31Jul 2023

US Gov Rolls Out National Cyber Workforce, Education Strategy

The Biden administration on Monday announced a series of “generational investments” to address immediate and long-term cyber workforce needs.  The post US Gov Rolls Out National Cyber Workforce, Education Strategy appeared first on SecurityWeek.

31Jul 2023

Why Zain Kuwait partnered with BMC Software: An ongoing commitment to service management excellence

Zain Kuwait became the country’s first mobile operator in 1983 and has since grown into the largest mobile operator in the Middle East, providing voice and data services to more than 53 million customers. Worth more than $2.4 billion, Zain employs 7,100 people in seven countries—and is growing largely because of the high level of […]

31Jul 2023

Simplifying IT strategy: How to avoid the annual planning panic

For those companies operating on a calendar year, the end of summer signals the start of annual planning and the mad dash to prepare their IT strategies. Annual or not, like running with the bulls in Pamplona, this exercise never fails to test your mettle and often leaves you staring frantically at the page and […]

31Jul 2023

How Bloomberg’s engineers built a culture of knowledge sharing

Bloomberg is a company synonymous with finance, technology, and media. It has offices across the globe and more than 8,000 engineers working to support everything from real-time data feeds about moves in the financial markets and the company’s journalists to mobile apps and AI models that can analyze financial data and sentiment. To help its […]

31Jul 2023

Stack Overflow announces OverflowAI

Today marks the beginning of a new and exciting era for Stack Overflow. We are announcing our roadmap for the integration of generative AI into our public platform, Stack Overflow for Teams, and brand new product areas, like an IDE integration that brings the vast knowledge of 58 million questions and answers from our community […]

31Jul 2023

Paper-to-Digital Can Drive Sustainability at Scale

Adobe created the Portable Document Format, the PDF, in 1993 to provide an easy and reliable way to create, present, and exchange visually rich and composed documents independent of the device being used. The invention was one of the biggest steps toward the “paperless office,” perhaps second to computers. A workplace built on digital technologies […]

31Jul 2023

Why knowledge management is foundational to AI success

Amid all the conversations about how AI is revolutionizing work—making everyday tasks more efficient and repeatable and multiplying the efforts of individuals—it’s easy to get a bit carried away: What can’t AI do? Despite its name, generative AI—AI capable of creating images, code, text, music, whatever—can’t make something from nothing. AI models are trained on […]

31Jul 2023

The hardest part of building software is not coding, it’s requirements

With all the articles about all the amazing AI developments, there’s plenty of hand-wringing around the possibility that we, as software developers, could soon be out of a job, replaced by artificial intelligence. They imagine all the business execs and product researchers will bypass most or all of their software developers and ask AI directly […]

31Jul 2023

BIT’s Agrobit named a ‘Hero of Sustainability’ at SAP Innovation Awards

The days of farmers pouring over a Farmer’s Almanac for answers about what and when to plant are gone – like dust in the wind. As the market has expanded worldwide and become more sophisticated, so have the challenges facing farmers and their questions about how to move forward. They want information and advice. BIT S.A., […]

31Jul 2023

Atea – Enabling organizations to tame complexity, manage growth

Atea is focused on helping organizations maximize the value of their IT investments—from initial deployment, throughout their lifecycle, and into the next generation of technology solutions. With almost 8,000 employees located in 85 offices across seven countries in the Nordic and Baltic regions of Europe, the company offers a complete range of hardware, software and services […]

31Jul 2023

Building a Beautiful Data Lakehouse

Applying artificial intelligence (AI) to data analytics for deeper, better insights and automation is a growing enterprise IT priority. But the data repository options that have been around for a while tend to fall short in their ability to serve as the foundation for big data analytics powered by AI. Traditional data warehouses, for example, support […]

31Jul 2023

Reddit Taps Fredrick ‘Flee’ Lee for CISO Job

Reddit hires a 20-year cybersecurity veteran to manage its privacy and security functions as it prepares for an IPO. The post Reddit Taps Fredrick ‘Flee’ Lee for CISO Job appeared first on SecurityWeek.

31Jul 2023

Apple Lists APIs That Developers Can Only Use for Good Reason

To boost user privacy, Apple is requiring app developers to declare a reason to use specific APIs. The post Apple Lists APIs That Developers Can Only Use for Good Reason appeared first on SecurityWeek.

31Jul 2023

Huawei Unleashes the Power of Technology for a Sustainable, Digital Europe

Digital transformation is key in building Europe’s resilience and sustainability Huawei As a committed partner of digital Europe, Huawei builds innovative ICT infrastructure and works with customers and partners to accelerate the digital transformation of enterprises, aiming to drive economic prosperity and build a sustainable, digital Europe. — Ernest Zhang, President, Huawei Enterprise Business Group […]

31Jul 2023

Swiss Re streamlines insurers’ natural disaster response with AI

Natural disasters have been increasing in frequency, severity, and diversity in recent years, pressuring insurers to be more efficient and to anticipate event and claim fallout. The same goes for reinsurance firms, which provide insurance for insurers, reducing their likelihood of large payouts—a significant factor in the insurance industry’s response to natural disasters.   According […]

31Jul 2023

20 issues shaping generative AI strategies today

Organizations are rushing to figure out how to extract business value from generative AI — without falling prey to the myriad pitfalls arising. The adoption curve here is by no means gradual, with most enterprise leaders quickly working to harness the technology’s potential mere months after the November 2022 launch of gen AI tool ChatGPT […]

31Jul 2023

CISA Analyzes Malware Used in Barracuda ESG Attacks

CISA has shared analysis reports on three malware families obtained from an organization hacked via a recent Barracuda ESG vulnerability. The post CISA Analyzes Malware Used in Barracuda ESG Attacks appeared first on SecurityWeek.

31Jul 2023

Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks

Ivanti EPMM customers have been warned of CVE-2023-35081, a second zero-day vulnerability that has been exploited in targeted attacks. The post Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks appeared first on SecurityWeek.

31Jul 2023

Building a successful platform engineering practice

As companies continue to shift towards the cloud, platform engineering has emerged as a practice for organizations to efficiently and effectively deploy modern workloads, while maintaining a repeatable secure deployment pattern. Organizations looking to remain competitive and relevant in today’s fast-paced world need to focus on setting up processes that enable development teams to build […]

28Jul 2023

5 steps to drive and foster innovation in IT

Tight budgets and labor shortages have remained an ongoing challenge for IT leaders in 2023. As a result, CIOs are looking at ways of doing more with less, while continuing to digitally transform their organizations. How can we free up funds in one area to invest or innovate in another area of the business? This […]

28Jul 2023

In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android 

Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 24, 2023. The post In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android  appeared first on SecurityWeek.

28Jul 2023

US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications

US and Australian government agencies provide guidance on addressing access control vulnerabilities in web applications. The post US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications appeared first on SecurityWeek.

28Jul 2023

How much advantage does edge offer? And how are organizations using it?

Organizations are fast discovering the business benefits of edge solutions, such as edge computing. Real-time data processing is enabling them to make faster decisions, secure their assets (both physical and virtual), and gain better control over their operations. It all sounds attractive, but you may wonder to what extent edge computing actually provides an advantage […]

28Jul 2023

Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins

The first attempts to exploit CVE-2023-24489, a recent critical Citrix ShareFile remote code execution vulnerability, have been observed. The post Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins appeared first on SecurityWeek.

28Jul 2023

Industry Reactions to New SEC Cyber Incident Disclosure Rules: Feedback Friday

Several industry professionals comment on the SEC’s new cybersecurity incident disclosure rules and their implications. The post Industry Reactions to New SEC Cyber Incident Disclosure Rules: Feedback Friday appeared first on SecurityWeek.

28Jul 2023

Zimbra Patches Exploited Zero-Day Vulnerability

Zimbra has released patches for a cross-site scripting (XSS) vulnerability that has been exploited in malicious attacks. The post Zimbra Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek.

28Jul 2023

Embracing neurodiversity in IT for competitive advantage

The term neurodiversity covers a range of conditions, as well as the various spectrums within each. So each neurodiverse professional’s experience is unique, but speaking for myself, being neurodiverse has been a huge competitive advantage in my technology career. The ability to pivot fast and hyperfocus are strengths, not weaknesses, and a leader that can […]

28Jul 2023

JLL reinvents itself for the AI era

City skyscrapers and office parks may remain scarcely occupied in the post-pandemic work era, but commercial real estate player JLL’s business is not slowing down, thanks to the company’s embrace of technology and high-growth opportunities to adapt and prosper. The Chicago-based commercial real estate company, one of the largest in the world, has invested heavily […]

28Jul 2023

Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices

Several vulnerabilities found in Weintek Weincloud could have allowed hackers to manipulate and damage ICS, including PLCs and field devices. The post Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices appeared first on SecurityWeek.

28Jul 2023

CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist

CoinsPaid says North Korean hacking group Lazarus is likely responsible for the recent theft of $37 million in cryptocurrency. The post CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist appeared first on SecurityWeek.

28Jul 2023

You cannot develop a high-quality customer engagement strategy without trust

Engaged customers are vital to the success of any business. Analytics is central to understanding what works for your customers. But how do you get them to share actionable data?  Of course, customers are willing to share data in return for better services and products. But, they want to be safe in knowing that their […]

28Jul 2023

You can’t grow trust on a rocky infrastructure

There is an explosion of personal data about what we buy, where we go, and what we watch. We trust the custodians of our data to ensure it is not breached or used irresponsibly. But not all organizations that store and process sensitive customer data are fully aware that a chink in infrastructure can break […]

28Jul 2023

Get the best value from your data by reducing risk and building trust

Users are increasingly concerned about how their data is harvested and used. Data privacy is an essential ingredient of trust in a business and is thus inextricably linked to growth.   Data privacy is the control of data harvested, stored, utilized, and shared in compliance with data protection regulations and privacy best practices. Data privacy encompasses […]

28Jul 2023

Ignoring data lifecycle management is putting your business at risk

Enterprises are dealing with increasing amounts of data, and managing it has become imperative to optimize its value and keep it secure. Data lifecycle management is essential to ensure it is managed effectively from creation, storage, use, sharing, and archive to the end of life when it is deleted.  Data lifecycle management covers the processes, […]

27Jul 2023

IT leaders grapple with shadow AI

Max Chan knew he had to do something. Soon after ChatGPT burst on the scene in November 2022, Chan realized generative AI would amount to far more than the just the latest technology flash-in-the-pan. With the ability to instantaneously ingest reams of data using large language models (LLMs), generative AI technologies such as OpenAI’s ChatGPT […]

27Jul 2023

The advantages of being cloud smart

Last year VMware commissioned an eye-opening survey of IT leaders, including nearly 6,000 CIOs, CISOs, CTOs, application developers, cloud architects, and DevOps professionals across the globe. The resulting report, “The Multi-Cloud Maturity Index,” garnered important intelligence on the state of multi-cloud deployments across industries. As a multi-cloud approach becomes increasingly ubiquitous with efforts to future-proof […]

27Jul 2023

The central role of a multi-cloud approach when future-proofing today’s dynamic enterprises

As we closed out 2022 and began 2023, VMware’s Research and Insights organization interviewed more than 450 technology executives to get their candid views on the topics that present enterprises with the greatest opportunities and challenges. The resulting report revealed a technology landscape marked by excessive pressure to deliver IT value in uncertain times. The […]

27Jul 2023

US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’

Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government. The post US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’ appeared first on SecurityWeek.

