In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 26, 2023. The post In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools appeared first on SecurityWeek.
200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin
Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites. The post 200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin appeared first on SecurityWeek.
Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor
CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor. The post Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor appeared first on SecurityWeek.
MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses
Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. The post MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses appeared first on SecurityWeek.
Proton Launches Open Source Password Manager
Proton makes its open source Proton Pass password manager globally available for major browsers and mobile devices. The post Proton Launches Open Source Password Manager appeared first on SecurityWeek.
TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant
LockBit ransomware group claims to have hacked TSMC and is asking for a $70 million ransom, but the chip giant says only a supplier was breached. The post TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant appeared first on SecurityWeek.
Cyware Snags $30M for Threat Intel Infrastructure Tech
New York startup $30 million in new financing to fuel plans to take advantage of the demand for AI-powered threat-intel security tools. The post Cyware Snags $30M for Threat Intel Infrastructure Tech appeared first on SecurityWeek.
Rapid7: Japan Threat Landscape Takes on Global Significance
Rapid7 analyzes the Japan threat landscape and warns that attacks against the third-largest economy in the world have global consequences. The post Rapid7: Japan Threat Landscape Takes on Global Significance appeared first on SecurityWeek.
Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain
Details have been disclosed for critical SAP vulnerabilities, including a wormable exploit chain, that can expose organizations to attacks. The post Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain appeared first on SecurityWeek.
IP Fabric Raises $25 Million in Series B Funding
IP Fabric raises $25 million in new financing to build technology in the enterprise network assurance space. The post IP Fabric Raises $25 Million in Series B Funding appeared first on SecurityWeek.
New MIT Framework Evaluates Side-Channel Attack Mitigations
The framework helps evaluate the effectiveness of obfuscation side-channel mitigation schemes against data leaks. The post New MIT Framework Evaluates Side-Channel Attack Mitigations appeared first on SecurityWeek.
Nokod Snags $8M to Secure Low Code/No-Code Custom Apps
Tel Aviv startup scores investment to build technology to secure in-house low-code/no-code custom applications. The post Nokod Snags $8M to Secure Low Code/No-Code Custom Apps appeared first on SecurityWeek.
DOE CIO Talks to SecurityWeek About Cybersecurity, Digital Transformation
Ann Dunkin, CIO at the Department of Energy, is more concerned about cyberattack speed than attack type or source. The post DOE CIO Talks to SecurityWeek About Cybersecurity, Digital Transformation appeared first on SecurityWeek.
Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution
Researchers publish PoC for a high-severity authentication bypass vulnerability in the Arcserve UDP data backup solution. The post Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution appeared first on SecurityWeek.
White House Outlines Cybersecurity Budget Priorities for Fiscal 2025
The White House has released a memorandum outlining the cybersecurity investment priorities for government departments and agencies for fiscal year 2025. The post White House Outlines Cybersecurity Budget Priorities for Fiscal 2025 appeared first on SecurityWeek.
CISA, NSA Share Guidance on Securing CI/CD Environments
New guidance from CISA and the NSA provides recommendations on securing CI/CD pipelines against malicious attacks. The post CISA, NSA Share Guidance on Securing CI/CD Environments appeared first on SecurityWeek.
Over 130 Organizations, Millions of Individuals Believed to Be Impacted by MOVEit Hack
More victims of the MOVEit hack have come to light, with a total of over 130 organizations and 15 million people believed to be affected. The post Over 130 Organizations, Millions of Individuals Believed to Be Impacted by MOVEit Hack appeared first on SecurityWeek.
Dozens of Businesses Hit Recently by ‘8Base’ Ransomware Gang
The 8Base ransomware gang has hit roughly 30 small businesses over the past month, reaching a total of approximately 80 victims since March 2022. The post Dozens of Businesses Hit Recently by ‘8Base’ Ransomware Gang appeared first on SecurityWeek.
Venn Software Snags $29M to build MDM for Laptops Technology
New York startup scores early stage financing to build new technology to replace virtual desktop infrastructure. The post Venn Software Snags $29M to build MDM for Laptops Technology appeared first on SecurityWeek.
Invary Raises $1.85 Million in Pre-Seed Funding for Runtime Integrity Solution
Invary has raised $1.85 million in a pre-seed funding round led by Flyover Capital to launch its runtime integrity solution. The post Invary Raises $1.85 Million in Pre-Seed Funding for Runtime Integrity Solution appeared first on SecurityWeek.
What is Cyberwar?
Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this becomes more than an academic question. The post What is Cyberwar? appeared first on SecurityWeek.
Astrix Raises $25 Million to Help Enterprises Secure App-to-App Connections
Astrix Security raises $25 million in Series A funding for its solution designed to help enterprises secure non-human identities. The post Astrix Raises $25 Million to Help Enterprises Secure App-to-App Connections appeared first on SecurityWeek.
Submarine Cables at Risk of Nation-State Sabotage, Spying: Report
Recorded Future underlines threats to submarine telecommunication cables, such as the risk of intentional sabotage and spying by nation-state threat actors. The post Submarine Cables at Risk of Nation-State Sabotage, Spying: Report appeared first on SecurityWeek.
2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in Philippines
Philippine police backed by commandos staged a massive raid and rescued more than 2,700 workers who were allegedly swindled into working for cybercrime groups. The post 2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in Philippines appeared first on SecurityWeek.
Sensitive Information Stolen in LetMeSpy Stalkerware Hack
Emails, phone numbers, calls logs, and collected messages stolen in data breach at Android stalkware LetMeSpy. The post Sensitive Information Stolen in LetMeSpy Stalkerware Hack appeared first on SecurityWeek.
Reminder: CFP for ICS Cybersecurity Conference Closes June 30th
The official Call for Presentations for SecurityWeek’s 2023 ICS Cybersecurity Conference, being held October 23-26, 2023 at the InterContinental Atlanta is open through Friday, June 30, 2023. The post Reminder: CFP for ICS Cybersecurity Conference Closes June 30th appeared first on SecurityWeek.
Belcorp reimagines R&D with AI
Over the past three years, multinational beauty company, Belcorp, has grappled with numerous challenges stemming from the pandemic, shifts in consumer behavior, disruptions in supply chains, the war in Ukraine, and inflation. To address the challenges, the company has leveraged a combination of computer vision, neural networks, NLP, and fuzzy logic. “These circumstances have induced […]
The CAA CIO’s 5 building blocks to support teams
Founded in 1913, Ottawa-based Canadian Automobile Association (CAA) is made up of eight autonomous regional clubs, each of which provides a range of services, from roadside assistance and leisure travel services, to insurance services, and member discount programs. And at the center of its tech component is Kin Lee-Yow, CIO, CAA Club Group of companies. The […]
How diverse teams lead to better data
As companies strive to become data-driven, and with the recent explosion of AI technology demanding ever-increasing amounts of training data, the quality of that data is becoming more important. And there’s a great deal of time and money invested in data pipelines and other technical aspects of data quality such as data consistency, validity, timeliness, […]
AWS launches no-code service AppFabric with generative AI assistance
Amazon Web Services (AWS) on Tuesday unveiled a new no-code offering, dubbed AppFabric, designed to simplify SaaS integration for enterprises by increasing application observability and reducing operational costs associated with building point-to-point solutions. The fully managed AppFabric offering, which has been made generally available, is designed to help enterprises maintain SaaS application interoperability without having […]
Anatsa Banking Trojan Delivered via Google Play Targets Android Users in US, Europe
Malicious applications with over 30,000 installs in Google Play have infected Android devices with the Anatsa banking trojan. The post Anatsa Banking Trojan Delivered via Google Play Targets Android Users in US, Europe appeared first on SecurityWeek.
Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack
Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day. The post Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack appeared first on SecurityWeek.
Generative AI headlines are outpacing enterprise adoption
If you’re a parent, surely, you’ve experienced the feeling that your child grew even after a short trip. Well, if that child were generative AI, you’d think, judging by the headlines, that the kid grew from three years old to twenty after a day trip to Austin. With every new headline, CIOs wonder: am I […]
SEC notice to SolarWinds CISO and CFO roils cybersecurity industry
The US Securities and Exchange Commission has roiled the cybersecurity industry by putting executives of SolarWind on notice that it may pursue legal action for violations of federal law in connection with their response to the 2020 attack on the company’s infrastructure that affected thousands of customers in government agencies and companies globally. Current and […]
The Milkman always delivers via efficient and green last-mile operations
You probably don’t remember when the milkman from the local dairy delivered bottles of fresh cold milk to your front porch at dawn. Snug in bed, you could hear the glass bottles clinking in those old wire milk baskets as he replaced your empties with full ones. You could count on it like birdsong. Since […]
HashiCorp Buys BluBracket for Secrets Scanning Tech
HashiCorp acquires BluBracket secrets-scanning technology to help businesses block accidental leaks and fight secret sprawl. The post HashiCorp Buys BluBracket for Secrets Scanning Tech appeared first on SecurityWeek.
Tata Communications: Empowering India and its highly regulated industries with a sovereign cloud
Rajesh Awasthi, global head of cloud and managed hosting services at Tata Communications, sees its sovereign cloud initiatives as an important element in the company’s longstanding work to transform India. Although designed to support the evolving needs of highly regulated industries like banking and financial services, government, healthcare and insurance, he notes that they benefit […]
Data Security Firm Cyera Attracts $100M Investment
Cyera closes a massive $100 million round as investors continue to pour cash into the data security posture management (DSPM) space. The post Data Security Firm Cyera Attracts $100M Investment appeared first on SecurityWeek.
BeeKeeperAI Platform for AI Development on Sensitive Data Receives $12M in Funding
BeeKeeperAI has raised $12.1 million in Series A funding for a secure collaboration platform designed for AI development on healthcare and other sensitive data. The post BeeKeeperAI Platform for AI Development on Sensitive Data Receives $12M in Funding appeared first on SecurityWeek.
New Android banking trojan targets US, UK, and Germany
An ongoing malware campaign has been pushing the Android banking trojan, Anatsa, to online banking customers in the US, the UK, Germany, Austria, and Switzerland, according to research by cybersecurity firm ThreatFabric. The threat actors are distributing their malware via the Play Store, and already had over 30,000 installations as of March. The focus of […]
Fortanix adds confidential data search for encrypted enterprise data
Cloud data security company Fortanix has announced Fortanix Confidential Data Search, a search offering for encrypted databases within enterprise cloud workflows. “Confidential Data Search allows data analysts to use off-the-shelf, unmodified databases in a standard, unrestricted SQL environment,” said Richard Searle, vice president of Confidential Computing, Fortanix. “Users do not need to convert their datasets […]
Bionic integrations offer context-based vulnerability management
Application security posture management (ASPM) company Bionic has added two new capabilities — Bionic Signals and Bionic Business Risk Scoring — to its namesake cybersecurity platform to help its customers detect, prioritize and remediate vulnerabilities and threats in their applications. The idea is to collate signals from multiple threat intelligence platforms and add business context […]
Reliable and efficient data storage infrastructure is key to overcoming the challenges of the Yottabyte Age
Data volumes continue to grow, making it increasingly difficult to deal with the explosive growth. Huawei predicts that by 2030, the total data generated worldwide will exceed one YB, equivalent to 280 bytes or a quadrillion gigabytes. Whichever way you look at it, such numbers are beyond imagination. And that’s just on the volume side. […]
Survey reveals mass concern over generative AI security risks
A new Malwarebytes survey has revealed that 81% of people are concerned about the security risks posed by ChatGPT and generative AI. The cybersecurity vendor collected a total of 1,449 responses from a survey in late May, with 51% of those polled questioning whether AI tools can improve internet safety and 63% distrusting ChatGPT information. […]
Fileless attacks surge as cybercriminals evade cloud security defenses
The number of fileless or memory-based attacks that exploit existing software, applications, and protocols have surged 1,400% in the last year. That’s according to Aqua Security’s 2023 Cloud Native Threat Report, which summarizes research and observations of threat actors’ changing tactics, techniques, and procedures (TTPs), along with outlining strategies for protecting cloud environments. Based on […]
Hundreds of Devices With Internet-Exposed Management Interface Found in US Agencies
Censys identified hundreds of devices within US federal agencies’ networks that expose their management interface to the internet. The post Hundreds of Devices With Internet-Exposed Management Interface Found in US Agencies appeared first on SecurityWeek.
Socure Acquires ID Verification Company Berbix for $70 Million
Identity verification solutions provider Socure has acquired automated ID verification firm Berbix for roughly $70 million in cash and stock. The post Socure Acquires ID Verification Company Berbix for $70 Million appeared first on SecurityWeek.
3-Year Probe Into Encrypted Phones Led to Seizure of Hundreds of Tons of Drugs, Prosecutors Say
Investigations triggered by the cracking of encrypted phones three years ago have led to more than 6,500 arrests worldwide and the seizure of hundreds of tons of drugs. The post 3-Year Probe Into Encrypted Phones Led to Seizure of Hundreds of Tons of Drugs, Prosecutors Say appeared first on SecurityWeek.
Patented.ai Raises $4 Million for AI Data Privacy Solution
Patented.ai has raised $4 million in pre-seed funding to help organizations protect sensitive information from artificial intelligence. The post Patented.ai Raises $4 Million for AI Data Privacy Solution appeared first on SecurityWeek.
Chrome 114 Update Patches High-Severity Vulnerabilities
Google says it handed out $35,000 in bug bounty rewards for three high-severity vulnerabilities in Chrome 114. The post Chrome 114 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
CalypsoAI Raises $23 Million for AI Security Tech
CalypsoAI is building tools to help “accelerate trust and governance” in enterprise adoption of AI and machine learning technologies. The post CalypsoAI Raises $23 Million for AI Security Tech appeared first on SecurityWeek.
Gas Stations Impacted by Cyberattack on Canadian Energy Giant Suncor
Some services at Petro-Canada gas stations have been disrupted following a cyberattack on parent company Suncor, one of North America’s largest energy companies. The post Gas Stations Impacted by Cyberattack on Canadian Energy Giant Suncor appeared first on SecurityWeek.
What makes a CIO truly great?
Whenever one talks about high-performance or leadership there is a tendency to break out a list. For example, Major League Baseball scouts are in constant search for rare “5 tool” players who can hit for power, hit for average, field, throw, and run. Is there such a list for high-performance CIOs? If so, how long might […]
12 business concepts IT leaders should master
Today’s CIOs see themselves as business leaders as much — if not more so — than as technologists. That’s not surprising, considering how essential technology has become for running organizations and serving stakeholders — whether customers, employees, or investors. CIOs spoke to the criticality of their role in CIO.com’s 2023 State of the CIO survey, […]
Critical flaw in VMware Aria Operations for Networks sees mass exploitation
Researchers warn that a vulnerability patched this month in VMware Aria Operations for Networks, formerly known as vRealize Network Insight, is now seeing exploitation en masse. The flaw allows for remote code execution through command injection and is rated with critical severity. “New data from Akamai shows the scale of active scanning for sites vulnerable […]
Financial services firms turn to automated, data-driven processes for new products and services
Between the host of regulations introduced in the wake of the 2009 subprime mortgage crisis, the emergence of thousands of fintech startups, and shifting consumer preferences for digital payments banking, financial services companies have had plenty of change to contend with over the past decade. Transitioning to automated, data-driven processes is the best way for […]
Latest MOVEit exploit hits thousands of NYC school students and staff
Personal data of over 45,000 public school students was compromised in a breach involving the file-transfer software MOVEit, according to a community letter sent to families and staff by the New York City Department of Education. “DOE used MOVEit to transfer documents and data internally as well as to and from vendors, including third party […]
American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider
The personal information of American Airlines and Southwest Airlines pilots was exposed in a data breach at a third-party services provider. The post American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider appeared first on SecurityWeek.
IBM to buy Apptio for $4.6B to help companies optimize IT spend
IBM is acquiring software provider Apptio for $4.6 billion to help enterprises optimize their IT expenditure, particularly cloud costs, as they try to navigate uncertain macroeconomic conditions. Apptio specializes in what has been called technology business management (TBM), or more recently, financial operations (also known as finops) software, designed to allow diverse teams in a business […]
Fortinet Patches Critical RCE Vulnerability in FortiNAC
Fortinet releases patches for a critical FortiNAC vulnerability leading to remote code execution without authentication. The post Fortinet Patches Critical RCE Vulnerability in FortiNAC appeared first on SecurityWeek.
Pilot data of American Airlines and Southwest stolen in data breach
A cybersecurity incident at a third-party vendor has impacted the personal information of pilots of at least two US airlines, including American Airlines and Southwest Airlines. Personal information, including name and social security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers were compromised, according to breach […]
CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks
CISA has warned users of Zyxel NAS products that the recently patched critical vulnerability CVE-2023-27992 has been exploited in attacks. The post CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks appeared first on SecurityWeek.
British Twitter Hacker Sentenced to Prison in US
UK national Joseph James O’Connor was sentenced to five years in a US prison for hacking into Twitter accounts and stealing cryptocurrency. The post British Twitter Hacker Sentenced to Prison in US appeared first on SecurityWeek.
Remotely Exploitable DoS Vulnerabilities Patched in BIND
The latest BIND updates address three high-severity, remotely exploitable vulnerabilities leading to denial-of-service (DoS). The post Remotely Exploitable DoS Vulnerabilities Patched in BIND appeared first on SecurityWeek.
