations release new guidance on smart city cybersecurity

New guidance, Cybersecurity Best Practices for Smart Cities, wants to raise awareness among communities and organizations implementing smart city technologies that these beneficial technologies can also have potential vulnerabilities. A collaboration among the Five Eye nations (Australia, Canada, New Zealand, the UK, and the US), it advises communities considering becoming smart cities to assess and […]

20Apr 2023

Cyber insurer launches InsurSec solution to help SMBs improve security, risk management

Cyber insurance provider At-Bay has announced the launch of a new InsurSec solution to help small-to-mid sized businesses (SMBs) improve their security and risk management postures through their insurance policy. The firm describes the At-Bay Stance platform as a “world’s first” that aims to addresses major security technology and skills access gaps by centralizing and […]

20Apr 2023

PaperCut Warns of Exploited Vulnerability in Print Management Solutions

Print management solutions provider PaperCut warns that exploitation of a recently patched vulnerability has commenced. The post PaperCut Warns of Exploited Vulnerability in Print Management Solutions appeared first on SecurityWeek.

20Apr 2023

UK Warns of Russian Hackers Targeting Critical Infrastructure

The UK government’s information security arm warns of Russian state-aligned groups aiming to disrupt and destroy critical infrastructure in Western countries. The post UK Warns of Russian Hackers Targeting Critical Infrastructure appeared first on SecurityWeek.

20Apr 2023

CDIO Salumeh Companieh on putting the product mindset into action

Making the shift from project- to product-based IT requires more than just an operational map of capabilities and the cross-functional teams that will own them. It takes an organization-wide shift in mindset that gets people thinking and working in ways that align with the client’s definition of value. Salumeh “Sal” Companieh, chief digital and information […]

20Apr 2023

What CIOs need to become better enablers of sustainability

Over 90 wildfires ravaged Spain’s Asturias principality in March this year. Though not as cold and wet as northern Europe, March is still the tail end of winter in northwest Spain, a region not typically considered a tinder box. But the climate emergency is steadily changing that. But Spain’s predicament isn’t unique. Across the world, […]

20Apr 2023

Global intelligence assessments: you are the target

The duty and responsibility of every intelligence service is to collect, analyze, and disseminate intelligence information to its country’s policymakers. In a prior piece, we discussed the US Office of the Director of National Intelligence (ODNI) global threat assessment in the cyber domain. What follows is the perspective from other countries’ intelligence services on what […]

20Apr 2023

Fortra Completes Investigation Into GoAnywhere Zero-Day Incident

Fortra has shared a summary of its investigation into the GoAnywhere zero-day incident that hit dozens of the company’s customers earlier this year. The post Fortra Completes Investigation Into GoAnywhere Zero-Day Incident appeared first on SecurityWeek.

20Apr 2023

DC Health Link Data Breach Blamed on Human Error

The recent data breach of personal information for thousands of users of Washington D.C.’s health insurance exchange, including members of Congress, was caused by basic human error The post DC Health Link Data Breach Blamed on Human Error appeared first on SecurityWeek.

20Apr 2023

Former convicted hacker Hieu Minh Ngo on top cybersecurity vulnerabilities to watch out for

Hieu Minh Ngo – Cybersecurity Specialist at the National Cyber Security Center of Vietnam – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about his past as a black-hat hacker, common cybersecurity pitfalls to avoid, and more. To read this article in full, please click here

20Apr 2023

The power players of retail transformation: IoT, 5G, and AI/ML on Microsoft Cloud

Thanks to cloud, Internet of Things (IoT), and 5G technologies, every link in the retail supply chain is becoming more tightly integrated. These technologies are also allowing retailers to capture and gather insights from more and more data – with a big assist from artificial intelligence (AI) and machine learning (ML) technologies – to become […]

19Apr 2023

Hong Kong Baptist University’s Allan Wong on his award-winning implementation of zero trust security

Allan Wong – Director of Information Technology at Hong Kong Baptist University – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the stumbling blocks in the adoption of zero trust, how to create security policies without hampering employee productivity, and more. To read this article in full, please click here

19Apr 2023

IHH Healthcare’s Francis Yeow on talent

Francis Yeow – Country Information Security Officer of Singapore at IHH Healthcare – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about talent, risk culture in organisations, and more. To read this article in full, please click here

19Apr 2023

BrandPost: The status quo for DNS security isn’t working

The Domain Name System (DNS) is often referred to as the phone book of the internet. DNS translates web addresses, which people use, into IP addresses, which machines use. But DNS was not designed with security in mind. And even though companies have invested incredible amounts of money into their security stack (and even though […]

19Apr 2023

Russian cyber spy group APT28 backdoors Cisco routers via SNMP

APT28, the hacking arm of Russia’s GRU military intelligence agency has been backdooring Cisco routers by exploiting a remote code execution vulnerability in the Cisco IOS implementation of the simple network management protocol (SNMP), according to a statement by Western security agencies. The malware deployed on compromised routers patches the router’s authentication mechanism to always […]

19Apr 2023

How to succeed as a fractional CIO

What is a fractional CIO? Fractional CIOs operate in a sphere that’s significantly different from their traditional, full-time counterparts. A fractional CIO is a technology leader hired on a temporary or part-time basis, explains Peter Kirkwood, corporate strategy leader at management consulting and strategy advisory firm Zinnov. A fractional CIO is typically an experienced IT […]

19Apr 2023

Top considerations for data modernization initiatives

Most organizations are already well under way with their digital transformation journeys, particularly data modernization. For most companies, the drive for data modernization is attributed to the massive growth of data and a business goal to harness as much data as possible to unlock its potential in transformative ways. Adopting cloud-based solutions is, perhaps, one […]

19Apr 2023

Investors Bet Big on Safe Security for Cyber Risk Management

Safe Security, a startup building technology to help organizations manage cyber risk, has secured a $50 million Series B funding round. The post Investors Bet Big on Safe Security for Cyber Risk Management appeared first on SecurityWeek.

19Apr 2023

Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced

Russian national Denis Dubnikov has been sentenced to time served after he pleaded guilty to charges related to laundering money for the Ryuk ransomware group. The post Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced appeared first on SecurityWeek.

19Apr 2023

OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks

The Open Source Security Foundation (OpenSSF) has announced the release of Supply-chain Levels for Software Artifacts (SLSA) v.1.0 with structure changes designed to make the software supply chain security framework more accessible and specific to individual areas of the software delivery lifecycle. SLSA is a community-driven supply chain security standards project that outlines increasing security […]

19Apr 2023

Darwinium upgrades its payment fraud protection platform

Security and fraud prevention vendor Darwinium has updated its Continuous Customer Protection platform to provide shared intelligence on anonymized data sets. The company claims that the update ensures customers remain in control of users’ data while also preventing Darwinian from becoming a target of cybercrime. Use cases for the Darwinium platform include account security, scam […]

19Apr 2023

Lacework adds vulnerability risk management to its flagship offering

Cloud security provider Lacework has added a new vulnerability risk management capability to its cloud-native application protection (CNAPP) offering. The SaaS capability will combine active package detection, attack path analysis, and in-house data on active exploits to generate personalized vulnerability risk scores. “Lacework takes a risk-based approach that goes beyond a common vulnerability scoring system […]

19Apr 2023

Dasera Scores $12M Funding for Cloud Data Security

The Series A funding round was led by Storm Ventures and brings the total raised by Dasera to $20 million. The post Dasera Scores $12M Funding for Cloud Data Security appeared first on SecurityWeek.

19Apr 2023

Cleaning Up Costs: Avaya and Stemmer Distribution

Stemmer Distribution, the largest French company to provide dental products to healthcare professionals since 1978, was able to reduce costs while improving their customer experience with the help of Avaya. With 250 employees and 14 companies across six sites, Stemmer needed a flexible and fluid communication solution for their customers as the brand experienced a […]

19Apr 2023

Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers

Discarded enterprise routers are often not wiped and contain secrets that could be highly useful to malicious hackers. The post Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers appeared first on SecurityWeek.

19Apr 2023

Top risks and best practices for securely offboarding employees

Employees won’t work for the same organization forever and dealing with their departures is just part and parcel of business. But the security risks posed by departing staff can be significant. Without secure off-boarding processes, organizations expose themselves to a variety of cybersecurity risks ranging from the innocuously accidental to the maliciously deliberate. High turnover […]

19Apr 2023

UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure

The UK National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert states that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, […]

19Apr 2023

Coro Raises $75 Million for Mid-Market Cybersecurity Platform

Coro, an enterprise cybersecurity platform for mid-market organizations, has raised $75 million from Energy Impact Partners. The post Coro Raises $75 Million for Mid-Market Cybersecurity Platform appeared first on SecurityWeek.

19Apr 2023

Oracle Releases 433 New Security Patches With April 2023 CPU

Oracle’s April 2023 critical patch update (CPU) includes 433 new security patches, including more than 70 that fix critical vulnerabilities. The post Oracle Releases 433 New Security Patches With April 2023 CPU appeared first on SecurityWeek.

19Apr 2023

Google Patches Second Chrome Zero-Day Vulnerability of 2023

Google warns of another zero-day vulnerability in Chrome, only days after addressing a similar issue. The post Google Patches Second Chrome Zero-Day Vulnerability of 2023 appeared first on SecurityWeek.

19Apr 2023

Oracle adds AI, automation capabilities to SCM, HCM Fusion apps

Oracle on Wednesday said it is adding new AI and automation capabilities to its Fusion Supply Chain Management (SCM) and Fusion Human Capital Management (HCM) suites to help enterprises increase efficiency across divisions. The updates to the SCM suite, which have been made generally available, include an AI-based planning tool, an enhanced quote-to-cash process for […]

19Apr 2023

CIO Fletcher Previn on designing the future of work

It has been three years since COVID sent us into remote work, and we now find ourselves with a new challenge: employees who have never met in person.  The hybrid work paradigm has exposed the importance of getting in front of evolving changes in the way employees will work together in the future, accelerating IT […]

19Apr 2023

Will Taiwan be the next supply chain bottleneck for IT?

