The changing face of cybersecurity threats in 2023
Over the last eighteen months or so, a motley group of teenagers under the banner of Lapsus$ managed to hack into “unbreachable” fortresses at tech giants such as Okta, T-Mobile, Nvidia, Microsoft, and Globant using unsophisticated but creative and persistent techniques. While the group’s goals were unclear and differing – fluctuating between amusement, monetary gain, […]
Bankrupt IronNet Shuts Down Operations
Bankrupt and out of financing options, IronNet has terminated all employees and plan to file for Chapter 7 protection. The post Bankrupt IronNet Shuts Down Operations appeared first on SecurityWeek.
Should finance organizations bank on Generative AI?
As I work with financial services and banking organizations around the world, one thing is clear: AI and generative AI are hot topics of conversation. These conversations are so weighty, they are happening at the boardroom level. I get it. Financial organizations want to capture generative AI’s tremendous potential while mitigating its risks. In the […]
AWS Using MadPot Decoy System to Disrupt APTs, Botnets
AWS says an internal threat intel decoy system called MadPot has successfully trapped nation state-backed APTs like Volt Typhoon and Sandworm. The post AWS Using MadPot Decoy System to Disrupt APTs, Botnets appeared first on SecurityWeek.
Generative AI Startup Nexusflow Raises $10.6 Million
Nexusflow scores funding to build an open-source LLM that can deliver high accuracy when retrieving data from multiple security sources. The post Generative AI Startup Nexusflow Raises $10.6 Million appeared first on SecurityWeek.
Researchers Extract Sounds From Still Images on Smartphone Cameras
A group of academic researchers devised a technique to extract sounds from still images captured using smartphone cameras with rolling shutter and movable lens structures. The post Researchers Extract Sounds From Still Images on Smartphone Cameras appeared first on SecurityWeek.
In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
Noteworthy stories that might have slipped under the radar: new RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea. The post In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea appeared first on SecurityWeek.
Embrace the Generative AI revolution: a guide to integrating Generative AI into your operations
Generative AI (GenAI) is not just the topic of the hour – it may well be the topic of the decade and beyond. Until a year ago, when people suggested that AI was already mainstream and asked what the next big thing would be, I replied that we had not reached the end state of […]
National Security Agency is Starting an Artificial Intelligence Security Center
The NSA is starting an artificial intelligence security center — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems. The post National Security Agency is Starting an Artificial Intelligence Security Center appeared first on SecurityWeek.
CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
CISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog. The post CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks appeared first on SecurityWeek.
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations. The post Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks appeared first on SecurityWeek.
NIST Publishes Final Version of 800-82r3 OT Security Guide
NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security. The post NIST Publishes Final Version of 800-82r3 OT Security Guide appeared first on SecurityWeek.
A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says
A sharply divided privacy oversight board is recommending that the FBI and other agencies be required to get court approval before reviewing the communications of U.S. citizens collected through a secretive foreign surveillance program. The post A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says appeared first on […]
Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
Gaps in Cloudflare’s security controls allow users to bypass protections and target others from the platform itself. The post Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers appeared first on SecurityWeek.
Top 17 cloud cost management tools — and how to choose
It feels like just yesterday that we were promised that cloud servers cost just pennies. You could rent a rack with the spare change behind the sofa cushions and have money left for ice cream. Those days are long gone. When the monthly cloud bill arrives, CFOs are hitting the roof. Developer teams are learning […]
10 most in-demand generative AI skills
If any technology has captured the collective imagination in 2023, it’s generative AI — and businesses are beginning to ramp up hiring for what in some cases are very nascent gen AI skills, turning at times to contract workers to fill gaps, pursue pilots, and round out in-house AI project teams. Analyzing the hiring behaviors of […]
Johnson Controls Hit by Ransomware
Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company. The post Johnson Controls Hit by Ransomware appeared first on SecurityWeek.
FBI Warns Organizations of Dual Ransomware, Wiper Attacks
The FBI warns organizations of cyberattacks that employ multiple ransomware families or deploy dormant data wipers. The post FBI Warns Organizations of Dual Ransomware, Wiper Attacks appeared first on SecurityWeek.
US State Department Says 60,000 Emails Taken in Alleged Chinese Hack
The US State Department said that hackers took around 60,000 emails in an attack which Microsoft has blamed on China. The post US State Department Says 60,000 Emails Taken in Alleged Chinese Hack appeared first on SecurityWeek.
Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
Progress Software ships patches for critical-severity flaws in its WS_FTP file transfer software and warns that a pre-authenticated attacker could wreak havoc on the underlying operating system. The post Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product appeared first on SecurityWeek.
Government Shutdown Could Bench 80% of CISA Staff
Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown. The post Government Shutdown Could Bench 80% of CISA Staff appeared first on SecurityWeek.
Lumu Raises $30 Million for Threat Detection and Response Platform
Intrusion detection company Lumu has raised $30 million in a Series B funding round led by Forgepoint Capital. The post Lumu Raises $30 Million for Threat Detection and Response Platform appeared first on SecurityWeek.
Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
Verisoul, a company that has developed a SaaS platform for detecting and blocking fake users, has raised $3.25 million in seed funding. The post Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users appeared first on SecurityWeek.
Moving From Qualitative to Quantitative Cyber Risk Modeling
Migrating to a quantitative cyber risk model of analysis allows for more accurate data, which leads to more informed decision-making. The post Moving From Qualitative to Quantitative Cyber Risk Modeling appeared first on SecurityWeek.
Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains. The post Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits appeared first on SecurityWeek.
Cisco Warns of IOS Software Zero-Day Exploitation Attempts
Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks. The post Cisco Warns of IOS Software Zero-Day Exploitation Attempts appeared first on SecurityWeek.
Sysdig Launches Realtime Attack Graph for Cloud Environments
Sysdig enhanced its existing CNAPP offering with a cloud attack graph, risk prioritization, attack path analysis, a searchable inventory, and complete agentless scanning. The post Sysdig Launches Realtime Attack Graph for Cloud Environments appeared first on SecurityWeek.
Qualcomm’s Cisco Sanchez on structuring IT for business growth
As senior vice president and CIO at Qualcomm, Cisco Sanchez leads a global IT organization laser focused on setting the company up to achieve scale and speed in a world of complexity. Sanchez’s organization was honored with a CIO 100 Award at this year’s CIO100 Symposium Awards and Event, recognizing the innovative work his team […]
12 ‘best practices’ IT should avoid at all costs
What makes IT organizations fail? Often, it’s the adoption of what’s described as “industry best practices” by people who ought to know better but don’t, probably because they’ve never had to do the job. From establishing internal customers to instituting charge-backs to insisting on ROI, a lot of this advice looks plausible when viewed from […]
Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor. The post Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor appeared first on SecurityWeek.
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies. The post Chinese Gov Hackers Caught Hiding in Cisco Router Firmware appeared first on SecurityWeek.
CISA Unveils New HBOM Framework to Track Hardware Components
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products. The post CISA Unveils New HBOM Framework to Track Hardware Components appeared first on SecurityWeek.
Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk
Attackers can find tons of information on Tesla cars and their drivers by searching for misconfigured TeslaMate instances online. The post Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk appeared first on SecurityWeek.
Gem Security Lands $23 Million Series A Funding
Israeli security startup Gem Security has raised a total of $34 million to tackle cloud threat detection and incident response. The post Gem Security Lands $23 Million Series A Funding appeared first on SecurityWeek.
Google Open Sources Binary File Comparison Tool BinDiff
Google has released the source code of BinDiff, a binary file comparison tool popular within the security research community, on GitHub. The post Google Open Sources Binary File Comparison Tool BinDiff appeared first on SecurityWeek.
Stolen GitHub Credentials Used to Push Fake Dependabot Commits
Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions. The post Stolen GitHub Credentials Used to Push Fake Dependabot Commits appeared first on SecurityWeek.
Firefox 118 Patches High-Severity Vulnerabilities
Firefox 118 patches six high-severity vulnerabilities, including a memory leak potentially leading to sandbox escape. The post Firefox 118 Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
macOS 14 Sonoma Patches 60 Vulnerabilities
macOS 14 Sonoma has been officially released by Apple and the latest version of the operating system patches over 60 vulnerabilities. The post macOS 14 Sonoma Patches 60 Vulnerabilities appeared first on SecurityWeek.
A fluency in business and tech yields success at NATO
With the intricacies of the CIO role multiplying, there’s increased talk about having deft knowledge and understanding of both the business and technology in order to contemplate and process next moves as a leader. In Manfred Boudreaux-Dehmer’s case as the first CIO of NATO, he has a unique perspective of soon to be 32 nations […]
Gen AI success starts with an effective pilot strategy
Generative artificial intelligence is all the rage, but how can enterprises actually harness the technology’s promise and implement it for value? What benefits can be expected and what challenges might arise? Gen AI is a relatively new tool for organizations and individual users. And while many CIOs might have a fairly solid understanding of the […]
New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
GPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip. The post New GPU Side-Channel Attack Allows Malicious Websites to Steal Data appeared first on SecurityWeek.
Oracle bolsters distributed cloud, AI strategy with new Mexico cloud region
Oracle has partnered with telecommunications service provider Telmex-Triara to open a second region in Mexico in an effort to keep expanding its data center footprint as it eyes more revenue from AI and generative AI-based workloads. Earlier this month, the company said it expects cloud revenue to grow 29% to 31% in the second quarter […]
How to ignite innovation and empower more sustainable solutions
Some moments in life are indelibly etched in our memory. I will never forget one evening several years ago. In fact, I can point to the chair where I sat when it happened. My wife, three children, and I were eating dinner together. Suddenly, an idea sparked in my brain. I grabbed a pencil and […]
Zero Trust: Understanding the US government’s requirements for enhanced cybersecurity
The concept of Zero Trust has gained significant traction in recent years, as organizations look to enhance their cybersecurity defenses and safeguard their digital assets. The US government has been at the forefront of promoting this approach, with a series of guidelines and requirements that companies must adhere to. In this blog, I will explore some of […]
Microsoft Adding New Security Features to Windows 11
Microsoft announced that the latest Windows 11 update (23H2) will bring more support for passkeys and several new security features. The post Microsoft Adding New Security Features to Windows 11 appeared first on SecurityWeek.