What is a project manager? The lead role for project success
What is a project manager? Project managers play the lead role in planning, executing, monitoring, controlling, and closing out projects. They are accountable for the entire project scope, the project team and resources, the project budget, and the success or failure of the project. To succeed in their role, project managers must be adept at […]
From CIO to CEO: IT leaders rise to the top
Ross Meyercord never set out to make the leap from technology leader to CEO, but a set of intentional and opportunistic career choices delivered the breadth of business experience and leadership skills required to land the job. Meyercord parlayed an engineering degree into a two-decade consulting track at Accenture, where a focus on large-scale transformation […]
How CISOs can balance the risks and benefits of AI
The rapid pace of change in AI makes it difficult to weigh the technology’s risks and benefits and CISOs should not wait to take charge of the situation. Risks range from prompt injection attacks, data leakage, and governance and compliance. All AI projects have these issues to some extent, but the rapid growth and deployment […]
The CISO’s toolkit must include political capital within the C-suite
Over the past 18 months, there has been a bit of a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is the individual who is responsible for the protection of an entity’s information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cybersecurity risk management, […]
Hate being more productive? Ignore AI agents
By Bryan Kirschner, Vice President, Strategy at DataStax Bill Gates has seen (or, for that matter, caused) some profound advances in technology, so I don’t take a contrarian position lightly, but I think the way he describes his epiphany about the importance of AI is only half right. After being “awed” by OpenAI’s GPT model […]
Public exploit is now available for Cisco AnyConnect VPN client
An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it. Cisco Secure Client for Windows, previously known […]
Scaling AI? First—get your data storage right
I’ve always rooted for the underdog. Maybe it’s the satisfaction of winning against all odds. Or it’s just mad respect for the struggle, passion, and tenacity that underdogs often exhibit in the face of significant obstacles. Like the real-life story of Billy Beane in the movie Moneyball. As the general manager of the Oakland Athletics, Beane used data and analytics […]
Millions of GitHub repositories vulnerable to RepoJacking: Report
Millions of GitHub repositories are potentially vulnerable to RepoJacking, which allows an attacker to carry out code execution on organizations’ internal environments or on their customers’ environments, according to research by AquaSec. AquaSec analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% were vulnerable to RepoJacking, including repositories belonging to companies […]
CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws
The US government’s cybersecurity agency adds VMware and Roundcube server flaws to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws appeared first on SecurityWeek.
In Other News: Microsoft Win32 App Isolation,Tsunami Hits Linux Servers, ChatGPT Credentials Exposed on Dark Web
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 19, 2023. The post In Other News: Microsoft Win32 App Isolation,Tsunami Hits Linux Servers, ChatGPT Credentials Exposed on Dark Web appeared first on SecurityWeek.
NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections
The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections. The post NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections appeared first on SecurityWeek.
Realizing the promise of low-code/no-code
Businesses that adopt a low-code/no-code-enabled platform find they’re freed from heavily depending on dedicated IT when non-technical users can more easily pursue application development. But low-code/no-code’s value far exceeds this key benefit. In today’s world, as technology changes at lightning speed, a low-code/no-code platform provides the critical foundation enterprises need to quickly adapt to modern […]
What keeps IT leaders up at night?
IT leaders are under enormous pressure to modernize their IT organizations to keep pace with innovation and their competition. Determining the right mix of technologies and methodologies to support an entire organization can be overwhelming – and can keep IT leaders up at night. To gain a better understanding of what IT leaders are focused […]
VMware Patches Code Execution Vulnerabilities in vCenter Server
VMware published software updates to address multiple memory corruption vulnerabilities in vCenter Server that could lead to remote code execution. The post VMware Patches Code Execution Vulnerabilities in vCenter Server appeared first on SecurityWeek.
2.5M Genworth Policyholders and 769K Retired California Workers and Beneficiaries Affected by Hack
MOVEit hack: Personal information of about 769,000 retired California employees and 2.5 million Genworth Financial policyholders were exposed. The post 2.5M Genworth Policyholders and 769K Retired California Workers and Beneficiaries Affected by Hack appeared first on SecurityWeek.
Piyush Chowhan, CIO, Panda Retail: Leadership positions demand tough decisions
With more than two decades of experience working in global consumer and retail companies, Piyush Chowhan is passionate for transforming businesses by leveraging technology. Currently the CIO of Saudi Arabia-based Panda Retail Company, he’s focused on building innovative digital strategies to maximize today’s opportunities and prepare the organization for future disruptions. In a free-wheeling discussion […]
6 strategic imperatives for your next data strategy
According to the MIT Technology Review Insights Survey, an enterprise data strategy supports vital business objectives including expanding sales, improving operational efficiency, and reducing time to market. It can also help organizations enter new product or service markets, as well as improve innovation, maintenance of physical assets, and ESG. The problem is today, just 13% […]
Volkswagen drives the automotive industry cloud forward
Industry clouds are increasingly becoming go-to solutions for IT leaders seeking services tailored to their verticals. For most enterprises, this involves deploying existing industry-specific offerings from SaaS providers or hypervisors. For the innovative few, co-creating custom industry solutions in conjunction with cloud providers can not only fulfill an internal need but also provide the opportunity […]
China-sponsored APT group targets government ministries in the Americas
An advanced persistent threat (APT) group named Flea has been carrying out attacks against foreign affairs ministries in North and South America using a new backdoor called Graphican, according to a report by the Symantec Threat Hunter Team. The campaign ran from late 2022 into early 2023. It also targeted a government finance department in […]
Google Backs Creation of Cybersecurity Clinics With $20 Million Donation
Google CEO pledged $20 million in donations to support and expand the Consortium of Cybersecurity Clinics to introduce thousands of students to potential careers in cybersecurity The post Google Backs Creation of Cybersecurity Clinics With $20 Million Donation appeared first on SecurityWeek.
How AI is reshaping demand for IT skills and talent
AI is quickly becoming an essential part of daily work. It’s already being used to help improve operational processes, strengthen customer service, measure employee experience, and bolster cybersecurity efforts, among other applications. And with AI deepening its presence in daily life, as more people turn to AI bot services, such as ChatGPT, to answer questions […]
AWS invests $100 million in new Generative AI Innovation Center
Amazon Web Services (AWS) on Thursday said that it was investing $100 million to start a new program, dubbed the Generative AI Innovation Center, in an effort to help enterprises accelerate the development of generative AI-based applications. The new program will connect AWS AI and machine learning (ML) experts with enterprises to help them envision, design, and […]
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches
The US army says soldiers says unsolicited, suspicious smartwatches are being sent to soldiers, exposing them to malware attacks. The post US Military Personnel Receiving Unsolicited, Suspicious Smartwatches appeared first on SecurityWeek.
Converged endpoint management: reduce cost, complexity, and risk
Prevention is always better than cure. In cybersecurity, it’s also usually cheaper and less likely to expose the organization to reputational, financial, and compliance risk. That’s why prevention-first security is a best practice for delivering cyber-hygiene across enterprise endpoints. The challenge is that endpoint security and management teams often work in silos, using separate point […]
7 key questions CIOs need to answer before committing to generative AI
Some companies use generative AI to write code and some use it to create marketing text or fuel chatbots. And then there are others like SmileDirectClub, that create images in order to answer the question of how to better serve their customers. SmileDirectClub, the Nashville-based teledentistry company, uses generative AI to create teeth. Or, more […]
How to Craft a Cloud Experience Without Busting the IT Budget
Today’s technology leaders grapple with a paradox. They must do more with less while facilitating the work required to transform the business. That requires investing in digital capabilities that lead to desired business outcomes. Data suggests IT leaders will spend despite a challenging macroeconomic environment that includes inflation, snarls in the supply chain and other […]
Generative AI won’t automate your way to business model innovation
Generative AI is changing the world of work, with AI-powered workflows now slated to streamline customer service, employee experience, IT, and other fields. If we just slap the letters “GPT” to our efforts, everything will be right on track, right? Nope. Integrating artificial intelligence into business has spawned enterprise-wide automation. One report estimates that 4,000 […]
From details to big picture: how to improve security effectiveness
Benjamin Franklin once wrote: “For the want of a nail, the shoe was lost; for the want of a shoe the horse was lost; and for the want of a horse the rider was lost, being overtaken and slain by the enemy, all for the want of care about a horseshoe nail.” It’s a saying […]
Apple patches exploits used in spy campaign ‘Operation Triangulation’
Apple has shipped patches for the remote code execution (RCE) vulnerabilities in iOS that have already been exploited in the wild under the digital spy campaign, dubbed Operation Triangulation. The campaign used two zero-click iMessage exploits and compromises without any user interactions based on a pair of bugs respectively in the kernel and Webkit. Apple […]
RangeForce launches Defense Readiness Index to measure businesses’ cybersecurity capabilities
Cyber defense upskilling company RangeForce has announced the release of the Defense Readiness Index (DRI) to enable companies to measure and improve their cybersecurity capabilities. Integrated into RangeForce’s Threat Centric platform and mapped to both the MITRE ATT&CK and D3FEND frameworks, the DRI scores an organization’s readiness to respond to cyberattacks, the firm said in […]
Opaque Systems releases new data security, privacy-preserving features for LLMs
Opaque Systems has announced new features in its confidential computing platform to protect the confidentiality of organizational data during large language model (LLM) use. Through new privacy-preserving generative AI and zero-trust data clean rooms (DCRs) optimized for Microsoft Azure confidential computing, Opaque said it also now enables organizations to securely analyze their combined confidential data […]
North Korean Hackers Caught Using Malware With Microphone Wiretapping Capabilities
A hacking group linked to the North Korean government has been caught using new malware with microphone wiretapping capabilities. The post North Korean Hackers Caught Using Malware With Microphone Wiretapping Capabilities appeared first on SecurityWeek.
China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor
A Chinese hacking group flagged as APT15 is targeting foreign affairs ministries in the Americas with a new backdoor named Graphican. The post China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor appeared first on SecurityWeek.
Hybrid Microsoft network/cloud legacy settings may impact your future security posture
Once upon a time, the boundary that I worried about and considered that I was responsible for stopped at my Active Directory domain and at the firewall that protected it. Then the boundary of my network moved from the computers under my control to the internet and the connected devices and cloud applications that I […]
Silobreaker unveils new geopolitical cyber threat intelligence capabilities
Security and threat intelligence company Silobreaker has announced new geopolitical threat intelligence capabilities with RANE (Risk Assistance Network + Exchange). The tie-up will see Silobreaker integrate global risk intelligence company RANE’s enterprise geopolitical intelligence into its own platform, providing cyber threat intelligence teams with real-time information about world events that could heighten the risk of […]
The Benefits of Red Zone Threat Intelligence
Incorporating Red Zone threat intelligence into your security strategy will help you stay on top of the latest threats and better protect your organization. The post The Benefits of Red Zone Threat Intelligence appeared first on SecurityWeek.
PoC Exploit Published for Cisco AnyConnect Secure Vulnerability
A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure. The post PoC Exploit Published for Cisco AnyConnect Secure Vulnerability appeared first on SecurityWeek.
Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems
A new bill proposes to increase cybersecurity funding for rural water systems by $7.5 million dollars per year. The post Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems appeared first on SecurityWeek.
IT execs’ doctorate research helps drive digital success
According to Statista, $1.5T was spent on digital transformation initiatives globally in 2021, and that number is only continuing to grow. Yet research from BCG shows that 70% of digital initiatives fail, which translates to more than a trillion dollars in failure. Why are digital transformation initiatives failing at such a high rate, and how […]
Why you should review the security of your MSSQL servers
Brute-force credential guessing attacks against database servers are ramping up with MSSQL being at the top of the target list. That’s because attackers can leverage the many extensibility features that Microsoft’s database server provides to integrate with other Windows components and features to elevate their privileges and gain full control of the underlying servers. Last […]
Ransomware attacks pose communications dilemmas for local governments
In the early morning of May 3, the City of Dallas, Texas, was hit by a ransomware attack, for which the Royal ransomware gang later took credit. The city’s police, fire rescue, water service payment, and development systems, among others, were significantly hampered by the incident, forcing many departments to revert to handwritten and radio-related […]
Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’
Apple ships major iOS security updates to cover code execution vulnerabilities already exploited in the wild. The post Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’ appeared first on SecurityWeek.
CISOs’ New Stressors Brought on by Digitalization: Report
Digitalization brings new security challenges, new concerns, and new threats, and CISOs should not think that it’s just business as usual. The post CISOs’ New Stressors Brought on by Digitalization: Report appeared first on SecurityWeek.
Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites
Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations. The post Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites appeared first on SecurityWeek.
Cooperation or Competition? China’s Security Industry Sees the US, Not AI, as the Bigger Threat
China’s security and surveillance industry is focused on shoring up its vulnerabilities to the US and other outside actors, worried about risks posed by hackers, advances in AI and pressure from rival governments. The post Cooperation or Competition? China’s Security Industry Sees the US, Not AI, as the Bigger Threat appeared first on SecurityWeek.
ChatGPT is not your AI strategy
Since its launch in December 2022, ChatGPT, together with Google Bard and other large language models (LLMs), has been the subject of articles in the most prestigious publications and on broadcast television, accumulated millions of posts and discussions worldwide, and sparked an overnight pivot in sales and investment strategy for many of the world’s largest […]
Baffle launches new user interface to simplify application data security
Data security software provider Baffle has released Baffle Manager 2.0, an interface upgrade to automate enterprise-level data protection for applications, analytics, and AI. The user interface upgrade is aimed at simplifying application-level encryptions, which were difficult and time-consuming with legacy systems, the company said in a press statement. “Baffle Manager 2.0 is a single platform […]
Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws
Enphase Energy has ignored CISA requests to fix remotely exploitable vulnerabilities in Enphase products. The post Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws appeared first on SecurityWeek.
Kaspersky Dissects Spyware Used in iOS Zero-Click Attacks
Russian anti-malware vendor shares technical details on spyware implant deployed as part of recent zero-click iMessage attacks. The post Kaspersky Dissects Spyware Used in iOS Zero-Click Attacks appeared first on SecurityWeek.
Using business technology to help Ukrainians in need
War has come to your home. You’re forced to leave all you know and travel to a foreign land. You need food, water, clothing, and other life essentials right now. But you’re not sure where to turn in the new land. And even if you’ve heard about distribution centers, there could be challenges ahead, including […]
How Data is Changing the Media & Entertainment Industry
In the media and entertainment business, success is engaging viewers and creating “stickiness.” That happens when you understand viewer preferences and understand how audiences interact or consume content. It’s key to make informed decisions from what can be massive amounts of data you manage effectively. Nearly every business in this industry collects massive amounts […]
DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors
New National Security Cyber Section will help the US disrupt and prosecute nation-state threat actors and state-sponsored cybercriminals. The post DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors appeared first on SecurityWeek.
CISO Conversations: Three Leading CISOs From the Payment Industry
SecurityWeek talks to Chief Information Security Officers from Bill.com, FreedomPay, and Tassat about their role and experience as CISOs. The post CISO Conversations: Three Leading CISOs From the Payment Industry appeared first on SecurityWeek.
Why CISOs should be concerned about space-based attacks
Russia didn’t just attack Ukraine on the ground when it invaded that country on February 24, 2022, it also raided Ukraine’s data connections in space. On that date, “a multifaceted and deliberate cyber-attack against Viasat’s KA-SAT network resulted in a partial interruption of KA-SAT’s consumer-oriented satellite broadband service,” Viasat reported on March 30, 2022. According […]
Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?
Why are there so many vulnerabilities in Chrome? Is it realistically safe to use? Can Google do anything to make the web browser safer? The post Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use? appeared first on SecurityWeek.
Sysco’s recipe for growth centers on IT
When Tom Peck joined Sysco during the peak of the COVID-19 pandemic, his major goal was ensuring the survival of the world’s largest food service delivery company and helping its thousands of customers stay afloat. The Houston-based multinational was still delivering food supplies to sparsely populated buildings, cafeterias, airports, and nursing homes across the US—and […]
Biden Discusses Risks and Promises of Artificial Intelligence With Tech Leaders in San Francisco
The Biden administration wants to figure out how to regulate AI, looking for ways to nurture its potential for economic growth and national security and protect against its potential dangers. The post Biden Discusses Risks and Promises of Artificial Intelligence With Tech Leaders in San Francisco appeared first on SecurityWeek.
VMware Confirms Live Exploits Hitting Just-Patched Security Flaw
VMware updates a critical-level bulletin: “VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild.” The post VMware Confirms Live Exploits Hitting Just-Patched Security Flaw appeared first on SecurityWeek.
Minimizing the negative impact of IT through design and circularity
In a previous blog, I described the three areas of product development and operation that HPE Aruba Networking focuses on when designing our products for IT efficiency and sustainable operations—like how products are made, how they work, and how they are being used. But what about the product lifecycle itself? With sustainability now a growing business […]
Enabling a sovereign cloud using a multicloud foundation: Technology executive considerations
The adoption of multiple clouds by European business and public agencies continues to increase due to the need for competitive differentiation and growth through speed, quality, and the delivery of great customer experiences. To achieve these goals, IT and business executives must manage challenges across data governance, security, and compliance to protect sensitive customer, citizen, […]
iomart: Making the cloud straightforward
Founded in 1998, iomart began providing cloud services as the new millennium arrived. In the quarter of a century since, the company has grown into one of the U.K.’s most successful and trusted providers of cloud services and solutions. Today, the Glasgow-based firm has customers in both the public and private sectors, including businesses in […]
Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps
Businesses using ‘Log in with Microsoft’ could be exposed to privilege escalation and full account takeover exploits. The post Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps appeared first on SecurityWeek.
3 ways to advance sustainability in high performance computing
Finding the answer to the world’s most pressing issues rests on one crucial capability: high performance computing (HPC). With HPC, complex questions that have puzzled humankind for centuries are being unraveled at record speeds–such as unlocking mysteries of the universe, finding cures for diseases, sequencing DNA, and mitigating the impacts of climate change. The supercomputers […]
Russian APT Group Caught Hacking Roundcube Email Servers
A Russian hacking group has been caught hacking into Roundcube servers to spy on government institutions and military entities in Ukraine. The post Russian APT Group Caught Hacking Roundcube Email Servers appeared first on SecurityWeek.
Start with digital documents to make your workplace more accessible
In today’s rapidly evolving work and customer landscape, accessibility is a crucial consideration in ensuring employees and customers can fully participate in the experiences brands provide – and generally part of being a responsible corporate citizen. However, a recent Adobe survey found that only about half of brands are investing in making experiences more […]
Western Digital blocks unpatched My Cloud devices
Western Digital has blocked devices running vulnerable firmware versions from accessing its cloud services, the company said in an advisory. The move comes about a month after the company released firmware updates for its My Cloud product line to address a critical path traversal bug that leads to remote code execution (RCE). “Devices running unpatched […]
Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack
Gen Digital, which owns Avast, Avira, AVG, Norton, and LifeLock, said employee data was compromised in the MOVEit ransomware attack. The post Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack appeared first on SecurityWeek.
