IFS acquires Falkonry to offer AI-based enterprise asset management services
Enterprise resource planning (ERP) software vendor IFS has agreed to acquire Falkonry, the developer of an AI-based time-series data analytics tool, to boost its enterprise asset management (EAM) services portfolio. IFS has an eye on the growing number of connected machines in factories, and will add Falkonry’s self-learning Time Series AI Suite, which can help […]
How prioritizing training and mentorship retains talent
Attracting and retaining top tech talent is a challenge for most companies. It takes more than good benefits and pay to retain talent: A LinkedIn study found that companies have a nearly 7% higher retention rate at the 3-year mark with employees who have learned skills on the job. At Discover®, on-the-job training and mentorship […]
Busting 4 common SD-WAN misconceptions
When organizations began to fully embrace both the work-from-anywhere (WFA) user model and multi-cloud strategies, IT leadership quickly realized that traditional networks lack the flexibility needed to support modern digital transformation initiatives. Legacy network shortcomings led to the rapid growth of software-defined wide area networking (SD-WAN). This next-generation technology enables a more agile network and provides high-performance access to […]
Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities
Small electric utilities in the US offered $9 million as part of a competition whose goal is to help them boost their cybersecurity posture. The post Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities appeared first on SecurityWeek.
Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks
A vulnerability in the All-in-One WP Migration plugin’s extensions exposes WordPress websites to attacks leading to sensitive information disclosure. The post Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks appeared first on SecurityWeek.
Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices
Five Eyes report details ‘Infamous Chisel’ malware used by Russian state-sponsored hackers to target the Ukrainian military’s Android devices. The post Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices appeared first on SecurityWeek.
Apple Preparing iPhone 14 Pro Phones for 2024 Security Research Device Program
Apple is inviting security researchers to apply for the 2024 iPhone Security Research Device Program (SRDP) to receive hackable iPhones. The post Apple Preparing iPhone 14 Pro Phones for 2024 Security Research Device Program appeared first on SecurityWeek.
PenFed to bank on gen AI for hyper-personalization
Pentagon Credit Union (PenFed), the second-largest credit union in the US, is looking to generative AI to transform how it interacts with its customers. Its vision? To create a new, cost-effective channel that helps meet members needs — and learns as it does so, to the benefit of members and the credit union itself. “What’s […]
Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence
Splunk has released patches for multiple high-severity vulnerabilities impacting Splunk Enterprise and IT Service Intelligence. The post Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence appeared first on SecurityWeek.
Giant Eagle CIO Kirk Ball’s recipe for digital transformation success
CIO Kirk Ball is known for being a strategic executive capable of driving innovative thinking across the organization. Over the course of his career, the Giant Eagle EVP and CIO has held senior technology roles across a range of industries, including C-level positions at The Christ Hospital Health Network and The Kroger Co. Ball embodies […]
Boeing CIO Susan Doniz leads with curiosity and empathy
Susan Doniz always knew she wanted to be in a “very people-oriented” career. Initially drawn to medicine, Doniz found that in IT, starting with a 17-year stint working her way up the technology ranks at Procter & Gamble before becoming group CIO of Qantas Airways and later joining Boeing, where she currently serves as CIO, […]
Lawsuit Accuses University of Minnesota of Not Doing Enough to Prevent Data Breach
A lawsuit filed on behalf of a former student and former employee at the University of Minnesota accuses the university of not doing enough to protect personal information from a recent data breach. The post Lawsuit Accuses University of Minnesota of Not Doing Enough to Prevent Data Breach appeared first on SecurityWeek.
Dangling DNS Used to Hijack Subdomains of Major Organizations
Dangling DNS records were abused by researchers to hijack subdomains belonging to major organizations, warning that thousands of entities are impacted. The post Dangling DNS Used to Hijack Subdomains of Major Organizations appeared first on SecurityWeek.
500k Impacted by Data Breach at Fashion Retailer Forever 21
Fashion retailer Forever 21 says that the personal information of more than 500,000 individuals was compromised in a data breach. The post 500k Impacted by Data Breach at Fashion Retailer Forever 21 appeared first on SecurityWeek.
CIOs are worried about the informal rise of generative AI in the enterprise
In my previous column in May, when I wrote about generative AI uses and the cybersecurity risks they could pose, CISOs noted that their organizations hadn’t deployed many (if any) generative AI-based solutions at scale. What a difference a few months makes. Now, generative AI use has infiltrated the enterprise with tools and platforms like […]
What motivated Ericsson’s big push into the cloud
When Mats Hultin, pictured, took over as group CIO at Ericsson four years ago, the company decided to review its large outsourcing contract. At the same time, the cloud team, led by cloud service VP Johan Sporre Lennberg, stressed for modernization and a clear cloud strategy going forward. “We chose to combine the selection of new […]
‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors
Earth Estries, a cyberspy group possibly linked to China, has targeted governments and tech firms in the US, Germany, South Africa and Asia. The post ‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors appeared first on SecurityWeek.
Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs
Roughly 78% of the healthcare organizations in North America, South America, the APAC region, and Europe experienced a cyberattack over the past year, according to a new report. The post Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs appeared first on SecurityWeek.
Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication
Four recent vulnerabilities in the J-Web component of Junos OS have started being chained in malicious attacks after PoC exploit code was published. The post Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication appeared first on SecurityWeek.
DreamBus Botnet Exploiting RocketMQ Vulnerability to Delivery Cryptocurrency Miner
The DreamBus botnet has resurfaced and it has been exploiting a recently patched Apache RocketMQ vulnerability to deliver a Monero miner. The post DreamBus Botnet Exploiting RocketMQ Vulnerability to Delivery Cryptocurrency Miner appeared first on SecurityWeek.
How Quantum Computing Will Impact Cybersecurity
While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works. The post How Quantum Computing Will Impact Cybersecurity appeared first on SecurityWeek.
BGP Flaw Can Be Exploited for Prolonged Internet Outages
Serious flaw affecting major BGP implementations can be exploited to cause prolonged internet outages, but several vendors have not patched it. The post BGP Flaw Can Be Exploited for Prolonged Internet Outages appeared first on SecurityWeek.
GitHub Enterprise Server Gets New Security Capabilities
GitHub Enterprise Server 3.10 released with additional security capabilities, including support for custom deployment rules. The post GitHub Enterprise Server Gets New Security Capabilities appeared first on SecurityWeek.
The portfolio approach to digital transformation: 4 keys to success
Corporate projects are classically evaluated on standard matrices such as return on investment (ROI), break-even period, and capital invested. But as organizations look to quickly leverage the power of emerging digital technologies for business growth, such an approach is falling short on expectations. “Digital initiatives are innovative and although it’s fair to have an anticipation […]
Fianu Labs Emerges From Stealth With $2 Million in Seed Funding
Fianu Labs has emerged from stealth mode with a software governance automation solution and $2 million in seed funding. The post Fianu Labs Emerges From Stealth With $2 Million in Seed Funding appeared first on SecurityWeek.
High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome
Mozilla and Google have released stable updates for the Firefox and Chrome browsers to address several memory corruption vulnerabilities. The post High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome appeared first on SecurityWeek.
Operation ‘Duck Hunt’: Qakbot Malware Disrupted, $8.6 Million in Cryptocurrency Seized
U.S. law enforcement announce the disruption of the notorious Qakbot cybercrime operation and the release of an auto-disinfection tool to 700,000 infected machines. The post Operation ‘Duck Hunt’: Qakbot Malware Disrupted, $8.6 Million in Cryptocurrency Seized appeared first on SecurityWeek.
If you’re still focusing on capacity planning, maybe you’re doing VSM wrong
In recent years, Value Stream Management has gained significant popularity among large organizations who are looking for a better way to align business and delivery, and for ways to optimize the end-to-end flow of value. As these organizations embark on their Value Stream Management transformation, they inevitably face a range of challenges, from organizational to […]
VMware Patches Major Security Flaws in Network Monitoring Product
VWware patches critical flaws that allow hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The post VMware Patches Major Security Flaws in Network Monitoring Product appeared first on SecurityWeek.
New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia
The newly identified MMRat Android trojan has been targeting users in Southeast Asia to remotely control devices and perform bank fraud. The post New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia appeared first on SecurityWeek.
TeraSky—Providing award-winning infrastructure modernization solutions with VMware
TeraSky’s customer dedication earns them 7th VMware Award in 5 years in the 2023 VMware Partner Achievement Awards Many businesses continue to face challenges as they look to digitally transform how they operate and serve customers. With on-premises systems and private clouds often relying on outdated—or soon-to-be-outdated tools—companies need more agile, future-proof solutions. For TeraSky, helping […]
OpenAI Turns to Security to Sell ChatGPT Enterprise
A corporate edition of ChatGPT promises “enterprise-grade security” and a commitment not to use prompts and company data to train AI models. The post OpenAI Turns to Security to Sell ChatGPT Enterprise appeared first on SecurityWeek.
Accelerate change with Value Stream Management
Interest in Value Stream Management (VSM) has never been higher – and for good reason. VSM is very much driven by digital transformation. Whether it’s a very strategic, top-down transformation initiative, a bottom-up effort to scale a successful pilot, or something in between – every organization is recognizing the need to change the way they […]
IBM – Putting technology to work in the real world
IBM is an iconic American technology brand. Since the earliest days of the computer industry—from the development of mainframes through the advent of disk drives—into the 21st century and the emergence of the metaverse, IBM has been at the forefront of innovation. Hear from IBM on the unique solutions that allow customers to take advantage of the […]
Did Microsoft Just Upend the Enterprise Browser Market?
NEWS ANALYSIS: Redmond plants its feet firmly in the enterprise browser space, sending major ripples through Silicon Valley’s bustling venture-backed startup ecosystem. The post Did Microsoft Just Upend the Enterprise Browser Market? appeared first on SecurityWeek.
The Reality of Cyberinsurance in 2023
If an organization decides to include cyberinsurance within its total cyber risk management posture, that cyberinsurance must be fully integrated with the organization’s cybersecurity posture. The post The Reality of Cyberinsurance in 2023 appeared first on SecurityWeek.
BMC Helix: Leading the charge in Generative AI-driven enterprise service management
Generative AI is likely the most heavily hyped technology innovation since the World Wide Web during the dot-com boom of the late 1990s. And while many companies oversold the internet’s capabilities—at least, at the time—it has undoubtedly transformed enterprise technology and modern life over the past two decades. Generative AI seems to be following the […]
Meta Fights Sprawling Chinese ‘Spamouflage’ Operation
Meta has purged thousands of Facebook accounts that were part of a widespread online Chinese spam operation trying to covertly boost China and criticize the West. The post Meta Fights Sprawling Chinese ‘Spamouflage’ Operation appeared first on SecurityWeek.
