Gigabyte firmware component can be abused as a backdoor
Researchers warn that the UEFI firmware in many motherboards made by PC hardware manufacturer Gigabyte injects executable code inside the Windows kernel in an unsafe way that can be abused by attackers to compromise systems. Sophisticated APT groups are abusing similar implementations in the wild. “While our ongoing investigation has not confirmed exploitation by a […]
How an Indian real-estate juggernaut keeps growing by harnessing the power of zero
If you’ve ever watched a James Bond film – from Dr. No to No Time to Die – you may have noticed “EON Productions” in the credits. “EON” stands for “Everything or Nothing” – a phrase that could just as well apply to the Prestige Group, one of India’s leading real estate developers. To get […]
Can you spot the hidden theme of CSO’s Future of Cybersecurity summit?
With the rise of generative AI, it was inevitable that it would become an unofficial subtheme of CSO’s Future of Cybersecurity Summit. And yet it still very much fits in with the event’s official theme: smart choices in a fast-changing world. Few things are changing as much as GenAI as a tool for creating content, […]
Hybrid working: the new workplace normal
The new and still evolving world of hybrid work has created a fresh set of challenges for IT leaders who are tasked with ensuring that employees have the tools to get their work done productively and securely, regardless of their location. CIO recently gathered a group of IT executives from a broad range of enterprises […]
Inactive, unmaintained Salesforce sites vulnerable to threat actors
Improperly deactivated and unmaintained Salesforce sites are vulnerable to threat actors who can gain access to sensitive business data and personally identifiable information (PII) by simply changing the host header. That’s according to new research from Varonis Threat Labs, which explores the threats posed by Salesforce “ghost sites” that are no longer needed, set aside, […]
Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations. The post Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards appeared first on SecurityWeek.
Chrome 114 Released With 18 Security Fixes
Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers. The post Chrome 114 Released With 18 Security Fixes appeared first on SecurityWeek.
Barracuda patches zero-day vulnerability exploited since October
Barracuda has patched a zero-day vulnerability that had been exploited since October to backdoor customers’ Email Security Gateway (ESG) appliances with custom malware and steal data, the company said on Tuesday. “On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability (CVE-2023-2868) present in the Barracuda Email Security Gateway (appliance form factor only) […]
Trellix, Netskope announce new Amazon Security Lake support to enhance threat detection, remediation
Cybersecurity vendors Trellix and Netskope have announced new support for Amazon Security Lake from AWS, which became generally available on May 30. Trellix customers can now integrate their security data lake into the Trellix XDR security operations platform to enhance detection and response capabilities for their AWS environments. Meanwhile, Netskope customers can export logs from […]
Spyware Found in Google Play Apps With Over 420 Million Downloads
Security researchers have discovered spyware code in 101 Android applications that had over 421 million downloads in Google Play. The post Spyware Found in Google Play Apps With Over 420 Million Downloads appeared first on SecurityWeek.
Breaking Enterprise Silos and Improving Protection
When teams have a way to break down enterprise silos and see and understand what is happening, they can improve protection across their increasingly dispersed and diverse environment. The post Breaking Enterprise Silos and Improving Protection appeared first on SecurityWeek.
How IT leaders use EV tech to fuel the transport revolution in Kenya
Uptake in EVs is quietly accelerating across Africa’s transport systems. During the last year alone, for instance, companies such as BasiGo and Roam in Kenya have launched in various cities. And a Brookings report titled, Accelerating adoption of electric vehicles for sustainable transport in Nairobi, called on local and national governments to promote investment in […]
Broadcom’s Andy Nallappan on what cloud success really looks like
Companies moving to the cloud often find themselves at a crossroads near the midpoint of their migrations, spending more than they intended and getting out less than they hoped. Often that’s because their IT organization isn’t equipped with the culture, mindset, and skills necessary to capitalize on the cloud. Andy Nallappan has had a long […]
How CIOs distill the most sought-after data skills
Almost every CIO says the same thing: data is the key to creating a competitive advantage. As many as 88% of IT decision makers believe the collection and analysis of data has the potential to fundamentally change the way their company does business over the next three years, according to Foundry’s 2022 Data & Analytics study. However, collecting […]
What is federated Identity? How it works and its importance to enterprise security
At the very heart of enterprise security is the tension between convenience and safety. The business longs for the ease of users, in competition with the demands of security. Authentication is a main theater for this tension, directly impacting the onboarding and login experience. Federated identity is at the forefront in addressing this tension, affording […]
Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
A decade-old critical vulnerability in Jetpack was force-patched on five million WordPress sites over the past few days. The post Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability appeared first on SecurityWeek.
Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022. The post Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery appeared first on SecurityWeek.
Phishing remained the top identity abuser in 2022: IDSA report
Phishing was the most common type of identity-related incident in 2022, according to a study by Identity Defined Security Alliance (IDSA), a non-profit, identity and security intelligence firm. The study, commissioned through Dimensional Research, also revealed that the top phishes among the incidents included email phishing, spear phishing, and vishing/smishing incidents. To read this article […]
I migliori 17 tool per gestire i costi del cloud
Sembra ieri che i server cloud costavano pochi euro e che si poteva affittare un rack con una manciata di spiccioli. Quei giorni sono ormai lontani e, quando arriva il conto mensile dell’abbonamento ai relativi servizi, i direttori finanziari vanno su tutte le furie. Anche i team di sviluppatori stanno imparando che le cifre crescono, […]
AI-automated malware campaigns coming soon, says Mikko Hyppönen
Cybersecurity pioneer Mikko Hyppönen began his cybersecurity career 32 years ago at Finnish cybersecurity company F-Secure, two years before Tim Berners-Lee released the world’s first web browser. Since then, he has defused global viruses, searched for the first virus authors in a Pakistani conflict zone, and traveled the globe advising law enforcement and governments on […]
Screen recording Android app found to be spying on users
A screen recorder app with over 50,000 downloads on Google Play Store was found to be discreetly recording audio using the device’s microphone and stealing files, suggesting it might be part of an espionage campaign, according to researchers at ESET. iRecorder was a legitimate app made available in September 2021 and a remote access trojan (RAT) […]
Frontegg launches entitlements engine to streamline access authorization
SaaS-based customer identity and access management (CIAM) provider Frontegg has launched entitlements engine, an authorization management capability aimed at helping app developers and revenue teams streamline access authorization. The new engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls, Frontegg said. “The old way of building SaaS apps […]
Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
Dental benefits manager MCNA is informing roughly 9 million individuals that their personal data was compromised in a data breach. The post Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack appeared first on SecurityWeek.
PyPI Enforcing 2FA for All Project Maintainers to Boost Security
PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023. The post PyPI Enforcing 2FA for All Project Maintainers to Boost Security appeared first on SecurityWeek.
Many Vulnerabilities Found in PrinterLogic Enterprise Software
Multiple vulnerabilities in PrinterLogic’s enterprise management printer solution could expose organizations to various types of attacks. The post Many Vulnerabilities Found in PrinterLogic Enterprise Software appeared first on SecurityWeek.
Managing IT right starts with rightsizing IT for value
If you want to hear a big number that sums up a key conundrum IT leaders face today, it’s this: The Consortium for Information and Software Quality estimates that the annual cost of poor software quality in the US has grown to at least $2.41 trillion, or 9.4% of total GDP. The big picture implication […]
Key IT initiatives reshape the CIO agenda
When it came to cybersecurity projects, Daniel Uzupis could always count on executive and board support during his tenure as CIO at Jefferson County Health Center in Fairfield, Iowa. “Any cybersecurity initiative I wanted to do, they didn’t argue with it; they always did it,” Uzupis says. In fact, Uzupis says he has seen over […]
Upskilling the non-technical: finding cyber certification and training for internal hires
Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of skilled cybersecurity workers in the job market. One creative alternative to frustratedly trolling job-search sites is to look inward, rather than outward — to find capable, […]
Stepping up to the challenge of a global conglomerate CIO role
For IT leaders, mergers and acquisitions inevitably lead to complex challenges. IT systems and resources must be rationalized and unified, and differing cultures must often be maneuvered toward alignment to ensure success going forward. But with these high-profile undertakings can also come opportunities for career growth. When Reliance Polyester — a subsidiary of global conglomerate […]
5 domande difficili alle quali ogni leader IT dovrebbe rispondere
La leadership non “accade” e basta: deve essere misurata, gestita e va fatta crescere con gli opportuni investimenti. D’altra parte, il modo in cui i leader IT vengono selezionati, formati, valutati e retribuiti ha un impatto concreto sulle prestazioni future dell’azienda. Occorre, quindi, riflettere. Per esempio: quando è stata l’ultima volta che vi siete confrontati […]
New phishing technique poses as a browser-based file archiver
A new phishing technique can leverage the “file archiver in browser” exploit to emulate an archiving software in the web browser when a victim visits a .zip domain, according to a security researcher identifying as mr.d0x. The attacker essentially simulates a file archiving software like WinRAR in the browser and masks it under the .zip […]
Hackers hold city of Augusta hostage in a ransomware attack
BlackByte group has claimed responsibility for a ransomware attack on the city of Augusta in Georgia. The ransomware group has posted 10GB of sample data for free and claimed they have much more data available. “We have lots of sensitive data. Many people would like to see that as well as the media. You were given […]
Red Hat embraces hybrid cloud for internal IT
For some enterprises, the road to hybrid cloud has run through Red Hat’s OpenShift. For Red Hat itself, that same journey, fueled by its flagship container platform, has been a principled one. The company, which was acquired by IBM in 2017, prides itself on its origins — supporting open standards and fighting vendor lock-in. So […]
Insider risk management: Where your program resides shapes its focus
There’s no getting around it, I am long in the tooth and have been dealing with individuals who break trust within their work environment for more than 30 years, both in government (where we called it counterespionage or counterintelligence) and in the private sector. Today we call programs that help prevent or identify breaches of […]
With the new financial year looming, now is a good time to review your Microsoft 365 licenses
Microsoft 365 is the productivity engine at the heart of many SMB businesses across Australia. Having the right licenses for the applications the business needs are critical. Licensing can sometimes be complex to understand, however, which is why SMBs should make sure they’re sourcing their licenses from the right places. Having a trustworthy and proven […]
Industrial Giant ABB Confirms Ransomware Attack, Data Theft
Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data. The post Industrial Giant ABB Confirms Ransomware Attack, Data Theft appeared first on SecurityWeek.
Researchers find new ICS malware toolkit designed to cause electric power outages
Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this arsenal is a malware toolkit that seems to have been developed for red-teaming exercises by a Russian cybersecurity company. Dubbed COSMICENERGY by researchers from Mandiant, the […]
BNY Mellon、AIを活用してマスターデータを改善
誰が誰にいくら借りているかというデータは、どの銀行でもビジネスの核となる。BNY Mellonでは、そのデータへのこだわりが組織図にも表れている。チーフ・データ・オフィサーのエリック・ハーシュホーンは、同行のCIO兼エンジニアリング責任者のブリジット・エングルのすぐ下にいて、銀行の各ビジネスラインのCIOを統括している。 「データに関わる多くのビジネスチャンスには、テクノロジーとの緊密な連携が必要だからだ」とハーシュホーンは言う。「私は銀行の各部門のCIOと同業者であり、分離することができないため、手を取り合って仕事をしている。私は方針を決めることができるが、それだけでは仕事を成し遂げることはできない。 2020年末に入行したハーシュホーンは、30年以上にわたって金融サービスに携わってきたが、その間、金融業界のデータに対する懸念は大きく変化してきた。 「20年前は、システムが倒れないようにするのが精一杯だった。10年前は、システミックな重要性や伝染を心配していた。より構造的な懸念事項を解決すると、すべてデータに戻る。私たちは、データの観点から私たちを取り巻く世界の相互関係を理解するための高度な能力を構築することに、非常に強気である。」 その努力の一つの鍵は、個々の顧客に関連するすべてのデータを特定し、その顧客と他の顧客を結びつける関係を特定できることである。銀行は、マネーロンダリング防止やその他の義務を果たすために、取引相手を把握することが規制上求められており、しばしばKYC(Know Your Customer)と呼ばれることがある。 ハーシュホーン氏は「私たちが最初に解決しようとした問題は、金融業界や規制産業の大規模なデータセットにおける長年の課題であるエンティティ・レゾリューション(曖昧さ解消)でした」と話す。それは同じ顧客を指すレコードを識別して結びつけることである。 同一人物や同一企業に対して行われた多数の融資のうち、どの融資かを特定できることは、銀行のリスク・エクスポージャーを管理する上でも重要である。この問題は銀行に限ったことではなく、さまざまな企業が、個々のサプライヤーや顧客に対するエクスポージャーをよりよく理解することで利益を得ることができる。 データで顧客を定義する しかし、顧客を知るためには、まず何が顧客を構成するのかを正確に定義する必要がある。ハーシュホーン氏は「私たちは、非常に慎重な方法を取りました」と語る。「社内のあらゆる場所で『顧客とは何か』と尋ねました」 当初は、顧客を定義するために必要なフィールド数やデータの種類などについて部門間で違いがあったが、最終的には共通の方針で合意した。 また、各部門にはすでに優先すべき支出があることを踏まえ、銀行では、この顧客マスターを導入するためのリソースを確保するために、各部門が開発者を雇うための中央予算を確保した。「開発者を雇えば、その分の費用はこちらで負担しますよ」というメッセージだったとハーシュホーン氏は語る。 顧客の定義統一が済んだことで、銀行は重複の排除に集中できるようになった。例えば、ジョン・ドウという人物の記録が100件あった場合、納税者番号や住所などのデータから、どれが同一人物なのか、ジョン・ドウは本当は何人いるのかを把握する必要がある。 BNY Mellonは、スクラッチから始めたわけではない。「BNY Mellonでは、顧客データベースの曖昧さを解消するために、かなり高度なソフトウェアを自行で構築していました」とハーシュホーン氏。しかし、このソフトウェアでは、手作業が必要なケースが一部あったために銀行はより良いものを必要としていた。 社内ソリューションの改善には時間がかかると、同氏は言う。「これは中核的な機能ではなく、社外でより賢い人々を見つけた」 その中には、機械学習と複数の公的なデータソースを用いて、エンティティ・リゾリューション・プロセスを強化する英国のソフトウェア開発会社、Quantexaのチームも含まれていた。 このベンダーは、同氏が入社する直前にBNY Mellonに対し最初のPoCを提供したため、彼の最初のステップの1つは、1カ月にわたる価値実証に移行することだった。既存のデータセットをベンダーに提供し、社内ツールとの性能比較を行った。 その結果、同一人物に関連する可能性があると判断されたレコードの数が増え、高い割合で自動的な解決を実現した。 「このような相関関係があればある程度自信を持てます。私たちは特定の事柄の自動化を推進したいので、高い信頼度を求めていました」と彼は言う。 BNY Mellonは、本格導入のためのインフラ設定とデータワークフローの整理に時間をかけた後、ソフトウェア開発会社と銀行の3つのグループ(優秀なテクノロジーチーム、データ専門家、KYCセンター)のスタッフが参加して、完全な導入に踏み切った。「規制の観点を考慮してこのプロジェクトを確実に実行できるのが彼らなのです」と彼は言う。 Quantexaのソフトウェア・プラットフォームは、単にエンティティ・リゾリューションを行うだけではない。 誰が誰と取引しているか、誰が住所を共有しているかなど、データ内のつながりのネットワークをマッピングすることもできる。 今のところ、課題は「いつ止めるか」を知ることかもしれない。「顧客記録を外部のデータソースと関連付け、さらにそれを自社の活動と関連付け、取引監視や制裁を追加する。これらのデータセットを相関させることの価値を理解し始めると、より多くの成果を生み出すことができると考えるようになるため、私たちは今、より多くのデータセットを複合的に追加するPoCを行っている。あらゆるユースケースを投入したい。」と同氏は言う。 テクノロジーサプライヤーに投資する BNY MellonはQuantexaの顧客というだけでなく、投資家の一人でもある。同社と1年間協働した後、2021年9月に初めて株式を取得した。 「製品の開発方法について意見を出したかったし、諮問委員会にも参加したかった」とハーシュホーン氏は言う。 Quantexa社への投資は、同行にとって特別な決断ではない。同行が投資した技術サプライヤーには、他にもポートフォリオ管理の専門ツールであるOptimal Asset Management、BondIT、Conquest Planning、ローコードアプリケーション開発プラットフォームGenesis Globalがある。そして2023年4月にはIT資産管理プラットフォームEntrioにも投資した。 しかし、顧客と投資家という役割は、必ずしも一致しない。「この戦略は、私たちが利用するすべての新しいテクノロジー企業に適用できるとは考えていません」と彼は言う。 競合他社に利用されないように、重要なサプライヤーの株式を購入する企業もあるが、Quantexaのエンティティ・リゾリューション技術に投資した同行の目的はそうではないとハーシュホーン氏は言う。 「これは独占的な技術ではなく、誰もがこの技術に優れている必要がある。金融犯罪の手口はますます巧妙になっている。業界全体と歩調を合わせることは、金融市場の健全性を保つ上で非常に重要なことだ。」と同氏は語る。 BNYメロンは、2023年4月にQuantexaに再び出資。この時、ABNアムロとHSBCという他の2つの銀行も一緒に投資に加わった。 Artificial Intelligence, Data Management, Master Data Management
移民のバックストーリーが、技術リーダーを育てる