New ‘RDStealer’ Malware Targets RDP Connections
Bitdefender finds new malware capable of monitoring incoming RDP connections and infect the connecting clients that have client drive mapping enabled. The post New ‘RDStealer’ Malware Targets RDP Connections appeared first on SecurityWeek.
OT:Icefall: Vulnerabilities Identified in Wago Controllers
Forescout Technologies has disclosed the details of vulnerabilities impacting operational technology (OT) products from Wago and Schneider Electric. The post OT:Icefall: Vulnerabilities Identified in Wago Controllers appeared first on SecurityWeek.
Simply the best: Celebrating IT innovation at CIO 100 Symposium & Awards August 14-16 in Southern California
Tina Turner was known as the Queen of Rock ‘n’ Roll for a reason. She inspired generations of performers and fans, made valuable contributions to the music industry, and won more awards than I can mention here. Tina died on May 24, but her legacy as a rock icon and role model for women will […]
Getting ahead of cyberattacks with a DevSecOps approach to web application security
Web applications are foundational to a company’s business and brand identity yet are highly vulnerable to digital attacks and cybercriminals. As such, it’s vital to have a robust and forward-leaning approach to web application security. With an estimated market size of USD $30B by 2030, the term “application security” takes on numerous forms, but one […]
Security budget hikes are missing the mark, CISOs say
Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. That’s according to new research from risk and cybersecurity solutions provider BSS, which surveyed 150 security leaders. It found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being […]
Fulfilling Expected SEC Requirements for Cybersecurity Expertise at Board Level
Nobody doubts the need to increase board level cyber expertise, but there is no single preferred route. The post Fulfilling Expected SEC Requirements for Cybersecurity Expertise at Board Level appeared first on SecurityWeek.
Bajaj Allianz’s KV Dipu reveals the power of customer experience
One of India’s leading insurance companies, Bajaj Allianz General Insurance, which offers insurance services to over 1100 towns and cities in India and serves close to 11 crore customers, has been making technological strides in the industry., driving industry leadership, digital transformation, and innovation. In an interview with CIO.com, KV Dipu, head of operations and […]
Ending the ‘forever war’ against shadow IT
One of the most important accountabilities of the modern CIO is data integrity. The corporation must be confident that the data it uses to make strategic business decisions is safe, accurate, and private. There is no question that the IT department and its CIO is ultimately responsible for assuring this is true. But ensuring data […]
8 ways to detect (and reject) terrible IT consulting advice
Welcome to the golden age of experts. It’s hard to go anywhere in IT these days, physically or virtually, without bumping into someone offering IT advice. The problem, of course, is that many experts — even those affiliated with major organizations — are sometimes wrong. Or, more commonly, they might be right about some things […]
Why assessing third parties for security risk is still an unsolved problem
A Forbes article is making the rounds right now about America’s most cyber-secure companies, and I can already see the cybersecurity outrage machine up in arms. Full confession: I haven’t yet read the article, but I’m about to. I’m writing this in two parts: before I read the article, and after I read the article. […]
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack
The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth. The post Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack appeared first on SecurityWeek.
Oracle’s new EU Sovereign Cloud regions to help enterprises meet data regulations
Oracle on Tuesday said it is opening its EU Sovereign Cloud for enterprises and government bodies to help them meet evolving data residency and privacy regulations — such as the General Data Protection Regulation (GDPR) — while moving to the cloud. The new EU Sovereign Cloud will comprise two data regions or data centers […]
Huawei unveils four strategic directions for the future of finance
Finance is poised to undergo a transformation, as Artificial Intelligence (AI) steps in to make real-time decisions using vast data sets. This vision was outlined by Jason Cao, CEO of Global Digital Finance at Huawei, during Huawei Intelligent Finance Summit 2023. Mr. Cao highlighted that globally, there will soon be 100 billion connections, and with […]
Huawei unveils four strategic directions for the future of finance
Finance is poised to undergo a transformation, as Artificial Intelligence (AI) steps in to make real-time decisions using vast data sets. This vision was outlined by Jason Cao, CEO of Global Digital Finance at Huawei, during Huawei Intelligent Finance Summit 2023. Mr. Cao highlighted that globally, there will soon be 100 billion connections, and with […]
Romanian cybercrime gang Diicot builds DDoS botnet with Mirai variant
A cybercriminal group calling itself Diicot is performing mass SSH brute-force scanning and deploying a variant of the Mirai IoT botnet on compromised devices, according to researchers. The group also deploys a cryptocurrency mining payload on servers with CPUs that have more than four cores. “Although Diicot have traditionally been associated with cryptojacking campaigns, Cado […]
Trend Micro adds generative AI to Vision One for enhanced XDR
Trend Micro has announced the integration of generative AI into its flagship Vision One platform with the new AI tool, Companion. Companion uses advanced AI/machine learning analytics and correlated detection models to enhance extended detection and response (XDR) capabilities, according to the cybersecurity vendor. It has been designed to amplify security operations, improve accessibility and […]
Asus Patches Highly Critical WiFi Router Flaws
Asus patches nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks. The post Asus Patches Highly Critical WiFi Router Flaws appeared first on SecurityWeek.
US feds stress urgent MOVEit platform patching after attacks hit agencies
In the latest cyber incident affecting the US federal government, two arms of the US Department of Energy (DOE) and, according to press reports, the US Department of Agriculture and the Office of Personnel Management, have been swept up in a sprawling spree of attacks by the Russia-based Clop ransomware gang. To read this article […]
Team Cymru launches threat-hunting tool aims to fast-forward analysis
Team Cymru has launched Pure Signal Scout, an external threat-hunting and malicious infrastructure analysis tool to “level up” security operations centers (SOCs). Under the promise of being the “fastest” tool available for threat insights, Pure Signal Scout is expected to save analysts’ time by providing fast answers to complex queries. “We are now achieving in […]
New Information Stealer ‘Mystic Stealer’ Rising to Fame
A new information stealer malware named Mystic Stealer is gaining traction among cybercriminals on prominent underground forums. The post New Information Stealer ‘Mystic Stealer’ Rising to Fame appeared first on SecurityWeek.
Akeyless Launches SaaS-based External Secrets Manager
New SaaS-based secrets manager from Akeyless requires no new infrastructure, and no specialist staff nor secrets management team. The post Akeyless Launches SaaS-based External Secrets Manager appeared first on SecurityWeek.
Western Digital Blocks Unpatched Devices From Cloud Services
Western Digital is blocking access to its cloud services for devices running firmware versions impacted by a critical security vulnerability. The post Western Digital Blocks Unpatched Devices From Cloud Services appeared first on SecurityWeek.
Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation
Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less. The post Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation appeared first on SecurityWeek.
Ransomware Gang Takes Credit for February Reddit Hack
The Alphv/BlackCat ransomware gang has taken responsibility for the February cyberattack that hit social media site Reddit. The post Ransomware Gang Takes Credit for February Reddit Hack appeared first on SecurityWeek.
Finding the Nirvana of information access control or something like it
The recent arrest of US Air Force airman Jack Teixeira following his illegal sharing of classified information just to show off to his buddies shone a spotlight on the conversation surrounding access control. In Teixeira’s case, all the ingredients necessary to protect the classified information were in place, but sadly they appear to have been […]
8 notable entry-level cybersecurity career and skills initiatives in 2023
The cybersecurity sector has been battling a workforce shortage for years with cybersecurity training and certifications provider (ISC)2 estimating that the global skills gap currently sits at 3.4 million. There are over 600,000 current cyber-related job openings in the US alone, and the supply-to-demand ratio stands at 69%, the lowest it has been since 2010, […]
Watch on Demand: 2023 CISO Forum Sessions
All panel discussions and technical presentations from SecurityWeek’s 2023 CISO Forum are available to watch free on demand. The post Watch on Demand: 2023 CISO Forum Sessions appeared first on SecurityWeek.
A Russian Ransomware Gang Breaches the Energy Department and Other Federal Agencies
The cybersecurity firm SecurityScorecard says it detected 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies. The post A Russian Ransomware Gang Breaches the Energy Department and Other Federal Agencies appeared first on SecurityWeek.
MOVEit Customers Urged to Patch Third Critical Vulnerability
A critical vulnerability (CVE-2023-35708) in MOVEit software could allow unauthenticated attackers to access database content. The post MOVEit Customers Urged to Patch Third Critical Vulnerability appeared first on SecurityWeek.
Atlantic Health streamlines insurance authorization with intelligent automation
When the COVID-19 pandemic started, Atlantic Health System, like other healthcare providers, found itself under enormous stress. In addition to dealing with patients suffering the effects of a new virus, healthcare providers had to contend with new care protocols, staffing issues, and supplies shortages spurred by the pandemic, all of which placed additional pressure on […]
IT leaders expand high-value talent search across globe
In terms of what the pandemic hath wrought for IT teams, the rapid uptake of remote work lands near the top of the list of positive impacts. For some IT leaders, the increased comfort managing a digital tech workforce has opened the door to hiring professionals in far-flung locations. “There is no question that the […]
Microsoft Says Early June Disruptions to Outlook, Cloud Platform, Were Cyberattacks
Early June 2023 disruptions to Microsoft’s flagship office suite were Layer 7 DDoS attacks by a shadowy new hacktivist group dubbed Storm-1359 by Microsoft. The post Microsoft Says Early June Disruptions to Outlook, Cloud Platform, Were Cyberattacks appeared first on SecurityWeek.
In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act
Cybersecurity news that you may have missed this week: Bug bounties for Linux kernel exploits, Cybersecurity Awareness Act, FBI data on BEC losses. The post In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act appeared first on SecurityWeek.
Russian Hackers Using USB-Spreading Malware in Attacks on Ukrainian Government, Military
Russia-linked hacking group Gamaredon is infecting USB drives for lateral movement within compromised Ukrainian networks. The post Russian Hackers Using USB-Spreading Malware in Attacks on Ukrainian Government, Military appeared first on SecurityWeek.
Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks
The US charges Russian national Ruslan Magomedovich Astamirov over his alleged role in LockBit ransomware attacks. The post Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks appeared first on SecurityWeek.
MoneyGram profits from mainframe move to multicloud
For MoneyGram International, migrating workloads from the mainframe to the cloud has been a boon for the bottom line — and a lifeline against increasing market disruption from digital money-transfer upstarts. As expected, operating in the cloud has enabled the 80-year-old company to significantly reduce the cost of running its data center in Minneapolis. It […]
Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks
The Cl0p ransomware gang has listed more than two dozen victims of the MOVEit zero-day attack on its leak website. The post Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks appeared first on SecurityWeek.
CISA, NSA Share Guidance on Hardening Baseboard Management Controllers
CISA and the NSA have published new guidance to help organizations harden baseboard management controllers (BMCs). The post CISA, NSA Share Guidance on Hardening Baseboard Management Controllers appeared first on SecurityWeek.
Content Moderation Tech Startup Trust Lab Snags $15M Investment
Investors pour $15 million into Silicon Valley startup building AI-powered technology to detect and monitor harmful content on the internet. The post Content Moderation Tech Startup Trust Lab Snags $15M Investment appeared first on SecurityWeek.
OT Security Firm Shift5 Adds $33 Million in Funding
Shift5 has now raised $108 million in funding to bring cybersecurity to OT within fleet vehicles: planes and boats and trains – and military vehicles and weapon systems. The post OT Security Firm Shift5 Adds $33 Million in Funding appeared first on SecurityWeek.
XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions
Microsoft addressed two cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry (ACR) leading to unauthorized access to user sessions. The post XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions appeared first on SecurityWeek.
4 steps for building a new DEX strategy
Hybrid work is here to stay, and it’s put the digital work experience (DEX) at the heart of every business operation. Yet many organizations are struggling to adapt their existing digital work experiences for today’s digital-first realities. This piece briefly walks through the problems organizations might experience if they don’t build a new DEX strategy, the four […]
SquareX Launches Bug Bounty Program for Browser Security Product
Cybersecurity startup SquareX launches a temporary bug bounty program for its cloud-based browser security solution. The post SquareX Launches Bug Bounty Program for Browser Security Product appeared first on SecurityWeek.
Barracuda Zero-Day Attacks Attributed to Chinese Cyberespionage Group
Attacks exploiting the Barracuda zero-day CVE-2023-2868 have been linked to a Chinese cyberespionage group that has targeted government and other organizations. The post Barracuda Zero-Day Attacks Attributed to Chinese Cyberespionage Group appeared first on SecurityWeek.
Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits
Fake security researcher accounts seen distributing malware disguised as Chrome, Signal, WhatsApp, Discord and Exchange zero-day exploits. The post Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits appeared first on SecurityWeek.
Security culture improving in businesses despite factors holding teams back
The vast majority of CISOs have observed positive security culture gains in their organizations in the last year despite a perceived dip in the quality of overall security posture, according to the 10th annual Information Security Maturity Report published by ClubCISO and Telstra Purple. The research surveyed 182 members of ClubCISO, a global community of […]
5 best practices to ensure the security of third-party APIs
When organizations consider application programming interface (API) security, they typically focus on securing APIs that are written in-house. However, not all the APIs that companies use are developed internally, rather some are designed and developed by other organizations. The problem is that many companies don’t realize that using third-party APIs can expose their applications to […]
US Organizations Paid $91 Million to LockBit Ransomware Gang
LockBit ransomware operators launched 1,700 attacks in the US and received roughly $91 million in ransom payments. The post US Organizations Paid $91 Million to LockBit Ransomware Gang appeared first on SecurityWeek.
Four Things to Consider as You Mature Your Threat Intel Program
If you want to begin, or improve, sharing customized intelligence with key users, consider these four aspects as you develop your process. The post Four Things to Consider as You Mature Your Threat Intel Program appeared first on SecurityWeek.
Generative AI’s change management challenge
Despite headlines warning that artificial intelligence poses a profound risk to society, workers are curious, optimistic, and confident about the arrival of AI in the enterprise, and becoming more so with time, according to a recent survey by Boston Consulting Group (BCG). For many, their feelings are based on sound experience. Although ChatGPT, the poster […]
Examining Mr Price Group’s search to modernize
For modern CIOs, it’s essential to have a healthy balance between innovation and mainstream tech, says Kim Sim, Mr Price Group CIO. So she needs to keep tabs on the spectacular rise of artificial intelligence (AI) and its use cases, while also monitoring developments across topics that have been around for years, like big data, […]
The top 10 IT outsourcing service providers
Everest Group’s annual ranking of the top IT service providers saw significant shuffling again this year, but one thing that remained unchanged was Accenture’s position at the top of the list. For the seventh year in a row, the $61.6 billion firm was recognized as the leading service provider of the year, a testament to […]
How Europe is Leading the World in the Push to Regulate AI
Authorities worldwide are racing to rein in artificial intelligence, including in the European Union, where groundbreaking legislation is set to pass a key hurdle. The post How Europe is Leading the World in the Push to Regulate AI appeared first on SecurityWeek.
Talking Zero Trust and SASE with CISOs at the Summit
There aren’t many events where a critical mass of Chief Information Security Officers gathers to exchange ideas about the current threat environment, key initiatives, etc. The annual Gartner Security and Risk Management Summit is one of them, and I’m looking forward to attending it this year. I’m particularly interested in the experiences and best practices […]
Attackers set up rogue GitHub repos with malware posing as zero-day exploits
In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware. The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms. “The attacker has […]
Huawei Cloud Stack Takes No. 1 in China’s Software-Defined Compute Software Market 3 Years in a Row
According to the latest reports released by IDC (a world-leading provider of IT market research and consulting services), China Software-Defined Compute Software Market Tracker, 2022 H2/2022 and China Cloud System and Service Management Software Market Tracker, 2022 H2, Huawei Cloud Stack was ranked No. 1 in China’s software-defined compute (SDC) software market in the second […]
Microsoft Outs New Russian APT Linked to Wiper Attacks in Ukraine
Microsoft is publicly exposing a Russian hacking group that worked on destructive wiper malware attacks that hit organizations in Ukraine. The post Microsoft Outs New Russian APT Linked to Wiper Attacks in Ukraine appeared first on SecurityWeek.
Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign
Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. “In the past few years, Sygnia’s IR teams have engaged in numerous incidents in which world-wide organizations […]
The new challenges of scale: What it takes to go from PB to EB data scale
Big data exploded onto the scene in the mid-2000s and has continued to grow ever since. Today, the data is even bigger, and managing these massive volumes of data presents a new challenge for many organizations. Even if you live and breathe tech every day, it’s difficult to conceptualize how big “big” really is. Going […]
Informatica acquires Privitar to boost data access management
Enterprise data management vendor Informatica on Wednesday said that it has acquired London-based startup Privitar for an undisclosed sum in order to boost the data access management capabilities of its Intelligent Data Management Cloud (IDMC). IDMC, which was launched in May 2021, is a suite that sits on top of enterprise databases and manages […]
Cybersixgill automates threat intelligence with IQ generative AI application
Cybersixgill’s new IQ cybersecurity threat intelligence application promises to offer quicker and more digestible intelligence on potential threats on the dark web, by leveraging generative AI to provide automated reporting and dissemination of information. The idea is to simplify access to threat intelligence data, which ordinarily is done manually by analysts. According to the company’s […]
CISA Instructs Federal Agencies to Secure Internet-Exposed Devices
CISA’s Binding Operational Directive 23-02 requires federal agencies to secure the network management interfaces of certain classes of devices. The post CISA Instructs Federal Agencies to Secure Internet-Exposed Devices appeared first on SecurityWeek.
Cyber liability insurance vs. data breach insurance: What's the difference?