Chinese APT Was Prepared for Remediation Efforts in Barracuda ESG Zero-Day Attack
Chinese threat actor exploiting Barracuda ESG appliances deployed persistence mechanisms in preparation for remediation efforts. The post Chinese APT Was Prepared for Remediation Efforts in Barracuda ESG Zero-Day Attack appeared first on SecurityWeek.
UN Warns Hundreds of Thousands in Southeast Asia Roped Into Online Scams
A new report sheds light on cybercrime scams that have become a major issue in Asia, with many workers trapped in virtual slavery. The post UN Warns Hundreds of Thousands in Southeast Asia Roped Into Online Scams appeared first on SecurityWeek.
Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win
Just as a professional football team needs coordination, strategy and adaptability to secure a win on the field, a well-rounded cybersecurity strategy must address specific challenges and threats. The post Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win appeared first on SecurityWeek.
Personal, Health Information of 1.2 Million Stolen in PurFoods Ransomware Attack
PurFoods says the personal and protected health information of over 1.2 million individuals was stolen in a February 2023 ransomware attack. The post Personal, Health Information of 1.2 Million Stolen in PurFoods Ransomware Attack appeared first on SecurityWeek.
Your AI journey: Destined for the ditch?
Every organization is on an AI journey. Some don’t know they are. Others don’t want to leave home. Very few have a map or a mutually agreed upon destination. And only a tiny fraction have the appropriate shoes. That’s the current state of AI at Global 2000 enterprises, whose behavior set thus far in the […]
6 trends fueling the rise of self-service IT
Self-service IT solutions have cemented their place in the enterprise as a means for enabling employees to resolve IT issues on their own rather than contacting an IT representative. Yet as self-service technology advances and matures, many IT leaders are discovering that the concept is capable of evolving into something far more flexible and powerful […]
Telefonica is working to help enterprises decarbonize their operations
Telefonica is setting ambitious targets in areas like renewable electricity usage to hit objectives which will both help the planet and increase efficiency. In doing so, the company is enabling its customers to reduce their emissions as the world steps up its efforts to combat climate change. Daniel Ribaya González, director of cloud products and […]
Discovery Holdings explores the opportunities of multi-cloud without the complexity
Developing new products and services that will “wow” customers is a full-time commitment—especially in a fast-paced digital world. Companies providing financial services are under constant pressure from the threat of agile fintechs and ever-changing customer expectations. To stay ahead, they need to offer value, self-service and apps that engage and inspire customers. Building best-in-class cloud […]
Equinix goes partner prospecting with AI
Multinational data infrastructure company Equinix has been capitalizing on machine learning (ML) since 2018, thanks to an initiative that uses ML probabilistic modeling to predict prospective customers’ likelihood of buying Equinix offerings — a program that has contributed millions of dollars in revenue since its inception. But as the company evolved since the launch of […]
Digital mining for sustainability in a low-carbon economy
Since the Paris Agreement was signed in 2015, businesses have been taking part to contribute in pursuing net zero and achieve emission reduction targets. For Petrosea — a multi-disciplinary mining, infrastructure, and oil and gas services company in Indonesia — attention shifted to pursuing more sustainable operations with lower carbon emissions. A complex undertaking for mining concerns […]
P&G enlists IoT, predictive analytics to perfect Pampers diapers
If there are everyday items you want to be failsafe, diapers are surely among them. That’s why The Procter & Gamble Co. goes to great lengths to ensure the fidelity of its Pampers products. But when tossing away thousands of diapers damaged during the manufacturing process becomes an everyday occurrence, something has to be done […]
How a unified approach to support and services can improve IT outcomes
Enterprise applications are changing at a more rapid pace than ever. The result is that many enterprises have hybrid-driven, multivendor IT environments. This creates a challenge for the IT organization — how to effectively operate, manage, and support an increasingly complex technology portfolio. CIOs need a technology support model that is agile and responsive, yet […]
Acquisition Chatter Swirls Around SentinelOne, BlackBerry
Cybersecurity vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter with a surprise suitor emerging. The post Acquisition Chatter Swirls Around SentinelOne, BlackBerry appeared first on SecurityWeek.
Signs of Malware Attack Targeting Rust Developers Found on Crates.io
The Crates.io Rust package registry was targeted in preparation of a malware attack aimed at developers, according to Phylum. The post Signs of Malware Attack Targeting Rust Developers Found on Crates.io appeared first on SecurityWeek.
10 Million Likely Impacted by Data Breach at French Unemployment Agency
The personal information of roughly 10 million individuals might have been compromised in a data breach at French unemployment agency Pole Emploi. The post 10 Million Likely Impacted by Data Breach at French Unemployment Agency appeared first on SecurityWeek.
Two Men Arrested Following Poland Railway Hacking
Polish police have arrested two men suspected of illegally hacking into the national railway’s communications network, causing disruption to 20 trains. The post Two Men Arrested Following Poland Railway Hacking appeared first on SecurityWeek.
3 Malware Loaders Detected in 80% of Attacks: Security Firm
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incidents. The post 3 Malware Loaders Detected in 80% of Attacks: Security Firm appeared first on SecurityWeek.
Leaseweb Reports Cloud Disruptions Due to Cyberattack
Dutch cloud company Leaseweb shut down some critical systems last week due to a cyberattack. The post Leaseweb Reports Cloud Disruptions Due to Cyberattack appeared first on SecurityWeek.
Agile project management: Principles, benefits, tools, tips, and when to make the switch
Agile project management definition Agile project management is a methodology used primarily in software development that favors flexibility and collaboration, incorporating customer feedback throughout the project life cycle. The methodology takes an iterative approach to development, breaking down work into small, manageable cycles called “sprints” to focus on continuous improvement in the development of a […]
2023 CIO Hall of Fame inductees on building a successful IT leadership career
Each executive has a unique career path that brought him or her to the C-suite. That’s as true for CIOs as any other enterprise leader. Yet the leading tech execs who make up CIO’s 2023 CIO Hall of Fame share many of the same attributes, attitudes, and ambitions. Moreover, they agree that those characteristics as […]
Ohio History Organization Says Personal Information Stolen in Ransomware Attack
Personal information stolen in ransomware attack at Ohio History Connection posted online after organization refuses to pay ransom. The post Ohio History Organization Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack
Three bankrupt cryptocurrency companies — FTX, BlockFi and Genesis — suffered data breaches following a SIM swapping attack at Kroll. The post 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack appeared first on SecurityWeek.
The four Es of AI: Keeping up with the trend that never sleeps
AI never sleeps. With every new claim that AI will be the biggest technological breakthrough since the internet, CIOs feel the pressure mount. For every new headline, they face a dozen new questions. Some are basic: What is generative AI? Others are more consequential: How do we diffuse AI through every dimension of our business? […]
Dear SAP Support – We’ve Grown Apart
Dear SAP Support, I don’t think we should see each other anymore. It’s not you; it’s me. No … wait … it’s mostly you. Our relationship started as expected, but we’ve grown apart. We now want different things. You aren’t who you were You’ve changed. It used to be that my annual maintenance fee got […]
In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 21, 2023. The post In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures appeared first on SecurityWeek.
Health check on Tech: CK Birla Hospitals CIO Mitali Biswas on moving the needle towards innovation
A robust healthcare sector is testament to a nation’s commitment to the well-being of its citizens. Over the past few years, the industry grappled with formidable challenges as the COVID-19 pandemic wreaked havoc on both human lives and the healthcare system. However, some leaders embraced the challenge, skillfully navigating the tribulations of healthcare. They emerged […]
North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw
North Korea-linked Lazarus Group exploited a ManageEngine vulnerability to compromise an internet backbone infrastructure provider. The post North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw appeared first on SecurityWeek.
Europe is Cracking Down on Big Tech. This Is What Will Change When You Sign On
The Digital Services Act aims to protect European users when it comes to privacy, transparency and removal of harmful or illegal content. The post Europe is Cracking Down on Big Tech. This Is What Will Change When You Sign On appeared first on SecurityWeek.
Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies
Congresswoman Nancy Mace has introduced a bill that would require federal contractors to have a Vulnerability Disclosure Policy (VDP). The post Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies appeared first on SecurityWeek.
Cypago Raises $13 Million for GRC Automation Platform
Israeli startup Cypago raises $13 million in funding and launches a governance, risk management and compliance (GRC) automation platform. The post Cypago Raises $13 Million for GRC Automation Platform appeared first on SecurityWeek.
Google Workspace Introduces New AI-Powered Security Controls
Google has announced new AI-powered zero trust, digital sovereignty, and threat defense controls for Workspace customers. The post Google Workspace Introduces New AI-Powered Security Controls appeared first on SecurityWeek.
Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack
Nearly 1,000 organizations and 60 million individuals are impacted by the MOVEit hack, and the Cl0p ransomware gang is leaking stolen data. The post Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack appeared first on SecurityWeek.
Chinese-backed APT ‘Flax Typhoon’ Hacks Taiwan with Minimal Malware Footprint
Microsoft warns that Chinese spies are hacking into Taiwanese organizations with minimal use of malware and by abusing legitimate software. The post Chinese-backed APT ‘Flax Typhoon’ Hacks Taiwan with Minimal Malware Footprint appeared first on SecurityWeek.
Regulatory uncertainty overshadows gen AI despite pace of adoption
While AI has steadily worked its way into the enterprise and business vernacular over many years, gen AI has not only become an abrupt and immediate force unto itself, but also an overarching AI accelerant. Not without warning signs, however. Gen AI has the potential to magnify existing risks around data privacy laws that govern […]
University of Minnesota Confirms Data Breach, Says Ransomware Not Involved
University of Minnesota confirms data was stolen from its systems, says no malware infection or file encryption has been identified. The post University of Minnesota Confirms Data Breach, Says Ransomware Not Involved appeared first on SecurityWeek.
Financial IT leaders prep for a quantum-fueled future
If there’s an industry steeped in computations, it’s the financial services sector. Optimization problems, for which a whole chorus of variables must be fine-tuned and modulated, routinely plague financial firms, especially when it comes to highly engineered financial products such as those developed through quantitative analysis. That need for complex mathematical modeling at scale makes […]
Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device
Mysterious Whiffy Recon malware scans for nearby Wi-Fi access points to obtain the location of the infected device. The post Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device appeared first on SecurityWeek.
Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks
Cisco has released patches for three high-severity vulnerabilities in NX-OS and FXOS software that could lead to denial-of-service (DoS) conditions. The post Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks appeared first on SecurityWeek.
FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective
The FBI says that the patches Barracuda released in May for an exploited ESG zero-day vulnerability (CVE-2023-2868) were not effective. The post FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective appeared first on SecurityWeek.
Generative AI is electrifying. Charge ahead or get shocked.
By Chet Kapoor, Chairman & CEO of DataStax The energy around AI is nothing short of electrifying. It’s not just a buzzword or part of a science fiction storyline. It’s our new reality and will be the most important and disruptive innovation of our lifetime. The market and opportunity ahead are massive. A large majority […]
Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks
Rockwell Automation ThinManager ThinServer vulnerabilities could allow remote attackers to take control of servers and hack HMIs. The post Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks appeared first on SecurityWeek.
UK Court Concludes Teenager Behind Huge Hacking Campaign
A UK court has found a teenager responsible for a hacking campaign that included one of the biggest breaches in the history of the video game industry. The post UK Court Concludes Teenager Behind Huge Hacking Campaign appeared first on SecurityWeek.
Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack
Danish cloud hosting provider CloudNordic says most customers lost all data after ransomware shut down all its systems and servers. The post Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack appeared first on SecurityWeek.
Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day
A financially motivated cybercrime group has exploited a WinRAR zero-day to deliver malware to traders and steal their money. The post Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day appeared first on SecurityWeek.
Digital Identity Protection Firm SpyCloud Raises $110 Million
Account takeover and fraud protection firm SpyCloud has raised $110 million in a growth funding round led by Riverwood Capital. The post Digital Identity Protection Firm SpyCloud Raises $110 Million appeared first on SecurityWeek.
CIO Anurag Gupta on taking the private equity plunge
Of all the trade-off decisions you may have to make as an IT executive, few stand to alter the course of your career as dramatically as that of whether to serve a firm owned by private equity (or “PE”). On the one hand, such firms (often referred to as portfolio companies, or “PortCos”), can excite […]
AIOps for successful IoT projects
It’s interesting how the number of projected IoT devices being connected in 2023 can differ by 26 billion from article to article. What it tells me is that no one really knows because new devices are being introduced on a daily basis and it’s hard to keep track. I can’t imagine being an IT administrator […]
Data soup and the art of finding relevance: Why AIOps isn’t enough for modern network monitoring
“Plastic soup” is one term that’s been used to describe the pollution that’s plaguing our oceans. The phrase was coined by Captain Charles Moore in 1997. Moore came across massive amounts of plastic floating in the middle of the ocean and his accounts of this experience helped raise awareness of the scope and severity of […]
Thoma Bravo Merges ForgeRock with Ping Identity
The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market. The post Thoma Bravo Merges ForgeRock with Ping Identity appeared first on SecurityWeek.
Cybersecurity Companies Report Surge in Ransomware Attacks
Cybersecurity companies have released a dozen ransomware reports in recent weeks and most of them show a surge in attacks. The post Cybersecurity Companies Report Surge in Ransomware Attacks appeared first on SecurityWeek.
FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers
The FBI has published information on six crypto wallets in which North Korean hackers moved roughly 1,580 Bitcoin from various heists. The post FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers appeared first on SecurityWeek.
Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick?
As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically. The post Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick? appeared first on SecurityWeek.
3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability
More than 3,000 Openfire servers are not patched against a recent vulnerability and are exposed to attacks employing a new exploit. The post 3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability appeared first on SecurityWeek.
The End of “Groundhog Day” for the Security in the Boardroom Discussion?
As the SEC cyber incident disclosure rules come into effect, organizations will be forced to seriously consider giving security leaders a seat at the table. The post The End of “Groundhog Day” for the Security in the Boardroom Discussion? appeared first on SecurityWeek.
US Government Publishes Guidance on Migrating to Post-Quantum Cryptography
CISA, NSA, and NIST urge organizations to create quantum-readiness roadmaps and prepare for post-quantum cryptography migration. The post US Government Publishes Guidance on Migrating to Post-Quantum Cryptography appeared first on SecurityWeek.
Google opens second cloud region in Germany
Google has opened a second cloud region in Germany as part of its plan to invest $1.85 billion in German digital infrastructure by 2030. Dubbed the Berlin-Brandenburg region, the new data center will be operational alongside the Frankfurt region and will offer services such as the Google Compute Engine, Google Kubernetes Engine, Cloud Storage, Persistent […]
Examining Cargill’s push to nurture growth through digital and data strategies
For 158 years, Minneapolis-based Cargill is the largest privately held company in the US and employs 155,000 people across 70 countries, earning an estimated $165 billion in annual revenue. Having joined its executive team 18 months ago, CDIO Jennifer Hartsock oversees its global technology portfolio, and digital and data strategies, so she has to keep […]
How Huber spurs innovation in a historically decentralized business
For the last 140 years, specialty manufacturing business Huber has been run as a portfolio company, with four decentralized businesses comprising some $3b in annual revenue. The portfolio model, and a healthy appetite for acquisitions, has served the company well with profitable businesses that manufacture everything from engineered wood to specialty food ingredients. Today, however, […]
First Weekly Chrome Security Update Patches High-Severity Vulnerabilities
Google has released the first weekly Chrome security update, which patches five memory safety vulnerabilities, including four rated ‘high severity’. The post First Weekly Chrome Security Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Exploitation of Ivanti Sentry Zero-Day Confirmed
While initially it was unclear if the Ivanti Sentry vulnerability CVE-2023-38035 has been exploited, the vendor and CISA have now confirmed it. The post Exploitation of Ivanti Sentry Zero-Day Confirmed appeared first on SecurityWeek.
7 project priority checks for overloaded IT agendas
Today’s IT leaders are much more than technology experts — they’re business leaders charged with driving timely results. And that requires knowing not only how to prioritize IT initiatives, but when, and how, to say no to projects that won’t advance business goals. “While saying ‘yes’ to a project can seem like the easiest way […]
Atos—Powering Digital Transformation Across the Customer Lifecycle
Atos earns the 2023 VMware Partner Worldwide Lifecycle Services Award for enabling end-to-end digital transformations True transformation is often a team effort. No matter what type of transformation, working with a trusted partner can make all the difference. For Atos, realizing its goal of engineering the digital world of the future means being a trusted […]
Safeguarding your digital ecosystem: effective strategies to detect and mitigate API abuse
In today’s interconnected digital landscape, Application Programming Interfaces (APIs) are instrumental in ensuring seamless communication between software systems. As APIs gain significance, cybercriminals are also drawn to exploit vulnerabilities and abuse them. Gartner studies indicate that by 2025, half of all data theft will be attributed to unsecured APIs. Detecting and mitigating API abuse is […]
How Vodafone automated sales and operations management
Today’s market for telecommunications services is fast-moving and extremely competitive. To differentiate themselves, communication service providers (CSPs) are focusing on two areas: providing innovative digital services and delivering the best possible customer experience (CX). To this end, CSPs have invested enormously in enabling technologies like 5G and multi-access edge computing (MEC). Unfortunately, CSP infrastructures are […]
US Military Targeted in Recent HiatusRAT Attack
The threat actor behind HiatusRAT was seen performing reconnaissance against a US military procurement system in June 2023. The post US Military Targeted in Recent HiatusRAT Attack appeared first on SecurityWeek.
Hacker Conversations: Cris Thomas (AKA Space Rogue) From Lopht Heavy Industries
Cris Thomas, also known as Space Rogue, was a founding member of the Lopht Heavy Industries hacker collective. The post Hacker Conversations: Cris Thomas (AKA Space Rogue) From Lopht Heavy Industries appeared first on SecurityWeek.
TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks
Vulnerabilities in the TP-Link Tapo L530E smart bulb and accompanying mobile application can be exploited to obtain the local Wi-Fi password. The post TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks appeared first on SecurityWeek.
Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko
The BlackCat/ALPHV ransomware group has started publishing data allegedly stolen from Japanese watchmaking giant Seiko. The post Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko appeared first on SecurityWeek.
Australian Energy Software Firm Energy One Hit by Cyberattack
Energy One, an Australian company that provides software products and services to the energy sector, has been hit by a cyberattack. The post Australian Energy Software Firm Energy One Hit by Cyberattack appeared first on SecurityWeek.
Grip Security Lands $41 Million Series B Financing
Israeli startup Grip Security has banked $41 million in new financing from a group of investors led by Third Point Ventures. The post Grip Security Lands $41 Million Series B Financing appeared first on SecurityWeek.
New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack
A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong. The post New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack appeared first on SecurityWeek.
Lenovo’s Arthur Hu on the CIO’s customer-centric imperative
Arthur Hu ranks among the few IT leaders who wear the hats of both CIO and CTO. As the CIO of Lenovo and the chief technology and delivery officer of the company’s solutions and services group, Hu says the dual role lends him “the unique advantage of guiding our teams in developing cutting-edge technology solutions […]
3 key roles for driving digital success
If digital transformation is a journey, when does it end? This is a question I am asked often by IT leaders who prefer slowing down the pace of transformation and technology innovation. Others who believe the term digital transformation is watered down take a more cynical tack, viewing it as a phrase leaders use to […]
CISA Warns of Another Exploited Adobe ColdFusion Vulnerability
CISA warns that CVE-2023-26359, an Adobe ColdFusion vulnerability patched in March, has been exploited in the wild. The post CISA Warns of Another Exploited Adobe ColdFusion Vulnerability appeared first on SecurityWeek.
Cerby Raises $17 Million for Access Management Platform for Nonstandard Applications
Cerby has raised $17 million in Series A funding for its access management platform for applications not supported by identity providers. The post Cerby Raises $17 Million for Access Management Platform for Nonstandard Applications appeared first on SecurityWeek.
Fujitsu – Transforming business and society in the digital age
Fujitsu is focused on digitizing enterprises around the world by bringing together a broad portfolio of advanced technologies and services, working with a select group of trusted partners. For more than 20 years, one of those key partners has been VMware. Paul Kember, Fujitsu’s head of global strategic alliances in Europe, says, “VMware is one of our […]
Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability
A critical-severity vulnerability in the Ivanti Sentry (formerly MobileIron Sentry) product exposes sensitive API data and configurations. The post Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability appeared first on SecurityWeek.
One company’s innovation reduces carbon footprint – while expanding digital impression
The slogan for Mexican information technology (IT) services specialist Global HITSS is “developing a digital society.” The company, a subsidiary of the leading telecommunications provider in Latin America, lists its goals as integrating IT technologies with other digital amenities and general communications. Its mission: creating a culture of energy conservation. But before this could occur, […]
How to build a next-gen workforce
Of course we’re going to talk about generative AI at CIO’s Future of Work Summit, a virtual event taking place September 20. With the promise of generative AI, we’re living through what many believe to be a seismic change in how we work – and who works with and for us. But that’s not all […]
Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer
Cyfirma security researchers uncover the real identity of the CypherRAT and CraxsRAT malware developer and MaaS operator. The post Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer appeared first on SecurityWeek.