27Jul 2023

SAP raises on-prem support costs again to drive cloud adoption

First came the carrot of lower costs in the cloud with the bundled Rise with SAP offering. Now here comes the stick. SAP said Thursday it will raise the cost of support for users of its on-premises software for the second year in a row, just days after announcing plans to withhold future innovations in […]

27Jul 2023

Multiple Security Issues Identified in Peloton Fitness Equipment

Internet-connected Peloton workout equipment is impacted by multiple security risks, such as having USB debugging enabled. The post Multiple Security Issues Identified in Peloton Fitness Equipment appeared first on SecurityWeek.

27Jul 2023

TSA Updates Pipeline Cybersecurity Requirements

The TSA has released updated cybersecurity requirements for pipeline owners and operators, instructing them to test assessment and incident response plans. The post TSA Updates Pipeline Cybersecurity Requirements appeared first on SecurityWeek.

27Jul 2023

Head of US Cybersecurity Agency Sees Progress on Election Security, With More Work Needed for 2024

CISA Director Jen Easterly says more is needed to defend the integrity and resiliency of the election process ahead of the 2024 election. The post Head of US Cybersecurity Agency Sees Progress on Election Security, With More Work Needed for 2024 appeared first on SecurityWeek.

27Jul 2023

European Threat Intelligence Firm QuoIntelligence Raises $5.5 Million in Seed Funding

Threat intelligence services provider QuoIntelligence has raised €5 million ($5.5 million) in seed funding. The post European Threat Intelligence Firm QuoIntelligence Raises $5.5 Million in Seed Funding appeared first on SecurityWeek.

27Jul 2023

Protect AI Raises $35 Million to Protect Machine Learning and AI Assets

Machine Learning and Artificial Intelligence security firm Protect AI raised $35 million in Series A funding led by Evolution Equity Partners. The post Protect AI Raises $35 Million to Protect Machine Learning and AI Assets appeared first on SecurityWeek.

27Jul 2023

The Good, the Bad and the Ugly of Generative AI

Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive one to thrive.” The post The Good, the Bad and the Ugly of Generative AI appeared first on SecurityWeek.

27Jul 2023

Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats

An Axis network door controller vulnerability can be exploited to target facilities, exposing them to both physical and cyber threats. The post Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats appeared first on SecurityWeek.

27Jul 2023

CardioComm Takes Systems Offline Following Cyberattack

Canadian medical software provider CardioComm has taken systems offline to contain a cyberattack. The post CardioComm Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.

27Jul 2023

Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads

Researchers discovered two vulnerabilities in the Ubuntu OverlayFS module: CVE-2023-2640 and CVE-2023-32629 (together dubbed ‘GameOver(lay)’). The post Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads appeared first on SecurityWeek.

27Jul 2023

CIO Diane Schwarz on the power of professional ecosystems

Diane Schwarz knows it as well as anyone: You can’t climb to the C-suite alone. It takes an ecosystem of colleagues, clients, and partners — all of whom help you navigate what is often a nonlinear path. Such has been the case in Diane’s own storied career, from her education at Notre Dame and Chicago […]

27Jul 2023

Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus

Maximus Inc says that the personal information of 8 to 11 million individuals was stolen in the MOVEit cyberattack. The post Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus appeared first on SecurityWeek.

27Jul 2023

Companies Required by SEC to Disclose Cybersecurity Incidents in 4 Days

The SEC has adopted new rules requiring public companies to disclose cybersecurity breaches that have a material impact within four days. The post Companies Required by SEC to Disclose Cybersecurity Incidents in 4 Days appeared first on SecurityWeek.

27Jul 2023

Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation

Researchers say a whopping 62 percent of AWS environments may be exposed to the newly documented AMD ‘Zenbleed’ information leak flaw. The post Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation appeared first on SecurityWeek.

26Jul 2023

Low-Tech Collaboration Emerges as The Key to Protecting Complex Enterprise Infrastructure Environments

The complexity of today’s enterprise infrastructure environment has created demand for a great variety of dedicated point security solutions, triggering a disconcerting array of alarms and alerts that most organizations struggle to address with current access to talent and staff. While implementing effective strategies that harness automation and security technology remain critical, the most successful […]

26Jul 2023

Adapt to business changes with flexible licensing

When it comes to technology, the one thing you can count on is change. Requirements evolve over time as organizations adapt their environments and deployments to meet new demands and challenges. But in the past few years, this rate of change has skyrocketed. What an organization needs one quarter may be drastically different than what […]

26Jul 2023

ServiceNow adds new features to its Now Assist generative AI assistant

ServiceNow is adding new features to its Now Assist generative AI assistant that comes bundled with the company’s Now platform, designed to help organizations automate workflows. The new capabilities of Now Assist, which include case summarization and text-to-code, are compatible with all workflows and are designed to drive productivity and efficiency for organizations, the company […]

26Jul 2023

Best practices for building a single-vendor SASE solution

Over the past three or four years, the industry has been abuzz with the concept of delivering converged security and networking features via the cloud. Secure Access Service Edge combines networking solutions like SD-WAN with cloud-delivered security like firewall as a service (FWaaS), cloud access security broker(CASB), and secure web gateway (SWG). But even with all the hype, most considered SASE as something […]

26Jul 2023

Deloitte and SAP team to create the perfect ware for trade classification

Suppose you have an international apparel company that manufactures and sells shirts. But let’s focus on just one shirt to start. Following common industry practice, you have the shirt manufactured in one country. The raw materials for manufacturing come from another country. And when the shirt is completed, it’s distributed to a third country to […]

26Jul 2023

Ex-NSA Official Harry Coker Tapped for National Cyber Director Job

The Biden administration has nominated former Navy commander Harry Coker to replace the retired Chris Inglis. The post Ex-NSA Official Harry Coker Tapped for National Cyber Director Job appeared first on SecurityWeek.

26Jul 2023

CDI — Accelerated, award-winning digital transformation with VMware Technologies

Digitally transforming a business is never a “one size fits all” strategy. Every company has its unique challenges and must solve problems in ways that make sense for their business. CDI, a VMware partner and VMware Cross-Cloud Managed Services Provider, understands the difficulties facing businesses trying to digitally transform. “Organizations often want a digital transformation. […]

26Jul 2023

How digital humans can make healthcare technology more patient-centric

One of the biggest issues in healthcare is staffing shortages—and it impacts us all. While healthcare staffing challenges are not new, they are forecasted to reach crisis levels in the coming years. For nursing staff alone, the International Centre on Nurse Migration projects a 13 million shortage by 2030, an increase from 6 million pre-pandemic. And the World Health Organization […]

26Jul 2023

Microsoft Message Queuing Vulnerabilities Allow Remote Code Execution, DoS Attacks

Fortinet has published details on a series of critical- and high-severity vulnerabilities in the Microsoft Message Queuing service. The post Microsoft Message Queuing Vulnerabilities Allow Remote Code Execution, DoS Attacks appeared first on SecurityWeek.

26Jul 2023

Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI

Cyclops emerges from stealth mode with $6.4 million in seed funding and a generative AI-powered cybersecurity search platform. The post Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI appeared first on SecurityWeek.

26Jul 2023

Dozens of Organizations Targeted by Akira Ransomware

The Akira ransomware operators claim to have compromised 63 organizations since March 2023, mostly SMBs. The post Dozens of Organizations Targeted by Akira Ransomware appeared first on SecurityWeek.

26Jul 2023

Code Execution Vulnerability Impacts 900k MikroTik Devices

Over 900,000 devices are impacted by an arbitrary code execution vulnerability in MikroTik RouterOS. The post Code Execution Vulnerability Impacts 900k MikroTik Devices appeared first on SecurityWeek.

26Jul 2023

Russian Cybersecurity Firm Founder Jailed for 14 Years

Russia has sentenced Ilya Sachkov, co-founder of the Group-IB cybersecurity firm, to 14 years in prison on treason charges. The post Russian Cybersecurity Firm Founder Jailed for 14 Years appeared first on SecurityWeek.

26Jul 2023

CISO Conversations: Field CISOs From VMware Carbon Black and NetSPI

SecurityWeek talks to Field CISOs, Fawaz Rasheed (VMware Carbon Black) and Nabil Hannan (NetSPI), about this emerging role. The post CISO Conversations: Field CISOs From VMware Carbon Black and NetSPI appeared first on SecurityWeek.

26Jul 2023

A forensic look into cloud success with Broadcom’s Andy Nallappan

Companies moving to the cloud often find themselves at a crossroads near the midpoint of their migrations, spending more than they intended and getting less than they hoped. Often that’s because their IT organization isn’t equipped with the culture, mindset, and skills necessary to capitalize on the cloud. Andy Nallappan has had a long career in […]

26Jul 2023

Dr. Pankaj Setia on the challenges that will redefine CIOs’ careers

Dr Setia, also the chairperson of the centre for digital transformation at the business school, teaches graduate-level courses on the leadership of digital organizations, strategic management of digital innovations, and digital transformation. He has previously taught for many years at Michigan State University and the University of Arkansas in the US. According to Dr Setia, […]

26Jul 2023

Real estate CIOs drive deals with data

The residential real estate industry may not be perceived to be as digitally aggressive as Wall Street titans and multinational manufacturing conglomerates. But in reality, some of the largest, most established realty franchises, such as Re/Max and Keller Williams, have made all the right moves, pursuing digital transformations built on the cloud and primed to […]

26Jul 2023

Alphabet bets on generative AI as cloud boosts Q2 revenue

Alphabet on Tuesday reported a 7% increase in revenue for the quarter ended June driven by the growth in its cloud computing division, Google Cloud. The company posted revenue of $74.6 billion compared to $69.7 billion in the corresponding period last year. Net income for the company rose to $18.36 billion from $16 billion during […]

26Jul 2023

How IT leaders are driving new revenue

Sandwich-focused restaurant franchise Subway has some 37,000 locations worldwide, each of which faces a unique combination of factors, such as local competition and customer demographics, that impact sales and profitability. But Donagh Herlihy, the company’s chief digital and information officer, has a corporate-level solution to help each individual store determine “the sweet spot of pricing” […]

25Jul 2023

Physical experience, digital convenience: The future of retail

The future of retail is “phygital,” as every retail and ecommerce publication on the internet is screaming right now. If you’ve never heard the term before, it’s a portmanteau of “physical” and “digital” – and represents the merging of the two forms of retail and shopping. Physical retail and ecommerce are increasingly blending together – […]

25Jul 2023

Why entrepreneurs claim there’s no better place to do business than Puerto Rico

After graduating from Universidad Politécnica de Puerto Rico with a degree in computer engineering, Alberto Lugo knew he wanted to be an entrepreneur, and he knew that he wanted to build his company on the island. A college internship in Puerto Rico with Microsoft gave him the spark of an idea, and after working for […]

25Jul 2023

Maritime Cyberattack Database Launched by Dutch University

The NHL Stenden University of Applied Sciences in the Netherlands has launched MCAD, the Maritime Cyber Attack Database. The post Maritime Cyberattack Database Launched by Dutch University appeared first on SecurityWeek.

