Generative AI’s ‘show me the money’ moment
In a key scene from the 1996 movie “Jerry Maguire,” a pro football player is in the midst of contract negotiations with the Arizona Cardinals. He gets tired of his agent Jerry’s slick sales pitch and shouts at him in exasperation: “Show me the money!” This is the very spot the world finds itself with generative […]
Apple Patches WebKit Flaws Exploited on Older iPhones
Apple’s security response team warns that flaws CVE-2023-42916 and CVE-2023-42917 were already exploited against versions of iOS before iOS 16.7.1. The post Apple Patches WebKit Flaws Exploited on Older iPhones appeared first on SecurityWeek.
How customers capture real economic value with zero trust
Hub-and-spoke networks and castle-and-moat security architectures were designed for days gone by when users, apps, and data all resided on premises. But in today’s world, endlessly extending the network to more branch offices, remote users, and cloud apps, and defending network access through ever-growing stacks of point product hardware appliances breeds significant costs. The Zscaler […]
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices
Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks. The post Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices appeared first on SecurityWeek.
Thinking of hibernating through the metaverse winter?
If you’re skeptical about dipping your enterprise’s virtual toes into a metaverse, rightfully so. While the roots of the metaverse date back more than 70 years, the concept gained instant credibility when it landed on Gartner’s 2022 Hype Cycle for Emerging Technologies with a “Plateau of Productivity’ timeframe of “more than 10 years.” Around the […]
A cloud-based solution to rescue millions from energy poverty
British-based Savannah Energy operates on a simple principle: Financial poverty and energy poverty are intertwined. Therefore, the company reasons, by generating clean, competitively priced electricity for millions of households in Africa, hardship can be replaced with socio-economic prosperity. Given the realities on the ground, though, this objective is not as simple as it sounds. For […]
Meta Takes Action Against Multiple Foreign Influence Campaigns
Meta removed three foreign influence operations from the Facebook platform during Q3, 2023. Two were Chinese in origin, and one was Russian, the company says. The post Meta Takes Action Against Multiple Foreign Influence Campaigns appeared first on SecurityWeek.
US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers
US Treasury sanctions Sinbad, saying the cryptocurrency mixer is laundering funds for North Korean hacking group Lazarus. The post US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers appeared first on SecurityWeek.
Black Basta Ransomware Group Received Over $100 Million From 90 Victims
The Black Basta ransomware group has infected over 300 victims and received more than $100 million in ransom payments. The post Black Basta Ransomware Group Received Over $100 Million From 90 Victims appeared first on SecurityWeek.
Qlik Sense Vulnerabilities Exploited in Ransomware Attacks
Qlik Sense vulnerabilities CVE-2023-41266, CVE-2023-41265 and CVE-2023-48365 exploited for initial access in Cactus ransomware attacks. The post Qlik Sense Vulnerabilities Exploited in Ransomware Attacks appeared first on SecurityWeek.
Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals
ZeroedIn says personal information of 2 million individuals was compromised in an August 2023 data breach that impacts customers such as Dollar Tree. The post Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals appeared first on SecurityWeek.
Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments
Palo Alto Networks has launched a new rugged firewall for industrial environments and announced several OT security improvements. The post Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments appeared first on SecurityWeek.
CISA Debuts ‘Secure by Design’ Alert Series
New CISA alerts shed light on the harm occurring when software vendors fail to implement secure by design principles. The post CISA Debuts ‘Secure by Design’ Alert Series appeared first on SecurityWeek.
Google’s RETVec Open Source Text Vectorizer Bolsters Malicious Email Detection
Google shows how RETVec, a new and open source text vectorizer, can improve the detection of phishing attacks, spam and other harmful content. The post Google’s RETVec Open Source Text Vectorizer Bolsters Malicious Email Detection appeared first on SecurityWeek.
400G: Building bandwidth for the next lap
Anticipating an Explosion of Bandwidth Demand Global bandwidth demand is on an unprecedented rise. In 2022 alone, the International Telecommunications Union (ITU) recorded 25% growth in international bandwidth usage, adding to a 33% compounded average growth rate that’s been steadily rising since 2017. For individual consumers, 1Gbps connectivity is now a norm while high-definition video has become […]
CIO Darlene Taylor’s formula for success: Listen, drive, care
It’s no secret: The best talent wants to work for leaders with the attributes to drive success. And for those leaders, credibility is king. Darlene Taylor, CIO of Superior Industries, one of the world’s largest suppliers of aluminum wheels, attributes her “street cred” to her past experience, first as an engineer of automotive design and […]
8 change management questions every IT leader must answer
Early in the pandemic CIO Ken Grady pinpointed a key challenge that has vexed IT organizations for the better part of a decade. “We saw a tremendous acceleration and adoption in the use of new platforms to stay connected and keep our organizations moving forward,” Grady recalls of those early days navigating lockdowns. “A few […]
Hundreds of Malicious Android Apps Target Iranian Mobile Banking Users
Zimperium has identified over 200 information-stealing Android applications targeting mobile banking users in Iran. The post Hundreds of Malicious Android Apps Target Iranian Mobile Banking Users appeared first on SecurityWeek.
Keyless Goes Independent, Raises $6M for Biometric Authentication
British startup building biometric authentication technology has snagged $6 million in a new round of funding led by Rialto Ventures. The post Keyless Goes Independent, Raises $6M for Biometric Authentication appeared first on SecurityWeek.
Okta Broadens Scope of Data Breach: All Customer Support Users Affected
Okta expands scope of October breach, saying hackers stole names and email addresses of all its customer support system users. The post Okta Broadens Scope of Data Breach: All Customer Support Users Affected appeared first on SecurityWeek.
New BLUFFS Bluetooth Attack Methods Can Have Large-Scale Impact: Researcher
An academic researcher demonstrates BLUFFS, six novel attacks targeting Bluetooth sessions’ forward and future secrecy. The post New BLUFFS Bluetooth Attack Methods Can Have Large-Scale Impact: Researcher appeared first on SecurityWeek.
Google Patches Seventh Chrome Zero-Day of 2023
The latest Chrome security update addresses the seventh exploited zero-day vulnerability documented in the browser in 2023. The post Google Patches Seventh Chrome Zero-Day of 2023 appeared first on SecurityWeek.
CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack
After hackers compromised ICS at a US water utility, CISA issued a warning over the exploitation of the targeted Unitronics PLC. The post CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack appeared first on SecurityWeek.
Five Cybersecurity Predictions for 2024
Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape. The post Five Cybersecurity Predictions for 2024 appeared first on SecurityWeek.
Google Will Start Deleting ‘Inactive’ Accounts in December. Here’s What You Need to Know
The easiest way to keep your Google account active (and thus prevent it from being deleted) is to sign in at least once every two years. The post Google Will Start Deleting ‘Inactive’ Accounts in December. Here’s What You Need to Know appeared first on SecurityWeek.
Per Scholas redefines IT hiring by diversifying the IT talent pipeline
Per Scholas was founded in 1995 in the Bronx as a computer reclamation company with the goal of bridging the digital divide. To do so, the organization collected retired computers and laptops from companies, fixed them up, and redistributed them back into the community through schools and nonprofits. When CEO Plinio Ayala joined Per Scholas […]
Steps Gerresheimer takes to transform its IT
By mid-2023, Walldorf-based Gerresheimer had its IT strategy revised, and a central component of this was its cloud journey, for which CIO Zafer Nalbant and his team built a hybrid environment consisting of a public cloud part based on Microsoft Azure, and a private cloud part that runs in a data center completely managed by T-Systems. And according […]
4 remedies to avoid cloud app migration headaches
Once enterprises commit to running business-critical applications in the cloud, they rarely move to another provider. One big reason: they’re often locked into their chosen provider’s ecosystem. The cost of migrating is simply too high, says Sid Nag, VP of cloud services and technology at Gartner. “But if you do your planning exercise properly, you […]
The Importance of Identity Management in Security
It’s ever more challenging in today’s work-from-anywhere world to prevent cybersecurity breaches. And while all organizations work hard to prevent attacks through traditional security measures such as multi-factor authentication, patching, training, and more, the bad guys increasingly find their way in through poorly thought-out, scattered access and identity management practices. The solution, we’ve seen in […]
The hybrid approach: Get the best of both mainframe and cloud
As more businesses push forward with digital transformation projects, cloud computing has stood out as a powerful tool capable of fueling the analytics that drive new technologies like artificial intelligence (AI) and machine learning (ML)—two capabilities that are quickly becoming a must-have in nearly every organization. But getting to that point presents some unique challenges. […]
Why data virtualization is critical for business success
Businesses today are sitting on vast amounts of data, which has the potential to unlock new opportunities and avenues to stay one step ahead of the competition. But data doesn’t always come in a neatly packaged format, ready to be sorted, analyzed, and used in decision-making or analysis. Enterprises are highly complex operations that often […]
How to evolve IT systems into innovation engines
When vendor-driven and customer-driven technology roadmaps are in close alignment, the results can be almost magical. Unfortunately, for most organizations that’s rarely the reality as they’re often left struggling to achieve the innovation that their vendors are supposed to enable. IT leaders are all too familiar with this cycle: Up-and-coming vendors mature or get acquired […]
Dear Oracle Cloud…I need my own space
Dear Oracle Cloud Infrastructure, Look, it’s not you, it’s me. And right now, you need to give me some space. No, not the space in your data center, I’m not quite ready to commit on a deeper level. I need my own space, on my own terms because I need to keep my options open. Let me explain. I’m not ready […]
Exploitation of Critical ownCloud Vulnerability Begins
Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure. The post Exploitation of Critical ownCloud Vulnerability Begins appeared first on SecurityWeek.
Police Dismantle Major Ukrainian Ransomware Operation
Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader. The post Police Dismantle Major Ukrainian Ransomware Operation appeared first on SecurityWeek.
Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets
AWS announces Amazon One Enterprise, a palm-based identity service that enables users to easily access physical locations and digital assets. The post Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets appeared first on SecurityWeek.