With an ever-increasing number of cybersecurity threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation, which is no surprise given that the average cost of a data breach in the US has risen […]
Rezilion releases agentless runtime software vulnerability management solution
Software supply chain security vendor Rezilion has announced the release of a new agentless solution for vulnerability management. It enables security teams to monitor exploitable software attack surfaces in runtime without using an agent, reducing the time and overhead required for traditional runtime-based software vulnerability analysis, according to the firm. Rezilion’s new solution covers all […]
Threat Intelligence Firm Silent Push Launches With $10 Million in Seed Funding
Detection-focused threat intelligence firm Silent Push, which maps out the entire internet every day, has launched with $10 million in seed funding. The post Threat Intelligence Firm Silent Push Launches With $10 Million in Seed Funding appeared first on SecurityWeek.
Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability
Hundreds of thousands of ecommerce sites are impacted by a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin. The post Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability appeared first on SecurityWeek.
Why a digital operating model is key to real-time AI
By George Trujillo, Principal Data and AI Strategist, DataStax Over the past couple months, I’ve met with 60+ executives in closed-room discussions and presented to over 400 attendees in virtual presentations. From these interactions, I’ve narrowed down five challenges that repeatedly come up. Do any of these look familiar in your organization? A lack of […]
NetSuite ERP gets account reconciliation feature from Oracle Fusion Cloud EPM
Oracle NetSuite on Wednesday said it is adding a new account reconciliation feature to its enterprise resource planning (ERP) suite, dubbed NetSuite ERP. The new feature, which is expected to automate the reconciliation process for accounts payable, accounts receivable, bank and credit card transactions, prepaid accounts, accruals and fixed assets accounts, intercompany transactions, and other […]
Chrome 114 Update Patches Critical Vulnerability
Google has released a Chrome 114 security update to address five vulnerabilities, including a critical-severity bug in Autofill payments. The post Chrome 114 Update Patches Critical Vulnerability appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities
ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities. The post ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities appeared first on SecurityWeek.
SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates
SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities. The post SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates appeared first on SecurityWeek.
Why NTT followed its own advice to accelerate technology modernization
The future is in the cloud, driven by software and with a limited need for physical hardware. This shouldn’t come as a surprise to anyone, and it’s what we tell our clients at NTT daily as we help them make the transition from hardware to software-defined infrastructure (SDI). We know that organizations that are migrating […]
The top 15 big data and data analytics certifications
Data and big data analytics are the lifeblood of any successful business. Getting the technology right can be challenging but building the right team with the right skills to undertake data initiatives can be even harder — a challenge reflected in the rising demand for big data and analytics skills and certifications. If you’re looking […]
How the modern CIO grapples with legacy IT
For Jo Abernathy, CIO at Blue Cross Blue Shield of North Carolina (BCBSNC), it was time to just walk away from the healthcare company’s aging IBM Db2 databases running on AIX. “We decided to prioritize the elimination of some pervasive technologies that have become too expensive relative to comparable products, and where support was lacking,” […]
What digital business acceleration means for Gulfstream Aerospace’s CIO
Gulfstream Aerospace, an integral business unit of General Dynamics, is a household name in technologically advanced business aircraft. It all began with The Grumman Gulfstream I in 1958, and today has about 3,000 business jets in service worldwide. With company headquarters in Savannah, Georgia, Sheryl Bunton joined in 2015 to lead its Business Technology Unit, […]
Spotify Fined $5 Million for Breaching EU Data Rules
Music streaming giant Spotify was fined 58 million kronor ($5.4 million) for not properly informing users on how data it collected on them was being used, Swedish authorities said. The post Spotify Fined $5 Million for Breaching EU Data Rules appeared first on SecurityWeek.
ServiceNow offers virtual agent to assist with generative AI
ServiceNow is making generative AI accessible from more areas of its low-code development platform, putting it front and center in the chatbots enterprises are starting to use to interact with their ServiceNow applications. But as software vendors like ServiceNow, Salesforce, or SAP offer new ways to take advantage of generative AI capabilities, such as summarizing […]
Fuel Innovation with Increased Data Access and Integrity with Sovereign Cloud
“Data is the new oil,” said British mathematician and data scientist Clive Humby in 2006. It’s certainly a valuable and coveted resource, but you need to be able to access and use it for it to be valuable. Now that we’ve covered the importance of data sovereignty, as well as security, privacy, and compliance, let’s […]
Accenture to invest $3 billion in AI
IT consulting and services giant Accenture announced today that it would spend $3 billion on assets, startups, talent and partnerships aimed at staking out a leading position in the fields of generative and predictive AI. Beyond the raw investment of money, Accenture said that its data and AI practice will double in size, from 40,000 […]
MOVEit Transfer developer patches more critical flaws after security audit
The developer of the recently exploited MOVEit Transfer application issued new updates after a third-party security audit identified additional SQL injection vulnerabilities. Customers are advised to deploy the new patches as soon as possible since attackers are clearly interested in exploiting this and other enterprise secure file transfer solutions. “In addition to the ongoing investigation […]
Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day
Mandiant has observed a Chinese cyberespionage group exploiting a VMware ESXi zero-day vulnerability for privilege escalation. The post Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day appeared first on SecurityWeek.
Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks
Patch Tuesday: Microsoft ships updates to over at least 70 documented vulnerabilities affecting the Windows ecosystem. The post Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks appeared first on SecurityWeek.
Intelligent Document Processing market grows as important subset of digital transformation
A recent MarketsandMarkets study expects the global Intelligent Document Processing (IDP) market to grow at a compound annual gross increased rate (CAGR) of 37.5% from 2022 to 2027. This growth is being driven by the pressing need for organizations to process large volumes of semi-structured and unstructured documents, store them and access them securely, and […]
Global information management survey compares a decade of digital transformation efforts
Information is at the core of every business’s digital transformation. Managing it has gotten more and more challenging due to growing volumes of content, and the disparate and complex tools and systems. Intelligent information management is critical to the success of digital transformation initiatives like online ordering, omnichannel customer experience, remote work, and compliance mandates. […]
AI and tech innovation, economic pressures increase identity attack surface
Tension between difficult economic conditions and the pace of technological innovation, including the evolution of artificial intelligence (AI), is fueling the growth of the identity attack surface and identity-led cybersecurity exposure. That’s according to the CyberArk 2023 Identity Security Threat Landscape Report, which details how these issues have the potential to compound “cyber debt” where […]
Okta aims to unify IAM for Windows, macOS devices in hybrid work environments
Okta said Tuesday that it’s set to launch a new offering, Okta Device Access, designed to extend the capabilities of its cloud-based identity and access management (IAM) service to enterprise desktops and other devices in hybrid work environments. The application, according to the company, aims to simplify logins while also offering stronger authentification features and […]
CosmicEnergy ICS Malware Poses No Immediate Threat, but Should Not Be Ignored
The Russia-linked ICS malware named CosmicEnergy does not pose a direct threat to OT systems as it contains errors and lacks maturity. The post CosmicEnergy ICS Malware Poses No Immediate Threat, but Should Not Be Ignored appeared first on SecurityWeek.
Patch Tuesday: Critical Flaws in Adobe Commerce Software
Adobe ships urgent fixes for at least a dozen flaws that expose Adobe Commerce users to code execution attacks. The post Patch Tuesday: Critical Flaws in Adobe Commerce Software appeared first on SecurityWeek.
What is Salesforce AI Cloud: Should you subscribe?
Salesforce’s new AI Cloud has left many baffled over what it’s all about — how it is different from the competition, what’s new in the offering, and whether one should consider subscribing. Analysts predict there could only be a few takers for the pricey new offering. The Salesforce AI Cloud combines the company’s previously announced […]
New Research Shows Potential of Electromagnetic Fault Injection Attacks Against Drones
New research conducted by IOActive shows the potential of electromagnetic fault injection (EMFI) attacks against drones. The post New Research Shows Potential of Electromagnetic Fault Injection Attacks Against Drones appeared first on SecurityWeek.
Romanian Operator of Bulletproof Hosting Service Sentenced to Prison in US
A Romanian national who operated a bulletproof hosting service used by malware operators was sentenced to prison in the US. The post Romanian Operator of Bulletproof Hosting Service Sentenced to Prison in US appeared first on SecurityWeek.
Virtual Event Today: CISO Forum 2023 – Register to Join
SecurityWeek’s 2023 CISO Forum Virtual Summit is taking place June 13-14 as a fully immersive online experience. The post Virtual Event Today: CISO Forum 2023 – Register to Join appeared first on SecurityWeek.
Ransomware Attack Played Major Role in Shutdown of Illinois Hospital
St. Margaret’s Health in Illinois is shutting down hospitals partly due to a 2021 ransomware attack that caused serious payment system disruptions. The post Ransomware Attack Played Major Role in Shutdown of Illinois Hospital appeared first on SecurityWeek.
Data of 8.8 Million Zacks Users Emerges Online
A database containing the personal information of roughly 9 million Zacks users has emerged online. The post Data of 8.8 Million Zacks Users Emerges Online appeared first on SecurityWeek.
CDO Deepak Sharma on banking IT success
As chief digital officer of Kotak Mahindra Bank, Deepak Sharma has been instrumental in driving the bank’s digital transformation, future-ready initiatives, and business model innovation strategies. Leading from the front, Sharma has implemented various innovative technology projects such as WhatsApp Banking, 811, conversational banking bot, and open and connected banking. In a wide-ranging interview with […]
The surefire way to waste money on IT consultants
Bringing in consultants to understand organizational dysfunction and make plans to remedy it can be a smart CIO move. But sometimes the consultants end up choosing sides. When that happens your consulting investments end up compounding the felony. To understand how it happens and how to prevent it, see if you can find the common […]
10 emerging innovations that could redefine IT
The pace of innovation is relentless. CIOs must watch for the next generation of emerging technologies because new software can go from the dreams of some clever coder to an essential part of every IT shop in the blink of an eye. Once wild and seemingly impossible notions such as large language models, machine learning, […]
Artificial intelligence is coming to Windows: Are your security policy settings ready?
What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, […]
Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks
Fortinet has warned customers that the critical CVE-2023-27997 vulnerability that was patched recently could be a zero-day exploited in limited attacks. The post Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks appeared first on SecurityWeek.
Cloud: qual è il momento giusto per passare all’IaaS?
L’evoluzione delle aziende italiane impegnate nella migrazione verso il cloud si chiama IaaS o Infrastructure-as-a-Service. Se, in passato, gli investimenti dell’IT in SaaS, o Software as-a-Service, hanno dominato il panorama nel quale si staglia “la nuvola”, dallo scorso anno anche le “Infrastrutture come servizio” hanno assunto una dimensione rilevante. A registrare questo trend sono i […]
Business email compromise scams take new dimension with multi-stage attacks
In a campaign that exploits the relationships between different organizations, attackers managed to chain business email compromise (BEC) against four or more organizations jumping from one breached organization to the next by leveraging the relationships between them. The attack, which Microsoft researchers call multi-stage adversary-in-the-middle (AiTM) phishing, started with a compromise at a trusted vendor […]
University of Auckland gears up for Esports opportunities
The University of Auckland is eyeing up new academic research opportunities and strengthening student engagement with its newly launched Esports arena. The launch comes at an opportune time for the rapidly growing local gaming sector, with the New Zealand government announcing $160 million in last month’s budget to establish a 20% rebate for game developers. […]
How Tyson Foods gained visibility and alignment that fueled digital transformation
For years now, digital transformation has been a vital strategic initiative for many enterprises. In recent years, many organizations have made significant strides in their transformation efforts. However, persistent barriers have held many teams back. In fact, a report from Bain & Company found that over 90% of organizations have struggled with digital transformation—and only […]
How manufacturers can unlock new value from existing data
In an industry buffeted by constant pressure on margins, shifting trade patterns, and supply chain uncertainty, manufacturing companies are looking for any edge they can get. The good news? It can often be found in innovative uses of data. Here’s how manufacturers can harness data analytics to improve performance across three critical areas of their […]
The steep cost of a poor data management strategy
It’s a time-tested truth: Getting a head start improves outcomes. In sprint races, it’s not always the fastest runner that wins, but the one with the best start. And marathoners know that how they run their first few miles often determines how they finish. And before runners even enter a race—whether a sprint or a marathon—they have prepared with […]
Celebrate innovation: Apply now for CIO Awards Canada!
I’ve got some super exciting news to share with you. Last year, we embarked on an incredible journey with the launch of the CIO Awards Canada program. It was an absolute blast celebrating the most innovative organizations and accomplished leaders in the tech world. Witnessing the outstanding projects and teams that emerged from all corners […]
The four-way test: Find the answers to better IT leadership at FutureIT Chicago
The four-way test is a set of guiding principles that every member of Rotary, an international service organization, can recite. The test is an adaptive process that considers everyone’s point of view. The process is designed to build goodwill and earn trust so a particular result is mutually beneficial, sustainable, and has scalable outcomes. As […]
To solve the cybersecurity worker gap, forget the job title and search for the skills you need
BlackBerry CISO Arvind Raman looks beyond job titles when he has open positions to fill and instead focuses on the key skills required to do the work. That mindset allows Raman to readily identify and recruit qualified professionals from outside the security field, instead of simply seeking candidates working their way up the typical chain […]
Innovation without disruption: virtual agents for hyper-personalized customer experience (CX)
Chatbots and IVRs are contact center staples, but most still provide automated service for basic, repeatable tasks. What about when a customer needs to be intelligently routed to a better resource or has a question that’s not so cut-and-dry cut. Virtual Agent, or VA, is the next natural step for significantly better customer and business […]
Cycode’s free CI/CD monitoring tool offers new DevOps visibility
Cycode’s new Cimon monitoring tool for continuous integration and continuous delivery is designed to offer a new level of visibility into the CI/CD process, securing code against data exfiltration and other malicious activity. According to the company’s announcement, Cimon — short for CI Monitor — is a runtime security agent that uses the enhanced Berkeley […]
US Government Provides Guidance on Software Security Guarantee Requirements
OMB has published new guidance on federal agencies obtaining security guarantees from software vendors. The post US Government Provides Guidance on Software Security Guarantee Requirements appeared first on SecurityWeek.
Software Supply Chain: The Golden Container Ship
By having a golden image you will put a process in place that allows you to quickly take action when a vulnerability is found within your organization. The post Software Supply Chain: The Golden Container Ship appeared first on SecurityWeek.
US Charges Russians With Hacking Cryptocurrency Exchange
Two Russian nationals are charged in the US with hacking a cryptocurrency exchange and conspiring to launder the proceeds. The post US Charges Russians With Hacking Cryptocurrency Exchange appeared first on SecurityWeek.
Threat intelligence programs poised for growth
In my last CSO article, I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research, the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies. […]
New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward
Researchers discover new MOVEit vulnerabilities related to the zero-day, just as more organizations hit by the attack are coming forward. The post New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward appeared first on SecurityWeek.
Intellihartx Informs 490k Patients of GoAnywhere-Related Data Breach
Intellihartx says the personal information of roughly 490,000 individuals was compromised in the GoAnywhere zero-day attack earlier this year. The post Intellihartx Informs 490k Patients of GoAnywhere-Related Data Breach appeared first on SecurityWeek.
What is COBIT? A framework for alignment and governance
What is COBIT and why is it important? COBIT is an IT management framework developed by the ISACA to help businesses develop, organize, and implement strategies around information management and IT governance. The goal of the COBIT framework is to support “understanding, designing, and implementing the management and governance of enterprise IT (EGIT),” according to the […]
4 ways Swedish CIOs strengthen defenses against bombarding AI sales
The current interest in AI is massive, and companies, as well as the public sector, are exploring the new technology in all its capacities as much as possible. But it’s important to be vigilant and painstakingly sort through all products that have an AI label. “Many handle the word a bit carelessly,” says Charlotte Svensson, CIO […]
The 12 biggest issues IT faces today
The list of expectations on CIOs continues to lengthen, as they face pressure to seize on new technologies and drive the organization forward while simultaneously improving efficiency, dealing with staffing challenges, and facing a tech skills gap. Granted, each CIO will have a unique list of priorities and challenges based on enterprise objectives and its […]
Swiss Fear Government Data Stolen in Cyberattack
Switzerland said government operational data might have been stolen in a ransomware attack on a technology firm that provides software for several departments. The post Swiss Fear Government Data Stolen in Cyberattack appeared first on SecurityWeek.
Fortinet Patches Critical FortiGate SSL VPN Vulnerability
Fortinet has patched CVE-2023-27997, a critical FortiGate SSL VPN vulnerability that can be exploited for unauthenticated remote code execution. The post Fortinet Patches Critical FortiGate SSL VPN Vulnerability appeared first on SecurityWeek.