Swiss energy services company uses machine learning to see the future
If you want to look into the future, sometimes you have to be able to predict it. Swiss energy services company IWB has a vision of a world with a fully renewable, climate-friendly energy supply. Not long ago, though, that goal seemed difficult to conceptualize. For many years, IWB’s distribution grid supplied customers with electricity exclusively […]
Mitigating mayhem in a complex hybrid IT world
We’ve all seen the insurance commercials: Mayhem is everywhere. When it strikes in the consumer world of insurance, you want the right people on your side and the right plan to navigate a way forward. The same can be said about IT. When a system begins to break down, the most important thing is ending […]
SAP prepares to add Joule generative AI copilot across its apps
By year-end, users of a couple of SAP applications should have the option to ask generative AI copilot, Joule, to help with their work — and the company plans to roll the feature out across all its applications one by one in the years to come. Clicking on a dedicated button in compatible SAP applications […]
How AI can deliver eye-opening insights for IT
No matter what your newsfeed may be, it’s likely peppered with articles about the wonders of artificial intelligence. And rightly so. But even as we remember 2023 as the year when generative AI went ballistic, AI and its ML (machine learning) sidekick have been quietly evolving over several years to yield eye-opening insights and problem-solving […]
5 steps we can take to address the cyber skills shortage
Depending upon which research report you read, we have a shortage of somewhere around 3.4 million or 3.5 million individuals worldwide2. But we are not the only industry with a talent gap. The medical industry, for example, is facing a shortage of more than 10 million physicians worldwide3. The skills shortage creates challenges, of course. […]
UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor
UAE-linked APT group Stealth Falcon has used the new Deadglyph backdoor in an attack targeting a governmental entity in the Middle East. The post UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor appeared first on SecurityWeek.
$200 Million in Cryptocurrency Stolen in Mixin Network Hack
Mixin Network suspends deposits and withdrawals after hackers steal $200 million in digital assets from its centralized database. The post $200 Million in Cryptocurrency Stolen in Mixin Network Hack appeared first on SecurityWeek.
Xenomorph Android Banking Trojan Targeting Users in US, Canada
The Xenomorph Android banking trojan can now mimic financial institutions in the US and Canada and is also targeting crypto wallets. The post Xenomorph Android Banking Trojan Targeting Users in US, Canada appeared first on SecurityWeek.
The CISO Carousel and its Effect on Enterprise Cybersecurity
CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security. The post The CISO Carousel and its Effect on Enterprise Cybersecurity appeared first on SecurityWeek.
Sony Investigating After Hackers Offer to Sell Stolen Data
Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data. The post Sony Investigating After Hackers Offer to Sell Stolen Data appeared first on SecurityWeek.
Rediscovering the value of information
In his dissertation at Stanford in 1976, smartphone pioneer and founder and CEO of General Magic Marc Porat correctly prophesied that the future would be defined by “information machines, information workers, and information companies.” Today, there is general consensus that we live in an “Information Society” and work in an “Information Economy.” What is surprising […]
8 questions CIOs should ask to prime their business for gen AI
Companies are now recognizing the work ahead of them to get their data, people, and processes ready to capitalize on gen AI’s potential. In fact, insights from a recent Accenture survey found that nearly all (99%) executives said they plan to amplify their investments in the technology. So leaders will need to radically re-think how work gets […]
6 IT rules worth breaking — and how to get away with it
There comes a time in every IT leader’s life when a key decision must be made: whether to follow an established rule or, as a matter of necessity, break precedent and embark on an alternate course. Management rules typically exist to enable faultless decision-making, set a foundation for consistent operation, and provide protection from risk, […]
Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
A stealthy APT known as Gelsemium has been observed targeting a government entity in Southeast Asia for persistence and intelligence collection. The post Stealthy APT Gelsemium Seen Targeting Southeast Asian Government appeared first on SecurityWeek.
Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
Kosi Goodness Simon-Ebo, a Nigerian national, pleaded guilty in a US court to his involvement in a million-dollar BEC fraud scheme. The post Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role appeared first on SecurityWeek.
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
Nearly 900 US schools are impacted by the MOVEit hack at the educational nonprofit National Student Clearinghouse. The post 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse appeared first on SecurityWeek.
City of Dallas Details Ransomware Attack Impact, Costs
City of Dallas has approved an $8.5 million budget to restore systems following a Royal ransomware attack in May 2023. The post City of Dallas Details Ransomware Attack Impact, Costs appeared first on SecurityWeek.
Rockwell Automation makes shift to ‘as-a-service’ model
In the digital era, few companies are safe from disruption — even highly innovative organizations like industrial automation giant Rockwell Automation. That’s why, in the summer of 2021, Chris Nardecchia, SVP and chief digital and information officer, set about enabling a transformation that would change Rockwell’s business before it lost ground to a new class […]
10 digital transformation questions every CIO must answer
Digital transformation has become an essential part of business success. Yet, organizations still struggle with getting it right. According to TEKsystems’ 2023 State of Digital Transformation, 41% of organizations’ digital transformation (DX) initiatives have failed to achieve their desired outcomes. Another study, the 2023 State of the Intelligent Information Management Industry, turned up similar numbers, […]
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks. The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek.
In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
A critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers. The post In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover appeared first on SecurityWeek.
Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
Egyptian opposition politician Ahmed Altantawy was targeted with spyware after announcing a presidential bid, security researchers reported The post Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware appeared first on SecurityWeek.
In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event. The post In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking appeared first on SecurityWeek.
China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
Chinese state-sponsored threat groups have targeted telecoms, financial and government organizations in Africa as part of soft power efforts. The post China’s Offensive Cyber Operations in Africa Support Soft Power Efforts appeared first on SecurityWeek.
Air Canada Says Employee Information Accessed in Cyberattack
Canada’s largest airline says the personal information of some employees was accessed in a recent cyberattack. The post Air Canada Says Employee Information Accessed in Cyberattack appeared first on SecurityWeek.
Faster Patching Pace Validates CISA’s KEV Catalog Initiative
CISA says Known Exploited Vulnerabilities Catalog has helped federal agencies significantly accelerate their vulnerability remediation pace. The post Faster Patching Pace Validates CISA’s KEV Catalog Initiative appeared first on SecurityWeek.
BIND Updates Patch Two High-Severity DoS Vulnerabilities
The latest BIND security updates include patches for two high-severity DoS vulnerabilities that can be exploited remotely. The post BIND Updates Patch Two High-Severity DoS Vulnerabilities appeared first on SecurityWeek.
Top 15 data management platforms available today
Data management platform definition A data management platform (DMP) is a suite of tools that helps organizations to collect and manage data from a wide array of first-, second-, and third-party sources and to create reports and build customer profiles as part of targeted personalization campaigns. Deploying a DMP can be a great way for […]
Mastercard preps for the post-quantum cybersecurity threat
The ecosystem of digital payments is a sitting duck. The billions of transactions we conduct online today are protected by what are called public-key encryption technologies. But as quantum computers become more powerful, they will be able to break these cryptographic algorithms. Such a cryptographically relevant quantum computer (CRQC) could deliver a devastating impact to […]
Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
Apple has patched 3 zero-day vulnerabilities that have likely been exploited by a spyware vendor to hack iPhones. The post Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones appeared first on SecurityWeek.
SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
ICS/OT security budgets have decreased in 2023 compared to last year, according to a survey conducted by SANS. The post SANS Survey Shows Drop in 2023 ICS/OT Security Budgets appeared first on SecurityWeek.
Four questions for a casino InfoSec director
Recent cyberattacks at MGM Resorts and Caesars Entertainment have put the spotlight on cybersecurity practices at casinos – and the importance of educating employees on social engineering tactics. With the CSO50 Conference + Awards coming to the We-Ko-Pa Casino Resort in Fort McDowell, Arizona, October 2-4, we asked Bill Tsoukatos, Information Technology Director at Fort […]
New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
New and mysterious APT Sandman spotted targeting telcos in Europe and Asia as part of a cyberespionage campaign. The post New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware appeared first on SecurityWeek.
Four Leadership Motions make leading transformative work easier
Have you ever been tasked to lead a cross-functional project at work? You may have encountered multiple stakeholders–all believing that their viewpoint is the most valuable–competing to have their own needs met instead of collaborating to make progress. My business partner and wife, Janice Fraser, and I have seen this play out countless times in […]
Navigating the Digital Frontier in Cybersecurity Awareness Month 2023
ZTNA stands out as a solution that enables organizations to minimize their attack surface while ensuring the productivity and security of their remote workforce. The post Navigating the Digital Frontier in Cybersecurity Awareness Month 2023 appeared first on SecurityWeek.
Every Network Is Now an OT Network. Can Your Security Keep Up?
Many previously isolated OT networks, like manufacturing, processing, distribution, and inventory management, have now been woven into larger IT networks. The post Every Network Is Now an OT Network. Can Your Security Keep Up? appeared first on SecurityWeek.
Legit Security Raises $40 Million in Series B Financing
Legit Security raises $40 million in a Series B funding round led by CRV to help organizations protect the software supply chain from attacks The post Legit Security Raises $40 Million in Series B Financing appeared first on SecurityWeek.
TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
TransUnion denies suffering a breach after a hacker publishes 3GB of data allegedly stolen from the credit reporting firm. The post TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data appeared first on SecurityWeek.
Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
An automotive cybersecurity study shows that critical-risk vulnerabilities have decreased in the past decade. The post Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade appeared first on SecurityWeek.