Taiwan’s semiconductor factories, the source of many of the chips used in the world’s PCs, servers, and mobile phones, operate under a constant threat of disruption. The threats are both geological (earthquakes frequently force high-tech plants to shut down despite them being built to withstand seismic shocks) and geopolitical: China considers Taiwan to be part […]

19Apr 2023

Deutsche Bahn CIO on track to decentralize IT

Bernd Rattey has been Group CIO and CDO of Deutsche Bahn (DB) since 2021, after being in charge of IT at subsidiary DB Fernverkehr AG for five years. And it was during that time he got to know the railways from a different business area. In his eyes, the entire DB group works like a federal system, […]

19Apr 2023

How to know it’s time for a new CIO gig

It’s no secret that the labor market has been volatile in recent years, with workers moving positions in record numbers. But it’s not just lower-level staffers making moves: Plenty of CIOs have been shuffling jobs during the past few years, too. In its 2022 Global Leadership Monitor survey, executive search firm Russell Reynolds Associates reported […]

19Apr 2023

Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure

A subgroup of Iran-linked APT Phosphorus (Mint Sandstorm) has started to quickly adopt PoC exploit code targeting vulnerabilities in internet-facing applications. The post Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure appeared first on SecurityWeek.

19Apr 2023

US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers

US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability. The post US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers appeared first on SecurityWeek.

18Apr 2023

App cyberattacks jump 137%, with healthcare, manufacturing hit hard, Akamai says

An analysis of customer data collected by content delivery network and internet services giant Akamai found that attacks targeting web applications rose by 137% over the course of last year, as the healthcare and manufacturing sectors in particular were targeted with an array of API and application-based intrusions. Local file intrusions — in which attackers […]

18Apr 2023

Hard-to-detect malware loader distributed via AI-generated YouTube videos

Security researchers warn of a new malware loader that’s used as part of the infection chain for the Aurora information stealer. The loader uses anti-virtual-machine (VM) and unusual compilation techniques that seem to make it quite successful at avoiding detection by security solutions. The Aurora infostealer is written in Go and is operated as a […]

18Apr 2023

6 ways to drive Wi-Fi operational efficiencies

By: Gayle Levin, Senior Product Marketing Manager for Wireless at Aruba, A Hewlett Packard Enterprise Company. If you’re like me and you’ve been reading the news lately, the economic outlook is all over the place. It’s difficult enough to prioritize IT spending and align efforts to support business initiatives without trying to predict the future […]

18Apr 2023

IT Leadership – and Networking – Take Center Stage at FutureIT Event Series

The room was abuzz. People were standing, talking intensely, mingling, and meeting new people. This was our first in-person conference in 2023, and it was going exactly as planned: Participants were engaged and networking. In all of our surveys, networking is always one of the top two reasons attendees come to our events (the other […]

18Apr 2023

Daon’s TrustX to offer SaaS-based, no-code identity journeys

Identity and access management provider Daon has launched a SaaS-based identity proofing and authentication platform TrustX, designed to help customers create and manage user identity journeys across organizational workflows. The fully managed offering will use artificial intelligence (AI) and machine learning (ML) tools to support identity journeys, which will include building, verifying, and authenticating identities, along […]

18Apr 2023

SpinOne adds new capabilities to secure SaaS applications and data

SaaS data protection provider Spin.ai has launched two new service modules — SaaS security posture management (SSPM) and SaaS data leak prevention/loss protection (SDLP) — along with a few new capabilities for existing modules, to its flagship SaaS security platform SpinOne. The enhancements to the SaaS-based offering aim to protect SaaS applications, automate manual processes, […]

18Apr 2023

SpecterOps Scores $25M Funding to Secure ID Attack Paths

Seattle startup SpecterOps secures $25 million in Series A funding to boost its BloodHound Enterprise platform. The post SpecterOps Scores $25M Funding to Secure ID Attack Paths appeared first on SecurityWeek.

18Apr 2023

New ‘Domino’ Malware Linked to FIN7 Group, Ex-Conti Members

New Domino backdoor brings together former members of the Conti group and the FIN7 threat actors. The post New ‘Domino’ Malware Linked to FIN7 Group, Ex-Conti Members appeared first on SecurityWeek.

18Apr 2023

Takedown of GitHub Repositories Disrupts RedLine Malware Operations

Four GitHub repositories used by RedLine stealer control panels were suspended, disrupting the malware’s operations. The post Takedown of GitHub Repositories Disrupts RedLine Malware Operations appeared first on SecurityWeek.

18Apr 2023

Businesses detect cyberattacks faster despite increasingly sophisticated adversaries

Global organizations are improving their attack detection capabilities despite facing increasingly sophisticated, persistent, and creative adversaries. The Mandiant M-Trends 2023 report, now in its fourteenth year, revealed that the global median dwell time – calculated as the median number of days an attacker is present in a target’s environment before detection – dropped to 16 […]

18Apr 2023

NSO Group Used at Least 3 iOS Zero-Click Exploits in 2022: Citizen Lab

NSO Group used at least three iOS zero-click exploits in Pegasus attacks in 2022: FindMyPwn, PwnYourHome, and LatentImage. The post NSO Group Used at Least 3 iOS Zero-Click Exploits in 2022: Citizen Lab appeared first on SecurityWeek.

18Apr 2023

Elon Musk Says He’ll Create ‘TruthGPT’ to Counter AI ‘Bias’

Elon Musk plans to create an alternative to the popular AI chatbot ChatGPT that he is calling “TruthGPT,” which will be a “maximum truth-seeking AI that tries to understand the nature of the universe.” The post Elon Musk Says He’ll Create ‘TruthGPT’ to Counter AI ‘Bias’ appeared first on SecurityWeek.

18Apr 2023

The classified document leak: let’s talk about Jack Teixeira’s need-to-know

The arrest of 21-year-old Airman First Class Jack Teixeira last week has inspired myriad reactions from armchair pundits declaring 21 is too young to be trusted with classified information to the need to reform the Department of Defense and the intelligence community to the US Speaker of the House calling for hearings on how the […]

18Apr 2023

19 startups to check out at RSA Conference 2023

This year’s RSA Conference showcases promising startups from all over the world, many of which are making their first public appearance. Most will be exhibiting in the Early Stage Expo, which features 50 new security solution providers. Other startup exhibitors are finalists in RSA’s Innovation Sandbox competition. Perhaps the most interesting aspect about startups is […]

18Apr 2023

Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks

Threat actors are getting more adept at exploiting common, everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most […]

18Apr 2023

New Qbot campaign delivers malware by hijacking business emails

Cyberattacks that use banking trojans of the Qbot family have been targeting companies in Germany, Argentina, and Italy since April 4 by hijacking business emails, according to a research by cybersecurity firm Kaspersky. In the latest campaign, the malware is delivered through emails written in English, German, Italian, and French. The messages are based on […]

18Apr 2023

Lockr Raises $2.5 Million for Identity and Data Protection Platform

Personal identity and data protection provider Lockr has raised $2.5 million in pre-seed funding. The post Lockr Raises $2.5 Million for Identity and Data Protection Platform appeared first on SecurityWeek.

18Apr 2023

Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends

In a year dominated by kinetic/cyber war in Ukraine, North Korea doubles down on cryptocurrency thefts, China and Iran continue to take advantage, and a new form of personal intimidation of company personnel emerges. The post Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends appeared first on SecurityWeek.

18Apr 2023

Cyberinsurance Backstop: Can the Industry Survive Without One?

The purpose of a backstop would be to make cyberinsurance more widely available and affordable to the whole market – but it isn’t yet clear whether this can be achieved. The post Cyberinsurance Backstop: Can the Industry Survive Without One? appeared first on SecurityWeek.

18Apr 2023

CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog

CISA has added two vulnerabilities to its ‘must patch’ list, including a recently fixed Chrome flaw and a macOS flaw exploited by the DazzleSpy malware. The post CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog appeared first on SecurityWeek.

18Apr 2023

Why IT surveys can’t be trusted for strategic decisions

Information, according to the mathematical theory that bears its name, reduces uncertainty. If, for example, I tell you I tossed a coin twice, you’ll know there were four equally probable outcomes. But if I then tell you the first toss came up tails, the number of possible outcomes cuts in half: tails/heads or tails/tails. In […]

18Apr 2023

Cybersecurity M&A Roundup for April 1-15, 2023

Sixteen cybersecurity-related M&A deals were announced in the first half of April 2023. The post Cybersecurity M&A Roundup for April 1-15, 2023 appeared first on SecurityWeek.

18Apr 2023

Creative Software Maker Affinity Informs Customers of Forum Breach

UK-based creative software developer Affinity recently informed the 175,000 users of its forum of a data breach that occurred on April 6. The post Creative Software Maker Affinity Informs Customers of Forum Breach appeared first on SecurityWeek.

18Apr 2023

Buying advice for CIOs as low-code/no-code spending rises

Faced with a long-running shortage of experienced professional developers, enterprise IT leaders have been exploring fresh ways of unlocking software development talent by training up non-IT staff and deploying tools that enable even business users to build or customize applications to suit their needs. A broad spectrum of tools has arisen to facilitate software development […]

18Apr 2023

The golden path to cloud success

As IT organizations attempt wide-scale cloud adoption, the importance of common best practices across applications and products is growing, sparking an exciting new conversation about platform teams and related disciplines like platform engineering. The problem statement driving the investment in platform teams is clear: developing, operating, and optimizing a modern application is becoming too complex […]

18Apr 2023

Norco Industries jumpstarts digital transformation with RPA

Chris Richner signed on as CIO of Norco Industries with a clear mission: To guide the US-based manufacturer through wholesale digital transformation. “I was brought on board to be a change agent,” says Richner, who is now 18 months into the job. “The first order of business was to get my infrastructure shored up, because […]

18Apr 2023

5 hot digital transformation trends — and 2 going cold

Digital transformation has always been a continuous journey, one that should become an organizational core competency, with the introduction of digital services an ongoing imperative to evolve the business and stave off disruption. While this may remain the case, subtleties are emerging about how digital transformation should be thought of, impacting how it should be […]

18Apr 2023

How TCS is helping to fight financial crime with AI and Microsoft Cloud

As consumers embrace ecommerce, digital banking, and online payment applications, the risk of fraud and other financial crimes has increased dramatically. Every new portal and mobile app expand the attack surface and give hackers new opportunities to exploit vulnerabilities. The stakes for financial organizations are growing as well. In 2021, U.S. fraud losses amounted to […]

17Apr 2023

Copaco Cloud: Increasing the sustainability of enterprises in Belgium, Luxembourg, and the Netherlands

Eindhoven-based Copaco is well-known for the cloud services and solutions it offers for managed service providers – including managed security service providers – independent software vendors and systems integrators throughout Belgium, Luxembourg, and the Netherlands. Delivered from the company’s highly advanced data centers, the Copaco Cloud, powered by VMware technologies, provides the core of the […]

17Apr 2023

Google urges users to update Chrome to address zero-day vulnerability

Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed. Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects […]

17Apr 2023

The Security and Productivity Implications of Low Code/No Code Development

The low code/no code movement provides simplified app generation – but it needs to be understood to be safe. The post The Security and Productivity Implications of Low Code/No Code Development appeared first on SecurityWeek.