Los Angeles SIM Swapper Sentenced to 8 Years in Prison
Amir Golshan of Los Angeles was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes. The post Los Angeles SIM Swapper Sentenced to 8 Years in Prison appeared first on SecurityWeek.
Critical Vulnerability Found in Ray AI Framework
A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes. The post Critical Vulnerability Found in Ray AI Framework appeared first on SecurityWeek.
Making sense of zero trust – why a managed SASE solution is the ideal option for enterprises
Remote working and cloud computing are among the most significant trends in the global business landscape, unlocking innovation but also increasing attack surfaces and creating opportunities for cyber attackers. To mitigate these threats, businesses are turning to a new generation of cybersecurity solutions – with research showing Secure Access Service Edge (SASE) at the forefront. […]
What you don’t know about data management could kill your business
IT leaders take note: At your likely current trajectory, your organization is the Titanic and its data is the iceberg. To avoid the inevitable, CIOs must get serious about data management. Data, of course, has been all the rage the past decade, having been declared the “new oil” of the digital economy. And yes, data […]
8 tips for unleashing the power of unstructured data
Making the most of enterprise data is a top concern for IT leaders today. With organizations seeking to become more data-driven with business decisions, IT leaders must devise data strategies gear toward creating value from data no matter where — or in what form — it resides. For many enterprises, unstructured data, in the form of […]
Ardent Hospitals Diverting Patients Following Ransomware Attack
Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations. The post Ardent Hospitals Diverting Patients Following Ransomware Attack appeared first on SecurityWeek.
Gen AI without the risks
ChatGPT, Stable Diffusion, and DreamStudio–Generative AI are grabbing all the headlines, and rightly so. The results are impressive and improving at a geometric rate. Intelligent assistants are already changing how we search, analyze information, and do everything from creating code to securing networks and writing articles. Gen AI will become a fundamental part of how […]
Old age isn’t what is used to be: a versatile solution for a more independent breed of seniors
Today’s seniors aren’t what they used to be. Writer Stephen King recently turned 76. Rock legends Paul McCartney and Ringo Starr just released the final Beatles song at the age of 81 and 83 respectively. Captain James T. Kirk himself, the venerable William Shatner, is 92. And none of them are resting on their laurels. Imagine, […]
Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass
Three critical vulnerabilities in ownCloud could lead to sensitive information disclosure and authentication and validation bypass. The post Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass appeared first on SecurityWeek.
Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption
Healthcare solutions giant Henry Schein is once again restoring systems after ransomware group claims it re-encrypted files. The post Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption appeared first on SecurityWeek.
US, UK Cybersecurity Agencies Publish AI Development Guidance
New guidance from US and UK cybersecurity agencies provides recommendations for secure AI system development. The post US, UK Cybersecurity Agencies Publish AI Development Guidance appeared first on SecurityWeek.
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks. The post UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws appeared first on SecurityWeek.
Fidelity National Financial Takes Down Systems Following Cyberattack
Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack. The post Fidelity National Financial Takes Down Systems Following Cyberattack appeared first on SecurityWeek.
Hacktivism: What’s in a Name… It May be More Than You Expect
Hacktivism is evolving. It is important for both the law and cyber defenders to understand the current and potential activity of hacktivism to better understand how it should be treated. The post Hacktivism: What’s in a Name… It May be More Than You Expect appeared first on SecurityWeek.
Hackers Hijack Industrial Control System at US Water Utility
Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or water supply. The post Hackers Hijack Industrial Control System at US Water Utility appeared first on SecurityWeek.
Turning the tide in STEM career roadblocks at Synchrony
Despite public and internal corporate support programs, and increased awareness of male/female disparities in the workplace in terms of positions and salaries, women still come up short of equity in tech job placements. Roughly 26% of tech jobs in the US are held by women, a decrease from about 33% in 2019, according to CompTIA’s […]
10 things keeping IT leaders up at night
CIOs are hardly Luddites, but even some technologists fret about artificial intelligence, the rapid pace of tech evolution, and their ability to keep up. That’s not to say they’re looking to ditch their roles or smash machines, as the real Luddites had. Yet CIOs do admit that they’re worried about multiple issues these days. Here […]
Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons
The U.S. military is increasing use of AI technology that will fundamentally alter the nature of war. The post Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons appeared first on SecurityWeek.
Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OK
Broadcom has cleared all regulatory hurdles and plans to complete its $69 billion acquisition of cloud technology company VMware. The post Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OK appeared first on SecurityWeek.
North Korean Software Supply Chain Attack Hits North America, Asia
North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack. The post North Korean Software Supply Chain Attack Hits North America, Asia appeared first on SecurityWeek.
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Noteworthy stories that might have slipped under the radar: Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking. The post In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking appeared first on SecurityWeek.
Germany’s ITZBund is moving federal IT into the cloud
In order to avoid falling into the trap of legacy applications, Germany’s federal center for Information Technology, the ITZBund, recognized early to execute a future-oriented cloud landscape, says Christine Serrette, the federal administration’s CIO and deputy technical director. The ITZBund acts as a central IT service provider for the federal administration and operates a wide range of critical […]
The 15 most valuable IT certifications today
Certifications have long been a great means for IT career advancement. The right credentials can boost your salary, set you apart from the competition, and help you land promotions in your current role. In fact, IT leaders report that certified staff add a value of $30,000 per year to the organization, with a noticeable increase in […]
A forensic look to modernize tech at South Africa’s SIU
Established in 1996, South Africa’s Special Investigating Unit (SIU) has acted as a trusted anti-corruption, forensic investigation, and litigation agency to recover financial losses and correct wrongdoing. But with a long history comes legacy tech and inefficiencies. Something an entity like the SIU can’t afford. CIO Tumelo Zwane understands how new and emerging technologies can […]
What CIOs can learn from the massive Optus outage
The week’s high-profile resignation of Optus CEO Kelly Bayer Rosmarin in the wake of the Australian telco’s massive outage that left 10 million Australians and 400,000 businesses without phone or internet for up to 12 hours earlier this month underscores the stakes involved when it comes to setting an IT strategy for business resilience. At […]
Thrive with Digital, Accelerating Intelligence for Electric Power
From October 20 to 23, the 24th Conference on the Electric Power Supply Industry (CEPSI 2023) was held in the eastern Chinese coastal city of Xiamen. The event was co-sponsored by the Association of the Electricity Supply Industry of East Asia and the Western Pacific (AESIEAP) and the China Electricity Council. Huawei was deeply involved […]
How machines learned to chat
Chatbots have blazed an evolutionary path similar to that of self-driving cars. Using the benchmarking approach for driverless vehicles, they’ve advanced from what we might call Level 0—simple call-and-response programs designed a half-century ago—to Level 5—sophisticated AI-driven engines that can increasingly perform human-like tasks. That’s like going from rotary phones to the iPhone, notes Robb […]
Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets
Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.” The post Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets appeared first on SecurityWeek.
185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone
Car parts giant AutoZone says nearly 185,000 individuals were impacted by a data breach caused by the MOVEit hack. The post 185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone appeared first on SecurityWeek.
Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products
Microsoft invites researchers to new bug bounty program focused on vulnerabilities in its Defender products. The post Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products appeared first on SecurityWeek.
Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board
San Francisco-based OpenAI has reached an agreement in principle for Sam Altman to return to OpenAI as CEO with a new initial board. The post Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board appeared first on SecurityWeek.
Windows Hello Fingerprint Authentication Bypassed on Popular Laptops
Researchers have tested the fingerprint sensors used for Windows Hello on three popular laptops and managed to bypass them. The post Windows Hello Fingerprint Authentication Bypassed on Popular Laptops appeared first on SecurityWeek.
Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’
Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that has hobbled access to records. The post Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’ appeared first on SecurityWeek.
Humans Are Notoriously Bad at Assessing Risk
When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality. The post Humans Are Notoriously Bad at Assessing Risk appeared first on SecurityWeek.
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability
Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it. The post Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability appeared first on SecurityWeek.
5 pillars of a cloud-conscious culture
Most CIOs recognize the advantages of cloud, the global reach it provides, and the ease with which services can be scaled up and back down again. “Cloud is scalable IT infrastructure that enables organizations to respond quickly to market changes, support business growth, and minimize disruptions,” says Swati Shah, SVP and CIO of US markets […]
Keeping the customer journey and experience as a North Star
As a connected car data company focusing on the motor insurance sector, UK-based ThingCo is dedicated to developing next gen telematics built with the latest technology. But ensuring the best possible end user experience is the primary consideration to choose the right way forward. “I think of myself as a techie, but I’m probably more […]
LLM Security Startup Lasso Emerges From Stealth Mode
Lasso Security raises $6 million in seed funding to tackle cyber threats to secure generative AI and large language model algorithms. The post LLM Security Startup Lasso Emerges From Stealth Mode appeared first on SecurityWeek.
CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities
New CISA pilot program brings cutting-edge cybersecurity services to critical infrastructure entities that need support. The post CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities appeared first on SecurityWeek.
Tor Network Removes Risky Relays Associated With Cryptocurrency Scheme
The Tor network has removed many relays associated with a cryptocurrency scheme, citing risk to integrity and users. The post Tor Network Removes Risky Relays Associated With Cryptocurrency Scheme appeared first on SecurityWeek.
Canadian Military, Police Impacted by Data Breach at Moving Companies
Data breach at moving companies impacts Canadian government employees, and military and police personnel. The post Canadian Military, Police Impacted by Data Breach at Moving Companies appeared first on SecurityWeek.
Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges
Interview with Craig Martell, Chief Digital and AI Officer (CDAO) for the U.S. Department of Defense, about AI use in the military. The post Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges appeared first on SecurityWeek.
Sumo Logic Completes Investigation Into Recent Security Breach
Sumo Logic has completed its investigation into the recent security breach and found no evidence of impact to customer data. The post Sumo Logic Completes Investigation Into Recent Security Breach appeared first on SecurityWeek.