Atlassian Security Updates Patch High-Severity Vulnerabilities
Atlassian has released patches for multiple high-severity vulnerabilities in Jira, Confluence, Bitbucket, and Bamboo products. The post Atlassian Security Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Cisco Boosting Cybersecurity Capabilities With $28 Billion Splunk Acquisition
Cisco has entered into a definitive agreement to acquire data analysis and security company Splunk in a deal valued at $28 billion. The post Cisco Boosting Cybersecurity Capabilities With $28 Billion Splunk Acquisition appeared first on SecurityWeek.
UK’s New Online Safety Law Adds to Crackdown on Big Tech Companies
British lawmakers approved an ambitious but controversial new internet safety law with wide-ranging powers to crack down on digital and social media companies. The post UK’s New Online Safety Law Adds to Crackdown on Big Tech Companies appeared first on SecurityWeek.
Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks
The FBI and CISA are warning critical infrastructure organizations of ongoing Snatch ransomware attacks, which also involve data exfiltration. The post Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks appeared first on SecurityWeek.
6 deadly sins of enterprise architecture
Keeping the enterprise running has never been an easy task. The rise of software tools have made many parts of the workflow faster, smoother, and more consistent for everyone but those who have to keep the software running. It’s like the old line about a duck gliding along a pond: Everything above the water looks […]
The year’s top 10 enterprise AI trends — so far
The advent of gen AI changed everything, and the pace of that change is like nothing we’ve seen before. The potential impacts are reminiscent of the dawn of the Internet, and are likely to be just as transformative for businesses. According to McKinsey, gen AI is poised to add up to an annual $4.4 billion […]
Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
Omron has patched PLC and engineering software vulnerabilities discovered by Dragos during the analysis of ICS malware. The post Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis appeared first on SecurityWeek.
MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks
MGM Resorts brought its computer systems back online on September 20th after ransomware disrupted operations for 10 days. The post MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks appeared first on SecurityWeek.
CIOs worry about Gen AI – for all the right reasons
Many CIOs are wringing their hands over generative AI. No, the apocalyptic visions of the groundbreaking new technology replacing us – even destroying us – aren’t keeping them up at night. Rather, they’re worried about how best to arm their employees as quickly and safely as possible with what could turn out to be the […]
So, you’re ready to invest in Universal ZTNA. Here’s what you should know
If you’ve recently attended an industry event or read the daily news digest from your go-to trade publication, there’s no way you haven’t heard about Universal Zero Trust Network Access (ZTNA). There’s a lot of hype around this offering, so much so that Gartner® included Universal ZTNA in its recent Hype CycleTM for Zero Trust Networking, 2023 report, which profiles […]
How Zero Trust can help align the CIO and CISO
The role of the CIO (Chief Information Officer) and CISO (Chief Information Security Officer) have become increasingly important in recent years as organizations place more emphasis on digital transformation and information security. While both positions are crucial in their own way, the top priorities for CIO and CISO can often differ. In this article, we […]
NVIDIA and VMware make AI accessible to enterprises with full-stack accelerated computing
Enterprises are increasingly realizing the impact and value AI has on their overall digital transformation strategies. For NVIDIA, AI is at the core of digital transformation and business growth. With new technology, collaboration, and accelerated computing, AI is poised to enable businesses to make better decisions faster than ever. “NVIDIA is all-in on AI, whether […]
Intel Launches New Attestation Service as Part of Trust Authority Portfolio
Intel announces general availability of attestation service that is part of Trust Authority, a new portfolio of security software and services. The post Intel Launches New Attestation Service as Part of Trust Authority Portfolio appeared first on SecurityWeek.
Staying on Topic in an Off Topic World
Learning how to keep discussions on-topic is an important skill for security professionals to learn, and it can allow them to continue to improve their security programs. The post Staying on Topic in an Off Topic World appeared first on SecurityWeek.
Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement
Finnish authorities have seized the drugs marketplace Piilopuoti, which has been operating on the Tor network since May 2022. The post Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement appeared first on SecurityWeek.
ServiceNow boasts industry-first gen AI general availability with Vancouver release of Now
With the addition of Now Assist to the Vancouver release of its software platform, ServiceNow is embedding gen AI across the three major workflows it supports. Now Assist for IT Service Management, Customer Service Management, and HR Service Delivery add new text creation and summarization features and an interactive chatbot interface to help workers get […]
Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
Atos Unify product vulnerabilities could be exploited to cause disruption and reconfigure or backdoor the targeted system. The post Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems appeared first on SecurityWeek.
DHS Publishes New Recommendations on Cyber Incident Reporting
DHS has published a new set of recommendations to help federal agencies better report cyber incidents and protect critical infrastructure. The post DHS Publishes New Recommendations on Cyber Incident Reporting appeared first on SecurityWeek.
Discern Security Emerges From Stealth Mode With $3 Million in Funding
Policy management cybersecurity startup Discern Security on Tuesday emerged from stealth mode with $3 million in funding. The post Discern Security Emerges From Stealth Mode With $3 Million in Funding appeared first on SecurityWeek.
GitLab Patches Critical Pipeline Execution Vulnerability
GitLab has released security updates to address a critical-severity vulnerability allowing an attacker to run pipelines as another user. The post GitLab Patches Critical Pipeline Execution Vulnerability appeared first on SecurityWeek.
California Law Restricting Companies’ Use of Information From Kids Online Is Halted by Federal Judge
A federal judge has halted implementation of a California data collection law intended to protect the privacy of minors The post California Law Restricting Companies’ Use of Information From Kids Online Is Halted by Federal Judge appeared first on SecurityWeek.
How Mapfre gets cloud to coexist with its tech model ambitions
With 90 years of history, Mapfre is one of the giants of the Spanish insurance sector. The multinational is present in around 40 countries, and closed its last financial year with more than €640 million in profit. And in charge of the group’s technological strategy and digitalization processes is global CIO Vanessa Escrivá. “The personalization of services and […]
Analyzing the business-case approach Perdue Farms takes to derive value from data
Martha Heller: What is the transformation currently underway at Perdue Farms? Mark Booth: We have a growth strategy to improve our business, and to support that, we’re driving a transformation in technology and business processes. We’ve been replacing our old systems, some of which are more than 20 years old, and this has been going […]
5 signs your agile practices will lead to digital disaster
CIOs are under increasing pressure to deliver more digital innovations faster and more efficiently. Business leaders expect IT to develop new products, improve customer experiences, automate workflows, and deliver new artificial intelligence capabilities. To do so, CIOs must continuously improve their product management, program management, and delivery capabilities to wow customers and deliver competitive advantages, […]
SASE Firm Cato Networks Raises $238 Million at $3 Billion Valuation
SASE company Cato Networks has raised $238 million in equity investment, bringing total funding to $773 million. The post SASE Firm Cato Networks Raises $238 Million at $3 Billion Valuation appeared first on SecurityWeek.
Oracle’s Fusion Cloud CX, ERP, and SCM get generative AI features
Just months after partnering with large language model provider Cohere and unveiling its strategic plan for infusing generative AI features into its products, Oracle is making good on its promise at its annual CloudWorld conference this week in Las Vegas. Nearly all of Oracle’s Fusion Cloud suites — including Cloud Customer Experience (CX), Human Capital […]
UK Minister Warns Meta Over End-to-End Encryption
Britain’s interior minister warned Meta that out end-to-end encryption on its platforms must “not to come at a cost to our children’s safety”. The post UK Minister Warns Meta Over End-to-End Encryption appeared first on SecurityWeek.
CrowdStrike to Acquire Application Intelligence Startup Bionic
The cash-and-stock transaction provides capabilities for CrowdStrike to beef up its enterprise cloud security portfolio. The post CrowdStrike to Acquire Application Intelligence Startup Bionic appeared first on SecurityWeek.
HiddenLayer Raises Hefty $50M Round for AI Security Tech
Texas startup attracts major investor interest to build an MLMDR (machine learning detection and response) technology. The post HiddenLayer Raises Hefty $50M Round for AI Security Tech appeared first on SecurityWeek.
‘Cybersecurity Incident’ Hits ICC
The International Criminal Court was hit by what it called “anomalous activity” regarding its IT systems and that it was currently responding to this “cybersecurity incident.” The post ‘Cybersecurity Incident’ Hits ICC appeared first on SecurityWeek.
Venafi Leverages Generative AI to Manage Machine Identities
Venafi launched a proprietary generative AI model to help with the mammoth, complex, and expanding problem of managing machine identities. The post Venafi Leverages Generative AI to Manage Machine Identities appeared first on SecurityWeek.
The future of ERP: With composable ERP, interoperability and integration are not optional
Analysis There are many facets to interoperability and integration, and any of them can derail your success with composable ERP. Interoperability embodies the ability of solution components to exchange and use data. Not only must the ability to integrate (pass data back and forth) exist, but data must be usable by the various components — […]
Clorox Blames Damaging Cyberattack for Product Shortage
Clorox says the recent cyberattack has been contained, but production is still not fully restored and there is a short supply of products. The post Clorox Blames Damaging Cyberattack for Product Shortage appeared first on SecurityWeek.
Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices
New versions of Pakistan-linked APT Transparent Tribe’s CapraRAT Android trojan mimic the appearance of YouTube. The post Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices appeared first on SecurityWeek.
Alcion Raises $21 Million for Backup-as-a-Service Platform
Data management startup Alcion has raised $21 million in a Series A funding round led by Veeam to expand its market presence. The post Alcion Raises $21 Million for Backup-as-a-Service Platform appeared first on SecurityWeek.
Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products
Trend Micro has patched CVE-2023-41179, an Apex One zero-day code execution vulnerability that has been exploited in attacks. The post Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products appeared first on SecurityWeek.
Thousands of Juniper Appliances Vulnerable to New Exploit
VulnCheck details a new fileless exploit targeting a recent Junos OS vulnerability that thousands of devices have not been patched against. The post Thousands of Juniper Appliances Vulnerable to New Exploit appeared first on SecurityWeek.