17Apr 2023

7 countries unite to push for secure-by-design development

Ten agencies from across seven countries have joined forces to create a guide for software developer organizations to ensure their products are both secure by design and by default. The joint guidance, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default, comes after several recently identified critical vulnerabilities in vendor software. […]

17Apr 2023

CISA updates zero trust maturity model to provide an easier launch

The United States Cybersecurity and Infrastructure Security Agency (CISA) has published its Zero Trust Maturity Model (ZTMM) version 2, which incorporates recommendations from public comments it received on its first version of ZTMM. “CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” […]

17Apr 2023

LockBit Ransomware Group Developing Malware to Encrypt Files on macOS 

The LockBit ransomware gang is developing malware designed to encrypt files on macOS systems and researchers have analyzed if it poses a real threat. The post LockBit Ransomware Group Developing Malware to Encrypt Files on macOS  appeared first on SecurityWeek.

17Apr 2023

ZeroFox to Acquire Threat Intelligence Firm LookingGlass for $26 Million

Web security and threat intelligence firm ZeroFox is acquiring threat intelligence company LookingGlass for $26 million. The post ZeroFox to Acquire Threat Intelligence Firm LookingGlass for $26 Million appeared first on SecurityWeek.

17Apr 2023

7 cybersecurity mindsets that undermine practitioners and how to avoid them

It’s no secret that cybersecurity jobs are burning people out. It’s a high-pressure environment that ever seems to be ratcheting up the daily demand on security professionals. There are many reasons for this, but underlying them all is the way we think about security. By consciously recognizing these mindsets we can change them and better […]

17Apr 2023

Payments Giant NCR Hit by Ransomware

US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit. The post Payments Giant NCR Hit by Ransomware appeared first on SecurityWeek.

17Apr 2023

Mobb Raises $5.4 Million in Seed Funding for Automatic Vulnerability Fixing Tool

Boston-based Mobb has raised $5.4 million in seed funding for a product that automatically fixes vulnerabilities found in applications developed by customers. The post Mobb Raises $5.4 Million in Seed Funding for Automatic Vulnerability Fixing Tool appeared first on SecurityWeek.

15Apr 2023

Online Gaming Chats Have Long Been Spy Risk for US Military

Online gaming forums have long been a particular worry of the military because of their lure for young service members. The post Online Gaming Chats Have Long Been Spy Risk for US Military appeared first on SecurityWeek.

15Apr 2023

Mandiant’s new solution allows exposure hunting for a proactive defense

Google-owned cybersecurity provider Mandiant has launched Mandiant Proactive Exposure Management, a suite of products and services to help organizations focus on “attackable exposures” rather than just vulnerabilities. “Exposures go beyond vulnerabilities and are potential exploitable entry points that can be used by an adversary to gain initial compromise into an organization or supply chain ecosystem,” […]

14Apr 2023

The Engagement You’ll Find at Our Virtual Events

A record number of participants turned out for a discussion group with one of our speakers, Tom Kouloupolous, futurist and chairman and founder of Delphi Group, during our April virtual summit, CIO’s Future of Cloud and Data. Nearly all of the almost 300 viewers of his virtual session on “Living in the Cloud” jumped onto […]

14Apr 2023

Google Warns of New Chrome Zero-Day Attack

The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. The post Google Warns of New Chrome Zero-Day Attack appeared first on SecurityWeek.

14Apr 2023

EU privacy regulators to create taskforce to investigate ChatGPT

The move comes after a number of data privacy regulators from across Europe raised concerns about whether the chatbot is compliant with the EU’s GDPR privacy law.

14Apr 2023

Building the Generative AI-Driven Enterprise: Today’s Use Cases

Generative AI (GenAI) is taking the world by storm. During my career, I’ve seen many technologies disrupt the status quo, but none with the speed and magnitude of GenAI. Yet, we’ve only just begun to scratch the surface of what is possible. Now, GenAI is emerging from the consumer realm and moving into the enterprise […]

14Apr 2023

Stolen ChatGPT premium accounts up for sale on the dark web

Trade of stolen ChatGPT account credentials, especially those of the premium accounts, is on a rise on the dark web since March, enabling cybercriminals to get around OpenAI’s geofencing restrictions and get unlimited access to ChatGPT, according to research by Check Point. “During the last month, CPR (Check Point Research) observed an increase in the chatter in underground […]

14Apr 2023

CISA Introduces Secure-by-design and Secure-by-default Development Principles

CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products. The post CISA Introduces Secure-by-design and Secure-by-default Development Principles appeared first on SecurityWeek.

14Apr 2023

FBI Arrests 21-Year-Old Guardsman in Leak of Classified Military Documents

A Massachusetts Air National Guard member was arrested Thursday in connection with the disclosure of highly classified military documents about the Ukraine war and other top national security issues. The post FBI Arrests 21-Year-Old Guardsman in Leak of Classified Military Documents appeared first on SecurityWeek.

14Apr 2023

Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation 

The Android vulnerability CVE-2023-20963, reportedly exploited as a zero-day by a Chinese app against millions of devices, was added to CISA’s KEV catalog. The post Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation  appeared first on SecurityWeek.

14Apr 2023

Microsoft Warns Accounting, Tax Return Preparation Firms of Remcos RAT Attacks

A new Remcos RAT campaign is targeting US accounting and tax return preparation firms as Tax Day approaches. The post Microsoft Warns Accounting, Tax Return Preparation Firms of Remcos RAT Attacks appeared first on SecurityWeek.

14Apr 2023

Mandiant’s new solution allows exposure hunting for a proactive defense

Google-owned cybersecurity provider Mandiant has launched Mandiant Proactive Exposure Management offering, a suite of products and services to help organizations focus on “attackable exposures” rather than just vulnerabilities. “Exposures go beyond vulnerabilities and are potential exploitable entry points that can be used by an adversary to gain initial compromise into an organization or supply chain […]

14Apr 2023

Juniper Networks Patches Critical Third-Party Component Vulnerabilities

Juniper Networks this week announced patches for tens of vulnerabilities across its product portfolio, including critical bugs in Junos OS and STRM. The post Juniper Networks Patches Critical Third-Party Component Vulnerabilities appeared first on SecurityWeek.

14Apr 2023

Cerbos Raises $7.5 Million for Authorization Platform 

Authorization layer solution provider Cerbos has raised $7.5 million in an extended seed round led by Omers Ventures. The post Cerbos Raises $7.5 Million for Authorization Platform  appeared first on SecurityWeek.

14Apr 2023

6 best practices to develop a corporate use policy for generative AI

While there’s an open letter calling for all AI labs to immediately pause training of AI systems more powerful than GPT-4 for six months, the reality is the genie is already out of the bottle. Here are ways to get a better grasp of what these systems are capable of, and utilize them to construct […]

14Apr 2023

Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site

Cybersecurity firm Darktrace has issued a statement after it was listed on the leak website of the LockBit ransomware group. The post Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site appeared first on SecurityWeek.

14Apr 2023

Russian cyberspies hit NATO and EU organizations with new malware toolset

The Polish government warns that a cyberespionage group linked to Russia’s intelligence services is targeting diplomatic and foreign ministries from NATO and EU member states in an ongoing campaign that uses previously undocumented malware payloads. The group, known in the security industry as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia’s […]

13Apr 2023

How to find and retain talent, according to CIOs

At the recent IDC CIO Summit in Dubai  – themed Enabling the Digital Economy’s Leaders – the topic of talent attraction and retention was a key talking point for those at the event. Finding and keeping tech talent has never been easy but as the world of work continues to evolve and organisations shift to […]

13Apr 2023

Circular innovation: how to create sustainable products

If you recycle, you’re living your belief that using and regenerating products or components in environmentally friendly ways is good for our planet and its people. By extension, you’ll likely find value in the circular economy concept. According to the renowned Ellen MacArthur Foundation, “Through design, we can eliminate waste and pollution, circulate products and […]

13Apr 2023

4 ways to enable explainability in generative AI

Have you ever gazed upon a Monet painting and lost yourself for a time? I have. I love great works of art. The University of London’s research says beautiful art catalyzes an instant release of dopamine into the brain. I feel that jolt of reward and motivation when I see a masterpiece. As an artist […]

13Apr 2023

Google Proposes More Transparent Vulnerability Management Practices

New Google paper calls for increased transparency from vendors regarding their vulnerability management practices. The post Google Proposes More Transparent Vulnerability Management Practices appeared first on SecurityWeek.

13Apr 2023

Microsoft patches vulnerability used in Nokoyawa ransomware attacks

Microsoft has released a patch for a Windows zero day vulnerability that has been exploited by cybercriminals in ransomware attacks. The vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver. CLFS is a general purpose logging service that can be used by dedicated client applications and that […]

13Apr 2023

Cisco to offer Webex air-gapped cloud system for security, defense work

The upcoming cloud system will provide an added layer of network and data handling security for companies working on national security and defense projects and collaborating through the Webex app.

13Apr 2023

4 strategies to help reduce the risk of DNS tunneling

Domain name system (DNS) tunneling is a pervasive threat that enables hackers to get any data in and out of a company’s internal network while bypassing most firewalls. The domain name system translates numeric internet protocol addresses that browsers can then use to load web pages — threat actors use tunneling to exploit this process […]

13Apr 2023

Dissecting threat intelligence lifecycle problems

In my last CSO article, I looked at a few challenges related to enterprise threat intelligence programs. Security pros pointed to issues like dealing with too many manual processes, sorting through noisy threat intelligence feeds, establishing clear ROI benefits, and managing threat intelligence programs that are little more than an academic exercise for the cyber-threat […]

13Apr 2023

ChatGPT Could Return to Italy if OpenAI Complies With Rules

ChatGPT could return to Italy if its maker, OpenAI, complies with measures to satisfy regulators who imposed a temporary ban on the AI software over privacy worries. The post ChatGPT Could Return to Italy if OpenAI Complies With Rules appeared first on SecurityWeek.