新型コロナウイルスは世界を一時的に停滞させたが、着実に秩序が回復するにつれて、技術者としてのキャリアアップを目指す人たちのチャンスも増えている。そのような人材の一部にとって、移民は常に業界の鍵であり、多くの人にとってインスピレーションの源であった。しかし、キャリアパスは時にネットワークやコネクションに依存し、新天地への移住は、経済的、感情的、社会的に多くの犠牲や挫折を伴う新たな挑戦となる。 それぞれのストーリーは、キャリアを成功させるための土台を作るという点で、ユニークである。しかし、共通しているのは、自分自身とより大きな利益のために卓越しようとする共感と努力の基盤があることである。 アテフェ・リアジは、ハースト・メディア・グループのCIOであり、国連の元CIOでもあり、技術者としてのキャリアを通じて他の高位な役職を歴任してきた。しかし、彼女が生まれたイランでは、基本的な人権や自由を守るために、女性たちが今も戦っている。「中東で育った女性として、キャリアに関して選択肢が限られていると言われ続けてきた」と彼女は言う。「先生や看護師にはなれても、エンジニアにはなれない。」 リアジの両親は、当時16歳だった娘を米国に留学させ、すでにニューヨークに住んでいた姉と合流させた。イランに到着して間もなくイスラム革命が勃発し、経済的な影響から、リアジは若くして複数の仕事を掛け持ちして生活することになった。 「ウェイトレスや皿洗い、掃除機の訪問販売や修理もした。また、テレビやラジオを修理してお金を稼いだこともあった。6年以上、自分のラジオ番組も持っていた。この間、私を大いに助けてくれた、忘れられない素晴らしい人たちに出会った。みんな大変な状況だとわかってくれていた。もちろん、そのような苦労や不安、激動があるからこそ、臨機応変に対応できるようになり、たくましくなる。そして、感謝の気持ちと謙虚な気持ちを持ち、地域や社会に恩返しをしたいと思うようになる。」と彼女は語る。 MX TechnologiesのCIOであるフェリックス・クインタナは、メキシコのチワワで生まれ、2歳の時にバイク事故で実父を亡くした。10歳のとき、家族とともに米国に移住した。「より良い生活と機会を求めてのことだった」と語る彼は、その移住が過酷なものであったことを付け加えた。「新しい文化に適応し、新しい言語を学ばなければならなかった。最も困難な経験は、おそらく米国に溶け込むことであった。経済状況は標準以下、両親の雇用機会は限られており、外国語で学業を終えるのは困難で、差別も経験した。」 エレイン・モンティーラはピアソンのUS School AssessmentのCTOであり、以前はThe CUNY Graduate CenterのCIOだった。16歳でドミニカ共和国から米国に移住することは、困難がつきまとうものであった。「私の英語はとても初歩的なものだった」と彼女は言う。「私は、自分が他の人たちとは違って見えることに気づいた。自分の訛りを恥ずかしく思ったものだ。それをすごく気にして、話すのが嫌になった。」 現在、テックリーダーとして成功を収めている3人は、それぞれ異なる背景を持ちながらも、移民を経験したCIOは業界リーダーとしてユニークな資質を持っているという意見は同じだ。 「私は、過去の経験が自分自身を形成すると信じている」とクインタナは言う。「新しい文化に溶け込む難しさを考えると、こうしたリーダーは、他者に共感し、広い視野を持ち、多様性を受け入れる可能性が高いと思う」と述べた。 リアジも同意見だ。「私は多様性を大切にしている。多様なバックグラウンドを持つ人たちは、その人独自の文化や歴史からさまざまな意見を持ち、幅広い視野を持っている。それは、仕事のあらゆる場面、特にリーダーシップを発揮する場面で、非常に貴重なものとなる。現代のグローバルな職場には、多様な考え方が必要だ。多様な文化的・社会経済的背景の顧客がいて、社員は多様な歴史や文化を有している。彼らのユニークさを受け入れてこそ、よりホリスティックな組織となり、顧客のニーズにより合致することができる」 職場環境の変化 現代のテック系ワークプレイスで取り組むべきことのひとつに、採用があるとモンティーラは言う。「移民や女性などのマイノリティを技術者から締め出すような、非常に時代遅れの雇用慣行がある」。彼女は、女性よりも男性にアピールするような言い回しの求人広告などがあることを例に挙げる。「面接の段階でも、無意識のバイアスがある。人は自分と同じような容姿や声の持ち主を採用する。この慣習を変えていく必要がある」ともいう。外国人風の名前を理由にした意識的・潜在的な差別もあると彼女は付け加える。 リアジは、特にリーダー的役割やテックで女性が活躍する障壁は週5日9時から5時までのオフィスワークであったと指摘する。しかし、パンデミックの予想外の結果として、ほとんどの仕事がリモートでできることが認識され、ハイブリッドワークが多くの仕事の競争条件を公平化している。 「また、子供や高齢者の世話をする女性が、より長く労働に従事するようになった。このことは、すでに女性の獲得に苦労しており、さらにその維持に苦労している技術分野で最も重要なことである。また、リモートでの就労が容易になったために、障がいのある人が働く機会も増えている。」 現在でもテック分野の人材の偏りを考えると、この勢いをもっと広げる必要があるとリアジは付け加える。さまざまな経歴を持つマイノリティの声は欠かせない。彼らなしでは、業界のリーダーたちは、開発、革新、成功に必要な広い視野を得ることができない。 「ほとんどの女性が技術の消費者であるにもかかわらず、工学やコンピュータサイエンスを学び、技術の進歩に貢献しようとする女性を引きつけるのに苦労している。私たちの業界は本当に偏っている。多様性は、イノベーション、人間の成長、進化に不可欠であり、経済成長、優れた社会政策、健全な民主主義社会に不可欠である。」 恩返しをすることの良さ リアジ、キンタナ、モンティーラの3人は、それぞれ異なる国で育った経験を活かし、現在テック業界を目指す若いマイノリティーの指導にあたっている。 「人を助ける機会はたくさんある」とクインタナは言う。「地元の大学で講義をし、自分のキャリアパスについて学生に話す機会があったが、その学生の何人かは偶然にもマイノリティだった。ヒスパニック系の若者やその両親と会って、教育の重要性や奨学金について話したこともある。また奉仕活動を通じて、難民や移民にも会うことができた」 ロールモデルやメンターは、彼女のキャリアにとって不可欠だったと、モンティーラは「私はよく兄を見ていて、それが私の助けになった 」と言う。「兄は、私が技術者の道に進むきっかけを与えてくれた人だ。たいてい女性は一人か少人数で、まだ言葉を学んでいる途中で、頭の中ですべてを翻訳していたので、コンピュータの教室に入る時、怖かった。」 今では彼女は後輩たちに、この弱さが大きな財産にもなりうると話している。 「私は一生懸命働いたので、すぐに出世しました」と、彼女は付け加える。「もちろん、不安もあったし、インポスター症候群にも悩まされたけれど、時が経つにつれて、弱さを持つことは大きな能力になり得ると思えるようになった。完璧ではないことを認めることで、プレッシャーから解放され、物事に取り組むことができるようになった。私は、このことをすべての後輩に教えている。感情をそのままにし、それと戦わない。私にとって重要なのは、不快であることを心地よく感じられるようになることだった。それは簡単なことではないが、それを実践すればするほど、より大きな絵が見えてきた。私はいつも、頼まれた以上のものを提供する。移民として、有色人種の女性として、私は他の人の2倍も3倍も一生懸命働いている」。 困難を経験する人へのアドバイスとして、クインタナは「ただ落ち着くだけではダメだ」と言う。「常に学ぶために、あらゆる機会を利用することだ」と彼は言う。「常に挑戦し続けること。他人を尊重し、誰に対しても親切に接すること。あなたの評判は、あなたについてくる。自分の価値観と一致し、自分に投資してくれるメンターや組織を探すこと。何よりも、自分が何者で、どこから来たのかを恥じてはいけない。これはあなたの一部であり、あなたをユニークな存在にするものだ」 Careers, Diversity and Inclusion, IT Leadership
Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
The recently identified Buhti operation uses LockBit and Babuk ransomware variants to target Linux and Windows systems. The post Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation appeared first on SecurityWeek.
Zyxel Firewalls Hacked by Mirai Botnet
A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls. The post Zyxel Firewalls Hacked by Mirai Botnet appeared first on SecurityWeek.
Google Cloud Users Can Now Automate TLS Certificate Lifecycle
Google makes ACME API available to all Google Cloud users to allow them to automatically acquire and renew TLS certificates for free. The post Google Cloud Users Can Now Automate TLS Certificate Lifecycle appeared first on SecurityWeek.
State of the CIO, 2023: come costruire una strategia aziendale di successo
La prima testimonianza autorevole in questo senso è quella di David Reis, CIO dell’University of Miami Health System e della Miller School of Medicine. Quando non è immerso nella cybersecurity, nella strategia del cloud ibrido o nella modernizzazione delle app, Reis trascorre il suo tempo collaborando con il consiglio di amministrazione e con i vertici […]
10 most popular IT certifications for 2023
Certifications are a great way for IT pros to pave a path to a specific career in tech. Whether in cybersecurity, software development, networking, or any other IT specialty, certifications can raise your career profile and help employers identify your areas of expertise and confirm that you have the right skills for the job. The […]
NCC Group Releases Open Source Tools for Developers, Pentesters
NCC Group announces new open source tools for finding hardcoded credentials and for distributing cloud workloads. The post NCC Group Releases Open Source Tools for Developers, Pentesters appeared first on SecurityWeek.
L’AI Act tra innovazione e tutela dei consumatori
Gli eurodeputati del Parlamento europeo hanno approvato una prima bozza del regolamento sull’uso dell’IA. Con questo passaggio, l’AI Act [in tedesco] compie un importante nuovo passo, prima di essere discussa ed elaborata dai singoli Stati membri. Alla fine del percorso, prenderanno forma diverse leggi applicabili in tutta l’UE destinate a regolamentare l’utilizzo delle tecnologie di […]
Trasformare l’IT per avere successo con il cloud
Quando il CIO Neil Holden ha guidato verso il cloud la sua azienda, Halfords Group, ha cercato di fare qualcosa di più di una semplice migrazione delle operazioni IT. Piuttosto, negli intenti di Holden – come d’altra parte in quelli della maggior parte dei Chief Information Officer – c’era la volontà di far sì che […]
Ecco come i CIO devono evolvere per evitare le minacce esistenziali al loro ruolo
Via via che la tecnologia digitale diventa sempre più vitale per il business, il ruolo del Chief Information Officer sta rapidamente evolvendo, ritrovandosi sempre più minacciato dall’ascesa dei dirigenti aziendali che offrono una miscela di competenze commerciali e tecniche necessarie per guidare le strategie di trasformazione. Un recente rapporto della società di market intelligence IDC […]
Alteryx works in generative AI for speedy analytics results
Analytics and data science vendor Alteryx is rolling ChatGPT and home-grown AI expertise into some of its core modules, with the aim of generating targeted, detailed reports at high speed. Alteryx’s AiDIN engine will power three new features, according to a company announcement Wednesday. The first, dubbed Magic Documents, applies AI to Alteryx’s Auto Insights […]
Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
Website impersonation detection and prevention company Memcyco raises $10 million in seed funding. The post Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation appeared first on SecurityWeek.
Microsoft links attacks on American critical infrastructure systems to China
Microsoft and a few American intelligence agencies have detected malware of Chinese origin deployed in critical infrastructure systems in Guam and elsewhere in the United States. The malicious activity, focused on post-compromise credential access and network security discovery, has been linked to Volt Typhoon, a state-sponsored threat actor in China. “Volt Typhoon has been active […]
Inactive accounts pose significant account takeover security risks
Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. That’s according to Okta’s first Customer Identity Trends Report which surveyed more than 20,000 consumers in 14 countries about their online experiences and attitudes towards digital […]
How to check for new exploits in real time? VulnCheck has an answer
Cybersecurity professionals who need to track the latest vulnerability exploits now have a new tool designed to make their job easier, with the launch today of VulnCheck XDB, a database of exploits and proof of concepts hosted on Git repositories. The tool, from cyberthreat intelligence provider VulnCheck, is aimed at helping vulnerability researchers and security […]
Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
The second-largest health insurer in Massachusetts was the victim of a ransomware attack in which sensitive personal information as well as health information of current and past members may have been compromised. The post Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised appeared first on SecurityWeek.
Security Pros: Before You Do Anything, Understand Your Threat Landscape
Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape. The post Security Pros: Before You Do Anything, Understand Your Threat Landscape appeared first on SecurityWeek.
New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grid
Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption. The post New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grid appeared first on SecurityWeek.
6 ways generative AI chatbots and LLMs can enhance cybersecurity
The rapid emergence of Open AI’s ChatGPT has been one of the biggest stories of the year, with the potential impact of generative AI chatbots and large language models (LLMs) on cybersecurity a key area of discussion. There’s been a lot of chatter about the security risks these new technologies could introduce — from concerns […]
Attributes of a mature cyber-threat intelligence program
Earlier this year, ESG published a research report focused on how enterprise organizations use threat intelligence as part of their overall cybersecurity strategy. The research project included a survey of 380 cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees). Survey respondents were asked questions about their organization’s cyber-threat intelligence (CTI) program – […]
Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
Fortinet’s 2023 State of Operational Technology and Cybersecurity Report shows a drop in the number of breaches and CISOs being increasingly responsible for OT cybersecurity. The post Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations appeared first on SecurityWeek.
Today’s Cyber Defense Challenges: Complexity and a False Sense of Security
Industry standard frameworks and guidelines often lead organizations to believe that deploying more security solutions will result in greater protection against threats. The post Today’s Cyber Defense Challenges: Complexity and a False Sense of Security appeared first on SecurityWeek.
European Cybersecurity Firm Sekoia.io Raises $37.5 Million
European XDR and threat intelligence provider Sekoia.io has raised €35 million ($37.5 million) in Series A funding. The post European Cybersecurity Firm Sekoia.io Raises $37.5 Million appeared first on SecurityWeek.
Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
Apria Healthcare is informing 1.86 million individuals of personal information compromise in 2019 and 2021 data breaches. The post Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches appeared first on SecurityWeek.
United Airlines CISO Deneen DeFiore on elevating cyber’s value to the business
Deneen DeFiore is a Hall of Fame technology executive who currently serves as vice president and chief information security officer at United Airlines, where she leads the cybersecurity and digital risk organization to ensure the company is prepared to prevent, detect, and respond to evolving cyber threats. She also leads initiatives on commercial aviation cyber safety […]
12 reasons good employees leave — and how to prevent it
With demand for IT workers continuing to grow and the labor market for tech talent remaining tight, CIOs can’t afford to see IT workers — particularly high-performing ones — walk out the door. And yet, walk out they just might. According to the 2022 Tech Sentiment Report from Dice, 52% of respondents said they’re likely […]
Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances. The post Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances appeared first on SecurityWeek.
GitLab Security Update Patches Critical Vulnerability
GitLab CE/EE version 16.0.1 patches a critical arbitrary file read vulnerability tracked as CVE-2023-2825. The post GitLab Security Update Patches Critical Vulnerability appeared first on SecurityWeek.
SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups
Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyberespionage interest. That’s no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly. Cybersecurity firm Proofpoint analyzed its telemetry data more than […]
Why it’s time to put your stake in a ground-to-cloud strategy
With spring creeping closer to summer, warm weather camping season is in full swing. Fans of communing with nature know that a successful camping trip requires critical planning and preparation. Whether you’re mulling a weekend trek along a stretch over the Appalachian Trail or a week’s sojourn deep in the wilds of Yellowstone National Park, […]
Bare metal compute: Optionality gold for your multicloud-by-design strategy
If there is one thing developers prize above all else today, it’s the option to run the applications they want where they want, when they want. This is critical in a world increasingly given to distributed computing, where applications run within and outside organizations’ four walls. And while virtualization technologies have long provided developers the […]
Why It’s Time to Bring Your Public Clouds Down to Earth
Like most IT leaders today, you find yourself grappling with a paradox. Your IT estate has the potential to afford developer teams more flexibility and agility to place workloads across on-premises systems, public and private clouds, colocation facilities and edge networks. Yet as your environment swells and sprawls your teams are struggling to corral the […]
Microsoft Catches Chinese .Gov Hackers in Guam Critical Infrastructure Orgs
Microsoft says it has caught Chinese government hackers siphoning data from critical infrastructure organizations in Guam, a U.S. territory in the Pacific Ocean. The post Microsoft Catches Chinese .Gov Hackers in Guam Critical Infrastructure Orgs appeared first on SecurityWeek.
Register now: GenAI, risk & the future of security
The promise of generative AI means we are on the cusp of a rethinking of how businesses handle cybersecurity. Along with the promise is the peril of AI being used to cause harm by launching more efficient malware, creating sophisticated deepfakes, or by unintentionally disclosing code or trade secrets. Learn more about AI, security, and […]
Biden Picks New NSA head, Key to Support of Ukraine, Defense of US Elections
U.S. President Joe Biden has picked a new NSA and Cyber Command leader to oversee America’s cyber warfare and defense. The post Biden Picks New NSA head, Key to Support of Ukraine, Defense of US Elections appeared first on SecurityWeek.
How CIOs can drive business agility with “Shift Left”
The rapid pace of digital transformation has made it crucial for companies of all sizes and industries to become digital to meet customer needs and increase internal efficiencies. As traditional sectors—from healthcare to banking to energy—increasingly look like tech companies, they must adopt the same mindset and key processes as technology companies to maximize success. […]
IT as a catalyst for business transformation: Strategies for CIOs
Today’s CIOs have a pivotal opportunity to help their organizations meet new expectations. Yet, as organizations transform, CIOs and their teams are being asked to manage the optimal mix of infrastructure, platform, software, database, storage, and more to meet these new strategic objectives—while also creating sustained value and positioning the organization for the future. The […]
3 early lessons with generative AI
Generative AI products like ChatGPT have introduced a new era of competition to almost every industry. As business leaders seek to quickly adopt ChatGPT and other products like it, they are shuffling through dozens, if not hundreds, of use cases being proposed. The bottom line: The companies that strike the right balance of risk and […]
Researchers Spot APTs Targeting Small Business MSPs
Proofpoint warns that APT actors linked to Russia Iran and North Korea are increasingly targeting small- and medium-sized businesses. The post Researchers Spot APTs Targeting Small Business MSPs appeared first on SecurityWeek.
Rocket fuel for your sustainability initiatives: Collaborative work management
Across business types and industry sectors, sustainability initiatives have moved to the top of many leaders’ agendas. The topic continues to grow both more urgent and expansive. Within the sustainability rubric now fall efforts like reducing energy and resource consumption, meeting circular economy mandates, and reworking supply chains to address environmental and fair-trade principles. The […]
Improving the health of Walgreens scan-based trading with SAP
Long ago, Walgreens created a prescription for success. And the main ingredient was and has continued to be its innovative business practices and services for the betterment of its customers, suppliers (or vendors), and operation. This story is about one innovation adopted by Walgreens, scan-based trading (SBT), and how SAP helped improve its use. When pharmacist Charles […]
US sanctions four North Korean entities for global cyberattacks
The US Department of Treasury has imposed sanctions on four entities and one individual involved in illicit revenue generation and malicious online activities to generate revenue for the Democratic People’s Republic of Korea’s (North Korea) activities. The entities and individuals sanctioned are the Pyongyang University of Automation, the RGB’s Technical Reconnaissance Bureau, the 110th Research […]
New hyperactive phishing campaign uses SuperMailer templates: Report
SuperMailer, a legitimate email newsletter program, has been found abused by threat actors to conduct a high-volume credential harvesting campaign, according to network security firm Cofense. “The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume,” Brah Haas, cyber threat intelligence analyst at Cofense, said in a blog post. “Emails containing the unique […]
OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
OAuth vulnerabilities found in the widely used Expo application development platform could have been exploited for account takeovers. The post OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers appeared first on SecurityWeek.
Credential harvesting tool Legion targets additional cloud services
A commercial malware tool called Legion that hackers deploy on compromised web servers has recently been updated to extract credentials for additional cloud services to authenticate over SSH. The main goal of this Python-based script is to harvest credentials stored in configuration files for email providers, cloud service providers, server management systems, databases, and payment […]
CyberArk’s enterprise browser promises zero-trust support, policy management
CyberArk has announced plans to launch an enterprise browser, dubbed CyberArk Secure Browser, at the end of 2023 as part of its CyberArk Identity Security Platform. The identity security vendor decided to create a new enterprise browser based on trends impacting hybrid work environments and its own research, which found an increase in post-multifactor authentication […]
Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
The AhRat trojan was injected in a screen recording application that had amassed more than 50,000 downloads via Google Play. The post Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update appeared first on SecurityWeek.