Microsoft Paid Out $63 Million Since Launch of First Bug Bounty Program 10 Years Ago
Over the past ten years, Microsoft has handed out $63 million in rewards as part of its bug bounty programs. The post Microsoft Paid Out $63 Million Since Launch of First Bug Bounty Program 10 Years Ago appeared first on SecurityWeek.
Air Force CDAIO Eileen Vidrine on leading top-flight AI operations
Artificial intelligence is transforming the ways in which we do virtually everything. That includes how the United States fights wars, monitors threats, and safeguards the national defense. The role of AI has become so critical to military strategy and capability that the US Air and Space Forces appointed its first chief artificial intelligence officer this […]
7 steps for turning shadow IT into a competitive edge
Ask IT leaders about their challenges with shadow IT, and most will cite the kinds of security, operational, and integration risks that give shadow IT its bad rep. But for a select few, the deeper challenges of departmental technologies being funded, procured, and managed without IT involvement are the missed opportunities to better engage and […]
Generative AI’s most noble mission: Improving and saving lives
Michael J. Fox says it perfectly: “Family is not an important thing. It’s everything.” That’s exactly how I feel. As a technology professional, seeing how artificial intelligence (AI) and generative AI/large language models can improve and save lives makes me think about the significant difference this can have on families and communities worldwide–including mine. It’s one of technology’s most profound and […]
Gen AI: Should you build or buy?
With organizations racing to put more generative AI tools in users’ hands—and software vendors rapidly integrating those tools into their products—CIOs face a familiar choice: develop their own solutions in house, or invest and adapt tools already available in a fast-growing AI marketplace. Yet it’s not a simple build-vs.-buy question, says Prakash Ramamurthy, chief product […]
5 ways AI is showing promise as a decision-maker
CIOs and others in the C-suite are already seeing payoffs from using AI to automate myriad types of business tasks and workflows. Now they’re eyeing a next-phase opportunity—relying on machine intelligence to handle complex decisions. “If you look at the advances we have seen in AI, with the large amounts of data that large language […]
Frucor Suntory amplifies sales and service with a unified mobile app
Early in my career, I stayed in an authentic ryokan inn in Kyoto. It was right out of an 1800s Hiroshige woodblock print with a Japanese garden, hanging lanterns, sliding rice paper doors, and a glowing view of Mt Fuji at sunrise. After work, my colleague and I discovered the local dishes and Suntory scotch—a first. […]
The $400 billion opportunity for AI in customer service
Not all AI-powered customer service chatbots are created equal—or created well. Take AVA, the AI-infused customer support bot that AirAsia introduced in 2019. AVA racked up nearly as many customer complaints as case resolutions, forcing AirAsia CEO Tony Fernandes to admit earlier this year that AVA was Southeast Asia’s “most hated AI chatbot.” AVA, of […]
Morgan Stanley Fined $6.5 Million for Exposing Customer Information
Morgan Stanley agrees to pay $6.5 million for exposing personal information through negligent data-security practices. The post Morgan Stanley Fined $6.5 Million for Exposing Customer Information appeared first on SecurityWeek.
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations. The post CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations appeared first on SecurityWeek.
Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products
Johnson Controls has patched a critical vulnerability that can be exploited to take complete control of Frick industrial refrigeration products. The post Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products appeared first on SecurityWeek.
Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing
Microsoft hired Sam Altman and another architect of OpenAI for a new venture after their sudden departures shocked the artificial intelligence world. The post Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing appeared first on SecurityWeek.
Russia’s LitterDrifter USB Worm Spreads Beyond Ukraine
Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries. The post Russia’s LitterDrifter USB Worm Spreads Beyond Ukraine appeared first on SecurityWeek.
Yamaha Motor Confirms Data Breach Following Ransomware Attack
Yamaha Motor discloses ransomware attack impacting the personal information of its Philippines subsidiary’s employees. The post Yamaha Motor Confirms Data Breach Following Ransomware Attack appeared first on SecurityWeek.
5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms
It’s crucial to thoroughly assess the risk profiles of various SSE platforms and weigh their suitability against their organization’s risk tolerance before adopting SSE. The post 5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms appeared first on SecurityWeek.
US Announces $70 Million Cybersecurity Boost for Rural, Municipal Utilities
The US Department of Energy is offering $70 million in funding to improve the cybersecurity of rural and municipal utilities. The post US Announces $70 Million Cybersecurity Boost for Rural, Municipal Utilities appeared first on SecurityWeek.
250 Organizations Take Part in Electrical Grid Security Exercise
Over 250 organizations take part in GridEx VII, the largest North American exercise focusing on the security of the electrical grid. The post 250 Organizations Take Part in Electrical Grid Security Exercise appeared first on SecurityWeek.
Can developer productivity be measured? Better than you think
Measuring developer productivity has long been a Holy Grail of business. And like the Holy Grail, it has been elusive. But based on our work with companies from a range of industries, we think we may have figured out a way to do it that could work. In 2020, McKinsey surveyed 440 large companies about […]
6 most underhyped technologies in IT — plus one that’s not dead yet
Generative AI and, more specifically, ChatGPT captivated the corporate world in 2023, with board directors, CEOs, and other executives fawning (and sometimes fearing) the technology. Their enthusiasm is justified, with multiple studies finding that AI is delivering strong value and returns on investment. IBM, for one, found that the average ROI on enterprise-wide AI initiatives […]
K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs
Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations. The post K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs appeared first on SecurityWeek.
ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company
Open AI pushed out its co-founder and CEO Sam Altman after a review found he was “not consistently candid in his communications” with the board of directors. The post ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company appeared first on SecurityWeek.
2 Environmentalists Who Were Targeted by a Hacking Network Say the Public Is the Real Victim
Two environmentalists told a judge that the public was the real victim of a global computer hacking campaign that targeted those fighting big oil companies to get the truth out about global warming. The post 2 Environmentalists Who Were Targeted by a Hacking Network Say the Public Is the Real Victim appeared first on SecurityWeek.
FCC Tightens Telco Rules to Combat SIM-Swapping
Under the new rules, wireless carriers are required to notify customers of any SIM transfer requests, a measure designed to thwart fraudulent attempts by cybercriminals. The post FCC Tightens Telco Rules to Combat SIM-Swapping appeared first on SecurityWeek.
In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit
Noteworthy stories that might have slipped under the radar: top law firm hacked, Chinese bank pays ransom, and PyPI conducts first security audit. The post In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit appeared first on SecurityWeek.
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website
Wisconsin teenager Joseph Garrison has admitted in court to launching a credential stuffing attack on a betting website. The post US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website appeared first on SecurityWeek.
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools
Bug hunters uncover over a dozen exploitable vulnerabilities in tools used to build chatbots and other types of AI/ML models. The post Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools appeared first on SecurityWeek.
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks. The post Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability
CISA adds Sophos, Oracle and Microsoft product security holes to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability appeared first on SecurityWeek.
Key GOP Lawmaker Calls for Renewal of Surveillance Tool as He Proposes Changes to Protect Privacy
The Republican chairman of the House Intelligence Committee has called for the renewal of a key US government surveillance tool as he proposed a series of changes aimed at safeguarding privacy. The post Key GOP Lawmaker Calls for Renewal of Surveillance Tool as He Proposes Changes to Protect Privacy appeared first on SecurityWeek.
Israeli Man Who Made $5M From Hacking Scheme Sentenced to Prison in US
Aviram Azari, an Israeli man who made nearly $5 million from a hacking scheme, has been sentenced to 80 months in prison in the US. The post Israeli Man Who Made $5M From Hacking Scheme Sentenced to Prison in US appeared first on SecurityWeek.
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack
Toyota Financial Services has been hit by a ransomware attack that may have involved exploitation of the CitrixBleed vulnerability. The post CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack appeared first on SecurityWeek.
IHG maximizes hospitality with multicloud
For IHG Hotels and Resorts, the cloud provides just the right accommodation for business success. “First and foremost we see our journey to the cloud as the most extremely important part of both our technology and commercial strategies,” says George Turner, chief commercial and technology officer of the British multinational, which relies heavily on its […]
Biden Campaign Looking for CISO
The Biden for President campaign is looking for a cybersecurity chief to “define the organization’s risk appetite” and manage its cybersecurity and IT initiatives. The post Biden Campaign Looking for CISO appeared first on SecurityWeek.
Google Adds Passkey Support to New Titan Security Key
Google launches new Titan security key with passkey support, allowing users to store up to 250 unique passkeys. The post Google Adds Passkey Support to New Titan Security Key appeared first on SecurityWeek.
State-Sponsored Online Spies Likely to Target Australian Submarine Program, Spy Agency Says
Australia’s cooperation with the U.S. and Britain to develop an Australian fleet of submarines powered by U.S. nuclear technology is a likely target of state-sponsored cyberespionage, the nation’s digital spy agency said. The post State-Sponsored Online Spies Likely to Target Australian Submarine Program, Spy Agency Says appeared first on SecurityWeek.
Zimbra Zero-Day Exploited to Hack Government Emails
Google says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails. The post Zimbra Zero-Day Exploited to Hack Government Emails appeared first on SecurityWeek.
Survey: Are you digitally ready for AI-enhanced ERP?
Many businesses are eyeing the potential of artificial intelligence (AI) and machine learning (ML) to transform ERP. Your ability to reap the rewards of that potential may depend on how far along you are with digital transformation. A recent IDC report sponsored by Rimini Street, AI, and ERP: Intelligently Automating the Enterprise and Creating Differentiating Value, […]
Bad Bots Account for 73% of Internet Traffic: Analysis
The top five categories of Bad Bot attacks are fake account creation, account takeovers, scraping, account management, and in-product abuse. The post Bad Bots Account for 73% of Internet Traffic: Analysis appeared first on SecurityWeek.
ServiceNow adds gen AI to more workflows, including chatbot creation
ServiceNow is rolling out another wave of generative AI additions to facilitate workflow management on its Now Platform. The update adds gen AI capabilities for field service workers, chatbot creators, and developers, among others. In September the Vancouver release of Now Platform added Now Assist for ITSM, Customer Service Management, and HR Service Delivery — […]
Administrator of Darkode Hacking Forum Sentenced to Prison
Thomas McCormick, aka fubar, an administrator of the Darkode hacking forum, has been sentenced to 18 months in prison. The post Administrator of Darkode Hacking Forum Sentenced to Prison appeared first on SecurityWeek.