Australian Lender Latitude Financial Reports AU$76 Million Cyberattack Costs
Australian lender Latitude Financial said the recent ransomware attack has cost it AU$76 million (roughly US$50 million). The post Australian Lender Latitude Financial Reports AU$76 Million Cyberattack Costs appeared first on SecurityWeek.
Flaws in Juniper Switches and Firewalls Can Be Chained for Remote Code Execution
Juniper Networks has released Junos OS updates to address J-Web vulnerabilities that can be combined to achieve unauthenticated, remote code execution. The post Flaws in Juniper Switches and Firewalls Can Be Chained for Remote Code Execution appeared first on SecurityWeek.
Brazilian Hacker Claims Bolsonaro Asked Him to Hack Into the Voting System Ahead of 2022 Vote
A Brazilian hacker claims former president Bolsonaro asked him to hack into the voting system ahead of the 2022 election. The post Brazilian Hacker Claims Bolsonaro Asked Him to Hack Into the Voting System Ahead of 2022 Vote appeared first on SecurityWeek.
Webinar Tomorrow: ZTNA Superpowers CISOs Should Know
Join Cloudflare and SecurityWeek for a webinar to discuss “VPN Replacement: Other ZTNA Superpowers CISOs Should Know” The post Webinar Tomorrow: ZTNA Superpowers CISOs Should Know appeared first on SecurityWeek.
US Gov Warns of Foreign Intelligence Cyberattacks Against US Space Industry
The FBI, NCSC, and AFOSI warn US space industry organizations of foreign intelligence targeting and exploitation, including cyberattacks. The post US Gov Warns of Foreign Intelligence Cyberattacks Against US Space Industry appeared first on SecurityWeek.
J&J’s Jim Swanson brings mission-driven leadership to the CIO role
Jim Swanson’s career path to CIO of Johnson & Johnson didn’t begin in technology, or even healthcare. He started out as a scientist, working his way up the research and development ranks in the pharmaceutical industry, an experience steeped in curiosity that has helped shape his emphasis on continuous learning to this day. That early […]
Tesla Discloses Data Breach Related to Whistleblower Leak
Tesla has disclosed a data breach impacting 75,000 people, but it’s a result of a whistleblower leak, not a malicious cyberattack. The post Tesla Discloses Data Breach Related to Whistleblower Leak appeared first on SecurityWeek.
Suspected N. Korean Hackers Target S. Korea-US Drills
North Korea-linked “Kimsuky” hackers carried out “continuous malicious email attacks” on contractors working at the war simulation centre. The post Suspected N. Korean Hackers Target S. Korea-US Drills appeared first on SecurityWeek.
How plusserver strengthens cloud capabilities and helps enterprises reduce their carbon footprint
With four high-performance data centers, including facilities in Cologne, Dusseldorf and two in Hamburg, plusserver is well known for its ability to address the most demanding data sovereignty needs in Germany and throughout Europe – a fact underscored earlier this year when it earned the VMware Sovereign Cloud distinction. The company is also a distinguished […]
Three technology pain points to address for your employees
Technology leaders and CIOs have a lot on their shoulders. The still-evolving world of hybrid work has technology at its core to help cope with fast-changing business demands. As a result, all business leaders are finding that their roles are expanding with opportunities to drive progressive digital-first programs. For some companies, the transformation was so […]
Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins
Jenkins has announced patches for high and medium-severity vulnerabilities impacting several of the open source automation tool’s plugins. The post Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins appeared first on SecurityWeek.
In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 14, 2023. The post In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets appeared first on SecurityWeek.
Lilly revolutionizes clinical trials with intelligent sensor cloud
Digital biomarkers are increasingly playing an important role in improving our understanding of disease and health. Defined as quantifiable and objective behavioral and physiological data collected and measured by digital devices such as implantables, wearables, ingestibles, or portables, digital biomarkers enable pharmaceutical companies to conduct studies remotely without the need for a physical site. This […]
Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure
The ‘LabRat’ cryptomining and proxyjacking operation relies on signature-based tools and stealthy cross-platform malware, and abuses TryCloudflare to hide its C&Cs. The post Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure appeared first on SecurityWeek.
Money Matters: Director – IT and CISO Pushkal Tenjerla of CMS on digital revolution in cash management systems
With a deeply penetrated network of ATMs and cash distribution services across India at over 150,000 business commerce points, CMS Info Systems runs India’s omnipresent ATMs across nearly 97% districts. Committed to increasing the velocity of cash in the economy, they also offer other cash management services such as banking automation, card personalization, IoT monitoring […]
Federally Insured Credit Unions Required to Report Cyber Incidents Within 3 Days
The National Credit Union Administration is requiring all federally insured credit unions to report cyber incidents within 72 hours of discovery. The post Federally Insured Credit Unions Required to Report Cyber Incidents Within 3 Days appeared first on SecurityWeek.
Israel, US to Invest $4 Million in Critical Infrastructure Security Projects
Israel and US government agencies have announced plans to invest close to $4 million in projects to improve the security of critical infrastructure systems. The post Israel, US to Invest $4 Million in Critical Infrastructure Security Projects appeared first on SecurityWeek.
Companies Respond to ‘Downfall’ Intel CPU Vulnerability
Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs. The post Companies Respond to ‘Downfall’ Intel CPU Vulnerability appeared first on SecurityWeek.
5 rules that transform outsourcing outcomes
For organizations seeking a collaborative win-win approach to outsourcing, the Vested sourcing business model is worth consideration. It is the product of nearly 20 years of research at the University of Tennessee, beginning with a deep-dive funded by the United States Air Force on outcome-based outsourcing in 2003. UT’s ongoing research into the world’s most […]
ProjectDiscovery Lands $25M Investment for Cloud Security Tech
San Francisco startup ProjectDiscovery has banked $25 million in early-stage financing as investors continue bet on cloud security vendors. The post ProjectDiscovery Lands $25M Investment for Cloud Security Tech appeared first on SecurityWeek.
The CIO’s call to action on gen AI
Generative AI has taken the world by storm and is being discussed in C-suites and boardrooms daily. Its power and potential are so significant that governments across the globe are trying to figure out how to regulate it. While this “overnight success” has been decades in the making, we’re just now getting a glimpse of […]
Google Brings AI Magic to Fuzz Testing With Eye-Opening Results
Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage. The post Google Brings AI Magic to Fuzz Testing With Eye-Opening Results appeared first on SecurityWeek.
Industrial modernization: Becoming future-ready in uncertain times
The industrial sector has shown incredible resiliency and has been building back fast despite significant headwinds. The COVID-19 global pandemic exposed the fragility of manufacturing supply chains, causing substantial shortages of essential products such as medical supplies, critical minerals, and semiconductors. Dynamics of current geopolitical forces are keeping supply chain risks in focus, resulting in […]
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands
A new report from Rapid7 says a ransomware gang like Cl0p would easily be able to afford a bevy of zero-day exploits for vulnerable enterprise software. The post Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands appeared first on SecurityWeek.
Cisco Patches High-Severity Vulnerabilities in Enterprise Applications
Cisco has patched high-severity vulnerabilities in enterprise applications that could lead to privilege escalation, SQL injection, and denial-of-service. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Applications appeared first on SecurityWeek.
Malicious QR Codes Used in Phishing Attack Targeting US Energy Company
A widespread phishing campaign utilizing malicious QR codes has hit organizations in various industries, including a major energy company in the US. The post Malicious QR Codes Used in Phishing Attack Targeting US Energy Company appeared first on SecurityWeek.
CISA Releases Cyber Defense Plan to Reduce RMM Software Risks
CISA has published a cyber defense plan outlining strategies to help critical infrastructure organizations reduce the risks associated with RMM software. The post CISA Releases Cyber Defense Plan to Reduce RMM Software Risks appeared first on SecurityWeek.
Thousands of Systems Turned Into Proxy Exit Nodes via Malware
Threat actors have been observed deploying a proxy application on Windows and macOS systems that were infected with malware. The post Thousands of Systems Turned Into Proxy Exit Nodes via Malware appeared first on SecurityWeek.
Tech leaders weigh in on the upside and flipside of generative AI
Generative AI is widely regarded as one of the great technology breakthroughs of our time. On the back of thousands of headlines provoked by OpenAI’s ChatGPT, it’s provoked urgent responses from many tech giants and is the theme of, and main topic of discussion at, tech conferences worldwide. But, as with any big new wave, […]
What The Clover Group does to address legacy-related challenges
CIOs have a lot on their plates right now with expanding roles, but in recent years, they’ve also been asked to move beyond managing IT and become a strategic business leader to leverage technology in order to create real value for the business. For Tsholofelo Moeca, CIO at The Clover Group, South Africa’s largest dairy […]
Cybersecurity M&A Roundup for August 1-15, 2023
Twenty-five cybersecurity-related M&A deals were announced in the first half of August 2023. The post Cybersecurity M&A Roundup for August 1-15, 2023 appeared first on SecurityWeek.
Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning
Exploitation of a Citrix ShareFile vulnerability tracked as CVE-2023-24489 has spiked as CISA added it to its ‘must patch’ catalog. The post Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning appeared first on SecurityWeek.
Google Releases Security Key Implementation Resilient to Quantum Attacks
Google has released the first quantum-resilient FIDO2 security key implementation as part of its OpenSK project. The post Google Releases Security Key Implementation Resilient to Quantum Attacks appeared first on SecurityWeek.
Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution
Ivanti has patched critical- and high-severity vulnerabilities with the latest release of Avalanche, its enterprise mobile device management solution. The post Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution appeared first on SecurityWeek.
Cleaning Products Giant Clorox Takes Systems Offline Following Cyberattack
Cleaning products manufacturer and marketer Clorox Company has taken certain systems offline after falling victim to a cyberattack. The post Cleaning Products Giant Clorox Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
GitHub Paid Out $1.5 Million in Bug Bounties in 2022
GitHub says it paid out more than $1.5 million in bug bounties for 364 vulnerabilities in 2022, reaching a total of nearly $4 million since 2016. The post GitHub Paid Out $1.5 Million in Bug Bounties in 2022 appeared first on SecurityWeek.
Chrome 116 Patches 26 Vulnerabilities
Google has released Chrome 116 with patches for 26 vulnerabilities and plans to ship weekly security updates for the popular web browser. The post Chrome 116 Patches 26 Vulnerabilities appeared first on SecurityWeek.
