Navigating Cloud Cost Complexity and Security
In the ever-evolving landscape of cloud computing, today’s leading enterprises are seeking ways to optimize their operations and enhance their security measures. Cloud costs and security are two critical aspects that every organization must carefully manage, and they are more closely intertwined than you might think. Recent VMware research reveals that 95% of organizations believe […]
Beyond DevSecOps: Why fintech companies need to consider DevSecRegOps
It’s no secret that banks and fintech companies must meet compliance and regulatory standards that are much stricter than what traditional tech companies are forced to comply with. The question becomes: How do you meet strict regulatory and compliance standards while keeping up with the rapid pace of innovation in technology? As the vice president […]
Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO
The SEC’s lawsuit against the CISO of SolarWinds is leaving CISOs across the industry spooked and reevaluating their roles. The post Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO appeared first on SecurityWeek.
Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability
Atlassian warns that a critical vulnerability in Confluence Data Center and Server could lead to significant data loss if exploited. The post Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability appeared first on SecurityWeek.
Palo Alto Networks to Acquire Cloud Security Start-Up Dig Security
Palo Alto Networks has entered into a definitive agreement to acquire Dig Security, a provider of Data Security Posture Management (DSPM) technology. The post Palo Alto Networks to Acquire Cloud Security Start-Up Dig Security appeared first on SecurityWeek.
IAM Credentials in Public GitHub Repositories Harvested in Minutes
A threat actor is reportedly harvesting IAM credentials from public GitHub repositories within five minutes of exposure. The post IAM Credentials in Public GitHub Repositories Harvested in Minutes appeared first on SecurityWeek.
Scaling security: How to build security into the entire development pipeline
When an application is finally ready for deployment, the last thing the development team wants to hear is: “Stop! There’s a security issue.” And then, after months of painstaking work, their application launch is delayed even further. That’s why Discover® Financial Service’s product security and application development teams worked together to shift security left by […]
Attackers Exploiting Critical F5 BIG-IP Vulnerability
Exploitation of a critical vulnerability (CVE-2023-46747) in F5’s BIG-IP product started less than five days after public disclosure and PoC exploit code was published. The post Attackers Exploiting Critical F5 BIG-IP Vulnerability appeared first on SecurityWeek.
Welcome to the trusted edge
The edge is where the action happens, where your employees and equipment do their work, and where customers and clients interact with your brand. It is where data is created, collected, and acted on to create a better customer experience and constituents generate immediate, essential value for your business. Edge computing can be used to […]
Extending ZTNA to Protect Against Insider Threats
One of the main reasons why ZTNA fails is that most ZTNA implementations tend to focus entirely on securing remote access. The post Extending ZTNA to Protect Against Insider Threats appeared first on SecurityWeek.
Ethics in IT: The CIO’s new business imperative
This year’s spotlight on generative AI has been one of several factors increasingly placing corporate ethics in the crosshairs. Important today, ethics will soon become foundational and existential for business. Five years from now an organization’s ability to recruit and retain top talent and design and sell profitable goods and services will depend on how […]
SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures
The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks. The post SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures appeared first on SecurityWeek.
Canada Bans WeChat and Kaspersky on Government Phones
The Chief Information Officer of Canada determined that WeChat and Kaspersky applications present an unacceptable level of risk to privacy and security. The post Canada Bans WeChat and Kaspersky on Government Phones appeared first on SecurityWeek.
Want AI? Here’s how to get your data and infrastructure AI-ready
Artificial intelligence (AI) is reshaping our world. In business, this puts CIOs in one of the most pivotal organizational roles today. CIOs are responsible for much more than IT infrastructure; they must drive the adoption of innovative technology and partner closely with their data scientists and engineers to make AI a reality–all while keeping costs […]
How Value Stream Management is fueling success at Boeing, Tyson, and Verizon
In today’s digitally transforming world, time is of the essence. Whether you’re looking to deliver a new product release, fix an issue, or enhance a service, the longer you make customers wait, the worse for your business. As you seek to boost agility and speed your organization’s digital transformation, there are some proven principles you […]
Boeing Investigating Ransomware Attack Claims
The LockBit ransomware gang claims to have stolen large amounts of data from aerospace giant Boeing. The post Boeing Investigating Ransomware Attack Claims appeared first on SecurityWeek.
Proofpoint to Acquire Tessian for AI-Powered Email Security Tech
Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails. The post Proofpoint to Acquire Tessian for AI-Powered Email Security Tech appeared first on SecurityWeek.
Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft
A 20-year-old Floridian was sentenced to prison for his role in a hacking scheme that led to the theft of $1 million in cryptocurrency. The post Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft appeared first on SecurityWeek.
Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack
Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack. The post Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack appeared first on SecurityWeek.
Apple Improves iMessage Security With Contact Key Verification
New capability detects attacks on iMessage servers and allows users to verify a conversation partner’s identity. The post Apple Improves iMessage Security With Contact Key Verification appeared first on SecurityWeek.
Hackers Earn Over $1 Million at Pwn2Own Toronto 2023
Hackers have demonstrated 58 zero-days and earned more than $1 million in rewards at Pwn2Own Toronto 2023. The post Hackers Earn Over $1 Million at Pwn2Own Toronto 2023 appeared first on SecurityWeek.
AI Safety Summit: What to expect as global leaders eye AI regulation
The AI Safety Summit, convened by the UK government, is the latest in a series of regional and global political initiatives to shape the role AI will play in society. Prime Minister Rishi Sunak sees the summit as an opportunity for the UK, sidelined since its departure from the European Union, to create a role […]
Biden Wants to Move Fast on AI Safeguards and Will Sign an Executive Order to Address His Concerns
President Joe Biden on Monday will sign a sweeping executive order to guide the development of artificial intelligence — requiring industry to develop safety and security standards, and introducing new consumer protections. The post Biden Wants to Move Fast on AI Safeguards and Will Sign an Executive Order to Address His Concerns appeared first on […]
Whistleblowers: Should CISOs Consider Them a Friend or Foe?
Are whistleblowers traitors to the company, a danger to corporate brand image, and a form of insider threat? Or are they an early warning safety valve that can be used to strengthen cybersecurity and compliance? The post Whistleblowers: Should CISOs Consider Them a Friend or Foe? appeared first on SecurityWeek.
Why adaptability is the new digital transformation
The past decade in IT has been all about digital transformation. Under the aegis of digital transformation, IT initiatives have become more customer-centric, with a greater emphasis on people, not technology — all in an effort to redefine how the organization operates and to ensure it can keep up with the pace of change, capable […]
The rise of the chief transformation officer
Like so many IT leaders, Richard Wiedenbeck wears multiple hats. Yet unlike his peers, Wiedenbeck’s dual roles — the top technology executive as well as the transformation lead at Ameritas — are often at odds. As chief technology officer, Wiedenbeck is driving automation and IT modernization to reduce complexity and technical debt. In his chief […]
Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner. The post Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools appeared first on SecurityWeek.
In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Noteworthy stories that might have slipped under the radar: Ex-NSA employee spying for Russia, EU threat landscape report, cyber education funding The post In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding appeared first on SecurityWeek.
F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP
A critical-severity vulnerability in F5 BIG-IP CVE-2023-46747 allows unauthenticated attackers to execute code remotely. The post F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP appeared first on SecurityWeek.
UN Chief Appoints 39-Member Panel to Advise on International Governance of Artificial Intelligence
U.N. Secretary-General António Guterres assembled a global advisory panel to report on international governance of artificial intelligence and its risks, challenges and key opportunities. The post UN Chief Appoints 39-Member Panel to Advise on International Governance of Artificial Intelligence appeared first on SecurityWeek.
16 best entry-level IT certifications to launch your career
Certifications give your resume more credibility and can make you more marketable to recruiters and hiring managers. And at the entry-level, they’re a great way to stand out from other candidates — and even boost your pay. As you grow in your career, you’ll want to consider more advanced certifications to continue your professional development. By […]
Lufthansa’s digital future takes flight with ‘Digital Hangar’
In June, the Lufthansa Group’s Digital Hangar touched down in Barcelona. A new business unit, which also has hubs in Brussels, Frankfurt, Gdansk, Vienna, and Zurich, Digital Hangar was founded in September 2022 with the aim to create the world’s best-connected travel experience, incorporating both in-person and digital services. Each Hangar houses agile coaches, business […]
AWS revenue growth stabilizes with a boost from generative AI-led services
AWS posted a stable 12% revenue growth in the third quarter of 2023 buoyed by demand for generative AI-led services, despite customers trying to optimize their cloud spending. For the last few sequential quarters, revenue growth for AWS has been on a constant decline. The 12% growth in the September quarter is a sign of […]
With generative AI, IT must deliver knowledge…not just technology
You don’t have to look further than recent headlines to know generative AI has garnered outsized attention in 2023. And for good reason. GenAI has been estimated to increase skilled worker performance by up to 40% with the potential to add trillions of dollars in value to the global economy. This is because GenAI brings […]
What IT executives are saying about vendor consolidation
As the tech economy has adjusted to the current economic environment, there has been a great deal of debate in both the vendor and investor communities about vendor consolidation. While there is little doubt that companies have been cutting back on expenses generally in response to economic uncertainty, startups in particular have been feeling the […]
Why IT needs to be in the driver’s seat with generative AI
It wasn’t that long ago that the cloud transformed the IT world. For some, this transformation played to their strengths. Others took it as a wake-up call. After all, the swipe-your-credit-card-and-go era demonstrated that developers could leap-frog procurement cycles to gain access to what they desired: abundant access to cloud resources. Either way, IT ultimately […]
Run Generative AI on-premises, with a cloud experience
IT leaders are grappling with a critical question as they seek to deploy generative AI workloads today: Is it better for my business to run GenAI applications in the public cloud or on-premises? The question inspires spirited debate from both sides of the hosting aisle. Most IT leaders say, “It depends.” True, but it also […]
Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data
Mirth Connect versions prior to 4.4.1 are vulnerable to CVE-2023-43208, a bypass for an RCE vulnerability. The post Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data appeared first on SecurityWeek.
AI Security Firm Cranium Raises $25 Million
AI cybersecurity firm Cranium has raised $25 million in Series A funding, which brings the total investment in the company to $32 million. The post AI Security Firm Cranium Raises $25 Million appeared first on SecurityWeek.
Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023
Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023. The post Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023 appeared first on SecurityWeek.
iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones
New iLeakage side-channel speculative execution attack exploits Safari to steal sensitive information from Macs and iPhones. The post iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones appeared first on SecurityWeek.
CISA, HHS Release Cybersecurity Healthcare Toolkit
CISA and the HHS have released resources for healthcare and public health organizations to improve their security. The post CISA, HHS Release Cybersecurity Healthcare Toolkit appeared first on SecurityWeek.