Threat Intel: To Share or Not to Share is Not the Question
To share or not to share threat intelligence isn’t the question. It’s how to share, what to share, where and with whom. The post Threat Intel: To Share or Not to Share is Not the Question appeared first on SecurityWeek.
Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach
Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers. The post Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach appeared first on SecurityWeek.
The Hartford CIO Deepa Soni on transforming at scale
Deepa Soni’s CIO story is one of sacrifice, breaking through comfort zones, and building confidence in redefining the art of the possible. In a career spanning such companies as IBM, KeyCorp, M&T Bank, and BMO, she has “answered the call” many times, most recently as CIO of The Hartford, where she is responsible for the […]
5 ways to deploy your own large language model
It’s the fastest-moving new technology in history. Generative AI is transforming the world, changing the way we create images and videos, audio, text, and code. According to a September survey of IT decision makers by Dell, 76% say gen AI will have a “significant if not transformative” impact on their organizations, and most expect to […]
Illuminating the black box: why CIOs should consider publishing an annual IT report
This article was co-authored by Ishan Prakash, a Manager at Metis Strategy. The black box For decades IT has been a black box—an obscurity of inner workings mostly just accepted by the firm. But that paradigm is changing and not least because IT itself has changed. Once relegated to a role of support, the function […]
Microsoft Ignite 2023: 11 takeaways for CIOs
This year’s Microsoft Ignite developer conference might as well be called AIgnite, with over half of the almost 600 sessions featuring artificial intelligence in some shape or form. Generative AI, in particular, is at the heart of many of the new product announcements Microsoft is making at the event, including new AI capabilities for wrangling […]
Malicious innovation, building resilience, and the importance of chocolate
I recently had the privilege of talking with Keren Elazari, Joanne Friedman, and Isaac Sacolick. They are just three of the smart, compassionate, and forward-thinking speakers you can hear from at CSO’s Future of Cybersecurity Summit on December 7, 2023. This is a virtual event so take part from wherever you are, but don’t miss […]
A new and stronger entity: Versuni transforms its company – and technology
In September 2021, Philips Domestic Appliances became a stand-alone company called Versuni. As part of the carve-out, Versuni made the decision to transform its entire technology landscape. It would be a formidable undertaking, given the siloed nature of the systems in place at the time. For example, there were segregated applications for the various finance […]
Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI
Microsoft provided guidance on an Azure CLI bug leading to the exposure of sensitive information through GitHub Actions logs. The post Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI appeared first on SecurityWeek.
Application Security Startup Aikido Security Raises €5 Million
Aikido Security has raised €5 million (~$5.4 million) in seed funding for an all-in-one application security platform. The post Application Security Startup Aikido Security Raises €5 Million appeared first on SecurityWeek.
Data Security Firm ALTR Banks $25M Series C
Florida late-state startup ALTR gets another cash infusion to expand markets for data security technologies. The post Data Security Firm ALTR Banks $25M Series C appeared first on SecurityWeek.
US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea
US government announces the takedown of the IPStorm proxy service botnet and the guilty plea of its creator, a Russian/Moldovan national. The post US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea appeared first on SecurityWeek.
CISA Outlines AI-Related Cybersecurity Efforts
CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI. The post CISA Outlines AI-Related Cybersecurity Efforts appeared first on SecurityWeek.
SAP Patches Critical Vulnerability in Business One Product
SAP released a hotfix for a critical-severity improper access control vulnerability in Business One product installation. The post SAP Patches Critical Vulnerability in Business One Product appeared first on SecurityWeek.
State-Backed Hackers a Threat to Australia, Agency Warns
The AUKUS partnership, with its focus on nuclear submarines and other advanced military capabilities, is likely a target for state actors looking to steal intellectual property. The post State-Backed Hackers a Threat to Australia, Agency Warns appeared first on SecurityWeek.
RADICL Adds $9 Million in Funding to Fortify Cyber Defenses of SMBs in Defense Industrial Base
RADICL, a cybersecurity startup specializing in providing threat protection to SMBs, secured an additional $9 million in early-stage funding, adding to $3 million that the company had raised previously. The post RADICL Adds $9 Million in Funding to Fortify Cyber Defenses of SMBs in Defense Industrial Base appeared first on SecurityWeek.
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
By embracing a strategy that combines technological advancements with critical thinking skills, collaboration, and a culture of continuous learning, organizations can safeguard against AI’s disruptive effects. The post Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation appeared first on SecurityWeek.
How ServiceNow gets the most out of generative AI
Competition among software vendors to be “the” platform on which enterprises build their IT infrastructure is intensifying, with the focus of late on how much noise they can make about their implementation of generative AI features. ServiceNow wasn’t the first to announce its generative AI capabilities, but it was among the first of the major […]
We’re all becoming software CIOs — a role Red Hat CIO Jim Palermo knows well
Whether you sell cars, candy, consulting, or construction, software is moving to the center of your business. Your products and services rely on software and data for nearly everything from product development to aftermarket support. So congratulations! You’ve become (or will become) what is, essentially, a software company CIO. I’ve been writing about how life […]
CIO as enabler: Building an ecosystem of innovation partners
There’s significant debate about the future of the CIO role, but one thing is clear: Digital leaders who want to be successful must look beyond the firewall and link up with an ecosystem of vendor partners, startups, and other organizations to ensure the enterprise thrives. The reason for this shift is simple: While CIOs can often call on talented teams of […]
New Intel CPU Vulnerability ‘Reptar’ Can Allow DoS Attacks, Privilege Escalation
A new Intel CPU vulnerability tracked as Reptar and CVE-2023-23583 can be exploited for DoS attacks and possibly privilege escalation. The post New Intel CPU Vulnerability ‘Reptar’ Can Allow DoS Attacks, Privilege Escalation appeared first on SecurityWeek.
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities
Intel and AMD have informed their customers about a total of more than 130 vulnerabilities found in their products. The post Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities appeared first on SecurityWeek.
More connected, less secure: Addressing IoT and OT threats to the enterprise
The Internet of Things (IoT) is a permanent fixture for consumers and enterprises as the world becomes more and more interconnected. By 2027, the global number of connected IoT devices is projected to exceed 29 billion, a significant increase from the 16.7 billion devices reported in 2023. While the connected device landscape continues to expand […]
Critical Authentication Bypass Flaw in VMware Cloud Director Appliance
VMware flaw carries a CVSS severity-score of 9.8/10 and can be exploited to bypass login restrictions when authenticating on certain ports. The post Critical Authentication Bypass Flaw in VMware Cloud Director Appliance appeared first on SecurityWeek.
The future of IT: what we can learn from the mainframe
In the continuously evolving landscape of information technology, change is the only constant. Mainframes have now been around for decades and have etched their mark as the systems that laid the foundation for many technological advances. And then came the cloud, a transformative revolution that took the IT world by storm. But cloud isn’t the […]
How state and local governments can close the digital divide in education with fast, affordable connectivity
Education has long served as the key to unlocking economic progress and social mobility. However, unequal access to digital tools has created a large gap between children who have access to fast, reliable internet connectivity in school and at home and those who don’t. The internet has become an important channel for delivering learning, with many […]
How leadership can empower developers in the AI era
Imposter syndrome—doubting your abilities to the point that you feel like a fraud—is an evergreen topic of conversation among software developers. For many devs, the explosion of GenAI and AI-powered coding tools makes feeling like an imposter more inevitable than ever. Plenty of people who code for a living are scrambling to add AI prompt engineering and […]
Microsoft Warns of Critical Bugs Being Exploited in the Wild
Patch Tuesday: Redmond’s security response team flags two vulnerabilities — CVE-2023-36033 and CVE-2023-36036 — already being exploited in the wild. The post Microsoft Warns of Critical Bugs Being Exploited in the Wild appeared first on SecurityWeek.
The network is your office intelligence center
You can’t manage what you can’t measure, and your network is more than a data conduit—it’s your office intelligence center. As an IT decision maker, it’s up to you to transform your network for the future so it can anticipate worker needs, reduce energy usage, reinforce security, and deliver real-time data for a faster path […]
How 5G is driving big innovations in healthcare for veterans
The nation’s largest healthcare system, the Veterans Health Administration (VHA) strives to deliver the same high-quality standard of care for the 9 million veterans it serves each year, regardless of health status or location. Fulfilling that goal is tough for an organization with over 1,300 facilities, but the VHA has learned that using the right technology can […]
How transportation agencies can maximize infrastructure investments with network modernization
Across roads, highways, rails, and airports, federal, state and local transit authorities are rolling out new digital infrastructure to enhance safety and make transportation more efficient. The deployment of Internet of Things (IoT) devices, smart cameras, lidar systems and other sensors is designed to increase awareness of traffic and surface conditions, so officials can more […]
UK Cybersecurity Center Says ‘Deepfakes’ and Other AI Tools Pose a Threat to the Next Election
Britain’s cybersecurity agency said that artificial intelligence poses a threat to the country’s next election, and cyberattacks by hostile countries and their proxies are getting harder to track. The post UK Cybersecurity Center Says ‘Deepfakes’ and Other AI Tools Pose a Threat to the Next Election appeared first on SecurityWeek.
Zip Raises $7.7 Million to Expand SMB Cybersecurity Business
New York City and Washington DC-based startup Zip Security raised $7.7 million seed financing led by General Catalyst, co-led by Human Capital, and with participation from Box Group. The post Zip Raises $7.7 Million to Expand SMB Cybersecurity Business appeared first on SecurityWeek.
Protected Virtual Machines Exposed to New ‘CacheWarp’ AMD CPU Attack
CacheWarp is a new attack method affecting a security feature present in AMD processors that can pose a risk to virtual machines. The post Protected Virtual Machines Exposed to New ‘CacheWarp’ AMD CPU Attack appeared first on SecurityWeek.
Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion
Adobe patches 72 security bugs and calls special attention to code-execution defects in the widely deployed Acrobat and Reader software. The post Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion appeared first on SecurityWeek.
9 cloud strategy questions every IT leader must answer
It’s no longer a question of whether organizations are moving to the cloud but rather how well it’s going. Cloud isn’t that shiny new object in the distance, full of possibility. It’s come down to earth — sometimes with an unexpected thud onto the wrong side of a company’s balance sheet. “There are so many […]
What is code-to-cloud security intelligence?
In the last decade, the technology industry experienced a massive shift toward the cloud where every company no matter the industry developed and deployed cloud-native applications. This pace shows no sign of stopping; we have an app economy – now bolstered by AI-led developments. Data reflects this momentum, with worldwide public cloud spending expected to […]
Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide
CISA says Royal ransomware has targeted 350 organizations to date, demanding over $275 million in ransoms. The post Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide appeared first on SecurityWeek.
MySQL Servers, Docker Hosts Infected With DDoS Malware
Researchers warn attackers are targeting MySQL servers and Docker hosts to plant malware capable of launching distributed DDoS attacks. The post MySQL Servers, Docker Hosts Infected With DDoS Malware appeared first on SecurityWeek.
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric
Siemens and Schneider Electric’s Patch Tuesday advisories for November 2023 address 90 vulnerabilities affecting their products. The post ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric appeared first on SecurityWeek.
Radiant Snags $15 Million for AI-Powered SOC Technology
Radiant Security gets $15 million in new financing as investors double down on early stage companies experimenting with AI technology. The post Radiant Snags $15 Million for AI-Powered SOC Technology appeared first on SecurityWeek.
Top 10 API Security Threats for Q3 2023
New report provides a detailed look into the ever-changing threats targeting APIs. The post Top 10 API Security Threats for Q3 2023 appeared first on SecurityWeek.
Webinar Today: Using Governance and Privilege to Gain Control Over Third-Party Access
Learn how to create more trust in your third party relationships by adding sustainable processes and tools that enable you to control access. The post Webinar Today: Using Governance and Privilege to Gain Control Over Third-Party Access appeared first on SecurityWeek.
Google Suing Cybercriminals Who Delivered Malware via Fake Bard Downloads
Google files a lawsuit against cybercriminals who delivered account-hijacking malware by offering fake Bard AI downloads. The post Google Suing Cybercriminals Who Delivered Malware via Fake Bard Downloads appeared first on SecurityWeek.
Hacker Conversations: Chris Wysopal, AKA Weld Pond
Chris Wysopal is the founder and CTO of Veracode. Two decades ago, he was better known as Weld Pond, a member of the hacker collective L0pht Heavy Industries. The post Hacker Conversations: Chris Wysopal, AKA Weld Pond appeared first on SecurityWeek.
PyPI Packages Found to Expose Thousands of Secrets
GitGuardian discovered roughly 4,000 secrets in nearly 3,000 PyPI packages, including Azure, AWS, and GitHub keys. The post PyPI Packages Found to Expose Thousands of Secrets appeared first on SecurityWeek.
22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure
Denmark’s cybersecurity center for critical sectors shares details on a coordinated attack against the country’s energy sector. The post 22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure appeared first on SecurityWeek.
Relationship management: The unsung art of optimizing IT teams
Success for an IT leader requires mastering a wide range of skills. One must have technical acumen and business savvy, be a great communicator and problem-solver, and know how to secure funding and capitalize on it. But getting the most out of IT staff and unleashing synergies among IT teams is among the more underappreciated […]
Where do IT leaders stand on securing the mainframe?
Mainframes are a critical piece of the technology infrastructure for countless enterprises. They are leveraged by 71% of Fortune 500 companies, which emphasizes just how pivotal they are in large-scale business operations. Whether it’s buying groceries, making a bank transfer, or booking a flight, the mainframe is powering how consumers interact with organizations and is […]
Getting the most out of open source without sacrificing security
Open source has seen a great deal of momentum among mainframers, making collaboration easier and providing greater transparency. But for all of its benefits, open source is not without risks. By its very nature, open-source code is accessible to whoever wants to see it—including potential attackers. That means an attacker looking to crack into an […]
4 steps to connect change management and DevOps
It’s no secret that companies are committing to DevOps. In fact, according to a recent survey, three-quarters of leaders have adopted DevOps into their operations. DevOps delivers speed and agility to the development process. By cross-training operations and engineering, development teams can move faster through better collaboration, making continuous integration and continuous delivery (CI/CD) a reality for […]
Bringing together DevOps and mainframe security
The DevOps ecosystem of today is becoming increasingly more complex. No matter the industry, organizations are increasingly looking for ways to optimize mission-critical software development processes. Businesses are under constant pressure to adopt new processes and platforms to achieve the goals set out by business leaders. As development teams grapple with the challenge of modernizing […]
12 strategic tips CIOs can learn from tech vendor CTOs
The changing landscape of IT, driven by rapid advances in technology and digital transformation, has seen a shift in CIOs’ responsibilities and challenges. CIOs are increasingly doing more software development and technology-focused work as part of their digital transformations, making the adage “every company is a software company” more of a truism with each digital […]
The retail edge: Where data powers game-changing customer experiences
The future of retail is omnichannel The last three or four years have changed retail forever. The growth rate for online purchases spiked to 32% in 2020 and has continued to grow by double digits since then.1 But despite some of the benefits of online sales, this isn’t all good news for retailers. Online shopping […]
Ransomware Group RansomedVC Closes Shop
The ransomware and data extortion group RansomedVC announced plans to shut down the project and sell parts of its infrastructure. The post Ransomware Group RansomedVC Closes Shop appeared first on SecurityWeek.
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party
Dragos finds no evidence of a data breach after the BlackCat ransomware group claimed to have hacked the security firm via a third party. The post Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party appeared first on SecurityWeek.
2.2 Million Impacted by Data Breach at McLaren Health Care
McLaren Health Care is informing roughly 2.2 million individuals of a data breach impacting their personal information. The post 2.2 Million Impacted by Data Breach at McLaren Health Care appeared first on SecurityWeek.
Ransomware Group Leaks Files Allegedly Stolen From Boeing
The LockBit ransomware group has leaked gigabytes of files allegedly stolen from the systems of aerospace giant Boeing. The post Ransomware Group Leaks Files Allegedly Stolen From Boeing appeared first on SecurityWeek.
Operations at Major Australian Ports Significantly Disrupted by Cyberattack
A cyberattack on Australian shipping giant DP World, which may have been a ransomware attack, has resulted in serious disruptions at major ports. The post Operations at Major Australian Ports Significantly Disrupted by Cyberattack appeared first on SecurityWeek.
Mr. Cooper Says Customer Data Compromised in Cyberattack
US mortgage giant Mr. Cooper announced that customer data was compromised in an October 31 cyberattack. The post Mr. Cooper Says Customer Data Compromised in Cyberattack appeared first on SecurityWeek.
10 digital transformation roadblocks — and 5 tips for overcoming them
In today’s fast-paced business world, companies are striving to harness the power of digital technologies to reinvent their operations, enhance customer experiences, drive innovation, and thereby create value for stakeholders. But the hard truth is that many digital initiatives fail to deliver results. Transformation efforts can be derailed for any number of reasons, but there […]
Yellen Says Ransomware Attack on China’s Biggest Bank Minimally Disrupted Treasury Market Trades
A ransomware attack that forced China’s biggest bank to take some systems offline only minimally disrupted the U.S. Treasury market. The post Yellen Says Ransomware Attack on China’s Biggest Bank Minimally Disrupted Treasury Market Trades appeared first on SecurityWeek.
Huawei’s Vision for Intelligent Networking Unveiled at GITEX Global 2023
GITEX Global 2023 witnessed Huawei’s impactful presence, as the tech giant delved into the future of intelligent networking. Under the theme of “Intelligent Cloud-Network, Accelerating Industry Intelligence,” Huawei’s data communication session showcased their vision for the future of networking, addressing the need for high-quality, ultra-fast connections and intelligent solutions. Huawei Datacom Booth Huawei As digital-first […]
In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying
Noteworthy stories that might have slipped under the radar: EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying. The post In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying appeared first on SecurityWeek.
Cavelo Raises CA$5 Million for Attack Surface Management Platform
Cavelo has raised CA$5 million (~US$3.6 million USD) to help organizations comply with data protection regulations. The post Cavelo Raises CA$5 Million for Attack Surface Management Platform appeared first on SecurityWeek.
France, UK Seek Greater Regulation of Commercial Spyware
France and the UK are calling for greater regulation of commercial surveillance software in the wake of recent Pegasus and Predator spyware scandals. The post France, UK Seek Greater Regulation of Commercial Spyware appeared first on SecurityWeek.
Intel Sued Over ‘Downfall’ CPU Vulnerability
A class action lawsuit has been filed against Intel over its handling of CPU speculative execution vulnerabilities, with a focus on Downfall. The post Intel Sued Over ‘Downfall’ CPU Vulnerability appeared first on SecurityWeek.
1.3 Million Maine Residents Impacted by MOVEit Hack
The State of Maine says the personal information of 1.3 million individuals was compromised in the MOVEit attack. The post 1.3 Million Maine Residents Impacted by MOVEit Hack appeared first on SecurityWeek.
US Government Issues Guidance on SBOM Consumption
CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security. The post US Government Issues Guidance on SBOM Consumption appeared first on SecurityWeek.
Ransomware Attack on China’s Biggest Bank Disrupts Treasury Market Trades, Reports Say
A ransomware attack on China’s biggest bank, the Industrial and Commercial Bank of China Financial Services, disrupts Treasury market trades. The post Ransomware Attack on China’s Biggest Bank Disrupts Treasury Market Trades, Reports Say appeared first on SecurityWeek.