How Svevia connects roads, risk, and refuse through the cloud
Nearly 15 years ago, the then Vägverket Produktion was incorporated so road maintenance on Sweden’s national road network could be put on the competitive open market. Today, state-owned Svevia is the country’s largest company in the operation and maintenance of roads and bridges, and manages over 50% of the road network yet, just like in the […]
Introducing the GenAI models you haven’t heard of yet
Ever since OpenAI’s ChatGPT set adoption records last winter, companies of all sizes have been trying to figure out how to put some of that sweet generative AI magic to use. In fact, according to Lucidworks’ global generative AI benchmark study released August 10, 96% of executives and managers involved in AI decision processes are […]
CIO 100 Award winners prove the transformative value of IT
We’re past the point of inflection: Information technology no longer merely supports or even drives an organization’s strategy; it has the power to transform and expand organizational missions and open up new strategic possibilities. That’s the message at the core of this year’s CIO 100 Awards for IT innovation and leadership, which recognize standout technology […]
Silicon powers democratized networking
From home Wi-Fi, to hyperscaler, the ability to access information instantly and to interact immediately with people on the other side of the world is remarkable. Life as we know it today would be very different without high-speed network connectivity. Across the many nodes and links of the connectivity fabric, there’s a good chance a […]
2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability
A threat actor has exploited a recent Citrix vulnerability (CVE-2023-3519) to infect roughly 2,000 NetScaler instances with a backdoor. The post 2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability appeared first on SecurityWeek.
ESM: Delight employees with personalized, accessible digital experiences
When organizations think about deploying enterprise service management (ESM), they often focus on gaining efficiencies and increasing productivity. But ESM doesn’t just benefit lines-of-business organizations through process automation — it also improves the quality of digital employee experiences so teams can find the information they need faster (even on their own through self-service), anytime and […]
Hacker Forum Credentials Found on 120,000 PCs Infected With Info-Stealer Malware
Hudson Rock security researchers have identified credentials for hacker forums on roughly 120,000 computers infected with information stealers. The post Hacker Forum Credentials Found on 120,000 PCs Infected With Info-Stealer Malware appeared first on SecurityWeek.
CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership
SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework. The post CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership appeared first on SecurityWeek.
SecureWorks Laying Off 15% of Employees
Threat detection and response firm SecureWorks is laying off 15% of its staff (roughly 300 people) in the second round of firings this year. The post SecureWorks Laying Off 15% of Employees appeared first on SecurityWeek.
1.5 Million Impacted by Ransomware Attack at Canadian Dental Service
The personal information of 1.5 million individuals was compromised in a ransomware attack at Alberta Dental Service Corporation (ADSC). The post 1.5 Million Impacted by Ransomware Attack at Canadian Dental Service appeared first on SecurityWeek.
Los Angeles IT secures the vote with open source and the cloud
Vital for democracy, voting system integrity has come under increasing scrutiny of late, placing pressure on government IT leaders to ensure election systems are robust and uncompromised. Aman Bhullar, CIO of Los Angeles County Registrar-Recorder/County Clerk, has heeded the call, having led a widespread overhaul of antiquated voting infrastructure just in time for the contentious […]
Digi-Key: Creating magic with multi-cloud
Digi-Key Electronics was digital before digital was even a buzzword. The company launched in 1972 to provide electronic components and automation products to design engineers. Instead of putting salespeople on the ground, we pioneered a business model built around mail-order catalog sales. Before long, we expanded into online sales and, today, Digi-Key offers the world’s largest […]
Colorado Health Agency Says 4 Million Impacted by MOVEit Hack
Colorado’s health programs administrator says the personal information of 4 million individuals was compromised in the recent MOVEit hack. The post Colorado Health Agency Says 4 Million Impacted by MOVEit Hack appeared first on SecurityWeek.
comdivision – Cloud expertise from design to deployment and management
comdivision and VMware show how leading-edge cloud solutions help customers gain a competitive lead in their industries For more than 25 years, comdivision has drawn from its deep well of infrastructure knowledge to help organizations gain business value from leading-edge technologies. And for the majority of that time, the company has done it in partnership with VMware. […]
Rackspace technology—Award-winning, multi-cloud modernization powered by VMware
Innovation and agility are key indicators of business success. For many enterprises, the focus is on modernizing and transforming their operations to innovate and stay agile – all with an eye on growth and embracing new opportunities. “Every company today is a technology company. The question is, how do we provide the right technology and […]
Huabao sniffs out the ultimate efficiency formula
This is the story of how one aromatics leader found a way to make a digital bouquet in the cloud. With 128 international companies under its corporate umbrella, China’s largest aromatics enterprise, the Huabao Group, has struggled with updating its technology to meet the challenges and opportunities that come with rapid growth. Up until 2021, it often fell […]
US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator
US authorities have announced charges against a Polish national who allegedly operated the LolekHosted.net bulletproof hosting service. The post US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator appeared first on SecurityWeek.
Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying
Vulnerabilities in CyberPower and Dataprobe power management products could be exploited in data center attacks, including to cause damage and for spying. The post Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying appeared first on SecurityWeek.
US Cyber Safety Board to Review Cloud Attacks
The US government’s CSRB will conduct a review of cloud security to provide recommendations on improving identity management and authentication. The post US Cyber Safety Board to Review Cloud Attacks appeared first on SecurityWeek.
Email – The System Running Since 71’
Working remotely is here to stay and businesses should continue to make sure their basic forms of communication are properly configured and secured. The post Email – The System Running Since 71’ appeared first on SecurityWeek.
Cherokee Nation empowers its citizens with IT
The Cherokee Nation of Oklahoma is the largest tribe in the US, with more than 460,000 citizens living across a 7,000-square-mile reservation in Oklahoma and around the world. As a widespread community, when COVID-19 struck, Cherokee Nation’s IT services department knew it needed a way to connect citizens digitally with government services, emergency relief, COVID-19 […]
Micro transformation: Driving big business benefit through quick IT wins
When it comes to IT projects, Daragh Mahon likes to think small. The CIO of transportation and logistics company Werner Enterprises has spent the bulk of his career doing full-blown transformation projects that often took two or three years to complete and ended up being a “massive, monolithic platform.” But by then, the business requirements […]
Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking
Several vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs. The post Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking appeared first on SecurityWeek.
Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles
Ford says a critical vulnerability in the TI Wi-Fi driver of the SYNC 3 infotainment system on certain vehicle models does not pose a safety risk. The post Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles appeared first on SecurityWeek.
Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought
Security in current AI models was an afterthought in their training as data scientists amassed breathtakingly complex collections of images and text. The post Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought appeared first on SecurityWeek.
The best of the best: Inside this year’s CSO50 Awards
Providing safe and secure elections is a critical function of local governments – and has been part of a fraught national conversation. What could be more important to a democracy? Taking a proactive approach to security, the Los Angeles County Registrar-Recorder/County Clerk developed the Elections Cybersecurity Operations Center to monitor its elections infrastructure and business […]
Enhancing healthcare data privacy & access: the power of tokenization
When I became a parent, I wanted to live the longest, healthiest life possible. The good news is that we have the potential to live longer than ever. On average, the global life expectancy since 1950 has increased by 61.7% to over 73 years. Several factors are helping, such as healthcare advances, improved living conditions, […]
In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 7, 2023. The post In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities appeared first on SecurityWeek.
Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach
Northern Ireland’s top police officer apologized for what he described as an “industrial scale” data breach in which the personal information of more than 10,000 officers and staff was released to the public. The post Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach appeared first on SecurityWeek.
Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying
Over a dozen Codesys vulnerabilities discovered by Microsoft researchers can be exploited to shut down industrial processes or deploy backdoors. The post Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying appeared first on SecurityWeek.
Black Hat USA 2023 – Announcements Summary
Hundreds of companies and organizations showcased their products and services this week at the 2023 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2023 – Announcements Summary appeared first on SecurityWeek.
Rethinking data analytics as a digital-first driver at Dow
In today’s digital world, the ability to make data-driven decisions and develop strategies that are based on data analytics is critical to success in every industry. Beyond decision-making, accurate and relevant data analytics can provide greater insights into target markets, help improve operational efficiencies, and identify new products and service opportunities. When I assumed the […]
What is NLP? Natural language processing explained
Natural language processing definition Natural language processing (NLP) is the branch of artificial intelligence (AI) that deals with training computers to understand, process, and generate language. Search engines, machine translation services, and voice assistants are all powered by the technology. While the term originally referred to a system’s ability to read, it’s since become a […]
India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation
Indian lawmakers approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights. The post India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation appeared first on SecurityWeek.
MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs
MoustachedBouncer is a cyberespionage group that targets foreign diplomats in Belarus via ISP adversary-in-the-middle attacks. The post MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs appeared first on SecurityWeek.
Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million
Check Point will acquire SASE and ZTNA cybersecurity firm Perimeter 81 for $490 million, a big discount to its $1 billion valuation in 2022. The post Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million appeared first on SecurityWeek.
How IT does business at Eastman
When Aldo Noseda became CIO at chemical manufacturer Eastman five years ago, he immediately began working with other leaders in the company to bring a new category of services to the market that complemented its physical products. “Before Eastman, I worked for Monsanto, where I had a similar journey,” he says. “Monsanto sold agriculture products […]
Turkcell Cloud: Bringing sovereign cloud to Turkey’s regulated industries
To serve the 3,500 customers using its cloud services, Turkcell recently made significant investments in four massive, high-performance data centers – facilities that enable the telecommunications and IT services leader to provide a robust portfolio to complement its significant Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service solutions. Now Turkey’s largest cloud services and data center provider is working […]
Symmetry Systems Raises $17.7M for Data Security Posture Management Platform
Symmetry Systems has raised $17.7 million for its AI-powered Data Security Posture Management (DSPM) platform. The post Symmetry Systems Raises $17.7M for Data Security Posture Management Platform appeared first on SecurityWeek.
Managing and Securing Distributed Cloud Environments
The complexity and challenge of distributed cloud environments often necessitate managing multiple infrastructure, technology, and security stacks, multiple policy engines, multiple sets of controls, and multiple asset inventories. The post Managing and Securing Distributed Cloud Environments appeared first on SecurityWeek.
European Startup Pistachio Raises €3.25 Million for Cybersecurity Training Platform
Norway-based startup Pistachio has raised €3.25 million ($3.5 million) for its AI-based cybersecurity training platform. The post European Startup Pistachio Raises €3.25 Million for Cybersecurity Training Platform appeared first on SecurityWeek.