US Sanctions North Korean University for Training Hackers
The US government has announced sanctions against four entities and one individual engaging in cyber activities on behalf of the North Korean government. The post US Sanctions North Korean University for Training Hackers appeared first on SecurityWeek.
5 ways IT pros can accelerate webpages in a day at no cost
Over the years, hundreds of techniques have been introduced to optimize website speed. And for good reason – a mere one-second delay in page load time can lead to a 7% loss in conversions. There’s no room for complacency, but unless web performance is your day job, it’s probably not obvious which recommendations are going […]
What Choice’s CIO sees in a cloud-native approach to sustainability
Choice Hotels, the Maryland-based multinational hotel chain, is a $10 billion, 80-year-old hospitality company with about 7,500 hotels in 46 countries. And with such a presence of history and reputation in the market, it had the foresight and resources to make early investment and commitment to dovetailing its digital transformation with sustainability. A lot of […]
Making sense of SAP RISE: 4 key considerations
After two years on the market, SAP RISE is becoming increasingly positioned by SAP as a solution for customers looking to move to the cloud. With the 2027 deadline to move off SAP ECC looming, SAP customers need to understand what SAP’s RISE offering is and have a comprehensive evaluation strategy for when SAP inevitably […]
3 powerful lessons of using data governance frameworks
The first published data governance framework was the work of Gwen Thomas, who founded the Data Governance Institute (DGI) and put her opus online in 2003. “Frameworks were already being used, but they weren’t publicly available,” she says. “I had been asked to help Coors Beer prepare for upcoming Sarbanes-Oxley audits. They already had a […]
White House Unveils New Efforts to Guide Federal Research of AI
White House announced new efforts to guide federally backed research on artificial intelligence (AI). The post White House Unveils New Efforts to Guide Federal Research of AI appeared first on SecurityWeek.
New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
Honeywell announces the launch of Cyber Insights, a solution designed to help organizations identify vulnerabilities and threats in their OT environments. The post New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats appeared first on SecurityWeek.
Virtual Event Today: Threat Detection and Incident Response Summit
Join thousands of attendees as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack. (Register Now) The post Virtual Event Today: Threat Detection and Incident Response Summit appeared first on SecurityWeek.
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach
Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear. As a top-level professional in the business of defending against […]
Accelerating VMware’s growth
By Hock Tan, Broadcom President & CEO Innovation comes in many forms. In Broadcom’s case, it has been through a combination of organic growth and growth through acquisition, which has created Broadcom today – a company built from a heritage of American technology pioneers such as AT&T Bell Labs and Hewlett Packard, among others. […]
3 reasons why AI strategy is HR strategy
By Bryan Kirschner, Vice President, Strategy at DataStax When Karim Lakhani, co-founder of the Digital, Data, and Design Institute at Harvard University, talks about AI, I pay attention. I’ve previously written about how national survey data collected last year by DataStax (my employer) proved out predictions Lakhani made about AI and open source back in […]
Ahead: Look for a partner, not a service provider
Todd Fortwengler, senior director of managed services sales at Ahead, wants to sound the alarm on an issue he sees too frequently among enterprises that begin their cloud journey alone. “I often encounter companies that moved to the cloud too quickly without a plan,” says Fortwengler. “For too many, their vision of ‘land and expand’ […]
Finding your way with Value Stream Management in 2023
There’s no longer any debate that Value Stream Management (VSM) has emerged as the best solution for breaking through some of the toughest challenges in digital transformation. Despite years of effort, our research shows that more than two-thirds of organizations still struggle with organizational silos and friction between different roles and departments. Yet the vast […]
Axiado releases new security processors for servers and network appliances
Security processor provider Axiado has announced the availability of two new trusted compute units (TCUs) to help detect ransomware and other cyberattacks on servers and infrastructure elements in cloud data centers, 5G networks, and network switches. Dubbed AX3000 and AX2000, these TCUs are AI-powered hardware security platform solutions that, the company says, integrate all security […]
Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign
A credential phishing campaign using the legitimate SuperMailer newsletter distribution app has doubled in size each month since January 2023. The post Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign appeared first on SecurityWeek.
Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own
MikroTik patches a major security defect in its RouterOS product a full five months after it was exploited at Pwn2Own Toronto. The post Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own appeared first on SecurityWeek.
Top reasons for implementing NaaS
By Cathy Won, Consultant with eTeam, HPE Aruba Networking Contributor In a recent IDC NaaS survey1, sponsored by HPE, 71% of respondents agree or strongly agree as-a-service (aaS) consumption models offer better IT agility compared to traditional consumption models. Typically, flexible consumption, also known as paying based on usage, has often been touted as the […]
Value Stream Management: Let’s get real
As the father of eXtreme Programming and one of the key authors of the Agile Manifesto, Kent Beck has been one the most influential thought leaders in transforming how we build software. In a recent interview with Dave Farley, reflecting on 25 years of agile software development transformation, he declared, “The things that haven’t changed […]
How enterprises get ahead using hybrid cloud for innovation overlay
A 2022 survey of innovation and business strategy conducted by the International Monetary Fund found that 40% of innovation-oriented companies (SMBs to large enterprises) reduce costs as a result of new product innovations which, on average, account for 20% of all sales. How can your organization see similar benefits from its innovation pursuits? Only so […]
New ‘GoldenJackal’ APT Targets Middle East, South Asia Governments
The newly detailed GoldenJackal APT has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. The post New ‘GoldenJackal’ APT Targets Middle East, South Asia Governments appeared first on SecurityWeek.
What’s next for network firewalls?
Firewalls have come a long way from their humble beginnings of assessing network traffic based on appearance alone. Today’s next-generation firewalls (NGFWs), which must protect all areas of enterprise, can filter layer 7 applications, block malicious attachments and links, detect known threats and device vulnerabilities, apply patching, prevent DDoS attacks, and provide web filtering for […]
クラウド費用管理ツールトップ17
クラウド サーバーにはほとんど費用はかからないと言われていたのがつい昨日のように感じられます。ラックをソファーのクッションの裏に落ちている小銭のような少額でレンタルし、それでもアイスクリーム サンドを買えるくらいのお金が残りましたが、 そのような時代はとっくに終わってしまいました。毎月のクラウド請求書が届くと、CFOは頭を抱えています。開発チームは、わずかな額でも積み重なれば(場合によっては予想以上に早く)大きな額となることを学び、なんらかの規律を取り入れる時期が来たことを痛感しています。 クラウド コスト マネージャーがその解決策となります。クラウド コスト マネージャーは、すべての請求書を追跡し、その蓄積に責任を持つさまざまなチームに割り当てます。そうすることで、過剰なストレージやサーバー時間を必要とする複雑な機能を追加し過ぎたグループは、その浪費を説明する必要が出てきます。RAMやディスク容量を使いすぎない優秀なプログラマーは報酬を受けることができます。 小規模でシンプルな構成のチームであれば、クラウド企業のストック型サービスで何とかなるでしょう。現在、多くのCIOにとってコスト抑制は大きな課題であり、クラウド企業もそれを理解しています。請求額が膨れ上がる前に知らせてくれる会計ツールやアラームが追加されるようになりました。三大クラウドについては、Azure Cost Management、Google Cloudの費用管理、AWS Cloud Financial Managementのツールをご覧ください。 クラウドへのコミットメントが大きくなればなるほど、独立したコスト管理ツールが重要になってきます。これらのツールは複数のクラウドと連携し、データを統一して使いやすいレポートを作成できるように設計されています。また、レンタル サーバーと自社サーバー ルームのコストを比較できるように、オンプレミスで稼働しているマシンを追跡しているものもあります。 多くの場合、クラウド コスト マネージャーは、最終的な収益をモニタリングするだけでなく、セキュリティなど他のルールを適用するために設計された大規模なスイートの一部となっています。クラウド制御ツールとして直接販売されていないものもありますが、この問題の解決に役立つものとして発展しています。エンタープライズ アーキテクチャの調査やソフトウェア ガバナンスを管理するツールの中には、コストを同時に追跡できるようになったものもあります。これらのツールは、目的に特化したクラウド コスト ツールと同じように、コスト削減の機会を提供でき、他の管理の面倒な作業もサポートします。 以下は、優れたクラウド コスト追跡ツールをアルファベット順にリストアップしたものです。企業経営者がクラウド料金を把握する必要性を認識しているなか、この領域は急速に拡大しています。これらはすべて、世界中に広がる可能性のある、急成長中のサーバー インスタンスの世界を管理するのに役立ちます。 Anodot Anodotのクラウド モニタリング ツール コレクションの最初のジョブは、さまざまなサービスやアプリケーションからデータのフローを追跡することです。ユーザーに影響を与えるような異常や不調があれば、フラグを立てます。複数のクラウドにまたがるインスタンスやポッドの費用を追跡することは、この大きなジョブの一環です。ダッシュボードでは、各マイクロサービスやAPIを調査し、高需要時や低需要時にその稼働を維持するために費用がいくらかかるかを判断するためのインフォグラフィックスが生成されます。このような詳細な情報により、費用のかかるワークロードを発見し、それらを取り除く方法を見つけることができるようになります。 特筆すべき機能: より広範なモニタリング システムと統合し、優れたカスタマー エクスペリエンスをリーズナブルな価格で提供 統合や再販のためのホワイトラベル プラットフォームとして利用可能 AppDynamics Kubernetes環境におけるコンテナの追跡と抑制が、CiscoのAppDynamics(旧称Replex)の目標です。このツールは、パブリック クラウドやローカルで稼働しているクラスタが正しく動作しているかどうかをモニタリングする、より大きなシステムの一部となりました。コスト追跡は、常に統計を収集し、異常をモニタリングするシステムのほんの一部にすぎません。重要な報告プロセスの一つは、毎月の請求書の内容を誰もが理解できるように、コストを該当するチームに遡って請求することです。また、AppDynamicsは独自の機械学習エンジンを提供し、過去のデータを効率的なデプロイのためのプランに変えることができます。ポリシー制御レイヤは、チームが必要なものにはアクセスできるが、必要ないものにはアクセスできないように、きめ細かく制限します。 特筆すべき機能: コスト管理をアプリケーション全般のモニタリングと統合 ソフトウェア スタックのすべてのレイヤのユーザー エクスペリエンスとビジネス成果をつなぐ Apptio Cloudability Apptioは、ITショップを管理するための大規模なツール コレクションを作っており、Cloudabilityはクラウド コストを扱うためのツールです。このツールは、使用中のさまざまなクラウド インスタンスを分析し、会計処理のためにチームに割り当てます。理想は、提供されるレポートやダッシュボードを使用してチームが自らのコストを管理し、将来の使用量を予測できるようになることです。たとえば、CloudabilityのTrue Cost […]
CSPMの自動化でクラウド セキュリティをどのように向上できるか
クラウド環境の急速な成長と複雑化に伴い、組織はさまざまなセキュリティ脅威のリスクにさらされるようになっています。クラウド セキュリティ ポスチャ管理(CSPM)は、組織がクラウドのセキュリティリスクを継続的にモニタリング、特定、修正するためのプロセスです。CSPMにおける自動化の活用は、組織のクラウド インフラストラクチャのセキュリティとコンプライアンスを確保するうえで極めて重要です。 CSPMの主要コンポーネントは、継続的なモニタリング、問題の修正、コンプライアンス管理、アラートと通知といった中核的なタスクの自動化です。CSPMにロボティック プロセス オートメーション(RPA)を統合することで、反復的で平凡な作業を行う必要性を減らすことができ、組織にとって、クラウド環境の安全性と効率化、全体のセキュリティ態勢のサポート、セキュリティ リスクの管理をより効率的に行う強力なツールになります。 クラウド セキュリティにCSPMが欠かせない理由 クラウド環境は、Dockerコンテナ、エンドポイントAPI、Kubernetesノードなどのリソースや、サーバーレス機能のデプロイにより複雑化しています。組織は、基盤となるインフラストラクチャの制御を維持し、可視化することが困難な場合があります。特に、各リソースのアクセス権を構成および管理する場合には、難易度が高くなります。 [キャリアアップにはトップレベルのセキュリティ認定資格を:対象者、費用、必要な資格| CSOニュースレターにご登録ください ] CSPMは、これらの課題に対処し、クラウド セキュリティの態勢を強化するために不可欠なツールです。一般的に、クラウドファースト戦略を優先し、ベスト プラクティスに従ってリスクを最小限に抑えながらクラウド テクノロジーの利点を活用したいと考える企業が採用しています。 自動化機能が組み込まれているCSPMは、クラウド インフラストラクチャを常時モニタリングすることでDevSecOpsの取り組みを支援および効率化します。主な利点は、以下に示すように、誤った構成を迅速に検出して対処できるため、企業がコンプライアンスの維持に先手を打てることです。 潜在的なリスクが特定されると、CSPMは是正措置を講じる機能を提供します。これには、セキュリティ パッチの適用や、セキュリティ標準を満たすためのリソースの構成など、問題の自動修復も含まれます。また、組織内の関係者にアラートと通知を送るので、必要な措置を講じることもできます。 CSPMのもう一つの重要な利点は、規制遵守の維持です。多くの組織は、HIPAA、PCI DSS、GDPRなどの規制の対象となる業種で事業を運営しています。CSPMは、組織がコンプライアンス違反のリスクにさらされる可能性のある構成ミスや脆弱性を継続的にモニタリングし、修正するために必要な措置を講じることで、組織のクラウド環境がこれらの規制に確実に準拠できるようサポートします。 CSPMは組織にクラウド環境全体の一元的な可視性も提供します。これには、すべてのリソースと構成の概要の把握、クラウド リソースの信頼できる唯一の情報源の提供、セキュリティの死角の排除が含まれます。 クラウド セキュリティの自動化で企業が得るメリット CSPMの自動化は、組織のクラウド環境における潜在的な脆弱性や構成ミスを継続的にモニタリングして特定し、それらを修復するために必要な措置を講じるように設計されています。こちらに、クラウド セキュリティ態勢の強化に活用できる、CSPMにおける自動化の主要機能をいくつか紹介します。 継続的なモニタリング:CSPMの自動化により、クラウド環境の継続的なモニタリングが可能になります。これには、ソース クラウド プロバイダやセキュリティ ツールからのデータ収集、分析による潜在的な脆弱性や構成ミスの特定が含まれます。自動化されたモニタリングにより、組織は潜在的な脅威を迅速に検知して、対応することができます。 自動修復:CSPMの自動化により、潜在的な脆弱性や構成ミスが確認された場合、組織は自動的に修正を行うことができます。これには、セキュリティ パッチの適用、セキュリティ基準を満たすためのリソースの構成、リスクがあると判断されたリソースのシャットダウンが含まれます。 コンプライアンス管理:CSPMは、組織がコンプライアンス違反のリスクにさらされる可能性のある構成ミスや脆弱性を継続的にモニタリングし、必要な措置を講じることで、HIPAA、PCI DSS、GDPRなどの規制へのコンプライアンスを確保できるようにします。 一元的な可視化:CSPMの自動化により、組織はクラウド環境を一元的に可視化できます。これには、すべてのリソースと構成の概要を把握すること、クラウド リソースの信頼できる唯一の情報源の提供、セキュリティの死角の排除が含まれます。 アラートと通知:CSPMの自動化により、潜在的な脆弱性や構成ミスが検出された場合、組織内の関係者にアラートと通知が届きます。これにより、組織は問題を解決するために必要な措置をできるだけ早急に講じることができます。 ロボティック プロセス オートメーション(RPA):RPAは、CSPMにおける反復的で平凡な作業を自動化できるようにします。RPAにより、セキュリティ アラート、セキュリティ ポリシーの更新、コンプライアンス チェックなどに迅速に対応できます。 自動化はCSPMの重要なコンポーネントであり、組織はその機能を活用してクラウド セキュリティ態勢を向上させることができます。継続的なモニタリング、自動修復、コンプライアンス管理、一元的な可視化、アラートと通知、RPAにより、CSPMは組織のクラウド インフラストラクチャのセキュリティとコンプライアンスを維持し、組織全体のセキュリティ態勢をサポートする強力なツールになります。 Cloud Security, Data Center Automation
Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security
Infrastructure access management company Teleport has announced the release of Teleport 13, the latest version of its Teleport Access Platform. Teleport 13 features scanning and automatic patching of Teleport vulnerabilities to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure, the firm said. The solution aims to address the targeting […]
Solving 3 key IT challenges to unlock business innovation
CIOs live it every day. The pace of technological change is lightning-fast. Savvy CIOs navigate this by learning, deciding and taking action with incredible agility and speed. To do that, IT leaders must architect IT infrastructure that enables cloud-like agility and speed across diverse environments. But they can’t go it alone. That’s because there are […]
Transition Troubles: Successfully Getting from Here to There
Compelling insights shared at CIO’s roundtable events lead to excellent information sharing and learning among all attendees. During a recent program, attendees shared their collective challenges with visibility into critical issues that vendors often overlook, leaving IT professionals to resolve them. An excellent example is the transition process to new solutions or platforms. Many innovative […]
クラウドを成功させるためのIT変革
Halfords GroupのCIOであるNeil Holden氏は、同社がクラウド化を進めるにあたり、ITオペレーションを単に「リフト&シフト」する以上のことを実現しようと考えました。 Holden氏は、多くのCIOがそうであるように、クラウドの利用を拡大することで会社の変革のアジェンダの実現と形成を図ろうとしており、その目的を達成するためには、技術スタックだけではなく、自社のIT部門も変革しなければならないことを認識していました。 「いかなる種類のクラウド導入でも、必ず自社のIT(部門)の構造を見直す必要があります」とHolden氏は言います。「ITは今、クラウドのためだけではなく、クラウドがビジネスにとってどのような意味を持つかということを考慮した、これまでとはまったく違った運用が必要なのです。」 そこで、英国最大の自動車とサイクリング製品の小売業者であるHalfordsで2017年からCIOを務めるHolden氏は、同社の技術チームを再編する戦略を打ち出しました。再編は、会社全体のクラウド戦略の考案中に行なわれました。それが、クラウドが提供する機能とクラウドが実現できるビジネス機会を社員が確実に享受できるようにするための最善の方法であると考えたからです。 「達成するには、適切な体制を整える必要があります。クラウドにただモノを置いておくだけでは、その投資を(最大限に)活用できないからです」と同氏は説明します。 CIOならびに研究者、コンサルタント、顧問は、クラウド コンピューティングから最大限の利益を得るには、仕組みや従業員の編成など、IT部門そのものを変える必要があるという点で意見が一致しています。 そうでなければ、IT部門は単にサーバーの場所を自社のデータセンターから第三者のデータセンターに移行するだけで、クラウド導入によって可能となるイノベーション、トランスフォーメーション、TTM(市場投入までの時間短縮)を逃してしまうリスクがあると指摘します。 「オンプレミスからクラウドに同じスキルとチームを投入することはできません。それが失敗の元となります」とTata Consultancy Servicesのバイス プレジデント兼北米クラウド トランスフォーメーション担当責任者であるSushant Tripathi氏は言います。その代わりに、CIOはクラウドが提供するあらゆる機能を駆使するために、ITの再トレーニングと再編成を行う必要があると同氏は説明します。 ここでは、4人のITリーダーが、この課題にどのように対処したかをご紹介します。 直線的なプロセスからの脱却 Holden氏による再編では、直線的なソフトウェア開発、直線的なプロジェクトのプロセス、そしてその直線的な仕事の進め方に対応した部署のチーム体制の排除にある程度の重点を置きました。 「体制をまるごと変えました」と同氏は言います。 これまで、HalfordのIT部門は通常、ビジネス分析、ソリューション デザイン、インフラストラクチャなどの個別のチームで構成されていました。その体制のもとで、業務は一つのチームから次のチームへ、順番に移っていきました。 「誰かが企業と話をして、要件を設計チームに渡し、その後デリバリー チームとインフラストラクチャ チームに渡します」とHolden氏は言い、各チームがそれぞれ単独で作業を進め、各チームの成果物やタイムラインを明確にして合意したと説明します。「今では、そのすべて(の作業)が反復的デリバリーを伴うアジャイルなサークル内で起こるので、直線的なプロセスはすべて一緒に消え去りました」。 では、どのように実現したかを説明しましょう。Holden氏は、クラウド統合エクスペリエンスを導入し、同氏が取り入れたアジャイル手法のトレーニングにクラウド アーキテクトを雇いました。また、既存のスタッフにクラウドのスキルやアジャイル手法のトレーニングも行いました。さらに、ITチームと連携するためのアジャイル コーチを雇用しました。そして、個別の独立したチームを解体し、プロダクト所有者、ビジネス アナリスト、ソリューション アーキテクト、フロントエンド開発者、バックエンド開発者、テスターで構成されるScrumチームを作成しました。 新しいScrumチームは、直線的ではなく、反復的に作業することで、新機能の提供を加速し、ITとビジネス全体が会社のクラウド投資を活用できるようにしました。 「この変革の大きな特徴は、クラウドだけでなく、人の心も変えることでした。そのため、トレーニングに非常に力を入れました」と語るHolden氏は、2021年後半に、この新体制へのほぼ完全な切り替えを取り仕切ったとも言います。 Holden氏は、この組織再編の価値を、チームのより迅速な対応力に見い出していると述べています。同氏の計算では、再編されたITチームが42日間で作成およびデプロイしたあるプロジェクトは、従来のIT部門だったら完成に152日かかったはずです。 クラウドの人材を発掘するためのコアとチャプター アリゾナ州立大学(ASU)のCIOであるLev Gonick氏も同様に、クラウドがもたらす機会をより的確に捉えるためにITチームを再編成しました。 その再構築は、すぐにはできなかったとGonick氏は言います。ASUは10年前に実験的にクラウド化への取り組みを始め、その後、2017年にGonick氏がCIOに就任すると、より戦略的で積極的なクラウド導入に踏み切りました。ASUは現在、ワークロードの約85%をクラウドで運用しています。 Gonick氏は、ビジネスニーズに対応し、大学の成長に合わせて拡大できるようにアジャイルでいるためには、チームが変わらなければならなかったと言います。同氏の解決策は、「組織を根本からフラット化する」ことでした。 「私にとってはいちかばちかの賭けでした」とGonick氏は振り返ります。この変更を行うことを決定したのは、コロナ禍の初期でした。「縦割りのチームの代わりに、大規模なソフトウェア開発ショップで言うところの一連の『コア』を作成しました。」 Gonick氏によると、これらのコアは「迅速に再構成が可能な人材のプール」であり、それぞれが5つの特定の分野に注力しています。チームとその作業の大部分は、5つのコアを中心に構成されており、それらは一般的な慣行に基づいたプロフェッショナル開発コミュニティであると同氏は説明します。エンジニアリング、サービス提供、プロダクトとプログラム、データとアナリティクスの4つのテクニカルコアがあり、5つ目のコアは学習体験に関連するものです。 プロダクトとプログラムのコアのマネージャーは、Gonick氏が作業グループになぞらえるチャプターで一緒に作業するにあたって適切な人材の組み合わせを提案します。たとえば、エンジニアリングのチャプターは30あります。 「なぜこのようなことをしたかというと、クラウドが与えてくれる機会に対応するためです」と同氏は説明します。この組織構造により、ITプロフェッショナルは「嫌な仕事を強いられ、同じツールを使用して日々作業する」のではなく、多様なプロジェクトに取り組むことで、才能を伸ばし、発揮することができるとも言います。 同氏は続けます。「まさに人間の才能を引き出すことが目的でした。これは私の個人的な見解ですが、企業の技術チームのほとんどは、階層的な体制に縛られており、多くの才能ある人材が息苦しさを覚えています。ほとんどの(プロフェッショナルな)人たちは、幅広い知識を持っていますが、それを探求し、共有し、構築する機会がほとんどありません。しかし、この体制のおかげでチームはプロフェッショナルなコミュニティとして成長し、自分たちのチームだけではなく、ビジネスにも大いに関与する機会を得ることができます。」 クラウドを成功させるためのチームの一元化 ASUと同様、Liberty Mutual Insuranceもこの10年間にわたりクラウド化への取り組みを続けてきました。実験的な利用から始まり、「市場投入のスピードを上げ、コストを下げ、機能のオンとオフを柔軟に使い分ける」ことができるよう、6年前から全面移行したとMonica Caldas氏は言います。同氏は、2018年からLiberty Mutualで2つのIT幹部職を務めた後、1月に執行副社長兼グローバルCIOに就任しました。 Liberty Mutualのクラウド化の過程で、IT部門のリーダーはオンプレミス環境からクラウド環境に移行するために必要な人材とスキルの育成に重点を置いてきた、とCaldas氏は言います。「誰もが役割を担う、大規模な変革になりました。」 その一環として、Liberty Mutualのインフラストラクチャ チームは、長年管理してきた膨大なハードウェアを維持する必要がなくなったため、再構築の必要がありました。インフラストラクチャ チームは、再構築されるのではなく、会社全体に活用できるクラウド機能に焦点を当てたグローバルな使命を担う、一元化されたデジタル […]