Chinese Hackers Target North American, APAC Firms in Web Skimmer Campaign
A Chinese threat actor has been observed targeting organizations in multiple industries to deploy web skimmers on online payment pages. The post Chinese Hackers Target North American, APAC Firms in Web Skimmer Campaign appeared first on SecurityWeek.
Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd
SecurityWeek interviews Casey Ellis, founder, chairman and CTO at Bugcrowd, best known for operating bug bounty programs for organizations. The post Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd appeared first on SecurityWeek.
The DX roadmap: David Rogers on driving digital transformation success
Although enterprises acknowledge the importance of digital transformation in the current environment of flux, few succeed in their digital initiatives. A major reason so many digital transformation programs fail is that enterprises view them as technology problems rather than the organizational challenges they truly are. Columbia University professor David Rogers, author of Digital Transformation Playbook […]
12 most popular AI use cases in the enterprise today
Organizations all around the globe are implementing AI in a variety of ways to streamline processes, optimize costs, prevent human error, assist customers, manage IT systems, and alleviate repetitive tasks, among other uses. And with the rise of generative AI, artificial intelligence use cases in the enterprise will only expand. To gain a better understanding […]
Cybersecurity M&A Roundup for First Half of September 2023
A dozen cybersecurity-related M&A deals were announced in the first half of September 2023. The post Cybersecurity M&A Roundup for First Half of September 2023 appeared first on SecurityWeek.
CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks
CISA says Owl Labs video conferencing device vulnerabilities that require the attacker to be in close range exploited in attacks The post CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks appeared first on SecurityWeek.
Inside Intermax’s ambitious journey to be a sustainable cloud leader
A fleet of green data centers and a well-advanced plan to stop using fossil-fuel powered vehicles are among the key steps driving Intermax’s mission to be the most sustainable cloud services provider in the Netherlands. Ludo Baauw – founder, corporate social responsibility lead and CEO of Intermax Group, sees firsthand the direct impact that sustainability […]
The ‘Great Retraining’: IT upskills for the future
Maggie Chavarin is no stranger to reinventing her career. She joined Synchrony more than a decade ago in a Merchants Services role that allowed her to be a work-from-home mom. When the timing was right, Chavarin honed her skills to do training and coaching work and eventually got her first taste of technology as a […]
Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages
Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The post Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages appeared first on SecurityWeek.
OT/IoT and OpenTitan, an Open Source Silicon Root of Trust
A silicon root of trust (S-RoT) is designed to provide security to those parts of a device that can be attacked by a third party. The question remains, however: can the S-RoT itself be attacked? The post OT/IoT and OpenTitan, an Open Source Silicon Root of Trust appeared first on SecurityWeek.
Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates
Google Chromebooks released from 2021 and onwards will receive automatic updates, including security patches, for 10 years. The post Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates appeared first on SecurityWeek.
Canadian Government Targeted With DDoS Attacks by Pro-Russia Group
The pro-Russian cybercrime group tracked as NoName057(16) is launching DDoS attacks against Canadian organizations. The post Canadian Government Targeted With DDoS Attacks by Pro-Russia Group appeared first on SecurityWeek.
Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
Fortinet has released patches for a high-severity cross-site scripting vulnerability impacting its enterprise firewalls and switches. The post Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products appeared first on SecurityWeek.
Oracle updates Fusion Cloud suites to aid healthcare firms
Oracle has updated several applications within its various Fusion Cloud suites in order to align them toward supporting use cases for its healthcare enterprise customers. These updates, which include changes to multiple applications within its Enterprise Resource Planning (ERP), Human Capital Management (HCM), Enterprise Performance Management (EPM), and Supply Chain and manufacturing (SCM) Fusion Clouds, […]
Two Vegas Casinos Fell Victim to Cyberattacks, Shattering the Image of Impenetrable Casino Security
MGM Resorts and Caesars Entertainment hit by cyberattacks, shattering the image of impenetrable casino security. The post Two Vegas Casinos Fell Victim to Cyberattacks, Shattering the Image of Impenetrable Casino Security appeared first on SecurityWeek.
TikTok Is Hit With $368 Million Fine Under Europe’s Strict Data Privacy Rules
European regulators slapped TikTok with a $368 million fine for failing to protect children’s privacy, the first time that the popular short video-sharing app has been punished for breaching Europe’s strict data privacy rules. The post TikTok Is Hit With $368 Million Fine Under Europe’s Strict Data Privacy Rules appeared first on SecurityWeek.
CISA Releases New Identity and Access Management Guidance
CISA has released new guidance on how federal agencies can integrate identity and access management into their ICAM architecture. The post CISA Releases New Identity and Access Management Guidance appeared first on SecurityWeek.
Verizon accelerates 5G rollouts with automation platform
For consumers and enterprises alike, 5G offers the tantalizing promise of faster speeds, lower latency, and greater possibilities for unlocking the power of edge computing — but only if your devices can connect. To that end, New York-based telecom giant Verizon has developed a platform for migrating millions of customers to its next-generation networks such […]
ICS Security Firm Dragos Raises $74 Million in Series D Extension
ICS/OT security firm Dragos has raised $74 million in a Series D extension funding round that brings the total to $440 million. The post ICS Security Firm Dragos Raises $74 Million in Series D Extension appeared first on SecurityWeek.
Imagine Making Shadowy Data Brokers Erase Your Personal Info. Californians May Soon Live the Dream
California state Legislature has passed the Delete Act to allow individuals to order data brokers to delete their personal data — and to cease acquiring and selling it in the future. The post Imagine Making Shadowy Data Brokers Erase Your Personal Info. Californians May Soon Live the Dream appeared first on SecurityWeek.
VMware Cross-Cloud Managed Services unleash partner capabilities to help customers become cloud smart
In a rapidly evolving business landscape, where innovation and cost efficiency are paramount, the launch of VMware Cross-Cloud managed services at VMware Explore 2023 Las Vegas is a pivotal moment. Announced in April at VMware’s Partner Leadership Summit, VMware Cross-Cloud managed services redefine the way organizations address the complexities of multi-cloud, offering unparalleled flexibility, scalability […]
Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty
Russian hacker Dariy Pankov has pleaded guilty to computer fraud and now faces a maximum penalty of five years in federal prison. The post Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty appeared first on SecurityWeek.
California Settles With Google Over Location Privacy Practices for $93 Million
Search giant Google has agreed to a $93 million settlement with the state of California over its location-privacy practices. The post California Settles With Google Over Location Privacy Practices for $93 Million appeared first on SecurityWeek.
Pentagon’s 2023 Cyber Strategy Focuses on Helping Allies
The Pentagon has published an unclassified summary of its 2023 Cyber Strategy, outlining both offensive and defensive plans. The post Pentagon’s 2023 Cyber Strategy Focuses on Helping Allies appeared first on SecurityWeek.
In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off
Noteworthy stories that might have slipped under the radar: China blames NSA for a cyberattack, AI jailbreaks, and Netography spin-off. The post In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off appeared first on SecurityWeek.
MGM Hackers Broadening Targets, Monetization Strategies
The financially motivated UNC3944 group that hacked MGM has hit at least 100 organizations, mainly in the US and Canada. The post MGM Hackers Broadening Targets, Monetization Strategies appeared first on SecurityWeek.
Deduce Raises $9 Million to Fight AI-Generated Identity Fraud
Deduce has raised $9 million in a new funding round led by Freestyle Capital, to launch its AI-generated identity fraud prevention platform. The post Deduce Raises $9 Million to Fight AI-Generated Identity Fraud appeared first on SecurityWeek.
Salesforce to hire 3,300 staffers as it eyes generative AI opportunity
After laying off 8,000 staffers in January, Salesforce is now planning to hire at least 3,300 employees. The plan includes rehiring some of the former employees. Salesforce is looking at a large recruitment drive as it plans to invest in new areas such as generative AI and push some of its popular products, such […]
4 key steps for optimizing your IT services portfolio
From the CEO’s perspective, an optimized IT services portfolio maximizes cost efficiency, flexibility, and scalability. It enables the organization to focus on its core business while managing risks and accelerating time-to-market for new products and services. From the CIO’s perspective, an optimized IT services portfolio ensures strategic alignment with business goals, enabling the organization to […]
Transforming the leadership trajectory for women in tech
Women leaders are switching jobs at rates far higher than their male counterparts as they demand more from their employers and show they’re willing to go elsewhere to get it. That trend is substantiated by recent research from McKinsey. Given this reality – and the business world’s drive to create more diverse and inclusive leadership […]
Google Feature Blamed for Retool Breach That Led to Cryptocurrency Firm Hacks
A recently introduced Google account sync feature has been blamed after sophisticated hackers attacked 27 cryptocurrency firms via Retool. The post Google Feature Blamed for Retool Breach That Led to Cryptocurrency Firm Hacks appeared first on SecurityWeek.
Inside Nasdaq’s AI-fueled pivot to SaaS provider
No doubt, Nasdaq is bullish on generative AI. Brad Peterson, the company’s CIO and CTO, has been implementing AI for more than a decade and is all in on the promised innovation afforded by generative AI. “We are committed to enhancing the liquidity, transparency, and integrity of the world’s economy and AI will continue to […]
Microsoft, Oracle deliver direct access to Oracle database services on Azure
Looking ahead to a future in which customers will move their entire data center workloads to the cloud, Microsoft and Oracle on Thursday expanded their partnership. Oracle is collocating its Oracle database hardware (including Oracle Exadata) and software in Microsoft Azure data centers, giving customers direct access to Oracle database services running on Oracle Cloud […]
Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database
The hijacked data includes driver’s license numbers and/or social security numbers from a Caesars Entertainment loyalty database. The post Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database appeared first on SecurityWeek.
A Second Major British Police Force Suffers a Cyberattack in Less Than a Month
Personal details of thousands of police officers and staff from Greater Manchester Police have been hacked from a company that makes identity cards. The post A Second Major British Police Force Suffers a Cyberattack in Less Than a Month appeared first on SecurityWeek.