6 legal ‘gotchas’ that could sink your CIO career
CIOs’ employers and their legal teams provide CIOs with much legal protection when it comes to performing their jobs. Still, CIOs can be left to fend for themselves if their actions are perceived to cross a legal threshold or when risks inherent to the job are viewed as inadequately addressed. CIOs have been sued for […]
CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio
CISA has added CVE-2023-38180, a zero-day vulnerability affecting .NET and Visual Studio, to its Known Exploited Vulnerabilities Catalog. The post CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio appeared first on SecurityWeek.
Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files
Critical vulnerabilities discovered in WD and Synology NAS devices could have exposed the files of millions of users. The post Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files appeared first on SecurityWeek.
White House Offers Prize Money for Hacker-Thwarting AI
The White House launched an Artificial Intelligence Cyber Challenge competition for creating new AI systems that can defend critical software from hackers. The post White House Offers Prize Money for Hacker-Thwarting AI appeared first on SecurityWeek.
What executives should know about CNAPP
What does CNAPP (really) mean? First termed in the Gartner Hype Cycle for Cloud Security, 2021, a cloud-native application protection platform (CNAPP) is, as the name implies, a platform approach for securing applications that are cloud-native across the span of the software development lifecycle (SDLC) of the applications. The need for CNAPP originates from the […]
PepsiCo IT redefines direct-to-store business model success
For leading snack manufacturer Frito-Lay, direct-to-store delivery is essential business. The PepsiCo Foods North America (PFNA) subsidiary generates more than 95% of its annual revenue of $19.6 billion through this model, which enhances efficiency and slashes labor costs by reducing the number of touchpoints. But with 25,000 frontline employees performing 500,000 store visits a week, […]
Oracle adds compute services to its Cloud@Customer offering
Oracle is adding a new managed offering to its Cloud@Customer platform that will allow enterprises to run applications on proprietary optimized infrastructure in their own data centers to address data residency and security regulations and solve low-latency requirements. Dubbed Oracle Compute Cloud@Customer, the new offering runs on the same optimized hardware as the company’s Exadata […]
Accelerating generative AI requires the right storage
Formula 1 (F1) drivers are some of the most elite athletes in the world. In other sports, such as basketball or soccer, there may be hundreds or thousands of players at the topmost levels. In F1 racing, drivers must excel to earn one of only 20 F1 seats. Further elevating this status, F1 reigns as the world’s […]
Microsoft Paid Out $13 Million via Bug Bounty Programs for Fourth Consecutive Year
For the fourth consecutive year, Microsoft has paid out more than $13 million through its bug bounty programs. The post Microsoft Paid Out $13 Million via Bug Bounty Programs for Fourth Consecutive Year appeared first on SecurityWeek.
Sweet Security Emerges From Stealth With $12 Million Seed Funding and a Cloud Runtime Solution
Israeli startup emerged from stealth with $12 million in Seed funding and launched a Cloud Runtime Security Suite. The post Sweet Security Emerges From Stealth With $12 Million Seed Funding and a Cloud Runtime Solution appeared first on SecurityWeek.
Intel Addresses 80 Firmware, Software Vulnerabilities
Intel has addressed 80 vulnerabilities affecting its products, including 18 high-severity privilege escalation and DoS flaws. The post Intel Addresses 80 Firmware, Software Vulnerabilities appeared first on SecurityWeek.
Cloud Security Firm Kivera Raises $3.5 Million in Seed Funding
Australian cybersecurity startup Kivera raised $3.5 million in seed funding from General Advance, Round 13 Capital and angel investors. The post Cloud Security Firm Kivera Raises $3.5 Million in Seed Funding appeared first on SecurityWeek.
Automated Security Control Assessment: When Self-Awareness Matters
Automated Security Control Assessment enhances security posture by verifying proper, consistent configurations of security controls, rather than merely confirming their existence. The post Automated Security Control Assessment: When Self-Awareness Matters appeared first on SecurityWeek.
Examining the National Bank of Canada CIO’s approach to tech and teams
Being accountable for the execution of the technology strategy for National Bank of Canada, delivery of all projects and initiatives, and running daily operations and back offices functions, Julie Levesque has a lot on her plate as EVP of technology and operations, and CIO. In the role now for three years, she’s applied the skills […]
What is digital transformation? A necessary disruption
Once a vanguard business strategy, digital transformation has become a perennial objective for business survival. Most CEOs (72%) continue to prioritize digital investments, according to the 2022 CEO Outlook report from KPMG, in part due to concerns about emerging and disruptive technology, a top three risk to organizational growth. Executives know that if their businesses […]
SAP Patches Critical Vulnerability in PowerDesigner Product
SAP has fixed over a dozen new vulnerabilities with its Patch Tuesday updates, including a critical flaw in its PowerDesigner product. The post SAP Patches Critical Vulnerability in PowerDesigner Product appeared first on SecurityWeek.
40 Vulnerabilities Patched in Android With August 2023 Security Updates
40 vulnerabilities have been patched by Google in the Android operating system with the release of the August 2023 security updates. The post 40 Vulnerabilities Patched in Android With August 2023 Security Updates appeared first on SecurityWeek.
New ‘Inception’ Side-Channel Attack Targets AMD Processors
Researchers have disclosed the details of a new side-channel attack targeting AMD CPUs named Inception. The post New ‘Inception’ Side-Channel Attack Targets AMD Processors appeared first on SecurityWeek.
Full Steam Ahead: CIO Kopal Raj of WABTEC India on staying ‘on-track’ with AI, IoT and sustainability goals
With a mission to revolutionize the future of global mobility, WABTEC delivers transformative transportation systems that quite literally propel the world forward. Initiated in 1869, with an expansive legacy built on the shoulders of giants such as Westinghouse (which gives it the name Westinghouse Airbrakes technology), Edison and Faiveley, WABTEC has been pioneering force in […]
Downfall: New Intel CPU Attack Exposing Sensitive Information
Google researcher discloses the details of an Intel CPU attack method named Downfall that may be remotely exploitable. The post Downfall: New Intel CPU Attack Exposing Sensitive Information appeared first on SecurityWeek.
Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan
Restructuring plan will result in an 18% reduction in employee headcount and closing of some Rapid7 office locations. The post Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan appeared first on SecurityWeek.
Edge Computing: a powerful enabler for industrial frontline workers
For industrial sector organizations, frontline workers play a crucial role in achieving productivity, efficiency, and safety targets. To empower these workers and increase their influence, edge computing has become a critical enabler. By bringing compute power closer to the point of action, edge computing allows real-time data processing, analytics, and decision-making, thereby improving the well-being and efficiency […]
Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days
Patch Tuesday: A month after confirming active exploitation of Office code execution flaws, Microsoft has shipped patches for multiple affected products. The post Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days appeared first on SecurityWeek.
Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns
Adobe rolls out a big batch of security updates to fix at least 30 Acrobat and Reader vulnerabilities affecting Windows and macOS users. The post Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns appeared first on SecurityWeek.
White House Holds First-Ever Summit on the Ransomware Crisis Plaguing the Nation’s Public Schools
CISA will step up training for the K-12 sector and technology providers, including Amazon Web Services and Cloudflare, will offer grants and free software. The post White House Holds First-Ever Summit on the Ransomware Crisis Plaguing the Nation’s Public Schools appeared first on SecurityWeek.
Nvidia unveils Workbench for managing AI workloads, updates Omniverse
Nvidia has recently focused more on its support for AI applications, but it still had plenty of news from CEO Jensen Huang in a keynote address during the annual computer graphics conference, SIGGRAPH. Huang had a few AI announcements to make, including the release of AI Workbench, a new PC application enterprises can use to […]
Horizon3 AI Raises $40 Million to Expand Automated Pentesting Platform
Horizon3.ai, a provider of autonomous security testing solutions, raised $40 million through a Series C funding round. The post Horizon3 AI Raises $40 Million to Expand Automated Pentesting Platform appeared first on SecurityWeek.
Protection is No Longer Straightforward – Why More Cybersecurity Solutions Must Incorporate Context
Context helps complete the picture and results in actionable intelligence that security teams can use to make informed decisions more quickly. The post Protection is No Longer Straightforward – Why More Cybersecurity Solutions Must Incorporate Context appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens Fixes 7 Vulnerabilities in Ruggedcom Products
ICS Patch Tuesday: Siemens releases a dozen advisories covering over 30 vulnerabilities, but Schneider Electric has only published one advisory. The post ICS Patch Tuesday: Siemens Fixes 7 Vulnerabilities in Ruggedcom Products appeared first on SecurityWeek.
Identity-Based Attacks Soared in Past Year: Report
Identity-based attacks have soared in the past year, according to CrowdStrike’s 2023 Threat Hunting Report. The post Identity-Based Attacks Soared in Past Year: Report appeared first on SecurityWeek.
Black Hat Preview: The Business of Cyber Takes Center Stage
The cybersecurity industry heads to Las Vegas this week for Black Hat in a state of economic contraction, confusion and excitement. Can the promise of AI overcome the hype cycle to truly solve security problems? The post Black Hat Preview: The Business of Cyber Takes Center Stage appeared first on SecurityWeek.
UK Think Tank Proposes Greater Ransomware Reporting From Cyberinsurance to Government
The Royal United Services Institute (RUSI) examined the relationship between cyberinsurance and ransomware, and proposes greater reporting from victims to government, enforced through insurance policies. The post UK Think Tank Proposes Greater Ransomware Reporting From Cyberinsurance to Government appeared first on SecurityWeek.
6 ways CIOs sabotage their IT consultant’s success
Once upon a time my consulting company offered a “Take the Blame” service. Our pricing varied with what we were to take the blame for, from a few thousand dollars for small project failures to several million when an enterprise software implementation was going south. Understand, this service wasn’t for situations where we were at […]
Microsoft Shares Guidance and Resources for AI Red Teams
Microsoft has shared guidance and resources from its AI Red Team program to help organizations and individuals with AI security. The post Microsoft Shares Guidance and Resources for AI Red Teams appeared first on SecurityWeek.
