US Gov Rolls Out National Cyber Workforce, Education Strategy
The Biden administration on Monday announced a series of “generational investments” to address immediate and long-term cyber workforce needs. The post US Gov Rolls Out National Cyber Workforce, Education Strategy appeared first on SecurityWeek.
Why Zain Kuwait partnered with BMC Software: An ongoing commitment to service management excellence
Zain Kuwait became the country’s first mobile operator in 1983 and has since grown into the largest mobile operator in the Middle East, providing voice and data services to more than 53 million customers. Worth more than $2.4 billion, Zain employs 7,100 people in seven countries—and is growing largely because of the high level of […]
Simplifying IT strategy: How to avoid the annual planning panic
For those companies operating on a calendar year, the end of summer signals the start of annual planning and the mad dash to prepare their IT strategies. Annual or not, like running with the bulls in Pamplona, this exercise never fails to test your mettle and often leaves you staring frantically at the page and […]
How Bloomberg’s engineers built a culture of knowledge sharing
Bloomberg is a company synonymous with finance, technology, and media. It has offices across the globe and more than 8,000 engineers working to support everything from real-time data feeds about moves in the financial markets and the company’s journalists to mobile apps and AI models that can analyze financial data and sentiment. To help its […]
Stack Overflow announces OverflowAI
Today marks the beginning of a new and exciting era for Stack Overflow. We are announcing our roadmap for the integration of generative AI into our public platform, Stack Overflow for Teams, and brand new product areas, like an IDE integration that brings the vast knowledge of 58 million questions and answers from our community […]
Paper-to-Digital Can Drive Sustainability at Scale
Adobe created the Portable Document Format, the PDF, in 1993 to provide an easy and reliable way to create, present, and exchange visually rich and composed documents independent of the device being used. The invention was one of the biggest steps toward the “paperless office,” perhaps second to computers. A workplace built on digital technologies […]
Why knowledge management is foundational to AI success
Amid all the conversations about how AI is revolutionizing work—making everyday tasks more efficient and repeatable and multiplying the efforts of individuals—it’s easy to get a bit carried away: What can’t AI do? Despite its name, generative AI—AI capable of creating images, code, text, music, whatever—can’t make something from nothing. AI models are trained on […]
The hardest part of building software is not coding, it’s requirements
With all the articles about all the amazing AI developments, there’s plenty of hand-wringing around the possibility that we, as software developers, could soon be out of a job, replaced by artificial intelligence. They imagine all the business execs and product researchers will bypass most or all of their software developers and ask AI directly […]
BIT’s Agrobit named a ‘Hero of Sustainability’ at SAP Innovation Awards
The days of farmers pouring over a Farmer’s Almanac for answers about what and when to plant are gone – like dust in the wind. As the market has expanded worldwide and become more sophisticated, so have the challenges facing farmers and their questions about how to move forward. They want information and advice. BIT S.A., […]
Atea – Enabling organizations to tame complexity, manage growth
Atea is focused on helping organizations maximize the value of their IT investments—from initial deployment, throughout their lifecycle, and into the next generation of technology solutions. With almost 8,000 employees located in 85 offices across seven countries in the Nordic and Baltic regions of Europe, the company offers a complete range of hardware, software and services […]
Building a Beautiful Data Lakehouse
Applying artificial intelligence (AI) to data analytics for deeper, better insights and automation is a growing enterprise IT priority. But the data repository options that have been around for a while tend to fall short in their ability to serve as the foundation for big data analytics powered by AI. Traditional data warehouses, for example, support […]
Reddit Taps Fredrick ‘Flee’ Lee for CISO Job
Reddit hires a 20-year cybersecurity veteran to manage its privacy and security functions as it prepares for an IPO. The post Reddit Taps Fredrick ‘Flee’ Lee for CISO Job appeared first on SecurityWeek.
Apple Lists APIs That Developers Can Only Use for Good Reason
To boost user privacy, Apple is requiring app developers to declare a reason to use specific APIs. The post Apple Lists APIs That Developers Can Only Use for Good Reason appeared first on SecurityWeek.
Huawei Unleashes the Power of Technology for a Sustainable, Digital Europe
Digital transformation is key in building Europe’s resilience and sustainability Huawei As a committed partner of digital Europe, Huawei builds innovative ICT infrastructure and works with customers and partners to accelerate the digital transformation of enterprises, aiming to drive economic prosperity and build a sustainable, digital Europe. — Ernest Zhang, President, Huawei Enterprise Business Group […]
Swiss Re streamlines insurers’ natural disaster response with AI
Natural disasters have been increasing in frequency, severity, and diversity in recent years, pressuring insurers to be more efficient and to anticipate event and claim fallout. The same goes for reinsurance firms, which provide insurance for insurers, reducing their likelihood of large payouts—a significant factor in the insurance industry’s response to natural disasters. According […]
20 issues shaping generative AI strategies today
Organizations are rushing to figure out how to extract business value from generative AI — without falling prey to the myriad pitfalls arising. The adoption curve here is by no means gradual, with most enterprise leaders quickly working to harness the technology’s potential mere months after the November 2022 launch of gen AI tool ChatGPT […]
CISA Analyzes Malware Used in Barracuda ESG Attacks
CISA has shared analysis reports on three malware families obtained from an organization hacked via a recent Barracuda ESG vulnerability. The post CISA Analyzes Malware Used in Barracuda ESG Attacks appeared first on SecurityWeek.
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks
Ivanti EPMM customers have been warned of CVE-2023-35081, a second zero-day vulnerability that has been exploited in targeted attacks. The post Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks appeared first on SecurityWeek.
Building a successful platform engineering practice
As companies continue to shift towards the cloud, platform engineering has emerged as a practice for organizations to efficiently and effectively deploy modern workloads, while maintaining a repeatable secure deployment pattern. Organizations looking to remain competitive and relevant in today’s fast-paced world need to focus on setting up processes that enable development teams to build […]
5 steps to drive and foster innovation in IT
Tight budgets and labor shortages have remained an ongoing challenge for IT leaders in 2023. As a result, CIOs are looking at ways of doing more with less, while continuing to digitally transform their organizations. How can we free up funds in one area to invest or innovate in another area of the business? This […]
In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 24, 2023. The post In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android appeared first on SecurityWeek.
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications
US and Australian government agencies provide guidance on addressing access control vulnerabilities in web applications. The post US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications appeared first on SecurityWeek.
How much advantage does edge offer? And how are organizations using it?
Organizations are fast discovering the business benefits of edge solutions, such as edge computing. Real-time data processing is enabling them to make faster decisions, secure their assets (both physical and virtual), and gain better control over their operations. It all sounds attractive, but you may wonder to what extent edge computing actually provides an advantage […]
Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins
The first attempts to exploit CVE-2023-24489, a recent critical Citrix ShareFile remote code execution vulnerability, have been observed. The post Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins appeared first on SecurityWeek.
Industry Reactions to New SEC Cyber Incident Disclosure Rules: Feedback Friday
Several industry professionals comment on the SEC’s new cybersecurity incident disclosure rules and their implications. The post Industry Reactions to New SEC Cyber Incident Disclosure Rules: Feedback Friday appeared first on SecurityWeek.
Zimbra Patches Exploited Zero-Day Vulnerability
Zimbra has released patches for a cross-site scripting (XSS) vulnerability that has been exploited in malicious attacks. The post Zimbra Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek.
Embracing neurodiversity in IT for competitive advantage
The term neurodiversity covers a range of conditions, as well as the various spectrums within each. So each neurodiverse professional’s experience is unique, but speaking for myself, being neurodiverse has been a huge competitive advantage in my technology career. The ability to pivot fast and hyperfocus are strengths, not weaknesses, and a leader that can […]
JLL reinvents itself for the AI era
City skyscrapers and office parks may remain scarcely occupied in the post-pandemic work era, but commercial real estate player JLL’s business is not slowing down, thanks to the company’s embrace of technology and high-growth opportunities to adapt and prosper. The Chicago-based commercial real estate company, one of the largest in the world, has invested heavily […]
Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices
Several vulnerabilities found in Weintek Weincloud could have allowed hackers to manipulate and damage ICS, including PLCs and field devices. The post Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices appeared first on SecurityWeek.
CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist
CoinsPaid says North Korean hacking group Lazarus is likely responsible for the recent theft of $37 million in cryptocurrency. The post CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist appeared first on SecurityWeek.
You cannot develop a high-quality customer engagement strategy without trust
Engaged customers are vital to the success of any business. Analytics is central to understanding what works for your customers. But how do you get them to share actionable data? Of course, customers are willing to share data in return for better services and products. But, they want to be safe in knowing that their […]
You can’t grow trust on a rocky infrastructure
There is an explosion of personal data about what we buy, where we go, and what we watch. We trust the custodians of our data to ensure it is not breached or used irresponsibly. But not all organizations that store and process sensitive customer data are fully aware that a chink in infrastructure can break […]
Get the best value from your data by reducing risk and building trust
Users are increasingly concerned about how their data is harvested and used. Data privacy is an essential ingredient of trust in a business and is thus inextricably linked to growth. Data privacy is the control of data harvested, stored, utilized, and shared in compliance with data protection regulations and privacy best practices. Data privacy encompasses […]
Ignoring data lifecycle management is putting your business at risk
Enterprises are dealing with increasing amounts of data, and managing it has become imperative to optimize its value and keep it secure. Data lifecycle management is essential to ensure it is managed effectively from creation, storage, use, sharing, and archive to the end of life when it is deleted. Data lifecycle management covers the processes, […]
IT leaders grapple with shadow AI
Max Chan knew he had to do something. Soon after ChatGPT burst on the scene in November 2022, Chan realized generative AI would amount to far more than the just the latest technology flash-in-the-pan. With the ability to instantaneously ingest reams of data using large language models (LLMs), generative AI technologies such as OpenAI’s ChatGPT […]
The advantages of being cloud smart
Last year VMware commissioned an eye-opening survey of IT leaders, including nearly 6,000 CIOs, CISOs, CTOs, application developers, cloud architects, and DevOps professionals across the globe. The resulting report, “The Multi-Cloud Maturity Index,” garnered important intelligence on the state of multi-cloud deployments across industries. As a multi-cloud approach becomes increasingly ubiquitous with efforts to future-proof […]
The central role of a multi-cloud approach when future-proofing today’s dynamic enterprises
As we closed out 2022 and began 2023, VMware’s Research and Insights organization interviewed more than 450 technology executives to get their candid views on the topics that present enterprises with the greatest opportunities and challenges. The resulting report revealed a technology landscape marked by excessive pressure to deliver IT value in uncertain times. The […]
US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’
Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government. The post US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’ appeared first on SecurityWeek.