Kansas Court System Down Nearly 2 Weeks in ‘Security Incident’ That Has Hallmarks of Ransomware
Kansas is calling a massive computer outage that’s kept most of the state’s courts offline for 2 weeks a “security incident” and experts say it’s likely ransomware. The post Kansas Court System Down Nearly 2 Weeks in ‘Security Incident’ That Has Hallmarks of Ransomware appeared first on SecurityWeek.
Key Learnings from “Big Game” Ransomware Campaigns
There are key steps every organization should take to leverage threat and event data across the lifecycle of a cyber incident. The post Key Learnings from “Big Game” Ransomware Campaigns appeared first on SecurityWeek.
Weapons Systems Provide Valuable Lessons for ICS/OT Security
Cybersecurity techniques and penetration testing used in the field of weapons systems can provide valuable lessons for ICS/OT security. The post Weapons Systems Provide Valuable Lessons for ICS/OT Security appeared first on SecurityWeek.
Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack
Japanese watchmaking giant Seiko has confirmed that personal information was stolen in a recent ransomware attack. The post Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Google Announces Bug Bounty Program and Other Initiatives to Secure AI
Google announces a bug bounty program and other initiatives for increasing the safety and security of AI. The post Google Announces Bug Bounty Program and Other Initiatives to Secure AI appeared first on SecurityWeek.
Day 3 of SecurityWeek’s 2023 ICS Cybersecurity Conference — Challenges and Solutions
SecurityWeek’s 2023 ICS Cybersecurity Conference continues in Atlanta, with challenges and solutions the focus of Day 3. The post Day 3 of SecurityWeek’s 2023 ICS Cybersecurity Conference — Challenges and Solutions appeared first on SecurityWeek.
Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards
Amazon is rolling out an independent cloud for Europe as it looks to address strict regulations that companies and those in the public sector face in the European Union. The post Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards appeared first on SecurityWeek.
IBM bets on generative AI to escape economic headwinds
IBM is betting big on generative AI to escape macroeconomic headwinds and finish the fiscal year at a high. “Overall, we believe the tailwinds outweigh the headwinds, and technology spend will continue to outpace GDP. In this past quarter, we saw good revenue growth in software and consulting,” IBM CEO Arvind Krishna said during an […]
COO Marina Bellini on leading IT talent for growth
Marina Bellini’s career journey has shaped her unique perspective and leadership playbook. She started out in Big 4 consulting and then spent several decades working across three global, big-brand CPG companies. Most recently, she made the shift from CI&DO to COO at Latin America’s largest bank, Banco Itaú, where she is leading a major operating model […]
What is a business intelligence analyst? A key role for data-driven decisions
Business intelligence (BI) analysts transform data into insights that drive business value. Through use of data analytics, data visualization, and data modeling techniques and technologies, BI analysts can identify trends that can help other departments, managers, and executives make business decisions to modernize and improve processes in the organization. What does a business intelligence analyst […]
5 key leadership skills an executive coach can help you master
When a civil engineering company went through layoffs during tough economic times, its 28-year-old project manager suddenly found himself promoted to the company’s top IT role. Just a few years after doing desktop support at the same firm, he was thrust into the position of IT manager, meeting with the CEO and running the show […]
Multicloud by design simplifies your cloud experience
Challenges in APAC’s Multicloud Adoption Journey Organisations in Asia Pacific (APAC) are looking at multicloud solutions to help them navigate IT management complexity, digital skills gaps, and limited data and application visibility. After all, an effective multicloud framework offers greater platform and service flexibility by leveraging the strengths of multiple cloud environments to drive business […]
‘YoroTrooper’ Espionage Group Linked to Kazakhstan
Cisco links the espionage-focused ‘YoroTrooper’ threat actor to Kazakhstan. The post ‘YoroTrooper’ Espionage Group Linked to Kazakhstan appeared first on SecurityWeek.
Apple Ships Major iOS, macOS Security Updates
Apple patches dozens of serious security flaws in its macOS and iOS platforms, warning that hackers could launch code execution exploits. The post Apple Ships Major iOS, macOS Security Updates appeared first on SecurityWeek.
Generative AI: 5 enterprise predictions for AI and security — for 2023, 2024, and beyond
Trends/Predictions: Enterprise use of AI tools will only grow, with industries like manufacturing leading the charge Enterprises will secure AI/ML applications to stay ahead of risk Enterprises will seek visibility and intelligent access controls around AI and ML applications AI will become a key component of enterprise data protection AI will transform how enterprises understand […]
What you need to know about Okta’s security breach
On October 20, 2023, Okta Security identified adversarial activity that used a stolen credential to gain access to the company’s support case management system. Once inside the system, the hacker gained access to files uploaded by Okta customers using valid session tokens from recent support cases. As a result of using the extracted tokens from […]
How medical technology helps us live the best version of ourselves
It’s almost commonplace. Get people chatting and you will find that several of them have had, or know someone that’s having, a joint replacement. It’s all about mobility. Modern medical technology is restoring agility with artificial joints and minimally invasive procedures so we can all heal faster and live our best lives. I recently had […]
Firefox, Chrome Updates Patch High-Severity Vulnerabilities
Firefox and Chrome updates released this week resolve multiple high-severity memory safety vulnerabilities. The post Firefox, Chrome Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day
Russian APT Winter Vivern exploits a zero-day in the Roundcube webmail server in attacks targeting European governments. The post Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day appeared first on SecurityWeek.
Hackers Earn $400k on First Day at Pwn2Own Toronto 2023
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023. The post Hackers Earn $400k on First Day at Pwn2Own Toronto 2023 appeared first on SecurityWeek.
Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure
Mandiant’s Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in a series of eyebrow-raising attacks against targets in Guam and the United States. The post Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure appeared first […]
Part 1: Guarding against sophisticated threats: Strategies for your best defense
In the second episode of Threat Vector, Kristopher Russo, senior threat researcher at Unit 42, and David Moulton, discuss the threat landscape and take a deeper dive into the intricate workings of Muddled Libra (related to Scattered Spider and Scatter Swine). This formidable threat group poses significant challenges to telecommunications, technology and software automation industries. […]
Part 2: Guarding against sophisticated threats: Strategies for your best defense
In the second part of our deep dive into Muddled Libra’s tactics, Threat Vector welcomes Stephanie Regan, a senior consultant with Unit 42 with a law enforcement background. Regan and David Moulton, discuss the challenges Muddled Libra and other threat groups pose. Threat actors are often highly persistent and can rapidly pivot when encountering roadblocks. […]
New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding
A new project aims to make it easier for PLC programmers to implement secure coding practices by cataloging useful files and functions from each vendor. The post New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding appeared first on SecurityWeek.
What is AI’s current impact on cybersecurity?
In our inaugural episode, Michael “Siko” Sikorski, CTO and VP of Engineering and Threat Intelligence at Unit 42 answers that question and speaks to the profound influence of artificial intelligence in an interview with David Moulton, Director of thought leadership for Unit 42. What’s Sikorski’s critical concern? The pervasive integration of AI, particularly ChatGPT and […]
Censys Banks $75M for Attack Surface Management Technology
Michigan startup raises $75 million in new funding as venture capital investors bet big on attack surface management technologies. The post Censys Banks $75M for Attack Surface Management Technology appeared first on SecurityWeek.
Critical Infrastructure Stakeholders Gather for Day 2 of SecurityWeek’s 2023 ICS Cybersecurity Conference
SecurityWeek’s 2023 ICS Cybersecurity Conference continues in Atlanta, as hundreds of industrial cybersecurity stakeholders gather for Day 2 of the annual industrial cybersecurity conference. The post Critical Infrastructure Stakeholders Gather for Day 2 of SecurityWeek’s 2023 ICS Cybersecurity Conference appeared first on SecurityWeek.
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products
VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10. The post VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products appeared first on SecurityWeek.
The Cybersecurity Resilience Quotient: Measuring Security Effectiveness
The Cybersecurity Resilience Quotient empowers organizations to assess their security posture comprehensively, considering asset exposure, vulnerabilities, and criticality alongside process and network architecture and disaster recovery plans. The post The Cybersecurity Resilience Quotient: Measuring Security Effectiveness appeared first on SecurityWeek.
How Whirlpool’s CIO makes digital business models run end to end
As a household name in household goods, with annual sales of $22 billion, Whirlpool has 54 manufacturing and tech research centers worldwide, and bursts with a portfolio that includes several familiar brands including KitchenAid, Maytag, Amana, Yummly, among others. The company employs 69,000 globally as well, and Danielle Brown, the company’s SVP and CIO, has […]
3 commandments that should drive every API strategy
In the early 2000s, companies like Amazon, eBay, and Salesforce drove a trend toward standardizing interfaces among web applications. The result was a complete overhaul of how applications were developed and integrated, thanks to a growing network of open web APIs that anyone could consume. During this period, Amazon founder Jeff Bezos wrote a memo […]
Author E. Freya Williams has a Message for Tech Leaders
In May of 2021 VMware unveiled VMware Zero Carbon Committed, an initiative to encourage partners to power their data centers with renewable energy sources by 2030. To date, more than 70 of the world’s leading cloud services and solutions providers made the commitment and are working to combat climate change by radically reducing their carbon […]
Personal Information Stolen in City of Philadelphia Email Hack
The City of Philadelphia says personal, health, and financial information was stolen in a cyberattack on its email environment. The post Personal Information Stolen in City of Philadelphia Email Hack appeared first on SecurityWeek.
Top overlooked GenAI security risks for businesses
As GenAI continues to evolve, organizations of all sizes are wondering if, how, and to what extent to integrate it into their operations. Many are under pressure to show that they are adopting these new technologies and not falling behind the competition. But adding these new capabilities to your tech stack comes with a host […]
Fortifying your engineering ecosystem: The three pillars of application security
The engineering ecosystem has undergone a massive paradigm shift – more languages, more frameworks, and minimal technical or procedural barriers to adopt new technologies or implement third-party tools and frameworks. This comes as organizations are racing to ship software as quickly as possible to deliver new features and cloud applications to remain competitive. To speed […]
Unveiling the risks of OT systems and how to secure them
When we consider what security means for an organization, most think of needing to secure systems and devices like cloud computing instances, servers, employee workstations, and other tech commonly seen in the workplace. While these are certainly important, there are many other devices requiring protection that are hiding in plain sight. Operational technology (OT) is […]
Exploring the pros and cons of cloud-based large language models
The paradigm shift towards the cloud has dominated the technology landscape, providing organizations with stronger connectivity, efficiency, and scalability. As a result of ongoing cloud adoption, developers face increased pressures to rapidly create and deploy applications in support of their organization’s cloud transformation goals. Cloud applications, in essence, have become organizations’ crown jewels and developers […]
Utilizing AI to defend the Black Hat NOC
This year’s Black Hat USA conference saw more than 907M threat events detected in real time, according to data collected by Palo Alto Networks. This is a staggering number that shows just how attractive the event is to threat actors – and artificial intelligence (AI) was a key driver in protecting against these attempts. With […]
What do Security Operations Centers really need—today…and tomorrow
We are at a crossroads where well-funded threat actors are leveraging innovative tools, such as machine learning and artificial intelligence, while Security Operations Centers (SOCs), built around legacy technologies like security information and event management (SIEM) solutions, are failing to rise to the occasion. Organizations of all sizes need a scalable solution that keeps pace […]
Empowering cyber resilience in education: Three strategies for the future
Those of us with the privilege to work in education have an opportunity to shape the next generation to be more cyberaware and make our digital world a safer place. It’s an obligation we must all take seriously. The threat environment is becoming more perilous, particularly with the growing use of artificial intelligence by hackers. […]
Four things that matter in the AI hype cycle
It’s been almost one year since a new breed of artificial intelligence took the world by storm. The capabilities of these new generative AI tools, most of which are powered by large language models (LLM), forced every company and employee to rethink how they work. Was this new technology a threat to their job or […]
Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches
Rockwell Automation has warned customers about the impact of the actively exploited Cisco IOS XE zero-day on its Stratix industrial switches. The post Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches appeared first on SecurityWeek.
Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected
Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks. The post Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected appeared first on SecurityWeek.
The $64k Question: How Does AI Phishing Stack Up Against Human Social Engineers?
The Rise of AI in Phishing: Will future phishing attacks that leverage artificial intelligence be more dangerous? The post The $64k Question: How Does AI Phishing Stack Up Against Human Social Engineers? appeared first on SecurityWeek.
Generative AI and the Transformation of Everything
Generative AI is an innovation that is transforming everything. How much and in what ways is the subject of much discussion and controversy. But like many new technologies, the anxieties it creates may have more to do with fear for the future rather than how that future will be. ChatGPT and the emergence of generative […]
University of Michigan Says Personal Information Stolen in August Data Breach
The personal information of students, applicants, alumni, and employees compromised in University of Michigan data breach. The post University of Michigan Says Personal Information Stolen in August Data Breach appeared first on SecurityWeek.
Adlumin Snags $70M to Boost Security for Mid-Market Firms
Adlumin, a startup working on technology to boost security for mid-market firms, has banked $70 million in new funding led by SYN Ventures. The post Adlumin Snags $70M to Boost Security for Mid-Market Firms appeared first on SecurityWeek.
Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant
The number of Cisco devices hacked via recent zero-days remains high, but the attackers have updated their implant. The post Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant appeared first on SecurityWeek.
Canada: Lawmakers Targeted by China-Linked ‘Spamouflage’ Disinformation
Canada on warned of a “Spamouflage” disinformation campaign linked to China that used waves of online posts and deepfake videos. The post Canada: Lawmakers Targeted by China-Linked ‘Spamouflage’ Disinformation appeared first on SecurityWeek.
SecurityWeek’s 2023 ICS Cybersecurity Conference Kicks Off in Atlanta
SecurityWeek’s 2023 ICS Cybersecurity Conference kicks off in Atlanta with presentations on a wide range of topics. The post SecurityWeek’s 2023 ICS Cybersecurity Conference Kicks Off in Atlanta appeared first on SecurityWeek.
7 ways diversity and inclusion help teams perform better
Diversity, equity, and inclusion have become important social issues. In the wake of the George Floyd and Breonna Taylor murders of 2020, companies made massive, highly publicized efforts to correct for systemic bias and improve the mix of race, gender, and lived experiences in the workplace. According to a recent study from Pew Research, most […]
7 sins of digital transformation
As CIOs prepare for the next wave of digital transformation, they must demonstrate shorter-term business impacts from technology investments and achieve larger innovation goals that evolve the organization’s business model. But perhaps more importantly, they must learn from their previous big digital wins — and avoid repeating all-too-frequent mistakes that cause transformations to fail or […]
Before generative AI there was… just AI
Generative AI has been a boon for businesses, helping employees discover new ways to generate content for a range of uses. The buzz has been loud enough that you’d be forgiven for thinking that GenAI was the be all, end all of AI. Except IT leaders know better than most people that before GenAI tools […]
China Crackdown on Cyber Scams in Southeast Asia Nets Thousands but Leaves Networks Intact
Chinese authorities have netted thousands of people in a crackdown on cyber scams, but the criminal networks remain intact. The post China Crackdown on Cyber Scams in Southeast Asia Nets Thousands but Leaves Networks Intact appeared first on SecurityWeek.
DEAC and DLC: Delivering sustainable cloud services to the Baltics and beyond
Andris Gailitis, the CEO of European Data Center Operator DEAC and Data Logistics Center (DLC), is quick to point out that the companies’ commitment to sustainability is heartfelt and genuine. Part of Baltic Rezo, both companies provide enterprises in the Baltics, Northern Europe, and beyond with high-performance data centers and a robust suite of cloud […]
Casio Says Personal Information Accessed in Web Application Server Hack
Hackers access the personal information of Casio customers after compromising the server for an education web application. The post Casio Says Personal Information Accessed in Web Application Server Hack appeared first on SecurityWeek.
Blockaid Emerges From Stealth With $33 Million Investment
Blockaid raises a Series A funding round to build technology to secure blockchain applications from hacks and scams. The post Blockaid Emerges From Stealth With $33 Million Investment appeared first on SecurityWeek.
SolarWinds Patches High-Severity Flaws in Access Rights Manager
SolarWinds patches high-severity flaws in its Access Rights Manager product, including three unauthenticated remote code execution issues. The post SolarWinds Patches High-Severity Flaws in Access Rights Manager appeared first on SecurityWeek.
Rockwell Automation to Acquire ICS/OT Security Firm Verve Industrial
Rockwell Automation agreed to acquire ICS/OT cybersecurity firm Verve Industrial Protection to expand its offerings. The post Rockwell Automation to Acquire ICS/OT Security Firm Verve Industrial appeared first on SecurityWeek.
Enterprise Browser Startup Island Banks $100M in Funding
Since 2020, Island has raised a total of $325 million to help protect corporate data flowing through SaaS and internal web applications. The post Enterprise Browser Startup Island Banks $100M in Funding appeared first on SecurityWeek.
DC Board of Elections Says Full Voter Roll Compromised in Data Breach
The District of Columbia Board of Elections says full voter roll compromised in a recent data breach at hosting provider DataNet. The post DC Board of Elections Says Full Voter Roll Compromised in Data Breach appeared first on SecurityWeek.
Accelerating sustainability to build stronger businesses
Environmental sustainability has emerged as a significant concern and a business imperative for organizations today. A poll of public and private sector leaders in the latest World Economic Forum’s Global Risk Report 2022 found that environment-related threats, including climate action failure and extreme weather events, topped the lists of short and long-term global risks. According […]
Becoming the sustainability partner our customers need
At Equinix, we recognize that meeting key sustainability targets is one of our customers’ top concerns—now and into the future. This means doing what’s right for the planet, making a positive impact on people and communities, and acting with integrity. Our customers are pursuing these goals because they want to future-proof their operations, setting themselves […]
Elevate your digital transformation with impactful sustainability
Today, IT leaders are tasked with finding solutions that meet at the intersection of business growth and environmental responsibility. Customer sentiment, evolving corporate values, and government regulation have converged to make sustainability a strategic priority for nearly every business. And the importance of energy efficiency for enterprise IT cannot be overstated. The Equinix Global Tech […]
Accelerating digital transformation with sustainable solutions
Environmental sustainability Dell Technologies and Equinix have developed joint solutions to support our customers in this critical area by enabling businesses to deploy their infrastructure on Dell architecture within Equinix’s low-carbon colocation infrastructure covered by 96% renewables globally1. From there, we can dynamically connect to industry-leading cloud and network providers around the world via software-defined […]
Future First: Sustainability at Equinix
At Equinix, sustainability means Future First. It encompasses everything from the environment to social governance, to green technological innovation. Future First is about action, acting with social responsibility, and actively empowering people in communities to be their very best. Equinix believes when people and technology come together to protect our climate and preserve our resources, […]
ESG in Action: The Dell Technologies FY23 ESG Report
At Dell Technologies, we put sustainability at the core of everything we do, setting strong commitments and taking the right actions to address climate change, minimize negative environmental impact, and drive positive outcomes for business and society. From how we make our innovative products to what our customers, partners, and communities can do with them, […]
Data-driven sustainability: Dell’s commitment to industry standards
Industry dynamics around sustainability are constantly evolving, which makes them tough to navigate, with few guidelines, little oversight, and conflicting opinions on the “right approach” to climate action. As a global technology company with decades of sustainability leadership, Dell Technologies has a strong point of view informed by data and science, and we’re working with […]
Embracing sustainable IT unlocks environmental, business, and financial benefits
Norway is a leader in sustainability. Its use of renewable energy, sustainable technologies, and recycling is common in homes and businesses throughout the country, as well as the neighboring Nordic region, making Norway a role model of environmental stewardship. Cegal, a Norwegian global IT services business, is a great example of this leadership. Recently, Cegal […]
How we’re driving sustainable impact for business and society
Considering the broader impact — across business, people, and the planet — of how we run our business isn’t new for Dell Technologies. For decades, we’ve been investing in innovation, partnerships, and programs that apply our technology, scale, and talented workforce to drive human progress – all intending to have a measurable influence on some […]
Unlock sustainability and efficiency with Dell APEX
In today’s uncertain economic landscape, it is no surprise that organizations are driven to optimize business costs. IT professionals can play a pivotal role by strategically leveraging as-a-service models as a key part of their organizations, enabling them to contribute not only to cost efficiencies but also to their organizations’ sustainability goals. In an industry […]
Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
Cisco has found a second zero-day vulnerability that has been exploited in recent attacks as the number of hacked devices has started dropping. The post Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops appeared first on SecurityWeek.