The great reconciliation: Mitigating technical debt
The COVID-19 pandemic led to the widespread adoption of various technologies as businesses rushed to digitize their processes to cope with the crisis. However, this adoption came with a natural debt accrual, including operational debt, cultural debt, technical debt, security debt, lock-in debt, and more. With a looming economic downturn, businesses need to look for […]
The July 2023 Multi-Cloud Briefing: Generative AI for the Enterprise
Watch our newest Multi-Cloud Briefing, The Frontiers of Generative AI for the Enterprise, which explores how the convergence of generative AI and multi-cloud technologies is driving the next wave of business innovation. The most profound impact of generative AI will be in the enterprise. Almost every core function, in every industry—from financial services to healthcare and […]
Unlocking the hidden value of data
With data, an organization can do super powerful things with AI and machine learning, like building models that do everything from enhancing fraud detection capabilities to identifying gaps in the market for the organization to separate from the pack. But getting to that data, and using it effectively and securely, is often easier said than […]
Efficiency is the name of the game for IT leaders
The current economic landscape has been a cause for concern across many industries and, as a result, businesses are looking for any and all ways to be more efficient and optimized. Rocket Software recently conducted a survey of U.S.-based IT directors and vice presidents in companies with more than 1,000 employees and found that due […]
IT leaders know they need to manage IT risk—but need help in execution
Organizations big and small, across every industry, need to manage IT risk. According to PurpleSec, cybercrimes worldwide will cost $10.5 trillion annually by 2025. The financial implications of a cyber breach are clear, but when a breach occurs, organizations also face a damaged reputation, customer loss, and distrust among their stakeholders. Rocket Software recently surveyed […]
HPE—Taking an award-winning approach to overcome customer modernization challenges
HPE has a long history of helping its customers overcome even the toughest business challenges. “HPE’s mission is to help people grow and evolve,” says Joseph George, HPE’s global vice president of HPE strategic alliance marketing. “Our mantra has always been ‘Do what’s right for the customer,’” George explains. For HPE, this means looking at every […]
Softchoice—delivering award-winning, end-to-end multi-cloud strategies
Moving workloads to the cloud is a big undertaking that can include unexpected challenges, delays, and increased costs for many organizations. That’s why the right technology partner is essential. Softchoice, an award-winning VMware partner and this year’s winner of the Cloud Consumption Award for the Americas in the 2023 VMware Partner Achievement Awards, has deep expertise […]
Wipro — Innovating modern multi-cloud environments for digital transformation
Business today runs on data. And for many enterprises, Wipro, a valued VMware partner, is the company of choice to deliver and maintain their data centers. With over 75 years of experience helping businesses, Wipro maintains a continued focus on innovation that delivers growth for the VMware partner – and its clients. It’s this drive to help customers […]
4 questions CIOs are asking about cloud computing
Ever since Basecamp announced late last year that they were (mostly) pulling out of the cloud, there’s been a spirited debate about the failure of cloud computing to deliver on hyped-up promises of miraculous cost savings. Like a low-calorie cheesecake, cloud computing was supposed to give us everything we desired with minimal effort, all while […]
Cyberinsurance Firm Resilience Raises $100 Million to Expand Its Cyber Risk Platform
Resilience Cyber Insurance Solutions has raised $100 million through a Series D funding round to support global expansion of its cyber risk platform that was launched earlier this year. The post Cyberinsurance Firm Resilience Raises $100 Million to Expand Its Cyber Risk Platform appeared first on SecurityWeek.
Groundbreaking HR solution earns BT Group unique SAP Innovation Award honor
BT Group has never forgotten its beginnings as a company ensuring that everyone in the UK could have access to a new invention called the telegraph. Finally, a farmer in the Midlands could communicate with his cousin in Brighton, and a dock worker in Sunderland was able to receive the latest news from Westminster. In […]
North Korean Hackers Targeted Russian Missile Developer
A sanctioned Russian missile maker appears to have been targeted by two important North Korean hacking groups. The post North Korean Hackers Targeted Russian Missile Developer appeared first on SecurityWeek.
New PaperCut Vulnerability Allows Remote Code Execution
A new vulnerability in the PaperCut MF/NG print management software can be exploited for unauthenticated, remote code execution. The post New PaperCut Vulnerability Allows Remote Code Execution appeared first on SecurityWeek.
CISA Unveils Cybersecurity Strategic Plan for Next 3 Years
CISA has unveiled its Cybersecurity Strategic Plan for the next 3 years, focusing on addressing immediate threats, hardening the terrain, and driving security. The post CISA Unveils Cybersecurity Strategic Plan for Next 3 Years appeared first on SecurityWeek.
Generative AI is a make-or-break moment for CIOs
Hardly a day goes by without some new business-busting development on generative AI surfacing in the media. And, in fact, McKinsey research argues the future could indeed be dazzling, with gen AI improving productivity in customer support by up to 40%, in software engineering by 20% to 30%, and in marketing by 10%. Still, it’s worth remembering […]
IDC: Pace of enterprise applications sales will increase next year
IDC forecasts the growth rate of enterprise applications software sales will pick up in 2024, and remain steady through 2027, despite a dip this year as a result of CIOs continuing to pull back on spending due to economic headwinds. Software sales grew 9.8% last year to $306 million, according to a new IDC study, […]
IT leaders embrace the role of business change maker
As CIO of E&J Gallo Winery, Robert Barrios has made it a priority to lead transformation projects not with directives, but by cultivating the right blend of shared experiences and immersion in the business. Barrios rides shotgun on sales calls, spends time observing winemakers, and drops into meetings with sales and operations planning and the […]
Colorado Department of Higher Education Discloses Ransomware Attack, Data Breach
Colorado Department of Higher Education targeted in a ransomware attack that resulted in a data breach impacting many students and teachers. The post Colorado Department of Higher Education Discloses Ransomware Attack, Data Breach appeared first on SecurityWeek.
A Cyberattack Has Disrupted Hospitals and Health Care in Five States
A cyberattack has disrupted hospital computer systems in several states, forcing some emergency rooms to close and ambulances to be diverted. The post A Cyberattack Has Disrupted Hospitals and Health Care in Five States appeared first on SecurityWeek.
In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 31, 2023. The post In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability appeared first on SecurityWeek.
Microsoft Criticized Over Handling of Critical Power Platform Vulnerability
A critical Microsoft Power Platform vulnerability exposed authentication data and other secrets, but the tech giant has been accused of handling it poorly. The post Microsoft Criticized Over Handling of Critical Power Platform Vulnerability appeared first on SecurityWeek.
Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft
Threat actors have been observed abusing the open source Cloudflare Tunnel tool Cloudflared to maintain stealthy, persistent access to compromised systems. The post Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft appeared first on SecurityWeek.
Points.com Vulnerabilities Allowed Customer Data Theft, Rewards Program Hacking
Multiple vulnerabilities in the airline and hotel rewards platform points.com could have led to personal information theft and unauthorized administrative access. The post Points.com Vulnerabilities Allowed Customer Data Theft, Rewards Program Hacking appeared first on SecurityWeek.
AWS hopes for a savior in AI as revenue growth continues to slow
Revenue growth at Amazon’s cloud computing division, Amazon Web Services, continued to slow in the second quarter of fiscal year 2023 as enterprises pressed on with their cost-cutting measures. Revenue for AWS increased 12% year-on-year in the second quarter to $21.4 billion. However, Amazon CEO Andy Jassy said enterprises subscribing to AWS services have “needed assistance cost […]
New York Couple Plead Guilty to Bitcoin Laundering
A married couple from New York dubbed “Bitcoin Bonnie and Crypto Clyde” pleaded guilty to laundering billions of dollars in stolen bitcoin. The post New York Couple Plead Guilty to Bitcoin Laundering appeared first on SecurityWeek.
What is an automation engineer? A growing role to address IT automation
Automation has been a hot topic in the job market for several years now, with plenty of pros and cons surrounding both the idea of job creation and job loss. A study from Zippia found that automation has the potential to eliminate 73 million jobs by 2030, with 35% of Americans worried about automation displacing […]
A 4-pronged strategy to cut SaaS sprawl
Software-as-a-service (SaaS) has witnessed explosive growth over the past few years, as vendors, thought leaders, and CIOs have hailed the enhanced efficiency, lower costs, and reduced time to benefit the model can deliver. However, in their zeal to make good on the promise of SaaS, IT leaders often lose full visibility into the technology stack […]
4 ways to ask hard questions about emerging tech risks
As CIOs and technology leaders, we’re almost always in the role of the technology evangelist, bringing both mainstream and emerging technology into the organization for business benefit. In collaboration with our peers, we have a solid business sense that carefully weighs innovation and risk in order to gain valuable ROI while protecting the organization from […]
Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed
Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed. The post Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed appeared first on SecurityWeek.
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022. The post Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities appeared first on SecurityWeek.
CISA Calls Urgent Attention to UEFI Attack Surfaces
The US government’s cybersecurity agency describes UEFI as “critical attack surface” that requires urgent security attention. The post CISA Calls Urgent Attention to UEFI Attack Surfaces appeared first on SecurityWeek.
670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis
CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor. The post 670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis appeared first on SecurityWeek.
Jericho Security Raises $3 Million for Awareness Training Powered by Generative AI
Jericho Security raises $3 million in a pre-seed funding round to help organizations defend against emerging generative AI-powered phishing attacks. The post Jericho Security Raises $3 Million for Awareness Training Powered by Generative AI appeared first on SecurityWeek.
Dozens of RCE Vulnerabilities Impact Milesight Industrial Router
Cisco Talos researchers warn of dozens of critical- and high-severity vulnerabilities in the Milesight UR32L industrial router leading to code execution. The post Dozens of RCE Vulnerabilities Impact Milesight Industrial Router appeared first on SecurityWeek.
Decommissioned Medical Infusion Pumps Expose Wi-Fi Configuration Data
Medical infusion pumps available via secondary market sources contain Wi-Fi configuration settings from the original organization. The post Decommissioned Medical Infusion Pumps Expose Wi-Fi Configuration Data appeared first on SecurityWeek.
These Are the Top Five Cloud Security Risks, Qualys Says
Cloud security specialist Qualys has provided its view of the top five cloud security risks, drawing insights and data from its own platform and third parties. The post These Are the Top Five Cloud Security Risks, Qualys Says appeared first on SecurityWeek.
NASA, IBM team up to build LLM that can help fight climate change
IBM on Thursday said it has partnered with the US space agency NASA to co-develop a foundation large language model based on geospatial data that it claims will help scientists and their organizations fight climate change. The open source model, which will be available on Hugging Face, was developed on IBM’s watsonx.ai platform and trained […]
CIO legend Chris Hjelm on developing future-ready IT leaders
Chris Hjelm is a CIO legend with a career spanning Fortune 50 behemoths like Kroger and FedEx, innovative tech companies like Orbitz and eBay, and other high-growth e-commerce and startup businesses. The 2023 recipient of the Ohio CIO of the Year ORBIE Leadership Award is known for his track record of building and heading global […]
Lay the groundwork now for advanced analytics and AI
When global technology company Lenovo started utilizing data analytics, they helped identify a new market niche for its gaming laptops, and powered remote diagnostics so their customers got the most from their servers and other devices. Comcast is using data analytics to reduce the cost, and improve the efficacy of, its 10P byte of […]
Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update
Google has paid out over $60,000 for three high-severity type confusion vulnerabilities in Chrome’s V8 engine. The post Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 42 Deals Announced in July 2023
Forty-two cybersecurity-related merger and acquisition (M&A) deals were announced in July 2023. The post Cybersecurity M&A Roundup: 42 Deals Announced in July 2023 appeared first on SecurityWeek.