SAP raises on-prem support costs again to drive cloud adoption
First came the carrot of lower costs in the cloud with the bundled Rise with SAP offering. Now here comes the stick. SAP said Thursday it will raise the cost of support for users of its on-premises software for the second year in a row, just days after announcing plans to withhold future innovations in […]
Multiple Security Issues Identified in Peloton Fitness Equipment
Internet-connected Peloton workout equipment is impacted by multiple security risks, such as having USB debugging enabled. The post Multiple Security Issues Identified in Peloton Fitness Equipment appeared first on SecurityWeek.
TSA Updates Pipeline Cybersecurity Requirements
The TSA has released updated cybersecurity requirements for pipeline owners and operators, instructing them to test assessment and incident response plans. The post TSA Updates Pipeline Cybersecurity Requirements appeared first on SecurityWeek.
Head of US Cybersecurity Agency Sees Progress on Election Security, With More Work Needed for 2024
CISA Director Jen Easterly says more is needed to defend the integrity and resiliency of the election process ahead of the 2024 election. The post Head of US Cybersecurity Agency Sees Progress on Election Security, With More Work Needed for 2024 appeared first on SecurityWeek.
European Threat Intelligence Firm QuoIntelligence Raises $5.5 Million in Seed Funding
Threat intelligence services provider QuoIntelligence has raised €5 million ($5.5 million) in seed funding. The post European Threat Intelligence Firm QuoIntelligence Raises $5.5 Million in Seed Funding appeared first on SecurityWeek.
Protect AI Raises $35 Million to Protect Machine Learning and AI Assets
Machine Learning and Artificial Intelligence security firm Protect AI raised $35 million in Series A funding led by Evolution Equity Partners. The post Protect AI Raises $35 Million to Protect Machine Learning and AI Assets appeared first on SecurityWeek.
The Good, the Bad and the Ugly of Generative AI
Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive one to thrive.” The post The Good, the Bad and the Ugly of Generative AI appeared first on SecurityWeek.
Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats
An Axis network door controller vulnerability can be exploited to target facilities, exposing them to both physical and cyber threats. The post Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats appeared first on SecurityWeek.
CardioComm Takes Systems Offline Following Cyberattack
Canadian medical software provider CardioComm has taken systems offline to contain a cyberattack. The post CardioComm Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads
Researchers discovered two vulnerabilities in the Ubuntu OverlayFS module: CVE-2023-2640 and CVE-2023-32629 (together dubbed ‘GameOver(lay)’). The post Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads appeared first on SecurityWeek.
CIO Diane Schwarz on the power of professional ecosystems
Diane Schwarz knows it as well as anyone: You can’t climb to the C-suite alone. It takes an ecosystem of colleagues, clients, and partners — all of whom help you navigate what is often a nonlinear path. Such has been the case in Diane’s own storied career, from her education at Notre Dame and Chicago […]
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus
Maximus Inc says that the personal information of 8 to 11 million individuals was stolen in the MOVEit cyberattack. The post Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus appeared first on SecurityWeek.
Companies Required by SEC to Disclose Cybersecurity Incidents in 4 Days
The SEC has adopted new rules requiring public companies to disclose cybersecurity breaches that have a material impact within four days. The post Companies Required by SEC to Disclose Cybersecurity Incidents in 4 Days appeared first on SecurityWeek.
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation
Researchers say a whopping 62 percent of AWS environments may be exposed to the newly documented AMD ‘Zenbleed’ information leak flaw. The post Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation appeared first on SecurityWeek.
Low-Tech Collaboration Emerges as The Key to Protecting Complex Enterprise Infrastructure Environments
The complexity of today’s enterprise infrastructure environment has created demand for a great variety of dedicated point security solutions, triggering a disconcerting array of alarms and alerts that most organizations struggle to address with current access to talent and staff. While implementing effective strategies that harness automation and security technology remain critical, the most successful […]
Adapt to business changes with flexible licensing
When it comes to technology, the one thing you can count on is change. Requirements evolve over time as organizations adapt their environments and deployments to meet new demands and challenges. But in the past few years, this rate of change has skyrocketed. What an organization needs one quarter may be drastically different than what […]
ServiceNow adds new features to its Now Assist generative AI assistant
ServiceNow is adding new features to its Now Assist generative AI assistant that comes bundled with the company’s Now platform, designed to help organizations automate workflows. The new capabilities of Now Assist, which include case summarization and text-to-code, are compatible with all workflows and are designed to drive productivity and efficiency for organizations, the company […]
Best practices for building a single-vendor SASE solution
Over the past three or four years, the industry has been abuzz with the concept of delivering converged security and networking features via the cloud. Secure Access Service Edge combines networking solutions like SD-WAN with cloud-delivered security like firewall as a service (FWaaS), cloud access security broker(CASB), and secure web gateway (SWG). But even with all the hype, most considered SASE as something […]
Deloitte and SAP team to create the perfect ware for trade classification
Suppose you have an international apparel company that manufactures and sells shirts. But let’s focus on just one shirt to start. Following common industry practice, you have the shirt manufactured in one country. The raw materials for manufacturing come from another country. And when the shirt is completed, it’s distributed to a third country to […]
Ex-NSA Official Harry Coker Tapped for National Cyber Director Job
The Biden administration has nominated former Navy commander Harry Coker to replace the retired Chris Inglis. The post Ex-NSA Official Harry Coker Tapped for National Cyber Director Job appeared first on SecurityWeek.
CDI — Accelerated, award-winning digital transformation with VMware Technologies
Digitally transforming a business is never a “one size fits all” strategy. Every company has its unique challenges and must solve problems in ways that make sense for their business. CDI, a VMware partner and VMware Cross-Cloud Managed Services Provider, understands the difficulties facing businesses trying to digitally transform. “Organizations often want a digital transformation. […]
How digital humans can make healthcare technology more patient-centric
One of the biggest issues in healthcare is staffing shortages—and it impacts us all. While healthcare staffing challenges are not new, they are forecasted to reach crisis levels in the coming years. For nursing staff alone, the International Centre on Nurse Migration projects a 13 million shortage by 2030, an increase from 6 million pre-pandemic. And the World Health Organization […]
Microsoft Message Queuing Vulnerabilities Allow Remote Code Execution, DoS Attacks
Fortinet has published details on a series of critical- and high-severity vulnerabilities in the Microsoft Message Queuing service. The post Microsoft Message Queuing Vulnerabilities Allow Remote Code Execution, DoS Attacks appeared first on SecurityWeek.
Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI
Cyclops emerges from stealth mode with $6.4 million in seed funding and a generative AI-powered cybersecurity search platform. The post Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI appeared first on SecurityWeek.
Dozens of Organizations Targeted by Akira Ransomware
The Akira ransomware operators claim to have compromised 63 organizations since March 2023, mostly SMBs. The post Dozens of Organizations Targeted by Akira Ransomware appeared first on SecurityWeek.
Code Execution Vulnerability Impacts 900k MikroTik Devices
Over 900,000 devices are impacted by an arbitrary code execution vulnerability in MikroTik RouterOS. The post Code Execution Vulnerability Impacts 900k MikroTik Devices appeared first on SecurityWeek.
Russian Cybersecurity Firm Founder Jailed for 14 Years
Russia has sentenced Ilya Sachkov, co-founder of the Group-IB cybersecurity firm, to 14 years in prison on treason charges. The post Russian Cybersecurity Firm Founder Jailed for 14 Years appeared first on SecurityWeek.
CISO Conversations: Field CISOs From VMware Carbon Black and NetSPI
SecurityWeek talks to Field CISOs, Fawaz Rasheed (VMware Carbon Black) and Nabil Hannan (NetSPI), about this emerging role. The post CISO Conversations: Field CISOs From VMware Carbon Black and NetSPI appeared first on SecurityWeek.
A forensic look into cloud success with Broadcom’s Andy Nallappan
Companies moving to the cloud often find themselves at a crossroads near the midpoint of their migrations, spending more than they intended and getting less than they hoped. Often that’s because their IT organization isn’t equipped with the culture, mindset, and skills necessary to capitalize on the cloud. Andy Nallappan has had a long career in […]
Dr. Pankaj Setia on the challenges that will redefine CIOs’ careers
Dr Setia, also the chairperson of the centre for digital transformation at the business school, teaches graduate-level courses on the leadership of digital organizations, strategic management of digital innovations, and digital transformation. He has previously taught for many years at Michigan State University and the University of Arkansas in the US. According to Dr Setia, […]
Real estate CIOs drive deals with data
The residential real estate industry may not be perceived to be as digitally aggressive as Wall Street titans and multinational manufacturing conglomerates. But in reality, some of the largest, most established realty franchises, such as Re/Max and Keller Williams, have made all the right moves, pursuing digital transformations built on the cloud and primed to […]
Alphabet bets on generative AI as cloud boosts Q2 revenue
Alphabet on Tuesday reported a 7% increase in revenue for the quarter ended June driven by the growth in its cloud computing division, Google Cloud. The company posted revenue of $74.6 billion compared to $69.7 billion in the corresponding period last year. Net income for the company rose to $18.36 billion from $16 billion during […]
How IT leaders are driving new revenue
Sandwich-focused restaurant franchise Subway has some 37,000 locations worldwide, each of which faces a unique combination of factors, such as local competition and customer demographics, that impact sales and profitability. But Donagh Herlihy, the company’s chief digital and information officer, has a corporate-level solution to help each individual store determine “the sweet spot of pricing” […]
Physical experience, digital convenience: The future of retail
The future of retail is “phygital,” as every retail and ecommerce publication on the internet is screaming right now. If you’ve never heard the term before, it’s a portmanteau of “physical” and “digital” – and represents the merging of the two forms of retail and shopping. Physical retail and ecommerce are increasingly blending together – […]
Why entrepreneurs claim there’s no better place to do business than Puerto Rico
After graduating from Universidad Politécnica de Puerto Rico with a degree in computer engineering, Alberto Lugo knew he wanted to be an entrepreneur, and he knew that he wanted to build his company on the island. A college internship in Puerto Rico with Microsoft gave him the spark of an idea, and after working for […]
Maritime Cyberattack Database Launched by Dutch University
The NHL Stenden University of Applied Sciences in the Netherlands has launched MCAD, the Maritime Cyber Attack Database. The post Maritime Cyberattack Database Launched by Dutch University appeared first on SecurityWeek.