La prima regola di un CIO sull’automazione: avere un chiaro piano di business
In virtù del loro ruolo, che li colloca tra l’IT e la strategia aziendale, i CIO godono di una posizione privilegiata nell’identificare i processi che le loro aziende devono modernizzare e automatizzare. Quando si tratta di aggiornare i sistemi principali per incrementare l’efficienza operativa, devono anche assicurarsi che esista un valido business case, cioè avere […]
Finalists for Australia’s Next CIO Award 2023 revealed
The finalists for the inaugural Next CIO Award in this year’s Australia CIO50 have been announced. This award recognises rising stars in ICT roles who are on the pathway to senior leadership. The Next CIO winner will be an individual who is exceeding expectations and helping drive innovation through their organisation. The finalists for the […]
自動化に対するCIOの第一のルール:ビジネスケースを明確にする
CIOは、ITと効果的なビジネス戦略の間における自社の立場に基づいて、組織の近代化と自動化のために必要なプロセスを特定することができます。Gartnerの副社長兼アナリストであるLaurie Shotton氏は、「業務効率化を推進する基幹システムをアップデートする場合、自動化するための安定したビジネスケースが存在することを確認する必要もあります」と述べています。CIOは通常、ITの自動化だけでなくビジネスの自動化推進の役割も担っているため、これは意外なことではありません。しかし、この2つは必ずしも相反する関係にあるとは限らないのです。 「この15年から20年において、企業は業務の効率化を図るために基幹システムのモダナイゼーションに取り組んできました」と同氏は説明します。「しかしそれと置き換えるためのビジネスケースが十分でないことが往々にしてあるのです」 自動化、ビジネス、およびCIO 自動化はKPIの改善やエンドユーザーエクスペリエンスの向上に役立つ新しいチャネルの構築を促進するため、事業を推進するCIOの主要なツールの一つであると、Rocket MortgageのCIOであるBrian Woodring氏は述べています。「最大の課題は、ビジネスの自動化によって、従来の非常に煩雑な手作業のプロセスを無くしてRPA化しているだけではないことを確認することです」と同氏は説明します。「これを怠った場合、短期的な勝利は得られるかもしれませんが、長期にわたる価値を提供することはできないでしょう。これまでに私が学んできたなかで最たるものの一つは、ビジネスに対して自動化を行うことはできないということです。自動化はビジネスに合わせて行わなければなりません。」 例えば、Cardinal Healthの医薬品部門の技術組織は、ビジネスリーダーと緊密に連携することで現在の弱点を特定し、これらのツールが顧客や従業員の体験をどのように改善するかに焦点を当てて、自動化すべき適切なプロセスを決定しているとCIOのGreg Boggs氏は述べています。 「当社のテクノロジー部門は、ビジネスリーダーと緊密に連携することで現在の弱点を特定し、これらのツールが、顧客や従業員の体験をどのように改善するかに焦点を当てて、自動化すべき適切なプロセスを決定します」と同氏は説明します。「一般的に、自動化構想がビジネスに与える影響を定量化するのは簡単でした。なぜなら、自動化構想には明確な事前・事後のビジネス指標があるからです。当社は、自動化における業務を成熟させ、ダイナミックでグローバルなヘルスケア環境において、軽快で革新的、かつ迅速に方向転換できるアーキテクチャを構築してきました」 しかし、金融機関におけるCIOの仕事の課題は、クライアントを満足させると同時にコンプライアンスを維持しながら、ビジネスのプロセス全体を再定義して無駄を省くことであるとWoodring氏は述べています。 さらに、自動化とAIを組み合わせた企業は、より迅速な意思決定、ビジネスプロセスの最適化、高い効率化を推進できるようになると、Capgemini社アプリケーション管理サービスデリバリー担当VPのSubramani Elumalai氏は語ります。 他のCIOも、ビジネスが自動化の取り組みの中心的な検討事項であることに同意しています。 たとえば、Northwestern Mutualでは、「アメリカ人を経済的不安から解放する」というミッションが、事業の優先順位を通知するすべての行動を後押ししていると、CIO兼EVPのJeff Sippel氏は述べています。 実用的なレベルでは、有意義な影響をもたらすエリアに自動化ソリューションを適用することを同社は常に考えています。こうした取り組みの成果を、自動化自体の成功ではなく、ビジネス上の成果として測定していると同氏は付け加えます。 イネーブラーとしての自動化 Adani Electricity Mumbai Ltdの商業管理責任者であるVaibhav Tandon氏にとっても、自動化とビジネス目標は密接な関係にあります。 自動化は、特定のプロセスを識別してビジネス要件を達成するためのイネーブラーとして機能すると同氏は述べています。また顧客中心主義は、電力会社の事業目標にとって極めて重要であり、自動化の取り組みにより、システムの生産性を高める効果が期待できます。「自動化は、顧客体験における重要な手段の一つとなり、その変化のライフサイクルを通じてさまざまな役割を果たすようになりました」とSippel氏は述べます。 そのためには、CIOがより広範で長期的な視点を持つと同時に、事業を継続し、最高の顧客体験を生み出すためのイノベーションを実現することが必要です。 「当社は基本的に街に暮らし続けながら街を再構築しており、CIOは、適切なツールは何か、そしてそのツールをどのようにして適切なタイミングで適切な場所に取り入れるかについて、常に戦略と戦術の両面から比較検討しています」と同氏は説明します。 Jamie Smith氏は、フェニックス大学のCIOとしての同氏の仕事は大学のあらゆる活動において自動化を適用する機会を伝達し、広めることだと述べています。Smith氏の視点は、自動化が人間の仕事を補強し、それによって大学が学生のためにより多くのことを実行できるようになることです。 現在同大学では、人間が行う繰り返し作業を自動化して効率化を図るRPA、学生の学習意欲の向上や出席を促すMLベースの自動ナッジ、社会人学生が支援を必要とする際のサポート窓口を広げる自動バーチャルアシスタント(Phoebe)など、さまざまな自動化を採用しています。 CIOの優先事項 複雑なワークフローの自動化は今後もCIOの優先事項であると、ロンドンに拠点を置くRossumのCTO兼チーフAIアーキテクトのPetr Baudis氏は述べています。重要なことは、このようなプロジェクトを部門間の垣根を越えてスケーリングすることです。これを実現するきっかけとなるのが、AIを活用したデータ取得の継続的な改善です。 高速かつ正確なデータ抽出は、取引や自動化機能を促進し、あらゆるビジネスインテリジェンスやデータ分析プラットフォーム内の基礎技術となり、優れたコラボレーションやB2Bコミュニケーションを可能にすると同氏は語ります。 「当社が重要と考える自動化技術には、RPAならびにプロセスマイニングやタスクマイニングなどがあります」とBaudis氏は述べます。「企業が自動化プロジェクトを試し、拡大するなかで、これらすべての技術間で収束していくのがわかります。 Adani Electricityは今年さらに、配電管理、カスタマーエクスペリエンス、メータリングエコシステム、消費者データ分析の分野で進化を続けているとTandon氏は述べています。 「当社はSASのAI/MLベースのエネルギー予測ソリューションを実装し、予測性能を向上させました」「これにより、約97%の予測精度を実現し、電力調達コストの最適化を図るとともに、250万人の消費者に安定した電力を供給することが可能になりました。流通管理、メータリングエコシステム、消費者データ分析においても進化を続けていきます」と同氏は説明します。 この電力会社の主要な自動化プロジェクトには、高度な配電管理システムを実装し、可視性とスケーラビリティを強化した自己修復型グリッドインフラストラクチャを構築し、カスタマーエクスペリエンスを向上させることが含まれています。また、同社はクラウドベースのデータレイクとアナリティクスソリューションの実装により、Tandon氏が言うところの「信頼できる唯一の情報源」を提供し、セルフサービス分析やデータに裏付けられた意思決定を促進し、より効率的な運用を実現しています。 3年前には2.2%あった当社のお客様の推定検針は、今では0.3%まで下がりました」と同氏は説明しています。「メカニズム全体が自動化されたため、人の手をかけずにすべての測定値を光学的にダウンロードできるようになりました。この取り組みにより、当社のシステム精度や株式資本利益率(RoE)によるインセンティブが確保されただけでなく、透明性が向上し、消費者からの苦情が減少しました」 Cardinal Healthの医薬品部門の主要目標は、顧客により良いサービスを提供するために、倉庫の自動化への取り組みを強化することだとBoggs氏は述べます。 「ITでは、Infrastructure as Code(IaC)、継続的なインテグレーションとデプロイ、およびAIオペレーションを優先していきます」と同氏は説明します。 フェニックス大学でも、いくつかの新しい自動化プロジェクトを進める準備ができています。現在同校では、学生や職員のさまざまな行程において、MLと自動化の利用拡大を可能にするエンタープライズ プラットフォームの開発を進めているとSmith氏は述べます。 「このエンジンは、データレイクに緊密に統合され、最適なチャネルを通じて、適切なタイミングで、真に個別化された学生サポートを可能にします」と同氏は付け加えます。 また同校は、入学手続き、成績処理、学資援助など、ますます複雑化する業務の自動化を継続することで、学生支援の充実を図る予定です。 「近年の進歩によって非構造化ドキュメントの利用や自然言語処理が可能になったことで、まったく新しい複雑なタスクが自動化の対象となりつつあります」とSmithは語ります。 同氏のチームは、自動化を効果的にスケールアップし、安全かつ確実に管理するためのプラットフォームとシステムを構築しています。結局のところ、存在しないはずのプロセスを自動化することほど非効率なことはないと同氏は述べています。AIと組み合わせた自動化は、企業がより迅速な意思決定を行い、ビジネス プロセスを最適化し、より高い効率化を推進する上で大きく役立つはずだとElumalai氏は述べます。「このような自動化は、自動検出、自動修復ソリューションによるビジネスKPIの向上、およびエンドユーザー エクスペリエンスを向上させる新たなチャネルの創出などの可能性を秘めています」 Data […]
Google launches Secure AI Framework to help secure AI technology
Google has announced the launch of the Secure AI Framework (SAIF), a conceptual framework for securing AI systems. Google, owner of the generative AI chatbot Bard and parent company of AI research lab DeepMind, said a framework across the public and private sectors is essential for making sure that responsible actors safeguard the technology that […]
In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
Cybersecurity news that you may have missed this week: AI regulation, layoffs, US aerospace malware attacks, and post-quantum encryption. The post In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption appeared first on SecurityWeek.
Google Introduces SAIF, a Framework for Secure AI Development and Use
The Google SAIF (Secure AI Framework) is designed to provide a security framework or ecosystem for the development, use and protection of AI systems. The post Google Introduces SAIF, a Framework for Secure AI Development and Use appeared first on SecurityWeek.
Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
Blackpoint Cyber raises $190 million in a growth funding round led by Bain Capital Tech Opportunities. The post Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats appeared first on SecurityWeek.
Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
Evidence suggests that the Cl0p ransomware group has known about and conducted tests with the recently patched MOVEit zero-day since mid-2021. The post Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021 appeared first on SecurityWeek.
‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
ESET has linked several cybercrime and espionage campaigns to a threat actor tracked as Asylum Ambuscade. The post ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns appeared first on SecurityWeek.
Google Cloud Now Offering $1 Million Cryptomining Protection
Google Cloud is offering up to $1 million in financial protection to cover expenses associated with undetected cryptomining attacks. The post Google Cloud Now Offering $1 Million Cryptomining Protection appeared first on SecurityWeek.
SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint. The post SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint appeared first on SecurityWeek.
Assessing the business risk of AI bias
AI doesn’t get better than the data it’s trained on. This means that biased selection and human preferences can propagate into the AI and cause the results that come out to be skewed. In the US, authorities are now using new laws to enforce instances of discrimination due to prejudicial AI, and the Consumer Financial Protection […]
How Capital One delivers data governance at scale
The ever-increasing emphasis on data and analytics has organizations paying more attention to their data governance strategies these days, as a recent Gartner survey found that 63% of data and analytics leaders say their organizations are increasing investment in data governance. The reason? Data governance is no longer viewed as a vehicle for compliance but […]
Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
As it pushes to renew a cornerstone law that authorizes major surveillance programs, the Biden administration faces an American public that’s broadly skeptical of common intelligence practices and of the need to sacrifice civil liberties for security. The post Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds appeared first on […]
ACT government falls victim to Barracuda’s ESG vulnerability
The Australian Capital Territory government is one of the victims of a vulnerability found in Barracuda’s email security gateway (ESG). In a press conference on 8 June, ACT government chief digital officer Bettina Konti said there is a likelihood that some personal information is involved but the harms assessment needs to completed for that to […]
Rebalancing through Recalibration: CIOs Operationalizing Pandemic-era Innovation
Kamal Nath, CEO, illustrates how Sify managed to operationalize pandemic era Innovation and how CIOs can follow suit in their journey. “We have to walk a new path with our clients,” says Kamal Nath, CEO of Sify, who shed light on the ways of working closely on the complexities pre-pandemic and how we are heading […]
North Korean APT group targets email credentials in social engineering campaign
Researchers warn of a social engineering campaign by the North Korean APT group known as Kimsuky that attempts to steal email credentials and plant malware. The campaign, focused on experts in North Korean affairs, is part of this group’s larger intelligence gathering operations that target research centers, think tanks, academic institutions, and news outlets globally. […]
Salesforce’s Marketing GPT and Commerce GPT to help build personalized services
Customer relationship management (CRM) software provider Salesforce has launched two new generative AI based offerings, dubbed Marketing GPT and Commerce GPT, to help enterprises build personalized services for their customers. Salesforce’s proprietary Einstein GPT and Data Cloud underpin the two new generative AI offerings. “With Marketing GPT, marketers will be able to automatically generate personalized […]
Google Cloud launches Cryptomining Protection Program
Google Cloud has launched its Cryptomining Protection Program for Security Command Center (SCC) Premium customers with up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks. SCC Premium customers will have access to the new product for free. SCC Premium works with a pay-as-you-go pricing, and as one-year and […]
Barracuda urges customers to replace vulnerable appliances immediately
Enterprise security company Barracuda has warned its customers against using email security gateway (ESG) appliances impacted by a recently disclosed zero-day exploit and to replace them immediately. A patch for the vulnerability, which has been exploited since October 2022, had been issued by Barracuda last month to stop the exploit from allowing ESG backdooring. To read […]
BastionZero releases SplitCert for password-free authentication and access
BastionZero has announced the release of SplitCert to provide password-free authentication access to databases. It uses Mutual TLS (mTLS) and cryptographic multi-party computation (MPC) to provide certificate-based authentication for popular, self-hosted Postgres and MongoDB databases, according to the vendor. Other new BastionZero platform features include passwordless access support for GCP cloud SQL and AWS RDS […]
Guardz releases AI-powered phishing protection solution for SMEs, MSPs
Cybersecurity vendor Guardz has announced the release of a new AI-powered phishing protection solution to help small- and medium-sized businesses (SMBs) and managed service providers (MSPs) prevent phishing attacks. It uses AI to provide small businesses and the MSPs that support them automatic phishing detection and remediation capabilities by combining email security, web browsing protection, […]
Kyndryl unveils incident response and forensics service, AWS threat intelligence collaboration
IT infrastructure services provider Kyndryl has announced a new cybersecurity incident response and forensics (CSIRF) service as well as a new threat intelligence collaboration with AWS. The CSIRF will help customers proactively prepare for and respond to threats by applying the latest threat intelligence and experience from Kyndryl’s security experts, the firm said. Its partnership […]
It’s time to evolve beyond marketing to create meaningful metaverse moments
VISION by Protiviti, Protiviti’s future-focused content initiative, has spent months exploring the metaverse future. Part of that exploration is a global survey we publish with the University of Oxford. I took a deep dive into the results and found some of what business leaders said in the Executive Outlook on the Metaverse, 2033 and Beyond […]
Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
Japanese pharmaceutical company Eisai says it has taken systems offline after falling victim to a ransomware attack. The post Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack appeared first on SecurityWeek.
Consolidate Vendors and Products for Better Security
Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a platform. The post Consolidate Vendors and Products for Better Security appeared first on SecurityWeek.
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
Researchers believe North Korea-linked Lazarus Group has stolen at least $35 million in cryptocurrency from Atomic Wallet. The post North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft appeared first on SecurityWeek.
Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
Vulnerabilities found by a researcher in a Honda ecommerce platform used for equipment sales exposed customer and dealer information. The post Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data appeared first on SecurityWeek.
Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
Cisco releases fixes for a critical-severity vulnerability in Expressway series and TelePresence Video Communication Server (VCS). The post Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions appeared first on SecurityWeek.
Salesforce CEO Benioff shakes up executive team with new hires
Salesforce CEO Marc Benioff has made a number of changes to the company’s management team, six months after the company’s co-CEO Bret Taylor announced he was leaving the organization. The roles of chief revenue officer, chief marketing officer, chief operating officer, and chief of staff are among the jobs that are undergoing a personnel or […]
Oshkosh CIO Anu Khare on IT’s pursuit of value
In his role as Oshkosh Corp.’s senior vice president and CIO, Anu Khare leads the specialty truck maker’s intelligent enterprise agenda, which includes data science and artificial intelligence practice, digital manufacturing, cybersecurity, and technology shared services to drive technology-enabled business transformation. Khare, a Forbes CIO Next 50 Tech Leader and Chicago CIO of the Year […]
What LOB leaders really think about IT: IDC study
For IT leaders seeking to move beyond being order takers and instead meet business colleagues eye to eye, the time is now, as IT teams are at risk of being excluded when key business decisions are made, according to a new study by IDC. Over 20% of North American line-of-business (LOB) leaders said that IT […]
10 hottest IT jobs for salary growth in 2023
As companies vie for talented tech workers to meet skills gaps in their organizations, the demand for certain tech roles has increased. There’s a strong need for workers with expertise in helping companies make sense of data, launch cloud strategies, build applications, and improve the overall user experience. This demand has driven up salaries for […]
Barracuda Urges Customers to Replace Hacked Email Security Appliances
Barracuda Networks is telling customers to immediately replace hacked ESG email security appliances regardless of the patches they installed. The post Barracuda Urges Customers to Replace Hacked Email Security Appliances appeared first on SecurityWeek.
Ecco come i CIO possono proteggere le informazioni di identificazione personale
Il mondo dell’industria è sempre più alle prese con la gestione dei dati e, ormai, non può più fare a meno di affidarsi all’intelligenza artificiale per migliorare i processi e il decision making. Tuttavia, a fronte di questa necessità, si presenta è una sfida significativa per garantire la privacy delle informazioni sensibili di identificazione personale, […]
Zero-trust: Why You Shouldn’t Ignore Your Print Environment
Being digital first may be the mandate for many CIOs, yet printers continue to hold a prominent presence in the workplace, especially in document-heavy sectors such as government, healthcare, legal, and logistics. In fact, the expanded scope of modern printers, which enable users not just to print but to also scan, copy, save, and share […]
BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
The Cl0p cyber-extortion gang’s hack of the MOVEit file-transfer program popular with enterprises could have widespread global impact. The post BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack appeared first on SecurityWeek.