25Jul 2023

Webinar Tomorrow: Exposing Common Myths of OT Cybersecurity

Join SecurityWeek and TXOne Networks for this webinar as we expose common misconceptions surrounding the security of Operational Technology (OT) and dive into the evolving threat landscape. The post Webinar Tomorrow: Exposing Common Myths of OT Cybersecurity appeared first on SecurityWeek.

25Jul 2023

TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems

TETRA:BURST – vulnerabilities in widely used radio standard could threaten military and law enforcement communications, as well as ICS. The post TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems appeared first on SecurityWeek.

25Jul 2023

Thales Acquiring Imperva From Thoma Bravo for $3.6 Billion

French aerospace, defense, and security giant Thales is acquiring cybersecurity firm Imperva from Thoma Bravo in a $3.6 billion deal. The post Thales Acquiring Imperva From Thoma Bravo for $3.6 Billion appeared first on SecurityWeek.

25Jul 2023

Salesforce updates its Commerce Cloud with digital commerce capabilities

Salesforce is adding new features to its Commerce Cloud that will help organizations embed digital commerce capabilities into sales, service, or marketing processes to drive more revenue, the company said on Tuesday. The Commerce Cloud is a product suite aimed at helping organizations create unified buying experiences for their customers across channels, including mobile, social, […]

25Jul 2023

AMD CPU Vulnerability ‘Zenbleed’ Can Expose Sensitive Information

AMD has released microcode patches to address Zenbleed, a vulnerability in its Zen 2 CPUs that can allow an attacker to access sensitive information. The post AMD CPU Vulnerability ‘Zenbleed’ Can Expose Sensitive Information appeared first on SecurityWeek.

25Jul 2023

The unsung skill too many IT leaders shortchange

When it comes to harvesting full value from the rich set of technologies available to every organization, communications skills are probably not on every IT leader’s short list of essential capabilities. Technical skills, for sure. Integration? No doubt. But full spectrum communication skills — that is, oral, written, and digital/social — are almost as essential, […]

25Jul 2023

7 IT delegation mistakes to avoid

CIOs are burdened with far too many responsibilities for a single individual to competently or productively handle on their own. That’s why it’s important to know how to efficiently delegate tasks to carefully selected team members. Unfortunately, many CIOs are reluctant to assign any important task to a subordinate, believing that the job may not […]

25Jul 2023

Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government

An Ivanti EPMM product zero-day vulnerability tracked as CVE-2023-35078 has been exploited in an attack aimed at the Norwegian government. The post Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government appeared first on SecurityWeek.

25Jul 2023

Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks

Apple patches another zero-day flaw used in the ‘Operation Triangulation’ exploit chain. iOS and macOS-powered devices are affected. The post Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks appeared first on SecurityWeek.

24Jul 2023

Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab

100% key capture rate and successful ransomware decryption shows progress in ransomware defense capabilities. The post Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab appeared first on SecurityWeek.

24Jul 2023

OneTrust Raises $150 Million at $4.5 Billion Valuation

Privacy management solutions provider OneTrust raises $150 million at a $4.5 billion valuation. The post OneTrust Raises $150 Million at $4.5 Billion Valuation appeared first on SecurityWeek.

24Jul 2023

MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows

Experts believe the Cl0p ransomware gang could earn as much as $100 million from the MOVEit hack, with the number of confirmed victims approaching 400. The post MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows appeared first on SecurityWeek.

24Jul 2023

Cybersecurity Public-Private Partnership: Where Do We Go Next?

Sharing threat information and cooperating with other threat intelligence groups helps to strengthen customer safeguards and boosts the effectiveness of the cybersecurity sector overall. The post Cybersecurity Public-Private Partnership: Where Do We Go Next? appeared first on SecurityWeek.

24Jul 2023

Los Angeles SIM Swapper Pleads Guilty to Cybercrime Charges

Amir Golshan, of Los Angeles, pleaded guilty to perpetrating multiple cybercrime schemes using SIM swapping. The post Los Angeles SIM Swapper Pleads Guilty to Cybercrime Charges appeared first on SecurityWeek.

24Jul 2023

Over 20,000 Citrix Appliances Vulnerable to New Exploit

Over 20,000 appliances are vulnerable to a new exploit technique targeting a recent Citrix ADC zero-day vulnerability CVE-2023-3519. The post Over 20,000 Citrix Appliances Vulnerable to New Exploit appeared first on SecurityWeek.

24Jul 2023

Perimeter81 Vulnerability Disclosed After Botched Disclosure Process

Cybersecurity firm Perimeter81 appears to have botched the responsible disclosure process for a privilege escalation vulnerability found in its macOS application. The post Perimeter81 Vulnerability Disclosed After Botched Disclosure Process appeared first on SecurityWeek.

24Jul 2023

Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo

Atlassian patches high-severity remote code execution vulnerabilities in Confluence and Bamboo products. The post Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo appeared first on SecurityWeek.

24Jul 2023

LaLiga transforms fan experience with AI

IT is playing a key role in how the world’s most popular sport is played and experienced in Spain. The country’s premier football division, LaLiga, is leveraging artificial intelligence and machine learning (ML) to deliver new insights to players and coaches, and to transform how fans enjoy and understand the game. The transformation, which started […]

24Jul 2023

Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies

The China-linked cyberspy group APT31 is believed to be behind a data-theft campaign targeting industrial organizations in Eastern Europe. The post Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies appeared first on SecurityWeek.

23Jul 2023

Optimizing IT resources through infrastructure, people, and processes

According to McKinsey, the goal of digital transformation is to build a competitive advantage by continuously deploying tech at scale to improve customer experience and lower costs. Amid today’s uncertain economy, digital transformation is arguably more important than ever to remain afloat, not just competitive. EY recently found that in current economic and financial uncertainty, […]

23Jul 2023

Taking a page from the B2C book to improve B2B product user experience

When you think of B2B products, chances are you don’t picture the seamless, intuitive user experience that comes alongside the best of B2C products. Most enterprise products have a reputation for being complex and versatile, but not simple and universal. While B2B user experience focuses on providing in-depth content and adaptability, the B2C user experience […]

23Jul 2023

How automation enables better data governance

According to IBM, every day people create an estimated 2.5 quintillion bytes of new data (that’s 2.5 followed by 18 zeros!). More than 60% of corporate data is unstructured, according to AIIM, and a significant amount of this unstructured data is in the form of non-traditional “records,” like text and social media messages, audio files, […]

21Jul 2023

3 benefits of engaging hyperscalers when evaluating SAP RISE

Since SAP RISE came to the market, it seems that SAP’s goal is to force organizations into a relatively unproven and inflexible RISE model. To do so, they are obfuscating reality, limiting transparency, and changing their historic business practices to make RISE appear financially superior to the traditional perpetual license models. Because of the way […]

21Jul 2023

Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online. The post Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails appeared first on SecurityWeek.

21Jul 2023

Google Creates Red Team to Test Attacks Against AI Systems

Google has created a dedicated AI Red Team tasked with carrying out complex technical attacks on artificial intelligence systems. The post Google Creates Red Team to Test Attacks Against AI Systems appeared first on SecurityWeek.

21Jul 2023

Russia Seeks 18 Years in Jail for Founder of Cybersecurity Firm

A Russian prosecutor requested an 18-year prison sentence for Ilya Sachkov, founder of cybersecurity firm Group-IB. The post Russia Seeks 18 Years in Jail for Founder of Cybersecurity Firm appeared first on SecurityWeek.

21Jul 2023

In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware

Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 17, 2023. The post In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware appeared first on SecurityWeek.

21Jul 2023

OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers

Three vulnerabilities in Apache OpenMeetings could be exploited by attackers to take over an administrator account and execute arbitrary code remotely. The post OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers appeared first on SecurityWeek.

21Jul 2023

GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees

North Korean hackers are targeting employees at technology firms with repository invitations and malicious NPM packages. The post GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees appeared first on SecurityWeek.

21Jul 2023

Tech Titans Promise Watermarks to Expose AI Creations

Amazon, Google, Meta, Microsoft, OpenAI and other tech firms have voluntary agreed to AI safeguards set by the White House. The post Tech Titans Promise Watermarks to Expose AI Creations appeared first on SecurityWeek.

21Jul 2023

VirusTotal Provides Clarifications on Data Leak Affecting Premium Accounts

VirusTotal has provided clarifications on the recent data leak that resulted in the exposure of information on 5,600 of the threat analysis service’s customers. The post VirusTotal Provides Clarifications on Data Leak Affecting Premium Accounts appeared first on SecurityWeek.

21Jul 2023

How real-time operational insights drive superior tech platform development

Software-as-a-Service (SaaS) and SaaS-based service solutions have emerged as powerful tools. They address increasingly complex business processes, tackling anything from specific single functions to entire client-vendor relationship networks. SaaS is quickly evolving, and specialization has led to sophisticated, industry-specific or process-specific solutions, which can come to represent industry best practices. So as organizations face evolving […]

21Jul 2023

Citrix Zero-Day Exploited Against Critical Infrastructure Organization

CISA says the new Citrix zero day vulnerability tracked as CVE-2023-3519 has been exploited against a critical infrastructure organization. The post Citrix Zero-Day Exploited Against Critical Infrastructure Organization appeared first on SecurityWeek.

21Jul 2023

Tampa General Hospital Says Patient Information Stolen in Ransomware Attack

Tampa General Hospital has started informing patients that their personal information was stolen in a ransomware attack. The post Tampa General Hospital Says Patient Information Stolen in Ransomware Attack appeared first on SecurityWeek.

20Jul 2023

4 CIOs on marketing IT’s value to the business

Perception matters, particularly for internal IT organizations. While CIOs may be acutely aware of the essential value their teams create, that value isn’t always evident to stakeholders and clients. We may hope that the work speaks for itself, but the reality is, IT leaders must communicate IT’s accomplishments in a way that people can understand […]

20Jul 2023

New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices

Two new serious vulnerabilities in AMI BMC, which is used by millions of devices, can allow attackers to take control of systems and cause physical damage. The post New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices appeared first on SecurityWeek.

20Jul 2023

Cracking the code: solving for 3 key challenges in generative AI

By Chet Kapoor, Chairman and CEO, DataStax Generative AI is on everyone’s mind. It will revolutionize how we work, share knowledge, and function as a society. Simply put, it will be the biggest innovation we will see in our lifetime. One of the biggest areas of opportunity is productivity. Think about where we’re at right […]

20Jul 2023

Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups

Estée Lauder has confirmed suffering a data breach just as two ransomware groups claimed to have targeted the company, both allegedly stealing vast amounts of information. The post Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups appeared first on SecurityWeek.