The big speed bump on the road to GenAI
It seems that every event I moderate, regardless of the topic, will devolve into a discussion of generative AI and the excitement of intelligent systems. The enthusiasm for this innovative technology is irrepressible. Ideas fly around, grandiose plans are discussed, and everyone can’t wait to get going. However, as the discussion moves back to more […]
A One-Two Punch for Security ROI
Cost avoidance is a powerful way to kick-off ROI discussions. However, to quickly move beyond objections, shifting to a more tangible approach to calculate ROI can help. The post A One-Two Punch for Security ROI appeared first on SecurityWeek.
Kubernetes Vulnerability Leads to Remote Code Execution
A high-severity vulnerability can be exploited to execute code remotely on any Windows endpoint within a Kubernetes cluster. The post Kubernetes Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
ICS Computers in Western Countries See Increasing Attacks: Report
ICS computers in the Western world have been increasingly attacked, but the percentages are still small compared to other parts of the globe. The post ICS Computers in Western Countries See Increasing Attacks: Report appeared first on SecurityWeek.
Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery
Orca Security details eight XSS vulnerabilities in Azure HDInsight that could lead to information leaks, session hijacking, and payload delivery. The post Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery appeared first on SecurityWeek.
LockBit Affiliate Deploys New 3AM Ransomware in Recent Attack
A LockBit affiliate has deployed the new 3AM ransomware family on a victim’s network, after LockBit’s execution was blocked. The post LockBit Affiliate Deploys New 3AM Ransomware in Recent Attack appeared first on SecurityWeek.
Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack
A known ransomware gang has taken credit for the highly disruptive cyberattack on MGM Resorts, and the company has yet to restore impacted systems. The post Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack appeared first on SecurityWeek.
North Korean Hackers Steal $53 Million in Cryptocurrency From CoinEx
North Korean hackers stole $53 million in cryptocurrency from crypto exchange CoinEx after the hot wallet private key was leaked. The post North Korean Hackers Steal $53 Million in Cryptocurrency From CoinEx appeared first on SecurityWeek.
CIO Brett Lansing’s five-point approach to building followership
Your strategy’s only as strong as it is implemented well. And you can implement it well only to the extent that your followership is strong. Your followership is the most potent circle of your professional network, and it, perhaps more than anything else, empowers you to influence and implement, with or without authority. Brett Lansing, […]
What is a data engineer? An analytics role in high demand
What is a data engineer? Data engineers design, build, and optimize systems for data collection, storage, access, and analytics at scale. They create data pipelines that convert raw data into formats usable by data scientists, data-centric applications, and other data consumers. Their primary responsibility is to make data available, accessible, and secure to stakeholders. This […]
Tech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in Washington
Tech executives discussed the idea of government regulations for artificial intelligence (AI) at an unusual closed-door meeting in the U.S. Senate on September 13th. The post Tech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in Washington appeared first on SecurityWeek.
DORA and its impact on data sovereignty
According to the European Commission, no less, ‘data is immensely valuable to all organisations, a significant resource for the digital economy and the ‘cornerstone of our EU industrial competitiveness’. Hardly surprising when you consider the data economy is projected to deliver more than €829b and nearly 11m jobs to the region by 2025. Capitalising on […]
AuthMind Scores $8.5M Seed Funding for ITDR Tech
Maryland startup scores $8.5 million in seed-stage funding to compete in the Identity Threat Detection and Response (ITDR) category. The post AuthMind Scores $8.5M Seed Funding for ITDR Tech appeared first on SecurityWeek.
CISOs and Board Reporting – an Ongoing Problem
Boards often complain they receive overly-technical reports from management teams that fail to put governance in business and financial terms. The post CISOs and Board Reporting – an Ongoing Problem appeared first on SecurityWeek.
Distributed Energy Resources Get Cybersecurity Boost with $39M DOE Funding
The US Department of Energy gives $39 million in funding for nine projects to advance the cybersecurity of distributed energy resources. The post Distributed Energy Resources Get Cybersecurity Boost with $39M DOE Funding appeared first on SecurityWeek.
Why your CEO needs to watch a coding video
By Bryan Kirschner, Vice President, Strategy at DataStax As a software developer and coding instructor, Ania Kubow is always informative and engaging. But watching her 30-minute video on “Vector Embeddings for Beginners” will be time well-spent for many people who have no intention of ever doing hands-on- coding. Specifically, it’s a must-watch for anyone who […]
CISA Releases Open Source Software Security Roadmap
CISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government. The post CISA Releases Open Source Software Security Roadmap appeared first on SecurityWeek.
How Next-Gen Threats Are Taking a Page From APTs
Cybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime. The post How Next-Gen Threats Are Taking a Page From APTs appeared first on SecurityWeek.
US Agencies Publish Cybersecurity Report on Deepfake Threats
CISA, FBI and NSA have published a cybersecurity report on deepfakes and recommendations for identifying and responding to such threats. The post US Agencies Publish Cybersecurity Report on Deepfake Threats appeared first on SecurityWeek.
Airbus Launches Investigation After Hacker Leaks Data
Airbus has launched an investigation after a hacker claimed to have breached the company’s systems and leaked some business documents. The post Airbus Launches Investigation After Hacker Leaks Data appeared first on SecurityWeek.
macOS Info-Stealer Malware ‘MetaStealer’ Targeting Businesses
The MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information. The post macOS Info-Stealer Malware ‘MetaStealer’ Targeting Businesses appeared first on SecurityWeek.
China Says No Law Banning iPhone Use in Govt Agencies
China said it was following media reports about suspected security issues with iPhones but insisted there was no ban on its officials using the devices The post China Says No Law Banning iPhone Use in Govt Agencies appeared first on SecurityWeek.
Salesforce plans generative AI boost for ESG reporting with Net Zero Cloud
Generative AI will soon be everywhere — including in Salesforce’s Net Zero Cloud environmental, social, and governance (ESG) reporting tool. Salesforce will add new features to Net Zero Cloud to automate some aspects of preparing ESG reports — something investors and regulators are increasingly paying attention to — and later upgrading them with new generative […]
SecurityWeek to Host Cyber AI & Automation Summit
Virtual conference will explore cybersecurity use-cases for AI technology and the race to protect LLM algorithms from adversarial use. The post SecurityWeek to Host Cyber AI & Automation Summit appeared first on SecurityWeek.
SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA
SAP has released patches for a critical vulnerability impacting multiple enterprise applications, including NetWeaver and S/4HANA. The post SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA appeared first on SecurityWeek.
CISA Offering Free Vulnerability Scanning Service to Water Utilities
CISA is offering a free vulnerability scanning service to water utilities to help them protect drinking water and wastewater systems against cyberattacks. The post CISA Offering Free Vulnerability Scanning Service to Water Utilities appeared first on SecurityWeek.
Eliminate roles, not people: fine-tuning the talent search during times of change
Having joined Campbell’s in January 2022, Julia Anderson’s enterprise-wide responsibilities run from digital workplace services, IT platforms, and architecture, to cybersecurity oversight, business analytics, and transformation projects and programs. When she arrived, a business transformation was already underway. “There were two divisions structured and a central supply chain—very clear areas to partner with, but […]
New US CIO appointments, September 2023
Rite Aid promotes Christine Rose to CIO Christine Rose, Rite Aid Rite Aid Rite Aid, a full-service pharmacy, employs more than 6,300 pharmacists and operates over 2,300 retail pharmacy locations across 17 states. Rose joined Rite Aid in 2020 as the company’s SVP for enterprise technology solutions. She held previous roles at Align Technology, Kendra […]
10 mistakes that can tank IT innovation
Years into digital transformation, and decades into the IT function itself, many CIOs still fall short when it comes to innovation. Tech debt, budget constraints, and overloaded staff schedules are among the top reasons IT leaders cite for scuttled innovation attempts. Indeed, 50% of C-suite execs surveyed for a 2023 report on digital transformation from […]
After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery
After Apple and Google, Mozilla has also patched an image processing-related zero-day vulnerability exploited by spyware. The post After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery appeared first on SecurityWeek.
The CTO’s newest hat is green
Can a company embrace digital innovation and become more sustainable at the same time? In the past, business leaders sometimes accepted the idea that being on the leading edge of technology came at a price to the environment. And those who made “going green” a top goal resigned themselves to thinking that they would need […]
The extraordinary synergy of wi-fi and 5G in enterprise networks
It’s Wednesday afternoon. A severe thunderstorm is forecasted to roll through your suburb in the next hour. As it nears, your electricity goes out. Fortunately, your cell phone still works. That’s because the 5G technology powering your phone remains intact, giving you a reassuring sense of security and an open line of communication with weather updates, friends and family during […]
Zero Day Summer: Microsoft Warns of Fresh New Software Exploits
Microsoft’s struggles with zero-day exploits rolled into a new month with a fresh Patch Tuesday warning about malware attacks in the wild. The post Zero Day Summer: Microsoft Warns of Fresh New Software Exploits appeared first on SecurityWeek.
Intel Capital Bets on Zenity for Low-Code/No-Code Security
Israeli security startup Zenity banks $16.5 million in new venture capital funding to work on ‘low-code/no-code’ security technology. The post Intel Capital Bets on Zenity for Low-Code/No-Code Security appeared first on SecurityWeek.
Beyond.pl: Addressing sovereign cloud needs in Poland and beyond
Wojciech Stramski, CEO of Beyond.pl a data center, cloud, and Managed Services provider, is quick to point out that enterprises’ data sovereignty requirements are growing in scope. As cloud computing becomes increasingly ubiquitous with business success, ensuring that data not only resides within sovereign jurisdiction, but that it is also subject to applicable laws, is […]
Salesforce readies Einstein Copilot to unleash generative AI across its offerings
The hype around generative AI since ChatGPT’s launch in November 2022 has driven some software vendors to rush to incorporate the technology into their applications. Despite being an early adopter of AI in general, Salesforce has taken a more measured approach to generative AI. Following its announcement of Einstein GPT in March, the company has […]
Artificial Intelligence in Cybersecurity: Good or Evil?