Webinar Tomorrow: Exposing Common Myths of OT Cybersecurity
Join SecurityWeek and TXOne Networks for this webinar as we expose common misconceptions surrounding the security of Operational Technology (OT) and dive into the evolving threat landscape. The post Webinar Tomorrow: Exposing Common Myths of OT Cybersecurity appeared first on SecurityWeek.
TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems
TETRA:BURST – vulnerabilities in widely used radio standard could threaten military and law enforcement communications, as well as ICS. The post TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems appeared first on SecurityWeek.
Thales Acquiring Imperva From Thoma Bravo for $3.6 Billion
French aerospace, defense, and security giant Thales is acquiring cybersecurity firm Imperva from Thoma Bravo in a $3.6 billion deal. The post Thales Acquiring Imperva From Thoma Bravo for $3.6 Billion appeared first on SecurityWeek.
Salesforce updates its Commerce Cloud with digital commerce capabilities
Salesforce is adding new features to its Commerce Cloud that will help organizations embed digital commerce capabilities into sales, service, or marketing processes to drive more revenue, the company said on Tuesday. The Commerce Cloud is a product suite aimed at helping organizations create unified buying experiences for their customers across channels, including mobile, social, […]
AMD CPU Vulnerability ‘Zenbleed’ Can Expose Sensitive Information
AMD has released microcode patches to address Zenbleed, a vulnerability in its Zen 2 CPUs that can allow an attacker to access sensitive information. The post AMD CPU Vulnerability ‘Zenbleed’ Can Expose Sensitive Information appeared first on SecurityWeek.
The unsung skill too many IT leaders shortchange
When it comes to harvesting full value from the rich set of technologies available to every organization, communications skills are probably not on every IT leader’s short list of essential capabilities. Technical skills, for sure. Integration? No doubt. But full spectrum communication skills — that is, oral, written, and digital/social — are almost as essential, […]
7 IT delegation mistakes to avoid
CIOs are burdened with far too many responsibilities for a single individual to competently or productively handle on their own. That’s why it’s important to know how to efficiently delegate tasks to carefully selected team members. Unfortunately, many CIOs are reluctant to assign any important task to a subordinate, believing that the job may not […]
Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government
An Ivanti EPMM product zero-day vulnerability tracked as CVE-2023-35078 has been exploited in an attack aimed at the Norwegian government. The post Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government appeared first on SecurityWeek.
Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks
Apple patches another zero-day flaw used in the ‘Operation Triangulation’ exploit chain. iOS and macOS-powered devices are affected. The post Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks appeared first on SecurityWeek.
Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab
100% key capture rate and successful ransomware decryption shows progress in ransomware defense capabilities. The post Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab appeared first on SecurityWeek.
OneTrust Raises $150 Million at $4.5 Billion Valuation
Privacy management solutions provider OneTrust raises $150 million at a $4.5 billion valuation. The post OneTrust Raises $150 Million at $4.5 Billion Valuation appeared first on SecurityWeek.
MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows
Experts believe the Cl0p ransomware gang could earn as much as $100 million from the MOVEit hack, with the number of confirmed victims approaching 400. The post MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows appeared first on SecurityWeek.
Cybersecurity Public-Private Partnership: Where Do We Go Next?
Sharing threat information and cooperating with other threat intelligence groups helps to strengthen customer safeguards and boosts the effectiveness of the cybersecurity sector overall. The post Cybersecurity Public-Private Partnership: Where Do We Go Next? appeared first on SecurityWeek.
Los Angeles SIM Swapper Pleads Guilty to Cybercrime Charges
Amir Golshan, of Los Angeles, pleaded guilty to perpetrating multiple cybercrime schemes using SIM swapping. The post Los Angeles SIM Swapper Pleads Guilty to Cybercrime Charges appeared first on SecurityWeek.
Over 20,000 Citrix Appliances Vulnerable to New Exploit
Over 20,000 appliances are vulnerable to a new exploit technique targeting a recent Citrix ADC zero-day vulnerability CVE-2023-3519. The post Over 20,000 Citrix Appliances Vulnerable to New Exploit appeared first on SecurityWeek.
Perimeter81 Vulnerability Disclosed After Botched Disclosure Process
Cybersecurity firm Perimeter81 appears to have botched the responsible disclosure process for a privilege escalation vulnerability found in its macOS application. The post Perimeter81 Vulnerability Disclosed After Botched Disclosure Process appeared first on SecurityWeek.
Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo
Atlassian patches high-severity remote code execution vulnerabilities in Confluence and Bamboo products. The post Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo appeared first on SecurityWeek.
LaLiga transforms fan experience with AI
IT is playing a key role in how the world’s most popular sport is played and experienced in Spain. The country’s premier football division, LaLiga, is leveraging artificial intelligence and machine learning (ML) to deliver new insights to players and coaches, and to transform how fans enjoy and understand the game. The transformation, which started […]
Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies
The China-linked cyberspy group APT31 is believed to be behind a data-theft campaign targeting industrial organizations in Eastern Europe. The post Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies appeared first on SecurityWeek.
Optimizing IT resources through infrastructure, people, and processes
According to McKinsey, the goal of digital transformation is to build a competitive advantage by continuously deploying tech at scale to improve customer experience and lower costs. Amid today’s uncertain economy, digital transformation is arguably more important than ever to remain afloat, not just competitive. EY recently found that in current economic and financial uncertainty, […]
Taking a page from the B2C book to improve B2B product user experience
When you think of B2B products, chances are you don’t picture the seamless, intuitive user experience that comes alongside the best of B2C products. Most enterprise products have a reputation for being complex and versatile, but not simple and universal. While B2B user experience focuses on providing in-depth content and adaptability, the B2C user experience […]
How automation enables better data governance
According to IBM, every day people create an estimated 2.5 quintillion bytes of new data (that’s 2.5 followed by 18 zeros!). More than 60% of corporate data is unstructured, according to AIIM, and a significant amount of this unstructured data is in the form of non-traditional “records,” like text and social media messages, audio files, […]
3 benefits of engaging hyperscalers when evaluating SAP RISE
Since SAP RISE came to the market, it seems that SAP’s goal is to force organizations into a relatively unproven and inflexible RISE model. To do so, they are obfuscating reality, limiting transparency, and changing their historic business practices to make RISE appear financially superior to the traditional perpetual license models. Because of the way […]
Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails
Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online. The post Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails appeared first on SecurityWeek.
Google Creates Red Team to Test Attacks Against AI Systems
Google has created a dedicated AI Red Team tasked with carrying out complex technical attacks on artificial intelligence systems. The post Google Creates Red Team to Test Attacks Against AI Systems appeared first on SecurityWeek.
Russia Seeks 18 Years in Jail for Founder of Cybersecurity Firm
A Russian prosecutor requested an 18-year prison sentence for Ilya Sachkov, founder of cybersecurity firm Group-IB. The post Russia Seeks 18 Years in Jail for Founder of Cybersecurity Firm appeared first on SecurityWeek.
In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 17, 2023. The post In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware appeared first on SecurityWeek.
OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers
Three vulnerabilities in Apache OpenMeetings could be exploited by attackers to take over an administrator account and execute arbitrary code remotely. The post OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers appeared first on SecurityWeek.
GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees
North Korean hackers are targeting employees at technology firms with repository invitations and malicious NPM packages. The post GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees appeared first on SecurityWeek.
Tech Titans Promise Watermarks to Expose AI Creations
Amazon, Google, Meta, Microsoft, OpenAI and other tech firms have voluntary agreed to AI safeguards set by the White House. The post Tech Titans Promise Watermarks to Expose AI Creations appeared first on SecurityWeek.
VirusTotal Provides Clarifications on Data Leak Affecting Premium Accounts
VirusTotal has provided clarifications on the recent data leak that resulted in the exposure of information on 5,600 of the threat analysis service’s customers. The post VirusTotal Provides Clarifications on Data Leak Affecting Premium Accounts appeared first on SecurityWeek.
How real-time operational insights drive superior tech platform development
Software-as-a-Service (SaaS) and SaaS-based service solutions have emerged as powerful tools. They address increasingly complex business processes, tackling anything from specific single functions to entire client-vendor relationship networks. SaaS is quickly evolving, and specialization has led to sophisticated, industry-specific or process-specific solutions, which can come to represent industry best practices. So as organizations face evolving […]
Citrix Zero-Day Exploited Against Critical Infrastructure Organization
CISA says the new Citrix zero day vulnerability tracked as CVE-2023-3519 has been exploited against a critical infrastructure organization. The post Citrix Zero-Day Exploited Against Critical Infrastructure Organization appeared first on SecurityWeek.
Tampa General Hospital Says Patient Information Stolen in Ransomware Attack
Tampa General Hospital has started informing patients that their personal information was stolen in a ransomware attack. The post Tampa General Hospital Says Patient Information Stolen in Ransomware Attack appeared first on SecurityWeek.
4 CIOs on marketing IT’s value to the business
Perception matters, particularly for internal IT organizations. While CIOs may be acutely aware of the essential value their teams create, that value isn’t always evident to stakeholders and clients. We may hope that the work speaks for itself, but the reality is, IT leaders must communicate IT’s accomplishments in a way that people can understand […]
New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices
Two new serious vulnerabilities in AMI BMC, which is used by millions of devices, can allow attackers to take control of systems and cause physical damage. The post New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices appeared first on SecurityWeek.