20Jul 2023

JumpCloud Cyberattack Linked to North Korean Hackers

SentinelOne has linked the recent JumpCloud cyberattack to North Korean hackers, based on the published IoCs. The post JumpCloud Cyberattack Linked to North Korean Hackers appeared first on SecurityWeek.

20Jul 2023

Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability

Multiple DDoS botnets have been observed targeting CVE-2023-28771, a Zyxel firewall vulnerability patched in April. The post Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability appeared first on SecurityWeek.

20Jul 2023

Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis

While traditional security awareness teaches users how to recognize social engineering, new behavior changing trains the brain on the correct recognition and response to phishing.  The post Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis appeared first on SecurityWeek.

20Jul 2023

New Ransomware With RAT Capabilities Impersonating Sophos

The recently discovered SophosEncrypt ransomware is impersonating the cybersecurity firm Sophos. The post New Ransomware With RAT Capabilities Impersonating Sophos appeared first on SecurityWeek.

20Jul 2023

10 Steps to Help Secure Your APIs

Securing APIs is a noble, though complex journey. Security teams can leverage these 10 steps to help secure their APIs. The post 10 Steps to Help Secure Your APIs appeared first on SecurityWeek.

20Jul 2023

P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers

The Rust-based peer-to-peer worm ‘P2PInfect’ is targeting a Lua sandbox escape vulnerability in internet-accessible Redis servers. The post P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers appeared first on SecurityWeek.

20Jul 2023

5 ways CIOs can help eliminate a culture of busyness

At the turn of the 20th century, economists predicted that living a life of leisure would be the ultimate aspiration for the elite. These same economists suggested that those who were able to take more time off from work would be considered the most successful. Now the inverse seems to be the case. Today, those […]

20Jul 2023

3 technology trends set to revolutionize retail

Few verticals have undergone as massive a change as retail in the last couple of years. Driven by cutthroat competition and significant shifts in customer expectations, retail companies are striving to align themselves with the changing landscape, with IT playing a crucial role in their ability to achieve this. To offer customers a shopping experience […]

20Jul 2023

Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities

Adobe releases a second round of patches for recent ColdFusion vulnerabilities, including flaws that have been exploited in attacks. The post Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities appeared first on SecurityWeek.

20Jul 2023

Famed Hacker Kevin Mitnick Dead at 59

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was KnowBe4 Chief Hacking Officer. The post Famed Hacker Kevin Mitnick Dead at 59 appeared first on SecurityWeek.

19Jul 2023

Bulletproofing your threat surface with the Microsoft security ecosystem

Since Satya Nadella took the helm in 2014, Microsoft has doubled down on its support for non-Microsoft technologies. Its commitment to Linux turned what might have been a Windows Server-based cloud computing backwater into the Microsoft Azure powerhouse, the only public cloud to give the AWS juggernaut a serious run for its money. This “plays […]

19Jul 2023

Lexmark International’s Vishal Gupta on next gen tech leadership

As software and data move to the center of a company’s products and services, the background and skills of the executive leadership team must evolve. When IoT becomes the driver of a new solutions P&L, the general manager of that business will need more technology acumen than general managers of the past. And when software […]

19Jul 2023

Microsoft Bows to Pressure to Free Up Cloud Security Logs

Facing intense pressure after Chinese APT hack, Microsoft plans to expand logging defaults for lower-tier M365 customers. The post Microsoft Bows to Pressure to Free Up Cloud Security Logs appeared first on SecurityWeek.

19Jul 2023

BMC Helix: Huisman Equipment’s secret to a drastically improved HR experience

Nearly a century old, Huisman Equipment B.V. designs, manufactures, and services heavy construction equipment for a wide range of industries, including petroleum, renewable energy, naval fleets, and entertainment. The company has a global reputation for providing high-quality service, cost efficiency, and rapid time to value—all while ensuring compliance with relevant regulations as it delivers its […]

19Jul 2023

Recycling Giant Tomra Takes Systems Offline Following Cyberattack

Norwegian recycling giant Tomra says internal systems have been taken offline to contain an extensive cyberattack. The post Recycling Giant Tomra Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.

19Jul 2023

Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks

Over a dozen vulnerabilities patched by GE in its Cimplicity HMI/SCADA product are reminiscent of ICS attacks conducted by the Russian Sandworm group. The post Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks appeared first on SecurityWeek.

19Jul 2023

Virtual Event Today: 2023 Cloud & Data Security Summit

Register for the Cloud & Data Security Summit to learn how to utilize tools, controls, and design models needed to properly secure cloud environments. The post Virtual Event Today: 2023 Cloud & Data Security Summit appeared first on SecurityWeek.

19Jul 2023

Two Jira Plugin Vulnerabilities in Attacker Crosshairs

Attackers are exploiting two path traversal vulnerabilities in the Stagil navigation for Jira – Menus & Themes plugin. The post Two Jira Plugin Vulnerabilities in Attacker Crosshairs appeared first on SecurityWeek.

19Jul 2023

Oracle Releases 508 New Security Patches With July 2023 CPU

Oracle has released 508 new security patches as part of the July 2023 CPU, including more than 70 that address critical vulnerabilities The post Oracle Releases 508 New Security Patches With July 2023 CPU appeared first on SecurityWeek.

19Jul 2023

Security Awareness Training Isn’t Working – How Can We Improve It?

Security awareness training isn’t working to the level it needs to. Social engineering, however, is getting better. Why doesn’t awareness training work, and how can we improve it? The post Security Awareness Training Isn’t Working – How Can We Improve It? appeared first on SecurityWeek.

19Jul 2023

Dissecting Alstom’s three-part IT strategy

Alstom builds high-speed trains, subways, monorails, and trams, but also develops turnkey systems, services, infrastructure, signaling, and digital mobility. And with a presence in 70 countries and around 74,000 employees, 3,100 of which are in Spain, the French multinational has important weight in the country, where it introduced a high-speed train, the first automatic metro, […]

19Jul 2023

Empowering citizen developers for real business impact

Given the important role of software applications in powering business processes and the shortage of experienced programmers, it should not be surprising that citizen development is on the rise. Citizen developers are business users who build new applications or modify existing ones without needing help from the IT or development functions. While it’s one thing to have […]

19Jul 2023

Exploitation of New Citrix Zero-Day Likely to Increase, Organizations Warned

Citrix has patched several vulnerabilities, including CVE-2023-3519, a critical remote code execution zero-day that has been exploited in attacks. The post Exploitation of New Citrix Zero-Day Likely to Increase, Organizations Warned appeared first on SecurityWeek.

19Jul 2023

Chrome 115 Patches 20 Vulnerabilities

Chrome 115 released with patches for 20 vulnerabilities, including 11 reported by external researchers, who earned thousands of dollars in bug bounties. The post Chrome 115 Patches 20 Vulnerabilities appeared first on SecurityWeek.

18Jul 2023

US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa

The two foreign companies are being sanctioned for “for trafficking in cyber exploits used to gain access to information systems.”  The post US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa appeared first on SecurityWeek.

18Jul 2023

CIOs are bullish on the possibilities for generative AI: report

CIOs are increasing their overall uptake of generative AI, pushing AI from its current role in isolated pockets of the enterprise into more organization-wide uptake and speeding the adoption of the technology across new industries, a new survey found. The survey, published today by MIT Technology Review Insights and sponsored by enterprise data management company […]

18Jul 2023

Is PC-as-a-Service part of your hybrid work strategy?

If someone told you a decade ago that deploying IT services would be more like streaming video content than the traditional procurement and provisioning process, you probably wouldn’t have believed them. Right? Enterprises have been evolving toward as-a-Service models for years, but most of this transition has been executed in software, via SaaS and other […]

18Jul 2023

Microsoft offers Dynamics users fresh incentives to move to the cloud

Microsoft unveiled a new incentive program on Tuesday to help enterprises still running its Dynamics ERP and CRM software on premises to move to the cloud. The Accelerate, Innovate, and Move program (AIM) covers a broad range of on-premises business applications, including Dynamics AX, Dynamics CRM, Dynamics GP, Dynamics NAV, Dynamics SL, and Dynamics 365 […]

18Jul 2023

Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme

Olalekan Jacob Ponle, a Nigerian national living in the UAE, was sentenced to 8 years in a US prison for his role in an $8 million BEC scheme. The post Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme appeared first on SecurityWeek.

18Jul 2023

NSA, CISA Issue Guidance on 5G Network Slicing Security

The NSA and CISA have published guidance on hardening 5G standalone network slices against potential threats. The post NSA, CISA Issue Guidance on 5G Network Slicing Security appeared first on SecurityWeek.

18Jul 2023

Data center investments simplify IT and cloud modernization

HPE Aruba Networking is coming off a very strong Q2 2023 with our Intelligent Edge revenue reaching $1.3 billion, up 50% from the prior-year period.  We have invested in the areas of security and private 5G with two recent acquisitions that expand our edge-to-cloud portfolio to meet the needs of organizations as they increasingly migrate from […]

18Jul 2023

Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware

A threat actor’s real identity was uncovered after they infected their own computer with an information stealer. The post Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware appeared first on SecurityWeek.

18Jul 2023

WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin

Attackers have started exploiting CVE-2023-28121, a recent critical vulnerability in the WooCommerce Payments WordPress plugin. The post WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin appeared first on SecurityWeek.

18Jul 2023

White House Unveils Cybersecurity Labeling Program for Smart Devices

New US cyber program will label smart devices that are considered safer and less vulnerable to attacks. The post White House Unveils Cybersecurity Labeling Program for Smart Devices appeared first on SecurityWeek.

18Jul 2023

Netcraft Raises $100M, Hires New CEO for Global Expansion

The British company secures $100 million in funding and announced the hiring of a new chief executive to pursue global expansion plans. The post Netcraft Raises $100M, Hires New CEO for Global Expansion appeared first on SecurityWeek.

18Jul 2023

Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of UK telecoms firm TalkTalk. In 2019 he was convicted and sentenced to four years in prison.  The post Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat appeared first on SecurityWeek.

18Jul 2023

Hard-earned advice for nurturing high-performing IT teams

We talk a lot in the IT press about maximizing the benefits of software, hardware, and emerging technologies to create business value. What we don’t spend enough time on is discussing how we can maximize the value of our most precious resource: our people. The care and retention of IT staff should be viewed as […]

18Jul 2023

10 most difficult-to-fill IT roles — and how to address the gap

The CIO’s biggest hiring challenge is clear: “There is simply not enough talent to go around,” says Scott duFour, global CIO of business payments company Fleetcor, for whom positions in areas such as AI, cloud architecture, and data science remain the toughest to fill. This enduring talent gap has been a pressing concern for years, says Max Chan, CIO […]

18Jul 2023

Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks

At least two new Adobe ColdFusion vulnerabilities have been exploited in the wild, including one that has not been completely patched by the software giant. The post Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks appeared first on SecurityWeek.