5 steps for making tech ethics work for your company
Generative AI breakthroughs over the past year have crystalized a significant issue that IT leaders have long been aware of but few have addressed programmatically: tech ethics. And the stakes are beginning to mount. Of 119 CEOs polled at the Yale CEO Summit this summer, 42% said they believe AI has the potential to destroy […]
Transforming IT for digital success
CIOs and their IT teams have enjoyed a bump in power and prestige in recent years, as the C-suite has embraced continuous transformation, digital everything, and a host of emerging technologies — all enabled by IT. As a result, most IT functions have seen budget increases, support for more staff, and higher involvement in shaping […]
The strategy behind becoming a manufacturing superpower
The world of manufacturing is undergoing a quiet revolution: the integration of Operational Technology (OT) and Information Technology (IT). These two domains have traditionally been separate – IT has provided computing and communications, while OT operated the physical manufacturing machinery and associated monitoring systems on the production line. For decades, businesses have focused on IT development, while […]
Allstate’s cloud-first approach to digital transformation pays off
Most companies’ digital journeys begin by migrating legacy applications to the cloud — the theory being that lifting and shifting workloads can provide a fast onramp to making good on services and capabilities unique to the cloud. But home and automobile insurance company Allstate is taking a different approach. Zulfi Jeevanjee, EVP and CIO, believes […]
Mainframe data: hybrid cloud object store vs. tape
Five years ago, many predicted that the mainframe would soon disappear. But that hasn’t happened. In fact, the number of mainframe workloads is growing, especially now that manufacturers have engineered blades that are ideal for running generative AI. In 2019, half of enterprises surveyed said their number of mainframe workloads had grown; in 2023, 62% […]
How to manage data integration during an acquisition
Innovation is crucial for business growth. IT teams hold a lot of innovation power, as effective use of emerging technologies is crucial for informed decision-making and is key to staying a beat ahead of the competition. But adopting modern-day, cutting-edge technology is only as good as the data that feeds it. Cloud-based analytics, generative AI, […]
Okta Support System Hacked, Sensitive Customer Data Stolen
Okta warns that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users. The post Okta Support System Hacked, Sensitive Customer Data Stolen appeared first on SecurityWeek.
Bud Financial helps banks and their customers make more informed decisions using AI with DataStax and Google Cloud
By Jude Sheeran, EMEA managing director at DataStax When making financial decisions, businesses and consumers benefit from access to accurate, timely, and complete information. With the power of real-time data and artificial intelligence (AI), new online tools accelerate, simplify, and enrich insights for better decision-making. For banks, data-driven decisions based on rich customer insight can […]
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023. The post In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack appeared first on SecurityWeek.
Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks
The Philippine defense chief ordered the 163,000-member military to stop using applications that harness AI to generate personal portraits, saying they could pose security risks. The post Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks appeared first on SecurityWeek.
Three burning questions before FutureIT New York
When IT leaders gather next month at FutureIT New York, the conversation will center around AI and other emerging technologies, data strategies, and practical use cases – all with an eye toward using IT to create business value. Here are three questions we’re excited to explore at FutureIT New York: 1. How will the CIO […]
Fraud Detection Firm Spec Raises $15 Million
Silicon Valley fraud detection startup attracts $15 million in new financing from SignalFire, Legion Capital and Rally Ventures. The post Fraud Detection Firm Spec Raises $15 Million appeared first on SecurityWeek.
Authorities Seize Control of RagnarLocker Ransomware Dark Web Site
The RagnarLocker ransomware group’s dark web leak site has been seized in a coordinated law enforcement operation. The post Authorities Seize Control of RagnarLocker Ransomware Dark Web Site appeared first on SecurityWeek.
Managing and fulfilling complex, high-volume B2B orders
B2B commerce has changed tremendously in just the past couple of years. While macro disruptions have played a role — the pandemic, upheaval in the supply chain, multiple global conflicts — customer attitudes are arguably the largest factor. As McKinsey puts it in their 2023 B2B Pulse Report, “After years of wanting a seamless B2B […]
Iranian Hackers Lurked for 8 Months in Government Network
Iran-linked hacking group Crambus spent eight months inside a compromised network of a Middle Eastern government, Broadcom’s Symantec cybersecurity unit reports. The post Iranian Hackers Lurked for 8 Months in Government Network appeared first on SecurityWeek.
What is a Scrum master? A key role for project success
Scrum is a powerful framework for implementing agile processes in software development and other projects. This highly adopted framework utilizes short iterations of work, called sprints, and daily meetings, called scrums, to tackle discrete portions of a project in succession until the project is complete. There are three key roles within Scrum: Scrum master, product owner […]
Top 8 IT certifications in demand today
Certifications can validate your IT skills and experience to show employers you have the expertise to get the job done. When it comes to certifications, you can typically choose to get certified in skills that you already have, or you can use certification as an opportunity to grow your skill set and develop skills you’d […]
HUAWEI eKit makes digital business easy for distributors
Small and Medium Enterprises (SMEs) aren’t just businesses; they’re the pillars that uphold the global economy, accounting for 50% of global GDP and 70% of jobs. Their influence is undeniable – which is why Huawei has created a new digital platform to support them. Despite their vast numbers, a significant portion of SMEs are only now […]
5 modern challenges in data integration and how CIOs can overcome them
By the time you finish reading this post, an additional 27.3 million terabytes of data will be generated by humans over the web and across devices. That’s just one of the many ways to define the uncontrollable volume of data and the challenge it poses for enterprises if they don’t adhere to advanced integration tech. […]
CIOs press ahead for gen AI edge — despite misgivings
OpenAI’s November 2022 announcement of ChatGPT and its subsequent $10 billion in funding from Microsoft were the “shots heard ’round the world” when it comes to the promise of generative AI. If anything, 2023 has proved to be a year of reckoning for businesses, and IT leaders in particular, as they attempt to come to […]
Harmonic Lands $7M Funding to Secure Generative AI Deployments
British startup is working on software to mitigate against the ‘wild west’ of unregulated AI apps harvesting company data at scale. The post Harmonic Lands $7M Funding to Secure Generative AI Deployments appeared first on SecurityWeek.
Unleashing the power of integration to scale industrial equipment sales, manufacturing, and service global channels
Spoiler alert! Get ready for an exhilarating adventure as we unravel the incredible story of GEA Group, a global leader in industrial engineering systems for the food, beverage, and pharmaceutical sectors. Prepare to be amazed as we dive into how GEA transformed their sales, manufacturing, and service channels by harnessing the power of integration and innovation! The […]
FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program
Thousands of IT workers contracting with U.S. firms have secretly sent millions of dollars to North Korea to fund its missile program. The post FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program appeared first on SecurityWeek.
CipherStash Raises $3 Million for Encryption-in-Use Technology
Australian startup ChipherStash raises $3 million in seed funding for technology that keeps data encrypted in use. The post CipherStash Raises $3 Million for Encryption-in-Use Technology appeared first on SecurityWeek.
Google Play Protect Gets Real-Time Code Scanning
Google improves Android devices’ proactive protections against malware with real-time scanning at code level. The post Google Play Protect Gets Real-Time Code Scanning appeared first on SecurityWeek.
US Government Releases Anti-Phishing Guidance
CISA, NSA, FBI, and MS-ISAC have released guidance and prevention recommendations on common phishing techniques. The post US Government Releases Anti-Phishing Guidance appeared first on SecurityWeek.
Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyberattack
Healthcare solutions giant Henry Schein has disclosed a cybersecurity incident that disrupted operations and possibly led to a data breach. The post Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyberattack appeared first on SecurityWeek.
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000
The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US. The post Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 appeared first on SecurityWeek.
13 power tips for Microsoft Power BI
Power BI is Microsoft’s interactive data visualization and analytics tool for business intelligence (BI). With Power BI, you can pull data from almost any data source and create dashboards that track the metrics you care about the most. You can drill into data, create a variety of visualizations, and (literally) ask questions about it using […]
Inside Walmart’s generative AI journey
“Our people make the difference” — a common catchphrase of Walmart founder Sam Walton — still guides the company’s path forward as it ventures into the future with generative AI. The multinational retail company positions itself as a “people-led, tech-powered” one, and sitting squarely at that intersection is generative AI, the power of which most […]
North Korean Hackers Exploiting Recent TeamCity Vulnerability
Multiple North Korean hacking groups have exploited a recent TeamCity vulnerability and Microsoft warns of potential supply chain attacks. The post North Korean Hackers Exploiting Recent TeamCity Vulnerability appeared first on SecurityWeek.
Finland Charges Psychotherapy Hacker With Extortion
Finland charged a hacker, accused of the theft of tens of thousands of records from psychotherapy patients, with over 21,000 counts of extortion. The post Finland Charges Psychotherapy Hacker With Extortion appeared first on SecurityWeek.
Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw
Google says it is still catching government-backed groups linked to China and Russia launching WinRAR exploits in targeted attacks. The post Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw appeared first on SecurityWeek.
Predictive analytics helps Fresenius Medical Care anticipate dialysis complications
Hemodialysis is a life-saving treatment for those suffering from kidney failure. The procedure, often called kidney dialysis, cleansing a patient’s blood, substituting for the function of the kidneys, and is not without risk, however. German healthcare company Fresenius Medical Care, which specializes in providing kidney dialysis services, is using a combination of near real-time IoT […]
Survey: Why CIOs and CTOs want a new model for IT support and services
In April of 2023, Censuswide conducted a survey of 608 US respondents from companies with $250m+ revenue. That study focused on CIO and CTO satisfaction with their existing IT support and services models for enterprise software. The results spoke for themselves. Respondents voiced broad dissatisfaction with their support services and models, including issues with support […]
Former Navy IT Manager Sentenced to Prison for Hacking, Selling PII
Former Navy IT manager Marquis Hooper was sentenced to prison for stealing PII and selling it on the dark web. The post Former Navy IT Manager Sentenced to Prison for Hacking, Selling PII appeared first on SecurityWeek.
Darwinium Raises $18 Million for Edge-based Fraud Prevention Tech
Since launching in 2021, Darwinium has raised $26 million to build a bot and fraud prevention platform running on the perimeter edge. The post Darwinium Raises $18 Million for Edge-based Fraud Prevention Tech appeared first on SecurityWeek.
D-Link Says Hacker Exaggerated Data Breach Claims
Hacker claims to have breached D-Link’s network in Taiwan and is offering to sell stolen data, but the company says the claims are exaggerated. The post D-Link Says Hacker Exaggerated Data Breach Claims appeared first on SecurityWeek.
Fraud Prevention Firm Fingerprint Raises $33 Million
Fingerprint has raised $33 million in a Series C funding round to expand presence into the enterprise market. The post Fraud Prevention Firm Fingerprint Raises $33 Million appeared first on SecurityWeek.
Cybersecurity M&A Roundup for First Half of October 2023
More than a dozen cybersecurity-related M&A deals were announced in the first half of October 2023. The post Cybersecurity M&A Roundup for First Half of October 2023 appeared first on SecurityWeek.
Oracle Patches 185 Vulnerabilities With October 2023 CPU
Oracle on Tuesday released 387 new security patches that address 185 vulnerabilities in its code and third-party components. The post Oracle Patches 185 Vulnerabilities With October 2023 CPU appeared first on SecurityWeek.
Lost and Stolen Devices: A Gateway to Data Breaches and Leaks
By implementing strong security practices,, organizations can significantly reduce the risks associated with lost and stolen computers and safeguard their sensitive information. The post Lost and Stolen Devices: A Gateway to Data Breaches and Leaks appeared first on SecurityWeek.