Cracking the code: solving for 3 key challenges in generative AI
By Chet Kapoor, Chairman and CEO, DataStax Generative AI is on everyone’s mind. It will revolutionize how we work, share knowledge, and function as a society. Simply put, it will be the biggest innovation we will see in our lifetime. One of the biggest areas of opportunity is productivity. Think about where we’re at right […]
Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups
Estée Lauder has confirmed suffering a data breach just as two ransomware groups claimed to have targeted the company, both allegedly stealing vast amounts of information. The post Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups appeared first on SecurityWeek.
JumpCloud Cyberattack Linked to North Korean Hackers
SentinelOne has linked the recent JumpCloud cyberattack to North Korean hackers, based on the published IoCs. The post JumpCloud Cyberattack Linked to North Korean Hackers appeared first on SecurityWeek.
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability
Multiple DDoS botnets have been observed targeting CVE-2023-28771, a Zyxel firewall vulnerability patched in April. The post Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability appeared first on SecurityWeek.
Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis
While traditional security awareness teaches users how to recognize social engineering, new behavior changing trains the brain on the correct recognition and response to phishing. The post Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis appeared first on SecurityWeek.
New Ransomware With RAT Capabilities Impersonating Sophos
The recently discovered SophosEncrypt ransomware is impersonating the cybersecurity firm Sophos. The post New Ransomware With RAT Capabilities Impersonating Sophos appeared first on SecurityWeek.
10 Steps to Help Secure Your APIs
Securing APIs is a noble, though complex journey. Security teams can leverage these 10 steps to help secure their APIs. The post 10 Steps to Help Secure Your APIs appeared first on SecurityWeek.
P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers
The Rust-based peer-to-peer worm ‘P2PInfect’ is targeting a Lua sandbox escape vulnerability in internet-accessible Redis servers. The post P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers appeared first on SecurityWeek.
5 ways CIOs can help eliminate a culture of busyness
At the turn of the 20th century, economists predicted that living a life of leisure would be the ultimate aspiration for the elite. These same economists suggested that those who were able to take more time off from work would be considered the most successful. Now the inverse seems to be the case. Today, those […]
3 technology trends set to revolutionize retail
Few verticals have undergone as massive a change as retail in the last couple of years. Driven by cutthroat competition and significant shifts in customer expectations, retail companies are striving to align themselves with the changing landscape, with IT playing a crucial role in their ability to achieve this. To offer customers a shopping experience […]
Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities
Adobe releases a second round of patches for recent ColdFusion vulnerabilities, including flaws that have been exploited in attacks. The post Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities appeared first on SecurityWeek.
Famed Hacker Kevin Mitnick Dead at 59
Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer. At the time of his death, he was KnowBe4 Chief Hacking Officer. The post Famed Hacker Kevin Mitnick Dead at 59 appeared first on SecurityWeek.
Bulletproofing your threat surface with the Microsoft security ecosystem
Since Satya Nadella took the helm in 2014, Microsoft has doubled down on its support for non-Microsoft technologies. Its commitment to Linux turned what might have been a Windows Server-based cloud computing backwater into the Microsoft Azure powerhouse, the only public cloud to give the AWS juggernaut a serious run for its money. This “plays […]
Lexmark International’s Vishal Gupta on next gen tech leadership
As software and data move to the center of a company’s products and services, the background and skills of the executive leadership team must evolve. When IoT becomes the driver of a new solutions P&L, the general manager of that business will need more technology acumen than general managers of the past. And when software […]
Microsoft Bows to Pressure to Free Up Cloud Security Logs
Facing intense pressure after Chinese APT hack, Microsoft plans to expand logging defaults for lower-tier M365 customers. The post Microsoft Bows to Pressure to Free Up Cloud Security Logs appeared first on SecurityWeek.
BMC Helix: Huisman Equipment’s secret to a drastically improved HR experience
Nearly a century old, Huisman Equipment B.V. designs, manufactures, and services heavy construction equipment for a wide range of industries, including petroleum, renewable energy, naval fleets, and entertainment. The company has a global reputation for providing high-quality service, cost efficiency, and rapid time to value—all while ensuring compliance with relevant regulations as it delivers its […]
Recycling Giant Tomra Takes Systems Offline Following Cyberattack
Norwegian recycling giant Tomra says internal systems have been taken offline to contain an extensive cyberattack. The post Recycling Giant Tomra Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks
Over a dozen vulnerabilities patched by GE in its Cimplicity HMI/SCADA product are reminiscent of ICS attacks conducted by the Russian Sandworm group. The post Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks appeared first on SecurityWeek.
Virtual Event Today: 2023 Cloud & Data Security Summit
Register for the Cloud & Data Security Summit to learn how to utilize tools, controls, and design models needed to properly secure cloud environments. The post Virtual Event Today: 2023 Cloud & Data Security Summit appeared first on SecurityWeek.
Two Jira Plugin Vulnerabilities in Attacker Crosshairs
Attackers are exploiting two path traversal vulnerabilities in the Stagil navigation for Jira – Menus & Themes plugin. The post Two Jira Plugin Vulnerabilities in Attacker Crosshairs appeared first on SecurityWeek.
Oracle Releases 508 New Security Patches With July 2023 CPU
Oracle has released 508 new security patches as part of the July 2023 CPU, including more than 70 that address critical vulnerabilities The post Oracle Releases 508 New Security Patches With July 2023 CPU appeared first on SecurityWeek.
Security Awareness Training Isn’t Working – How Can We Improve It?
Security awareness training isn’t working to the level it needs to. Social engineering, however, is getting better. Why doesn’t awareness training work, and how can we improve it? The post Security Awareness Training Isn’t Working – How Can We Improve It? appeared first on SecurityWeek.
Dissecting Alstom’s three-part IT strategy
Alstom builds high-speed trains, subways, monorails, and trams, but also develops turnkey systems, services, infrastructure, signaling, and digital mobility. And with a presence in 70 countries and around 74,000 employees, 3,100 of which are in Spain, the French multinational has important weight in the country, where it introduced a high-speed train, the first automatic metro, […]
Empowering citizen developers for real business impact
Given the important role of software applications in powering business processes and the shortage of experienced programmers, it should not be surprising that citizen development is on the rise. Citizen developers are business users who build new applications or modify existing ones without needing help from the IT or development functions. While it’s one thing to have […]
Exploitation of New Citrix Zero-Day Likely to Increase, Organizations Warned
Citrix has patched several vulnerabilities, including CVE-2023-3519, a critical remote code execution zero-day that has been exploited in attacks. The post Exploitation of New Citrix Zero-Day Likely to Increase, Organizations Warned appeared first on SecurityWeek.
Chrome 115 Patches 20 Vulnerabilities
Chrome 115 released with patches for 20 vulnerabilities, including 11 reported by external researchers, who earned thousands of dollars in bug bounties. The post Chrome 115 Patches 20 Vulnerabilities appeared first on SecurityWeek.
US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa
The two foreign companies are being sanctioned for “for trafficking in cyber exploits used to gain access to information systems.” The post US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa appeared first on SecurityWeek.
CIOs are bullish on the possibilities for generative AI: report
CIOs are increasing their overall uptake of generative AI, pushing AI from its current role in isolated pockets of the enterprise into more organization-wide uptake and speeding the adoption of the technology across new industries, a new survey found. The survey, published today by MIT Technology Review Insights and sponsored by enterprise data management company […]
Is PC-as-a-Service part of your hybrid work strategy?
If someone told you a decade ago that deploying IT services would be more like streaming video content than the traditional procurement and provisioning process, you probably wouldn’t have believed them. Right? Enterprises have been evolving toward as-a-Service models for years, but most of this transition has been executed in software, via SaaS and other […]
Microsoft offers Dynamics users fresh incentives to move to the cloud
Microsoft unveiled a new incentive program on Tuesday to help enterprises still running its Dynamics ERP and CRM software on premises to move to the cloud. The Accelerate, Innovate, and Move program (AIM) covers a broad range of on-premises business applications, including Dynamics AX, Dynamics CRM, Dynamics GP, Dynamics NAV, Dynamics SL, and Dynamics 365 […]
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme
Olalekan Jacob Ponle, a Nigerian national living in the UAE, was sentenced to 8 years in a US prison for his role in an $8 million BEC scheme. The post Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme appeared first on SecurityWeek.
NSA, CISA Issue Guidance on 5G Network Slicing Security
The NSA and CISA have published guidance on hardening 5G standalone network slices against potential threats. The post NSA, CISA Issue Guidance on 5G Network Slicing Security appeared first on SecurityWeek.
Data center investments simplify IT and cloud modernization
HPE Aruba Networking is coming off a very strong Q2 2023 with our Intelligent Edge revenue reaching $1.3 billion, up 50% from the prior-year period. We have invested in the areas of security and private 5G with two recent acquisitions that expand our edge-to-cloud portfolio to meet the needs of organizations as they increasingly migrate from […]
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware
A threat actor’s real identity was uncovered after they infected their own computer with an information stealer. The post Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware appeared first on SecurityWeek.
WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin
Attackers have started exploiting CVE-2023-28121, a recent critical vulnerability in the WooCommerce Payments WordPress plugin. The post WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin appeared first on SecurityWeek.
White House Unveils Cybersecurity Labeling Program for Smart Devices
New US cyber program will label smart devices that are considered safer and less vulnerable to attacks. The post White House Unveils Cybersecurity Labeling Program for Smart Devices appeared first on SecurityWeek.
Netcraft Raises $100M, Hires New CEO for Global Expansion
The British company secures $100 million in funding and announced the hiring of a new chief executive to pursue global expansion plans. The post Netcraft Raises $100M, Hires New CEO for Global Expansion appeared first on SecurityWeek.
Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat
Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of UK telecoms firm TalkTalk. In 2019 he was convicted and sentenced to four years in prison. The post Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat appeared first on SecurityWeek.
Hard-earned advice for nurturing high-performing IT teams
We talk a lot in the IT press about maximizing the benefits of software, hardware, and emerging technologies to create business value. What we don’t spend enough time on is discussing how we can maximize the value of our most precious resource: our people. The care and retention of IT staff should be viewed as […]
Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks
At least two new Adobe ColdFusion vulnerabilities have been exploited in the wild, including one that has not been completely patched by the software giant. The post Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks appeared first on SecurityWeek.