Salesforce Email Service Zero-Day Exploited in Phishing Campaign
Threat actors have exploited a Salesforce email service zero-day vulnerability and abused Meta features in a sophisticated phishing campaign. The post Salesforce Email Service Zero-Day Exploited in Phishing Campaign appeared first on SecurityWeek.
Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round
Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform. The post Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round appeared first on SecurityWeek.
Beyond compliance: How to pick winning ESG strategies that make a splash
Gone are the days when ESG was advanced from within by a band of social advocates braving the current of traditional business thinking. ESG has penetrated our collective psyche and entered the business bloodstream. In many organizations, it informs every strategy, every activity, and many executives are now expected to craft plans as to how […]
Adapt to Changing Regulations with Data Independence and Mobility
“The era of open borders for data is ending,” declared The New York Times in May 2022.1 Meeting security, privacy, and compliance (https://bit.ly/42lK275) regulations and protecting data access and integrity (https://bit.ly/42DwOlA) aren’t the end of the data sovereignty journey. Future-proof your cloud infrastructure with data independence and mobility so that data can be shared and migrated as […]
Microsoft Catches Russian Government Hackers Phishing with Teams Chat App
Microsoft says a Russian government-linked hacking group is using its Microsoft Teams chat app to phish for credentials at targeted organizations. The post Microsoft Catches Russian Government Hackers Phishing with Teams Chat App appeared first on SecurityWeek.
Improving visibility and security in hybrid cloud environments
When it comes to keeping our digital world secure, there’s a saying that really hits home: “You can’t protect what you can’t see.” It’s a reminder that without a clear view of our data and systems, we’re leaving ourselves vulnerable to all sorts of risks. That’s where centralized visibility comes in. By bringing together information […]
Answer these 4 questions to maximize the ROI of your security toolset
Over the past decade, organizations realized they need to arm their teams with the right security toolset in order to mitigate the cyber threats they’re facing. The continuous investment and adoption of security tools has created a challenge: Organizations are now leveraging tens, and sometimes hundreds, of security tools from various vendors that often don’t […]
Shield and Visibility Solutions Target Phishing From Inside the Browser
Menlo Security introduced anti-phishing solutions that analyze what users see on a landing page rather than just analyzing the content of an email. The post Shield and Visibility Solutions Target Phishing From Inside the Browser appeared first on SecurityWeek.
Revolutionize your site for growth, innovation, and customer satisfaction with composable architecture
If your business can’t adapt, your business can’t compete. In the fast-paced world of business, adaptability is the key to success. Unfortunately, most turn-key website platforms have a hidden flaw – they are inherently limited in their potential. As your business grows, your unique needs may diverge from what your vendor’s monolithic platform can offer, […]
New hVNC macOS Malware Advertised on Hacker Forum
A new macOS-targeting hVNC malware family is being advertised on a prominent cybercrime forum. The post New hVNC macOS Malware Advertised on Hacker Forum appeared first on SecurityWeek.
Cyble Raises $24 Million for AI-Powered Threat Intelligence Platform
Threat intelligence firm Cyble has raised $24 million in a Series B funding round co-led by Blackbird Ventures and King River Capital. The post Cyble Raises $24 Million for AI-Powered Threat Intelligence Platform appeared first on SecurityWeek.
Salesforce launches Starter to ward off competition in the SMB segment
Salesforce has made its customer relationship management (CRM) suite, dubbed Starter, generally available in an effort to garner more market share in the small and medium businesses (SMBs) segment as it faces stiff competition from rivals such as Zoho. Starter made its first appearance in June when the company launched it specifically in India, targeting […]
Google AMP Abused in Phishing Attacks Aimed at Enterprise Users
Threat actors are using Google AMP URLs in phishing campaigns as a new detection evasion tactic. The post Google AMP Abused in Phishing Attacks Aimed at Enterprise Users appeared first on SecurityWeek.
Firefox 116 Patches High-Severity Vulnerabilities
Firefox 116 was released with patches for 14 CVEs, including nine high-severity vulnerabilities, some of which can lead to remote code execution or sandbox escapes. The post Firefox 116 Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Enterprises enthusiastic about generative AI, Foundry survey shows
Generative AI is already making deep inroads into the enterprise, but not always under IT department control, according to a recent survey of business and IT leaders by Foundry, publisher of CIO.com. The survey found tension between business leaders seeking competitive advantage, and IT leaders wanting to limit risks. Some 62% of respondents said their […]
CIO Ryan Snyder on the benefits of interpreting data as a layer cake
A data and analytics capability cannot emerge from an IT or business strategy alone. With both technology and business organization deeply involved in the what, why, and how of data, companies need to create cross-functional data teams to get the most out of it. So Thermo Fisher Scientific CIO Ryan Snyder and his colleagues have […]
10 tips for modernizing legacy apps for the cloud
To fully capitalize on the cloud’s scalability and flexibility, most enterprises go beyond a simple lift-and-shift approach, instead injecting them with cloud-native capabilities — a strategy that sounds simple but can quickly prove complex. After all, as with many seemingly easy tasks, the devil is in the details. Fortunately, modernizing a legacy app for the […]
Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack
The recently patched Ivanti EPMM zero-day CVE-2023-35078 has been exploited to hack the Norwegian government since at least April 2023. The post Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack appeared first on SecurityWeek.
Broadcom’s Approach Towards Delivering Customer Value
At Broadcom, we make business decisions driven by what will bring customers the most value. The idea is simple: We tailor our innovations and solutions to their needs over the long term and equip them with the tools they need to drive outcomes. So, how do we make that happen? We listen to our customers. […]
How innovative modular UPSs support digital transformation at edge computing sites
In this era of digital transformation, as we witness the runaway growth of edge computing, the uninterruptible power supply (UPS) is doing its part to help organizations achieve scalability, redundancy, and resiliency goals. With traditional UPSs, if you need to expand, you typically must purchase another unit that will sit next to the existing UPS or replace it […]
Forgepoint Capital Places $20M Series A Bet on Converge Insurance
Forgepoint Capital makes another investment in the cyber-insurance sector with a $15 million Series A investment in Converge Insurance. The post Forgepoint Capital Places $20M Series A Bet on Converge Insurance appeared first on SecurityWeek.
Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups
Researchers unmask an Iranian-run company providing command-and-control services to hacking groups, including state-sponsored APT actors. The post Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups appeared first on SecurityWeek.
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack
A new power side-channel attack named Collide+Power can allow an attacker to obtain sensitive information and it works against nearly any modern CPU. The post Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack appeared first on SecurityWeek.
Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups
San Francisco startup Socket raises $20 million as investors continue to bet on companies in the open source software security category. The post Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups appeared first on SecurityWeek.
This is the easiest AI strategy decision you’ll ever make
By Bryan Kirschner, Vice President, Strategy at DataStax Years before the meteoric adoption of ChatGPT made AI top of mind for just about everyone, the authors of Competing in the Age of AI had already pointed out something every business leader should ignore at their peril: In traditional operating models, scale inevitably reaches a point […]
SpecterOps Updates BloodHound Active Directory Mapping Tool
SpecterOps announces version 5.0 of BloodHound Active Directory mapping tool with enterprise-grade deployment, usability, and UI. The post SpecterOps Updates BloodHound Active Directory Mapping Tool appeared first on SecurityWeek.
Silk Security Emerges from Stealth With $12.5 Million Seed Funding
Silk Security raised $12.5 million in seed funding and is on a mission to break down the silos between security and development with an integrated ‘find and fix’ platform. The post Silk Security Emerges from Stealth With $12.5 Million Seed Funding appeared first on SecurityWeek.
Nile Raises $175 Million for Secure NaaS Solutions
Network-as-a-service (NaaS) solutions provider Nile has raised $175 million in a Series C funding round that brings the total raised by the firm to $300 million. The post Nile Raises $175 Million for Secure NaaS Solutions appeared first on SecurityWeek.
Hacker Conversations: Youssef Sammouda, Bug Bounty Hunter
SecurityWeek speaks to Youssef Sammouda about using cybersecurity research and bug bounties as a way of life and source of income. The post Hacker Conversations: Youssef Sammouda, Bug Bounty Hunter appeared first on SecurityWeek.
Generative AI usage gains traction among enterprises: McKinsey
The usage of generative AI across enterprises is already widespread, although it is still early days for the new technology, according to a report from McKinsey’s AI consulting service, Quantum Black. The report is based on an online survey conducted in April, which received responses from 1,684 participants globally across multiple industry sectors, company sizes, […]
Invoking IT to help revitalize Indigenous languages at risk of extinction
The Miami-Illinois language of the Miami Tribe of Oklahoma (Myaamiaki tribe) fell dormant during the 19th and 20th centuries, at a time when Indigenous populations faced forced relocations and abusive boarding schools, where children were forced to assimilate and were punished for using their own language. It wasn’t until the 1990s that Indigenous rights were […]
Hyperscalers in crosshairs for anti-competitive pricing and lock-in
Ofcom, the UK’s communications regulator, is concerned the market for public cloud infrastructure services is concentrated in the hands of just three providers, limiting competition and making it difficult for enterprises to switch or use multiple suppliers. Those three providers—AWS, Microsoft, and Google—argue the contrary. The two sides, and their supporters, are currently battling it […]
How generative AI impacts your digital transformation priorities
Digital transformation must be a core organizational competency. That’s my key advice to CIOs and IT leaders. During keynotes and discussions with CIOs, I remind everyone how strategic priorities evolve significantly every two years or less, from growth in 2018, to pandemic and remote work in 2020, to hybrid work and financial constraints in 2022. […]
Bedding Giant Tempur Sealy Takes Systems Offline Following Cyberattack
Bedding products provider Tempur Sealy says it has shut down certain systems following a cyberattack. The post Bedding Giant Tempur Sealy Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report
The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to Dragos. The post Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report appeared first on SecurityWeek.
200 Canon Printer Models May Expose Wi-Fi Connection Data
Canon says more than 200 inkjet printer models fail to properly erase Wi-Fi configuration settings. The post 200 Canon Printer Models May Expose Wi-Fi Connection Data appeared first on SecurityWeek.
Possible Chinese Malware in US Systems a ‘Ticking Time Bomb’: Report
China has implanted malware in key US power and communications networks in a “ticking time bomb” that could disrupt the military in event of a conflict The post Possible Chinese Malware in US Systems a ‘Ticking Time Bomb’: Report appeared first on SecurityWeek.