Network Perception wants to give more visibility into IoT
The latest version of Network Perception’s NP-View platform, which is designed to provide deep insights into industrial and other operational technology networks, features new capabilities like improved parsing and more flexible lookup options. The Chicago-based vendor announced NP-View 4.2 today, saying that the new features include an improved algorithm for access rules and object groups […]
Clop extortion gang gives MOVEit exploit victims one week to reach out
The threat group behind the Clop ransomware took credit for the recent attacks exploiting a zero-day SQL injection vulnerability in a popular web-based managed file transfer (MFT) tool called MOVEit Transfer. In a message posted on its data leak site, the gang instructs victims to contact them and negotiate a payment until June 14 or […]
The NBA’s digital transformation is a game-changer
The NBA’s full-court press on digital technologies has revolutionized the fan, player, and team experience, thanks to accelerated deployment of cloud, analytics, AI, and computer vision technologies since the association launched its digital transformation in 2020. NBA EVP and CTO Krishna Bhagavathula, a former NBC News CTO who has been with the National Basketball Association […]
Expedia、生成AIでの飛躍を狙う
人工知能は旅行業界を破壊する態勢を整えており、1億6800万人のロイヤルティ会員と5万以上のビジネスパートナーを抱える巨大なオンライン旅行ネットワークを監督するExpediaのCTOであるラティ・マーシーは、自社が資本を投下するのに適した位置にいると考えています。 Travelocity、VRBO、Hotels.com、Orbitz、Trivago、Wotif、CarRentals.comといったトップブランド以外では、140億ドル規模のオンライン旅行サービスにとって最も貴重な財産はデータ、つまりAWSクラウドに保存された70ペタバイトの旅行者情報だからです。 「データは私たちの鼓動」と語るマーシーは、ベライゾン・メディアのCTOを務めた後、2年前にExpediaグループのCTO兼Expedia・プロダクト&テクノロジー担当プレジデントとして入社し、5Gの構築に携わっています。「私たちは非常に巨大なエコシステムを持っており、それによって私たちができたことは、旅行者のためのパーソナライズを全体で推進することです」 また、ChatGPTのような進化を続けるAIの拡大と消費者の間での普及に伴い、Expediaはアナリティクスと機械学習を幅広く活用してパーソナライズ戦略を推進し、顧客とパートナーが拡大し続けても旅行業界の進化を支援できるはずだとマーシーは述べています。 「AIは、私たちにとって大きな可能性を秘めたものです。Ai自体は新しいものではありませんが、ChatGPTはAIを民主化し、データとAIの2つを結びつけるという点で非常に強力です」とマーシーは言います。 2つの側面からの変革 Expediaグループは、シアトルに本部を置き、1996年にマイクロソフトの一部門として設立され、1999年に株式公開企業として分離されて以来、長い道のりを歩んできました。21以上のブランドと、300万以上のホテルやレンタル施設、500以上の航空会社やクルーズ会社、レンタカー会社とのつながりを持つ5万以上のB2Bパートナーを有します。 それでもまだ、オンライン旅行サービスには大きなポテンシャルがあるとマーシーは言います。現在、オンラインシステムで予約する旅行関係者や消費者は全体のわずか20%に過ぎないと推定しています。 6sense Revenue AIによると、Expediaのオンライン予約市場におけるシェアは約10%で、46%を占めるTripAdvisor、23%を占めるAirbnb、7%を占めるBooking.comなど、20以上のライバルと競争関係にあります。 マーシーは、Expediaがオンライン旅行予約の可能性を生かすために、競合他社を圧倒し、2022年に120億ドルを突破したExpediaの収益を拡大し続けるための2つのアプローチを考案しました。 彼女の核となる戦略は、異なりながらも相互に関連する2つのものから構成されています。一つはExpediaのインフラを統一的かつ統合的に構築する継続的な内部変革と、もう一つはオンライン旅行業界自体の変革をリードすることだと、CTOは言います。 「旅行業界は多くの(技術やプロセスの)レガシーを抱えており、誰もが私たちのような技術的な強みと能力を持っているわけではありません」と彼女は語り、Expediaが旅行業界のベースプラットフォームとして、旅行会社のデジタル化を支援し、彼らをオンラインの仲間に引き入れようとしていると述べます。 「私たち自身を変えるだけではありません。旅行業界を変革するのです」とのこと。「オンライン旅行会社は旅行市場の約20%を占め、80%は小規模プレーヤー、オフラインプレーヤー、航空会社、ホテルチェーン、ダイレクトブッキングが占めています。」 Expediaグループは、デジタルトランスフォーメーションのための多くの段階からなる計画を確実に策定し、マーシーが参画する前の2017年にワークロードのAWSクラウドへの移行を開始しました。 今では、同社のデータの90%以上がAWS上に保存されているとのことです。 AIの商業的利用可能性が爆発的に高まり、一般消費者をターゲットにしているという非常に好都合なタイミングにマーシーのミッションがやってきました。これまでAIプラットフォームは、データサイエンティストやソフトウェアエンジニア、IT専門家が機械学習モデルを構築するために企業内で使用することが主流でした。しかし、SaaSベンダーは、チャットボットなどの会話型AIツールや、OpenAIのChatGPTなどのプラットフォームが実現する生成型AIモデルを取り入れ、AIを消費者が誰でも使えるサービスとして民主化しつつあります。 このようなAIのコンシューマライゼーションは、旅行業界におけるパーソナライゼーションの機会をさらに促進するものであると考え、マーシーはその動向を注視しています。 機会を掴む そのため、Expediaは最近、ChatGPTとExpediaのサービス自体の中で旅行者のための会話機能を拡張するために2つのOpenAIプラグインを組み込みました。 一つはExpedia ChatGPTプラグインで、ChatGPTで旅行の計画を始めたユーザーがExpediaプラグインを選択すると、その旅行が現実となり、Expediaでのシームレスな予約体験が可能になるとマーシー氏は言います。もう一つのプラグインは、Expediaのアプリケーション内のもので、旅行者が旅行計画のあらゆる点について「会話機能」を利用でき、その会話で勧められたホテルを新しい「旅行」に保存し、簡単に旅行を組み立てることができるようにするものです。現在、英語版のiOS端末で利用可能です。 「(旅行者からの質問などの)ChatGPTデータと、旅行者の好み、予約パターン、価格設定の可否などのExpediaの旅行に特化したデータとの融合は、とても強力です。」とCTO。この技術の組み合わせで消費者は完全な旅程を作成できるとも言います。「多くのトラフィックを見てきましたが、旅行計画という観点ではとても素晴らしいものでした。」 Expediaのチームは、3~4週間でプラグインを導入することができました。「これは、私たちのAIに対するケーパビリティーと旅行プラットフォームのAPIが非常に成熟しているからです」とマーシーは言います。 他にも、多国籍消費財企業であるユニリーバやオムニチャネルの中古車販売会社カーマックスなど、ChatGPTやGPTのAPIを自社のサービスやアプリケーションにスピーディーに組み込んでいる企業はあります。 しかし、アナリストは、このような生成的AIの初期の実装は、意味のある影響を与えるまでに距離があると指摘しています。 「この初期段階では、Expediaのアプリ内のChatGPT機能は限定的です。リアルタイムの価格情報にはアクセスできず、ユーザーはこの機能を通じて予約することはできません。現在、Expediaアプリの旅行セクションにのみホテルのおすすめを保存することができます。」と、Gartner for Marketersのディレクターアナリストであるブラッド・ジャシンスキーは述べています。 ジャシンスキー氏はまた、消費者がオンライン予約システムと連携して旅行のためにチャット型AIシステムを使用するかどうかはわからないが、もし使用する場合は、「それがExpediaの体験を他のオンライン旅行代理店と差別化する可能性がある」と注意を払っています。 IDCのアナリストであるドロシー・クリーマーは、Expediaがパートナーと緊密に連携すれば、AI時代における良い位置にいると示唆します。 クリーマーは、「Expediaは、25年にわたる旅行と予約の行動に基づいてデータプラットフォームを構築しており、このレベルと深さのデータは、ポストパンデミック時代によりパーソナライズされた予約と旅の体験を推進するために不可欠です」と述べ、同社は「予約データから価値を抽出するためのデータサイエンティストによる精鋭のチームを構築しています。これらのデータポイントは、1ページの予約情報ごとに数千の組み合わせの評価を必要とします。」とも指摘しています。 また、クリーマーはExpediaのプロダクトはホテル、航空会社、レンタカー会社、およびその他のパートナーに、深い顧客の洞察を処理するための基盤を提供するように構築されていると指摘しています。「これには、AIやMLを駆使した機能やプラットフォームが提供できるデータの高度な分析が必要です。」と彼女は述べています。 一方で、Expediaのマーシーは、AIを取り巻く倫理的な懸念を十分に認識した上で、Expediaがすべてのユーザーにとって公正で自由な市場であることも確保したいと考えています。 マーシーは言います。「私たちは、AIのガバナンスと倫理を非常に注視しており、あらゆる情報共有の際にプライバシーへの配慮を確保しています。それは、私たち全員が気をつけなければならないことであり、AIを良い方向に利用するために具体的なコミュニティとして協力し、業界全体でベストプラクティスを利用できるようにすることでもあります。」 Artificial Intelligence
Cisco spotlights generative AI in security, collaboration
Cisco Security Cloud and Webex will sport new features supported by its home-grown generative AI.
Help wanted: IT tools and talent for building a multicloud estate
Anyone who works in the culinary arts, construction or other trades can vouch for the value of multipurpose tools and the wherewithal to use them. Give a seasoned chef professional-grade knives, cast iron and carbon steel cookware and there’s little that he or she cannot accomplish in the kitchen. Experienced construction workers handle many tasks […]
Stay Focused on What’s Important
Staying the course and sticking to strategic goals allows security professionals to steadily and continually improve the security posture of their organization. The post Stay Focused on What’s Important appeared first on SecurityWeek.
Sysdig Introduces CNAPP With Realtime CDR
Sysdig is launching what it claims to be the first CNAPP with end-to-end detection and response, consolidating CNAPP and CDR. The post Sysdig Introduces CNAPP With Realtime CDR appeared first on SecurityWeek.
Cisco debuts bold portfolio of network, security, and observability solutions and previews generative AI capabilities for Webex and Security Cloud
A tremendous number of enterprises and service providers view Cisco as the nexus of their network, security, and cloud operations. At the company’s Cisco Live customer and partner conference in June, Cisco boldly connected the dots of a network- and cloud-based ecosystem that ties together innovative technologies to drive productivity, resiliency, and growths, while also […]
VMware Plugs Critical Flaws in Network Monitoring Product
VMware ships urgent patches to cover security defects that expose businesses to remote code execution attacks. The post VMware Plugs Critical Flaws in Network Monitoring Product appeared first on SecurityWeek.
A guide to hybrid cloud deployment for innovation without disruption
Contact center platform vendors are bringing more cloud offerings to market, but not every organization is ready to transform with a move completely off-premises: Some prefer to keep certain workloads nearby (ex: 40% prefer to keep analytics and data deployment on-premises, according to new research from Ventana). Others – especially large enterprises that operate in […]
Over 60,000 Android apps infected with adware-pushing malware
Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue. “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans […]
New tool enables team collaboration on security case management
Security automation and orchestration platform Tines has added a new case management capability, dubbed Cases, to allow security teams to collaborate on security incidents. This collaboration feature is aimed at enabling the teams to efficiently handle anomalies, automation, and remediations. “With Cases, Tines users — which range from startups to Fortune 10 — can deploy […]
Sysdig adds “end-to-end” detection and response to CNAPP
Cloud security firm Sysdig has embedded cloud detection and response (CDR) into its cloud-native application protection platform (CNAPP). The company claims to be the first vendor to offer this consolidation, a move that enables its CNAPP to detect threats with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications. It leverages Falco, […]
US, Israel Provide Guidance on Securing Remote Access Software
US and Israeli government agencies have published new guidance on preventing malicious exploitation of remote access software. The post US, Israel Provide Guidance on Securing Remote Access Software appeared first on SecurityWeek.
Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
The Clop ransomware gang issued “an ultimatum” companies targeted in a recent large-scale hack of payroll data The post Hackers Issue ‘Ultimatum’ Over Payroll Data Breach appeared first on SecurityWeek.
From edge to cloud: The critical role of hardware in AI applications
In this new blog series, we explore artificial intelligence and automation in technology and the key role it plays in the Broadcom portfolio. This Easter, I tasked Midjourney, the AI tool that generates art from text, to create a futuristic egg basket that showcased the concept of being digitally connected. What I saw blew my […]
Bringing AI to your organization? Better bring the right database
By Patrick McFadin, DataStax developer relations and contributor to the Apache Cassandra project. Netflix tracks every user’s actions to instantly refine its recommendation engine, then uses this data to propose the content users will love. Uber gathers driver, rider, and partner data in the moment and then updates a prediction engine that informs customers about […]
ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
Researchers show how ChatGPT/AI hallucinations can be exploited to distribute malicious code packages to unsuspecting software developers. The post ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages appeared first on SecurityWeek.
Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
Google’s June 2023 security update for Android patches more than 50 vulnerabilities, including an Arm Mali GPU flaw exploited by spyware vendors. The post Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability appeared first on SecurityWeek.
OWASP’s 2023 API Security Top 10 Refines View of API Risks
OWASP’s ranking for the major API security risks in 2023 has been published. The list includes many parallels with the 2019 list, some reorganizations/redefinitions, and some new concepts. The post OWASP’s 2023 API Security Top 10 Refines View of API Risks appeared first on SecurityWeek.
10 security tool categories needed to shore up software supply chain security
As security leaders progress in their establishment of software supply chain security programs, they face a good news-bad news situation with the tools available to them — literally: the technology is rapidly advancing for good and for bad. The good news of the rapidly advancing software supply chain security technology is that the brisk pace […]
Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
Microsoft will pay a fine of $20 million to settle FTC charges that it illegally collected the data of children who signed up for Xbox. The post Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data appeared first on SecurityWeek.
Blumira Raises $15 Million for SMB-Tailored XDR Platform
Blumira raises $15 million in Series B funding and launches a new XDR platform for small and medium-sized businesses (SMBs). The post Blumira Raises $15 Million for SMB-Tailored XDR Platform appeared first on SecurityWeek.