How digital turned Nationale-Nederlanden into an omnichannel company
Dutch insurance and asset management company Nationale-Nederlanden, part of the NN Group, has a presence in 19 countries and serves several million retail and corporate customers. And for the past eight years, in an environment that’s increasingly changing and demanding, it’s been on a digital transformation journey to refine its customer service and generate proposals […]
Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability
Tens of thousands of Cisco devices have reportedly been hacked via the exploitation of the zero-day vulnerability CVE-2023-20198. The post Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability appeared first on SecurityWeek.
Recent NetScaler Vulnerability Exploited as Zero-Day Since August
Mandiant says the recently patched Citrix NetScaler vulnerability CVE-2023-4966 had been exploited as zero-day since August. The post Recent NetScaler Vulnerability Exploited as Zero-Day Since August appeared first on SecurityWeek.
Dawn of a new day for Africa: building a modern digital economy
Africa is undergoing a remarkable transformation, rebuilding the foundations of its economy with new value-creating digital infrastructure. The World Bank has been coordinating a “Digital Economy Initiative for Africa” which aims to ensure that every individual, business, and government in Africa is digitally enabled by 2030. These efforts are clearly working. Africa’s digital economy and […]
The 4 pillars of the Zscaler Zero Trust Exchange: Customers share their successes
We’ve all heard this mantra: “Secure digital transformation requires a true zero trust architecture.” But what exactly does that mean? Zero trust has come a long way. No longer a nebulous, aspirational term equated with the concept “never trust, already verify,” zero trust has evolved into a solid technology framework that enables proactive defense and […]
Don’t make the biggest mistake in application modernization projects
Application modernization isn’t simply a trend; it’s the mandate for every IT organization. The cost of running old applications and the infrastructure that supports them is problematic. They also lack new features and capabilities, making them a competitive liability. Simply lifting and shifting current code to the cloud doesn’t help and can cost much more. […]
CIOs must safeguard organizations with a validated Zero Trust solution
Cyber vulnerabilities are among a CIO’s greatest fears. And with good reason. No industry or organization is immune to the growing frequency, sophistication and success of cyberattacks and the steep, often devastating, organizational costs they incur. Yet, after collectively investing an estimated $219B1 worldwide in cybersecurity, only four in 10 organizational leaders feel confident that security is embedded in […]
NetSuite adds generative AI to its entire ERP suite
NetSuite is adding generative AI and a host of new features and applications to its cloud-based ERP suite in an effort to compete better with midmarket rivals including Epicor, IFS, Infor, and Zoho in multiple domains such as HR, supply chain, banking, finance, and sales. The new capabilities were announced on Tuesday at the company’s […]
Prove Identity Snags $40M Funding for ID Verification Tech
Startup with roots in the ecommerce mobile payments space raises $40 million for digital identity verification and authentication technology. The post Prove Identity Snags $40M Funding for ID Verification Tech appeared first on SecurityWeek.
Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption
The feared ‘cryptopocalypse’ (the death of current encryption) might be sooner than expected – caused by in-memory computing ASICs rather than quantum computers. The post Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption appeared first on SecurityWeek.
Critical Vulnerabilities Expose Weintek HMIs to Attacks
Weintek has patched critical and high-severity vulnerabilities found in its cMT series HMIs by industrial cybersecurity firm TXOne. The post Critical Vulnerabilities Expose Weintek HMIs to Attacks appeared first on SecurityWeek.
Anonybit Raises $3 Million for Biometric Authentication Platform
Anonybit has raised $3 million in seed funding extension for its biometric authentication and data protection solutions. The post Anonybit Raises $3 Million for Biometric Authentication Platform appeared first on SecurityWeek.
US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability
CISA, FBI, and MS-ISAC warn of potential widespread exploitation of CVE-2023-22515, a critical vulnerability in Atlassian Confluence. The post US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability appeared first on SecurityWeek.
NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics
NSA has released Elitewolf, a repository of intrusion detection signatures and analytics for OT environments. The post NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics appeared first on SecurityWeek.
How to get internal employee poaching right
Market competition for IT talent remains so stiff that IT leaders are increasingly looking to poach employees from other departments to fill IT openings. But snagging a potentially new IT “shining star” from another business function, even when the employee has already expressed an interest in shifting to an IT career, can get complicated. Take, […]
7 cloud market trends and how they will impact IT
The cloud market has been a picture of maturity of late. The pecking order for cloud infrastructure has been relatively stable, with AWS at around 33% market share, Microsoft Azure second at 22%, and Google Cloud a distant third at 11%. (IBM, Oracle, and Salesforce are in the 2-3% range.) Revenue growth remains solid across […]
WordPress Websites Hacked via Royal Elementor Plugin Zero-Day
A critical vulnerability in the Royal Elementor WordPress plugin has been exploited as a zero-day since August 30. The post WordPress Websites Hacked via Royal Elementor Plugin Zero-Day appeared first on SecurityWeek.
Cisco Devices Hacked via IOS XE Zero-Day Vulnerability
Cisco is warning customers that a new IOS XE zero-day vulnerability tracked as CVE-2023-20198 is being exploited to hack devices. The post Cisco Devices Hacked via IOS XE Zero-Day Vulnerability appeared first on SecurityWeek.
Don’t gamble with your identity verification practices
Déjà vu can suck sometimes. Earlier this year, I wrote about the importance of organizations reviewing their password management strategies. I also emphasized that companies need to urgently review their employee access protocol, writing that companies must “make it a point to do continuous employee training to help your teams avoid being duped by phishing […]
How to capitalize on ‘Trustworthy AI’
When a new wave of technology innovation seems to be breaking over the horizon, the fear of missing out — FOMO — can drive hasty decisions on new IT investments. Recent, rapid advances in artificial intelligence (AI) may represent one of the biggest FOMO moments ever, so, it’s critical that decision-makers get out in front […]
The case for predictive AI
AI is taking the world by storm. All forward-thinking businesses are toying with or have already invested in AI — from boutique startups to enterprise conglomerates. According to Accenture, nearly 75% of companies have already integrated AI into their business strategies, and 42% said that the return on their AI initiatives exceeded their expectations (only […]
FinOps is the discipline enterprises need to optimize cloud spending
Signing up for cloud services is easy. But getting control of cloud spending can be a persistent challenge for an enterprise focused on making the most of its technology investment. Gartner predicted worldwide end-user spending on public cloud services would grow 20.7% in 2023, to $591.8 billion. A survey for Foundry’s Cloud Computing Study 2023 […]
Exploring crucial terminal emulation capabilities
As organizations rely on terminal emulation to access and interact with legacy systems, the capabilities offered by terminal emulation solutions become crucial factors in the selection process. Terminal emulation users have specific requirements to ensure a seamless and efficient user experience. When considering a new terminal emulation solution, organizations tend to be concerned about the […]
How to get started with AI to speed software delivery
Artificial intelligence has so dominated headlines and conversations that it seems like every company is announcing their own AI-related feature, solution, or initiative for their business. And you wouldn’t be wrong: the latest McKinsey Global survey shows that organizations are most commonly using generative AI (gen AI). In fact, 40% of those reporting AI adoption […]
Are enterprise architects the new platform team leaders?
With platform engineering seemingly the latest buzzword, it might surprise you to learn that it’s not new. It has existed for a long time, particularly in software as a service (SaaS) companies where the platform itself is in fact the core product or service delivered to customers. However, platform engineering is new for enterprise IT […]
Is it time to install a Chief AI Officer?
Pick any tech trend that takes business by storm—the Internet, smartphones, mobile applications—and what initially started as hype, which we now recognize is vastly understated. Today, you could add generative AI to that list. As organizations scramble to incorporate GenAI into their portfolios, industry experts are calling for corporate boards to appoint a leader who […]
PCI DSS version 4.0: Is your payment card data security program ready?
The numerous new attack vectors being used by threat actors to obtain payment card data underscores the increasing necessity of compliance with the Payment Card Industry Data Security Standard (PCI DSS). According to the 2023 edition of Verizon’s Data Breach Investigations Report (DBIR), payment card data was compromised in 37% of breaches in 2022. It is also […]
PCI compliance: The best defense is a great defense
Sophisticated criminal syndicates, rogue nation states and a global community of nefarious attackers are all eager to pilfer valuable data, including payment card information. Not surprisingly, Payment Card Industry Data Security Standard (PCI DSS) compliance is crucially important. Updating the PCI DSS is likewise critical. Slated to go into effect after the current PCI DSS […]
IT services company Atos runs into headwinds with plan for IBM-style split
IT services company Atos has lost its chairman over a dispute about plans to sell its legacy managed infrastructure services business as it prepares for an IBM-style split between faster- and slower-growing activities. Atos says the deal is still on — but after its chairman Bertrand Meunier resigned last week following a legal challenge from […]
PCI compliance: Is your qualified security assessor up to the task?
In a volatile payments landscape, enterprises are preparing for the Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1 to expire on March 31, 2024. Taking its place will be the more robust PCI DSS version 4.0, a substantial update to the Standard designed to address the continually evolving threat landscape and changing payments […]
Signal Pours Cold Water on Zero-Day Exploit Rumors
Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app. The post Signal Pours Cold Water on Zero-Day Exploit Rumors appeared first on SecurityWeek.
Academics Devise Cyber Intrusion Detection System for Unmanned Robots
Australian AI researchers teach an unmanned military robot’s operating system to identify MitM cyberattacks. The post Academics Devise Cyber Intrusion Detection System for Unmanned Robots appeared first on SecurityWeek.
Milesight Industrial Router Vulnerability Possibly Exploited in Attacks
A vulnerability affecting Milesight industrial routers, tracked as CVE-2023-4326, may have been exploited in attacks. The post Milesight Industrial Router Vulnerability Possibly Exploited in Attacks appeared first on SecurityWeek.
Equifax Fined $13.5 Million Over 2017 Data Breach
UK’s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach. The post Equifax Fined $13.5 Million Over 2017 Data Breach appeared first on SecurityWeek.
Microsoft Improving Windows Authentication, Disabling NTLM
Microsoft is adding new features to the Kerberos protocol, to eliminate the use of NTLM for Windows authentication. The post Microsoft Improving Windows Authentication, Disabling NTLM appeared first on SecurityWeek.
Cedar Fair’s digital strategy based on ‘frictionless fun’
Most companies will not hesitate to promote their organizations as a fun place to work, especially when trying to attract new hires. In fact, the search term ‘fun’ returns hundreds of thousands of postings at one of the more popular job websites — more than 16,000 in Massachusetts alone. But far fewer companies highlight fun […]
Hybrid meetings: 5 best practices for better outcomes
Offering a work-from-home option is no longer negotiable if you want to keep your teams staffed with talented employees. When asked what they would do if they had to return to the office full-time, a recent study from PromoLeaf found that more than half (52%) of remote workers would quit. That’s a jump from a […]
Why IT projects still fail
IT organizations have worked hard to get away from the problems that had plagued their past project delivery processes. They have replaced expansive scopes, the waterfall methodology, and long timelines with iterative development, the agile approach, and multiweek sprints, hoping to avert the big failures that have littered IT’s history. Those changes have indeed helped, […]
EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits
Environmental Protection Agency (EPA) withdraws recent water sector cybersecurity rules due to lawsuits by states and water associations. The post EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits appeared first on SecurityWeek.