A Disturbing Trend in Ransomware Attacks: Legitimate Software Abuse
When discussing ransomware groups, too often the focus is on their names, such as Noberus, Royal or AvosLocker, rather than the tactics, techniques, and procedures (TTPs) used in an attack before ransomware is deployed. For example, the particularly heavy use of legitimate software tools in ransomware attack chains has been notable in recent times. In […]
Norway Threatens $100,000 Daily Fine on Meta Over Data
Norway’s data protection agency wants to ban Facebook and Instagram owner Meta from using the personal information of users for targeted advertising, threatening a $100,000 daily fine if the company continues. The post Norway Threatens $100,000 Daily Fine on Meta Over Data appeared first on SecurityWeek.
How SAP changed Carl Zeiss AG’s view of optical product manufacturing
It’s 1857 in Jena, Germany, and you want a microscope—but not just any. You’ve set your sights on owning the finest instrument anywhere. And you know where to go. A retail shop has just opened at Johannisplatz square 10 in Jena—home to Carl Zeiss. When Carl Zeiss produced his microscope prototype years earlier, he created a […]
Generac powers business transformation with data, AI
Being a company’s first CIO provides room to make your mark, and Generac Power Systems’ Tom Dickson has done just that, moving swiftly to help transform the backup generator manufacturer into an energy technology company. Dickson, who joined the Wisconsin-based company in 2020, has launched PowerInsights, a homegrown digital platform that employs IoT and […]
Embracing Consolidation and Squashing Silos
While silos pose significant dangers to an enterprise’s cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency, incident response capabilities, and risk management. The post Embracing Consolidation and Squashing Silos appeared first on SecurityWeek.
How to manage cloud exploitation at the edge
Small- and medium-sized businesses and enterprises have accelerated their move into the cloud since the global pandemic. The Infrastructure-as-a-Service (IaaS) cloud computing model enables remote working, supports digital transformation, provides scale, increases resilience, and can reduce costs. However, this shift requires a thorough understanding of the security implications and how a business can protect its […]
Owner of Cybercrime Website BreachForums Pleads Guilty
Conor Brian Fitzpatrick, the owner of the infamous cybercrime website BreachForums, has pleaded guilty in a US court. The post Owner of Cybercrime Website BreachForums Pleads Guilty appeared first on SecurityWeek.
CIO playbook: Rebalancing your portfolio in a multicloud world
Financial investors perform a fascinating, yet delicate dance. Consider assets such as stocks. To weather volatile stock markets, investors rebalance their portfolios often, dumping some stocks while picking up others based on trends. Professional investors factor in certain financial targets and risk tolerance as they pursue maximum ROI. IT leaders can relate to this dance. […]
Leverage Avaya’s Expertise in AI-driven CX Innovation
In the realm of dynamic enterprise architecture, the potential of AI to drive innovation is increasingly recognized, though still a considerable undertaking for many large enterprises, especially those with intricate on-premises environments. Ericsson IndustryLab’s recent study notes that over half of such organizations are still struggling to fully integrate and exploit AI, with projects initiated as many as 5-7 years […]
MOVEit Hack: Number of Impacted Organizations Exceeds 340
The number of entities impacted by the MOVEit hack — either directly or indirectly — reportedly exceeds 340 organizations and 18 million individuals. The post MOVEit Hack: Number of Impacted Organizations Exceeds 340 appeared first on SecurityWeek.
JumpCloud Says Sophisticated Nation-State Hackers Targeted Specific Customers
JumpCloud says a sophisticated nation-state threat actor breached its systems, targeting specific customers. The post JumpCloud Says Sophisticated Nation-State Hackers Targeted Specific Customers appeared first on SecurityWeek.
Havmor’s VP IT Dhaval Mankad on ‘melting’ hurdles with a scoop of digital innovation
Selling sweet treats to millions of Indians since 1944, India’s beloved ice-cream brand, Havmor (now part of Korean conglomerate LOTTE), has grown beyond its humble beginnings to stupefying heights. While several factors have contributed to its success, it is apparent that without a secure technological backbone, this business would not reach the magnitude that it […]
SecurityWeek Analysis: Over 210 Cybersecurity M&A Deals Announced in First Half of 2023
An analysis conducted by SecurityWeek shows that more than 210 cybersecurity-related mergers and acquisitions were announced in the first half of 2022. The post SecurityWeek Analysis: Over 210 Cybersecurity M&A Deals Announced in First Half of 2023 appeared first on SecurityWeek.
What the CIO role will look like in 2026
Despite characterizations of the modern CIO as a straight-up business leader and strategist, many CIOs still spend the bulk of their time on technical issues. Many IT leaders today are focused more on security management as well as improving IT operations and systems performance than they are on top-line and strategic activities such as driving […]
Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw
Adobe patches critical code execution vulnerability in ColdFusion for which a proof-of-concept (PoC) blog exists. The post Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw appeared first on SecurityWeek.
Top 5 Features your ITSM Solution Should Have
Efficiently managing IT services is crucial for businesses of all sizes to remain competitive and meet user expectations. To guide technology leaders in making informed decisions about IT service management (ITSM) solutions, this article reveals the top five functionalities you need to deliver exceptional service to end-users. Throughout our time matching organizations with IT software […]
Industry Reactions to EU-US Data Privacy Framework: Feedback Friday
Feedback Friday: industry professionals comment on the implications of the recently approved EU-US Data Privacy Framework. The post Industry Reactions to EU-US Data Privacy Framework: Feedback Friday appeared first on SecurityWeek.
Zluri Raises $20 Million for SaaS Management Platform
SaaS management platform Zluri has raised $20 million in a Series B funding round led by Lightspeed. The post Zluri Raises $20 Million for SaaS Management Platform appeared first on SecurityWeek.
In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 10, 2023. The post In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks appeared first on SecurityWeek.
Critical Cisco SD-WAN Vulnerability Leads to Information Leaks
A critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances. The post Critical Cisco SD-WAN Vulnerability Leads to Information Leaks appeared first on SecurityWeek.
Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability
Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had exploited a zero-day vulnerability. The post Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability appeared first on SecurityWeek.
Secure Code Warrior Raises $50 Million to Help Developers Write Secure Code
Secure Code Warrior has raised $50 million in Series C funding to further empower developers to address code vulnerabilities. The post Secure Code Warrior Raises $50 Million to Help Developers Write Secure Code appeared first on SecurityWeek.
Should you build or buy generative AI?
Whether it’s text, images, video or, more likely, a combination of multiple models and services, taking advantage of generative AI is a ‘when, not if’ question for organizations. Since the release of ChatGPT last November, interest in generative AI has skyrocketed. It’s already showing up in the top 20 shadow IT SaaS apps tracked by […]
How Avnet accelerates its product design process
As a 2023 CIO100 winner, Avnet Inc., the Arizona-based electronic component distributor, has distinguished itself with groundbreaking projects that leverage established and emerging tech to up productivity and efficiency, and to generally do things differently. Avnet’s Design Hub is one example. According to Max Chan, the company’s CIO, the supply chain and supply chain management […]
What is change management? A guide to organizational transformation
What is the main purpose of change management? In modern IT, change management has many different guises. Project managers view change management as the process used to obtain approval for changes to the scope, timeline, or budget of a project. Infrastructure professionals consider change management to be the process for approving, testing, and installing a […]
US Publishes Implementation Plan for National Cybersecurity Strategy
The Biden-Harris administration has laid out the plan for implementing the National Cybersecurity Strategy. The post US Publishes Implementation Plan for National Cybersecurity Strategy appeared first on SecurityWeek.
Google Researchers Discover In-the-Wild Exploitation of Zimbra Zero-Day
Google researchers have discovered that a Zimbra zero-day vulnerability has been exploited in the wild, with users being advised to manually patch their installations. The post Google Researchers Discover In-the-Wild Exploitation of Zimbra Zero-Day appeared first on SecurityWeek.
Why is Salesforce hiking prices, and how does it affect customers?
Salesforce’s decision to raise the price of its software products starting in August can be attributed to a combination of factors, including inflation and pressure to fuel revenue after a pause in price hikes during the pandemic period — issues that are affecting other major technology suppliers, analysts said. “We have seen a general rise […]
Sustainable IT: A crisis needing leadership and change
As demand for computing power continues to rise, the environmental impact of technology cannot be ignored. We recently held our annual corporate conference addressing many subjects top of mind with IT leaders and it came as no surprise that a session on sustainability was one of the most attended. As technology innovators, we all must […]
API Flaw in QuickBlox Framework Exposed PII of Millions of Users
QuickBlox SDK and API vulnerabilities impact chat and video applications used by industries including telemedicine, smart IoT, and finance. The post API Flaw in QuickBlox Framework Exposed PII of Millions of Users appeared first on SecurityWeek.
Cisco Shopping Spree Adds Oort ID Threat Detection Tech
The planned Oort purchase is Cisco’s fourth acquisition of a cybersecurity company in the first half of 2023. The post Cisco Shopping Spree Adds Oort ID Threat Detection Tech appeared first on SecurityWeek.
Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations
Cybersecurity company Armis has identified several vulnerabilities in Honeywell ICS products that could expose industrial organizations to attacks. The post Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations appeared first on SecurityWeek.
BlackLotus UEFI Bootkit Source Code Leaked on GitHub
The source code for the BlackLotus UEFI bootkit has been leaked on GitHub and an expert has issued a warning over the risks. The post BlackLotus UEFI Bootkit Source Code Leaked on GitHub appeared first on SecurityWeek.
Popular WordPress Security Plugin Caught Logging Plaintext Passwords
The All-In-One Security (AIOS) WordPress plugin was found to be writing plaintext passwords to log files. The post Popular WordPress Security Plugin Caught Logging Plaintext Passwords appeared first on SecurityWeek.
3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say
A group of congressional Democrats reported that three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at least two years. The post 3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say appeared first on SecurityWeek.
Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue
Apple has re-released its Rapid Security Response updates for iOS and macOS after fixing a website access issue caused by the original patches. The post Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue appeared first on SecurityWeek.
Juniper Networks Patches High-Severity Vulnerabilities in Junos OS
Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space. The post Juniper Networks Patches High-Severity Vulnerabilities in Junos OS appeared first on SecurityWeek.
SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products
SonicWall patches four critical-severity vulnerabilities in its Global Management System (GMS) and Analytics products. The post SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products appeared first on SecurityWeek.