13Apr 2023

Cyfirma Raises $6 Million for Threat Management Platform

Threat intelligence and attack surface management company Cyfirma has raised $6 million in a pre-Series B funding round. The post Cyfirma Raises $6 Million for Threat Management Platform appeared first on SecurityWeek.

13Apr 2023

Data leader Tejasvi Addagada on the value of data governance

The emergence of business models driven by data along with the evolution of modern analytics and cloud capabilities have increased the interest in data management multifold. As a result, enterprises are breaking down data siloes, transforming their data architectures, and democratizing access to data tools to accelerate decision-making. But the journey to the data-driven enterprise […]

13Apr 2023

Microsoft Shares Resources for BlackLotus UEFI Bootkit Hunting

Microsoft has shared details on how threat hunters can check their systems for BlackLotus UEFI bootkit infections. The post Microsoft Shares Resources for BlackLotus UEFI Bootkit Hunting appeared first on SecurityWeek.

13Apr 2023

Looking for a New Security Technology? Choose a Partner, not a Vendor

An important area of differentiation to evaluate when you make your next security investment is the vendor’s effectiveness when it comes to customer success. The post Looking for a New Security Technology? Choose a Partner, not a Vendor appeared first on SecurityWeek.

13Apr 2023

Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data

Hikvision patches CVE-2023-28808, a critical authentication bypass vulnerability that exposes video data stored on its Hybrid SAN and cluster storage products. The post Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data appeared first on SecurityWeek.

13Apr 2023

Improving employee experience in the AI-powered hybrid workplace on Microsoft Cloud

Though three-quarters of U.S. employers now offer hybrid work, some retailers have been slow to embrace emerging hybrid work models, even for corporate employees. We spoke with Ashok Krish, Global Head of Digital Workplace at TCS, about how hybrid work will impact employers – and their employees – in the retail industry. Do you believe […]

13Apr 2023

CIO Digital Enterprise Forum 2023: How CIOs can strategically and ethically use generative AI

The CIO Digital Enterprise Forum will be held in London on Thursday 11th May at Prospero House, London Bridge. Amit Sen from the United Nations Refugee Agency and Howard Pyle from Experience Futures will host the opening keynote. They will focus on the importance of organizations linking analytics with social impact goals and standards of […]

13Apr 2023

5 CIOs on building a service-oriented IT culture

There was a time in the not-too-distant past when the prevailing thinking among IT organizations was that what we deliver is more important than how we deliver it. Today’s most successful CIOs recognize that service missteps can make or break their team’s reputation. A culture of service excellence ensures that the IT organization is viewed […]

13Apr 2023

Why IT leaders are putting more business spin on security spend

Gartner projects that spending on information security and risk management products and services will  grow 11.3% to reach more than $188.3 billion this year. But despite those expenditures, there have already been at least 13 major data breaches, including at Apple, Meta and Twitter. To better focus security spend, some chief information security officers (CISOs) are shifting […]

13Apr 2023

Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS

Irrigation systems were disrupted recently in Israel in an attack that once again shows how easy it is to hack industrial control systems (ICS). The post Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS appeared first on SecurityWeek.

13Apr 2023

Hong Kong Baptist University’s Allan Wong on his award-winning implementation of zero trust security

Allan Wong – Director of Information Technology at Hong Kong Baptist University – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the stumbling blocks in the adoption of zero trust, how to create security policies without hampering employee productivity, and more. To read this article in full, please click here

12Apr 2023

Google launches dependency API and curated package repository with security metadata

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming languages. Today, the company also announced the general availability of its Assured Open Source Software (Assured OSS) service, which provides development teams with a Google-curated repository of security-tested […]

12Apr 2023

Why you should patch the Windows QueueJumper vulnerability immediately

Microsoft patched over 100 vulnerabilities this week in its products, including a zero-day privilege escalation flaw used in the wild by a ransomware gang. However, another critical vulnerability that can be easily exploited to take over Windows systems remotely over local networks and the internet is likely to be of more interest to attackers and […]

12Apr 2023

Where is the AI?

The recent mass media love affair with ChatGPT has led many to believe that AI is a “here and now” technology, expected to become pervasive in enterprise and consumer products in the blink of an eye. Indeed, Microsoft’s $10B investment in OpenAI, the company behind ChatGPT, has many people expecting a complete and thorough integration […]

12Apr 2023

Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments

When every environment is treated the same, teams get consistent visibility, a unified view, and a common language to describe what’s happening for detection, investigation, and response across dispersed multi-cloud and hybrid environments. The post Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments appeared first on SecurityWeek.

12Apr 2023

Building a vision for real-time artificial intelligence

By George Trujillo, Principal Data Strategist, DataStax I recently had a conversation with a senior executive who had just landed at a new organization. He had been trying to gather new data insights but was frustrated at how long it was taking. (Sound familiar?) After walking his executive team through the data hops, flows, integrations, […]

12Apr 2023

Inside-Out Defense launches privilege access abuse detection, remediation platform

Cybersecurity vendor Inside-Out Defense has emerged from stealth with the launch of a new privilege access abuse detection and remediation platform. The SaaS, agentless platform supports all environments and applications, complementing existing identity and access management (IAM), privilege access management (PAM), and custom identity solutions, the firm said. Stolen access credentials are highly attractive to […]

12Apr 2023

Searchlight Cyber launches Stealth Browser for safe dark web access

Dark web intelligence company Searchlight Cyber has announced the launch of Stealth Browser – a new, secure virtual machine for cyber professionals to access the dark web and conduct investigations anonymously, reducing the risk to themselves and their organization. Stealth Browser is an enhancement to Searchlight’s Cerberus investigation platform, which is used by law enforcement […]

12Apr 2023

Wazuh launches version 4.4 with a suite of new capabilities

Open source security provider Wazuh has launched the latest version of its unified extended detection and response (XDR) and security information and event management (SIEM) platform with a suite of upgraded capabilities. Wazuh 4.4 adds a string of new features to Wazuh agents and managers, which users deploy on endpoints and servers respectively. These features […]

12Apr 2023

Biden Administration Seeks Input on AI Safety Measures

The Biden administration wants stronger measures to test the safety of artificial intelligence tools such as ChatGPT before they are publicly released. The post Biden Administration Seeks Input on AI Safety Measures appeared first on SecurityWeek.

12Apr 2023

400,000 Users Hit by Data Breach at Media Player Maker Kodi

Media player maker Kodi has started rebuilding its user forum after hackers stole databases containing user posts, messages, and login credentials. The post 400,000 Users Hit by Data Breach at Media Player Maker Kodi appeared first on SecurityWeek.

12Apr 2023

Fortinet Patches Critical Vulnerability in Data Analytics Solution

A critical vulnerability in Fortinet’s FortiPresence data analytics solution leads to remote, unauthenticated access to Redis and MongoDB instances. The post Fortinet Patches Critical Vulnerability in Data Analytics Solution appeared first on SecurityWeek.

12Apr 2023

Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks

A Windows zero-day tracked as CVE-2023-28252 and fixed by Microsoft with its April Patch Tuesday updates has been exploited in Nokoyawa ransomware attacks. The post Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks appeared first on SecurityWeek.

12Apr 2023

Going nuts: California’s largest almond cooperative streamlines its supply chain

During the pandemic, nut lovers were alarmed to see shelves in their favorite part of the supermarket empty–and devoid of the roasted delicacies they craved. Now, we finally understand why. In addition to the usual threats–droughts, wildfires, and weather–California almond growers had to contend with wild fluctuations in supply and demand while transportation resources became […]

12Apr 2023

How Microsoft’s Shared Key authorization can be abused and how to fix it

When many of us moved our server and application needs to the cloud, we rejoiced that we no longer had to worry about the drudgery of patching. We didn’t have to monitor servers and their Patch Tuesday deployments; it was all in Microsoft’s hands. But as often occurs with cloud deployments, a solution that means […]

12Apr 2023

OpenAI starts bug bounty program with cash rewards up to $20,000

Microsoft-backed OpenAI has launched a bug bounty program and is inviting the global community of security researchers, ethical hackers, and technology enthusiasts to help the company identify and address vulnerabilities in its artificial intelligent systems.  “We are excited to build on our coordinated disclosure commitments by offering incentives for qualifying vulnerability information,” OpenAI said in […]

12Apr 2023

SAP Patches Critical Vulnerabilities in Diagnostics Agent, BusinessObjects

Two critical vulnerabilities in SAP Diagnostics Agent allow attackers to execute malicious commands on all monitored systems. The post SAP Patches Critical Vulnerabilities in Diagnostics Agent, BusinessObjects appeared first on SecurityWeek.

12Apr 2023

CISA Publishes New Guidance for Achieving Zero Trust Maturity

CISA has published the second version of its guide describing the necessary strategies and policies to achieve zero trust maturity. The post CISA Publishes New Guidance for Achieving Zero Trust Maturity appeared first on SecurityWeek.

12Apr 2023

Virtual Event Today: Zero Trust Strategies Summit

Join us for SecurityWeek’s 2023 Zero Trust Strategies Summit as we decipher the confusing world of zero trust and share war stories on securing an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. The post Virtual Event Today: Zero Trust Strategies Summit appeared first on SecurityWeek.

12Apr 2023

Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers

3CX has confirmed previous reports that the recently disclosed supply chain attack was likely conducted by North Korean hackers. The post Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers appeared first on SecurityWeek.

12Apr 2023

How Canadian Tire CIO & CTO balances lessons learned and leading with purpose

Having celebrated its 100th anniversary last year, Canadian Tire has had to perform some deft manoeuvring in the last couple of years to become more agile. And with his dual titles at the company—CIO and CTO—Rex Lee is in the driver’s seat to support digital transformation and implement shared knowledge across teams and management. No […]

12Apr 2023

5 tips for tackling technical debt

CIOs have contended with technical debt for decades, yet many still struggle to adequately manage it. And it’s costing them. Management consulting firm Protiviti surveyed more than 1,000 tech execs for its 2023 Global Technology Executive Survey and found that technical debt is a leading obstacle to innovation for nearly 70% of organizations. Executives also […]

12Apr 2023

Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware

Microsoft and Citizen Lab release information on the activities, malware and victims of Israeli spyware vendor QuaDream. The post Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware appeared first on SecurityWeek.