Think security first when switching from traditional Active Directory to Azure AD
What enforces your security boundary today? What will enforce it in the next few years? For many years, Microsoft Active Directory has been the backbone and foundation of network authentication, identity, and connection. But for many organizations moving to cloud applications or having a mixture of operating systems, the need for cloud-based network management is […]
Red Hat Pushes New Tools to Secure Software Supply Chain
Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain. The post Red Hat Pushes New Tools to Secure Software Supply Chain appeared first on SecurityWeek.
Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Rheinmetall confirms being hit by Black Basta ransomware group, but says its military business is not affected. The post Rheinmetall Says Military Business Not Impacted by Ransomware Attack appeared first on SecurityWeek.
Google Launches Bug Bounty Program for Mobile Applications
Google introduces Mobile VRP bug bounty program for vulnerabilities in its mobile applications. The post Google Launches Bug Bounty Program for Mobile Applications appeared first on SecurityWeek.
Iranian Hackers Target Middle East Entities With New Windows Kernel Driver
Iranian threat actors use a Windows kernel driver called ‘Wintapix’ in attacks against Middle East targets. The post Iranian Hackers Target Middle East Entities With New Windows Kernel Driver appeared first on SecurityWeek.
The DR essential IT leaders can’t overlook
Several years ago, an earthquake struck a West Coast community and threw almost everyone’s data center offline. There were regional electrical outages and communications disruptions, and systems failed. It’s a vivid memory because I was the CIO of an area financial institution at that time. We went into disaster recovery failover mode, with everyone in […]
CIOs seek efficiencies as uncertain economy looms
Efficiency, always a top concern of IT leaders, is the subject of heightened focus in 2023, thanks to ongoing inflation and the threat of recession. Expenditures for cloud services in particular are coming under close scrutiny, at a time when cloud spending is nearly half of many IT budgets. “As more and more workloads migrate […]
Cutting Through the Noise: What is Zero Trust Security?
With proactive steps to move toward Zero Trust, technology leaders can leverage an old, yet new, idea that must become the security norm. The post Cutting Through the Noise: What is Zero Trust Security? appeared first on SecurityWeek.
Today’s quantum-inspired approaches for ROI
Quantum computing will change the world — the industry has rightfully accepted this as fact. However, until it does, we must contend with some limitations in the noisy intermediate scale quantum (NISQ) era machines we have today. Many use cases allow us to show customers how to solve complex business problems with actual NISQ quantum computers. Still, […]
Meta fined $1.3B for violating EU GDPR data transfer rules on privacy
Meta has been fined $1.3 billion (€1.2 billion) by the Irish Data Protection Commission (DPC) for violating the terms of the EU’s GDPR by continuing to transfer EU users’ data to the US without adequate safeguards. Meta has failed to “address the risks to the fundamental rights and freedoms” of Facebook’s European users, the DPC […]
Microsoft reports jump in business email compromise activity
Cybersecurity activity around business email compromise (BEC) spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by the Microsoft Microsoft’s Digital Crimes Unit (DCU). The findings were highlighted in the latest edition of Microsoft’s Cyber Signals, a cyberthreat intelligence report that spotlights security trends and insights gathered from Microsoft’s […]
GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices
GAO report underlines the need for federal agencies to fully implement key cloud security practices. The post GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices appeared first on SecurityWeek.
What cybersecurity professionals can learn from the humble ant
When an ant colony is threatened, individual ants release pheromones to warn of the impending danger. Each ant picking up the warning broadcasts it further, passing it from individual to individual until the full defenses of the colony are mobilized. Instead of a single ant facing the danger alone, thousands of defenders with a single […]
Dish Ransomware Attack Impacted Nearly 300,000 People
Satellite TV giant Dish Network says the recent ransomware attack impacted nearly 300,000 people and its notification suggests a ransom has been paid. The post Dish Ransomware Attack Impacted Nearly 300,000 People appeared first on SecurityWeek.
Food Distributor Sysco Says Cyberattack Affects 126,000 Individuals
Food distributor Sysco Corporation says the personal information of over 126,000 individuals was compromised in a recent cyberattack. The post Food Distributor Sysco Says Cyberattack Affects 126,000 Individuals appeared first on SecurityWeek.
Microsoft: BEC Scammers Use Residential IPs to Evade Detection
BEC scammers use residential IP addresses in attacks to make them seem locally generated and evade detection. The post Microsoft: BEC Scammers Use Residential IPs to Evade Detection appeared first on SecurityWeek.
EU’s AI Act challenge: balance innovation and consumer protection
Members of the EU Parliament have agreed on a first draft for regulating the use of AI. The AI Act is now taking the next procedural step to be negotiated and worked out with individual member states. In the end, there should be an EU-wide body of law to regulate the use of AI technologies, such as ChatGPT. Essentially, the AI […]
5 C-suite bridges every IT leader must build
IT leaders have known for years that having “a seat at the table” is essential to their success. Without insight into and influence over key organizational decisions and priorities, CIOs are disadvantaged when it comes to launching and supporting initiatives that will help the business thrive. But these days, that seat at the table, where […]
China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States
China’s government told users of computer equipment deemed sensitive to stop buying products from the biggest U.S. memory chipmaker, Micron. The post China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States appeared first on SecurityWeek.
Facebook Parent Meta Hit With Record Fine for Transferring European User Data to US
The European Union slapped Meta with a record $1.3 billion privacy fine and ordered it to stop transferring user data across the Atlantic. The post Facebook Parent Meta Hit With Record Fine for Transferring European User Data to US appeared first on SecurityWeek.
Samsung Smartphone Users Warned of Actively Exploited Vulnerability
Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor. The post Samsung Smartphone Users Warned of Actively Exploited Vulnerability appeared first on SecurityWeek.
Legitimate looking npm packages found hosting TurkoRat infostealer
Despite efforts taken in recent years to proactively monitor public software repositories for malicious code, packages that bundle malware continue to routinely pop up in such places. Researchers recently identified two legitimate looking packages that remained undetected for over two months and deployed an open-source information stealing trojan called TurkoRat. Effective use of typosquatting on […]
Guerrilla malware is preinfected on 8.9 million Android devices, Trend Micro says
Cybercrime gang Lemon Group has managed to get malware known as Guerrilla preinstalled on about 8.9 million Android-based smartphones, watches, TVs, and TV boxes globally, according to Trend Micro. The Guerilla malware can load additional payloads, intercept one-time passwords (OTPs) from SMS texts, set up a reverse proxy from the infected device, and infiltrate WhatsApp […]
Pimcore Platform Flaws Exposed Users to Code Execution
Security researchers are warning that newly patched vulnerabilities in the Pimcore platform bring code execution risks. The post Pimcore Platform Flaws Exposed Users to Code Execution appeared first on SecurityWeek.
US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website
Wisconsin teen Joseph Garrison is charged with launching a credential stuffing attack that affected roughly 60,000 user accounts. The post US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website appeared first on SecurityWeek.
Accessibility should be a cybersecurity priority, says UK NCSC
The UK National Cyber Security Centre (NCSC) has urged businesses and security leaders to make accessibility a cybersecurity priority to help make systems more secure and human errors/workarounds less likely. It can also aid in meeting legal requirements, delivering better operational outcomes, and attracting and retaining more diverse talent, according to the NCSC. However, there […]
Allianz ditches mainframe for scale and innovation
Due to a risk of not being able to scale and innovate properly, nor provide a basis to accommodate new platforms or programming languages, a decision was made in mid-2019 to migrate the entire Allianz Business System (ABS) — the IT core applications including its database in Germany — to standardized x86 servers with Linux […]
Examining the fallout of APAC tech skills shortages
Recent research from IDC report Enterprise Automation to Mitigate the Digital Skills Shortage found that up to 80% of organizations in the APAC region, excluding Japan, find it difficult or extremely difficult to fill vacancies in IT roles. Some of the hardest roles to fill include security, and development and data professionals. The report also […]
Researchers Identify Second Developer of ‘Golden Chickens’ Malware
Security researchers have identified the second developer of Golden Chickens, a malware suite used by financially-motivated hacking groups Cobalt Group and FIN6. The post Researchers Identify Second Developer of ‘Golden Chickens’ Malware appeared first on SecurityWeek.
Apple Patches 3 Exploited WebKit Zero-Day Vulnerabilities
Apple has patched 3 zero-days, two of which are the vulnerabilities patched with the tech giant’s first Rapid Security Response updates. The post Apple Patches 3 Exploited WebKit Zero-Day Vulnerabilities appeared first on SecurityWeek.
Cloudflare Unveils New Secrets Management Solution
Cloudflare introduces Secrets Store, a new solution to help developers and organizations securely store and manage secrets. The post Cloudflare Unveils New Secrets Management Solution appeared first on SecurityWeek.
Critical remote code execution flaws patched in Cisco small business switches
Cisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices and can be exploited without authentication. While the company didn’t disclose which specific components of […]
6 barriers to becoming a data-driven company
It’s no surprise that becoming a data-driven company is at the top of the corporate agenda. A recent IDC whitepaper found that data-savvy companies reported a threefold increase in revenue improvement, almost tripling the likelihood of reduced time to market for new products and services, and more than doubling the probability of enhanced customer satisfaction, […]
OX Security adds ChatGPT plugin for AppSec
OX Security, an application security vendor, now has a plugin for ChatGPT, allowing users to leverage the power of the headline-making generative AI assistant to protect the software supply chain, generate personalized security recommendations and remedy security issues quickly. The Israel-based company, in a press release issued yesterday, said that generative AI has already altered […]
Investors Make $6M Bet on Manifest for SBOM Management Technology
Manifest raises $6 million in seed funding to help businesses generate, collect, and manage software bill of materials (SBOMs). The post Investors Make $6M Bet on Manifest for SBOM Management Technology appeared first on SecurityWeek.
Modernization holds the key to IBM i success
IBM i technology is a data center lynchpin for many organizations. Introduced 35 years ago as OS/400, a survey of IBM i users by Fortra found that seven out of 10 use IBM i, an operating system developed by IBM for IBM Power Systems, to run more than half of their applications. While adoption of […]
Quantum Decryption Brought Closer by Topological Qubits
Quantinuum claims the most powerful quantum computer currently available –through cloud-based access from Quantinuum, and available through Azure Quantum in June 2023. The post Quantum Decryption Brought Closer by Topological Qubits appeared first on SecurityWeek.
Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats
A wave of layoffs, coupled with increased recruitment efforts by cybercriminals, could create the perfect conditions for insider threats to flourish The post Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats appeared first on SecurityWeek.
Industrial Secure Remote Access Is Essential, but Firms Concerned About Risks
Secure remote access is essential for industrial organizations, but many are concerned about the associated risks, a new study shows. The post Industrial Secure Remote Access Is Essential, but Firms Concerned About Risks appeared first on SecurityWeek.
Russian national indicted for ransomware attacks against the US
Russian national, Mikhail Pavlovich Matveev, has been charged and indicted for launching ransomware attacks against thousands of victims in the country and across the world, the US Department of Justice (DoJ) said in a press release. The Department of State has also announced an award of up to $10 million for information that leads to […]
Aviatrix is transforming cloud network security with distributed firewalling
Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments. The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network […]
Organizations reporting cyber resilience are hardly resilient: Study
While most organizations have a cyber resilience program in place, more than half of them lack a comprehensive approach to assessing resilience, according to a study by Immersive Labs. The study aimed at understanding business preparedness amidst growing incidents found a strong intent to strengthen cybersecurity capabilities driven by external threats. “Rules of engagement for […]
Google Announces New Rating System for Android and Device Vulnerability Reports
Google is updating its vulnerability reports rating system to encourage researchers to provide more details on the reported bugs. The post Google Announces New Rating System for Android and Device Vulnerability Reports appeared first on SecurityWeek.
New SBOM Hub Helps All Stakeholders in Software Distribution Chain
Lineaje introduces SBOM360 Hub, an exchange allowing software producers, sellers, and consumers to publish, share and use SBOMs and related compliance artifacts. The post New SBOM Hub Helps All Stakeholders in Software Distribution Chain appeared first on SecurityWeek.
PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords
Researcher publishes PoC tool that exploits unpatched KeePass vulnerability to retrieve the master password from memory. The post PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords appeared first on SecurityWeek.
Millions of Smartphones Distributed Worldwide With Preinstalled ‘Guerrilla’ Malware
A threat actor tracked as Lemon Group has control over millions of smartphones distributed worldwide thanks to preinstalled Guerrilla malware. The post Millions of Smartphones Distributed Worldwide With Preinstalled ‘Guerrilla’ Malware appeared first on SecurityWeek.
Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities
Cisco has released patches for critical vulnerabilities in small business switches for which public proof-of-concept (PoC) code exists. The post Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities appeared first on SecurityWeek.