4 ways ICA rebuilds and cleans up IT
During the pandemic, e-commerce quickly became the focus of large food chains. ICA, with about 1,300 stores and a 36% market share, was no exception, and in Q2 of 2020, while stay-at-home mandates were enacted, its e-commerce increased by 165%. Now e-commerce has slowed down and in-person purchasing patterns are recovering. In addition, ICA has […]
How Synchrony helps veterans become IT leaders
Many veterans transitioning from military to civilian life have all the fundamentals necessary to make their mark in IT. Transferable skills gained from technology and operations roles in service and strong leadership skills from their military background make veterans a valuable talent pool for IT organizations looking for future IT leaders and dependable, skilled IT […]
How the new AI executive order stacks up: B-
The White House’s new executive order, “Safe, Secure, and Trustworthy Artificial Intelligence,” is poised to usher in a new era of national AI regulation, focusing on safety and responsibility across the sector. But will it? The executive order represents the U.S. government’s opening salvo in creating a comprehensive regulatory framework for AI, applicable both in […]
Tidal Cyber Raises $5 Million for Threat-Informed Defense Platform
The Washington, DC startup is building a threat-informed defense platform that helps organizations automate detection and response work. The post Tidal Cyber Raises $5 Million for Threat-Informed Defense Platform appeared first on SecurityWeek.
Medical Company Fined $450,000 by New York AG Over Data Breach
A medical company has been fined $450,000 by the New York AG over a data breach that may have involved exploitation of a SonicWall vulnerability. The post Medical Company Fined $450,000 by New York AG Over Data Breach appeared first on SecurityWeek.
Securing your AI-powered network transformation: A guide for C-suite leaders
Complexity is the bane of all network security teams, and they will attest that the more dashboards, screens, and manual integration they must juggle, the slower their response time. It need not be complex, it need not be disjointed, nor does it need to require adroitness in the art of juggling. Your network makes engagement […]
Generative AI: now is the time to ‘learn by doing’
By Bryan Kirschner, Vice President, Strategy at DataStax Today, we’re all living in a world in which “humans with machines will replace humans without machines”—for the second time. The first time around, smartphone apps became ubiquitous and indispensable machines that just about everyone uses to get things done. This time, generative AI applications will become […]
Major ChatGPT Outage Caused by DDoS Attack
ChatGPT and its API have experienced a major outage due to a DDoS attack apparently launched by Anonymous Sudan. The post Major ChatGPT Outage Caused by DDoS Attack appeared first on SecurityWeek.
‘BlazeStealer’ Malware Delivered to Python Developers Looking for Obfuscation Tools
Checkmarx uncovers a malicious campaign targeting Python developers with malware that takes over their systems. The post ‘BlazeStealer’ Malware Delivered to Python Developers Looking for Obfuscation Tools appeared first on SecurityWeek.
Japan Aviation Electronics Targeted in Ransomware Attack
Japan Aviation Electronics confirms cyberattack as Alphv/BlackCat ransomware group publishes allegedly stolen data. The post Japan Aviation Electronics Targeted in Ransomware Attack appeared first on SecurityWeek.
Risk Ledger Raises £6.25 Million for Supply Chain Security Solution
UK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks. The post Risk Ledger Raises £6.25 Million for Supply Chain Security Solution appeared first on SecurityWeek.
In transition: How Kyndryl’s CIO weaned the company off IBM’s systems
For Kyndryl CIO Michael Bradshaw, the clock started ticking in November 2021 when the former managed infrastructure services division of IBM was spun out as a separate entity and given two years to disentangle its IT systems from IBM’s. “We had a 24-month transition services agreement,” he says. With that deadline came a dilemma: “Do […]
Chief AI officer: What it takes to land the C-suite’s hottest new job
As countless organizations race to investigate or adopt artificial intelligence technologies, many are building out an AI skilled workforce. That includes the decision to appoint or hire a chief artificial intelligence officer (CAIO). Indeed, new research from Foundry finds that 11% of midsize to large organizations have already designated such an individual in the role, […]
SysAid Zero-Day Vulnerability Exploited by Ransomware Group
CVE-2023-47246 zero-day vulnerability in SysAid IT service management software has been exploited by Cl0p ransomware affiliates. The post SysAid Zero-Day Vulnerability Exploited by Ransomware Group appeared first on SecurityWeek.
CISA Says SLP Vulnerability Allowing Amplified DoS Attacks Exploited in the Wild
CISA says an SLP vulnerability allowing for a DoS amplification factor of 2,000 is being exploited in attacks. The post CISA Says SLP Vulnerability Allowing Amplified DoS Attacks Exploited in the Wild appeared first on SecurityWeek.
Russian Hackers Used Novel OT Attack to Disrupt Ukrainian Power Amid Mass Missile Strikes
Mandiant says Russia’s Sandworm hackers used a novel OT attack to cause power outages that coincided with mass missile strikes on critical infrastructure across Ukraine. The post Russian Hackers Used Novel OT Attack to Disrupt Ukrainian Power Amid Mass Missile Strikes appeared first on SecurityWeek.
Why you must extend Zero Trust to public cloud workloads
Today, many organizations are embracing the power of the public cloud by shifting their workloads to them. A recent study shows that 98% of IT leaders 1 have adopted a public cloud infrastructure. Additionally, 58% of these organizations use between two and three public clouds, indicating a growing trend toward multi-cloud environments. It is estimated […]
Protecto Joins Cadre of Startups in AI Data Protection Space
Silicon Valley startup is pitching APIs to help organizations protect data and ensure compliance throughout the AI deployment lifecycle. The post Protecto Joins Cadre of Startups in AI Data Protection Space appeared first on SecurityWeek.
GitHub Enhances Security Capabilities With AI
GitHub adds AI-powered security features to help developers identify and address code vulnerabilities faster. The post GitHub Enhances Security Capabilities With AI appeared first on SecurityWeek.
DHS Launches New Critical Infrastructure Security and Resilience Campaign
DHS launches Shields Ready, a new campaign promoting security and resilience for critical infrastructure organizations. The post DHS Launches New Critical Infrastructure Security and Resilience Campaign appeared first on SecurityWeek.
Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point
Offensive Security does not focus on discreet attacks, singular actors, or Indicators of compromise, but understands the entirety of both sides of the battlefield. The post Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point appeared first on SecurityWeek.
Long and winding railroad – heading for the cloud
On a recent bicycle ride with friends, I was stopped at a railroad crossing waiting for a long freight train. It was an iconic American experience to witness. It allowed me to catch my breath as I counted the 148 railcars, winding their way across the county connecting their freight to the next step on […]
Sumo Logic Urges Users to Change Credentials Due to Security Breach
Cloud monitoring and SIEM firm Sumo Logic is urging users to rotate credentials following the discovery of a security breach. The post Sumo Logic Urges Users to Change Credentials Due to Security Breach appeared first on SecurityWeek.
FBI Highlights Emerging Initial Access Methods Used by Ransomware Groups
FBI warns that ransomware operators continue to abuse third-party vendors and services as an attack vector. The post FBI Highlights Emerging Initial Access Methods Used by Ransomware Groups appeared first on SecurityWeek.
Marina Bay Sands Discloses Data Breach Impacting 665k Customers
Singapore’s Marina Bay Sands luxury resort has disclosed a data breach impacting the information of 665,000 customers. The post Marina Bay Sands Discloses Data Breach Impacting 665k Customers appeared first on SecurityWeek.
How a tech model at Univeris fosters team building with empathy
Founded in 1991 and headquartered in Toronto, Univeris has over $450 billion in assets under administration in 12 countries. And with tech as a central enabler, Manas Khanna, the company’s associate VP of global technology operations, has a complex, dynamic, and ever evolving portfolio to manage, including all aspects of infrastructure and its operations, SaaS […]
Principal Financial unifies IT to lay foundation for growth
For companies whose business units have traditionally operated independently, centralizing IT operations under one strategy can reap significant benefits — especially when it comes to offering a holistic customer experience and establishing a unified data foundation for leveraging the latest emerging technologies. That’s where EVP and CIO Kathy Kay found herself in coming to Principal […]
Many CIOs are better equipped to combat rising IT costs. Are you?
Inflation may have dropped from its high in 2022, but the price pressures on IT budgets have continued unabated. Rising prices have imposed tough challenges on IT budgets, operations and staffing, especially for global organizations with operations in countries where inflation has been running high, such as Poland (10%), India (8%) or Turkey (50%). While […]
Dropper Service Bypassing Android Security Restrictions to Install Malware
ThreatFabric warns of a dropper service bypassing recent Android security restrictions to install spyware and banking trojans. The post Dropper Service Bypassing Android Security Restrictions to Install Malware appeared first on SecurityWeek.
Guarding the gates: a look at critical infrastructure security in 2023
With 2022 now in our rearview mirror, we still reflect on a time marked by global upheavals, like the Russia – Ukraine war, to the skyrocketing energy prices and global inflation. The impact of these disruptions reverberated worldwide, reaching beyond just our economy. These global events have also underscored the crucial significance of safeguarding our […]
10 essential tips for bolstering cloud security in your business
The business world is rapidly continuing its digital transformation and relying on cloud-based solutions. This makes it more critical than ever to adopt strong security measures to protect sensitive information and infrastructure. However, while cloud computing offers benefits like improved efficiency, scalability, and accessibility, it poses new security challenges. Organizations must adopt proactive security strategies […]
Generative AI hallucinations: What can IT do?
Generative AI adoption is growing in the workplace—and for good reason. Studies indicate the potential for significant productivity gains: workers saw some writing projects speed up by 40% in a study released by Science and developers were able to complete certain tasks up to 30% faster according to McKinsey research. But the double-edged sword to […]
Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study
Foreign threat actors can easily obtain sensitive information on US military members from data brokers, a Duke University study shows. The post Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study appeared first on SecurityWeek.
Critical Vulnerabilities Expose Veeam ONE Software to Code Execution
Veeam Software has rolled out patches to cover code execution vulnerabilities in its Veeam ONE IT monitoring product. The post Critical Vulnerabilities Expose Veeam ONE Software to Code Execution appeared first on SecurityWeek.