12Apr 2023

CIO Digital Enterprise Forum 2023: How CIOs can strategically and ethically use generative AI

The CIO Digital Enterprise Forum will be held in London on Thursday 11th May at Prospero House, London Bridge. Amit Sen from the United Nations Refugee Agency and Howard Pyle from Experience Futures will host the opening keynote. They will focus on the importance of organizations linking analytics with social impact goals and standards of […]

12Apr 2023

Accelerating innovation with cloud-native apps on Microsoft Cloud

The financial services sector is undergoing rapid change as fintechs develop convenient, consumer-focused services that were once the province of traditional banks. We spoke with Siddhartha Gupta, Global Head of Application Modernization on Azure at Tata Consultancy Services (TCS), about this trend and what financial services organizations need to do to improve their capacity for […]

12Apr 2023

plusserver: Offering a sovereign GDPR-compliant cloud “made in Germany”

Alexander Wallner, CEO of plusserver, believes the importance of the sovereign cloud services and solutions needed to ensure that data is protected, safe, and compliant cannot be overemphasized. He is also quick to point out that plusserver takes responsibility for the cloud-based operations of its growing customer base, which includes enterprises across industries and throughout […]

11Apr 2023

Cohesity aims an OpenAI-powered chatbot to secure your data sets

Generative AI is coming to both line-of-business data analysis as well as security, as Cohesity deepens its ties to Microsoft.

11Apr 2023

ChatGPT Creator OpenAI Ready to Pay Hackers for Security Flaws

ChatGPT creator OpenAI announced a new bug bounty program that will pay up to $20,000 for advance notice on security vulnerabilities found by hackers. The post ChatGPT Creator OpenAI Ready to Pay Hackers for Security Flaws appeared first on SecurityWeek.

11Apr 2023

Aruba AIOps for NaaS IT efficiency

By: Trent Fierro, Head of Content and Operations at Aruba, a Hewlett Packard Enterprise company. When doing something on your own, you’ll usually give yourself a little leeway, but bringing in help that is paid often creates an expectation gap. This happens because most customers expect that a service provider will meet or exceed what they’re […]

11Apr 2023

Virtual Event Tomorrow: Zero Trust Strategies Summit

Join this virtual event as we decipher the confusing world of zero trust and share war stories on securing organizations by eliminating implicit trust. The post Virtual Event Tomorrow: Zero Trust Strategies Summit appeared first on SecurityWeek.

11Apr 2023

Microsoft Patches Another Already-Exploited Windows Zero-Day

For the second month in a row, Microsoft patches for an already-exploited vulnerability in its flagship Windows operating system. The post Microsoft Patches Another Already-Exploited Windows Zero-Day appeared first on SecurityWeek.

11Apr 2023

Iranian APT group launches destructive attacks in hybrid Azure AD environments

Recent destructive attacks against organizations that masquerade as a ransomware operation called DarkBit are likely performed by an advanced persistent threat (APT) group that’s affiliated with the Iranian government. During some of these operations the attackers didn’t limit themselves to on-premises systems but jumped into victims’ Azure AD environments where they deleted assets including entire […]

11Apr 2023

Adobe Plugs Gaping Security Holes in Reader, Acrobat

Adobe documents 56 security defects in multiple products, some serious enough to expose Windows and macOS users to code execution attacks. The post Adobe Plugs Gaping Security Holes in Reader, Acrobat appeared first on SecurityWeek.

11Apr 2023

Capitalizing on the Cloud: Research Reveals Key Reason Companies Struggle

After years of compounded digital transformation, the downsides of the cloud are starting to reveal themselves. As cloud investments increase, benefits remain elusive without also investing in optimization efforts targeted at reducing cloud waste and lowering costs, that’s according to a new study published by CIO.com. Research reveals that while most companies are investing more […]

11Apr 2023

ZeroFox partners with Google Cloud to warn users against phishing domains

Cybersecurity provider ZeroFox has announced a partnered capability with Google Cloud to warn users of malicious URLs and fake websites in a bid to disrupt phishing campaigns. As part of the partnership, ZeroFox will automatically detect phishing domains for customers and submit verified, malicious URLs through Google Cloud’s Web Risk Submission API, disrupting attacks and […]

11Apr 2023

CrowdStrike expands Falcon platform with XDR for IoT assets

Cybersecurity vendor CrowdStrike has announced the release of new extended detection and response (XDR) capabilities within its Falcon platform to secure extended internet of things (XIoT) assets including IoT, Industrial IoT, OT, and medical devices. CrowdStrike Falcon Insight for IoT delivers tailored threat prevention, rapid patch management, and interoperability across XIoT assets to help customers […]

11Apr 2023

OSINT Company Fivecast Raises $20 Million

Australian OSINT software company Fivecast has raised $20 million in a Series A funding round led by Ten Eleven. The post OSINT Company Fivecast Raises $20 Million appeared first on SecurityWeek.

11Apr 2023

3 key mistakes leaders make today and how to overcome them

By Chet Kapoor, Chairman & CEO,DataStax Mistakes: we all make them. Whether it’s screwing up a demo in front of the entire leadership team or hiring the wrong person for a role, I can’t even count how many times I’ve made mistakes throughout my career. These moments are never easy, but they are always learning […]

11Apr 2023

ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities

Siemens and Schneider Electric’s Patch Tuesday advisories for April 2023 address a total of 38 vulnerabilities found in their products. The post ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities appeared first on SecurityWeek.

11Apr 2023

Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse

Microsoft Azure shared key authorization can be exploited to access business data and achieve remote code execution. The post Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse appeared first on SecurityWeek.

11Apr 2023

Why reporting an incident only makes the cybersecurity community stronger

Reporting an incident to the correct authorities or vulnerability clearinghouses can be an experience fraught with frustration. You pour time, energy, and resources into fighting an intrusion, all while keeping company officials and stakeholders up to date and preventing sensitive information from getting into the wild. Explaining what happened might seem just like another layer […]

11Apr 2023

GitGuardian’s honeytokens in codebase to fish out DevOps intrusion

Code security provider GitGuardian has added a new honeytoken module to its platform to help customers secure their software development life cycle and software supply chains with intrusion and code leakage detection assistance. Honeytokens are code scripts containing decoy credentials, which can be placed within a customer’s development environments to lure out attackers looking to […]

11Apr 2023

Battle could be brewing over new FCC data breach reporting rules

On January 6, the United States Federal Communications Commission (FCC) launched a notice of proposed rulemaking (NPRM) to update its data breach reporting rules for telecommunications carriers. “The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect […]

11Apr 2023

Apple Rolls Out Zero-Day Patches to Older iOS, macOS Devices

Three days after announcing patches for new zero-days affecting iOS and macOS, Apple released fixes for devices running older operating system versions. The post Apple Rolls Out Zero-Day Patches to Older iOS, macOS Devices appeared first on SecurityWeek.

11Apr 2023

Yum Brands Discloses Data Breach Following Ransomware Attack

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack. The post Yum Brands Discloses Data Breach Following Ransomware Attack appeared first on SecurityWeek.

11Apr 2023

Potential Outcomes of the US National Cybersecurity Strategy

The national strategy outlined by the Federal Government on March 1, 2023, is a monumental attempt to weave a consistent approach to cybersecurity for the whole nation. The post Potential Outcomes of the US National Cybersecurity Strategy appeared first on SecurityWeek.

11Apr 2023

Multi-cloud is the future of enterprise

By Andy Nallappan, Chief Technology Officer & Head of Software Business Operations, Broadcom This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. Multi-cloud is the future of enterprise IT. The evidence is […]

11Apr 2023

Novanta’s Sarah Betadam on transforming the IT model status quo

Over the next five years, the healthcare industry is expected to go through dramatic changes as service providers expand value-based care models and equipment manufacturers strive to keep pace in a digital-first world. One factor driving global transformation is the push to bring healthcare services, as well as responsibilities and control, closer to consumers. By […]

11Apr 2023

3 ‘phase 0’ digital transformation errors no IT leader should make

Digital transformation has embedded IT at the center of business strategy, making all organizations technology enterprises today, irrespective of their industry. Business processes, culture, workflow, and systems are all necessarily impacted by digital transformation efforts, which by definition overhaul how business gets done, expediting efficiencies, modernizing the enterprise, and — when executed well — enhancing […]

11Apr 2023

7 trends defining the enterprise IT market today

When Tim Potter, principal at Deloitte Consulting,surveys the current enterprise software and services landscape, he sees potential for IT organizations to spur both innovation and rapid growth. “Enterprises continue to seek software and technology solutions to improve services, deliver more compelling products, streamline internal processes, and increase productivity,” he says, adding that new technology advances […]

11Apr 2023

Microsoft Exchange Server 2013 Reaches End of Support

Microsoft Exchange Server 2013 has reached end of support on April 11, 2023, and will no longer receive security patches. The post Microsoft Exchange Server 2013 Reaches End of Support appeared first on SecurityWeek.

11Apr 2023

Australian Finance Company Refuses Hackers’ Ransom Demand

Latitude Financial said it had recently received a ransom threat from the group behind the cyberattack, which it was ignoring in line with government advice. The post Australian Finance Company Refuses Hackers’ Ransom Demand appeared first on SecurityWeek.

11Apr 2023

Tesla Sued Over Workers’ Alleged Access to Car Video Imagery

A Tesla owner is seeking class action status for a lawsuit accusing the automaker of allowing its workers to use intimate or embarrassing imagery captured by the electric vehicles. The post Tesla Sued Over Workers’ Alleged Access to Car Video Imagery appeared first on SecurityWeek.

10Apr 2023

Toyota pushes IT automation into overdrive

Automation has long been the lifeblood of IT work. In pockets throughout the organization, the call to automate processes has always been a key driver of IT agendas, whether it be to overhaul targeted processes within the sales or marketing function, or within IT itself. But the rise of digital capabilities such as AI and […]

10Apr 2023

Crafting IT innovation strategies for real-world value

Jeff Dirks is fascinated by new technologies like generative AI. But when it comes to implementation, the chief information and technology officer of workforce augmentation firm TrueBlue chooses a path that trails early adopters. “We’re in the early majority,” is the CIO/CTO’s blunt self-assessment. Although many IT leaders would like to think of themselves — […]

10Apr 2023

Veritas Vulnerabilities Exploited in Ransomware Attacks Added to CISA ‘Must Patch’ List

CISO ordered federal agencies to patch Veritas Backup Exec vulnerabilities exploited in ransomware attacks. The post Veritas Vulnerabilities Exploited in Ransomware Attacks Added to CISA ‘Must Patch’ List appeared first on SecurityWeek.