Spyware Caught Masquerading as Israeli Rocket Alert Applications
A threat actor targets Israelis with spyware masquerading as an Android application for receiving rocket alerts. The post Spyware Caught Masquerading as Israeli Rocket Alert Applications appeared first on SecurityWeek.
Business AI will change the way businesses are run
Less than a year after most CIOs and business leaders even heard the expression “generative artificial intelligence,” for the first time, this technology has set off a wave of innovation that will dramatically change how businesses are run. However, we at SAP are not entering this race as newcomers. In fact, we have been at […]
CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware
CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks. The post CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware appeared first on SecurityWeek.
In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty
In Other The post In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty appeared first on SecurityWeek.
Juniper Networks Patches Over 30 Vulnerabilities in Junos OS
Juniper Networks patches over 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity bugs. The post Juniper Networks Patches Over 30 Vulnerabilities in Junos OS appeared first on SecurityWeek.
What is a data architect? Skills, salaries, and how to become a data framework master
Data architect role Data architects are senior visionaries who translate business requirements into technology requirements and define data standards and principles, often in support of data or digital transformations. The data architect is responsible for visualizing and designing an organization’s enterprise data management framework. This framework describes the processes used to plan, specify, enable, create, […]
11 most in-demand gen AI jobs companies are hiring for
Generative AI is quickly changing the landscape of the business world, with rapid adoption rates across nearly every industry. Businesses are turning to gen AI to streamline business processes, develop proprietary AI technology, and reduce manual efforts in order to free up employees to take on more intensive tasks. A recent survey of senior IT […]
Microsoft Offers Up to $15,000 in New AI Bug Bounty Program
Microsoft is offering rewards of up to $15,000 in a new bug bounty program dedicated to its new AI-powered Bing. The post Microsoft Offers Up to $15,000 in New AI Bug Bounty Program appeared first on SecurityWeek.
Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure
Dozens of Squid caching proxy vulnerabilities remain unpatched two years after a researcher reported them to developers. The post Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure appeared first on SecurityWeek.
Microsoft receives $29B IRS tax notices for decade-old transactions
Microsoft is planning to appeal a claim of $28.9 billion in back taxes that it has received from the US Internal Revenue Service (IRS), the company said on Wednesday. The Notices of Proposed Adjustment were received on September 26, related to intercompany pricing or transfer pricing, Microsoft said in a regulatory filing. The IRS is […]
Your Generative AI strategy could use a startup’s touch
You’re an IT leader at an organization whose employees are rampantly adopting generative AI. Now what? You require a strategy for efficient, productive, and responsible corporate use. Although it’s early days, as many as 75% of organizations reported quantified outcomes from GenAI projects, with 26% expecting productivity gains, according to a Dell Technologies survey of […]
SAP’s new generative AI pricing: Neither transparent nor explainable yet
Enterprises subscribing to Rise with SAP, a bundle of services wrapped around the core S/4HANA Cloud ERP application, can now pay extra for Premium Plus, a package of some of SAP’s newest innovations. Premium Plus includes access to sustainability insights derived from business processes’ carbon footprints and financial costs (SAP’s “green ledger”), new generative AI […]
Proving your worth: Strategies to validate and elevate your IT service department
In the business world, service desks are commonly designated as cost centers, a label that can sometimes limit their access to essential resources and support. This categorization tends to encourage a more reactive approach, as they often find themselves responding to incidents rather than proactively shaping outcomes. Such views of service desks can diminish their […]
SEC Investigating Progress Software Over MOVEit Hack
Progress Software confirms the SEC has launched its own investigation into costly ransomware zero-days in the MOVEit file transfer software. The post SEC Investigating Progress Software Over MOVEit Hack appeared first on SecurityWeek.
The heat is on for a sustainable future at Siemens Gamesa
Surely, you can feel it. It’s hot out there. July 3, 2023, set a record for the highest mean global temperature ever recorded. Then July 4 came along and was even hotter. All-in-all, July 3-6 were the hottest four days ever recorded on planet Earth — but probably not for long. There’s a climate crisis. We’re all […]
Apple Releases iOS 16 Update to Patch Exploited Vulnerability
Apple has released iOS 16.7.1 and iPadOS 16.7.1 to patch CVE-2023-42824, a kernel vulnerability that has been exploited in attacks. The post Apple Releases iOS 16 Update to Patch Exploited Vulnerability appeared first on SecurityWeek.
Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin
A backdoor deployed on a compromised WordPress website poses as a legitimate plugin to hide its presence. The post Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin appeared first on SecurityWeek.
LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts
A recently observed phishing campaign targeting Microsoft accounts is using LinkedIn smart links to bypass defenses. The post LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts appeared first on SecurityWeek.
Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks
Industrial routers made by Chinese company Yifan are affected by several critical vulnerabilities that can expose organizations to attacks. The post Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks appeared first on SecurityWeek.
SAP offers faster updates, longer maintenance for S/4HANA in private clouds
SAP is doubling the time between major releases of S/4HANA Cloud private edition from one year to two — at the same time promising to release new feature packs every six months or so to keep up the pace of innovation. It is also extending maintenance to seven years, from five today. The changes will […]
Simpson Manufacturing Takes Systems Offline Following Cyberattack
Simpson Manufacturing is experiencing disruptions after taking IT systems offline following a cyberattack. The post Simpson Manufacturing Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
CISO Pay Increases Are Slowing – a Look Behind the Figures
How much do CISOs make? Survey provides compensation trends for Chief Information Security Officers, but don’t take surveys at full face value. The post CISO Pay Increases Are Slowing – a Look Behind the Figures appeared first on SecurityWeek.
Generac’s Tim Dickson on the evolving CIO role
Generac Power Systems’ Tim Dickson is an award-winning CIO who drives transformative change through technology and talent. He’s known as a digital game changer who operates at the intersection of advanced technology and business strategy. And he does it by fulfilling four “CEO” roles: chief enablement officer, chief elevation officer, chief enrichment officer, and chief […]
20 traits of highly effective project managers
To thrive, project managers need to have and hone a complex combination of technical, business, and interpersonal skills. Leading project management organization the Project Management Institute attempts to decode what it takes to be a successful project manager with its PMI Talent Triangle, comprising Ways of Working (formerly Technical Project Management), Power Skills (formerly Leadership), […]
SYN Ventures Announces $75 Million Seed Fund for US Cybersecurity Firms
Venture capital firm SYN Ventures announces first closing of $75 million cybersecurity seed fund for US cybersecurity companies. The post SYN Ventures Announces $75 Million Seed Fund for US Cybersecurity Firms appeared first on SecurityWeek.
Powering the future: How Gen AI and AI illuminate utility companies
According to market researchers at Gartner1, “Utilities are faced with unprecedented challenges.” While international conflict, economic uncertainty and climate change are affecting businesses of all kinds, energy companies and utilities are also dealing with aging infrastructure, constant cyberattacks, increased regulation and rising customer expectations. To overcome these challenges, energy companies are increasingly turning to artificial intelligence (AI), particularly […]
Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk
Flaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations. The post Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk appeared first on SecurityWeek.
Citrix Patches Critical NetScaler ADC, Gateway Vulnerability
Citrix has released patches for a critical information disclosure vulnerability in NetScaler ADC and NetScaler Gateway. The post Citrix Patches Critical NetScaler ADC, Gateway Vulnerability appeared first on SecurityWeek.
Payment Card Data Stolen in Air Europa Hack
Spanish airline Air Europa is informing customers that their payment card information has been stolen as a result of a hacker attack. The post Payment Card Data Stolen in Air Europa Hack appeared first on SecurityWeek.
US Government Releases Security Guidance for Open Source Software in OT, ICS
CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS. The post US Government Releases Security Guidance for Open Source Software in OT, ICS appeared first on SecurityWeek.
Chrome 118 Patches 20 Vulnerabilities
Google has released Chrome 118 to the stable channel with patches for 20 vulnerabilities, including one rated ‘critical severity’. The post Chrome 118 Patches 20 Vulnerabilities appeared first on SecurityWeek.
Applying AI to API Security
While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs. The post Applying AI to API Security appeared first on SecurityWeek.
Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks
Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date. The post Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks appeared first on SecurityWeek.
Chief AI officers in demand as IT leaders expect gen AI productivity boost, survey finds
Enterprises are looking to AI to boost productivity and innovation, and one-third of organizations with an interest in the technology have hired or are looking for a chief AI officer, according to new research from Foundry, publisher of CIO.com. For its AI Priorities Study 2023, Foundry surveyed IT decision-makers who have either implemented AI and […]
Building elite teams to map out the business and customer journey
With a career that spans decades across some of the most recognized brands and companies, Raji Subramanian has been making her mark at San Fransisco-based Opendoor for nearly three years. The prominent digital platform for residential real estate, founded in 2014, has faced testing challenges over the past few years including transactions taking a hit […]
The CIO at a crossroads: Evolve or become a dead-end job
These are testing times for CIOs. A complex mix of macroeconomic instability, technological advancements, and digital disruption has businesses in search of IT leaders who can rise to the occasion and turn what could be intractable challenges into business opportunities. The bad news from early 2023 Forrester research suggests that many CIOs aren’t ready to […]
ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws
ICS Patch Tuesday: Siemens and Schneider Electric release over a dozen advisories addressing more than 40 vulnerabilities. The post ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
CISA has added five bugs to its Known Exploited Vulnerabilities catalog, including the recent WordPad, Skype, and HTTP/2 zero-days. The post CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability appeared first on SecurityWeek.
Implications of generative AI for enterprise security
Generative AI has quickly changed what the world thought was possible with artificial intelligence, and its mainstream adoption may seem shocking to many who don’t work in tech. It inspires awe and unease — and often both at the same time. So, what are its implications for the enterprise and cybersecurity? A technology inflection point […]
Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks
Microsoft says an APT group tracked as Storm-0062 has been hacking Confluence installations since mid-September, three weeks before Atlassian’s disclosure. The post Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks appeared first on SecurityWeek.
Salesforce IT injects generative AI to ease its massive datacenter migration
When you’re tasked with migrating 200,000 servers to a new operating system, a helping hand is very welcome indeed. That’s why SaaS giant Salesforce, in migrating its entire data center from CentOS to Red Hat Enterprise Linux, has turned to generative AI — not only to help with the migration but to drive the real-time […]
Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warned that three are already being exploited in the wild. The post Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business appeared first on SecurityWeek.