Discount Tire tunes IT to reinvent customer experience
Cracking the code for fast, reliable automotive service requires vision — especially in an era in which customers expect flexible, convenient experiences delivered on their terms. For US tire retail chain Discount Tire inspiration for reinventing its retail automotive experience would come from familiar territory: the less than 20 seconds it takes a NASCAR pit […]
14 essential book recommendations by and for IT leaders
Looking for your next read? Why not pick up a book that will inspire you to be a more effective leader, help you spot challenges and pitfalls in your IT strategies and processes, or prepare for the future of information technology? I asked CIOs and other high-level IT leaders to recommend books that have impacted […]
Enabling a data-driven IT modernization strategy
The big picture: In the midst of a rush to technology modernization, it’s critical to ensure the organization’s data assets are not overlooked. Why it matters: Data-driven business decisions must factor prominently in modernization efforts. The bottom line: Don’t leave data behind. Excellent opportunities to save and make money, reduce risk, and develop new models of business emerge […]
Researchers show ways to abuse Microsoft Teams accounts for lateral movement
With organizations increasingly adopting cloud-based services and applications, especially collaboration tools, attackers have pivoted their attacks as well. Microsoft services consistently rank at the top of statistics when it comes to malicious sign-in attempts, and Microsoft Teams is one application that recently seems to have attracted attackers’ interest. Researchers from security firm Proofpoint investigated how […]
IBM acquires Polar Security, bolstering data security capabilities
IBM has purchased application security startup Polar Security, in an attempt to address the security of application data in the cloud and help organizations track vulnerable information. In a statement issued this morning, IBM said that the increased cloud adoption driven by the pandemic has strained organizational capacity to track certain aspects of their application […]
ServiceNow, Nvidia to bring generative AI to enterprise workflows
ServiceNow and Nvidia on Wednesday said that they were collaborating to build generative AI applications for different enterprise functions in an effort to optimize business processes and workflows. ServiceNow will use data available on its workflow platform along with Nvidia’s DGX Cloud, Nvidia DGX SuperPOD, and Nvidia’s Enterprise AI software suite to develop custom large […]
Entro exits stealth with context-based secrets management
Entro, the Israeli cybersecurity company focused on protection for secrets and programmatic access to cloud services and data, has exited stealth with its first-ever product offering context-based secrets management. The new offering is the first and only holistic secrets security platform that detects, safeguards, and provides context for secrets stored across vaults, source code, collaboration tools, […]
Access to Energy Sector ICS/OT Systems Offered on Hacker Forums
Threat actors have been selling access to energy sector organizations, including ICS and other OT systems, according to a new report from Searchlight Cyber. The post Access to Energy Sector ICS/OT Systems Offered on Hacker Forums appeared first on SecurityWeek.
Creating wealth, jobs, and community through women-owned businesses
Women-owned businesses represent 33% of the world’s private businesses. That number should be higher when you consider that women-owned businesses are one of the most underutilized drivers of innovation and job growth in both developed and emerging markets. These businesses are particularly challenged when it comes to accessing opportunities in global trade. Technology can help […]
4 Countries Join NATO Cyber Defense Center
Japan, Ukraine, Ireland and Iceland have joined the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE). The post 4 Countries Join NATO Cyber Defense Center appeared first on SecurityWeek.
Apple Blocked 1.7 Million Applications From App Store in 2022
Apple says it rejected 1.7 million applications from being published in the App Store in 2022. The post Apple Blocked 1.7 Million Applications From App Store in 2022 appeared first on SecurityWeek.
Insider threats surge across US CNI as attackers exploit human factors
Over three-quarters (77%) of organizations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyberthreats in the last three years, according to new research from cybersecurity services firm Bridewell. The Cyber Security in CNI: 2023 report surveyed 525 cybersecurity decision makers in the US in the transport and aviation, utilities, finance, government, […]
Attacker uses the Azure Serial Console to gain access to Microsoft VM
Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant. Using access to virtual machines the attackers employed malicious use of the Serial Console on Azure Virtual Machines to install third-party remote management software […]
Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks
CISA, FBI, and ACSC warn critical infrastructure organizations of the BianLian ransomware group’s attacks. The post Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks appeared first on SecurityWeek.
Security breaches push digital trust to the fore
As digital transactions with customers, employees, suppliers, and other stakeholders grow, digital trustworthiness is set to become one of the most important enterprise-wide initiatives with the biggest potential impact (both negative and positive), even though it often has the smallest budget allocation. “Organizations are focusing on security and privacy, but if your customers don’t trust […]
Chrome 113 Security Update Patches Critical Vulnerability
Google has released a Chrome 113 update to patch 12 vulnerabilities, including a critical use-after-free flaw. The post Chrome 113 Security Update Patches Critical Vulnerability appeared first on SecurityWeek.
Cybersecurity M&A Roundup for May 1-15, 2023
Seventeen cybersecurity-related M&A deals were announced in the first half of May 2023. The post Cybersecurity M&A Roundup for May 1-15, 2023 appeared first on SecurityWeek.
Lacroix Closes Production Sites Following Ransomware Attack
Technological equipment supplier Lacroix has closed three production sites after experiencing a ransomware attack. The post Lacroix Closes Production Sites Following Ransomware Attack appeared first on SecurityWeek.
Entro Raises $6M to Tackle Secrets Sprawl
Israeli startup Entro launches with $6 million in seed-stage funding and a product to help manage secrets sprawl in the enterprise. The post Entro Raises $6M to Tackle Secrets Sprawl appeared first on SecurityWeek.
Einstein GPT gives Salesforce unifying vision for high-profile acquisitions
It’s no secret to anyone that generative AI is the hot new thing in tech right now, promising to revolutionize the way humans interact with software. And, perhaps uniquely, it is a potentially transformational technology that won’t require rebuilding the infrastructure stack. Salesforce is one a rising wave of software companies betting on the promise […]
Accenture’s Penelope Prett on the predictive value of data
Penelope Prett has been with Accenture for over 30 years. She was named CIO in 2019, and last fall, added data and analytics to her title and remit. I recently spoke with Prett about her new role, what it means for Accenture, and her advice for CIOs who are embarking on the data-to-value journey. What […]
US Offering $10M Reward for Russian Man Charged With Ransomware Attacks
The US is offering a $10 million reward for information on a Russian man accused of launching ransomware attacks on critical infrastructure. The post US Offering $10M Reward for Russian Man Charged With Ransomware Attacks appeared first on SecurityWeek.
Technology, Processes, and Culture: Red Hat’s Open-source Pathway to Successful Digital Transformation
The world has witnessed the undeniable power of digital transformation to unlock tremendous potential and propel businesses forward in today’s fast-paced digital era. Yet, as organisations work to reap the benefits of innovation and growth, they must also navigate this new terrain. The road to digital transformation requires significant investments of time, money, and resources, […]
AFL launches Just Walk Out technology to tackle queues at Marvel Stadium
The pain of long lines for food and drinks is about to be eased at Melbourne’s Marvel Stadium with the introduction of Amazon’s Just Walk Out technology, a first for the southern hemisphere. Rob Pickering, general manager for technology at The Australian Football League (AFL), which owns and operates the stadium, says the initiative is […]
Unlocking Growth Opportunities: 4 Ways a Strong EX Strategy Enhances CX
As businesses strive to undergo digital transformation on a large scale, IT leaders are placing increased emphasis on enhancing employee experience (EX) in order to elevate customer satisfaction and engagement. Modern companies are investing more of their budgets on tools that create and maintain a positive employee experience. Employee experience tools and software help to […]
SAP takes steps toward ‘green ledger’ for carbon accounting
SAP wants to give new meaning to the resources in enterprise resource planning, going beyond the boundaries of the enterprise and accounting for its impact on the whole planet. The software provider plans to do that by enhancing existing tools for estimating greenhouse gas emissions due to an enterprise’s activities, and adding capabilities for exchanging […]
Arnica's real-time, code-risk scanning tools aim to secure supply chain
Software supply chain security provider Arnica has added a suite of new real-time scanning tools to its namesake code-security suite, including static application security testing (SAST), infrastructure as code (IaC) scanning, software component analysis (SCA), and third-party package reputation checks. To read this article in full, please click here
3 ways to jump-start your journey to SD-WAN, SSE, and SASE
For decades, organizations have relied on traditional architecture to secure their network based on firewalls and other perimeter defenses. As organizations massively moved their workloads to the cloud, users are now accessing sensitive data in the cloud through unsecured links, outside of the corporate network perimeter and from any device. This trend has accelerated as […]
How to Lose With AI
By Bryan Kirschner, Vice President, Strategy at DataStax Consumers love smart personalization. Developers get fired up about building AI-powered apps. And just two months after ChatGPT launched, 100 million people have added tapping into the power of AI to their toolbox. These signals point toward an “AI everywhere” future: one in which it’s a competency […]
Digital listening reveals 3 leading innovation drivers
In six short months, ChatGPT propelled artificial intelligence (AI) into the minds and imaginations of the masses more than any other development since the term “AI” was coined in 1956. According to research sponsored by techradar.pro, an astonishing 39% of U.S. and U.K. adult web users surveyed have used one or more generative AI tools. […]
ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence
The head of OpenAI, which makes ChatGPT, told Congress that government intervention “will be critical to mitigate the risks of increasingly powerful” AI systems. The post ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence appeared first on SecurityWeek.
It’s time to go paperless: are bank branches ready?
When the chief banking officer of a $10.3B community bank visited a competing super-regional branch in her suburban New Jersey neighborhood, she noticed something troubling. Piles upon piles of paper crowded the branch manager’s desk and cluttered the nearby credenza. Set amid an open floor plan, the stacks of files left sensitive customer information—business and […]
South American retailer shares lessons learned in its move to HR automation
Behind the scenes at one of South America’s largest retail conglomerates, human resources (HR) professionals manage the movement of tens of thousands of employees. Hit by a recent spike in turnover, one thing became clear to the company’s HR team: their records system needed a serious upgrade. With annual sales in the billions, the retail […]
BCBSNC builds a better IT workplace through DEI
For companies looking for an edge in the tight talent market, a solid DEI strategy and employee engagement often go hand in hand, creating a balance that fosters an inclusive work environment. When employees feel they can bring their authentic selves to work, it can result in higher levels of employee productivity and satisfaction, improved […]
Is your cloud strategy working? Why multicloud by design is the way forward.
With the rise of cloud computing, many organizations rapidly adopted public cloud services alongside cloud principles in dedicated IT environments, or private clouds, to accelerate innovation and meet business requirements. This led to the rise of multicloud: today, almost nine out of 10 IT environments include a mix of public and private clouds1. In some […]
Aqua Security releases Real-Time CSPM to tackle multi-cloud security risks
Cloud native security vendor Aqua Security has announced the launch of Real-Time CSPM, a new cloud security posture management solution designed to provide visibility and risk prioritization across multi-cloud security risks. Real-Time CSPM uses “real-time scanning” to pinpoint threats that evade agentless detection and reduce noise so security practitioners can identify, prioritize, and remediate the […]
SAP to add generative AI, industry smarts to CX tools
Every software developer is looking at how to incorporate generative AI in its products, even SAP. The ERP vendor, which turned 50 last year, is developing a companion app for its software, to be called SAP Digital Assistant, which will use generative AI to help SAP users provide a better experience to their customers. SAP […]
Lancefly APT Targeting Asian Government Organizations for Years
A threat actor tracked as Lancefly has been targeting government organizations in South and Southeast Asia for at least three years. The post Lancefly APT Targeting Asian Government Organizations for Years appeared first on SecurityWeek.
IBM Snaps up DSPM Startup Polar Security
Tech giant IBM acquires Polar Security, an early stage startup in the red-hot data security posture management (DSPM) category. The post IBM Snaps up DSPM Startup Polar Security appeared first on SecurityWeek.
Nozomi Networks announces Vantage IQ to address security gaps in critical infrastructure
Nozomi Networks has announced the upcoming release of Vantage IQ, a new AI-based analysis and response engine designed to address security gaps and resource limitations in critical operational infrastructure. The new offering will be available from Q3 2023 as an add-on to Vantage, Nozomi Networks’ SaaS-based security management platform. It is built to enhance threat […]
New APT targets South and Southeast Asia with custom-written backdoor
Lancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, education, and telecom organizations in South and Southeast Asia in an activity that has been ongoing for the past five years, according to Symantec. The group has been seen carrying out the activity with the motive of intelligence gathering. Lancefly has […]
Huntress Closes $60M Series C for MDR Expansion
Huntress closes a $60 million Series C financing round led by Sapphire Ventures. The company has now raised $118 million. The post Huntress Closes $60M Series C for MDR Expansion appeared first on SecurityWeek.
New Babuk-Based Ransomware Targeting Organizations in US, Korea
An emerging ransomware gang called RA Group is targeting organizations in the US and South Korea. The post New Babuk-Based Ransomware Targeting Organizations in US, Korea appeared first on SecurityWeek.
Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks
Critical vulnerabilities found in Teltonika products by industrial cybersecurity firms Otorio and Claroty expose thousands of internet-exposed devices to attacks. The post Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks appeared first on SecurityWeek.
Crosspoint Capital Partners Acquires Absolute Software in $870 Million Deal
Crosspoint Capital Partners has agreed to acquire security solutions provider Absolute Software in an $870 million deal. The post Crosspoint Capital Partners Acquires Absolute Software in $870 Million Deal appeared first on SecurityWeek.
How Northfield Hospital uses AI to minimize risk from cyberattacks
Like all healthcare providers, US-based Northfield Hospital has a big responsibility when it comes to cybersecurity as sensitive data and the lives of patients could be at stake. A study by Proofpoint and the Ponemon Institute released in September 2022 found that patient mortality rates increased across more than 20% of healthcare organizations that suffered […]
Edge platforms deliver 3 key business benefits
Traditionally, content delivery networks (CDNs) were used to cache files close to consumers, enabling media publishers to stream video and gaming software to customers as quickly as possible, and allowing high-stakes web application providers to deliver web pages equally fast. Eventually, application and content owners found these networks had use beyond caching that enabled digital […]
5 IT management practices certain to kill IT productivity
Successful CIOs, like all highly placed executives, must be adept at running an organization that’s good at getting work out the door. Unfortunately, many of the most popular management techniques for fixing poor organizational performance don’t work. Or worse. If you want better guidance, start with Peter Drucker’s observation that, “Most of what we call […]
How to incubate a winning innovation program
When leaders consider how technology has enabled the transformation of business models over the past several years, few would disagree that the world has changed dramatically. Retail, entertainment, music, and banking have largely moved online. It’s a familiar story: Netflix beat Blockbuster; Amazon beat Borders. More recently, Tesla has transformed the experience of buying, owning, […]
Oracle first to open a cloud region in Serbia
Public cloud services provider Oracle on Monday said it will launch a new cloud region in Serbia, which will make it the first among rivals including Microsoft, Amazon Web Services (AWS), Google and IBM, to offer a hyperscale data center in the Eastern European country. The new cloud region, which will serve Southeast Europe, will […]
New ransomware gang RA Group quickly expanding operations
Researchers warn of a new ransomware threat dubbed RA Group that also engages in data theft and extortion and has been hitting organizations since late April. The group’s ransomware program is built from the leaked source code of a different threat called Babuk. “Like other ransomware actors, RA Group also operates a data leak site […]
New security tool lets you bypass SSL errors
Endpoint-based web and cloud security provider Dope Security has launched a new instant secure socket layer (SSL) error resolution feature on its secure web gateway (SWG) offering, Dope.swg. The new feature is added to simplify SSL inspection conducted by Dope’s SWG and helps admins bypass SSL errors generated as a result of the inspection. “Dope’s […]
Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot
It can seem like cybercriminals are running rampant across the world’s digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among […]
General Dynamics IT takes multicloud strategy to the next level
These days, to serve the backbone corporate needs for more than 100,000 employees globally means betting big on the cloud. That’s what James Hannah, SVP and global CIO of General Dynamics Information Technology, has done in partnership with the Reston, Va.-based aerospace and defense contractor’s 10 business units, each of which has its own CIO […]
Brightly Software Notifying 3 Million SchoolDude Users of Data Breach
Brightly Software has started informing roughly three million users that their personal information was compromised in a recent data breach. The post Brightly Software Notifying 3 Million SchoolDude Users of Data Breach appeared first on SecurityWeek.
UK NCSC, ICO debunk 6 cyberattack reporting myths
The UK National Cyber Security Centre (NCSC) and the UK’s data protection regulator the Information Commissioner’s Office (ICO) have published a rare joint article dispelling several myths about cyberattack reporting to tackle the problem of unreported data breaches. The pair argued that, while businesses may be tempted to hide data breaches to avoid negative scrutiny, […]
Hackers exploit WordPress vulnerability within hours of PoC exploit release
Threat actors have started exploiting a recently disclosed vulnerability in WordPress, within 24 hours of the proof-of-concept (PoC) exploit being published by the company, according to a blog by Akamai. The high-severity vulnerability, CVE-2023-30777 that affects the WordPress Advanced Custom Fields plugin, was identified by a Patchstack researcher on May 2. To read this article in full, please […]
Discord Informs Users of Data Breach Involving Customer Support Provider
Communications and social platform Discord is notifying users of a cyber incident involving a third-party services provider. The post Discord Informs Users of Data Breach Involving Customer Support Provider appeared first on SecurityWeek.
Computer vision transforms tennis coaching at Billie Jean King Cup
With centuries of tradition behind it, tennis as a sport has been highly resistant to change. Other sports have been quick to embrace the use of data and analytics to transform how athletes are recruited, trained, and prepped for competitions, how they adjust to changing circumstances during play, and how they break down successes and […]
Top business needs driving IT spending today
After years of prioritizing digital transformation and focusing on innovation, many CIOs are reporting that their No. 1 goal now is supporting operational efficiency. CIO.com’s 2023 State of the CIO report, its 22nd such annual survey, showed that more CIOs today are seeing improved operational efficiency as the top imperative. Some 45% of respondents listed […]
Insured companies more likely to be ransomware victims, sometimes more than once
Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers. Back in 2019, fewer than 20% of enterprises suffered repeat ransomware attacks, while during the pandemic, the percentage rose to around […]
Capita Cyberattack Hits UK Pension Funds
The recent ransomware attack on Capita may impact millions of customers of hundreds of pension funds in the UK. The post Capita Cyberattack Hits UK Pension Funds appeared first on SecurityWeek.
PharMerica Discloses Data Breach Impacting 5.8 Million Individuals
The personal information of more than 5.8 million was compromised in a data breach at national pharmacy network PharMerica. The post PharMerica Discloses Data Breach Impacting 5.8 Million Individuals appeared first on SecurityWeek.
WordPress Field Builder Plugin Vulnerability Exploited in Attacks Two Days After Patch
PoC exploit targeting an XSS vulnerability in the Advanced Custom Fields WordPress plugin started being used in malicious attacks two days after patch. The post WordPress Field Builder Plugin Vulnerability Exploited in Attacks Two Days After Patch appeared first on SecurityWeek.
CISA: Several Old Linux Vulnerabilities Exploited in Attacks
Several old Linux vulnerabilities for which there are no public reports of malicious exploitation have been added to CISA’s KEV catalog. The post CISA: Several Old Linux Vulnerabilities Exploited in Attacks appeared first on SecurityWeek.
Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades
The Philadelphia Inquirer experienced the most significant disruption to its operations in 27 years due to a cyberattack on Sunday, May 14, 2023. The post Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades appeared first on SecurityWeek.
Dialog Enterprise: keeping the data of Sri Lanka’s enterprises safe and sovereign
Offering an extensive portfolio of ICT solutions and services in conjunction with its high-available data centers, fastest broadband internet and telecommunications networks for consumers and businesses, Dialog Enterprise is one of the most trusted information and communication technology brands in Asia. Now it is also the first provider in Sri Lanka to earn the VMware […]
Igniting Innovation in Singapore: The CIO view
Following almost 3 years of enabling remote working, securing business operations and enhancing productivity levels, forward-thinking CIOs are stepping up to spearhead transformation agendas in Singapore. Leveraging a once-in-a-career opportunity, IT leaders are building new strategies to accelerate the potential of digital, mirroring boardroom ambitions to create competitive differentiation in 2023 and beyond. According to […]
Executive Fired From TikTok’s Chinese Owner Says Beijing Had access to App Data in Termination Suit
Former TikTok executive said China government officials maintained access to all company data, including information stored in the United States. The post Executive Fired From TikTok’s Chinese Owner Says Beijing Had access to App Data in Termination Suit appeared first on SecurityWeek.
Generative AI & data: Potential in cybersecurity if the risks can be curtailed
Artificial intelligence (AI) in 2023 feels a bit like déjà vu to me. Back in 2001, as I was just entering the venture industry, I remember the typical VC reaction to a start-up pitch was, “Can’t Microsoft replicate your product with 20 people and a few months of effort, given the resources they have?” Today, […]
Toyota: Data on More Than 2 million Vehicles in Japan Were at Risk in Decade-Long Breach
A decade-long data breach in Toyota’s online service put some information on more than 2 million vehicles at risk. The post Toyota: Data on More Than 2 million Vehicles in Japan Were at Risk in Decade-Long Breach appeared first on SecurityWeek.
WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers
A vulnerability in a WordPress plugin exposed the official website of sports car maker Ferrari to hacker attacks. The post WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers appeared first on SecurityWeek.
Leaked Babuk Code Fuels New Wave of VMware ESXi Ransomware
SentinelOne sees multiple threat groups adopting the leaked Babuk source code to build their own VMware ESXi lockers. The post Leaked Babuk Code Fuels New Wave of VMware ESXi Ransomware appeared first on SecurityWeek.
Spain Arrests Hackers in Crackdown on Major Criminal Organization
Spanish authorities have announced the arrest of 40 individuals for their roles in a group involved in bank fraud, identity theft, and money laundering. The post Spain Arrests Hackers in Crackdown on Major Criminal Organization appeared first on SecurityWeek.
Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products
Rockwell Automation customers have been informed about potentially serious vulnerabilities in several products, shortly after news of an investigation into the firm’s China operations. The post Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products appeared first on SecurityWeek.
Keeping IT ahead in a game when rules keep changing
IT leaders today are facing more challenges than ever before. As you look to shape your winning strategies, the rules of the game keep changing. Environments are more dispersed and dynamic, with attack surfaces and vectors expanding, and new threats emerging. Applications are no longer confined to desktops and devices but are spread across multiple […]
Fraport goes all in on private 5G network
There were a multitude of reasons for Fraport AG, the operating company of Germany’s largest airport in Frankfurt, to build one of the largest European private 5G campus networks: automation, autonomous driving, localization of devices, and processing data in real time. Or as Fraport SVP of IT infrastructure Fritz Oswald puts it: “We definitely see 5G as […]
Australian Enterprise Software Maker TechnologyOne Resumes Trading Following Hack
Australian enterprise software maker TechnologyOne said its internal Microsoft 365 system was compromised in a cyberattack. The post Australian Enterprise Software Maker TechnologyOne Resumes Trading Following Hack appeared first on SecurityWeek.
France Punishes Clearview AI For Failing To Pay Fine
France’s privacy watchdog doled out further penalties to US firm Clearview AI for failing to pay a 20-million-euro fine imposed last year over data breaches. The post France Punishes Clearview AI For Failing To Pay Fine appeared first on SecurityWeek.
CISA, FBI: Ransomware Gang Exploited PaperCut Flaw Against Education Facilities
CISA and FBI have observed a ransomware gang exploiting a recent PaperCut vulnerability in attacks targeting the education facilities subsector. The post CISA, FBI: Ransomware Gang Exploited PaperCut Flaw Against Education Facilities appeared first on SecurityWeek.
1 Million WordPress Sites Impacted by Exploited Plugin Vulnerability
Exploitation of a critical vulnerability in the Essential Addons for Elementor WordPress plugin started immediately after a patch was released. The post 1 Million WordPress Sites Impacted by Exploited Plugin Vulnerability appeared first on SecurityWeek.
Secure Messaging Arrives on Twitter – Sort of. ‘Don’t Trust It Yet,’ Musk Warns
Twitter launched encrypted messaging, offering select users the ability to communicate more securely. But its new service is much more of a baby step than a giant leap forward. The post Secure Messaging Arrives on Twitter – Sort of. ‘Don’t Trust It Yet,’ Musk Warns appeared first on SecurityWeek.
Israeli threat group uses fake company acquisitions in CEO fraud schemes
A group of cybercriminals based in Israel has launched more than 350 business email compromise (BEC) campaigns over the past two years, targeting large multinational companies from around the world. The group stands out with some of the techniques it uses, including email display name spoofing and multiple fake personas in the email chains, and […]
This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT
Yhe convergence of networking and security, the consolidation of technology vendors, and a focus on OT security are essential underpinnings of any organization’s success. The post This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT appeared first on SecurityWeek.
US Probing Cybersecurity Risks of Rockwell Automation’s China Operations: Report
US government investigating whether the Chinese operations of industrial giant Rockwell Automation pose a cybersecurity risk to critical infrastructure. The post US Probing Cybersecurity Risks of Rockwell Automation’s China Operations: Report appeared first on SecurityWeek.
Generative AI Will Transform Software Development. Are You Ready?
If you believe the hype, generative AI has the potential to transform how we work and play with digital technologies. Today’s eye-popping text-and-image generating classes of AI capture most of the limelight, but this newfangled automation is also coming to software development. It is too soon to say what impact this emerging class of code-generating […]
Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison
Nickolas Sharp, the former Ubiquiti employee who posed as a hacker and attempted to extort the firm for $2 million, was sentenced to prison. The post Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison appeared first on SecurityWeek.
Mass Event Will Let Hackers Test Limits of AI Technology
ChatGPT maker OpenAI, and other major AI providers such as Google and Microsoft, are coordinating with the Biden administration to let thousands of hackers take a shot at testing the limits of their technology. The post Mass Event Will Let Hackers Test Limits of AI Technology appeared first on SecurityWeek.
New ‘Greatness’ Phishing-as-a-Service Targets Microsoft 365 Accounts
A new phishing-as-a-service (PaaS) tool has been observed targeting businesses, mainly in the manufacturing, healthcare, technology, and real estate sectors. The post New ‘Greatness’ Phishing-as-a-Service Targets Microsoft 365 Accounts appeared first on SecurityWeek.
OpenSSF Receives $5 Million for Open Source Software Security Project
OpenSSF has added four new members and is receiving $5 million in funding for its Alpha-Omega open source software security project. The post OpenSSF Receives $5 Million for Open Source Software Security Project appeared first on SecurityWeek.
Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers
Claroty has disclosed the details of 5 vulnerabilities that can be chained in an exploit allowing unauthenticated attackers to hack Netgear routers. The post Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers appeared first on SecurityWeek.
New DownEx malware campaign targets Central Asia
A previously undocumented malware campaign called DownEx has been observed actively targeting government institutions in Central Asia for cyberespionage, according to a report by Bitdefender. The first instance of the malware was detected in 2022 in a highly targeted attack aimed at exfiltrating data from foreign government institutions in Kazakhstan. Researchers observed another attack in Afghanistan. To read this […]
Google Improves Android Security With New APIs
Google is improving Android security with new Safe Browsing real-time API, credential manager jetpack API, and new SDK API for developers. The post Google Improves Android Security With New APIs appeared first on SecurityWeek.
Senators Push Overhaul of Classification Rules After Trump, Biden Cases
Senators introduce bill to reform security classification system in the US to prevent mishandling of classified information and promote better use of intelligence. The post Senators Push Overhaul of Classification Rules After Trump, Biden Cases appeared first on SecurityWeek.
Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches
Judge refuses to dismiss shareholder lawsuit alleging that Facebook violated the law and fiduciary duties in failing for years to protect user data privacy. The post Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches appeared first on SecurityWeek.
Microsoft Makes Second Attempt to Patch Recent Outlook Zero-Day
Microsoft has rolled out patches for a vulnerability allowing attackers to bypass mitigations for a critical Outlook zero-day leading to credentials theft. The post Microsoft Makes Second Attempt to Patch Recent Outlook Zero-Day appeared first on SecurityWeek.
CIO-turned-CEO Kevin Hart on developing successful IT leaders
Kevin Hart was named chief executive officer of Segra, one of the nation’s largest independent fiber network companies, following an 11-year tenure as executive vice president and chief product and technology officer for Cox Communications. Hart’s journey from CIO to CEO is a story of intention and grit, with an equal focus on lifting others […]
How data science gives Games 24×7 a hyperpersonalized edge
India-based Games24x7, a digital-first company, believes that “the best gaming experiences are created at the intersection of entertainment and science.” With a portfolio spanning skill games (RummyCircle), fantasy sports (My11Circle), and casual games (U Games), the company banks firmly on technology to build a highly scalable gaming infrastructure that serves more than 100 million registered […]
10 highest-paying IT skills for 2023
Digital transformation is at the forefront of every modern business strategy, whether it’s adopting the cloud, improving and updating IT infrastructure, or developing data and analytics strategy to drive decision-making. Companies are interested in hiring seasoned pros who have a strong working knowledge of the skills they need to accomplish technology and business goals. According […]
The 6 best password managers for business
What’s a password manager? A password manager is a program that stores passwords and logins for various sites and apps, and generates new strong passwords when a user needs to change an old one or create a new account. Users can sign into a password manager with a single strong password or by using biometrics, […]
Ready Players Win: Leaders of the Future Enterprise
In the face of structural change and rampant crises, the world—and the technologies reshaping it—is experiencing a drastic shift. Even the very nature of disruption is evolving, with challenges such as talent gaps and inflationary pressures frequently demanding our immediate attention. To outpace these events, CIOs need to leverage resilience capabilities as a competitive advantage. […]
ChatGPT disruption: AI’s evolving vision renews need for trusted, governed data
Access to artificial intelligence (AI) and the drive for adoption by organizations is more prevalent now than it’s ever been, yet many companies are struggling with how to manage data and the overall process. As companies open this “pandora’s box” of new capabilities, they must be prepared to manage data inputs and outputs in secure […]
Dell pushes security, devops integration in storage updates
The company’s latest storage updates include Ansible and Terraform integration, zero trust readiness and security, and an array of incremental enhancements.
Microsoft fixes bypass for critical Outlook zero-click flaw patch
Microsoft fixed a new vulnerability this week that could be used to bypass defenses the company put in place in March for a critical vulnerability in Outlook that Russian cyberspies exploited in the wild. That vulnerability allowed attackers to steal NTLM hashes by simply sending specifically crafted emails to Outlook users. The exploit requires no […]
Equifax Releases Security and Privacy Controls Framework
Equifax released its security and privacy controls framework to provide a public blueprint to help organizations to build or enhance their own cybersecurity programs. The post Equifax Releases Security and Privacy Controls Framework appeared first on SecurityWeek.
Google Now Lets US Users Search Dark Web for Their Gmail ID
Google is now letting Gmail users in the US run scans to learn whether their Gmail ID appears on the dark web. The post Google Now Lets US Users Search Dark Web for Their Gmail ID appeared first on SecurityWeek.
IBM unveils end-to-end, quantum-safe tools to secure business, government data
Technology giant IBM has debuted a new set of tools and capabilities designed as an end-to-end, quantum-safe solution to secure organizations and governmental agencies as they head toward the post-quantum computing era. Announced at its annual Think conference in Orlando, Florida, Quantum Safe technology combines expertise across cryptography and critical infrastructure to address the potential […]
Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme
ICS cybersecurity vendor Dragos discloses breach and data theft but says ransomware group failed at elaborate extortion scheme. The post Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme appeared first on SecurityWeek.
Appeals Court Sides With Corellium in Apple Copyright Case
US appeals court sides with Corellium in the copyright infringement lawsuit filed by Apple against the company over its security research tools. The post Appeals Court Sides With Corellium in Apple Copyright Case appeared first on SecurityWeek.
AI push or pause: CIOs speak out on the best path forward
With the AI hype cycle and subsequent backlash both in full swing, IT leaders find themselves at a tenuous inflection point regarding use of artificial intelligence in the enterprise. Following stern warnings from Elon Musk and revered AI pioneer Geoffrey Hinton, who recently left Google and is broadcasting AI’s risks and a call to pause, […]
On the cutting edge: Celebrating 30 years of technological innovation and leadership at Thoughtworks
This May, Thoughtworks is proud to celebrate 30 years of helping their clients across the world to build the modern digital businesses of the future through the application of strategy, technology and design. Since launching in 1993, Thoughtworks is now over 12,500 people strong with 50 offices in 18 countries. Thirty years of leadership in […]
International security agencies warn of Russian “Snake” malware threat
Security agencies from five countries have issued a joint advisory revealing technical details about a sophisticated espionage tool used by Russian cyber actors against their targets. “Snake malware” and its variants have been a core component in Russian espionage operations carried out by Center 16 of Russia’s Federal Security Service (FSB) for nearly two decades, […]
SquareX Raises $6 Million for Browser Security Product
SquareX emerges from stealth mode with $6 million in seed funding for the development of its security-focused browser extension. The post SquareX Raises $6 Million for Browser Security Product appeared first on SecurityWeek.
Take a pizza chain, add SAP, and bake for ongoing success
When MOD Pizza opened in 2008, customers had a chance to get a taste of something different. MOD, which stands for “Made on Demand,” offers customizable, artisan pizzas, giving customers a choice of more than 40 toppings with various sauces, and customizable salads —delivered superfast. MOD in America But pizza (and salads) alone isn’t what separates […]
IBM Delivers Roadmap for Transition to Quantum-safe Cryptography
IBM’s Quantum Safe Roadmap was designed to help federal agencies and business meet the requirements and the deadlines for quantum safe cryptography. The post IBM Delivers Roadmap for Transition to Quantum-safe Cryptography appeared first on SecurityWeek.
Webb Raises $7 Million for Blockchain Asset Transfer Privacy System
Blockchain company Webb Technologies has raised $7 million in seed funding for its privacy tools and protocol. The post Webb Raises $7 Million for Blockchain Asset Transfer Privacy System appeared first on SecurityWeek.
Capita Says Ransomware Attack Will Cost It Up to $25 Million
UK-based Capita says the recent ransomware attack will cost it up to $25 million, but it has not clarified whether that includes a ransom payment to the cybercriminals. The post Capita Says Ransomware Attack Will Cost It Up to $25 Million appeared first on SecurityWeek.
Make them pay: Hackers devise new tactics to ensure ransomware payment
Ransomware remains one of the biggest cyber threats that organizations and governments continue to face. However, hackers are engineering new ways to extract ransom from their victims as organizations take a conscious call to decline ransom payment demands. With the fall of the most notorious ransomware gang Conti in May 2022, it was assumed that ransomware […]
Evil digital twins and other risks: the use of twins opens up a host of new security concerns
The use of digital twins — virtual representations of actual or envisioned real-world objects — is growing. Their uses are multifold and can be incredibly helpful, providing real-time models of physical assets or even people or biological systems that can help identify problems as or even before they occur. Grand View Research has predicted that […]
Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities
Intel and AMD have informed their customers about a total of more than 100 vulnerabilities found in their products. The post Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities appeared first on SecurityWeek.
SAP Patches Critical Vulnerabilities With May 2023 Security Updates
SAP released 18 new security notes on May 2023 Security Patch Day, including two that resolve critical vulnerabilities in 3D Visual Enterprise License Manager and BusinessObjects. The post SAP Patches Critical Vulnerabilities With May 2023 Security Updates appeared first on SecurityWeek.
CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief
HP and Dell Technologies are two of the world’s largest international computer manufacturers. Their CISOs, Joanna Burkey (HP) and Kevin Cross (Dell), both manage security teams comprising many hundreds of people, and are responsible for corporate security across multiple jurisdictions. The role of CISO is different for a multinational corporation compared to a national company. […]
Twitter Celebrity Hacker Pleads Guilty in US
Joseph James O’Connor pleaded guilty for his role in schemes to hack the Twitter accounts of celebrities like Barack Obama and Elon Musk. The post Twitter Celebrity Hacker Pleads Guilty in US appeared first on SecurityWeek.
How Novanta’s CIO mobilized its data-driven transformation
With headquarters in Boston and over 2,700 employees worldwide, Novanta is an $800 million global supplier of laser photonics, precision motion control, and vision technologies. CIO Sarah Betadam, who joined in 2019 as VP of business applications, and then became global CIO in January 2021, is tasked with the strategic direction, leadership, and implementation of […]
How to modernize and accelerate mainframe application development
The mainframe may seem like a relic of a day gone by, but truth be told, it’s still integral. According to the Rocket Software Survey Report 2022: The State of the Mainframe, four out of five IT professionals see the mainframe as critical to business success. At the same time, innovation and modernization are imperative […]
Tableau GPT brings generative AI to Salesforce data analytics suite
Salesforce’s business intelligence platform, Tableau, is getting generative AI features in the form of Tableau GPT, built on the company’s proprietary Einstein GPT AI engine, which has also been integrated into other products such as Slack. “Tableau GPT can enhance and automate things like analyzing data, exploring it, sharing it, consuming it. The generative AI […]
Cybersecurity stress returns after a brief calm: ProofPoint report
Global cybersecurity concerns are returning to pandemic levels as 68% of CISOs from 16 countries said they fear a cyberattack in the next 12 months, according to a ProofPoint survey. “With the disruption of the pandemic now largely behind us, the return to normal operations may imply that CISOs can breathe easier, but the opposite […]
Microsoft Patch Tuesday: 40 Vulnerabilities, 2 Zero-Days
Microsoft’s May 2023 security updates address a total of 40 newly documented vulnerabilities, including two flaws already exploited in attacks. The post Microsoft Patch Tuesday: 40 Vulnerabilities, 2 Zero-Days appeared first on SecurityWeek.
US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware
The US government has announced the disruption of Snake, a sophisticated cyberespionage malware officially attributed to a unit of Russia’s FSB agency. The post US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware appeared first on SecurityWeek.
The promise, peril, and potential of the metaverse
We see the metaverse as an intersection of immersive experiences across the augmented reality (AR) and virtual reality (VR) spectrums. Businesses can use it, as many already are, to enrich experiences, products, and services with virtual overlays for navigation and context. Others are creating new, fully immersive environments and finding a way to engage customers […]
GitHub Secret-Blocking Feature Now Generally Available
GitHub makes push protection generally available to warn developers whenever they include a secret in a commit. The post GitHub Secret-Blocking Feature Now Generally Available appeared first on SecurityWeek.