As I reflect on the biggest technology innovations during my career―the Internet, smartphones, social media―a new breakthrough deserves a spot on that list. Generative AI has taken the world seemingly by storm, impacting everything from software development, to marketing, to conversations with my kids at the dinner table. At the recent Six Five Summit, I […]
Adobe Says Critical PDF Reader Zero-Day Being Exploited
Adobe raises an alarm for new in-the-wild zero-day attacks hitting users of its widely deployed Adobe Acrobat and Reader product. The post Adobe Says Critical PDF Reader Zero-Day Being Exploited appeared first on SecurityWeek.
Zero Trust Security for NIS2 compliance: What you need to know
Over 100,00 organizations are expected to be impacted by Network and Information Security Directive (NIS2) cybersecurity standards that European Union (EU) member states must implement by October 2024. [i] NIS2 was adopted in early 2023 as a response to increasing digitalization and rising cybersecurity threats stemming from the COVID-19 pandemic and the Russia-Ukraine War. NIS2 regulations […]
Thousands of Code Packages Vulnerable to Repojacking Attacks
Despite GitHub’s efforts to prevent repository hijacking, researchers continue finding new attack methods, and thousands of code packages. The post Thousands of Code Packages Vulnerable to Repojacking Attacks appeared first on SecurityWeek.
Iranian Cyberspies Deployed New Backdoor to 34 Organizations
Iran-linked cyberespionage group Charming Kitten has infected at least 34 victims in Brazil, Israel, and UAE with a new backdoor. The post Iranian Cyberspies Deployed New Backdoor to 34 Organizations appeared first on SecurityWeek.
Vector Embeddings – Antidote to Psychotic LLMs and a Cure for Alert Fatigue?
Vector embeddings – data stored in a vector database – can be used to minimize hallucinations from a GPT-style large language model AI system (such as ChatGPT) and perform automated triaging on anomaly alerts. The post Vector Embeddings – Antidote to Psychotic LLMs and a Cure for Alert Fatigue? appeared first on SecurityWeek.
ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products
ICS Patch Tuesday: Siemens has released 7 new advisories and Schneider Electric has released 1 new advisory. The post ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products appeared first on SecurityWeek.
China-Linked ‘Redfly’ Group Targeted Power Grid
Symantec warns that the Redfly APT appears to be focusing exclusively on targeting critical national infrastructure organizations. The post China-Linked ‘Redfly’ Group Targeted Power Grid appeared first on SecurityWeek.
Oracle expects data-hungry generative AI to drive revenue growth
Oracle is betting on high demand for data, driven by generative AI-related workloads, to boost revenue in upcoming quarters as enterprises look to adopt generative AI for productivity and efficiency. “Generative AI is changing everything. As of today, AI development companies have signed contracts to purchase more than $4 billion of AI training capacity in […]
Court Convicts Portuguese Hacker in Football Leaks Trial and Gives Him a 4-Year Suspended Sentence
Portuguese hacker behind “Football Leaks” convicted by a Lisbon court of nine crimes and given a suspended prison sentence of four years. The post Court Convicts Portuguese Hacker in Football Leaks Trial and Gives Him a 4-Year Suspended Sentence appeared first on SecurityWeek.
Cleafy Raises €10 Million for Online Banking Fraud Prevention Platform
Real-time online banking fraud prevention firm Cleafy has raised €10 million ($10.7 million) in a funding round led by United Ventures. The post Cleafy Raises €10 Million for Online Banking Fraud Prevention Platform appeared first on SecurityWeek.
Finding Your Way in Cloud Security
The next time you see CNAPP, CASB, WAAS, CSPM or many of the other phrases, it will be helpful to take a deep breath and realize enterprise security has never been a binary one or zero. The post Finding Your Way in Cloud Security appeared first on SecurityWeek.
Schneider Electric leverages AI to help develop employees’ careers
AI is coming into its own as a practical technology for helping companies with a range of initiatives, from improving customer experience to streamlining business processes. And, while the technology’s long-term impact on the workforce remains unclear, some companies, such as France-based Schneider Electric, are putting AI to work to aid employees in advancing their […]
7 dark secrets of generative AI
The stock prices are soaring. Everyone is still amazed by the way the generative AI algorithms can whip off some amazing artwork in any style and then turn on a dime to write long essays with great grammar. Every CIO and CEO has a slide or three in their deck ready to discuss how generative […]
DFIR Company Binalyze Raises $19 Million in Series A Funding
Estonian DFIR company Binalyze has raised $19 million in a Series A funding round to grow and improve its product. The post DFIR Company Binalyze Raises $19 Million in Series A Funding appeared first on SecurityWeek.
Google Patches Chrome Zero-Day Reported by Apple, Spyware Hunters
Google has released a Chrome 116 security update to patch CVE-2023-4863, the fourth Chrome zero-day vulnerability documented in 2023. The post Google Patches Chrome Zero-Day Reported by Apple, Spyware Hunters appeared first on SecurityWeek.
Managed services projections increase through 2023
In this report, the news about technology investments was surprisingly upbeat. Despite national news about increased costs, economic uncertainty, and more reports of technology firm layoffs, respondents indicated that they were planning to spend more IT budget in 2023, not less. A notable 51% of respondents said that their IT budgets would increase, compared with […]
MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down Systems
MGM Resorts confirms “cybersecurity incident” led to the shutdown of web sites and IT systems of hotels throughout the United States. The post MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down Systems appeared first on SecurityWeek.
US Marks 22 Years Since 9/11 Terrorist Attacks
One organization is hoping to transform the anniversary of 9/11 into a day of doing good. The post US Marks 22 Years Since 9/11 Terrorist Attacks appeared first on SecurityWeek.
Building digital fluency in the C-suite and beyond
When it comes to fostering digital literacy in the C-suite, Michael Seals literally wrote the book. At his company, anyway. In tandem with his job as chief digital officer and senior vice president of strategy at Hussman, Seals got a Ph.D. in business administration and wrote his dissertation on digital acuity and intelligence in “incumbent […]
The digital transformation of an island nation: how Bahrain rose to lead cloud adoption in the GCC Region
Bahrain EDB As cloud adoption grows, its impact on economies and businesses is starting to show that digital transformation can make good on the utopian promises of innovation and improved public services. Those who demand to see hard facts that prove the power of cloud should examine Bahrain. A new IDC study details the Kingdom’s […]
After Microsoft and X, Hackers Launch DDoS Attack on Telegram
Anonymous Sudan launches a DDoS attack against Telegram in retaliation for the suspension of their primary account on the platform. The post After Microsoft and X, Hackers Launch DDoS Attack on Telegram appeared first on SecurityWeek.
Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach
Cybercriminals breached an AP Stylebook website and obtained information on customers who were then targeted in phishing attacks. The post Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach appeared first on SecurityWeek.
Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers
The personal information of more than 800,000 individuals was stolen from bookstore chain Dymocks in a cyberattack last week. The post Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers appeared first on SecurityWeek.
Spies, Hackers, Informants: How China Snoops on the West
Some of the ways China has worked to spy on the West in recent years. The post Spies, Hackers, Informants: How China Snoops on the West appeared first on SecurityWeek.
FBI Blames North Korean Hackers for $41 Million Stake.com Heist
FBI says North Korean hacking group Lazarus has stolen $41 million in cryptocurrency from online betting platform Stake.com. The post FBI Blames North Korean Hackers for $41 Million Stake.com Heist appeared first on SecurityWeek.
What is SAFe? A framework for scaling business agility
Scaled Agile Framework (SAFe) explained The Scaled Agile Framework encompasses a set of principles, processes, and best practices that helps larger organizations adopt agile methodologies, such as Lean, Kanban, and Scrum, to deliver high-quality products and services faster. SAFe is particularly well-suited to complex projects that involve multiple large teams at the project, program, and […]
Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices
A researcher has found 7 vulnerabilities in Socomec UPS products that can be exploited to hijack and disrupt devices. The post Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices appeared first on SecurityWeek.
Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cybercrime
One of Myanmar’s biggest and most powerful ethnic minority militias arrested and repatriated more than 1,200 Chinese nationals allegedly involved in criminal online scam operations. The post Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cybercrime appeared first on SecurityWeek.
Governance for responsible AI: The easy things and the hard ones
By Charna Parkey and Steven Tiell, DataStax. Companies developing and deploying AI solutions need robust governance to ensure they’re used responsibly. But what exactly should they focus on? Based on a recent DataStax panel discussion, “Enterprise Governance in a Responsible AI World,” there are a few hard and easy things organizations should pay attention to […]
Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks
Cisco is warning of a zero-day vulnerability in Cisco ASA and FTD that can be exploited remotely, without authentication, in brute force attacks. The post Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks appeared first on SecurityWeek.
In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach
Noteworthy stories that might have slipped under the radar: LastPass vault hacking, Russia targets energy facility in Ukraine, NXP data breach. The post In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach appeared first on SecurityWeek.
New Phishing Campaign Launched via Google Looker Studio
Check Point has observed a wave of phishing attacks launched via Google Looker Studio to steal credentials and funds from intended victims. The post New Phishing Campaign Launched via Google Looker Studio appeared first on SecurityWeek.
Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap
Emsisoft urges its users to update anti-malware and other security products after signing them with an improperly issued digital certificate. The post Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap appeared first on SecurityWeek.
J&J enlists AI to streamline joint replacement surgery
Operating rooms are a significant source of revenue for healthcare organizations — and a main contributor to costs. As such, any cost savings in operating rooms can have broad financial impact on a healthcare facility’s bottom line. One of the main reasons for the lower efficiency of operating rooms is the excessive amount of time taken […]
Is AI in the enterprise ready for primetime? Not yet.