How Palladium targets tech to better serve the business
At the end of the 1960s, Spanish businessman Abel Matutes had an ambitious dream to bring paradise closer to travelers by offering incredible experiences. The result was what is now the Palladium Hotel Group, a hotel chain with 10 different brands spread across Spain, Italy, Mexico, Brazil, Jamaica, and the Dominican Republic. But the company’s history […]
7 ways to spot hidden IT talent within your ranks
Every IT organization has hidden experts. These individuals, possessing extraordinary talents, help their teams reach new levels of innovation, planning, productivity, and efficiency. Discovering these unique individuals, and then elevating them to positions where they can achieve maximum effectiveness, is a skill that every CIO should learn. Spotting promising talent requires keeping a close pulse […]
Saudi Vision 2030: Why the Kingdom is becoming a hub in EdTech education
The Pandemic has pushed companies to accelerate their digital journey, large companies are already being encouraged to replace their traditional working methods with telematic ones. Proof of this is the KSA Cloud First Policy, announced in October 2020 by Saudi Arabia’s Ministry of Communications and InformationTechnologies, after the launch of a cloud data center in […]
Nasce in Lombardia la prima cloud region di Microsoft in Italia
Lo scorso lunedì, Microsoft ha annunciato di essere in procinto di lanciare la sua prima cloud region in Italia. La nuova realtà, che avrà tre data center [in inglese], sarà situata in Lombardia. Le imprese potranno iniziare a utilizzare la nuova region utilizzando Microsoft Azure [in inglese] o Microsoft 365 [in inglese] già nelle prossime […]
Ecco come dimostrare il valore degli analytics con l’edge computing
L’edge computing offre grandi vantaggi potenziali alle aziende, nei più disparati comparti merceologici. Questo modello di calcolo distribuito che avvicina l’archiviazione e l’analisi dei dati alle loro fonti, può offrire, infatti, alle aziende tempi di risposta migliori, una minore latenza di rete, una riduzione dei costi della larghezza di banda e persino una maggiore sicurezza. […]
Traditional malware increasingly takes advantage of ChatGPT for attacks
Traditional malware techniques are increasingly taking advantage of interest in ChatGPT and other generative AI programs, according to a Palo Alto Networks report on malware trends. “Between November 2022-April 2023, we noticed a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT,” according to the latest Network Threat Trends Research […]
ChatGPT creates mutating malware that evades detection by EDR
A global sensation since its initial release at the end of last year, ChatGPT‘s popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to […]
The new value calculator: Levers for business optimization
As we move further into the digital age, we continue to see a growing emphasis on data-driven decision-making. And as a result, there has been a surge in the development of new products, tools, and platforms competing to help businesses analyze and utilize more data, more effectively. Given the number of competing solutions along with […]
エッジにおけるアナリティクスの価値を証明する
エッジ コンピューティングは、さまざまな業界の企業にとって大きな潜在的メリットをもたらします。この分散コンピューティング モデルは、データ ストレージとアナリティクスをデータ ソースに近づけることで、応答時間の短縮、ネットワーク レイテンシの減少、帯域幅コストの削減、さらには組織のセキュリティを強化します。 エッジでのコンピューティングは、接続されたオブジェクトが収集するデータをリモートで処理できるため、IoT(モノのインターネット)などのイニシアチブをサポートします。このようなシステムがなければ、コネクテッド デバイスから生成される膨大な量のデータは、組織の中心データ インフラストラクチャを容易に圧迫し、分析のためにクラウド リポジトリにシャトルする場合は多額のコストがかかります。 [データ アナリティクスチームの大成功の秘密をご確認ください。| Beware the データ アナリティクスの12の俗説とデータ アナリティクスで組織が確実に失敗する方法にご注目ください。| データ アナリティクスの最新情報を入手するにはCIOニュースレターにご登録ください。] データの収集場所であるエッジにより多くのアナリティクス機能を導入することで、組織はより高い応答性と効率性を実現できます。ここでは、さまざまなユース ケースで企業がどのようにエッジにアナリティクスをデプロイしているのかをご紹介します。 道路の安全 Trimble Transportationは、経路の決定と最適化、トラッキングと可視化、安全性とコンプライアンス システムなどの技術を顧客に提供しています。クライアントは主に貨物運送業者で、車戴テレマティクス端末から毎日100億以上のデータポ イントを生成しています。データ ポイントには、エンジン温度、ターボ回転数、油圧、速度、クーラント レベルなど50以上の変数が含まれます。 車両センサーは増えつつあり、主要な性能指標をモニタリングし、タイヤの空気圧低下、車線逸脱、後方障害などの問題をドライバーに警告します。その結果、安全技術が大幅に進歩しましたが、その一方で膨大な量のデータが生成され、それを迅速に処理しなければリアルタイムに活用することができません。 Trimbleの場合、エッジ アナリティクスはより速く分析情報を得る方法を提供します。運輸・物流企業向けにハードウェアとソフトウェアを開発し、コネクテッド サプライチェーンを構築しているTrimbleは、トラック運送会社のバック オフィスを「ハブ」とするハブアンドスポークのネットワーク システムを構築していると、同社のデータ サイエンス担当副社長のChris Orban氏は説明します。 Orban氏によると、ハブには、輸送管理システム、注文受付、安全性とコンプライアンスなど、「スポーク」から提供されるデータ依存型運用システムのアプリケーションが含まれています。 同氏によると、「このモデルにおけるスポークは、運転席で車載コンピュータや電子ログ記録装置などの最先端技術を利用するトラック ドライバーです。」「これらの装置は4G LTEネットワークでクラウドに接続され、エッジで多くの計算が行われています。これらの計算には、ドライバーの勤務時間の追跡、安全イベントの報告、配達証明などの電子文書のスキャンが含まれます。」 Orban氏は、商用車の追跡が規制されるようになった頃から、何年にもわたってエッジ コンピューティングの反復処理を使ってきたと言います。Trimbleの初期の電子機器はトラックの運転席に設置され、トラックの位置や燃料レベルなどの簡単な情報を中継していました。「全員がポケットに携帯電話を持っていなかった時代に、バック オフィスとのコミュニケーションを提供していました」と同氏は述べます。 トラック運送会社が資産の所在を把握し、携帯電話の圏外にいる可能性のあるドライバーや機器と通信する機能があることが、この事業の主な推進要因でした。「衛星通信が唯一の接続オプションである可能性もあるため、これらの機器はドライバーと一緒にエッジで機能する必要がありました」とOrban氏は振り返ります。 安全性の観点から、Trimbleのすべてのモビリティ デバイスは、商用トラックのエンジン制御モジュール(ECM)と自社製およびサードパーティ製の安全ツールとの間をインターフェースで接続し、ハードブレーキ警告、後続車警告、ロール スタビリティ制御通知などの機能を提供します。 「運転席で、ドライバーは自分の運転行動について即座にフィードバックを受け、リアルタイムで効果的にその行動を修正することができますし、デバイスが代わりにやってくれることもあります」とOrban氏は言います。「たとえば、カーブを速く曲がりすぎているのがわかり、ロール スタビリティ制御が作動した場合、その装置は実際にブレーキを作動させてトラックを減速させ、そのロール スタビリティ制御が作動しなくなる状態にすることができます。」 Trimbleは、乗務時間からドライバーの疲労度を算出するエッジ アプリケーションも提供しています。 Trimbleがデータ アナリティクスとエッジ コンピューティング機能に投資しているもう一つの大きな分野は、ビデオです。「現在、多くの商用車には、ダッシュボード、サイドミラー、後部バックカメラ、あるいはこれらすべてに、外向きまたは内向きのカメラが設置されています」とOrban氏は言います。「これらの視覚化されたデータソースから得られる情報量は膨大です。」 TrimbleのVideo […]
Adapting to change on a dime: The absolute necessity of hybrid portability
These days, hybrid is a fact of life, and with it the need for hybrid portability. If you’ve ever traveled between continents for work, you’ve certainly had to bring along your corporate laptop containing all your work materials. To make it function in the other country you bring some physical components, like a power cable […]
Let Business Needs Guide Your Winning Data Team
The shortage of data science skills continues to frustrate organizations in their quest to become more data driven. CIO.com’s 2023 State of the CIO research found that data science/analytics is one of the top three tech-related skills CIOs are trying to hire – and 22% said it’s one of the three most difficult to fill. […]
The new wave of data observability
You’ve almost certainly heard the term observability used to describe the next generation of data monitoring. Observability has become increasingly important in recent years, as software systems have become more complex and distributed, allowing organizations to measure, monitor, and understand the behavior of their various systems. Analysts began to coin the term observability only 2-3 […]
Top 10 reasons to modernize technology now
The big picture: Modernizing applications can help companies take advantage of the latest technologies, streamline their operations, and stay ahead of the competition. Why it matters: Outdated applications can limit productivity, hinder growth, and negatively impact customer experience. The bottom line: Application modernization is a wise investment for businesses seeking long-term success and a competitive […]
How to Manage Data as a Product
Distributed data ownership is a new idea that has recently captured the attention of IT executives and chief data officers. The concept: data should be curated by the people who know it best versus locked up in an IT ivory tower. Furthermore, owners should treat data as a product, ensuring that it is clean, current, […]
Lacework’s new CIEM uses ML to fish out high-risk identities
Cloud security provider Lacework has released a new cloud infrastructure entitlement management (CIEM) offering to strengthen the observability of all cloud identities. The new capability is aimed at simplifying Lacework’s cloud security offering by merging with its existing cloud security posture management (CSPM), attack path analysis, and threat detection capabilities into a single platform. “CIEM […]
Only one in 10 CISOs today are board-ready, study says
Even though there is a growing demand for cybersecurity expertise at the highest levels of business, a significant number of public companies lack even one qualified cybersecurity expert on their board of directors, according to a study by cybersecurity research and advisory firm IANS. In addition, the study found that just a little more than […]
A Vision of Radical Networking Simplicity
In networking today, complexity reigns. Tapping an app on a mobile device at home relies on many connections. Count them: the home Wi-Fi, the ISP, the Internet, a Domain Name System (DNS) provider, a content delivery network (CDN), applications distributed among multiple providers in multiple clouds, credit authentication companies, a private customer information database. This […]
OWASP lists 10 most critical large language model vulnerabilities
The Open Worldwide Application Security Project (OWASP) has published the top 10 most critical vulnerabilities often seen in large language model (LLM) applications, highlighting their potential impact, ease of exploitation, and prevalence. Examples of vulnerabilities include prompt injections, data leakage, inadequate sandboxing, and unauthorized code execution. The list aims to educate developers, designers, architects, managers, […]
AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
AntChain has teamed up with Intel for a Massive Data Privacy-Preserving Computing Platform (MAPPIC) for AI machine learning. The post AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training appeared first on SecurityWeek.
KeePass Update Patches Vulnerability Exposing Master Password
KeePass 2.54 patches a vulnerability allowing attackers to retrieve the cleartext master password from a memory dump. The post KeePass Update Patches Vulnerability Exposing Master Password appeared first on SecurityWeek.
Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
French cybersecurity startup Elba raises €2.5 million ($2.6 million) to help organizations identify their employees’ security issues. The post Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product appeared first on SecurityWeek.
Google Workspace Gets Passkey Authentication
Google Workspace now offers support for passwordless authentication using passkeys, in beta. The post Google Workspace Gets Passkey Authentication appeared first on SecurityWeek.
Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
Keep Aware scores seed investment to build a human-centric browser security platform that provides protection against browser-based attacks. The post Keep Aware Raises $2.4M to Eliminate Browser Blind Spots appeared first on SecurityWeek.
Shadow IT is increasing and so are the associated security risks
Despite years of modernization initiatives, CISOs are still contending with an old-school problem: shadow IT, technology that operates within an enterprise but is not officially sanctioned — or on the radar of — the IT department. Unvetted software, services, and equipment can be nightmare fuel for a security team, potentially introducing a lurking host of […]
Department of Defense AI principles have a place in the CISO’s playbook
Artificial intelligence has zoomed to the forefront of the public and professional discourse — as have expressions of fear that as AI advances, so does the likelihood that we will have created a variety of beasts that threaten our very existence. Within those fears also lay worries about the responsibilities of those who create the […]
Cloud misconfiguration causes massive data breach at Toyota Motor
Japanese automaker Toyota Motor said approximately 260,000 customers’ data was exposed online due to a misconfigured cloud environment. Along with customers in Japan, data of certain customers in Asia and Oceania was also exposed. Toyota Motor has implemented measures to block access to the data from the outside and is investigating the matter including all […]
Several Major Organizations Confirm Being Impacted by MOVEit Attack
Major companies have confirmed being impacted by the recent MOVEit zero-day attack, including BBC, British Airways and Zellis. The post Several Major Organizations Confirm Being Impacted by MOVEit Attack appeared first on SecurityWeek.
Zoom Expands Privacy Options for European Customers
New options allow paid Zoom customers to specify certain data for meetings, webinars, and team chat to be stored within the EEA. The post Zoom Expands Privacy Options for European Customers appeared first on SecurityWeek.
Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
Verizon’s 16th annual Data Breach Investigations Report (DBIR) provides data on ransomware costs, the frequency of human error in breaches, and BEC trends. The post Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges appeared first on SecurityWeek.
Apple Unveils Upcoming Privacy and Security Features
Apple on Monday detailed new privacy and security features rolling out to both desktop and mobile users. The post Apple Unveils Upcoming Privacy and Security Features appeared first on SecurityWeek.
14 organizations that support LGBTQ+ tech workers
The lack of diversity in IT doesn’t just leave underrepresented workers feeling alienated; it can also make them feel unsafe. That’s certainly true for the LGBTQIA+ community, with only 76% of LGBTQ+ workers reporting they feel safe in their workplace and 64% of trans and gender nonconforming (GNC) individuals saying the same, according to a report […]
5 tips for startup partnership success
IT leaders looking to accelerate their innovation agendas have a partner-in-waiting in the startup ecosystem. By linking up with startups, CIOs can greatly expand their opportunities to experiment with emerging technologies and augment their in-house innovation programs. And the market for doing so remains robust for corporations looking to make the most of the model. […]
5G ready or 5G really? Industry CIOs face hard truths about private 5G
ArcelorMittal France conceived 5G Steel, a private cellular network serving its steel works in Dunkerque, to support its digitalization plans with high-speed, site-wide 5G connectivity. But when it turned the network on in October 2022, the devices connecting to it were only 4G. French public network operator Orange built the private network, which covers a […]
Google Patches Third Chrome Zero-Day of 2023
Google has released a Chrome 114 security update that patches CVE-2023-3079, the third zero-day vulnerability patched in the browser in 2023. The post Google Patches Third Chrome Zero-Day of 2023 appeared first on SecurityWeek.
ChatGPT and Your Organisation: How to Monitor Usage and Be More Aware of Security Risks
OpenAI’s ChatGPT has made waves across not only the tech industry but in consumer news the last few weeks. People are looking to the AI chatbot to provide all sorts of assistance, from writing code to translating text, grading assignments or even writing songs. While there is endless talk about the benefits of using ChatGPT, there is […]
Stress da cambiamento, che cosa fare se il tuo personale IT è in crisi
Nel picco della crisi pandemica e in piena digital transformation un’azienda italiana “della fabbricazione di poltrone e divani, con sede centrale in Puglia”, si è rivolta al Dipartimento di Scienze della Formazione, Psicologia, Comunicazione dell’Università degli Studi di Bari per una consulenza. L’obiettivo? Gestire lo stress da cambiamento monitorando la risposta dei dipendenti in termini […]
13 essential skills for accelerating digital transformation
Digital transformation is indeed a cornerstone of business strategy today, as 89% of enterprises see digital businessas core to their growth, according to Gartner’s Board of Directors 2023 Survey. Equally telling is another statistic from that research: Just 35% of these enterprises have achieved their digital goals or are on track to do so. “This […]
Clop ransomware gang exploits the MOVEit Transfer vulnerability to steal data
More information is coming to light after news last week that a critical vulnerability in a secure file transfer Web application called MOVEit Transfer was being exploited by hackers. Microsoft tied some of the attacks to a threat actor associated with the Clop ransomware gang. “Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer zero-day […]
Who’s paying your data integration tax?
We’ve just wrapped up tax season in the United States and much of Europe. We all know that dealing with taxes can be a complicated and frustrating process, especially for those who have their own businesses or generate investment income. Though we know who’s paying your income taxes this April (sorry to rub it in: […]
Atomic Wallet hack leads to at least $35M in stolen crypto assets
A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. The five most significant losses account for $17 million. “Think it could surpass $50m. […]
Dozens of Malicious Extensions Found in Chrome Web Store
Security researchers have identified over 30 malicious extensions with millions of installs in the Chrome web store. The post Dozens of Malicious Extensions Found in Chrome Web Store appeared first on SecurityWeek.
Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
Microsoft is making SMB signing a default requirement in Windows 11 Enterprise editions, starting with insider preview build 25381. The post Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security appeared first on SecurityWeek.
What if the Current AI Hype Is a Dead End?
If we should face a Dead-End AI future, the cybersecurity industry will continue to rely heavily on traditional approaches, especially human-driven ones. It won’t quite be business as usual though. The post What if the Current AI Hype Is a Dead End? appeared first on SecurityWeek.
Governments worldwide grapple with regulation to rein in AI dangers
As generative AI revolutionizes tech, governments around the world are trying to come up with regulations that encourage its benefits while minimizing risks such as bias and disinformation.
CISOs, IT lack confidence in executives’ cyber-defense knowledge
IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how […]
SAFE Security claims to predict data breaches with new generative AI offering
AI-based cyber risk management SaaS vendor SAFE Security has announced the release Cyber Risk Cloud of Cloud – a new offering it claims uses generative AI to help businesses predict and prevent cyber breaches. It does so by answering questions about a customer’s cybersecurity posture and generating likelihoods for different risk scenarios. These include the […]
Atomic Wallet hack leads to at least $35M in stolen crypto asset
A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT. The five most significant losses account for $17 million. “Think it could surpass $50m. Keep finding more and more victims sadly,” said Twitter user ZachXBT, who is an on-chain […]
Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
Zyxel urges customers to update ATP, USG Flex, VPN, and ZyWALL/USG firewalls to prevent exploitation of recent vulnerabilities. The post Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities appeared first on SecurityWeek.
Security Recruiter Directory
Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among […]
Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards. The post Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards appeared first on SecurityWeek.
Federal cyber incidents reveal challenges of implementing US National Cybersecurity Strategy
Microsoft revealed on May 24 that the Chinese threat group Volt Typhoon attempted to gain access to communications systems in the United States, including Navy infrastructure on Guam. Secretary of the Navy Carlos Del Toro later confirmed the Navy “has been impacted” by the cyberattacks, although he provided no further details. To read this article […]
10 notable critical infrastructure cybersecurity initiatives in 2023
The security of critical infrastructure has been high on the agenda in 2023, with cyberattacks and other risks posing a persistent threat to the technologies and systems relied upon for essential services such as energy, food, electricity, and healthcare. Research from cybersecurity services firm Bridewell assessed the current state of critical national infrastructure (CNI) threats […]
Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
The recent MOVEit zero-day attack has been linked to a known ransomware group, which reportedly stole data from dozens of organizations. The post Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations appeared first on SecurityWeek.
SBOMs – Software Supply Chain Security’s Future or Fantasy?
If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order. The post SBOMs – Software Supply Chain Security’s Future or Fantasy? appeared first on SecurityWeek.
Merck Life Sciences banks on RPA to streamline regulatory compliance
The pharmaceutical industry is a highly regulated one, especially for multinationals doing business across the globe. The regulatory process for pharmaceutical firms involves complex activities linked to various value chains — collecting data, applying for the right license, generating supporting documents for submission, and supply chain operations — that aid in the timely tracking of […]
3 things CIOs must do now to accurately hit net-zero targets
Research from Accenture shows that 48% of companies say technology-enabled sustainability initiatives lead to more competitive products and enhanced customer service, and contribute to attracting top talent—all of which help drive increased revenues. However, the latest and largest UNGC-Accenture CEO study revealed that 91% of CEOs report insufficient technology solutions as a barrier to seizing […]
Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
Thirty-six cybersecurity-related merger and acquisition (M&A) deals were announced in May 2023. The post Cybersecurity M&A Roundup: 36 Deals Announced in May 2023 appeared first on SecurityWeek.