18Jul 2023

A Disturbing Trend in Ransomware Attacks: Legitimate Software Abuse

When discussing ransomware groups, too often the focus is on their names, such as Noberus, Royal or AvosLocker, rather than the tactics, techniques, and procedures (TTPs) used in an attack before ransomware is deployed. For example, the particularly heavy use of legitimate software tools in ransomware attack chains has been notable in recent times. In […]

18Jul 2023

Norway Threatens $100,000 Daily Fine on Meta Over Data

Norway’s data protection agency wants to ban Facebook and Instagram owner Meta from using the personal information of users for targeted advertising, threatening a $100,000 daily fine if the company continues. The post Norway Threatens $100,000 Daily Fine on Meta Over Data appeared first on SecurityWeek.

17Jul 2023

How SAP changed Carl Zeiss AG’s view of optical product manufacturing

It’s 1857 in Jena, Germany, and you want a microscope—but not just any. You’ve set your sights on owning the finest instrument anywhere. And you know where to go. A retail shop has just opened at Johannisplatz square 10 in Jena—home to Carl Zeiss. When Carl Zeiss produced his microscope prototype years earlier, he created a […]

17Jul 2023

Generac powers business transformation with data, AI

Being a company’s first CIO provides room to make your mark, and Generac Power Systems’ Tom Dickson has done just that, moving swiftly to help transform the backup generator manufacturer into an energy technology company.   Dickson, who joined the Wisconsin-based company in 2020, has launched PowerInsights, a homegrown digital platform that employs IoT and […]

17Jul 2023

Embracing Consolidation and Squashing Silos

While silos pose significant dangers to an enterprise’s cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency, incident response capabilities, and risk management. The post Embracing Consolidation and Squashing Silos appeared first on SecurityWeek.

17Jul 2023

How to manage cloud exploitation at the edge

Small- and medium-sized businesses and enterprises have accelerated their move into the cloud since the global pandemic. The Infrastructure-as-a-Service (IaaS) cloud computing model enables remote working, supports digital transformation, provides scale, increases resilience, and can reduce costs. However, this shift requires a thorough understanding of the security implications and how a business can protect its […]

17Jul 2023

Owner of Cybercrime Website BreachForums Pleads Guilty

Conor Brian Fitzpatrick, the owner of the infamous cybercrime website BreachForums, has pleaded guilty in a US court. The post Owner of Cybercrime Website BreachForums Pleads Guilty appeared first on SecurityWeek.

17Jul 2023

CIO playbook: Rebalancing your portfolio in a multicloud world

Financial investors perform a fascinating, yet delicate dance. Consider assets such as stocks. To weather volatile stock markets, investors rebalance their portfolios often, dumping some stocks while picking up others based on trends. Professional investors factor in certain financial targets and risk tolerance as they pursue maximum ROI. IT leaders can relate to this dance. […]

17Jul 2023

Leverage Avaya’s Expertise in AI-driven CX Innovation

In the realm of dynamic enterprise architecture, the potential of AI to drive innovation is increasingly recognized, though still a considerable  undertaking  for many large enterprises, especially those with intricate on-premises environments. Ericsson IndustryLab’s recent study notes that over half of such organizations are still struggling to fully integrate and exploit AI, with projects initiated as many  as 5-7 years […]

17Jul 2023

MOVEit Hack: Number of Impacted Organizations Exceeds 340

The number of entities impacted by the MOVEit hack — either directly or indirectly — reportedly exceeds 340 organizations and 18 million individuals. The post MOVEit Hack: Number of Impacted Organizations Exceeds 340 appeared first on SecurityWeek.

17Jul 2023

JumpCloud Says Sophisticated Nation-State Hackers Targeted Specific Customers

JumpCloud says a sophisticated nation-state threat actor breached its systems, targeting specific customers. The post JumpCloud Says Sophisticated Nation-State Hackers Targeted Specific Customers appeared first on SecurityWeek.

17Jul 2023

Havmor’s VP IT Dhaval Mankad on ‘melting’ hurdles with a scoop of digital innovation

Selling sweet treats to millions of Indians since 1944, India’s beloved ice-cream brand, Havmor (now part of Korean conglomerate LOTTE), has grown beyond its humble beginnings to stupefying heights. While several factors have contributed to its success, it is apparent that without a secure technological backbone, this business would not reach the magnitude that it […]

17Jul 2023

SecurityWeek Analysis: Over 210 Cybersecurity M&A Deals Announced in First Half of 2023

An analysis conducted by SecurityWeek shows that more than 210 cybersecurity-related mergers and acquisitions were announced in the first half of 2022. The post SecurityWeek Analysis: Over 210 Cybersecurity M&A Deals Announced in First Half of 2023 appeared first on SecurityWeek.

17Jul 2023

What the CIO role will look like in 2026

Despite characterizations of the modern CIO as a straight-up business leader and strategist, many CIOs still spend the bulk of their time on technical issues.  Many IT leaders today are focused more on security management as well as improving IT operations and systems performance than they are on top-line and strategic activities such as driving […]

17Jul 2023

Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw

Adobe patches critical code execution vulnerability in ColdFusion for which a proof-of-concept (PoC) blog exists. The post Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw appeared first on SecurityWeek.

14Jul 2023

Top 5 Features your ITSM Solution Should Have

Efficiently managing IT services is crucial for businesses of all sizes to remain competitive and meet user expectations. To guide technology leaders in making informed decisions about IT service management (ITSM) solutions, this article reveals the top five functionalities you need to deliver exceptional service to end-users. Throughout our time matching organizations with IT software […]

14Jul 2023

Industry Reactions to EU-US Data Privacy Framework: Feedback Friday

Feedback Friday: industry professionals comment on the implications of the recently approved EU-US Data Privacy Framework. The post Industry Reactions to EU-US Data Privacy Framework: Feedback Friday appeared first on SecurityWeek.

14Jul 2023

Zluri Raises $20 Million for SaaS Management Platform

SaaS management platform Zluri has raised $20 million in a Series B funding round led by Lightspeed. The post Zluri Raises $20 Million for SaaS Management Platform appeared first on SecurityWeek.

14Jul 2023

In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks

Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 10, 2023. The post In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks appeared first on SecurityWeek.

14Jul 2023

Critical Cisco SD-WAN Vulnerability Leads to Information Leaks

A critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances. The post Critical Cisco SD-WAN Vulnerability Leads to Information Leaks appeared first on SecurityWeek.

14Jul 2023

Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability

Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had exploited a zero-day vulnerability. The post Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability appeared first on SecurityWeek.

14Jul 2023

Secure Code Warrior Raises $50 Million to Help Developers Write Secure Code

Secure Code Warrior has raised $50 million in Series C funding to further empower developers to address code vulnerabilities. The post Secure Code Warrior Raises $50 Million to Help Developers Write Secure Code appeared first on SecurityWeek.

14Jul 2023

Should you build or buy generative AI?

Whether it’s text, images, video or, more likely, a combination of multiple models and services, taking advantage of generative AI is a ‘when, not if’ question for organizations. Since the release of ChatGPT last November, interest in generative AI has skyrocketed. It’s already showing up in the top 20 shadow IT SaaS apps tracked by […]

14Jul 2023

How Avnet accelerates its product design process

As a 2023 CIO100 winner, Avnet Inc., the Arizona-based electronic component distributor, has distinguished itself with groundbreaking projects that leverage established and emerging tech to up productivity and efficiency, and to generally do things differently. Avnet’s Design Hub is one example. According to Max Chan, the company’s CIO, the supply chain and supply chain management […]

14Jul 2023

What is change management? A guide to organizational transformation

What is the main purpose of change management? In modern IT, change management has many different guises. Project managers view change management as the process used to obtain approval for changes to the scope, timeline, or budget of a project. Infrastructure professionals consider change management to be the process for approving, testing, and installing a […]

14Jul 2023

US Publishes Implementation Plan for National Cybersecurity Strategy

The Biden-⁠Harris administration has laid out the plan for implementing the National Cybersecurity Strategy. The post US Publishes Implementation Plan for National Cybersecurity Strategy appeared first on SecurityWeek.

14Jul 2023

Google Researchers Discover In-the-Wild Exploitation of Zimbra Zero-Day

Google researchers have discovered that a Zimbra zero-day vulnerability has been exploited in the wild, with users being advised to manually patch their installations. The post Google Researchers Discover In-the-Wild Exploitation of Zimbra Zero-Day appeared first on SecurityWeek.

13Jul 2023

Why is Salesforce hiking prices, and how does it affect customers?

Salesforce’s decision to raise the price of its software products starting in August can be attributed to a combination of factors, including inflation and pressure to fuel revenue after a pause in price hikes during the pandemic period — issues that are affecting other major technology suppliers, analysts said. “We have seen a general rise […]

13Jul 2023

Sustainable IT: A crisis needing leadership and change

As demand for computing power continues to rise, the environmental impact of technology cannot be ignored. We recently held our annual corporate conference addressing many subjects top of mind with IT leaders and it came as no surprise that a session on sustainability was one of the most attended. As technology innovators, we all must […]

13Jul 2023

API Flaw in QuickBlox Framework Exposed PII of Millions of Users

QuickBlox SDK and API vulnerabilities impact chat and video applications used by industries including telemedicine, smart IoT, and finance. The post API Flaw in QuickBlox Framework Exposed PII of Millions of Users appeared first on SecurityWeek.

13Jul 2023

Cisco Shopping Spree Adds Oort ID Threat Detection Tech

The planned Oort purchase is Cisco’s fourth acquisition of a cybersecurity company in the first half of 2023. The post Cisco Shopping Spree Adds Oort ID Threat Detection Tech appeared first on SecurityWeek.

13Jul 2023

Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations

Cybersecurity company Armis has identified several vulnerabilities in Honeywell ICS products that could expose industrial organizations to attacks. The post Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations appeared first on SecurityWeek.

13Jul 2023

BlackLotus UEFI Bootkit Source Code Leaked on GitHub

The source code for the BlackLotus UEFI bootkit has been leaked on GitHub and an expert has issued a warning over the risks. The post BlackLotus UEFI Bootkit Source Code Leaked on GitHub appeared first on SecurityWeek.

13Jul 2023

Popular WordPress Security Plugin Caught Logging Plaintext Passwords

The All-In-One Security (AIOS) WordPress plugin was found to be writing plaintext passwords to log files. The post Popular WordPress Security Plugin Caught Logging Plaintext Passwords appeared first on SecurityWeek.

13Jul 2023

3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say

A group of congressional Democrats reported that three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at least two years. The post 3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say appeared first on SecurityWeek.

13Jul 2023

Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue

Apple has re-released its Rapid Security Response updates for iOS and macOS after fixing a website access issue caused by the original patches. The post Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue appeared first on SecurityWeek.

13Jul 2023

Juniper Networks Patches High-Severity Vulnerabilities in Junos OS

Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space. The post Juniper Networks Patches High-Severity Vulnerabilities in Junos OS appeared first on SecurityWeek.