What legacy tech teaches IT leaders about projects that last
Modernization and transformation are the IT imperatives of the day. Rationalizing applications, reinventing business processes, capitalizing on the cloud — all point to legacy systems as the dead weight and sunk costs modern day IT organizations must move beyond to reach their digital potential. As an IT professional, I too have at times thought about […]
9 tips for recruiting high-end IT talent
Recruiting and hiring high-end IT talent is among the most challenging tasks IT leaders face today. Even amid headlines announcing massive layoffs at tech companies, persuading change-making tech professionals to take up residence at your firm can feel nearly impossible. “The IT skills shortage is critical, with CIOs losing talented employees faster than they […]
APT Exploit Targeting Rockwell Automation Flaws Could Threaten Critical Infrastructure
Two Rockwell Automation product vulnerabilities have been used for a new exploit by an APT group that could use it to target critical infrastructure. The post APT Exploit Targeting Rockwell Automation Flaws Could Threaten Critical Infrastructure appeared first on SecurityWeek.
Orca Sues Wiz Over Alleged Cloud Security Patent Violations
Orca Security sues its main rival, claiming patent infringements, intellectual property theft and even marketing copycat behavior. The post Orca Sues Wiz Over Alleged Cloud Security Patent Violations appeared first on SecurityWeek.
5 Zero Trust and SASE trends for CISOs to watch
Last week, I attended the annual Gartner® Security and Risk Management Summit. The event gave Chief Information Security Officers (CISOs) and other security professionals the opportunity to share concerns and insights about today’s most pressing issues in cybersecurity and risk management. While every situation is unique, there are two topics our conversations always seemed to […]
China-based hackers accessed US federal executive branch emails
Microsoft has disclosed that that a cyberattack by a China-based “nation state actor” managed to access email hosted on Exchange Online and Outlook.com belonging to about 25 organizations, including government agencies. Mitigation of the attack is complete, according to a statement from Microsoft, which blamed a threat actor tracked by the company as Storm-0558. That actor, […]
When will AI usher in a new era of manufacturing?
Manufacturing processes are industry dependent, and even within a sector, they often differ from one company to another. However, some things are common to virtually all types of manufacturing: expensive equipment and trained human operators are always required, and both the machinery and the people need to be deployed in an optimal manner to keep […]
Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies
Bugcrowd’s Inside the Mind of the Hacker report shows the speed and efficiency of hackers adopting new technologies to assist their hunting The post Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies appeared first on SecurityWeek.
Hardcoded Accounts Allow Full Takeover of Technicolor Routers
Multiple hardcoded accounts on the Technicolor TG670 DSL gateway router can be used to completely take over the impacted devices. The post Hardcoded Accounts Allow Full Takeover of Technicolor Routers appeared first on SecurityWeek.
Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails
Microsoft says a Chinese cyberespionage group tracked as Storm-0558 has used forged authentication tokens to access government emails. The post Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails appeared first on SecurityWeek.
Citrix Patches Critical Vulnerability in Secure Access Client for Ubuntu
Citrix has patched a critical-severity vulnerability in Secure Access client for Ubuntu that could lead to remote code execution (RCE). The post Citrix Patches Critical Vulnerability in Secure Access Client for Ubuntu appeared first on SecurityWeek.
CISO Conversations: CISOs of Identity Giants IDEMIA and Ping
CISO Conversations talks to Dennis Kallelis (CSO at Idemia) and Jason Kees (CISO at Ping), two of industry’s identity giants. The idea, as always, is to discuss the role of the modern CISO. The post CISO Conversations: CISOs of Identity Giants IDEMIA and Ping appeared first on SecurityWeek.
Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution
Fortinet patches a critical-severity vulnerability in FortiOS and FortiProxy that could lead to remote code execution. The post Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution appeared first on SecurityWeek.
MOVEit: Testing the Limits of Supply Chain Security
The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise. The post MOVEit: Testing the Limits of Supply Chain Security appeared first on SecurityWeek.
Microsoft Revokes Many Signed Drivers Used by Chinese Cybercriminals
Microsoft has revoked signed drivers used for post-exploitation activity, in many cases by Chinese cybercriminals. The post Microsoft Revokes Many Signed Drivers Used by Chinese Cybercriminals appeared first on SecurityWeek.
TIAA’s Sastry Durvasula on advancing AI horizons
The Teachers Insurance and Annuity Association of America (TIAA) has grown over the course of a century into a $40 billion organization with $1.2 trillion in assets under management serving the financial needs of people at more than 15,000 institutions across academia, government, medicine, cultural, and other non-profit organizations. But all that didn’t phase Sastry […]
SAP Patches Critical Vulnerability in ECC and S/4HANA Products
SAP on July 2023 Security Patch Day released 16 new security notes, including one addressing a critical vulnerability in ECC and S/4HANA (IS-OIL). The post SAP Patches Critical Vulnerability in ECC and S/4HANA Products appeared first on SecurityWeek.
3 principles for regulatory-grade large language model application
In recent years, we have witnessed a tidal wave of progress and excitement around large language models (LLMs) such as ChatGPT and GPT-4. These cutting-edge models can potentially transform industries, especially in regulated sectors like healthcare and life sciences, where they could be used for drug discovery, clinical trial analysis, improved diagnostics, personalized patient care, […]
Microsoft Warns of Office Zero-Day Attacks, No Patch Available
Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite. The post Microsoft Warns of Office Zero-Day Attacks, No Patch Available appeared first on SecurityWeek.
Former Security Engineer Arrested for $9 Million Crypto Exchange Hack
Former security engineer Shakeeb Ahmed has been arrested on charges related to the defrauding of decentralized crypto exchange Crema Finance. The post Former Security Engineer Arrested for $9 Million Crypto Exchange Hack appeared first on SecurityWeek.
Apple’s Rapid Security Response Patches Are Breaking Websites
Apple has pulled its latest Rapid Security Response updates for iOS and macOS after users complained that they can no longer access websites. The post Apple’s Rapid Security Response Patches Are Breaking Websites appeared first on SecurityWeek.
3 tough decisions for IT leaders to achieve a successful digital transformation
The digital transformation journey for any enterprise is protracted and complex. Technology leaders often underestimate the complications associated with it. For such initiatives to conclude successfully, enterprise technology decision makers must overcome inertia, build momentum, and bring about changes across their large organizations. To bring about enterprise-wide changes, CIOs at times need to take tough […]
Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion
Software maker calls special attention to CVE-2023-29300, a deserialization of untrusted data bug with a CVSS severity score of 9.8/10. The post Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion appeared first on SecurityWeek.
SaaS Application Security Firm Savvy Exits Stealth Mode With $30 Million in Funding
Savvy emerges from stealth mode with $30 million in funding, on path to secure the use of software-as-a-service (SaaS) applications. The post SaaS Application Security Firm Savvy Exits Stealth Mode With $30 Million in Funding appeared first on SecurityWeek.
One weird trick to accelerate your organization’s generative AI strategy
Bryan Kirschner, Vice President, Strategy at DataStax Ignoring the potential of generative AI to increase productivity is a surefire way to fall behind as an individual, a team, and an organization. You should put it to work as an “eager intern” or “autonomous agent” (or both) ASAP. But positioning yourself, your team, and your organization […]
New world, new CIO: How emerging realities are shaping the CIO’s job
In a relatively brief time span, technologies like cloud, edge computing, artificial intelligence, and IoT have taken center stage, and new innovative technologies keep emerging. We’re now navigating a technological landscape that’s growing exponentially more complex and rapidly changing, one that increasingly exceeds the ability of human intelligence to keep pace. This landscape is characterized […]
ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities
ICS Patch Tuesday: Siemens and Schneider Electric release nine new security advisories and fix 50 vulnerabilities in their industrial products. The post ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities appeared first on SecurityWeek.
The power of collaboration: SAP celebrates its innovation award winners
Better together In a time when organizations can seamlessly access the cloud to unearth tools like analytics and artificial intelligence (AI), “collaboration with customers and partners around the globe can drive sustainable, impactful innovation,” Timo Elliott, SAP’s global head of partner digital selling and marketing director, told the audience. Let’s think about the recent past – companies […]
Verifying Software Integrity With Sigstore
Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development. The post Verifying Software Integrity With Sigstore appeared first on SecurityWeek.
Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare
HCA Healthcare says the personal information of roughly 11 million patients was stolen in a data breach. The post Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare appeared first on SecurityWeek.
Russia-Linked RomCom Hackers Targeting NATO Summit Guests
A recent RomCom cyber operation has been targeting NATO Summit guests and other entities supporting Ukraine. The post Russia-Linked RomCom Hackers Targeting NATO Summit Guests appeared first on SecurityWeek.
How Investec marries foundational and pioneering tech forces
As CIO of Anglo-South African international banking and wealth management group, Investec, Shabhana Thaver has a multi-purpose approach to tech trends. On the one hand, there are foundational forces, which protect the existing business and include talent, information security and modernization. Then, on the other, there are pioneering forces, which drive business growth and include […]
7 IT consultant tricks CIOs should never fall for
Consultants aren’t always held in the highest regard. The 90% who are bad, the old joke goes, ruin it for the rest of us. Knowing the 90%’s tricks of the trade is the canny CIO’s first line of defense. Here are seven of the most pernicious consulting misdeeds you will encounter as an IT leader. […]
Apple Ships Urgent iOS Patch for WebKit Zero-Day
Apple rolls out urgent iOS and iPadOS software updates and warned that zero-day exploitation has already been detected. The post Apple Ships Urgent iOS Patch for WebKit Zero-Day appeared first on SecurityWeek.
3 examples of organizations improving CX with self-composed AI
Most business leaders don’t need convincing about the power of AI: nearly 60% surveyed last year by Zendesk said they plan to increase their investment by at least 25% this year. The most powerful applications of AI help organizations do more with less without compromising – rather in many cases enhancing – their customer experience, from AI-powered bots that accelerate problem […]
Exploit Code Published for Remote Root Flaw in VMware Logging Software
VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. The post Exploit Code Published for Remote Root Flaw in VMware Logging Software appeared first on SecurityWeek.