Adobe Patches 14 Vulnerabilities in Substance 3D Painter
Adobe has patched more than a dozen vulnerabilities, including critical code execution flaws, in its Substance 3D Painter product. The post Adobe Patches 14 Vulnerabilities in Substance 3D Painter appeared first on SecurityWeek.
A data-driven approach to customer success — your new growth engine
In today’s challenging economy, customer expectations are high, patience is low, and attention is at a premium. Your customers demand a seamless experience with your products and services, with easy access to detailed, helpful self-service support options. So how do you stay ahead of ever-increasing customer demands? Data. Harnessing numerous customer data points, often scattered […]
Brewing up a perfect blend of experiences for your customers
What can you learn from a cup of coffee? A single cup might seem trivial in terms of its impact on the overall business. But capture that cup with a smart camera, track it, apply analytics—and voilà! Suddenly, for the coffee shop, that beverage becomes an opportunity to gain insights to deliver better experiences for […]
ICS Patch Tuesday: Siemens, Schneider Electric Address Few Dozen Vulnerabilities
Siemens and Schneider Electric’s Patch Tuesday advisories for May 2023 address a few dozen vulnerabilities found in their products. The post ICS Patch Tuesday: Siemens, Schneider Electric Address Few Dozen Vulnerabilities appeared first on SecurityWeek.
Majority of US, UK CISOs unable to protect company 'secrets': Report
About 52% of chief information and security officers (CISOs) in the US and UK organizations are unable to fully secure their company secrets, according to a report by code security platform GitGuardian. The report pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs […]
Nebulon's TripLine offers ransomware encryption protection for on-prem systems
Smart infrastructure provider Nebulon today announced the immediate availability of TripLine, an early warning system for cryptographically based ransomware attacks on on-premises systems. It’s designed to quickly identify the precise time and system location where an attack has occurred. Nebulon said that the new service uses two techniques to achieve this aim. The first is […]
DigiCert’s DigiCert ONE platform now available on Oracle Cloud Infrastructure
Digital trust firm DigiCert has announced a partnership with Oracle to make DigiCert ONE available on Oracle Cloud Infrastructure (OCI). DigiCert ONE is a cloud-native SaaS platform that secures and centrally manages users, devices, servers, documents, and software. Companies use OCI for various functions including secure infrastructure, application, and workload management. The partnership makes DigiCert […]
Malwarebytes releases Mobile Security for OneView to secure Chromebooks, Android, iOS devices
Endpoint security vendor Malwarebytes has announced the release of Mobile Security for OneView to enable managed service providers (MSPs) to protect Chromebooks, Android, and iOS devices against mobile threats such as ransomware and malicious apps. MSPs can now use the Malwarebytes OneView platform to monitor their customers’ mobile phones and tablets alongside their servers, workstations, […]
Data Protection Startup Optery Raises $2.7 Million in Seed Funding
Data protection startup Optery has raised $2.7 million in a seed funding round led by Bayhouse Capital. The post Data Protection Startup Optery Raises $2.7 Million in Seed Funding appeared first on SecurityWeek.
Building Automation System Exploit Brings KNX Security Back in Spotlight
A public exploit targeting building automation systems brings KNX security back into the spotlight, with Schneider Electric releasing a security bulletin. The post Building Automation System Exploit Brings KNX Security Back in Spotlight appeared first on SecurityWeek.
Microsoft: Iranian APTs Exploiting Recent PaperCut Vulnerability
Microsoft warns that two Iranian state-sponsored groups have adopted exploits targeting a recently patched PaperCut vulnerability. The post Microsoft: Iranian APTs Exploiting Recent PaperCut Vulnerability appeared first on SecurityWeek.
In Global Rush to Regulate AI, Europe Set to Be Trailblazer
Europe is set to be the trailblazer when it comes to regulating AI such as ChatGPT. The post In Global Rush to Regulate AI, Europe Set to Be Trailblazer appeared first on SecurityWeek.
Why companies with a data-driven culture achieve competitive advantage
In today’s data-driven world, many organizations face major hurdles as they navigate a transformation journey that eliminates silos, unifies data, and transforms it into value. For many, building a culture of innovation remains elusive. IDC’s Future of Intelligence predictions for 2023 show what’s possible when businesses get it right. Top-quartile enterprise intelligence performers are 2.7 […]
7 VPN alternatives for securing remote network access
Once the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, it has […]
Small- and medium-sized businesses: don’t give up on cybersecurity
In today’s increasingly hostile environment, every enterprise, be they big or small, should be concerned about cybersecurity and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world. Yet time and again, we see small- and medium-sized businesses […]
Are You Using a Cloud Experience to Boost Business Value?
Like most CIOs you’ve no doubt leaned on ROI, TCO and KPIs to measure the business value of your IT investments. Maybe you’ve even surpassed expectations in each of these yardsticks. Those Three Big Acronyms are still important for fine-tuning your IT operations, but success today is increasingly measured in business outcomes. Put another way: […]
US Seizes Domains of 13 DDoS-for-Hire Services
US authorities have seized 13 internet domains associated with DDoS-for-hire services. The post US Seizes Domains of 13 DDoS-for-Hire Services appeared first on SecurityWeek.
The SBOM Bombshell
SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is not standardized across multiple platforms. The post The SBOM Bombshell appeared first on SecurityWeek.
The one true way to prove IT’s value to your CEO
When I was a CIO, I always dreaded the annual budget season because I knew, somewhere during the process, the CEO, my boss, would ask, “What are we getting for this constantly growing IT department.” It’s a question that keeps most CIOs up at night when asked to defend IT investments, and it’s one all […]
AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability
A DDoS botnet named AndoryuBot has been seen exploiting CVE-2023-25717, a recent remote code execution vulnerability affecting Ruckus access points. The post AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability appeared first on SecurityWeek.
CIO50 Australia 2023 nominations extended
The deadline for nominations in this year’s CIO50 Australia has been extended to Friday, May 19. Now in its eight year, the annual CIO50 Awards will be held as part of the CIO50 Symposium & Awards on June 27 at the ICC in Sydney. This flagship awards program from CIO Australia is open to senior […]
Dow turns to AI to accelerate chemical search
For chemists, finding just the right molecule for a particular application can be like searching for a needle in a haystack. With several million compounds to choose from, chemists often must resort to intuition when trying to solve complex problems around chemical processes. US multinational Dow Chemical was working with a pulp and paper manufacturer […]
New ransomware group CACTUS abuses remote management tools for persistence
A cybercriminal group has been compromising enterprise networks for the past two months and has been deploying a new ransomware program that researchers dubbed CACTUS. In the attacks seen so far the attackers gained access by exploiting known vulnerabilities in VPN appliances, moved laterally to other systems, and deployed legitimate remote monitoring and management (RMM) […]
Elevating Wi-Fi Security and Connectivity with Passpoint: A Strategic Focus for CIOs
As campus networks continue to evolve, CIOs face a new hurdle in ensuring top-notch security measures. The importance of Wi-Fi technology cannot be understated as visitors and employees rely on it for seamless connectivity while on campus. However, CIOs and their teams are challenged with not only addressing security threats but also troubleshooting an extensive […]
How to Make the Quantum (Computing) Leap
If you’ve been reading a lot about quantum computing recently, you likely have a few questions. Some of those questions may be about how quantum computing works. After all, it is very different from other kinds of computing. (You can learn a little about the basics in the recent CIO article Are you ready for quantum computing?) […]
Google Releases Open Source Bazel Plugin for Container Image Security
Google announces the general availability of ‘rules_oci’ Bazel plugin to improve the security of container images. The post Google Releases Open Source Bazel Plugin for Container Image Security appeared first on SecurityWeek.
Esteemed UK academy proves innovation without disruption is possible
Kettering Buccleuch Academy (KBA) takes pride in offering a fantastic experience for everyone who contributes to school life, from students and parents to teaching staff and management. The mixed all-through school – praised for its amazing staff, motivational lessons, and supportive community – is the first in its county to achieve all eight Gatsby benchmarks […]
Review your on-prem ADCS infrastructure before attackers do it for you
Attackers love to find weak spots in our domains and networks. Too often, they can enter systems to lie in wait and launch attacks at a later time. A case in point is the infamous SolarWinds software attack, which infected up to nine US agencies and many organizations with backdoors into their infrastructure. Recent investigations […]
Ransomware Group Claims Attack on Constellation Software
The Alphv/BlackCat ransomware group claims to have stolen more than 1TB of data from Constellation Software. The post Ransomware Group Claims Attack on Constellation Software appeared first on SecurityWeek.
Private Tweets Exposed Due to Twitter Circle Security Bug
Twitter is informing users that tweets posted to their Circle may have been seen by individuals outside the Circle. The post Private Tweets Exposed Due to Twitter Circle Security Bug appeared first on SecurityWeek.
Vulnerability in Field Builder Plugin Exposes Over 2M WordPress Sites to Attacks
An XSS vulnerability in the Advanced Custom Fields WordPress plugin exposes more than 2 million sites to attacks. The post Vulnerability in Field Builder Plugin Exposes Over 2M WordPress Sites to Attacks appeared first on SecurityWeek.
9 upskilling tips that pay dividends
Upskilling has moved from what once was viewed as an employment perk to a mandate. Even with tech layoffs and uncertain economic times, the IT labor market remains hypercompetitive and organizations cannot afford not to invest in training existing staff. Forty-one percent of CIOs reported plans to increase investment in training programs to reskill IT […]
Smart UPS Connectivity: what it is and why you need it
The electricity supply in Australia, New Zealand and Singapore is very reliable, much more so than in many countries in East Asia, but outages do occur, and the shift to renewables is increasing the risk, as are more extreme weather events. Also, there can be other problems about which the average user would be unaware: […]
$1.1M Paid to Resolve Ransomware Attack on California County
A $1.1 million payment was made to resolve a ransomware attack on San Bernardino county’s law enforcement computer network. The post $1.1M Paid to Resolve Ransomware Attack on California County appeared first on SecurityWeek.
1 Million Impacted by Data Breach at NextGen Healthcare
NextGen Healthcare is informing roughly 1 million individuals that their personal information was compromised in a data breach. The post 1 Million Impacted by Data Breach at NextGen Healthcare appeared first on SecurityWeek.
Western Digital Confirms Ransomware Group Stole Customer Information
Western Digital has confirmed that a ransomware group has stolen customer and other information from its systems. The post Western Digital Confirms Ransomware Group Stole Customer Information appeared first on SecurityWeek.
NZ losing out on opportunity to outsource
Most New Zealand enterprises are not leveraging offshore tech skills to plug gaps, according to a new report from the University of Auckland’s Centre of Digital Enterprise. Professor Ilan Oshri from the Centre of Digital Enterprise (CODE) which is part of the University of Auckland’s Business School, has launched The Current and Future State of […]
Fletcher Building CIO’s blueprint to digitally transform
“You can never drive the car looking through the rearview mirror,” says Joe Locandro, CIO of Fletcher Building, one of Australasia’s largest building materials supplier. “As CIO, you have to keep looking ahead and feel comfortable in backing yourself. That’s the difference between being CIO and an IT manager—one is responsible for getting things done, […]
Rebalancing through re-calibration
“We have to walk a new path with our clients,” says Kamal Nath, CEO of Sify, who shed light on the ways of working closely on the complexities pre-pandemic and how we are heading into a new post-pandemic era. He focuses on the strategic insights into how businesses would operate in the future. “Building new […]
Green Clouds Ahead: Cloudist sees a new sustainable future ahead for the Nordic region’s managed service providers
Headquartered in Malmö, Sweden, Cloudist AB is on a mission to help managed service providers embrace the transformative potential of the cloud. But Robert Brink, the company’s cloud architect, notes there is a caveat. “We want our customers to be able to provide their clients with high-performance cloud services from the Nordic region’s most secure […]
Learn from IT Thought Leaders at FutureIT D.C.
The mouthwatering aromas and Instagram-worthy food coming from Chef Edward Lee’s kitchens are a far cry from the virtual worlds of IT professionals. And yet both can be high-stress work environments where smart systems and teamwork lead to the best outcomes. Lee has thought a lot about what a modern workplace should look like, and […]
8-10x performance upticks in next-gen infrastructure enable AI workloads
CIOs and IT leaders call it the most disruptive technology yet, and now it’s moving rapidly into the mainstream. Artificial intelligence (AI), an increasingly crucial piece of the technology landscape, has arrived. More than 91 percent of businesses surveyed have ongoing — and increasing — investments in artificial intelligence. Deploying AI workloads at speed and scale, however, requires software and hardware […]
Orca integrates cloud app security platform with GPT-4
Agentless cloud security provider Orca Security has integrated Microsoft Azure OpenAI GPT-4 into its cloud-native application protection platform (CNAPP) under the ChatGPT implementation program that the cybersecurity company started earlier this year. “With our transition to Azure OpenAI, our customers benefit from the security, reliability, and enterprise level support that Microsoft provides,” said Avi Shua, […]
Azure API Management flaws highlight server-side request forgery risks in API development
Microsoft recently patched three vulnerabilities in its Azure API Management service, two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal Azure assets. The proof-of-concept exploits serve to highlight common errors that developers could make when trying to implement blacklist-based restrictions for their own APIs and services. Web […]
How No-Code/Low-Code Solutions Help IT Organizations Evolve
When it comes to application development, many companies are pursuing no-code and low-code solutions to stay competitive. No-code and low-code solutions require less coding expertise, making application development accessible to more employees and enabling IT staff to focus on more strategic initiatives. They also give end users flexibility and control — all of which is […]
We Are Innovation
By Ram Velaga, Senior Vice President and General Manager, Core Switching Group As Thomas Edison said, “The value of an idea lies in the using of it,” and I very much believe that innovation without execution is just another idea. As I recently discussed with Pat Moorhead and Dan Newman during a Six Five […]
Microsoft patches 3 vulnerabilities in Azure API Management
Microsoft has patched three new vulnerabilities in the Azure API Management service which includes two Server-Side Request Forgery (SSRF) vulnerabilities and a file upload path traversal on an internal Azure workload, according to cybersecurity firm Ermetic. The vulnerabilities were achieved through url formatting bypasses and an unrestricted file upload functionality in the API Management developer […]
Pro-Russian Hackers Claim Downing of French Senate Website
The French Senate’s website was offline on Friday after pro-Russian hackers claimed to have taken it down, in just the latest such cyberattack since Russia invaded Ukraine last year. The post Pro-Russian Hackers Claim Downing of French Senate Website appeared first on SecurityWeek.
Google Launches New Cybersecurity Analyst Training Program
Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google. The post Google Launches New Cybersecurity Analyst Training Program appeared first on SecurityWeek.
New Android Trojans Infected Many Devices in Asia via Google Play, Phishing
The recently identified Fleckpe Android trojan has infected over 600,000 users in Southeast Asia via Google Play. The post New Android Trojans Infected Many Devices in Asia via Google Play, Phishing appeared first on SecurityWeek.
The Merck appeal: cyber insurance and the definition of war
Pharmaceutical firm Merck recently won an appeal that could mean its insurers will have to pay up on a $1.4-billion judgment related to the NotPetya cyberattack in 2017. The New Jersey appellate division judges hearing the appeal judge noted that the plain definition of war applies to the various insurance policies and that a cyberattack […]
Google launches entry-level cybersecurity certificate to teach threat detection skills
Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior […]
Fortinet Patches High-Severity Vulnerabilities in FortiADC, FortiOS
Fortinet has released patches for two high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy. The post Fortinet Patches High-Severity Vulnerabilities in FortiADC, FortiOS appeared first on SecurityWeek.
Azure API Management Vulnerabilities Allowed Unauthorized Access
Three vulnerabilities in the Azure API Management service could be exploited for internal asset access, DoS, firewall bypass, and the upload of malicious files. The post Azure API Management Vulnerabilities Allowed Unauthorized Access appeared first on SecurityWeek.
Biden, Harris Meet With CEOs About AI Risks
Vice President Kamala Harris met with the heads of companies developing AI as the Biden administration rolls out initiatives to ensure the technology improves lives without putting people’s rights and safety at risk. The post Biden, Harris Meet With CEOs About AI Risks appeared first on SecurityWeek.
Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid
Siemens recently patched a critical vulnerability affecting some of its energy ICS devices that could allow hackers to destabilize a power grid. The post Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid appeared first on SecurityWeek.
Vulnerability Could Have Been Exploited for ‘Unlimited’ Free Credit on OpenAI Accounts
A vulnerability in OpenAI’s account validation allowed anyone to obtain virtually unlimited free credit by registering new accounts with the same phone number. The post Vulnerability Could Have Been Exploited for ‘Unlimited’ Free Credit on OpenAI Accounts appeared first on SecurityWeek.
CarMax drives business value with GPT-3.5
Generative AI such as ChatGPT has of late captured the imagination of business leaders across industries. While enterprise IT orgs by and large are taking a measured approach, some early movers are showing impressive results. CarMax’s IT team, for one, has been working with Microsoft and OpenAI to leverage GPT-3.x for business value even before […]
Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor
Google’s latest Android security updates patch over 40 vulnerabilities, including CVE-2023-0266, a kernel flaw exploited as a zero-day by a spyware vendor. The post Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor appeared first on SecurityWeek.
Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up
Former Uber security chief Joe Sullivan was sentenced to probation and community service for covering up the data breach suffered by the ride-sharing giant in 2016. The post Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up appeared first on SecurityWeek.
Improving Data Security, Privacy, and Compliance with Sovereign Cloud
In the first use case of this series, Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud, we looked at what data sovereignty is, why it’s important, and how sovereign clouds solve for jurisdictional control issues. Now let’s take a closer look at how data privacy and sovereignty regulations are driving security, […]
White House unveils AI rules to address safety and privacy
President Biden’s rules are not legally binding, but they do offer guidance and begin a conversation at the national level about real and existential threats posed by generative AI technologies such as ChatGPT.
Patch manager Action1 to add vulnerability discovery, prioritization
Cloud-native, patch-management application provider Action1 is set to add vulnerability discovery and prioritization capabilities to its namesake flagship platform to help businesses stay ahead of software exploits. The plan is part of a company strategy to expand beyond its traditional patch management features and add capabilities aimed at enhancing an organization’s resilience to cybersecurity threats. […]
FutureIT Toronto – Where IDC Analysts and Canadian Tech Leaders Meet
At FutureIT | Toronto, you’ll walk away with insights and tactics that will help your organization no matter where you are in your digital journey. Get ready to ask questions to our experts, participate in discussion groups and learn about modernizing your digital enterprise with cloud, AI and security. Lights. Camera. Action! CIO and IDC present […]
Thinking outside the cloud: bring cloud agility to your entire infrastructure
Cloud technology is a springboard for digital transformation, delivering the business agility and simplicity that are so important to today’s business. Cloud is also a powerful catalyst for improving IT and user experiences, with operating principles such as anywhere access, policy automation, and visibility. The benefits of cloud for the business, for IT operations, and […]
Malware disguised as ChatGPT apps are being used to lure victims, Meta says
Facebook’s parent company, Meta, has issued a warning that hackers are taking advantage of people’s interest in ChatGP and other generative AI applications to trick them into installing malware that pretends to provide AI functionality. Since March, Meta has discovered about 10 malware families using AI themes to compromise business accounts across the internet — including […]
Fraud Detection Startup Moonsense Raises $4.2 Million in Seed Funding
Fraud detection startup Moonsense has raised $4.2 million in a seed funding round co-led by Race Capital and XYZ Ventures. The post Fraud Detection Startup Moonsense Raises $4.2 Million in Seed Funding appeared first on SecurityWeek.