13Jul 2023

SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products

SonicWall patches four critical-severity vulnerabilities in its Global Management System (GMS) and Analytics products. The post SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products appeared first on SecurityWeek.

13Jul 2023

What legacy tech teaches IT leaders about projects that last

Modernization and transformation are the IT imperatives of the day. Rationalizing applications, reinventing business processes, capitalizing on the cloud — all point to legacy systems as the dead weight and sunk costs modern day IT organizations must move beyond to reach their digital potential. As an IT professional, I too have at times thought about […]

13Jul 2023

9 tips for recruiting high-end IT talent

Recruiting and hiring high-end IT talent is among the most challenging tasks IT leaders face today. Even amid headlines announcing massive layoffs at tech companies, persuading change-making tech professionals to take up residence at your firm can feel nearly impossible.   “The IT skills shortage is critical, with CIOs losing talented employees faster than they […]

13Jul 2023

APT Exploit Targeting Rockwell Automation Flaws Could Threaten Critical Infrastructure

Two Rockwell Automation product vulnerabilities have been used for a new exploit by an APT group that could use it to target critical infrastructure. The post APT Exploit Targeting Rockwell Automation Flaws Could Threaten Critical Infrastructure appeared first on SecurityWeek.

12Jul 2023

Orca Sues Wiz Over Alleged Cloud Security Patent Violations

Orca Security sues its main rival, claiming patent infringements, intellectual property theft and even marketing copycat behavior. The post Orca Sues Wiz Over Alleged Cloud Security Patent Violations appeared first on SecurityWeek.

12Jul 2023

5 Zero Trust and SASE trends for CISOs to watch

Last week, I attended the annual Gartner® Security and Risk Management Summit. The event gave Chief Information Security Officers (CISOs) and other security professionals the opportunity to share concerns and insights about today’s most pressing issues in cybersecurity and risk management. While every situation is unique, there are two topics our conversations always seemed to […]

12Jul 2023

China-based hackers accessed US federal executive branch emails

Microsoft has disclosed that that a cyberattack by a China-based “nation state actor” managed to access email hosted on Exchange Online and Outlook.com belonging to about 25 organizations, including government agencies. Mitigation of the attack is complete, according to a statement from Microsoft, which blamed a threat actor tracked by the company as Storm-0558. That actor, […]

12Jul 2023

When will AI usher in a new era of manufacturing?

Manufacturing processes are industry dependent, and even within a sector, they often differ from one company to another. However, some things are common to virtually all types of manufacturing: expensive equipment and trained human operators are always required, and both the machinery and the people need to be deployed in an optimal manner to keep […]

12Jul 2023

Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies

Bugcrowd’s Inside the Mind of the Hacker report shows the speed and efficiency of hackers adopting new technologies to assist their hunting The post Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies appeared first on SecurityWeek.

12Jul 2023

Hardcoded Accounts Allow Full Takeover of Technicolor Routers

Multiple hardcoded accounts on the Technicolor TG670 DSL gateway router can be used to completely take over the impacted devices. The post Hardcoded Accounts Allow Full Takeover of Technicolor Routers appeared first on SecurityWeek.

12Jul 2023

Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails

Microsoft says a Chinese cyberespionage group tracked as Storm-0558 has used forged authentication tokens to access government emails. The post Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails appeared first on SecurityWeek.

12Jul 2023

Citrix Patches Critical Vulnerability in Secure Access Client for Ubuntu

Citrix has patched a critical-severity vulnerability in Secure Access client for Ubuntu that could lead to remote code execution (RCE). The post Citrix Patches Critical Vulnerability in Secure Access Client for Ubuntu appeared first on SecurityWeek.

12Jul 2023

CISO Conversations: CISOs of Identity Giants IDEMIA and Ping

CISO Conversations talks to Dennis Kallelis (CSO at Idemia) and Jason Kees (CISO at Ping), two of industry’s identity giants. The idea, as always, is to discuss the role of the modern CISO. The post CISO Conversations: CISOs of Identity Giants IDEMIA and Ping appeared first on SecurityWeek.

12Jul 2023

Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution

Fortinet patches a critical-severity vulnerability in FortiOS and FortiProxy that could lead to remote code execution. The post Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution appeared first on SecurityWeek.

12Jul 2023

MOVEit: Testing the Limits of Supply Chain Security

The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise. The post MOVEit: Testing the Limits of Supply Chain Security appeared first on SecurityWeek.

12Jul 2023

Microsoft Revokes Many Signed Drivers Used by Chinese Cybercriminals

Microsoft has revoked signed drivers used for post-exploitation activity, in many cases by Chinese cybercriminals. The post Microsoft Revokes Many Signed Drivers Used by Chinese Cybercriminals appeared first on SecurityWeek.

12Jul 2023

TIAA’s Sastry Durvasula on advancing AI horizons

The Teachers Insurance and Annuity Association of America (TIAA) has grown over the course of a century into a $40 billion organization with $1.2 trillion in assets under management serving the financial needs of people at more than 15,000 institutions across academia, government, medicine, cultural, and other non-profit organizations. But all that didn’t phase Sastry […]

12Jul 2023

SAP Patches Critical Vulnerability in ECC and S/4HANA Products

SAP on July 2023 Security Patch Day released 16 new security notes, including one addressing a critical vulnerability in ECC and S/4HANA (IS-OIL). The post SAP Patches Critical Vulnerability in ECC and S/4HANA Products appeared first on SecurityWeek.

11Jul 2023

3 principles for regulatory-grade large language model application

In recent years, we have witnessed a tidal wave of progress and excitement around large language models (LLMs) such as ChatGPT and GPT-4. These cutting-edge models can potentially transform industries, especially in regulated sectors like healthcare and life sciences, where they could be used for drug discovery, clinical trial analysis, improved diagnostics, personalized patient care, […]

11Jul 2023

Microsoft Warns of Office Zero-Day Attacks, No Patch Available

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite. The post Microsoft Warns of Office Zero-Day Attacks, No Patch Available appeared first on SecurityWeek.

11Jul 2023

Former Security Engineer Arrested for $9 Million Crypto Exchange Hack

Former security engineer Shakeeb Ahmed has been arrested on charges related to the defrauding of decentralized crypto exchange Crema Finance. The post Former Security Engineer Arrested for $9 Million Crypto Exchange Hack appeared first on SecurityWeek.

11Jul 2023

Apple’s Rapid Security Response Patches Are Breaking Websites

Apple has pulled its latest Rapid Security Response updates for iOS and macOS after users complained that they can no longer access websites. The post Apple’s Rapid Security Response Patches Are Breaking Websites appeared first on SecurityWeek.

11Jul 2023

3 tough decisions for IT leaders to achieve a successful digital transformation

The digital transformation journey for any enterprise is protracted and complex. Technology leaders often underestimate the complications associated with it. For such initiatives to conclude successfully, enterprise technology decision makers must overcome inertia, build momentum, and bring about changes across their large organizations. To bring about enterprise-wide changes, CIOs at times need to take tough […]

11Jul 2023

Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion

Software maker calls special attention to CVE-2023-29300, a deserialization of untrusted data bug with a CVSS severity score of 9.8/10. The post Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion appeared first on SecurityWeek.

11Jul 2023

SaaS Application Security Firm Savvy Exits Stealth Mode With $30 Million in Funding

Savvy emerges from stealth mode with $30 million in funding, on path to secure the use of software-as-a-service (SaaS) applications. The post SaaS Application Security Firm Savvy Exits Stealth Mode With $30 Million in Funding appeared first on SecurityWeek.

11Jul 2023

One weird trick to accelerate your organization’s generative AI strategy

Bryan Kirschner, Vice President, Strategy at DataStax Ignoring the potential of generative AI to increase productivity is a surefire way to fall behind as an individual, a team, and an organization. You should put it to work as an “eager intern” or “autonomous agent” (or both) ASAP. But positioning yourself, your team, and your organization […]

11Jul 2023

New world, new CIO: How emerging realities are shaping the CIO’s job

In a relatively brief time span, technologies like cloud, edge computing, artificial intelligence, and IoT have taken center stage, and new innovative technologies keep emerging. We’re now navigating a technological landscape that’s growing exponentially more complex and rapidly changing, one that increasingly exceeds the ability of human intelligence to keep pace. This landscape is characterized […]

11Jul 2023

ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities

ICS Patch Tuesday: Siemens and Schneider Electric release nine new security advisories and fix 50 vulnerabilities in their industrial products. The post ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities appeared first on SecurityWeek.

11Jul 2023

The power of collaboration: SAP celebrates its innovation award winners

Better together In a time when organizations can seamlessly access the cloud to unearth tools like analytics and artificial intelligence (AI), “collaboration with customers and partners around the globe can drive sustainable, impactful innovation,” Timo Elliott, SAP’s global head of partner digital selling and marketing director, told the audience. Let’s think about the recent past – companies […]

11Jul 2023

Verifying Software Integrity With Sigstore

Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development. The post Verifying Software Integrity With Sigstore appeared first on SecurityWeek.

11Jul 2023

Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare

HCA Healthcare says the personal information of roughly 11 million patients was stolen in a data breach. The post Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare appeared first on SecurityWeek.

11Jul 2023

Russia-Linked RomCom Hackers Targeting NATO Summit Guests

A recent RomCom cyber operation has been targeting NATO Summit guests and other entities supporting Ukraine. The post Russia-Linked RomCom Hackers Targeting NATO Summit Guests appeared first on SecurityWeek.

11Jul 2023

How Investec marries foundational and pioneering tech forces

As CIO of Anglo-South African international banking and wealth management group, Investec, Shabhana Thaver has a multi-purpose approach to tech trends. On the one hand, there are foundational forces, which protect the existing business and include talent, information security and modernization. Then, on the other, there are pioneering forces, which drive business growth and include […]

11Jul 2023

7 IT consultant tricks CIOs should never fall for

Consultants aren’t always held in the highest regard. The 90% who are bad, the old joke goes, ruin it for the rest of us. Knowing the 90%’s tricks of the trade is the canny CIO’s first line of defense. Here are seven of the most pernicious consulting misdeeds you will encounter as an IT leader. […]

10Jul 2023

Apple Ships Urgent iOS Patch for WebKit Zero-Day

Apple rolls out urgent iOS and iPadOS software updates and warned that zero-day exploitation has already been detected. The post Apple Ships Urgent iOS Patch for WebKit Zero-Day appeared first on SecurityWeek.

10Jul 2023

3 examples of organizations improving CX with self-composed AI

Most business leaders don’t need convincing about the power of AI: nearly 60% surveyed last year by Zendesk said they plan to increase their investment by at least 25% this year. The most powerful applications of AI help organizations do more with less without compromising – rather in many cases enhancing – their customer experience, from AI-powered bots that accelerate problem […]

10Jul 2023

Exploit Code Published for Remote Root Flaw in VMware Logging Software

VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. The post Exploit Code Published for Remote Root Flaw in VMware Logging Software appeared first on SecurityWeek.