Beyond the Front Lines: How the Israel-Hamas War Impacts the Cybersecurity Industry
The war with Hamas will inevitably absorb manpower and focus from the cybersecurity sector. The post Beyond the Front Lines: How the Israel-Hamas War Impacts the Cybersecurity Industry appeared first on SecurityWeek.
Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop
Adobe Commerce customers exposed to code execution, privilege escalation, arbitrary file system read, and security feature bypass attacks. The post Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop appeared first on SecurityWeek.
Unlocking productivity: 3 key priorities for tech leaders in the age of AI
By Chet Kapoor, Chairman and CEO of DataStax In tech, success means embracing change and moving fast. With the rise of AI, leaders are re-thinking how they drive productivity and execution within their teams. Here, I’ll share perspectives from industry experts on winning in today’s constantly evolving landscape. 1. Leverage the power of asynchronous communication […]
Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal
A Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices. The post Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal appeared first on SecurityWeek.
An AI leadership haiku
An AI Leadership Haiku Generative’s gift, Innovation takes a lift, But vigilance, persist. To effectively use AI tools, you need to take a fresh look at your business goals and processes and ensure that you are using the right tools to solve particular problems. The AI Leadership Summit on October 11, 2023 is a different […]
‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History
A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history. The post ‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History appeared first on SecurityWeek.
SecurityWeek to Host 2023 ICS Cybersecurity Conference October 23-26 in Atlanta
SecurityWeek will host its 2023 Industrial Control Systems (ICS) Cybersecurity Conference from October 23 – 26, 2023 at the InterContinental Atlanta Buckhead. The post SecurityWeek to Host 2023 ICS Cybersecurity Conference October 23-26 in Atlanta appeared first on SecurityWeek.
SAP Releases 7 New Notes on October 2023 Patch Day
SAP has released seven new notes as part of its October 2023 Security Patch Day, all rated ‘medium severity’. The post SAP Releases 7 New Notes on October 2023 Patch Day appeared first on SecurityWeek.
One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems
A one-click exploit targeting the Libcue component of the GNOME desktop environment could pose a serious threat to Linux systems. The post One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems appeared first on SecurityWeek.
New ‘Grayling’ APT Targeting Organizations in Taiwan, US
A previously unknown APT group is targeting organizations in biomedical, IT, and manufacturing sectors in Taiwan. The post New ‘Grayling’ APT Targeting Organizations in Taiwan, US appeared first on SecurityWeek.
Twistlock Founders Score Whopping $51M Seed Funding for Gutsy
Serial entrepreneurs bank an unusually large seed round to apply process mining techniques to solve security governance problems. The post Twistlock Founders Score Whopping $51M Seed Funding for Gutsy appeared first on SecurityWeek.
Cable Giant Volex Targeted in Cyberattack
UK-based cable manufacturing giant Volex has been targeted in a cyberattack that involved unauthorized access to IT systems and data. The post Cable Giant Volex Targeted in Cyberattack appeared first on SecurityWeek.
Magecart Web Skimmer Hides in 404 Error Pages
A newly identified Magecart web skimming campaign is tampering with ‘404’ error pages to hide malicious code. The post Magecart Web Skimmer Hides in 404 Error Pages appeared first on SecurityWeek.
Researcher Conversations: Natalie Silvanovich From Google’s Project Zero
SecurityWeek continues its Hacker Conversations series in a discussion with Natalie Silvanovich, a member of of Google’s Project Zero. The post Researcher Conversations: Natalie Silvanovich From Google’s Project Zero appeared first on SecurityWeek.
College of Southern Nevada deploys AI avatar to better engage students
Even in IT, chance encounters can have an outsize impact. For Mugunth Vaithylingam, CIO at the College of Southern Nevada, sitting next to AI Foundation COO Russ Logan on a flight from New York to Las Vegas last October provided just that: a chance meeting that led to a whole new way for the college […]
The CIO’s primary job: Developing future IT leaders
Great IT organizations must establish dual career paths providing opportunities for technologists to advance their craft and careers without having to involve themselves with management and personnel issues. But it is equally vital to identify those people who can develop into managers and create a path forward for them as well. Many professions are faced […]
8 tips for cultivating a winning IT culture
Winning IT organizations aren’t built in a day. Long-term success is generally the result of leaders who make a committed effort to connect directly with their teams, rather than simply issuing memos, edicts, and other top-down commands. Employees want to work for leaders who inspire them, engage them, challenge them, and give them opportunities to […]
Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites
Recently patched TagDiv Composer plugin vulnerability exploited to hack thousands of WordPress sites as part of the Balada Injector campaign. The post Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites appeared first on SecurityWeek.
Credential Harvesting Campaign Targets Unpatched NetScaler Instances
Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials. The post Credential Harvesting Campaign Targets Unpatched NetScaler Instances appeared first on SecurityWeek.
Patches Prepared for ‘Probably Worst’ cURL Vulnerability
A high-severity vulnerability in the data transfer project cURL will be addressed with libcurl and curl updates this week. The post Patches Prepared for ‘Probably Worst’ cURL Vulnerability appeared first on SecurityWeek.
Google Expands Bug Bounty Program With Chrome, Cloud CTF Events
Google is hosting capture the flag (CTF) events focused on Chrome’s V8 engine and on Kernel-based Virtual Machine (KVM). The post Google Expands Bug Bounty Program With Chrome, Cloud CTF Events appeared first on SecurityWeek.
DC Board of Elections Discloses Data Breach
The District of Columbia Board of Elections says voter records were compromised in a data breach at hosting provider DataNet. The post DC Board of Elections Discloses Data Breach appeared first on SecurityWeek.
CIOs set their agendas to achieve IT’s ultimate balancing act
Achieving operational excellence while deploying innovative technologies is not an either/or proposition as far as Christian Mate is concerned. Both are critical for meeting the responsibilities of the job of CIO, which requires the staid mantra of “keep the lights on” while concentrating on the more exciting innovating for growth, he says. “To some extent, […]
Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks
Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack. The post Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks appeared first on SecurityWeek.
Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions
Taiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities. The post Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions appeared first on SecurityWeek.
Take control of your Oracle unlimited licensing agreement
Have you ever met an Oracle customer who happily pays the company’s fees for software support? Neither have we. But too few really understand how beneficial—and painless—breaking up with Oracle Database support can be. Databases require a great deal of care and feeding and if not properly maintained, small problems can eventually grow into major […]
MGM Resorts Says Ransomware Hack Cost $110 Million
MGM Resorts said costs from a disruptive ransomware hack has exceeded $110 million, including $10 million in one-time consulting cleanup fees. The post MGM Resorts Says Ransomware Hack Cost $110 Million appeared first on SecurityWeek.
Android Devices With Backdoored Firmware Found in US Schools
A global cybercriminal operation called BadBox has infected the firmware of more than 70,000 Android smartphones, CTV boxes, and tablets with the Triada malware. The post Android Devices With Backdoored Firmware Found in US Schools appeared first on SecurityWeek.
Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations
US, Ukraine, and Israel remain the most heavily attacked by cyberespionage and cybercrime threat actors, Microsoft says. The post Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations appeared first on SecurityWeek.
In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters
Noteworthy stories that might have slipped under the radar: cybersecurity funding increases, new laws, and government’s illegal use of smartphone location data. The post In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters appeared first on SecurityWeek.
Nonprofit Service Provider Blackbaud Settles Data Breach Case for $49.5M With States
The fundraising software company Blackbaud has agreed to pay $49.5 million to settle claims brought by the attorneys general of 49 states and Washington, D.C., related to a 2020 data breach. The post Nonprofit Service Provider Blackbaud Settles Data Breach Case for $49.5M With States appeared first on SecurityWeek.
Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA
CISA and the NSA are urging network defenders and software developers to address the top ten cybersecurity misconfigurations. The post Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA appeared first on SecurityWeek.
What is a business analyst? A key role for business-IT efficiency
What is a business analyst? Business analysts (BAs) are responsible for bridging the gap between IT and the business using data analytics to assess processes, determine requirements, and deliver data-driven recommendations and reports to executives and stakeholders. BAs engage with business leaders and users to understand how data-driven changes to process, products, services, software, and hardware can […]
CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws
CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range. The post CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws appeared first on SecurityWeek.
ST Engineering showcases applications of new technologies to stay ahead of disruption
The advent of new technologies has accelerated the rate of innovation and disrupted the business landscape as we know it. As the pace of innovation speeds up, tomorrow’s front runners are those who readily embrace disruptive technologies to spearhead new business models and capture new avenues of growth. The good news is that many organisations […]
A CIO’s guide to the developer platform: What it is and why you need it
As today’s digital-centric landscape continues to evolve at an unprecedented pace, software agility, and speed-to-market are critical to long-term success and revenue growth for any business. Modern applications and multi-cloud strategies drive digital transformations that make this success possible, and businesses are under pressure to get better and faster at delivering applications and services to […]
Cisco Plugs Gaping Hole in Emergency Responder Software
Cisco warns that unauthenticated, remote attackers can log into devices using root account, which has default, static credentials that cannot be changed or deleted. The post Cisco Plugs Gaping Hole in Emergency Responder Software appeared first on SecurityWeek.
GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks
GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services. The post GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks appeared first on SecurityWeek.
Red Cross Publishes Rules of Engagement for Hacktivists During War
ICRC is telling hacktivists involved in conflict during war to avoid targeting civilian objectives and hospitals, or making threats of violence. The post Red Cross Publishes Rules of Engagement for Hacktivists During War appeared first on SecurityWeek.
BlackBerry to Split Cybersecurity, IoT Business Units
BlackBerry plans to split its cybersecurity and IOT (Internet of Things) businesses and pursue an IPO for the IOT unit early next year. The post BlackBerry to Split Cybersecurity, IoT Business Units appeared first on SecurityWeek.
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security. The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek.
CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors
New US government guidance details the challenges that application developers and vendors face in identity and access management (IAM). The post CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors appeared first on SecurityWeek.
Hundreds Download Malicious NPM Package Capable of Delivering Rootkit
Threat actor uses typosquatting to trick hundreds of users into downloading a malicious NPM package that delivers the r77 rootkit. The post Hundreds Download Malicious NPM Package Capable of Delivering Rootkit appeared first on SecurityWeek.
Qakbot Hackers Continue to Push Malware After Takedown Attempt
Qakbot cybercriminals continue to push malware, which shows they are still operational after the recent takedown attempt. The post Qakbot Hackers Continue to Push Malware After Takedown Attempt appeared first on SecurityWeek.
Addressing the People Problem in Cybersecurity
Addressing the people problem with effective approaches and tools for users and security practitioners will enable us to work smarter, and force attackers into a position where they must work harder. The post Addressing the People Problem in Cybersecurity appeared first on SecurityWeek.