Salesforce Automotive Cloud adds Einstein Studio, Fleet Management
Salesforce is adding AI, telematics and a host of other capabilities to beef up Salesforce Automotive Cloud, built on the company’s Customer 360 cloud-based CRM platform and released last year as a dedicated system to help automakers better connect with dealers and end consumers. Features that are generally available now include Einstein Studio and Fleet […]
Free Tool Helps Industrial Organizations Find OPC UA Vulnerabilities
A new free tool named OpalOPC helps industrial organizations find OPC UA misconfigurations and vulnerabilities. The post Free Tool Helps Industrial Organizations Find OPC UA Vulnerabilities appeared first on SecurityWeek.
New MacOS Malware Linked to North Korean Hackers
New macOS malware, tracked by Jamf as ObjCShellz, is likely being used by North Korean hackers to target crypto exchanges The post New MacOS Malware Linked to North Korean Hackers appeared first on SecurityWeek.
Myrror Security Emerges From Stealth Mode With $6 Million in Funding
Myrror Security emerges from stealth mode to disrupt supply chain attacks with binary-to-source code analysis. The post Myrror Security Emerges From Stealth Mode With $6 Million in Funding appeared first on SecurityWeek.
37 Vulnerabilities Patched in Android With November 2023 Security Updates
The Android security updates released this week resolve 37 vulnerabilities, including a critical information disclosure bug. The post 37 Vulnerabilities Patched in Android With November 2023 Security Updates appeared first on SecurityWeek.
Federal Push for Secure-by-Design: What It Means for Developers
Secure-by-design is clearly important to the federal government, and there is a strong possibility that it will become a regulatory requirement for the critical industries enforced through an Executive Order. The post Federal Push for Secure-by-Design: What It Means for Developers appeared first on SecurityWeek.
Narrowing the Focus of AI in Security
AI can truly disrupt all elements of the SOC and provide an analyst with 10x more data and save 10x more time than what currently exists. The post Narrowing the Focus of AI in Security appeared first on SecurityWeek.
Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals
Five Canadian hospitals have confirmed a ransomware attack as data allegedly stolen from them was posted online. The post Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals appeared first on SecurityWeek.
What is Kyndryl? IBM’s managed infrastructure services spin-off explained
Kyndryl separated from IBM in November 2021 to become a standalone business focused on managed infrastructure services. Over time, it’s taken advantage of its freedom to introduce new services and work with new partners. What does Kyndryl do? Essentially, Kyndryl does exactly what the managed infrastructure services unit of IBM’s Global Technology Services segment did: […]
The CIO’s fatal flaw: Too much leadership, not enough management
“He’s a manager, not a leader,” my source explained to me, referring to the CIO in a disparaging tone of voice. I followed up with a few dozen more 360-degree interviews — translation: I talked with a lot of different people — and confirmed the diagnosis. Except for one thing: The CIO’s focus on management […]
Breaking down data silos for digital success
For years, IT and business leaders have been talking about breaking down the data silos that exist within their organizations. Given the importance of sharing information among diverse disciplines in the era of digital transformation, this concept is arguably as important as ever. In fact, as companies undertake digital transformations, usually the data transformation comes […]
Cybersecurity M&A Roundup: 31 Deals Announced in October 2023
Thirty-one cybersecurity-related merger and acquisition (M&A) deals were announced in October 2023. The post Cybersecurity M&A Roundup: 31 Deals Announced in October 2023 appeared first on SecurityWeek.
Travelers to Acquire Cyberinsurance Firm Corvus for $435 Million
Property and casualty insurance giant Travelers has entered into an agreement to acquire Corvus Insurance Holdings for approximately $435 million. The post Travelers to Acquire Cyberinsurance Firm Corvus for $435 Million appeared first on SecurityWeek.
Palo Alto to Acquire Talon, Intensifying Competition in Cloud Data Security
Technology powerhouse Palo Alto Networks is officially on a billion-dollar shopping spree in the cloud data security space. The post Palo Alto to Acquire Talon, Intensifying Competition in Cloud Data Security appeared first on SecurityWeek.
American Airlines Pilot Union Recovering After Ransomware Attack
The Allied Pilots Association is restoring its systems after a file-encrypting ransomware attack. The post American Airlines Pilot Union Recovering After Ransomware Attack appeared first on SecurityWeek.
US Sanctions Russian National for Helping Ransomware Groups Launder Money
The US Treasury has sanctioned Ekaterina Zhdanova for laundering money on behalf of cybercriminals and Russian elites. The post US Sanctions Russian National for Helping Ransomware Groups Launder Money appeared first on SecurityWeek.
‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks
Glibc vulnerability affecting major Linux distributions and tracked as Looney Tunables exploited in cloud attacks by Kinsing group. The post ‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks appeared first on SecurityWeek.
Iranian APT Targets Israeli Education, Tech Sectors With New Wipers
The Iran-linked APT Agrius has been targeting higher education and technology organizations in Israel with new wipers. The post Iranian APT Targets Israeli Education, Tech Sectors With New Wipers appeared first on SecurityWeek.
Exploitation of Critical Confluence Vulnerability Begins
Threat actors have started exploiting a recent critical vulnerability in Confluence Data Center and Confluence Server. The post Exploitation of Critical Confluence Vulnerability Begins appeared first on SecurityWeek.
The RACI matrix: Your blueprint for project success
Having managed and rescued dozens of projects, and helped others do so, I’ve noted that there is always one critical success factor (CSF) that has either been effectively addressed or missed/messed up: clarity around the roles and responsibilities for each project participant and key stakeholder. No matter how detailed and complete a project plan may be […]
Employee engagement: 10 best practices for improving your culture
When employees disengage from work — often called quiet quitting — it starts a ripple effect that can damage everything from their career trajectory to your team, company, and the global economy. Gallup estimates that this phenomenon cost the economy $7.8 trillion in 2022. What is employee engagement? Employee engagement is the feeling of connection, […]
IT leader’s survival guide: 8 tips to thrive in the years ahead
Managers looking toward 2024 and beyond certainly have a full plate. Decisions around game-changing current and future technology require decisive action and possible investment to remain competitive. In addition to the usual technology considerations, economic, geopolitical, and supply-chain issues all compete for attention as IT leaders look to keep their organizations growing amid turbulent times. […]
A Cyber Breach Delays Poll Worker Training in Mississippi’s Largest County Before the Statewide Vote
Election officials in Mississippi’s most populous county had to scramble to complete required poll worker training after an early September breach involving county computers. The post A Cyber Breach Delays Poll Worker Training in Mississippi’s Largest County Before the Statewide Vote appeared first on SecurityWeek.
Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent
Microsoft says four Exchange ‘zero-days’ disclosed by ZDI have either already been patched or they don’t require immediate attention. The post Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent appeared first on SecurityWeek.
Low-code: An Accelerator for Digital Transformation
Digital transformation is expected to be the top strategic priority for businesses of all sizes and industries, yet organisations find the transformation journey challenging due to digital skill gap, tight budget, or technology resource shortages. Amidst these challenges, organisations turn to low-code to remain competitive and agile. Taking the programmer out of software development, low-code […]
How AI can drive efficiencies in your supply chain
Companies are leveraging artificial intelligence to drive up supply chain resilience, as issues such as materials shortages and natural disasters threaten business stability. Enterprises across industries will increasingly use AI for tasks such as answering complex procurement questions, which will in turn improve supply chain efficiency. “Supply relationship management will enter an entirely new phase […]
Mortgage Giant Mr. Cooper Shuts Down Systems Following Cyberattack
Mr. Cooper suspends operations, including payments, after a cyberattack forced it to take systems offline. The post Mortgage Giant Mr. Cooper Shuts Down Systems Following Cyberattack appeared first on SecurityWeek.
Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop
Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop. The post Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop appeared first on SecurityWeek.
In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach
Noteworthy stories that might have slipped under the radar: US airport taxi hacking by Russians, Stanford ransomware attack, and post-quantum crypto guidance. The post In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach appeared first on SecurityWeek.
North Korean Hackers Use New ‘KandyKorn’ macOS Malware in Attacks
Security researchers uncover new macOS and Windows malware associated with the North Korea-linked Lazarus Group. The post North Korean Hackers Use New ‘KandyKorn’ macOS Malware in Attacks appeared first on SecurityWeek.
Apache ActiveMQ Vulnerability Exploited as Zero-Day
The recently patched Apache ActiveMQ vulnerability tracked as CVE-2023-46604 has been exploited as a zero-day since at least October 10. The post Apache ActiveMQ Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Cyberattack Disrupts Ace Hardware’s Operations
Cyberattack cripples Ace Hardware’s internal systems, resulting in shipment delays, suspended online orders. The post Cyberattack Disrupts Ace Hardware’s Operations appeared first on SecurityWeek.
Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday
SEC charges SolarWinds and its CISO over cybersecurity and risk handling practices before the massive hack that came to light in late 2020. The post Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday appeared first on SecurityWeek.
Atlassian Issues Second Warning on Potential Exploitation of Critical Confluence Flaw
Atlassian warns that ‘critical information’ released on the Confluence bug CVE-2023-22518 increases the risk of exploitation. The post Atlassian Issues Second Warning on Potential Exploitation of Critical Confluence Flaw appeared first on SecurityWeek.