Although bullish on the prospects for AI to automate many work activities, McKinsey acknowledges it’ll take several decades for this to happen at any scale. CIOs and other executive leaders should keep this in mind amid the hype and wild claims made by many vendors and consultants. There are a number of reasons why meaningful […]
US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities
APTs exploited vulnerabilities in Zoho ManageEngine and Fortinet VPNs to hack an aerospace organization in early January 2023. The post US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities appeared first on SecurityWeek.
US, UK Sanction More Members of Trickbot Russian Cybercrime Group
The US and UK have announced sanctions against 11 more alleged members of the Russian cybercrime group Trickbot. The post US, UK Sanction More Members of Trickbot Russian Cybercrime Group appeared first on SecurityWeek.
Apple Patches Actively Exploited iOS, macOS Zero-Days
Apple pushes out an urgent point-update to its flagship iOS and macOS platforms to fix a pair of security defects being exploited in the wild. The post Apple Patches Actively Exploited iOS, macOS Zero-Days appeared first on SecurityWeek.
SAP to buy LeanIX to advance process optimization with AI
SAP has agreed to buy German enterprise architecture management specialist LeanIX, hoping its early adoption of AI will help with the massive task of migrating customers still using SAP’s legacy software on premises to the more modern S/4HANA in the cloud. LeanIX has around 1,000 customers for its EAM SaaS offering, its CEO André Christ […]
Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers
Google again catches a North Korean APT actor targeting security researchers with zero-days and rigged software tools. The post Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers appeared first on SecurityWeek.
3 keys to boosting your engineering culture
Companies large and small are focused on attracting and retaining top talent. Achieving this goal is an evergreen priority for any business, but taking this idea from vision to action and execution is what separates good companies from great ones. Bridging the gap between vision and execution in the effort to create a robust, engaged […]
Generative AI: Balancing security with innovation
The speed at which artificial intelligence (AI)—and particularly generative AI (GenAI)—is upending everyday life and entire industries is staggering. Slowing the progression of AI may be impossible, but approaching AI in a thoughtful, intentional, and security-focused manner is imperative for fintech companies to nullify potential threats and maintain customer trust while still taking advantage of […]
7 ways to ensure the success of product-centric reliability
As a fintech company, the reliability of our products and services is critical to ensuring that Discover® Financial Services customers can access their money, credit, and accounts when they need to. Like many other companies, Discover has adopted a product-centric approach where the responsibility for reliability sits with the product teams. My team at Discover […]
How product-centric engineering has revolutionized Discover
A company’s journey to digital transformation heavily depends on the processes put in place to support the effort. You need the right people. You need the right technology. But without proper attention paid to the processes that support these — call it the third leg of the proverbial stool — the effort to modernize breaks […]
Fostering Innovation at Discover Financial Services
Innovation has a different meaning for every organization. At Discover® Financial Services, it lies at the heart of the company’s business goals and growth. And it boils down to one core concept: a relentless commitment to improving the way people work and enhancing the careers of engineers. “Innovation is about modernization, it’s about optimization,” said […]
The multi-cloud era – a faster path forward for enterprises and Managed Services Providers
The era of the multi-cloud landscape is here. CIOs are taking deliberate action by proactively matching workloads and applications with the ideal cloud, and companies are also seeing a proliferation of multi-cloud architectures created by mergers and acquisitions, data sovereignty needs, support for remote work, and shadow IT. This is leading to a multi-cloud approach […]
Wealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme
Vladislav Klyushin was sentenced to nine years in prison for his role in a nearly $100M stock market cheating scheme that relied on information stolen by hacking. The post Wealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme appeared first on SecurityWeek.
Generative AI’s potential as a force multiplier in defense
When it comes to safeguarding people and nations, innovation can never rest. That’s why, around the world, governments and the defense industry as a whole are now investing and exploring generative artificial intelligence (AI), or large language models (LLMs), to better understand what’s possible. At first blush, it seems that generative AI and LLM tools […]
The Team8 Foundry Method for Selecting Investable Startups
Team8, a VC organization with added sauce, queried more than 130 CISOs from its own ‘CISO Village’ to discover the concerns of existing cybersecurity practitioners, and the technologies they are seeking for the future. The post The Team8 Foundry Method for Selecting Investable Startups appeared first on SecurityWeek.
See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack
See Tickets is informing 300,000 individuals that their payment card information was stolen in a new web skimmer attack. The post See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack appeared first on SecurityWeek.
‘Atomic macOS Stealer’ Malware Delivered via Malvertising Campaign
A malware named Atomic macOS Stealer (AMOS) has been delivered to users via a malvertising campaign. The post ‘Atomic macOS Stealer’ Malware Delivered via Malvertising Campaign appeared first on SecurityWeek.
CISA Releases Guidance on Adopting DDoS Mitigations
CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact. The post CISA Releases Guidance on Adopting DDoS Mitigations appeared first on SecurityWeek.
Tenable to Acquire Cloud Security Firm Ermetic for $240 Million
Tenable is set to acquire cloud security firm Ermetic for $240 million as it looks to expand the capabilities of its exposure management platform. The post Tenable to Acquire Cloud Security Firm Ermetic for $240 Million appeared first on SecurityWeek.
Cisco Patches Critical Vulnerability in BroadWorks Platform
Cisco has released patches for CVE-2023-20238, a critical authentication bypass vulnerability in the BroadWorks Application Delivery Platform. The post Cisco Patches Critical Vulnerability in BroadWorks Platform appeared first on SecurityWeek.
Make SASE your cybersecurity armor – but don’t go it alone
Production lines, networks, call centers: every aspect of your organization is being revolutionized in different ways by technology such as AI, automation, edge computing and the many flavors of cloud. Additionally, many employees now work from home part- or full-time, using a range of corporate-issued or personal devices outside the traditional network perimeter. All these […]
Cisco Finds 8 Vulnerabilities in OAS Industrial IoT Data Platform
Vulnerabilities identified in the OAS Platform could be exploited to bypass authentication, leak sensitive information, and overwrite files. The post Cisco Finds 8 Vulnerabilities in OAS Industrial IoT Data Platform appeared first on SecurityWeek.
Briefing the board on AI: Educate to tee up investment
This year’s escalating hype around artificial intelligence finds CIOs once again in the spotlight. With leaders from every department bandying about possibilities and concerns, CIOs are uniquely positioned to provide real talk and leadership on the company’s AI agenda. One place where those conversations must occur but perhaps have not to date is the boardroom. […]
What AI already does well in supply chain management
Supply chains perform a series of actions starting with product design and proceeding to procurement, manufacturing, distribution, delivery, and customer service. “At each of these points lie big opportunities for AI and ML,” says Devavrat Bapat, Head of AI/ML data products at Cisco. That’s because the current generation of AI is already very good at […]
IBM Discloses Data Breach Impacting Janssen Healthcare Platform
IBM has disclosed a data breach involving a Janssen healthcare platform that last year helped more than 1 million patients. The post IBM Discloses Data Breach Impacting Janssen Healthcare Platform appeared first on SecurityWeek.
Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Errors
Microsoft reveals how a crash dump from 2021 inadvertently exposed a key that Chinese cyberspies later leveraged to hack US government emails. The post Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Errors appeared first on SecurityWeek.
Cash-Strapped IronNet Faces Bankruptcy Options
It appears to be the end of the road for IronNet, the once-promising network security play founded by former NSA director General Keith Alexander. The post Cash-Strapped IronNet Faces Bankruptcy Options appeared first on SecurityWeek.
Price shock: IBM to increase cloud costs by up to 26% in 2024
IBM is all set to increase its cloud services costs by up to 26% from January 2024. The new price rise will affect infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings, the company said in a GitHub post. International customers will witness a steeper price hike compared to their US peers. IBM PaaS services — slated for […]
Lessons from the field: How Generative AI is shaping software development in 2023
Since ChatGPT’s release in November of 2022, there have been countless conversations on the impact of similar large language models. Generative AI has forced organizations to rethink how they work and what can and should be adjusted. Specifically, organizations are contemplating Generative AI’s impact on software development. While the potential of Generative AI in software […]
Investors Betting Big on Upwind for CNAPP Tech
Upwind raises a total of $80 million in just 10 months as investors pour cash into startups in the cloud and data security categories. The post Investors Betting Big on Upwind for CNAPP Tech appeared first on SecurityWeek.
Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F)
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain. The post Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) appeared first on SecurityWeek.
Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio
Dozens of vulnerabilities have been found in widely used security cameras made by defunct Chinese company Zavio. The post Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio appeared first on SecurityWeek.
Thousands of Popular Websites Leaking Secrets
Truffle Security has discovered thousands of popular websites leaking their secrets, including .git directories and AWS and GitHub keys. The post Thousands of Popular Websites Leaking Secrets appeared first on SecurityWeek.
Is an integrated ERP suite or a composable ERP strategy right for you?
Today’s business climate is rife with economic uncertainty that is causing IT leaders to do more with less while still innovating to support the business. It’s a seemingly impossible dilemma: How to use innovation to drive business outcomes while being restrained by a reduced budget? Fortunately, IT leaders can do both by adopting a composable […]
Password-Stealing Chrome Extension Demonstrates New Vulnerabilities
Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore. The post Password-Stealing Chrome Extension Demonstrates New Vulnerabilities appeared first on SecurityWeek.
25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy
Mozilla has analyzed the privacy and security of 25 major car brands and found that they collect a lot of data and can share it or sell it to third parties. The post 25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy appeared first on SecurityWeek.
Android Zero-Day Patched With September 2023 Security Updates
Android’s September 2023 security update resolves a high-severity elevation of privilege vulnerability exploited in malicious attacks. The post Android Zero-Day Patched With September 2023 Security Updates appeared first on SecurityWeek.