10Jul 2023

With greater personalisation comes greater security

It can often feel as though trust and authenticity are in short supply these days. As we all know, content is becoming easier to create, manipulate and disseminate. Technology, such as Generative AI, has given marketers the power to create more engaging and uniquely personal offerings. This has reinforced concerns around data privacy and security. […]

10Jul 2023

Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US

The EU signed off on a new agreement over the privacy of people’s personal information that gets pinged across the Atlantic, aiming to ease European concerns about electronic spying by American intelligence agencies. The post Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US appeared first on […]

10Jul 2023

TPG to Acquire Forcepoint’s Government Cybersecurity Business Unit

Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion. The post TPG to Acquire Forcepoint’s Government Cybersecurity Business Unit appeared first on SecurityWeek.

10Jul 2023

Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack

Critical infrastructure services provider Ventia has taken some systems offline following a cyberattack. The post Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack appeared first on SecurityWeek.

10Jul 2023

A Cybersecurity Wish List Ahead of NATO Summit

Assuming NATO can play a greater part in the cybersecurity of its members, possibly through a more formal NATO Cyber Command, the question then becomes ‘what should we hope for?’ The post A Cybersecurity Wish List Ahead of NATO Summit appeared first on SecurityWeek.

10Jul 2023

Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence

Industrial giant Honeywell wants to extend its OT cybersecurity portfolio with the acquisition of Israel-based OT/IoT security firm SCADAfence. The post Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence appeared first on SecurityWeek.

10Jul 2023

PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability

PoC exploit has been published for a recently patched Ubiquiti EdgeRouter vulnerability leading to arbitrary code execution. The post PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability appeared first on SecurityWeek.

10Jul 2023

Edmunds sets stage for AI with data infrastructure consolidation

For a decade, Edmunds, an online resource for automotive inventory and information, has been struggling to consolidate its data infrastructure. Now, with the infrastructure side of its data house in order, the California-based company is envisioning a bold new future with AI and machine learning (ML) at its core. “We’ve solved most of the consolidation […]

10Jul 2023

6 business execs you’ll meet in hell — and how to deal with them

Everyone, at some point in their career, has endured a bad boss or bad business colleague. Someone further up the chain or a lateral colleague who lacks basic interpersonal skills, demands the impossible, flies off the handle at the slightest provocation, or throws you under the bus the moment a project goes south. Aside from […]

10Jul 2023

Critical Vulnerability Can Allow Takeover of Mastodon Servers

A critical vulnerability in the Mastodon social networking platform may allow attackers to take over target servers. The post Critical Vulnerability Can Allow Takeover of Mastodon Servers appeared first on SecurityWeek.

10Jul 2023

US Signal: Sustainability isn’t just a buzzword

Headquartered in Grand Rapids, Michigan, US Signal is the largest privately-held data center services provider in the Midwest. With 8 high-performance data centers strategically located across Illinois, Indiana, Michigan, and Wisconsin, the company offers maximum redundancy and isolation from natural disasters with a full portfolio of cloud services that meet enterprises’ most demanding compute, storage, […]

07Jul 2023

Key skills tech leaders need to secure a board seat

Rona Bunn is CIO for the National Association of Corporate Directors (NACD), where she facilitates digital orchestration and leads information technology, data, and digital experience. A two-time Technology All-Star award recipient from Women of Color in STEM, Bunn previously served as CIO at the US Department of Commerce, International Trade Administration. She currently serves on […]

07Jul 2023

4 tips to improve employee experiences while maintaining security and governance

Improving employee productivity and collaboration is a top business objective, according to the 2023 Foundry Digital Business Study. But delivering these productive employee experiences can be challenging, especially with an increasingly distributed workforce. As more individuals use browser-based apps to get their work done, IT leaders need to provide seamless access to corporate apps and […]

07Jul 2023

After Zero-Day Attacks, MOVEit Turns to Security Service Packs

Facing ransomware zero-days, Progress Software will release regular service packs to help customers mitigate critical security flaws. The post After Zero-Day Attacks, MOVEit Turns to Security Service Packs appeared first on SecurityWeek.

07Jul 2023

Private 5G networks are sparking innovation at the edge

For the enterprise, planning edge strategies and reaping their rewards is often a complex and challenging process, with myriad applications to deploy, a proliferation of hardware devices to manage, multiple data types and sources to integrate, and significant security risks to avoid.  A crucial component to simplifying the edge experience is the network itself. In a recent post, […]

07Jul 2023

Former Contractor Employee Charged for Hacking California Water Treatment Facility

Former contractor employee charged with hacking for accessing the systems of a water treatment facility in California to delete critical software. The post Former Contractor Employee Charged for Hacking California Water Treatment Facility appeared first on SecurityWeek.

07Jul 2023

In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques

Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 3, 2023. The post In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques appeared first on SecurityWeek.

07Jul 2023

Need for Speed Drives Security-as-a-Service

Organizations face new challenges associated with protecting distributed assets against cyberattack in the hybrid IT model that most companies will deploy for the foreseeable future. Threats are emerging at a speed that makes it difficult for internal security practitioners to keep pace. There are zero-day attacks that exploit vulnerabilities before security teams are even aware […]

07Jul 2023

Iranian Cyberspies Target US-Based Think Tank With New macOS Malware

In May 2023, Iran-linked cyberespionage group Charming Kitten targeted a US-based think tank with new macOS malware. The post Iranian Cyberspies Target US-Based Think Tank With New macOS Malware appeared first on SecurityWeek.

07Jul 2023

Security Firm Finds Over 130k Internet-Exposed Photovoltaic Diagnostics Systems

Cyble has discovered more than 130,000 Photovoltaic monitoring and diagnostic solutions exposed to the internet. The post Security Firm Finds Over 130k Internet-Exposed Photovoltaic Diagnostics Systems appeared first on SecurityWeek.

07Jul 2023

OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain

SwSec 5D framework aims to provide a roadmap for secure software development, and its use would help improve security in the software supply chain. The post OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain appeared first on SecurityWeek.

07Jul 2023

Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks

Potentially serious vulnerabilities discovered by researchers in a PiiGAB product could expose industrial organizations to remote hacker attacks. The post Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks appeared first on SecurityWeek.

07Jul 2023

Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers

Two applications hosted on Google Play, with over 1.5 million combined downloads, were caught sending user data to servers in China. The post Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers appeared first on SecurityWeek.

07Jul 2023

13 go-to podcasts that inspire IT industry leaders today

In today’s ever-changing technology landscape, it’s important for IT leaders of every stripe to not only keep abreast of current events and trends affecting the industry, but also know about focus areas and challenges of their upper management peers since the tech function is increasingly viewed as a strategic business partner to the C-suite. One […]

07Jul 2023

ITIL certification guide: Costs, requirements, levels, and paths

The IT Infrastructure Library (ITIL) offers best practices for delivering IT services using a systematic approach to IT service management (ITSM). ITIL certification is near the top of almost every list of must-have IT certifications, and for good reason. As an IT management framework, ITIL can help businesses manage risk, strengthen customer relations, establish cost-effective practices, and […]

06Jul 2023

What is Oracle’s generative AI strategy?

While Microsoft, AWS, Google Cloud, and IBM have already released their generative AI offerings, rival Oracle has so far been largely quiet about its own strategy. Instead of launching a competing offering in a rush, the company is quietly preparing a three-tier approach. “Our tier strategy resembles a three-layer cake and each of these layers […]

06Jul 2023

CISA, FBI Warning: Truebot Hackers Exploiting Netwrix Auditor Flaw

Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada. The post CISA, FBI Warning: Truebot Hackers Exploiting Netwrix Auditor Flaw appeared first on SecurityWeek.

06Jul 2023

Now’s the Time for a Pragmatic Approach to New Technology Adoption

What a cloud migration strategy did for cloud adoption, an automation implementation strategy does for security automation adoption. The post Now’s the Time for a Pragmatic Approach to New Technology Adoption appeared first on SecurityWeek.

06Jul 2023

Hybrid IT is Here to Stay

The hybrid IT architecture is here to stay, according to F5’s 2023 State of Application Strategy Report, and that has profound implications for how enterprises should be thinking about modernizing, deploying, and securing applications. Data collected from more than 1,000 survey respondents indicates that IT leaders have come to realize there is simply no one […]

06Jul 2023

Digital Transformation Delivers Business Benefits

Virtually every organization worth its salt is involved in digital transformation, and those efforts are starting to pay dividends, according to F5’s 2023 State of Application Strategy Report. When respondents to F5’s survey of more than 1,000 IT leaders were asked to list the benefits of digital transformation, IT operational efficiency topped the list (cited […]

06Jul 2023

Cost and Complexity Drive Multicloud Networking

Traditional networking is boring. But multicloud networking is hot, according to the more than 1,000 global IT leaders surveyed for F5’s 2023 State of Application Strategy report. When asked to identify the most exciting technologies of 2023, multicloud networking was cited by 42% of survey respondents. That’s higher than trendy topics like AIOps and edge […]

06Jul 2023

How PwC and SAP are doing right by helping clients unlock ESG value

Achieving environmental, social, and governance (ESG) targets can increase a company’s worth beyond the feel-good. When it’s done right, it can increase company valuation with investors, open windows to subsidies, gain favorable supplier ratings with customers, and make companies attract and retain talent. There is always a complex balance when implementing ESG goals between incentives […]

06Jul 2023

Android Security Updates Patch 3 Exploited Vulnerabilities

Google’s July 2023 security updates for Android patches 43 vulnerabilities, including three exploited in the wild. The post Android Security Updates Patch 3 Exploited Vulnerabilities appeared first on SecurityWeek.

06Jul 2023

JumpCloud Says All API Keys Invalidated to Protect Customers

JumpCloud is responding to an incident that has triggered a reset of all API keys in order to protect customers and their operations. The post JumpCloud Says All API Keys Invalidated to Protect Customers appeared first on SecurityWeek.