10Apr 2023

Microsoft: Iranian Gov Hackers Caught in Azure Wiper Attacks

Microsoft catches an Iranian government-backed APT launching destructive Azure wiper attacks disguised as ransomware. The post Microsoft: Iranian Gov Hackers Caught in Azure Wiper Attacks appeared first on SecurityWeek.

10Apr 2023

MSI Confirms Cyberattack, Issues Firmware Download Guidance

Tech giant MSI confirms a cyberattack that resulted in system disruptions and possible exposure to firmware image manipulations. The post MSI Confirms Cyberattack, Issues Firmware Download Guidance appeared first on SecurityWeek.

10Apr 2023

Most Attack Paths Are Dead Ends, but 2% Lead to Critical Assets: Report

Security posture management firm XM Cyber took tens of thousands of attack path assessments involving more than 60 million exposures affecting 20 million entities during 2022. The post Most Attack Paths Are Dead Ends, but 2% Lead to Critical Assets: Report appeared first on SecurityWeek.

10Apr 2023

What is the true potential impact of artificial intelligence on cybersecurity?

Will artificial intelligence become clever enough to upend computer security? AI is already surprising the world of art by producing masterpieces in any style on demand. It’s capable of writing poetry while digging up arcane facts in a vast repository. If AIs can act like a bard while delivering the comprehensive power of the best […]

10Apr 2023

AI: A Hidden Key to Brand Trust and Loyalty

By Bryan Kirschner, Vice President, Strategy at DataStax Artificial intelligence is something developers are excited to work on. So much so that many enterprises give their AI systems names to better tout their innovations and aspirations to the world (Halo at Priceline or  Michelangelo at Uber, for example). But, as the saying goes, when it […]

10Apr 2023

What business executives don’t understand about IT

When I graduated from college, I worked as an assembler language programmer for Sears. At that time, Sears was the world’s largest retailer and it was just beginning to use the new System 360 from IBM. IT was looked upon as a group of techies that performed some unexplainable job that was supposed to revolutionize […]

07Apr 2023

Bridging the developer skills gaps in enterprises

About 20 years ago, during the “dot-com” era, technology impacted a relatively small portion of the enterprise, and very few would consider themselves tech companies. Today, every company needs to think and act like a software company to compete in our digital world. As mainstream companies race to modernize their business and migrate to the […]

07Apr 2023

CISA warns of critical flaws in ICS and SCADA software from multiple vendors

The US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories this week covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors. Some of the flaws are rated critical and two of them already have public exploits. The impacted products include: Scadaflex II controllers made by […]

07Apr 2023

Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days

The newest iOS 16.4.1 and iPadOS 16.4.1 patches a pair of code execution flaws that have already been exploited in the wild. The post Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days appeared first on SecurityWeek.

07Apr 2023

Putting AI to Work: Generative AI Meets the Enterprise

Five days after its launch, ChatGPT exceeded 1 million users1. Generative AI (GenAI), the basis for tools like OpenAI ChatGPT, Google Bard and Meta LLaMa, is a new AI technology that has quickly moved front and center into the global limelight.  GenAI’s hallmark is the ability to answer almost any question on demand, converting text-based queries […]

07Apr 2023

DoJ: Estonian Man Tried to Acquire US-Made Hacking Tools for Russia

Andrey Shevlyakov was charged in the US for helping the Russian government and military purchase US-made electronics and hacking tools. The post DoJ: Estonian Man Tried to Acquire US-Made Hacking Tools for Russia appeared first on SecurityWeek.

07Apr 2023

NTC Vulkan leak shows evolving Russian cyberwar capabilities

National habits and perspectives on waging war are not just apparent in terrestrial conflict. In cyberspace, national ways of cyberwar clearly exist. From the unusually aggressive style of Israeli responses to regional cyber threat activities to the consistent correlation between Communist Party interests and China-attributed cyber espionage, a host of examples show that diverse geopolitical […]

07Apr 2023

Secret US Documents on Ukraine War Plan Spill Onto Internet: Report

Secret documents that reportedly provide details of US and NATO plans to help prepare Ukraine for a spring offensive against Russia have spilled onto social media platforms. The post Secret US Documents on Ukraine War Plan Spill Onto Internet: Report appeared first on SecurityWeek.

07Apr 2023

Technical, Legal Action Taken to Prevent Abuse of Cobalt Strike, Microsoft Software

Microsoft, Fortra and Health-ISAC have taken legal and technical action to prevent the abuse of the Cobalt Strike exploitation tool and Microsoft software. The post Technical, Legal Action Taken to Prevent Abuse of Cobalt Strike, Microsoft Software appeared first on SecurityWeek.

07Apr 2023

Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance

Sophos patches critical unauthenticated code execution vulnerability in Sophos Web Appliance. The post Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance appeared first on SecurityWeek.

07Apr 2023

Tesla Retail Tool Vulnerability Led to Account Takeover

A vulnerability in Tesla’s Retail Tool application allowed a researcher to take over accounts of former employees. The post Tesla Retail Tool Vulnerability Led to Account Takeover appeared first on SecurityWeek.

07Apr 2023

10 fastest growing US tech hubs for IT talent

Tech salaries are on the rise thanks to a demand for talent across nearly every industry. Salaries increased 2.3% between 2021 and 2022, reaching an average tech salary of $111,348 per year, according to the 2023 Dice Tech Salary Report. Salaries vary by location, with the technologists reporting the highest average salaries of $144,962 per […]

07Apr 2023

CIOs step in to help upgrade Africa’s account management systems

As globalization evolves, accounting becomes more central to the development of a modern economy, with the need for greater trust in digital financial transactions. Some African entrepreneurs have begun to address this urgency by developing atypical accounting automation and new management systems where CIOs drive the ins and outs of the processes to keep up […]

07Apr 2023

OpenAI to Offer Remedies to Resolve Italy’s ChatGPT Ban

The company behind ChatGPT will propose measures to resolve data privacy concerns that sparked a temporary Italian ban on the artificial intelligence chatbot The post OpenAI to Offer Remedies to Resolve Italy’s ChatGPT Ban appeared first on SecurityWeek.

07Apr 2023

Seized Genesis malware market's infostealers infected 1.5 million computers

Infamous hacker marketplace Genesis, which was taken down this week by an international law enforcement operation involving 17 countries, was selling access to millions of victim computers gained via the DanaBot infostealer and likely other malware. Trellix, the cybersecurity firm that assisted in the takedown of the Genesis site, said that malware used by Genesis […]

06Apr 2023

How Foodstuffs North Island’s IT team weathered recent NZ storms to keep stores operational

New Zealand’s start to 2023 has been challenging, with Auckland hit by torrential flooding in January followed by Cyclone Gabrielle in February, which left a trail of destruction across Northland, Hawkes Bay, and the East Coast. For Foodstuffs North Island, the supermarket cooperative behind well-known brands like New World, Pak’nSave, and Four Square, several of […]

06Apr 2023

Default static key in ThingsBoard IoT platform can give attackers admin access

Developers of ThingsBoard, an open-source platform for managing IoT devices that’s used in various industry sectors, have fixed a vulnerability that could allow attackers to escalate their privileges on a server and send requests with administrative privileges. The vulnerability, tracked as CVE-2023-26462, was discovered and privately reported by researchers from IBM Security X-Force. It stems […]

06Apr 2023

Empowering the Edge: Five Best Practices to Unlock Manufacturing Potential

Across the manufacturing industry, innovation is happening at the edge. Edge computing allows manufacturers to process data closer to the source where it is being generated, rather than sending it offsite to a cloud or data center for analysis and response.  For an industry defined by machinery and supply chains, this comes as no surprise. The […]

06Apr 2023

Google Wants Android Users to Have More Control Over Their Data

Developers of Android applications will be required by Google to allow users to delete their account and data from within the app and online. The post Google Wants Android Users to Have More Control Over Their Data appeared first on SecurityWeek.

06Apr 2023

Cisco Patches Code and Command Execution Vulnerabilities in Several Products

Cisco has released patches for high-severity vulnerabilities impacting Secure Network Analytics and Identity Services Engine (ISE) products. The post Cisco Patches Code and Command Execution Vulnerabilities in Several Products appeared first on SecurityWeek.

06Apr 2023

CREST publishes guide for enhancing cyber resilience in developing countries

International information security accreditation and certification body CREST has published a new guide to fostering financial sector cyber resilience in developing countries. The nonprofit’s Resilience in Developing Countries paper forms part of its work in encouraging greater cyber readiness and resilience in emerging nations to help protect key industries from cyberattacks. The guide outlines that, […]

06Apr 2023

Thieves Use CAN Injection Hack to Steal Cars

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars. The post Thieves Use CAN Injection Hack to Steal Cars appeared first on SecurityWeek.

06Apr 2023

Financial Fraud-Focused Cybercrime Marketplace ‘Styx’ Emerges

Recently identified dark web portal Styx Marketplace focuses on financial fraud, identity theft, and money laundering. The post Financial Fraud-Focused Cybercrime Marketplace ‘Styx’ Emerges appeared first on SecurityWeek.

06Apr 2023

Industry leaders show the wisdom of going all-in on AI

Despite all the attention generative AI is getting right now, most organizations have done little with artificial intelligence. That is a big mistake, says Tom Davenport, senior advisor to Deloitte’s Analytics practice. Enterprises, especially industry leaders, need to be all-in on AI if they are to remain competitive. To truly benefit from AI investments, organizations […]

06Apr 2023

The 4-year debate: Do degree requirements still matter for IT?

Antonio Taylor landed his first IT job in 1999, having decided to leave his pre-law studies at college and get into tech instead. He earned a Novell certification, believing it was a quick, effective way to get into a well-paying field with growth potential. Plus, he liked technology, saying, “Computers were always easy to me.” […]

06Apr 2023

Cyber threat intelligence programs: Still crazy after all these years

When I asked CISOs about their cyber threat intelligence (CTI) programs about five years ago, I got two distinct responses. Large, well-resourced enterprises were investing their threat intelligence programs with the goal of better operationalizing it for tactical, operational, and strategic purposes. Smaller, resource-constrained and SMB organizations often recognized the value of threat intelligence, but […]

06Apr 2023

Success of Genesis Market Takedown Attempt Called Into Question

Law enforcement announced the takedown of Genesis Market, but the impact on the cybercrime marketplace’s infrastructure may be limited. The post Success of Genesis Market Takedown Attempt Called Into Question appeared first on SecurityWeek.