With greater personalisation comes greater security
It can often feel as though trust and authenticity are in short supply these days. As we all know, content is becoming easier to create, manipulate and disseminate. Technology, such as Generative AI, has given marketers the power to create more engaging and uniquely personal offerings. This has reinforced concerns around data privacy and security. […]
Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US
The EU signed off on a new agreement over the privacy of people’s personal information that gets pinged across the Atlantic, aiming to ease European concerns about electronic spying by American intelligence agencies. The post Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US appeared first on […]
TPG to Acquire Forcepoint’s Government Cybersecurity Business Unit
Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion. The post TPG to Acquire Forcepoint’s Government Cybersecurity Business Unit appeared first on SecurityWeek.
Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack
Critical infrastructure services provider Ventia has taken some systems offline following a cyberattack. The post Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack appeared first on SecurityWeek.
A Cybersecurity Wish List Ahead of NATO Summit
Assuming NATO can play a greater part in the cybersecurity of its members, possibly through a more formal NATO Cyber Command, the question then becomes ‘what should we hope for?’ The post A Cybersecurity Wish List Ahead of NATO Summit appeared first on SecurityWeek.
Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence
Industrial giant Honeywell wants to extend its OT cybersecurity portfolio with the acquisition of Israel-based OT/IoT security firm SCADAfence. The post Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence appeared first on SecurityWeek.
PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability
PoC exploit has been published for a recently patched Ubiquiti EdgeRouter vulnerability leading to arbitrary code execution. The post PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability appeared first on SecurityWeek.
Edmunds sets stage for AI with data infrastructure consolidation
For a decade, Edmunds, an online resource for automotive inventory and information, has been struggling to consolidate its data infrastructure. Now, with the infrastructure side of its data house in order, the California-based company is envisioning a bold new future with AI and machine learning (ML) at its core. “We’ve solved most of the consolidation […]
6 business execs you’ll meet in hell — and how to deal with them
Everyone, at some point in their career, has endured a bad boss or bad business colleague. Someone further up the chain or a lateral colleague who lacks basic interpersonal skills, demands the impossible, flies off the handle at the slightest provocation, or throws you under the bus the moment a project goes south. Aside from […]
Critical Vulnerability Can Allow Takeover of Mastodon Servers
A critical vulnerability in the Mastodon social networking platform may allow attackers to take over target servers. The post Critical Vulnerability Can Allow Takeover of Mastodon Servers appeared first on SecurityWeek.
US Signal: Sustainability isn’t just a buzzword
Headquartered in Grand Rapids, Michigan, US Signal is the largest privately-held data center services provider in the Midwest. With 8 high-performance data centers strategically located across Illinois, Indiana, Michigan, and Wisconsin, the company offers maximum redundancy and isolation from natural disasters with a full portfolio of cloud services that meet enterprises’ most demanding compute, storage, […]
Key skills tech leaders need to secure a board seat
Rona Bunn is CIO for the National Association of Corporate Directors (NACD), where she facilitates digital orchestration and leads information technology, data, and digital experience. A two-time Technology All-Star award recipient from Women of Color in STEM, Bunn previously served as CIO at the US Department of Commerce, International Trade Administration. She currently serves on […]
4 tips to improve employee experiences while maintaining security and governance
Improving employee productivity and collaboration is a top business objective, according to the 2023 Foundry Digital Business Study. But delivering these productive employee experiences can be challenging, especially with an increasingly distributed workforce. As more individuals use browser-based apps to get their work done, IT leaders need to provide seamless access to corporate apps and […]
After Zero-Day Attacks, MOVEit Turns to Security Service Packs
Facing ransomware zero-days, Progress Software will release regular service packs to help customers mitigate critical security flaws. The post After Zero-Day Attacks, MOVEit Turns to Security Service Packs appeared first on SecurityWeek.
Private 5G networks are sparking innovation at the edge
For the enterprise, planning edge strategies and reaping their rewards is often a complex and challenging process, with myriad applications to deploy, a proliferation of hardware devices to manage, multiple data types and sources to integrate, and significant security risks to avoid. A crucial component to simplifying the edge experience is the network itself. In a recent post, […]
Former Contractor Employee Charged for Hacking California Water Treatment Facility
Former contractor employee charged with hacking for accessing the systems of a water treatment facility in California to delete critical software. The post Former Contractor Employee Charged for Hacking California Water Treatment Facility appeared first on SecurityWeek.
In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 3, 2023. The post In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques appeared first on SecurityWeek.
Need for Speed Drives Security-as-a-Service
Organizations face new challenges associated with protecting distributed assets against cyberattack in the hybrid IT model that most companies will deploy for the foreseeable future. Threats are emerging at a speed that makes it difficult for internal security practitioners to keep pace. There are zero-day attacks that exploit vulnerabilities before security teams are even aware […]
Iranian Cyberspies Target US-Based Think Tank With New macOS Malware
In May 2023, Iran-linked cyberespionage group Charming Kitten targeted a US-based think tank with new macOS malware. The post Iranian Cyberspies Target US-Based Think Tank With New macOS Malware appeared first on SecurityWeek.
Security Firm Finds Over 130k Internet-Exposed Photovoltaic Diagnostics Systems
Cyble has discovered more than 130,000 Photovoltaic monitoring and diagnostic solutions exposed to the internet. The post Security Firm Finds Over 130k Internet-Exposed Photovoltaic Diagnostics Systems appeared first on SecurityWeek.
OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain
SwSec 5D framework aims to provide a roadmap for secure software development, and its use would help improve security in the software supply chain. The post OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain appeared first on SecurityWeek.
Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks
Potentially serious vulnerabilities discovered by researchers in a PiiGAB product could expose industrial organizations to remote hacker attacks. The post Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks appeared first on SecurityWeek.
Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers
Two applications hosted on Google Play, with over 1.5 million combined downloads, were caught sending user data to servers in China. The post Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers appeared first on SecurityWeek.
13 go-to podcasts that inspire IT industry leaders today
In today’s ever-changing technology landscape, it’s important for IT leaders of every stripe to not only keep abreast of current events and trends affecting the industry, but also know about focus areas and challenges of their upper management peers since the tech function is increasingly viewed as a strategic business partner to the C-suite. One […]
ITIL certification guide: Costs, requirements, levels, and paths
The IT Infrastructure Library (ITIL) offers best practices for delivering IT services using a systematic approach to IT service management (ITSM). ITIL certification is near the top of almost every list of must-have IT certifications, and for good reason. As an IT management framework, ITIL can help businesses manage risk, strengthen customer relations, establish cost-effective practices, and […]
What is Oracle’s generative AI strategy?
While Microsoft, AWS, Google Cloud, and IBM have already released their generative AI offerings, rival Oracle has so far been largely quiet about its own strategy. Instead of launching a competing offering in a rush, the company is quietly preparing a three-tier approach. “Our tier strategy resembles a three-layer cake and each of these layers […]
CISA, FBI Warning: Truebot Hackers Exploiting Netwrix Auditor Flaw
Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada. The post CISA, FBI Warning: Truebot Hackers Exploiting Netwrix Auditor Flaw appeared first on SecurityWeek.
Now’s the Time for a Pragmatic Approach to New Technology Adoption
What a cloud migration strategy did for cloud adoption, an automation implementation strategy does for security automation adoption. The post Now’s the Time for a Pragmatic Approach to New Technology Adoption appeared first on SecurityWeek.
Hybrid IT is Here to Stay
The hybrid IT architecture is here to stay, according to F5’s 2023 State of Application Strategy Report, and that has profound implications for how enterprises should be thinking about modernizing, deploying, and securing applications. Data collected from more than 1,000 survey respondents indicates that IT leaders have come to realize there is simply no one […]
Digital Transformation Delivers Business Benefits
Virtually every organization worth its salt is involved in digital transformation, and those efforts are starting to pay dividends, according to F5’s 2023 State of Application Strategy Report. When respondents to F5’s survey of more than 1,000 IT leaders were asked to list the benefits of digital transformation, IT operational efficiency topped the list (cited […]
Cost and Complexity Drive Multicloud Networking
Traditional networking is boring. But multicloud networking is hot, according to the more than 1,000 global IT leaders surveyed for F5’s 2023 State of Application Strategy report. When asked to identify the most exciting technologies of 2023, multicloud networking was cited by 42% of survey respondents. That’s higher than trendy topics like AIOps and edge […]
How PwC and SAP are doing right by helping clients unlock ESG value
Achieving environmental, social, and governance (ESG) targets can increase a company’s worth beyond the feel-good. When it’s done right, it can increase company valuation with investors, open windows to subsidies, gain favorable supplier ratings with customers, and make companies attract and retain talent. There is always a complex balance when implementing ESG goals between incentives […]
Android Security Updates Patch 3 Exploited Vulnerabilities
Google’s July 2023 security updates for Android patches 43 vulnerabilities, including three exploited in the wild. The post Android Security Updates Patch 3 Exploited Vulnerabilities appeared first on SecurityWeek.
JumpCloud Says All API Keys Invalidated to Protect Customers
JumpCloud is responding to an incident that has triggered a reset of all API keys in order to protect customers and their operations. The post JumpCloud Says All API Keys Invalidated to Protect Customers appeared first on SecurityWeek.