Ecco come l’automazione della CSPM può migliorare la sicurezza del cloud
Con la rapida diffusione e con la crescente complessità degli ambienti cloud, le aziende sono sempre più esposte ai rischi connessi alle varie tipologie di minacce alla sicurezza. La gestione del profilo di sicurezza nel cloud (Cloud security posture management, CSPM) è un processo che aiuta le organizzazioni a monitorare, identificare e correggere senza soluzione […]
優秀な社員が辞めてしまう12の理由と、それを防ぐ方法
IT人材に対する需要が伸び続け、技術系人材の労働市場が逼迫する中、CIOはIT人材、特にパフォーマンスの高い人材が退職してしまうのを見過ごすわけにはいかない。 しかし、それでも、彼らは出て行ってしまうかもしれない。 Diceが発表した2022年の技術者センチメントレポートによると、回答者の52%が今後1年間に転職する可能性があると答え、前年度の44%から上昇した。 経営コンサルティング会社のコーン・フェリーのテクノロジー・デジタル・データ・セキュリティ担当の北米マネージング・ディレクターであるクレイグ・スティーブンソンは、「市場は依然として人材獲得競争にあり、個人には選択肢がある」と言う。 組織の課題を前進させるためには、充実したIT部門が不可欠であり、CIOは優秀な人材の補充がいかに困難で、かつコストがかかるかを認識している。 しかし、優秀な人材を惹きつけ続けるには、その人材がなぜ退職してしまうのか理由を知る必要がある。ここでは、優秀な社員が離職する12の一般的な理由と、ITリーダーがそれらの要因に対しどんな対策を取れるか紹介する。 1. 競争力のない報酬 労働市場の逼迫は、給与の上昇を促す。特にIT部門の社員は、競争力のある報酬を提供していない雇用主に留まる必要がないことを知っている。 元CIOで人材派遣に関する専門家であるエレン・シェパードは、「トップパフォーマーは、リクルーターからの電話を受け続けていて、仕事から離れることを恐れない」と語り「トップパフォーマーを求める企業は、確実な採用のために、市場価格の120%までのオファーを出す」と付け加えた。 人材派遣・企画・紹介会社であるリソース・コラボレーションの創業者兼CEOであるシェパードは、IT人材に市場価格以下の給与を支払っているCIOに対して、IT人材確保が困難なことで遅れた取り組みが給与アップのコスト以上に負担になっていることを説明し、給与アップを人事や経営幹部に訴えるようにアドバイスしている。 2. エンゲージメントの欠如 開発機会、マネジメント、組織の価値観から切り離されていると感じている従業員は、退職する可能性が高い。そして、自社の従業員の多くがそのように感じている可能性が高い。 Gallupが発表した「2022年世界のワークプレイスの現状」によると、従業員のエンゲージメントは近年低下しており、2020年の36%から2021年には34%に、2022年には32%になっている。 一方「積極的に(会社に)関わらないようにしている」と回答する従業員の割合は、同期間で徐々に上昇しており、2022年には18%の従業員がそのように感じていると回答している。 Gallupの報告書は「積極的離職者は、単に職場に不満があるだけではない。 自分のニーズが満たされていないことに憤りを感じ、自分の不満を行動で示している。このような社員は、毎日、積極的な同僚が達成したことを台無しにしている可能性がある。」としている。 その結果、やる気のない社員は、働いている社員でさえも辞めたくなるような風土を作り出してしまうかもしれない。 従業員が会社から離れているかを知るには、微妙な兆候に注意を払う必要がある。専門家は、管理職が従業員を観察し、自問自答するようアドバイスする。社交的な活動から遠ざかっていないか?いつもより多く病欠していないか?必要最低限のことしかしていないのではないか? QuestionProのワークフォースエクスペリエンス担当プレジデント、サンヤ・リシナ博士は「同僚との比較や、仕事の生産性や質でエンゲージメントを判断するのではなく、個人単位で要素を評価する必要がある」と言う。「いつも外向的だった人が急に控えめになったり、社外のチームビルディングやアクティビティに参加していた人が急に参加しなくなったりしたら、それは確かな兆候だ。しかし、内向的な人の場合、その人と個人的な関係を築いていない限り、(離脱を見抜くのは)難しいかもしれない」 3. 期待値がない、または不明確である 採用担当者であり、元CIOであるシェパードは、IT従業員の定着のためには、期待を明確にし、目標を設定することが重要であることを理解している。 成功のために何を達成すべきかを知ることで、最も重要なことに時間と労力を集中することができ、あらゆる労働者にとって有益であると彼女は言う。IT部門の社員は、使える時間よりも要求されることの方が多いため、CIOやその管理職がITチームの優先順位や目標を適切に指導しなければ、このような事態に陥る可能性がある。 新入社員が最初の6ヶ月で達成すべきことをまとめたオンボーディングプログラムがあり、その後、管理職が社員と一緒になって新しい目標を設定する組織は、定着率が高い傾向にあるとシェパードは言う。 4. インパクトが感じられない 自分の仕事がもたらす効果を実感できない従業員も、退職する可能性が高い。ドイツ・ボンに本社を置く技術管理ソフトウェアメーカーLeanIXのピープル&イネーブルメント担当バイスプレジデント、アンナ・ガイダは、従業員が仕事を辞める理由の上位に挙げられているのがこの理由だと言う。 労働者は、自分が雇用主のミッションに貢献していること、自分の仕事が重要であることを知りたがっているとガイダ氏は言う。 「私のやっている仕事は、会社を動かしているのか?私の仕事は、製品をどのように改善するのか?自分の仕事が問題解決に役立っているのか、どの程度理解できているのか?そして、エンジニアとして問題を解決するための自由度はどのくらいあるのだろうか?」と彼女は技術者の持ちうる疑問を挙げた。 LeanIXは、自分の仕事が企業の目標達成にどのように役立っているかを知らせるシステムを使って、従業員がこれらの質問に答えられるように支援している。リーダーは目標を明確にし、エンジニアに四半期ごとに達成すべき重要な結果を作成するよう求め、目標に到達していることを確認できるようにしている。 また、月1回の全員ミーティングでは、成功事例を紹介し、隔週で反省会を行い、進捗状況、提供した新製品や機能、それらを実現した個人について議論し「エンジニアにふさわしい可視性を持たせている」と彼女は語る。 5. ITに対するトップレベルのサポートがほとんどない。 技術者は、ITとIT技術者がもたらす貢献を評価する組織で働きたいと考えている。彼らは、企業のリーダーが明確なテクノロジー戦略を持ち、ITを実現する機能として捉え、ITチームに変化をもたらす能力を与えてくれることを望んでいる。 「彼らは変革を推進できることを望んでいる」とスティーブンソンは言う。それが欠落している場合、従業員が定着する可能性は低くなる。 CIO、Cレベルの同僚、そして役員は、テクノロジーを全体的な企業戦略に組み込むために協力しなければならない。この動きは、IT従業員の維持だけでなく、企業の成功に不可欠である。 そして、それが実現したならば、CIOはそれをチームに伝える必要がある。「テクノロジー戦略を明確にする必要がある」とスティーブンソンは言う。 6. 柔軟性が足りない 技術者は、柔軟なスケジュールやリモートワークの選択肢を重視する。Dice Tech Sentimentの調査に回答した技術者の90%近くが、リモートワークの機会が、他の組織への転職を考える上で重要な要素であると答えている。 また、従業員はワークスケジュールを調整する自由を求め、「何をするか、いつするか、どうするか」を指示する組織には留まらない、とシェパード氏は言う。 シェパード氏によると、管理職はスタッフに、いつ、どこで、どのように働くかという選択肢を与え、いつ、なぜ、特定の時間帯やオフィスで働く必要があるのかを明確にするポリシーを持たなければならないという。自分にとって、チームにとって、そして達成すべきタスクにとって、最も理にかなった方法で仕事時間の一部を調整することを労働者に許容することは、労働者の確保に大きく貢献することになる。 7. マネジメントのミスマッチ 「社員が仕事を辞めるのではなく、上司から去るのだ」という古い表現がある。 リクルーターが転職希望理由を聞いてみると、それは今でも同じだという。 チームワークを育めず、スタッフを惹きつけず、フィードバックもしないマネジャーは、社員の離職を助長する。また、従業員との距離が近くなく、従業員の提案や懸念、課題を聞いて、それを解決する手助けをすることに前向きでないマネージャーも同様である。 人材派遣会社ラサール・ネットワークのCEO兼創業者であるトム・ギンベルは、あるIT社員が、彼が必要と知っていたセキュリティ・プロトコルを上司がアップグレードしなかったために退職したのを見たことがある。「彼は、自分が勧めたものに会社が投資しなかったという責任を負わされるのが嫌だったのだろう」。 組織は、マネジメントに長けたマネージャーの育成に力を入れるべきだ。当たり前のことのように聞こえるが、人事担当者やCIOによれば、IT業界では必ずしもそうなっていないという。 CIOは、管理職が労働者の悩みに耳を傾け、それに対処するための時間を作ることを奨励すべきである。それだけで、優秀な人材を確保することができる、と人事担当者たちは言う。 「技術系人材は、透明性が高く、説明責任を果たす経営を期待している。優秀な人材は、自分の仕事が本当にインパクトのあるものだと感じられる場所で働きたいと考えている。リーダーシップが結果を出していないと感じれば、彼らは退職する可能性が高くなる」とBain […]
Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
Shift5 founder Josh Lospinoso discusses AI and how software vulnerabilities in weapons systems are a major threat to the U.S. military. The post Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech appeared first on SecurityWeek.
In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
Cybersecurity news that you may have missed this week: the spyware used by various governments, new vulnerabilities, industrial security products, and Linux router attacks. The post In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack appeared first on SecurityWeek.
MOVEit Transfer vulnerability appears to be exploited widely
Progress Software has discovered a vulnerability in its file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory. “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized […]
Russia points finger at US for iPhone exploit campaign that also hit Kaspersky Lab
The Russian federal security agency, the FSB, has put out a security alert claiming that US intelligence services are behind an attack campaign that exploits vulnerabilities in iOS and compromised thousands of iPhones devices in Russia, including those of foreign diplomats. In a separate report, Russian antivirus vendor Kaspersky Lab said that several dozen of […]
Zendesk to lay off another 8% of its staff, cites macroeconomic issues
CRM software provider Zendesk is reducing its workforce by another 8%, citing macroeconomic uncertainty, just six months after the company laid off 300 staffers for the same reason. “All this is difficult news to share, but I’ve made the decision to reduce our workforce by 8% at Zendesk,” CEO Tom Eggemeier wrote in an email […]
OpenAI Unveils Million-Dollar Cybersecurity Grant Program
OpenAI plans to shell out $1 million in grants for projects that empower defensive use-cases for generative AI technology. The post OpenAI Unveils Million-Dollar Cybersecurity Grant Program appeared first on SecurityWeek.
Expedia poised to take flight with generative AI
Artificial intelligence is poised to disrupt the travel industry, and Expedia CTO Rathi Murthy, who oversees a massive online travel network with 168 million loyalty members and more than 50,000 business partners, believes her company is well positioned to capitalize. That’s because, outside of its top brands, which include Travelocity, VRBO, Hotels.com, Orbitz, Trivago, Wotif, […]
Attackers use Python compiled bytecode to evade detection
Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed as opposed […]
Galvanick Banks $10 Million for Industrial XDR Technology
Los Angeles startup Galvanick scores $10 million seed capital to build a modern industrial detection and response platform. The post Galvanick Banks $10 Million for Industrial XDR Technology appeared first on SecurityWeek.
MOVEit Transfer vulnerability is being exploited widely
Progress has discovered a vulnerability in file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory. “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to […]
Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
Point32Health says the personal and protected health information of 2.5 million Harvard Pilgrim Health Care subscribers was stolen in a recent ransomware attack. The post Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer appeared first on SecurityWeek.
Idaho Hospitals Working to Resume Full Operations After Cyberattack
Two eastern Idaho hospitals and their clinics are working to resume full operations after a cyberattack on their computer systems. The post Idaho Hospitals Working to Resume Full Operations After Cyberattack appeared first on SecurityWeek.
High-Severity Vulnerabilities Patched in Splunk Enterprise
Splunk has resolved multiple high-severity vulnerabilities in Splunk Enterprise, including bugs in third-party packages used by the product. The post High-Severity Vulnerabilities Patched in Splunk Enterprise appeared first on SecurityWeek.
US, South Korea Detail North Korea’s Social Engineering Techniques
The US and Korea are warning of North Korean social engineering attacks targeting employees of think tanks, academic and research institutions, and news media organizations. The post US, South Korea Detail North Korea’s Social Engineering Techniques appeared first on SecurityWeek.
Deoleo doubles down on sustainability through digital transformation
Olive oil is an integral ingredient in kitchens around the world thanks to its unique flavor and beneficial health properties. According to data from the International Olive Council (IOC) during a 2021-2022 campaign, global consumption stood at 3.2 million tons, 2.9% more than the previous period. And one company that’s certainly contributed to this is Deoleo, […]
Apple Denies Helping US Government Hack Russian iPhones
Apple has denied working with any government to add backdoors to its products after Russia accused the company of helping the NSA hack iPhones. The post Apple Denies Helping US Government Hack Russian iPhones appeared first on SecurityWeek.
Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
Enzo Biochem says the clinical test information of roughly 2.47 million individuals was exposed in a recent ransomware attack. The post Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals appeared first on SecurityWeek.
Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
A zero-day vulnerability in Progress Software’s MOVEit Transfer product has been exploited to hack organizations and steal their data. The post Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations appeared first on SecurityWeek.
Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
Google is offering a bug bounty reward of up to $180,000 for a full chain exploit leading to a sandbox escape in the Chrome browser. The post Google Temporarily Offering $180,000 for Full Chain Chrome Exploit appeared first on SecurityWeek.
Resilient data backup and recovery is critical to enterprise success
As businesses digitally transform and leverage technology such as artificial intelligence, the volume of data they rely on is increasing at an unprecedented pace. Analysts IDC[1] predict that the amount of global data will more than double between now and 2026. Meanwhile, Foundry’s Digital Business Research shows 38% of organizations surveyed are increasing spend on […]
Democratizing HPC with multicloud to accelerate engineering innovations
Today’s research is crucial because it fuels tomorrow’s innovations. Increasingly, the speed and magnitude of innovations rely on technology-powered research and engineering using high performance computing (HPC). That’s why democratizing HPC via the cloud—known as Cloud for HPC—can provide significant benefits to all of humankind. Cloud for HPC is helping to move HPC usage from […]
BigID wants to let you tweak your data classifications manually
BigID is adding a feature that lets end users of its data intelligence platform manually adjust classification models, in an effort to make those more precise without the need for advanced coding knowledge. The company announced today that the new feature, called classifier tuning, would allow users to adjust machine learning models in real time, […]
ISACA pledges to help grow cybersecurity workforce in Europe
Global professional association ISACA has announced a pledge to the European Commission to grow and empower the cybersecurity workforce in Europe. The pledge will see ISACA provide 20,000 free memberships to students across Europe to acquire crucial cybersecurity skills and support the identification of qualified cybersecurity candidates for organizations, supporting the European Union’s (EU) cybersecurity […]
Russia Blames US Intelligence for iOS Zero-Click Attacks
Kaspersky said its corporate network has been targeted with a zero-click iOS exploit, just as Russia’s FSB said iPhones have been targeted by US intelligence. The post Russia Blames US Intelligence for iOS Zero-Click Attacks appeared first on SecurityWeek.
Survey: Marketers embrace AI at expense of metaverse investments
The B2B marketing landscape is experiencing a seismic shift fueled by the ascent of ChatGPT and other generative AI (GAI) apps. In a testament to its growing importance, 80% of marketers have experimented with or deployed the burgeoning technology, in some cases redirecting budgets from last year’s forays into the metaverse. These moves reflect a […]
Toyota Discloses New Data Breach Involving Vehicle, Customer Information
Toyota says improper cloud configurations exposed vehicle and customer information in Japan and overseas for years. The post Toyota Discloses New Data Breach Involving Vehicle, Customer Information appeared first on SecurityWeek.
Cisco Acquiring Armorblox for Predictive and Generative AI Technology
Cisco is in the process of acquiring email security firm Armorblox for its predictive and generative artificial intelligence (AI) technology. The post Cisco Acquiring Armorblox for Predictive and Generative AI Technology appeared first on SecurityWeek.
What is the Cybercrime Atlas? How it can help disrupt cybercrime
Announced in June 2022, the Cybercrime Atlas is an initiative from the World Economic Forum (WEF) to map activities of cybercriminals and create a database that can be used by law enforcement across the world to disrupt the cyber-criminal ecosystem. Cybercrime Atlas officially launched in February 2023 in a partnership between WEF and Banco Santander, […]
Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
Critical authentication bypass and high-severity command injection vulnerabilities have been patched in Moxa’s MXsecurity product. The post Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks appeared first on SecurityWeek.
Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
Salesforce ghost sites — domains that are no longer maintained but still accessible — can expose personal information and business data. The post Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information appeared first on SecurityWeek.
Amazon Settles Ring Customer Spying Complaint
The FTC charged Amazon-owned Ring with failing to implement basic protections to stop hackers or employees from accessing people’s devices or accounts. The post Amazon Settles Ring Customer Spying Complaint appeared first on SecurityWeek.
Designing the campus of the future starts with high-quality 10 Gbps connectivity
According to Huawei’s research data, 90% of urban residents either live, work or study in a campus, generating over 80% of national GDP. However, campus infrastructure is often decades old and mismatched to people’s growing needs. Campus residents are increasingly reliant on high-performance wireless networks, high bandwidth/low latency connections to cloud applications and high-definition audio/video […]
Top 8 data engineer and data architect certifications
Data analytics is the lifeblood of any successful business. Getting the technology right can be challenging but building the right team with the right skills to undertake data initiatives can be even harder. Successfully deploying big data initiatives requires more than data scientists and data analysts. It requires data architects who design the “blueprint” for […]
5 CxOs on leading change
For years leaders have been hammering home the point that the only constant is change. But you need only look back to the “good old days” of 2019 to realize that change is no longer constant; it’s accelerating, accumulating, and becoming more complex all at the same time. With technology playing both an enabling and […]
Adobe Inviting Researchers to Private Bug Bounty Program
Adobe is inviting security researchers to join its private bug bounty program on the HackerOne platform. The post Adobe Inviting Researchers to Private Bug Bounty Program appeared first on SecurityWeek.
Critical Vulnerabilities Found in Faronics Education Software
Faronics patches critical-severity remote code execution (RCE) vulnerabilities in the Insight education software. The post Critical Vulnerabilities Found in Faronics Education Software appeared first on SecurityWeek.
L’IA nelle imprese italiane, a che punto siamo?
L’intelligenza artificiale è già tra noi, soprattutto se guardiamo il livello di implementazione da parte delle grandi imprese: dati alla mano, risulta che, nel 2022, il 61% del campione esaminato (174 organizzazioni) ha avviato almeno un progetto di IA, mentre il 34% si dichiara in possesso di capitali, competenze e strategie per integrare l’AI nei […]
Australia’s CIO50 Team of the Year Awards finalists revealed
The finalists in Australia’s 2023 CIO50 Team of the Year Awards have been announced. The team awards are new categories in the prestigious CIO50 awards progam, which is now in its eight year. Along with the unveiling of the annual CIO50 List and the team category winners, the 2023 CIO50 Awards will also recognise the […]
API security: key to interoperability or key to an organization?
Most applications built today leverage Application Programming Interfaces (APIs), code that makes it possible for digital devices, applications, and servers to communicate and share data. This code, or collection of communication protocols and subroutines, simplifies that communication, or data sharing. The use of APIs is growing exponentially, year over year, and with the growth of […]