06Jul 2023

How traditional and generative AI are transforming Enterprise Service Management

Generative AI is potentially the most transformative new technology since the introduction of the public internet, and it already has many exciting applications within enterprise service management (ESM). AI is known for enabling intelligent chatbots, predictive capabilities in ticket management, and the ability to identify emerging service issues long before they become problems. Generative AI […]

06Jul 2023

Rackspace’s CTO takes a broad view of sustainability

Srini Koushik has been passionate about the environment for 35 years and now, as a board member of the nonprofit SustainableIT.org and CTO of cloud services provider Rackspace Technology, he wants to help enterprises achieve sustainability in the cloud. Two decades ago, as CIO and CTO at Nationwide Insurance, he inspired colleagues to implement what […]

06Jul 2023

Steps tech leaders are taking to meet new accessibility mandates

Leading CIOs are empowering their teams to make the digital estate as accessible as the physical buildings of the business, and they’re right to do so. Major legislation is about to reshape the digital landscape in the US and across Europe, which will mean CIOs must focus their sights on digital accessibility.  “We’ve seen great […]

06Jul 2023

Repsol doubles down on digital transformation

Within the framework of Repsol’s strategic plan for the 2021-2025 period, the company recently released a second wave of its Digitization Program, which consolidates and expands the use of generative AI across the business through a new competence center, and allows innovative and disruptive technologies to simplify daily processes by making more agile decisions based on data. […]

06Jul 2023

Taking the risk out of the semiconductor supply chain

Over the past few years, the tech industry has been feeling the impact of unprecedented disruptions along the semiconductor supply chain. This supply chain—which spans from research and development to manufacturing, to the end use of the tiny chips that enable devices from cars to cell phones—has historically been volatile, easily swinging from surpluses to […]

06Jul 2023

How an enterprise browser can help streamline IT management

IT teams are tasked with providing technology solutions that enhance employee experiences, while also increasing efficiencies in how they deliver and manage those products and services. Hybrid work models have complicated ongoing efforts to achieve these objectives. . Following the hectic sprint to ensure effective remote work and the acceleration of transformation projects, now is […]

06Jul 2023

A powerful enterprise browser can power employee experiences — and productivity

Improving employee productivity and collaboration is this year’s top digital objective among IT leaders, according to Foundry’s 2023 Digital Business study. Given today’s highly distributed workforces and their familiarity with getting work done on the web, it makes sense to personalize browsing experiences to help them more easily accomplish their tasks. A recent study conducted […]

06Jul 2023

How AI is enabling powerful, secure browsing experiences

Artificial intelligence and machine learning are the No. 1 technologies being researched and piloted by IT leaders, according to the 2023 CIO Tech Priorities study. Generative AI is raising the interest level even further as organizations begin testing different use cases for deep-learning models. Many individuals want to use generative AI solutions at and for […]

06Jul 2023

Making intelligent automation work at scale

Organizations can reap a range of benefits from deploying automation tools such as robotic process automation (RPA). But adding artificial intelligence (AI) to the mix is where an even bigger payoff can come. “Organizations have been combining automation and AI technologies for a few years now to improve their business processes,” says Maureen Fleming, program […]

06Jul 2023

Breaking the Mold: Subhamoy Chakraborti Leads the Digital Transformation of News Media

Scarcely is an institution as important to a nation as a competent and impartial media house. ABP Private Limited, headquartered out of Kolkata, India, stands out as an organization that delivers news to millions of Indian citizens through its various platforms. The media conglomerate completed a hundred years in 2022. Subhamoy Chakraborti, Chief Technology Officer […]

06Jul 2023

Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data

Shell confirms that employee personal information has been stolen after the Cl0p ransomware group leaked data allegedly stolen from the energy giant. The post Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data appeared first on SecurityWeek.

06Jul 2023

28,000 Impacted by Data Breach at Pepsi Bottling Ventures

The personal, financial, and health information of over 28,000 individuals stolen in data breach at Pepsi Bottling Ventures. The post 28,000 Impacted by Data Breach at Pepsi Bottling Ventures appeared first on SecurityWeek.

06Jul 2023

Interpol: Key Member of Major Cybercrime Group Arrested in Africa

Law enforcement authorities have arrested a suspected senior member of the French-speaking Opera1er cybercrime group. The post Interpol: Key Member of Major Cybercrime Group Arrested in Africa appeared first on SecurityWeek.

06Jul 2023

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs

A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs. The post StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs appeared first on SecurityWeek.

06Jul 2023

Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic

Cisco says a high-severity vulnerability in Nexus 9000 series switches could allow attackers to intercept and modify encrypted traffic. The post Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic appeared first on SecurityWeek.

05Jul 2023

Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech

Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space. The post Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech appeared first on SecurityWeek.

05Jul 2023

Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack

Japan’s Port of Nagoya this week suspended cargo loading and unloading operations following a ransomware attack. The post Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack appeared first on SecurityWeek.

05Jul 2023

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

An actively exploited vulnerability in the Contec SolarView solar power monitoring product can expose hundreds of energy organizations to attacks. The post Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks appeared first on SecurityWeek.

05Jul 2023

Sweden Orders Four Companies to Stop Using Google Tool

Sweden has ordered four companies to stop using a Google tool that measures and analyses web traffic as doing so transfers personal data to the United States, fining one company the equivalent of more than $1.1 million. The post Sweden Orders Four Companies to Stop Using Google Tool appeared first on SecurityWeek.

05Jul 2023

Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities

Mozilla has released Firefox 115 to the stable channel with patches for two high-severity use-after-free vulnerabilities. The post Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities appeared first on SecurityWeek.

05Jul 2023

Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks

Ransomware gangs are targeting schools, stealing confidential documents and then dumping them online. The post Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks appeared first on SecurityWeek.

05Jul 2023

Cybersecurity M&A Roundup: 23 Deals Announced in June 2023

Twenty-three cybersecurity-related merger and acquisition (M&A) deals were announced in June 2023. The post Cybersecurity M&A Roundup: 23 Deals Announced in June 2023 appeared first on SecurityWeek.

05Jul 2023

EU Court Deals Blow to Meta in German Data Case

Facebook, Instagram and WhatsApp may need to overhaul how they collect the data of users in Europe after the top EU court ruled against Meta. The post EU Court Deals Blow to Meta in German Data Case appeared first on SecurityWeek.

04Jul 2023

5 key mistakes IT leaders make at board meetings

It’s not uncommon for CIOs, CISOs, and sometimes their direct reports to be called on to participate in board meetings or to present IT strategies and plans to their boards of directors. If you don’t join board meetings often, preparation is paramount, starting with learning about the directors’ backgrounds and reviewing minutes from previous meetings. […]

04Jul 2023

11 tips for crafting highly effective job descriptions

Writing job descriptions for open positions might feel like a chore to pass off to someone with less on their plate, or something to shortcut by dusting off copy from the last time you hired for this role, but an on-target job description is a vital step in landing talent — especially in tight markets. […]

03Jul 2023

Sitecore enhances Experience Manager (XM) Cloud Platform with generative AI, component capabilities

In just a matter of months, generative AI (GAI) has upended many job roles. And perhaps no role has been more immediately affected than that of the marketer. ChatGPT, arguably the best-known GAI platform, was introduced in November 2022. By March, a survey had found that three-quarters (74%) of U.S. marketers were already investing in […]

03Jul 2023

VMware, Other Tech Giants Announce Push for Confidential Computing Standards

VMware partners with tech giants to accelerate the development of confidential computing applications. The post VMware, Other Tech Giants Announce Push for Confidential Computing Standards appeared first on SecurityWeek.

03Jul 2023

Apple, Civil Liberty Groups Condemn UK Online Safety Bill

Fears mount that UK Online Safety Bill may include a requirement for an encrypted message scanning capability. The post Apple, Civil Liberty Groups Condemn UK Online Safety Bill appeared first on SecurityWeek.

03Jul 2023

How CareSource IT is addressing data interoperability challenges in healthcare

One key challenge facing the healthcare industry today is the inability to easily access and share electronic medical information between healthcare providers, clinicians, and patients. This is a significant problem because sharing data between clinical systems and providing patients with easy access to their information enables them to make better-informed decisions and, subsequently, supports improving […]

03Jul 2023

It’s a new dawn of AI-powered knowledge management

For the last 30 years, the dream of being able to collect, manage and make use of the collected knowledge assets of an organization has never been truly realized. Systems for sharing information assets across the enterprise have evolved in their sophistication but haven’t been able to take it to the next level by effectively […]

03Jul 2023

4 key roles that define transformational IT leaders today

In a world where nothing stays the same, the CIO role has evolved and changed — mainly for the better — as CIOs have gained greater visibility and importance. They are increasingly included in board-level discussions on cybersecurity and tech investments for organizational initiatives and are influencing decisions related to planning, strategy, implementation, and operations. […]

02Jul 2023

Democratizing data to fuel data-driven business decisions

To compete—and win—in today’s fast-paced, digital-first world, organizations must be able to collect, understand, and leverage data. Organizations that have higher confidence in their data based on a full picture of the organization’s data landscape can make decisions that will ultimately drive better business outcomes. But for too long, the ability to read, interpret, and […]

02Jul 2023

What’s the state of Zero Trust security?

Zero Trust adoption is accelerating, with over half of organizations reporting they have adopted Zero Trust Security, according to research independently conducted by leading security research firm Ponemon Institute, sponsored by Hewlett Packard Enterprise. In the report, The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, 51% of organizations […]

02Jul 2023

7 best practices for building a single-vendor SASE solution

Over the past three or four years, the industry has been abuzz with the concept of delivering converged security and networking features via the cloud. Secure Access Service Edge combines networking solutions like SD-WAN with cloud-delivered security like firewall as a service (FWaaS), cloud access security broker(CASB), and secure web gateway (SWG). But even with all the hype, most considered SASE as something […]

02Jul 2023

Taking IT outsourcing to the next level

With businesses increasingly dependent on service providers to reduce costs, improve quality, and drive innovation, traditional contracts don’t work. In fact, they often undermine the partner-like relationships and trust needed to cope with external uncertainty. A better approach is to use what leading academics call a “formal relational contract.” Why transactional contracts are a thing […]

02Jul 2023

8 problematic IT team members — and how to deal with them

Problematic employees appear in every industry, but managing employees in the IT field comes with a specific set of challenges.  Lack of engagement in IT work environments translates to employees who miss deadlines, put off coworkers, or otherwise cause friction with their colleagues. A recent Gallup report showed that unengaged employees lead to a range […]

02Jul 2023

Back to basics: Keys to taking a pragmatic approach to observability

In the world of IT operations, “observability” is a concept that’s been around for some time. Having been in IT operations for more than 30 years, I can say that, even before anyone called it “observability,” we were in effect examining ways to achieve the same ends. While definitions can vary, in essence, observability is […]

02Jul 2023

3 things that make a CIO-CFO dream team

“There are plenty of good CIOs and plenty of good CFOs,” says Jim McGittigan, Research VP in the CIO Research group of Gartner. “Part of what makes them good is they understand one another. When they work well together, it has a huge impact on the effectiveness of the organization.” CIOs and CFOs who have […]

02Jul 2023

What is OKR? A goal-setting framework for thinking big

OKR is a goal-setting framework that helps organizations define objectives and then track outcomes in days instead of months. OKR has been around since the 1970s, and the concept was created by Andy Grove, but popularized by John Doerr, one of the earliest investors in Google. OKR quickly became an important focus for Google, and companies […]

02Jul 2023

How data teams move from offense to defense in 2023

It’s well acknowledged that data, when used correctly, has the potential to be a strategic growth asset driving innovation – and with the recent developments in large language models (LLM) for AI, data is really having its day in the sun. To win the game, you need a modern, future-proof business plan. And we’ll let […]

02Jul 2023

Data analytics in the cloud: understand the hidden costs

Luke Roquet recently spoke to a customer who recounted the shock of getting a $700,000 bill for a single data science workload running in the cloud. When Roquet, who is senior vice president of product marketing at Cloudera, related the story to another customer, he learned that that company had received a $400,000 tab for […]

01Jul 2023

Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials

Cait Conley will coordinate with federal, state and local officials responsible for ensuring elections are secure ahead of the 2024 presidential election. The post Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials appeared first on SecurityWeek.