How traditional and generative AI are transforming Enterprise Service Management
Generative AI is potentially the most transformative new technology since the introduction of the public internet, and it already has many exciting applications within enterprise service management (ESM). AI is known for enabling intelligent chatbots, predictive capabilities in ticket management, and the ability to identify emerging service issues long before they become problems. Generative AI […]
Rackspace’s CTO takes a broad view of sustainability
Srini Koushik has been passionate about the environment for 35 years and now, as a board member of the nonprofit SustainableIT.org and CTO of cloud services provider Rackspace Technology, he wants to help enterprises achieve sustainability in the cloud. Two decades ago, as CIO and CTO at Nationwide Insurance, he inspired colleagues to implement what […]
Steps tech leaders are taking to meet new accessibility mandates
Leading CIOs are empowering their teams to make the digital estate as accessible as the physical buildings of the business, and they’re right to do so. Major legislation is about to reshape the digital landscape in the US and across Europe, which will mean CIOs must focus their sights on digital accessibility. “We’ve seen great […]
Repsol doubles down on digital transformation
Within the framework of Repsol’s strategic plan for the 2021-2025 period, the company recently released a second wave of its Digitization Program, which consolidates and expands the use of generative AI across the business through a new competence center, and allows innovative and disruptive technologies to simplify daily processes by making more agile decisions based on data. […]
Taking the risk out of the semiconductor supply chain
Over the past few years, the tech industry has been feeling the impact of unprecedented disruptions along the semiconductor supply chain. This supply chain—which spans from research and development to manufacturing, to the end use of the tiny chips that enable devices from cars to cell phones—has historically been volatile, easily swinging from surpluses to […]
How an enterprise browser can help streamline IT management
IT teams are tasked with providing technology solutions that enhance employee experiences, while also increasing efficiencies in how they deliver and manage those products and services. Hybrid work models have complicated ongoing efforts to achieve these objectives. . Following the hectic sprint to ensure effective remote work and the acceleration of transformation projects, now is […]
A powerful enterprise browser can power employee experiences — and productivity
Improving employee productivity and collaboration is this year’s top digital objective among IT leaders, according to Foundry’s 2023 Digital Business study. Given today’s highly distributed workforces and their familiarity with getting work done on the web, it makes sense to personalize browsing experiences to help them more easily accomplish their tasks. A recent study conducted […]
How AI is enabling powerful, secure browsing experiences
Artificial intelligence and machine learning are the No. 1 technologies being researched and piloted by IT leaders, according to the 2023 CIO Tech Priorities study. Generative AI is raising the interest level even further as organizations begin testing different use cases for deep-learning models. Many individuals want to use generative AI solutions at and for […]
Making intelligent automation work at scale
Organizations can reap a range of benefits from deploying automation tools such as robotic process automation (RPA). But adding artificial intelligence (AI) to the mix is where an even bigger payoff can come. “Organizations have been combining automation and AI technologies for a few years now to improve their business processes,” says Maureen Fleming, program […]
Breaking the Mold: Subhamoy Chakraborti Leads the Digital Transformation of News Media
Scarcely is an institution as important to a nation as a competent and impartial media house. ABP Private Limited, headquartered out of Kolkata, India, stands out as an organization that delivers news to millions of Indian citizens through its various platforms. The media conglomerate completed a hundred years in 2022. Subhamoy Chakraborti, Chief Technology Officer […]
Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data
Shell confirms that employee personal information has been stolen after the Cl0p ransomware group leaked data allegedly stolen from the energy giant. The post Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data appeared first on SecurityWeek.
28,000 Impacted by Data Breach at Pepsi Bottling Ventures
The personal, financial, and health information of over 28,000 individuals stolen in data breach at Pepsi Bottling Ventures. The post 28,000 Impacted by Data Breach at Pepsi Bottling Ventures appeared first on SecurityWeek.
Interpol: Key Member of Major Cybercrime Group Arrested in Africa
Law enforcement authorities have arrested a suspected senior member of the French-speaking Opera1er cybercrime group. The post Interpol: Key Member of Major Cybercrime Group Arrested in Africa appeared first on SecurityWeek.
StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs
A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs. The post StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs appeared first on SecurityWeek.
Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic
Cisco says a high-severity vulnerability in Nexus 9000 series switches could allow attackers to intercept and modify encrypted traffic. The post Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic appeared first on SecurityWeek.
Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech
Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space. The post Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech appeared first on SecurityWeek.
Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack
Japan’s Port of Nagoya this week suspended cargo loading and unloading operations following a ransomware attack. The post Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack appeared first on SecurityWeek.
Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks
An actively exploited vulnerability in the Contec SolarView solar power monitoring product can expose hundreds of energy organizations to attacks. The post Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks appeared first on SecurityWeek.
Sweden Orders Four Companies to Stop Using Google Tool
Sweden has ordered four companies to stop using a Google tool that measures and analyses web traffic as doing so transfers personal data to the United States, fining one company the equivalent of more than $1.1 million. The post Sweden Orders Four Companies to Stop Using Google Tool appeared first on SecurityWeek.
Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities
Mozilla has released Firefox 115 to the stable channel with patches for two high-severity use-after-free vulnerabilities. The post Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities appeared first on SecurityWeek.
Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks
Ransomware gangs are targeting schools, stealing confidential documents and then dumping them online. The post Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 23 Deals Announced in June 2023
Twenty-three cybersecurity-related merger and acquisition (M&A) deals were announced in June 2023. The post Cybersecurity M&A Roundup: 23 Deals Announced in June 2023 appeared first on SecurityWeek.
EU Court Deals Blow to Meta in German Data Case
Facebook, Instagram and WhatsApp may need to overhaul how they collect the data of users in Europe after the top EU court ruled against Meta. The post EU Court Deals Blow to Meta in German Data Case appeared first on SecurityWeek.
5 key mistakes IT leaders make at board meetings
It’s not uncommon for CIOs, CISOs, and sometimes their direct reports to be called on to participate in board meetings or to present IT strategies and plans to their boards of directors. If you don’t join board meetings often, preparation is paramount, starting with learning about the directors’ backgrounds and reviewing minutes from previous meetings. […]
11 tips for crafting highly effective job descriptions
Writing job descriptions for open positions might feel like a chore to pass off to someone with less on their plate, or something to shortcut by dusting off copy from the last time you hired for this role, but an on-target job description is a vital step in landing talent — especially in tight markets. […]
Sitecore enhances Experience Manager (XM) Cloud Platform with generative AI, component capabilities
In just a matter of months, generative AI (GAI) has upended many job roles. And perhaps no role has been more immediately affected than that of the marketer. ChatGPT, arguably the best-known GAI platform, was introduced in November 2022. By March, a survey had found that three-quarters (74%) of U.S. marketers were already investing in […]
VMware, Other Tech Giants Announce Push for Confidential Computing Standards
VMware partners with tech giants to accelerate the development of confidential computing applications. The post VMware, Other Tech Giants Announce Push for Confidential Computing Standards appeared first on SecurityWeek.
Apple, Civil Liberty Groups Condemn UK Online Safety Bill
Fears mount that UK Online Safety Bill may include a requirement for an encrypted message scanning capability. The post Apple, Civil Liberty Groups Condemn UK Online Safety Bill appeared first on SecurityWeek.
How CareSource IT is addressing data interoperability challenges in healthcare
One key challenge facing the healthcare industry today is the inability to easily access and share electronic medical information between healthcare providers, clinicians, and patients. This is a significant problem because sharing data between clinical systems and providing patients with easy access to their information enables them to make better-informed decisions and, subsequently, supports improving […]
It’s a new dawn of AI-powered knowledge management
For the last 30 years, the dream of being able to collect, manage and make use of the collected knowledge assets of an organization has never been truly realized. Systems for sharing information assets across the enterprise have evolved in their sophistication but haven’t been able to take it to the next level by effectively […]
4 key roles that define transformational IT leaders today
In a world where nothing stays the same, the CIO role has evolved and changed — mainly for the better — as CIOs have gained greater visibility and importance. They are increasingly included in board-level discussions on cybersecurity and tech investments for organizational initiatives and are influencing decisions related to planning, strategy, implementation, and operations. […]
Democratizing data to fuel data-driven business decisions
To compete—and win—in today’s fast-paced, digital-first world, organizations must be able to collect, understand, and leverage data. Organizations that have higher confidence in their data based on a full picture of the organization’s data landscape can make decisions that will ultimately drive better business outcomes. But for too long, the ability to read, interpret, and […]
What’s the state of Zero Trust security?
Zero Trust adoption is accelerating, with over half of organizations reporting they have adopted Zero Trust Security, according to research independently conducted by leading security research firm Ponemon Institute, sponsored by Hewlett Packard Enterprise. In the report, The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, 51% of organizations […]
7 best practices for building a single-vendor SASE solution
Over the past three or four years, the industry has been abuzz with the concept of delivering converged security and networking features via the cloud. Secure Access Service Edge combines networking solutions like SD-WAN with cloud-delivered security like firewall as a service (FWaaS), cloud access security broker(CASB), and secure web gateway (SWG). But even with all the hype, most considered SASE as something […]
Taking IT outsourcing to the next level
With businesses increasingly dependent on service providers to reduce costs, improve quality, and drive innovation, traditional contracts don’t work. In fact, they often undermine the partner-like relationships and trust needed to cope with external uncertainty. A better approach is to use what leading academics call a “formal relational contract.” Why transactional contracts are a thing […]
8 problematic IT team members — and how to deal with them
Problematic employees appear in every industry, but managing employees in the IT field comes with a specific set of challenges. Lack of engagement in IT work environments translates to employees who miss deadlines, put off coworkers, or otherwise cause friction with their colleagues. A recent Gallup report showed that unengaged employees lead to a range […]
Back to basics: Keys to taking a pragmatic approach to observability
In the world of IT operations, “observability” is a concept that’s been around for some time. Having been in IT operations for more than 30 years, I can say that, even before anyone called it “observability,” we were in effect examining ways to achieve the same ends. While definitions can vary, in essence, observability is […]
3 things that make a CIO-CFO dream team
“There are plenty of good CIOs and plenty of good CFOs,” says Jim McGittigan, Research VP in the CIO Research group of Gartner. “Part of what makes them good is they understand one another. When they work well together, it has a huge impact on the effectiveness of the organization.” CIOs and CFOs who have […]
What is OKR? A goal-setting framework for thinking big
OKR is a goal-setting framework that helps organizations define objectives and then track outcomes in days instead of months. OKR has been around since the 1970s, and the concept was created by Andy Grove, but popularized by John Doerr, one of the earliest investors in Google. OKR quickly became an important focus for Google, and companies […]
How data teams move from offense to defense in 2023
It’s well acknowledged that data, when used correctly, has the potential to be a strategic growth asset driving innovation – and with the recent developments in large language models (LLM) for AI, data is really having its day in the sun. To win the game, you need a modern, future-proof business plan. And we’ll let […]
Data analytics in the cloud: understand the hidden costs
Luke Roquet recently spoke to a customer who recounted the shock of getting a $700,000 bill for a single data science workload running in the cloud. When Roquet, who is senior vice president of product marketing at Cloudera, related the story to another customer, he learned that that company had received a $400,000 tab for […]
Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials
Cait Conley will coordinate with federal, state and local officials responsible for ensuring elections are secure ahead of the 2024 presidential election. The post Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials appeared first on SecurityWeek.