Chrome 116 Update Patches High-Severity Vulnerabilities
Google has released another weekly Chrome update, to address four high-severity vulnerabilities reported by external researchers. The post Chrome 116 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Hacker Conversations: Alex Ionescu
SecurityWeek talks to Alex Ionescu, a world-renowned cybersecurity expert who has combined a career as a business executive with that of a security researcher. The post Hacker Conversations: Alex Ionescu appeared first on SecurityWeek.
AI is the boost Mercedes-Benz needs to digitally transform
Mercedes-Benz has long relied on machine learning and classic AI. But now you’re also using generative AI, for example in the MO360 production environment. What exactly is it about and to what extent does it change the profiles of employees? With digitization and the increasing use of powerful AI systems, job profiles are changing in production and administration. AI is […]
7 tough IT security discussions every IT leader must have
Talk may be cheap, but when it comes to IT security, strategic conversations with colleagues, business partners, and other relevant parties can be priceless. The value of addressing cybersecurity issues through ongoing discussions is getting corporate alignment on effective and robust strategies, says Roger Albrecht, co-lead of the cybersecurity unit at technology research and advisory […]
AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure
AtlasVPN developers are working on a patch for an IP leak vulnerability after a researcher publicly disclosed the flaw due to being ignored. The post AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure appeared first on SecurityWeek.
United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue
United Airlines flights were halted nationwide on Sept. 5, because of an “equipment outage,” according to the FAA. The post United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue appeared first on SecurityWeek.
Orro: Delivering a sustainable future enabled by the cloud
In Australia, Orro is synonymous with ironclad software-defined infrastructure and sovereign cloud services that enable new ways of working, from fully managed cloud-native applications that accelerate the pace of business, to advanced collaboration tools that deliver on the promise of remote work. It is a pedigree that aligns well with the company’s ambitious call to […]
3 hard truths about the multi‑cloud journey
Businesses are getting smarter, faster and more resilient in the cloud. But it doesn’t come easy. On the Futurum Tech Webcast, Chief Analyst Daniel Newman for Futurum Research (an analyst firm focused on technology, digital innovation and market disruption) talks with VMware leaders about the surprising challenges of multi-cloud. Here are three takeaways from their […]
How Hackergal is building the talent pipeline of the future
The technology industry is made up of just 26% women, compared to a nearly equal split at 49% across the total workforce. Most notably, that number hasn’t done much besides decrease over the past 30 years, hovering around the same percentage and dipping slightly in recent years. But the lack of women in tech is […]
How to get the most out of this transformative moment for business technology
We are living through a unique moment where two transformative technologies for business are converging. On one side, there is the awesome power of the cloud, which allows businesses to break down silos so their teams can access the data they need to innovate faster and in a more secure environment. On the other side […]
CISA Hires ‘Mudge’ to Work on Security-by-Design Principles
Peiter ‘Mudge’ Zatko joins the US government’s cybersecurity agency to preach the gospel of security-by-design and secure-by-default development principles. The post CISA Hires ‘Mudge’ to Work on Security-by-Design Principles appeared first on SecurityWeek.
Controlling cloud chaos: How to realign IT with the business
The cloud is undoubtedly transformative for both IT and businesses, but the business has often been left out of the process when it comes to cloud technology decisions. In a traditional environment, everyone must collaborate on building servers, storage, and networking equipment. For instance, if IT requires more processing or storage, the team needs to […]
MITRE and CISA Release Open Source Tool for OT Attack Emulation
MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems. The post MITRE and CISA Release Open Source Tool for OT Attack Emulation appeared first on SecurityWeek.
9 Vulnerabilities Patched in SEL Power System Management Products
Nine vulnerabilities patched in SEL electric power management products, adding to the 19 other flaws fixed earlier this year. The post 9 Vulnerabilities Patched in SEL Power System Management Products appeared first on SecurityWeek.
7 Million Users Possibly Impacted by Freecycle Data Breach
Freecycle.org is prompting millions of users to reset their passwords after their credentials were compromised in a data breach. The post 7 Million Users Possibly Impacted by Freecycle Data Breach appeared first on SecurityWeek.
Okta Says US Customers Targeted in Sophisticated Attacks
Okta says some of its US-based customers have been targeted in social engineering attacks whose goal was to disable MFA and obtain high privileges. The post Okta Says US Customers Targeted in Sophisticated Attacks appeared first on SecurityWeek.
Norfolk Southern Says a Software Defect — Not a Hacker — Forced It to Park Its Trains This Week
Norfolk Southern believes a software defect — not a hacker — was the cause of the widespread computer outage that forced the railroad to park all of its trains. The post Norfolk Southern Says a Software Defect — Not a Hacker — Forced It to Park Its Trains This Week appeared first on SecurityWeek.
The ‘IT Business Office’: Doing IT’s admin work right
Among the unenlightened, running IT “like a business” is supposed to be best practice, delivering goods and services to internal customers who IT must fully satisfy, and who then pay for what IT delivers to them through the auspices of a charge-back system. As has been pointed out in this space numerous times (for example, […]
Estée Lauder applies AI, AR for cosmetics accessibility
How can we help visually impaired individuals use our products and feel more self-reliant and confident? That’s the question The Estée Lauder Companies (ELC) set out to answer in 2022 with the help of AI and augmented reality (AR). The result is the Voice-enabled Makeup Assistant (VMA), now fully launched in the UK and US, […]
6 signs an IT manager is struggling — and how to help
IT managers increasingly find themselves oversubscribed, challenged, and in many cases floundering, and it’s little wonder why. Pressured to do more with less, faster, in flatter organizational structures, IT middle managers serve as a company catchall, with too much time spent on lower-value tasks such as administrative work and planning rather than high-value work such […]
Ransomware Attack on Fencing Systems Maker Zaun Impacts UK Military Data
British mesh fencing systems maker Zaun discloses LockBit ransomware attack potentially impacting data related to UK military and intelligence sites. The post Ransomware Attack on Fencing Systems Maker Zaun Impacts UK Military Data appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 40 Deals Announced in August 2023
Forty cybersecurity-related merger and acquisition (M&A) deals were announced in August 2023. The post Cybersecurity M&A Roundup: 40 Deals Announced in August 2023 appeared first on SecurityWeek.
Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs
Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware. The post Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs appeared first on SecurityWeek.
Exploit Code Published for Critical-Severity VMware Security Defect
Exploit code and root-cause analysis released by SinSinology documents the problem as a case where VMWare “forgot to regenerate” SSH keys. The post Exploit Code Published for Critical-Severity VMware Security Defect appeared first on SecurityWeek.
How Accenture’s solution erases the blind spots of services spend management
Facing the possibility of an economic recession, one of the world’s leading professional services companies felt the urgency to improve its grasp on spend management – the practice of fully understanding and managing supplier relations and company purchasing. With 738,000 employees and $3.8 billion in services contracts, it was crucial for Accenture to not only identify every […]
How to make your developer organization more efficient
Developers are hired for their coding skills, but often spend too much time on information-finding, setup tasks, and manual processes. To combat wasted time and effort, Discover® Financial Services championed a few initiatives to help developers get back to what they do best: developing. The result? More than 100,000 hours of developer toil have been […]
SAP poaches Microsoft exec as its new global head of AI
SAP has appointed a new global head of artificial intelligence, Walter Sun, after the previous post-holder quit to found her own AI startup. For the past 18 years, Sun worked at Microsoft, most recently as VP of AI for its business and applications platform group. Sun has a PhD from MIT and continued to publish […]
In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs
Weekly cybersecurity news roundup providing a summary of noteworthy stories that might have slipped under the radar. The post In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs appeared first on SecurityWeek.
Elon Musk Says X, Formerly Twitter, Will Have Voice and Video Calls, Updates Privacy Policy
Twitter has updated its privacy policies, which will allow for the collection of biometric data and employment history, among other information. The post Elon Musk Says X, Formerly Twitter, Will Have Voice and Video Calls, Updates Privacy Policy appeared first on SecurityWeek.
Free Decryptor Available for ‘Key Group’ Ransomware
EclecticIQ has released a free decryption tool to help victims of the Key Group ransomware recover their data without paying a ransom. The post Free Decryptor Available for ‘Key Group’ Ransomware appeared first on SecurityWeek.
Continuous learning gives U.S. Bank a technology talent edge
Many companies today are rapidly adopting new technologies and tools to improve overall efficiencies, improve customer and client experiences, and support key initiatives that are related to business transformation. However, these efforts, while necessary, bring with them growing pains for the workforce. As our global technologies transform, so must our teams. What we have discovered […]
How Nvidia became a trillion-dollar company
Nvidia’s transformation from an accelerator of video games to an enabler of artificial intelligence (AI) and the industrial metaverse didn’t happen overnight — but the leap in its stock market value to over a trillion dollars did. It was when Nvidia reported strong results for the three months to April 30, 2023, and forecast its […]
Intel embraces SDN to modernize its chip factories
Until recently, software-defined networking (SDN) technologies have been limited to use in data centers — not manufacturing floors. But as part of Intel’s expansive plans to upgrade and build a new generation of chip factories in line with its Integrated Device Manufacturing (IDM) 2.0 blueprint, unveiled in 2021, the Santa Clara, Calif.-based semiconductor giant opted […]
Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer
Cisco has observed multiple threat actors adopting the SapphireStealer information stealer after its source code was released on GitHub. The post Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer appeared first on SecurityWeek.
Industry Reactions to Qakbot Botnet Disruption: Feedback Friday
Industry professionals comment on the law enforcement operation targeting the Qakbot botnet and its implications. The post Industry Reactions to Qakbot Botnet Disruption: Feedback Friday appeared first on SecurityWeek.
Over $1 Million Offered at New Pwn2Own Automotive Hacking Contest
ZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo. The post Over $1 Million Offered at New Pwn2Own Automotive Hacking Contest appeared first on SecurityWeek.
Sourcegraph Discloses Data Breach Following Access Token Leak
Sourcegraph says customer information was breached after an engineer accidentally leaked an admin access token. The post Sourcegraph Discloses Data Breach Following Access Token Leak appeared first on SecurityWeek.