What Duxbury Networking’s CIO does to balance head with heart
What keeps IT leaders up at night covers a broad range of issues including improving overall IT performance, data security, process risk and compliance, and meeting needs to improve business agility. For Shamiel Kimmie, Duxbury Networking’s CIO, a few of these make his list, as well as addressing talent shortages, managing relationships with his C-level peers, and […]
Burnout: An IT epidemic in the making
Burnout is quickly becoming a widespread problem for IT organizations. The wake of the COVID-19 pandemic, mass tech industry layoffs, and the demand to keep pace with constantly evolving technology are all prominent factors contributing to a state of exhaustion among IT pros, according to industry surveys. For IT leaders aware of the impact burnout […]
CIOs sharpen cloud cost strategies — just as gen AI spikes loom
Cloud costs remain a key concern for IT leaders, who find themselves nearing a crossroads where expenditures for core workloads will need containment to free up spend for innovation. To be sure, enterprise cloud budgets continue to increase, with IT decision-makers reporting that 31% of their overall technology budget will go toward cloud computing and […]
When least privilege is the most important thing
In the ever-evolving realm of information security, the principle of Least Privilege stands out as the cornerstone of safeguarding sensitive data. However, this fundamental concept, emphasizing limited access to resources and information, has been progressively overlooked, placing our digital ecosystems at greater risk. First, let’s define our terms. The principle of least privilege (PoLP) is […]
After Major Cloud Hacks, Microsoft Unveils ‘Secure Future Initiative’
In response to a spate of embarrassing hacks, Redmond pushes ‘Secure Future Initiative’ promising faster cloud patches, better management of identity signing keys and products with a higher default security bar. The post After Major Cloud Hacks, Microsoft Unveils ‘Secure Future Initiative’ appeared first on SecurityWeek.
Your biggest barriers to digital transformation aren’t technical…they’re cultural
As an infrastructure and security practitioner with nearly 30 years of experience, I’ve witnessed periods of rapid change in the technology landscape. However, I have seen a lot of things stay practically the same. Historically, our jobs as infrastructure and security professionals have involved installing the “plumbing” that ensures organizations remain connected through traditional networking […]
Xage Targets New Markets with $20 Million Investment
Silicon Valley startup snags $20 million in new capital and announced plans to expand beyond traditional IT environments. The post Xage Targets New Markets with $20 Million Investment appeared first on SecurityWeek.
Former SpaceX Engineers Get $8 Million in Funding for AI Security Firm Wraithwatch
Former SpaceX cybersecurity engineers launch Wraithwatch, an AI-based security firm that received $8 million in seed funding. The post Former SpaceX Engineers Get $8 Million in Funding for AI Security Firm Wraithwatch appeared first on SecurityWeek.
FusionAuth Snags $65 Million Investment for Customer Identity Tech
Colorado startup raises new capital from Updata Partners to build out its customer authentication and authorization technology. The post FusionAuth Snags $65 Million Investment for Customer Identity Tech appeared first on SecurityWeek.
SASE success: Avoid confusion and embrace a single-vendor solution
In the recent Gartner® Hype CycleTM for Zero Trust Networking, 2023 report, which evaluates the current status of 19 of “the most relevant and hyped” zero-trust technologies, the cybersecurity industry analysts made a somewhat startling pronouncement about secure access service edge (SASE). They wrote that “SASE is in the Trough of Disillusionment, due to exaggerated marketing by many […]
Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware
A recently patched Apache ActiveMQ vulnerability tracked as CVE-2023-46604 is being exploited to deliver ransomware. The post Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware appeared first on SecurityWeek.
Is your data strategy ready for gen AI? LOB leaders may disagree
Rapid advancements in artificial intelligence (AI), particularly generative AI are putting more pressure on analytics and IT leaders to get their houses in order when it comes to data strategy and data management. Line-of-business leaders are feeling the need to move on generative AI now and are asking their technical counterparts to step on the […]
European Privacy Officials Widen Ban on Meta’s Behavioral Advertising to Most of Europe
European privacy officials have widened a ban on Meta’s “behavioral advertising” practices to most of Europe. The post European Privacy Officials Widen Ban on Meta’s Behavioral Advertising to Most of Europe appeared first on SecurityWeek.
Microsoft Temporarily Disables SketchUp Support After Discovery of 117 Vulnerabilities
Zscaler identified 117 vulnerabilities in Microsoft 365’s support for SketchUp files and bypassed initial patches. The post Microsoft Temporarily Disables SketchUp Support After Discovery of 117 Vulnerabilities appeared first on SecurityWeek.
AP News Site Hit by Apparent Denial-of-Service Attack
The Associated Press news website experienced an outage that appeared to be consistent with a denial-of-service attack. The post AP News Site Hit by Apparent Denial-of-Service Attack appeared first on SecurityWeek.
Boeing Confirms Distribution Business Hit by Cyberattack
Boeing has confirmed that parts of its distribution business were hit by a cyberattack after a ransomware group claimed to have breached the company’s systems. The post Boeing Confirms Distribution Business Hit by Cyberattack appeared first on SecurityWeek.
Rajeev Ronanki on making the leap to CEO
CEOs increasingly depend on technology as a central means of staking competitive positions, and that shift has made CIOs increasingly well-suited for the job. To be sure, a small but growing group of CIOs have already made this jump. Consider Tim Buckley, at Vanguard; Tim Spence, at Fifth Third Bank; or Jason Buechel, at WholeFoods. […]
What is data analytics? Transforming data into better decisions
What is data analytics? Data analytics is a discipline focused on extracting insights from data. It comprises the processes, tools, and techniques of data analysis and management, including the collection, organization, and storage of data. The chief aim of data analytics is to apply statistical analysis and technologies on data to find trends and solve […]
Cisco Patches 27 Vulnerabilities in Network Security Products
Cisco has released software updates to address 27 vulnerabilities in Cisco ASA, FMC, and FTD software. The post Cisco Patches 27 Vulnerabilities in Network Security Products appeared first on SecurityWeek.
SAP unveils tools to help enterprises build their own gen AI apps
SAP has unveiled new tools to build AI into business applications across its software platform, including new development tools, database functionality, AI services, and enhancements to its Business Technology Platform, BTP. The news came at SAP TechEd, its annual conference for developers and enterprise architects, this year held in Bangalore, the unofficial capital of India’s […]
A simplified view of the enterprise tech market
I hate the way enterprise IT industry analysts see the world. That’s hard for me to say as I am one of those analysts. But it’s something that I not only feel myself, but that I hear (in various forms) from tech vendors and enterprise IT execs alike — all the time. The reason the […]
FIRST Releases CVSS 4.0 Vuln Scoring Standard
The CVSS vulnerability scoring standard is refreshed to provide more data and remove ambiguities in rating the severity of downstream issues. The post FIRST Releases CVSS 4.0 Vuln Scoring Standard appeared first on SecurityWeek.
Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks
Delegates from 28 nations agreed to work together to contain the potentially “catastrophic” risks posed by galloping advances in artificial intelligence. The post Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks appeared first on SecurityWeek.
8 ways IT can help supercharge your sales team
Without revenue from sales of products or services, a business becomes little more than a hobby or a charitable organization. Building sales requires a well-equipped sales team, and in today’s digital world, that means IT must become a strong support partner. But aligning with sales leaders on transformative technology initiatives takes more than just rolling […]
Mozi Botnet Likely Killed by Its Creators
The recent shutdown of the Mozi botnet is believed to have been carried out by its creators, possibly forced by Chinese authorities. The post Mozi Botnet Likely Killed by Its Creators appeared first on SecurityWeek.
Fighting fire with…data
There is evidence to support that 2023 may be the worst wildfire season ever recorded. Earlier this year, there were over 1,140 active fires in Canada. And in August, the Hawaiian island of Maui suffered the deadliest U.S. wildfire in a century with more than 110 fatalities thus far. The first line of defense against fire […]
Supply Chain Startup Chainguard Scores $61 Million Series B
Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies. The post Supply Chain Startup Chainguard Scores $61 Million Series B appeared first on SecurityWeek.
Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges
VMware’s Threat Analysis Unit finds 34 new vulnerable kernel drivers that can be exploited to alter or erase firmware and escalate privileges. The post Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges appeared first on SecurityWeek.
Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway
Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway. The post Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway appeared first on SecurityWeek.
Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks
Check Point reports that an Iranian APT has been observed using a new malware framework in targeted attacks in the Middle East. The post Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks appeared first on SecurityWeek.
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
MITRE announces the release of ATT&CK v14, which brings enhancements related to detections, ICS, and mobile. The post MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile appeared first on SecurityWeek.
Chrome 119 Patches 15 Vulnerabilities
Chrome 119 is rolling out to Linux, macOS, and Windows users with patches for 15 vulnerabilities. The post Chrome 119 Patches 15 Vulnerabilities appeared first on SecurityWeek.
Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution
Threat actors are constantly publishing malicious NuGet packages to automatically execute code on developers’ machines. The post Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution appeared first on SecurityWeek.
DPI: Still Effective for the Modern SOC?
There has been an ongoing debate in the security industry over the last decade or so about whether or not deep packet inspection (DPI) is dead. The post DPI: Still Effective for the Modern SOC? appeared first on SecurityWeek.
SIEM and Log Management Provider Graylog Raises $39 Million
Graylog secured $39 million in funding to accelerate product development and scale its go-to-market operations. The post SIEM and Log Management Provider Graylog Raises $39 Million appeared first on SecurityWeek.
Cutting-Edge AI Raises Fears About Risks to Humanity. Are Tech and Political Leaders Doing Enough?
Many people are raising the alarm about AI’s as-yet-unknown dangers and calling for safeguards to protect people from its existential threats. The post Cutting-Edge AI Raises Fears About Risks to Humanity. Are Tech and Political Leaders Doing Enough? appeared first on SecurityWeek.
CIOs still grapple with what gen AI can do for the enterprise
Most CIOs have begun exploring generative AI to make sure they stay relevant. But many are finding that the technology on the market doesn’t yet live up to the hype. “After experimenting with both GitHub copilot and ChatGPT for over six months, I’m amazed by the pace at which generative AI is evolving,” says Yves […]
Digital pragmatism at Volvo means more control and less agile
The automotive industry keeps accelerating into the technological switch to electric engines, and all efforts at Volvo Cars point to a clear ambition to be a clear frontrunner. Such a seismic shift also creates a different dynamic in the market, with a fundamentally simpler technical platform compared to internal combustion engines. As a result, many […]
Former British Cyberespionage Agency Employee Gets Life in Prison for Stabbing an American Spy
Former British cyberespionage agency employee was sentenced in a London court for attempted murder, will have to serve at least 13 years in prison. The post Former British Cyberespionage Agency Employee Gets Life in Prison for Stabbing an American Spy appeared first on SecurityWeek.