The post-quantum cryptography conundrum
Business leaders may have heard of quantum computing, but many are not yet aware of its incipient threat to cryptography and cryptocurrency. When these machines reach a sufficient level of performance, they will be able to easily factor prime numbers, which poses a threat to RSA. Only a few realize that the time to prepare […]
Meta Swiftly Neutralizes New ‘NodeStealer’ Malware
Meta says it disrupted the new NodeStealer malware, which likely has Vietnamese origins, within weeks after it emerged. The post Meta Swiftly Neutralizes New ‘NodeStealer’ Malware appeared first on SecurityWeek.
Using Threat Intelligence to Get Smarter About Ransomware
Given the crippling effects ransomware has had and indications that these types of attacks aren’t slowing down, it makes sense to look to threat intelligence to help. The post Using Threat Intelligence to Get Smarter About Ransomware appeared first on SecurityWeek.
Microsoft Expands AI Access to Public
Microsoft expanded public access to its generative artificial intelligence programs, despite fears that tech firms are rushing ahead too quickly with potentially dangerous technology. The post Microsoft Expands AI Access to Public appeared first on SecurityWeek.
Satori Releases Open Source Data Permissions Scanner for Enterprises
Data security firm Satori has released a free and open source tool designed to help organizations find out who has access to what data and how. The post Satori Releases Open Source Data Permissions Scanner for Enterprises appeared first on SecurityWeek.
ISTARI, University of Cambridge education program to elevate cyber leaders into business leaders
Cybersecurity advisory firm ISTARI is partnering with the Cambridge Judge Business School (CJBS) at the University of Cambridge to deliver global education aimed at elevating technical cybersecurity leaders into “transformative business leaders.” The Navigator program features four days of in-person learning led by an academic faculty alongside industry-leading experts, the two parties said. The curriculum […]
Harris to Meet With CEOs About Artificial Intelligence Risks
The Biden administration plans to announce an investment of $140 million to establish seven new AI research institutes, administration officials said. The post Harris to Meet With CEOs About Artificial Intelligence Risks appeared first on SecurityWeek.
US Announces Takedown of Card-Checking Service, Charges Against Russian Operator
The US announces charges against Denis Gennadievich Kulkov, the creator and operator of card-checking platform Try2Check since 2005 until it was taken down this week. The post US Announces Takedown of Card-Checking Service, Charges Against Russian Operator appeared first on SecurityWeek.
Cisco Warns of Critical Vulnerability in EoL Phone Adapters
Cisco warns of a critical-severity RCE vulnerability impacting EoL SPA112 2-Port Phone Adapters. The post Cisco Warns of Critical Vulnerability in EoL Phone Adapters appeared first on SecurityWeek.
Apple Releases First-Ever Security Updates for Beats, AirPods Headphones
Apple has released firmware updates for Beats and AirPods to patch a vulnerability that can be exploited to gain access to headphones via a Bluetooth attack. The post Apple Releases First-Ever Security Updates for Beats, AirPods Headphones appeared first on SecurityWeek.
i-Pro Americas goes hands-on with S/4HANA data migration
While mergers and the IT challenges that follow get the attention, there have been some interesting cases of the reverse in recent years. IBM sold off its managed infrastructure business to form Kyndryl; German utility E.ON spun out its gas power activities as Uniper; and most recently, General Motors set up a new subsidiary, BrightDrop, […]
CIOs heed the call for customer-centric IT
Customer experience (CX) has always been vital for the success of any business — and the pandemic has only reinforced its importance. Research from global management consulting company McKinsey shows that organizations enhancing CX can boost sales by up to 7% and profitability by 1% to 2%, while improving overall shareholder returns by 7% to […]
Ransomware Attack Affects Dallas Police, Court Websites
Dallas was hit with a ransomware attack that brought down its Police Department and City Hall websites on May 3rd. The post Ransomware Attack Affects Dallas Police, Court Websites appeared first on SecurityWeek.
ODC-Noord: The Netherland’s northernmost government data center is committed to a zero carbon future
One of four government data centers in the Netherlands, Overheidsdatacenter Noord (ODC-Noord), the northernmost facility of its kind in The Netherlands, is located in the picturesque city of Groningen. With nearly 140 employees, the high-performance data center provides government agencies with mission-critical compute, storage, and networking solutions needed to provide important services to citizens. Offering […]
Google rolls out passkey support across accounts on all major platforms
Google has begun rolling out support for passkeys across Google Accounts on all major platforms, adding a new sign-in option that can be used alongside passwords and two-step verification. The tech giant announced passkey availability on the eve of World Password Day as it looks to introduce more secure, reliable sign-in options. The rollout comes […]
Vanta adds new SaaS capability to address growing concerns over vendor security
SaaS-based security and compliance solution provider Vanta has launched a Vendor Risk Management (VRM) offering to help organizations streamline third-party vendor security reviews and due diligence. The company claims that the new offering will automate vendor discovery, vendor assessment, and remediation workflows to significantly reduce the time and cost associated with third-party vendor risk reviews […]
Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices
Apple and Google propose new industry specification for Bluetooth location-tracking devices, to prevent unwanted tracking. The post Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices appeared first on SecurityWeek.
Court Rules in Favor of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyberattack
Court says insurers must pay Merck for losses related to the Russia-linked NotPetya cyberattack. The post Court Rules in Favor of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyberattack appeared first on SecurityWeek.
Passkeys Support Added to Google Accounts for Passwordless Sign-Ins
Google has added passkeys support to Google accounts on all major platforms as part of the company’s passwordless sign-in efforts. The post Passkeys Support Added to Google Accounts for Passwordless Sign-Ins appeared first on SecurityWeek.
Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation
Vulnerabilities in Netgear network management system allow attackers to retrieve cleartext passwords and escalate privileges. The post Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation appeared first on SecurityWeek.
Metal recycling for a better planet
Galloo is a Western European company headquartered in Belgium, founded in 1939 with the noble purpose of processing discarded consumer goods and factory scrap into useful raw materials. Every year, the company gives a second life to more than 1 million tonnes of steel and more than 60,000 tonnes of metals, ensuring an environmental impact […]
BlackCat group releases screenshots of stolen Western Digital data
Ransomware group BlackCat has released a set of screenshots on its leak site that it claims are from data stolen from Western Digital in an April system breach. The images include screenshots of videoconferences and internal emails of the storage device manufacturer, according to a tweet by cybersecurity researcher Dominic Alvieri. The screenshots also included […]
Attacks increasingly use malicious HTML email attachments
Researchers warn that attackers are relying more on malicious HTML files in their attacks, with malicious files now accounting for half of all HTML attachments sent via email. This rate of malicious HTML prevalence is double compared to what it was last year and doesn’t appear to be the result of mass attack campaigns that […]
Hackers Promise AI, Install Malware Instead
Facebook parent Meta warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malware on devices. The post Hackers Promise AI, Install Malware Instead appeared first on SecurityWeek.
Chrome 113 Released With 15 Security Patches
Chrome 113 was released to the stable channel with 15 security fixes, including 10 that address vulnerabilities reported by external researchers. The post Chrome 113 Released With 15 Security Patches appeared first on SecurityWeek.
Skilling up the security team for the AI-dominated era
As artificial intelligence and machine learning models become more firmly woven into the enterprise IT fabric and the cyberattack infrastructure, security teams will need to level up their skills to meet a whole new generation of AI-based cyber risks. Forward-looking CISOs are already being called upon to think about newly emerging risks like generative AI-enabled […]
oneM2M IoT security specifications granted ITU approval
The ITU Telecommunication Standardization Sector (ITU-T) has approved a set of security specifications for internet of things (IoT) systems. The oneM2M specifications define a common set of IoT service functions to enable secure data exchange and information interoperability across different vertical sectors, service providers, and use cases. The specifications were approved by more than 190 […]
Open Banking: A Perfect Storm for Security and Privacy?
Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security expertise or resources, are rushing new products to market. The post Open Banking: A Perfect Storm for Security and Privacy? appeared first on SecurityWeek.
Exploitation of BGP Implementation Vulnerabilities Can Lead to Disruptions
Open source BGP implementation FRRouting is affected by three vulnerabilities that can be exploited to cause disruption via DoS attacks. The post Exploitation of BGP Implementation Vulnerabilities Can Lead to Disruptions appeared first on SecurityWeek.
Chinese APT Uses New ‘Stack Rumbling’ Technique to Disable Security Software
A subgroup of China-linked hacker group APT41 is using a new ‘stack rumbling’ DoS technique to disable security software. The post Chinese APT Uses New ‘Stack Rumbling’ Technique to Disable Security Software appeared first on SecurityWeek.
Digitizing in tough times: ‘Support users, not systems’
The construction industry was one of the first affected by Sweden’s recent economic deterioration, and housing construction has also slowed down over the past year. “We notice the macroeconomic effects with both cost inflation and higher interest rates,” says Peab group CIO Klas Antoni. “That means we generally have an increased cost focus now and are […]
9 ways to avoid falling prey to AI washing
In recent months, artificial intelligence has been everyone’s favorite buzzword. Both Silicon Valley startups and Fortune 500 companies see industries revolutionize as AI steadily picks up pace. But excitement, progress, and red flags like AI washing, are developing in equal measure. Some businesses, desperate to get on the gravy train, want to cash in on […]
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cybercriminals
Authorities in the US and Ukraine have worked together to shut down nine websites offering cryptocurrency exchange services to cybercriminals. The post US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cybercriminals appeared first on SecurityWeek.
SAP to infuse IBM’s Watson AI engine into its entire portfolio
ERP software provider SAP on Tuesday said it is partnering with IBM to infuse the latter’s Watson artificial intelligence (AI) engine across its entire solutions portfolio, including SAP S/4 HANA, S/4 HANA Cloud, SAP Business One, and SAP Business ByDesign. The move, which is expected to help SAP exploit the natural language processing (NLP) abilities […]
Avoiding the catch-22 of IT outsourcing
The make-versus-buy decision at the heart of any outsourcing proposition is not as black-and-white as many IT leaders think. Keeping IT work insourced versus contracting with a partner organization no longer needs to be a yes or no decision. Over the past two decades, progressive sourcing models have emerged to enable companies to work more […]
Democratizing automation with citizen developers: navigating the pitfalls and opportunities
This article was co-authored by Massimo Pezzini, Head of Research, Future of the Enterprise at Workato. The uncertain economic environment and rapidly evolving technology landscape have pressured organizations to improve efficiency, innovate, and adapt. Citizen developers have emerged as an approach to bridge the gap between technical expertise and domain knowledge. Those self-taught deeply understand […]
Samsung bans staff AI use over data leak concerns
Samsung has reportedly banned employee use of generative AI tools like ChatGPT in a bid to stop transmission of sensitive internal data to external servers. The South Korean electronics giant issued a memo to a key division, notifying employees not to use AI tools, according to a report by Bloomberg, which said it reviewed the […]
Veza releases access security, governance solution for SaaS applications
Data security authorization vendor Veza has announced a new solution for access security and governance across SaaS applications including Salesforce, GitHub, and Slack. Veza for SaaS Apps allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations – securing the attack surface associated with widespread SaaS […]
IT Services Firm Bitmarck Takes Systems Offline Following Cyberattack
German IT services giant Bitmarck has taken customer and internal systems offline following a cyberattack. The post IT Services Firm Bitmarck Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
Global Operation Takes Down Dark Web Drug Marketplace
Law enforcement agencies around the world seized an online marketplace and arrested nearly 300 people allegedly involved in buying and selling drugs. The post Global Operation Takes Down Dark Web Drug Marketplace appeared first on SecurityWeek.
HP’s circular approach to IT management case study
With an ambitious 2030 sustainability agenda for its business as a whole, HP wanted to ensure its IT operations supported that larger goal. The company looked at its workforce of 70,000+ employees—and even more devices—and deployed a future-minded approach to managing its PC fleet. To reach sustainable impact goals in its own internal products, processes, […]
11 security tools all remote employees should have
It’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, online shopping, or app and software usage. A major problem for businesses, particularly in a […]
White House seeks information on tools used for automated employee surveillance
The information will be used to ascertain if employers are violating antitrust and privacy laws, for instance, if companies use technologies to artificially reduce wages.
Critical Infrastructure Organizations Urged to Identify Risky Communications Equipment
CISA urges organizations to review FCC’s Covered List of risky communications equipment and incorporate it in their supply chain risk management efforts. The post Critical Infrastructure Organizations Urged to Identify Risky Communications Equipment appeared first on SecurityWeek.
T-Mobile Says Personal Information Stolen in New Data Breach
Wireless carrier T-Mobile says the personal information of a small number of individuals was exposed in a recent data breach. The post T-Mobile Says Personal Information Stolen in New Data Breach appeared first on SecurityWeek.
iPhone Users Report Problems Installing Apple’s First Rapid Security Response Update
Apple has released its first Rapid Security Response patch, but iPhone users are complaining that they are having problems installing it. The post iPhone Users Report Problems Installing Apple’s First Rapid Security Response Update appeared first on SecurityWeek.
5 surefire ways to derail a digital transformation (without knowing it)
Despite the best of intentions, CIOs and their organizations often struggle to deliver business outcomes from digital transformation strategies. According to research firm Gartner, 89% of corporate boards say digital is embedded in all business growth strategies, but only 35% of organizations are on track to achieve digital transformation goals. And while KPMG reports that […]
Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes
Fortinet warns of a massive spike in malicious attacks targeting a five-year-old authentication bypass vulnerability in TBK DVR devices. The post Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January
CISA warns of attacks exploiting an Oracle WebLogic vulnerability tracked as CVE-2023-21839, which was patched with the January 2023 CPU. The post CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 38 Deals Announced in April 2023
Thirty-eight cybersecurity merger and acquisition (M&A) deals were announced in April 2023. The post Cybersecurity M&A Roundup: 38 Deals Announced in April 2023 appeared first on SecurityWeek.
Leaked Files Show Extent of Ransomware Group’s Access to Western Digital Systems
Ransomware group leaked files showing the extent of their access to Western Digital systems and how they monitored the company’s initial response to the breach. The post Leaked Files Show Extent of Ransomware Group’s Access to Western Digital Systems appeared first on SecurityWeek.
Transformation isn’t one size fits all
Recently, we visited with several dozen CIOs and IT leaders across all industries to learn more about the challenges they are experiencing in their current transformation initiatives. The focus of our discussions was on promoting and enabling digitally driven outcomes and quicker business decisions. The conversations reminded everyone that there isn’t a one-size-fits-all approach to the journey […]
Revisiting the repatriation debate: Are organizations rethinking the public cloud?
As of late, debate has rekindled around cloud repatriation and whether it is a real phenomenon or just a myth. Much of the confusion may stem from lack of agreement on the term itself: many envision repatriation as an organization completely shifting from a public cloud provider back to on-premises infrastructure, but this is seldom […]
ChatGPT returns to Italy after OpenAI tweaks privacy disclosures, controls
ChatGPT is again available to users in Italy, after being temporarily banned by the country’s data privacy authority for possible violations of the EU’s General Data Protection Regulation (GDPR). Italy’s Guarantor for the Protection of Personal Data announced the reinstatement of ChatGPT Friday, after Microsoft-backed OpenAI, the creator of the generative AI service, made changes […]
New ‘Lobshot’ hVNC Malware Used by Russian Cybercriminals
Russian cybercrime group TA505 has been observed using new hVNC malware called Lobshot in recent attacks. The post New ‘Lobshot’ hVNC Malware Used by Russian Cybercriminals appeared first on SecurityWeek.
Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
Registration is open for SecurityWeek’s ICS Cybersecurity Conference, taking place October 23-26, 2023 in Atlanta. The post Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta appeared first on SecurityWeek.
The hidden security risks in tech layoffs and how to mitigate them
In the shadowy corners of the tech world, there are plenty of stories of admins locking organizations out of their own IT environment, greedy employees selling data, or security engineers backdooring the network. The motivations for these acts can touch on anything from financial gain to revenge, and the consequences are generally disastrous for everyone […]
Is misinformation the newest malware?
Misinformation and cybersecurity incidents have become the top scourges of the modern digital era. Rarely does a day go by without significant news of a damaging misinformation threat, a ransomware attack, or another malicious cyber incident. As both types of threats escalate and frequently appear simultaneously in threat actors’ campaigns, the lines between the two […]
Reigning in ‘Out-of-Control’ Devices
Out-of-control devices run the gamut from known to unknown and benign to malicious, and where you draw the line is unique to your organization. The post Reigning in ‘Out-of-Control’ Devices appeared first on SecurityWeek.
‘BouldSpy’ Android Malware Used in Iranian Government Surveillance Operations
The Iranian government has been using the BouldSpy Android malware to spy on minorities and traffickers. The post ‘BouldSpy’ Android Malware Used in Iranian Government Surveillance Operations appeared first on SecurityWeek.
CISA Asks for Public Opinion on Secure Software Attestation
CISA has opened proposed guidance for secure software development to public review and comment. The post CISA Asks for Public Opinion on Secure Software Attestation appeared first on SecurityWeek.
Companies Increasingly Hit With Data Breach Lawsuits: Law Firm
Lawsuits filed against companies that have suffered a data breach are increasingly common, with action being taken even for incidents affecting less than 1,000 people. The post Companies Increasingly Hit With Data Breach Lawsuits: Law Firm appeared first on SecurityWeek.
How VWFS SA’s CIO helps drive online car purchases
As more people get comfortable buying big ticket Items like cars on the internet, Volkswagen Financial Services South Africa (VWFS SA) knew it needed to simplify the entire process. CIO Wilma Crosson was in charge of making this happen. Improving its direct sales channel demanded that they come up with a way to, first of […]
Top technologies that will disrupt business in 2023
Despite economic uncertainty, the 2023 State of the CIO survey from Foundry reports that the vast majority of CIOs (91%) expect to maintain or increase their tech budget this year. The technologies driving these investments include data analytics, AI, and other means to improve the customer experience, as enterprises seek to drive new revenue to […]
How 2 Australian sporting brands leverage human-centric digital innovation to drive new fan experiences in and out of the arena
Creating new revenue streams, identifying untapped audiences and better engaging fans onsite and all year-round are just some of the wins iconic Australian sporting events are chalking up thanks to human-centric digital innovation. If there’s any lesson brands should have taken from the last three years of the Covid-19 pandemic, it’s that investing in digital […]