06Apr 2023

Cybersecurity M&A Roundup: 41 Deals Announced in March 2023

Forty-one cybersecurity-related M&A deals were announced in March 2023. The post Cybersecurity M&A Roundup: 41 Deals Announced in March 2023 appeared first on SecurityWeek.

06Apr 2023

IHH Healthcare’s Francis Yeow on talent

Francis Yeow – Country Information Security Officer of Singapore at IHH Healthcare – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about talent, risk culture in organisations, and more. To read this article in full, please click here

05Apr 2023

To Improve Customer Experience, Improve the Digital Employee Experience

You heard about a nightmare scenario playing out for peers at other companies and hope it doesn’t affect yours. Trouble tickets are rolling in, and there’s a lack of qualified people to address security alerts and help desk issues right when customer demand, supply shortages, and potential threats are at their peak. Even with flexible […]

05Apr 2023

Improving employee experience in the hybrid workplace with Microsoft 365

Though three-quarters of U.S. employers now offer hybrid work, some banks and insurance companies have been slow to embrace this emerging work model. We spoke with Ashok Krish, Global Head of Digital Workplace at TCS, about how hybrid work will impact employers – and their employees – in the financial services industry. How will hybrid […]

05Apr 2023

Increase customer protection with edge security

Traditional IT security methods are increasingly flawed and the volume and sophistication of threats continue to increase. According to NETSCOUT, one DDoS attack occurs every three seconds, and the Cybersecurity and Infrastructure Security Agency recently added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, with new common vulnerabilities and exposures (CVEs) growing over 25% […]

05Apr 2023

Your digital transformation formula for success

Your digital transformations may have turned your network operations on its head. You’ve moved workloads out to the cloud, adopted SD-WAN technologies and most of your critical applications are now hosted in a SaaS environment. So how do you manage operations when your users aren’t even using your enterprise network anymore? Join Broadcom for our […]

05Apr 2023

Micro Logic’s Projet Cirrus – Bringing Sovereign Cloud to Canada

Stéphane Garneau, the president of Quebec-based Micro Logic, still sees the same forces driving private sector enterprises and public sector agencies to seek out sovereign cloud solutions now that he witnessed nearly a decade ago. “We first made the commitment to create and offer sovereign cloud solutions and services in 2014,” says Garneau. “At the […]

05Apr 2023

What you need to know to accelerate your cloud and data strategy

At Choice Hotels, cloud is a tool to help the hospitality giant achieve corporate goals. That can include making progress on immediate objectives, such as environmental sustainability, while keeping an eye on trendy topics such as the metaverse and ChatGPT. “We’re investing in technology, we’re investing in leveraging the cloud to do meaningful things while […]

05Apr 2023

Why Financial Institutions are Banking on AI

Today, AI-powered banks see advantages in applying the technology to a gamut of mission-critical needs—from customer service and fraud prevention to meeting environmental, social and governance standards. With AI to enhance every line of business and function, banks report significant return on investment (ROI) including the ability to increase productivity, reduce risk and keep customers […]

05Apr 2023

Obsidian launches new SaaS security and compliance tools

Cybersecurity firm Obsidian has launched its SaaS security posture management (SSPM) solution with new security and compliance tools to help organizations manage third-party SaaS integrations. The SaaS-based deployment will feature three primary modules including Obsidian Compliance Posture Management (CPM), Obsidian Integration Risk Management, and Obsidian Extend. “Obsidian not only provides posture hardening and third-party SaaS […]

05Apr 2023

Push Security Raises $15 Million in Series A Funding

Push Security has raised $15 million in a Series A funding round led by Google Ventures. The post Push Security Raises $15 Million in Series A Funding appeared first on SecurityWeek.

05Apr 2023

Tax Return Filing Service eFile.com Caught Serving Malware

Online tax return filing service eFile.com was injected with malicious JavaScript code serving malware to visitors. The post Tax Return Filing Service eFile.com Caught Serving Malware appeared first on SecurityWeek.

05Apr 2023

In a Time of Environmental Disruption, DSM ‘Does Something Meaningful’

“Doing Something Meaningful.” The term is instilled in employees at Dutch health, nutrition, and bioscience company Royal DSM N.V. (DSM), a Heerlen-based organization committed to improving global health by setting ambitious environmental, social, and governance (ESG) targets. It’s a lofty ambition in a volatile era in which global businesses are impacted by ongoing inflation and restrained […]

05Apr 2023

Cybercrime Website Genesis Market Seized by FBI

The FBI has seized Genesis Market, a major cybercrime website offering stolen device fingerprints. The post Cybercrime Website Genesis Market Seized by FBI appeared first on SecurityWeek.

05Apr 2023

Android’s April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities

Android’s April 2023 security updates were released this week with patches for two critical-severity vulnerabilities leading to remote code execution. The post Android’s April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities appeared first on SecurityWeek.

05Apr 2023

Chrome 112 Patches 16 Security Flaws

Chrome 112 was released to the stable channel this week with 16 security fixes, including 14 for vulnerabilities reported by external researchers. The post Chrome 112 Patches 16 Security Flaws appeared first on SecurityWeek.

05Apr 2023

KPMG Tackles AI Security With Cranium Spinout

Consulting giant KPMG spins out a startup building technology to secure AI (artificial intelligence) applications and deployments. The post KPMG Tackles AI Security With Cranium Spinout appeared first on SecurityWeek.

05Apr 2023

Let’s pump the brakes on the rush to incorporate AI into cybersecurity

It seems that everyone is rushing to embed artificial intelligence into their solutions, and security offerings are among the latest to obtain this shiny new thing. Like many, I see the potential for AI to help bring about positive change, but also its potential as a threat vector. To some, recent AI developments are a […]

05Apr 2023

Strategic risk analysis is key to ensure customer trust in product, customer-facing app security

CISOs are no longer only responsible for the cybersecurity of systems used internally. In many organizations they also focus on securing products and public-facing applications, and one way to do this well is through risk assessment. Assessing risk requires identifying baseline security criteria around key elements such as customer contracts and regulatory requirements, Neil Lappage, […]

05Apr 2023

Leveraging CIO experience into corporate board work

You’ve had a great CIO career filled with transformational triumphs and award-winning projects and teams. What’s next for your career before you retire? Board service, of course!   With cybersecurity keeping CEOs up at night and digital transformation all the rage, the number of CIOs on corporate boards is increasing. For experienced IT leaders looking to […]

05Apr 2023

6 steps to measure the business value of IT

IT is no longer perceived as a cost factor or a pure support function at many organizations, according to management consultancy 4C Group’s Markus Matschi. And the digitization push during the pandemic accelerated this. But despite such advances, the question of the value contribution of IT isn’t always clearly answered. “Due to the increasing relevance and added value […]

05Apr 2023

5 methods to adopt responsible generative AI practice at work

Midjourney, ChatGPT, Bing AI Chat, and other AI tools that make generative AI accessible have unleashed a flood of ideas, experimentation and creativity. If you want to harness that in your organization, questions remain about where to start putting AI to work and how to do it without running into ethical dilemmas, copyright infringement, or […]

05Apr 2023

Nexx Ignores Vulnerabilities Allowing Hackers to Remotely Open Garage Doors

Nexx has ignored repeated attempts to report critical product vulnerabilities that can be exploited to remotely open garage doors, and take control of alarms and smart plugs. The post Nexx Ignores Vulnerabilities Allowing Hackers to Remotely Open Garage Doors appeared first on SecurityWeek.

04Apr 2023

How to Navigate Market Pressures with Cloud-based Network Management

By: Shruthi Kalale Prakashan, Sr. Manager, Product Marketing, Aruba Central. For many organizations large and small, the COVID-19 pandemic was the tipping point for cloud adoption. Unsurprisingly, more than half of enterprise IT spending in key market segments will shift to the cloud by 2025, according to Gartner. [1] As the cloud continues to play […]

04Apr 2023

Your Data Architecture Holds the Key to Unlocking AI’s Full Potential

In the words of J.R.R. Tolkien, “shortcuts make long delays.” I get it, we live in an age of instant gratification, with Doordash and Grubhub meals on-demand, fast-paced social media and same-day Amazon Prime deliveries. But I’ve learned that in some cases, shortcuts are just not possible. Such is the case with comprehensive AI implementations; […]

04Apr 2023

New Rorschach ransomware hits with unique features and very fast encryption

Researchers warn of a new strain of ransomware dubbed Rorschach that doesn’t appear to be related to previously known threats and uses several unique features in its implementation, including one of the fastest file encryption routines observed so far. “A behavioral analysis of the new ransomware suggests it is partly autonomous, spreading itself automatically when […]

04Apr 2023

Snyk bolsters developer security with fresh devsecop, cloud capabilities

Cybersecurity application provider Snyk has added fresh capabilities to its flagship developer security platform to improve programming productivity and help secure software supply chains. The series of enhancements to Snyk’s namesake platform includes security support for C/C++ applications, new capabilities for infrastructure as code (IaC), automated security for  container supply chains, and new devsecops collaboration […]

04Apr 2023

UK fines TikTok $15.8 million for GDPR violation of children's privacy

The UK’s Information Commissioner’s Office announced today that it has levied a nearly $16 million fine against TikTok for “a number of breaches” of the country’s data protection law. Central to the ICO’s decision to fine TikTok are the estimated 1.4 million UK children under 13 years of age, who were allowed to sign up […]

04Apr 2023

Hackers steal crypto assets by defeating 2FA with rogue browser extension

Multiple attacker groups are using a malicious browser extension for Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera that’s aimed at stealing cryptocurrency assets from multiple websites and online wallets. The extension works by injecting rogue code into websites locally in the browser to defeat two-factor authentication and delete automated alerts from […]

04Apr 2023

UK data regulator issues warning over generative AI data protection concerns

The UK’s data regulator has issued a warning to tech companies about protecting personal information when developing and deploying large language, generative AI models. Less than a week after Italy’s data privacy regulator banned ChatGPT over alleged privacy violations, the Information Commission’s Office (ICO) published a blog post reminding organizations that data protection laws still […]

04Apr 2023

Strivacity Scores $20M for CIAM Expansion Plans

Strivacity, a Virginia startup working on technology to simplify and secure customer logins, has attracted $20 million in funding to fuel global expansion plans. The post Strivacity Scores $20M for CIAM Expansion Plans appeared first on SecurityWeek.