CBRE’s Sandeep Davé on accelerating your AI ambitions
Sandeep Davé knows the value of experimentation as well as anyone. As chief digital and technology officer at CBRE, Davé recognized early that the commercial real estate industry was ripe for AI and machine learning enhancements, and he and his team have tested countless use cases across the enterprise ever since. And those experiments have […]
7 sins of software development
Software development is a challenging discipline built on millions of parameters, variables, libraries, and more that all must be exactly right. If one character is out of place, the entire stack can fall. And that’s just the technical part. Opinionated programmers, demanding stakeholders, miserly accountants, and meeting-happy managers mix in a political layer that makes […]
Sony Confirms Data Stolen in Two Recent Hacker Attacks
Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. The post Sony Confirms Data Stolen in Two Recent Hacker Attacks appeared first on SecurityWeek.
Building sustainability at the edge of the enterprise
The enterprise edge has become a growing area of innovation as organizations increasingly understand that not every workload — particularly new edge workloads — can move to the cloud. Reasons for this limitation include data sovereignty and residency requirements, the need to support ultra-low latency workloads, and concerns about losing control over mission-critical use cases, […]
3 hard truths about GenAI’s large language models
I love technology. During the last year, I’ve been fascinated to see new developments emerge in generative AI large language models (LLMs). Beyond the hype, generative AI is truly a watershed moment for technology and its role in our world. Generative AI LLMs are revolutionizing what’s possible for individuals and enterprises around the world. However, […]
Document Security is More than Just Password-Protection
Thirty years ago, Adobe created the Portable Document Format (PDF) to facilitate sharing documents across different software applications while maintaining text and image formatting. Today, PDF is considered the de facto industry standard for documents that contain critical and sensitive business information. In fact, it is estimated that more than three (3) trillion PDFs – […]
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down. The post Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day appeared first on SecurityWeek.
Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day
Atlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products. The post Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day appeared first on SecurityWeek.
New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks
Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models. The post New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks appeared first on SecurityWeek.
Lyca Mobile Services Significantly Disrupted by Cyberattack
International mobile network operator Lyca Mobile says a cyberattack has significantly disrupted its services in many countries. The post Lyca Mobile Services Significantly Disrupted by Cyberattack appeared first on SecurityWeek.
Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware
Mozilla issues warning over fake Thunderbird downloads after a ransomware group was caught using this technique to deliver malware. The post Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware appeared first on SecurityWeek.
Google, Yahoo Boosting Email Spam Protections
Google and Yahoo are introducing new requirements for bulk senders, to improve phishing and spam protections. The post Google, Yahoo Boosting Email Spam Protections appeared first on SecurityWeek.
Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions
A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges. The post Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions appeared first on SecurityWeek.
Skilled IT pay defined by volatility, security, and AI
Last quarter was one of the most volatile for cash pay premiums for IT skills and certifications in the last three years, according to Foote Partners. Almost one-third of the 682 non-certified IT skills and 614 IT certifications they track changed in value — and for certifications, those changes, more often than not, were downward. […]
What a quarter century of digital transformation at PayPal looks like
If there’s a company that can boast being 100% digital native, it’s PayPal, the platform that allows companies and consumers to send and receive digital payments in a secure, comfortable and profitable way. Since 1998, the brand has evolved and grown in step with technology, and today, the size of its network and consumer use has […]
4 reasons why gen AI projects fail
In June, New Zealand supermarket chain Pak’nSave released the Savey Meal-Bot, a gen AI tool that lets users upload a list of ingredients they have, and then the bot would come up with recipes they could try. It was billed as a way for shoppers to save money because New Zealanders throw out around NZ$1,500 […]
Qualcomm Patches 3 Zero-Days Reported by Google
Qualcomm has patched more than two dozen vulnerabilities, including three zero-days that may have been exploited by spyware vendors. The post Qualcomm Patches 3 Zero-Days Reported by Google appeared first on SecurityWeek.
Future-Proofing Your Business with Hyperautomation
Robotic process automation (RPA) is a well-established means of automating repetitive business processes implemented in software. It’s been around since the early 2000s. However since then great strides have been made in machine learning and artificial intelligence. Combined with RPA tools they enable much greater levels of automation of many business processes. This is hyperautomation. […]
ZDI Discusses First Automotive Pwn2Own
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024. The post ZDI Discusses First Automotive Pwn2Own appeared first on SecurityWeek.
Synqly Joins Race to Fix Security, Infrastructure Product Integrations
Silicon Valley startup lands $4 million in seed funding from SYN Ventures, Okta Ventures and Secure Octane. The post Synqly Joins Race to Fix Security, Infrastructure Product Integrations appeared first on SecurityWeek.
A new solution offers fresh air—not as a dream, but a service
“Air is our most important food.” That’s the operating philosophy of German heating, ventilation, and air conditioning (HVAC) company ActoVent, an enterprise built around the simple philosophy that the air we breathe and release into the environment should be clean. During the pandemic, air quality became an obsession to many people. Adding to the concern was […]
Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
ShellTorch attack chains critical TorchServe vulnerabilities and could completely compromise the AI infrastructure of major companies. The post Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies appeared first on SecurityWeek.
US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
An open redirection vulnerability in the popular job search platform Indeed has been exploited in a series of phishing attacks. The post US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform appeared first on SecurityWeek.
Actor Tom Hanks Warns of Ad With AI Imposter
Actor Tom Hanks and talk show co-host Gayle King were warning fans about ads featuring imposters generated by artificial intelligence. The post Actor Tom Hanks Warns of Ad With AI Imposter appeared first on SecurityWeek.
Dozens of Malicious NPM Packages Steal User, System Data
Fortinet warns of multiple malicious NPM packages that include install scripts designed to steal sensitive information. The post Dozens of Malicious NPM Packages Steal User, System Data appeared first on SecurityWeek.
Network, Meet Cloud; Cloud, Meet Network
The widely believed notion that the network and the cloud are two different and distinct entities is not true. The post Network, Meet Cloud; Cloud, Meet Network appeared first on SecurityWeek.
ConocoPhillips goes global with digital twins
With demand for low-cost energy ever increasing, along with competition from renewable sources of energy, ConocoPhillips is leveraging digital twins to optimize the safety and efficiency of its assets. The Houston-based company, with origins dating back to 1875, is on a path to adopt portfolio-wide digital twin technology following successes across its major fields. Dubbed […]
Why all IT talent should be irreplaceable
“The graveyards,” General De Gaulle once ironically observed, “are full of indispensable men.” Maybe so, but the same may not be so easily said about organizations whose success did depend on irreplaceable managers and staff. Take, for example, Apple. Under Steve Jobs it created the iPod, iPhone, App Store, and iPad — products and services […]
Cybersecurity M&A Roundup: 28 Deals Announced in September 2023
Twenty-eight cybersecurity-related merger and acquisition (M&A) deals were announced in September 2023. The post Cybersecurity M&A Roundup: 28 Deals Announced in September 2023 appeared first on SecurityWeek.
Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities
The October 2023 security update for Android patches two vulnerabilities exploited in attacks, both likely linked to spyware vendors. The post Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities appeared first on SecurityWeek.
Motel One Discloses Ransomware Attack Impacting Customer Data
Motel One says customer addresses and credit card information were compromised in a recent ransomware attack. The post Motel One Discloses Ransomware Attack Impacting Customer Data appeared first on SecurityWeek.
Companies Address Impact of Exploited Libwebp Vulnerability
Companies have addressed the impact of the exploited Libwebp vulnerability CVE-2023-4863 on their products. The post Companies Address Impact of Exploited Libwebp Vulnerability appeared first on SecurityWeek.
Unlocking value: Oracle enterprise license models for optimal ROI
With tight IT budgets getting tighter, many Oracle licensees with Unlimited Licensing Agreements (ULAs) are tempted to consider an exit plan to avoid the pinch of rising support costs. But, often too late, they may discover that their Oracle contract could prevent them from making the jump as seamlessly as they’d like. Most enterprises want […]
Lessons from the field: Why you need a platform engineering practice (…and how to build it)
Platform engineering is a sociotechnical discipline that has gained tremendous attention in the last year in response to the need for organizations to accelerate cloud native app development and management. Platform engineering focuses on the internal application of development and the creation of so-called ‘Golden Pathways’ in engineering and development, saving time and creating more […]
Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw
Rapid7 says attackers are targeting a critical pre-authentication flaw in Progress Software’s WS_FTP server just days after disclosure. The post Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw appeared first on SecurityWeek.
Number of Internet-Exposed ICS Drops Below 100,000: Report
The number of internet-exposed ICS has dropped below 100,000, a significant decrease from the 140,000 in 2019. The post Number of Internet-Exposed ICS Drops Below 100,000: Report appeared first on SecurityWeek.
European Telecommunications Standards Institute Discloses Data Breach
Hackers stole a database containing the list of the European Telecommunications Standards Institute’s online users. The post European Telecommunications Standards Institute Discloses Data Breach appeared first on SecurityWeek.
Johnson Controls Ransomware Attack Could Impact DHS
DHS is reportedly investigating the impact of the recent Johnson Controls ransomware attack on its systems and facilities. The post Johnson Controls Ransomware Attack Could Impact DHS appeared first on SecurityWeek.
Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
Patches are being developed for serious Exim vulnerabilities that could expose many mail servers to attacks. The post Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks appeared first on SecurityWeek.
What is a project management office (PMO)? The key to standardizing project success
Project management office (PMO) definition A project management office (PMO) is a group, or functional unit, that sets, maintains, and enforces the practices, policies, and standards for structuring and executing projects within an organization. According to the Project Management Institute (PMI), a PMO is essential for enterprises seeking to centralize and coordinate the management of […]
The dark arts of digital transformation — and how to master them
Resistance to digital transformation comes in many forms. And sometimes it takes a wizard — or a CIO with a satchel of magic tricks — to overcome them. You’ll need to persuade employees and middle management to leave their comfort zones and change how they operate. You may find yourself stuck in bureaucratic quagmires or […]
Silverfort Open Sources Lateral Movement Detection Tool
Silverfort has released the source code for its lateral movement detection tool LATMA, to help identify and analyze intrusions. The post Silverfort Open Sources Lateral Movement Detection Tool appeared first on SecurityWeek.
Recently Patched TeamCity Vulnerability Exploited to Hack Servers
In-the-wild exploitation of a critical vulnerability in the TeamCity CI/CD server started shortly after a patch was released by developers. The post Recently Patched TeamCity Vulnerability Exploited to Hack Servers appeared first on SecurityWeek.
CISA Kicks Off Cybersecurity Awareness Month With New Program
CISA has announced the Secure Our World cybersecurity awareness program, targeting both businesses and end users. The post CISA Kicks Off Cybersecurity Awareness Month With New Program appeared first on SecurityWeek.