04Apr 2023

Unlocking value and success for partners

By Hock Tan, Broadcom President & CEO In the years that I have led Broadcom, I have found two things to be true for technology leaders: First, success with your customers starts with success with your ecosystem partners; and second, driving ecosystem growth is key to maintaining the growth of your own business. This is […]

04Apr 2023

TrustCloud releases TrustRegister to help gauge business impact of risks

Trust assurance platform TrustCloud has announced the release of the TrustRegister application to help software companies identify risks and understand risk-related revenue/business impact. TrustRegister is the newest addition to the TrustCloud platform and is built to automatically assign, notify, and prioritize tasks and remediation plans to help businesses elevate governance, risk management, and compliance (GRC) […]

04Apr 2023

Self-Propagating, Fast-Encrypting ‘Rorschach’ Ransomware Emerges

The sophisticated, self-propagating Rorschach ransomware is one of the fastest at encrypting victim’s files. The post Self-Propagating, Fast-Encrypting ‘Rorschach’ Ransomware Emerges appeared first on SecurityWeek.

04Apr 2023

CardinalOps Extends MITRE ATT&CK-based Detection Posture Management

Tel Aviv- and Boston-based CardinalOps has extended its detection posture management capability with MITRE ATT&CK Security Layers. The post CardinalOps Extends MITRE ATT&CK-based Detection Posture Management appeared first on SecurityWeek.

04Apr 2023

TikTok’s Trials and Tribulations Continue With UK Data Protection Fine

The UK’s data protection regulator fined TikTok £12.7 million for “failing to use children’s personal data lawfully” The post TikTok’s Trials and Tribulations Continue With UK Data Protection Fine appeared first on SecurityWeek.

04Apr 2023

Trustle Raises $6M Seed Funding for Access Management Tech

California startup Trustle banks a $6 million seed round to join the competitive cloud access management technology space. The post Trustle Raises $6M Seed Funding for Access Management Tech appeared first on SecurityWeek.

04Apr 2023

Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA ‘Must Patch’ List

CISA has added to its Known Exploited Vulnerabilities catalog a Zimbra vulnerability exploited in attacks targeting NATO countries The post Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA ‘Must Patch’ List appeared first on SecurityWeek.

04Apr 2023

Views of a hot cyberwar — the Ukrainian perspective on Russia’s online assault

In a recent report issued by the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) titled “Russia’s Cyber Tactics: Lessons Learned in 2022 — SSSCIP analytical report on the year of Russia’s full-scale cyberwar against Ukraine” readers obtained a 10,000-foot overview of what a hot cyberwar entails from the Ukrainian perspective. The […]

04Apr 2023

3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms

3CX supply chain attack appears to have been conducted by North Korean hackers with the goal of targeting cryptocurrency firms. The post 3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms appeared first on SecurityWeek.

04Apr 2023

Cybereason Raises $100 Million, Appoints New CEO

Cybereason appoints new CEO as it receives $100 million in venture funding from SoftBank Corp. The post Cybereason Raises $100 Million, Appoints New CEO appeared first on SecurityWeek.

04Apr 2023

NATO Seeks Contractors to Test Security of Web Assets

NATO is looking for penetration testing vendors to assess the security of its internet-facing web assets. The post NATO Seeks Contractors to Test Security of Web Assets appeared first on SecurityWeek.

04Apr 2023

3 ways CIOs should drive the future of work

“Who owns and oversees employee experience and the future of work at your organization” is a question I’ve been asking CIOs and IT leaders a lot of late. The ensuing conversation usually reveals a telling disconnect that CIOs should remedy for the health of their companies. Most IT leaders pause before responding to this question. […]

04Apr 2023

CIOs and CDOs: A vital partnership for data value

CIOs collaborate with C-suite colleagues on a regular basis. Given the high value of data and analytics to business, among the most important of these relationships is the one a CIO develops with their chief data officer (CDO). A CDO is responsible for enterprise-wide governance and use of information as an asset, through data analysis, processing, mining, […]

04Apr 2023

China to probe Micron over cybersecurity, in chip war’s latest battle

The Chinese government will investigate US-based Micron as a potential cyberthreat, in the latest move in an ongoing semiconductor trade dispute that is disrupting the chip supply chain.

03Apr 2023

Cloud ROI: Getting Innovation Economics Right with FinOps

Is the cloud a good investment? Does it deliver strong returns? How can we invest responsibly in the cloud? These are questions IT and finance leaders are wrestling with today because the cloud has left many companies in a balancing act—caught somewhere between the need for cloud innovation and the fiscal responsibility to ensure they […]

03Apr 2023

Cisco to Acquire Cloud Security Firm Lightspin for Reported $200 Million

Cisco is set to acquire Israel-based cloud security company Lightspin for a reported $200-250 million. The post Cisco to Acquire Cloud Security Firm Lightspin for Reported $200 Million appeared first on SecurityWeek.

03Apr 2023

12 ways IT leaders can build business buy-in

CEOs continue to see the need for more collaboration between IT and the business units, so much so that in a recent survey CEOs listed that as the No. 1 objective for the IT function. The State of the CIO Study 2023 from Foundry, an IDG company and publisher of CIO.com, found strengthening IT and […]

03Apr 2023

How to Cut Costs by 20+%: Lessons from Managing $34B in IT Spend

Evaluating and managing billions of dollars in IT spending across 400 tech providers in 200 countries provides valuable experience in verified ways to cut costs and accelerate IT financial management tasks. Want to tap into a wealth of cost-cutting knowledge gleaned from 60 IT cost management consultants who are engaged in hundreds of cost-reduction projects […]

03Apr 2023

3 Ways Companies Will Double Down on Agent Experience in 2023

The current state of the contact center agent is clear, but for those unaware or overlooking this opportunity for improvement: agent attrition rates currently hover around 40%, the cost of replacing just one agent is between $10k-$20k, and 97% of agents are sometimes or almost always burned out. Unengaged employees (undoubtedly including contact center agents) collectively cost $7.8 trillion in lost productivity, or about 11% of […]

03Apr 2023

Israeli cybersecurity firm launches managed services offering for MSPs

Israel-based managed cybersecurity provider Guardz has announced the general availability of its first cybersecurity offering for managed service providers (MSP) and IT professionals. “The launch of this dedicated MSP platform brings Guardz one step closer to our goal of democratizing enterprise-grade level cybersecurity technologies,” said Dor Eisner, co-founder and CEO of Guardz. “MSPs will be […]

03Apr 2023

Elementor Pro Plugin Vulnerability Exploited to Hack WordPress Websites

A severe vulnerability in the Elementor Pro WordPress plugin is being exploited to inject malware into vulnerable websites. The post Elementor Pro Plugin Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.

03Apr 2023

ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it. The post ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications appeared first on SecurityWeek.

03Apr 2023

Western Digital Shuts Down Services Due to Cybersecurity Breach

Western Digital shuts down several of its services after discovering a network security breach. The post Western Digital Shuts Down Services Due to Cybersecurity Breach appeared first on SecurityWeek.

03Apr 2023

US Defense Department Launches ‘Hack the Pentagon’ Website

New ‘Hack the Pentagon’ website helps DoD organizations launch bug bounty programs and recruit security researchers. The post US Defense Department Launches ‘Hack the Pentagon’ Website appeared first on SecurityWeek.

03Apr 2023

Microsoft OneNote Starts Blocking Dangerous File Extensions

Microsoft is boosting the security of OneNote users by blocking embedded files with extensions that are considered dangerous. The post Microsoft OneNote Starts Blocking Dangerous File Extensions appeared first on SecurityWeek.

03Apr 2023

The future of trust—no more playing catch up

By Eric Chien, Director of Security Response, Symantec Enterprise Division, Broadcom This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT.  Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. It is difficult to overestimate the impact Covid had on the […]

03Apr 2023

MLSE looks to revolutionize sports experience with digital R&D lab

Digital solutions and data analytics are changing the world of sports entertainment at a rapid clip. From how players train, to how teams make strategic decisions during games, to how venues operate and fans engage, sports organizations are turning to software engineers and data scientists to help transform the sport experience. In Toronto, Maple Leaf […]

03Apr 2023

5 strategies to manage cybersecurity risks in mergers and acquisitions

Mergers and acquisitions (M&A) have the potential to introduce significant cybersecurity risks for organizations. M&A teams are generally limited in size and focused on financials and business operations, with IT and cybersecurity taking a back seat early in the process, according to Doug Saylors, partner and co-lead of cybersecurity with global technology research and advisory […]

03Apr 2023

Europe, North America Most Impacted by 3CX Supply Chain Hack

Europe, the United States and Australia seem to be the most impacted by the 3CX supply chain hack, according to data from two cybersecurity firms. The post Europe, North America Most Impacted by 3CX Supply Chain Hack appeared first on SecurityWeek.

03Apr 2023

4.8 Million Impacted by Data Breach at TMX Finance

Consumer loan provider TMX Finance is informing over 4.8 million individuals that their personal information was stolen in a data breach. The post 4.8 Million Impacted by Data Breach at TMX Finance appeared first on SecurityWeek.

03Apr 2023

Darktrace/Email upgrade enhances generative AI email attack defense

Darktrace has announced a new upgrade to its Darktrace/Email product with enhanced features that defend organizations from evolving cyberthreats including generative AI business email compromise (BEC) and novel social engineering attacks. Among the new capabilities are an AI-employee feedback loop; account takeover protection; insights from endpoint, network, and cloud; and behavioral detections of misdirected emails, […]

02Apr 2023

TikTok Attorney: China Can’t Get U.S. Data Under Plan

TikTok general counsel says company is trying to make it physically impossible for any government, including China, to access to U.S. user data. The post TikTok Attorney: China Can’t Get U.S. Data Under Plan appeared first on SecurityWeek.

01Apr 2023

Italy Temporarily Blocks ChatGPT Over Privacy Concerns

Italy is temporarily blocking the artificial intelligence software ChatGPT in the wake of a data breach as it investigates a possible violation of stringent European Union data protection rules. The post Italy Temporarily Blocks ChatGPT Over Privacy Concerns appeared first on SecurityWeek.