10 celebri disastri provocati dall’intelligenza artificiale
Nel 2017, The Economist ha dichiarato [in inglese] che i dati, alla pari del petrolio, sono diventati la risorsa più preziosa del mondo e, da allora, questo stesso ritornello è stato ripetuto più volte. Le aziende di tutti i settori hanno investito e continuano a investire pesantemente in dati e analisi. Ma, come il petrolio, […]
Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says
UnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection. The post Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says appeared first on SecurityWeek.
Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm
Everyone — not just politicians and celebrities — should be concerned about this increasingly powerful deep-fake technology, experts say. The post Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm appeared first on SecurityWeek.
Google spurs US to ease immigration rules for tech talent
In a plea for hiring relief, Google has sent the US Department of Labor an urgent appeal to amend US immigration laws to ease the hiring of foreign IT workers. On May 1, the tech titan submitted a lengthy response to the department’s request for information on modernizing Schedule A, a little-known immigration rule that […]
消費者ローン企業Rocket Mortgage、生成AI成功の基礎を築く
住宅ローン業界で成功するためには、効率性と正確性が最も重要だ。また、選択肢を広げておくことも重要だ。それが、Rocket Mortgageが機械学習やAI技術を積極的に導入してきた理由であり、ブライアン・ウッドリングCIOが「人間がループに入る」AI戦略を強調する理由である。 デトロイトに本社を置く消費者ローン企業は、10年以上にわたって機械学習とAIを導入しており、生成AI機能を市場にリリースしている数少ないパイオニアのひとつである。 ウッドリング氏は、「我々は現在、約1年前から複数の生成AIのケースを製品化しています」と述べ、例えば、同社が開発中の1つの生成AIチャットボットは、話すだけでなく、聞いて理解するように設計されていると指摘する。 Rocketが開発した別の生成AIアシスタントは、応募者の雇用主名を分析し、さまざまな名前で入力される可能性のある雇用主が同じものであると理解されるようにし、意思決定プロセスを大幅にスピードアップする。例えば、ほとんどの人はグーグルとアルファベットが同じ雇用主であることを知っている。このような人間の知識を使って生成AIアシスタントを訓練し、雇用主の身元を確認することは、親会社名のデータベースを構築して子会社やより一般的な会社の身元と照合するよりもはるかに効率的だとウッドリング氏は言う。 生成AIをいち早く実用化したRocket Mortgageは、投資家や規制当局に安全かつ責任ある方法で技術を導入していることを納得させるため、適切なガードレールとガイドラインを整備した上でそれを行った、とウッドリング氏は補足する。同社は現在、いくつかのビジネスプロセスを自家製のコードとAIで完全に自動化している。しかし、住宅ローンを組むかどうかといった決定を伴う生成AIのアプリケーションでは、常に「ループの中に人間がいる」とウッドリングは言う。 「生成AIを搭載したコパイロットやシステム(私たちが構築している多くのもの)では、インターネットに何年も投稿されたものをすべて知っている生成AIモデルと人間の判断が組み合わさることで、判断の精度が10%から15%向上することが分かっています。」 生成AIのプロセスの意思決定と結果を承認するために人間の意見を取り入れることが、初期の生成AIの成功に不可欠な原動力であることが証明されつつある、というのがアナリストの意見だ。 IDCのワールドワイドAI・オートメーションマーケットリサーチ・アドバイザリーサービス担当グループバイスプレジデントであるリトゥ・ジョティ氏は、「生成AIは、さまざまなデータポイントを結びつけ、数秒で洞察をまとめ、合成する能力を持つバーチャルナレッジワーカーになりつつあり、より付加価値の高いタスクに集中できるようになっている」と語る。 AIはローンの引き受けのようなプロセスを変革しつつあるが、真に効果的で実行可能なテクノロジーとなるためには、100%の精度が要求されるため、人間によるイン・ザ・ループが不可欠である。 モデルにとらわれないAIを目指す 1,000人以上のエンジニアと600人以上のデータサイエンティストが協力し合い、Rocketのコードのほとんどを社内で構築している。 ウッドリングがプロダクト・エンジニアリング・チームを率いるCTOとして2017年に入社したとき、彼の最優先事項の1つは、Rocketのクラウド導入を加速させることだった。 「入社後、6ヶ月目に最初にやったことのひとつは、今後、新しいテクノロジーはすべてクラウドで構築すると宣言したことです」と彼は言う。 現在、Rocketのワークロードの60%から70%はクラウド上で稼働しており、そのうち95%以上はAWSで稼働している。残りはオンプレミスだ。 ウッドリングによると、同社初の機械学習モデルは10年以上前に開発され、マーケティング、リード生成パターン認識、ローン組成プロセスなどのタスクを自動化した。 しかし、ここ5、6年で、RocketにおけるAIの利用は「一気に加速した」とウッドリングは言う。例えば、ローン申込者の収入確認のおよそ3分の2は、現在100%機械学習モデルとAI技術によって行われていると彼は言う。 「私たちのビジネスのほぼすべての側面が、今やMLやAI、タスクの自動化、パターン認識、データ分析によって触れられています」とウッドリング氏は言い、意思決定が必要な場合は常に、人間がクロージング・プロセスの一部であることを繰り返した。 Rocketのエンジニアとデータサイエンティストは、AWS BedrockとAnthropic AIテクノロジーを使って生成AIモデルを開発している。主にAWSのショップであるにもかかわらず、Rocketは生成AIプラットフォームに対してモデルにとらわれないアプローチをとっている。PayPalとMicrosoftで経験を積んだ経験豊富な技術幹部であるRocket CompaniesのCEO、Varun Krishnaは、AWS、Anthropic、OpenAI、Google、Mistralを含むすべてのAI基盤モデルプロバイダと直接関係を築いているとウッドリング氏は言う。 ウッドリング氏は、この複雑なAI競争において、明確な「勝者」は存在しないだろうと付け加えた。「むしろ、さまざまな使用ケースに合わせて調整された、さまざまなAIモデルが登場する可能性が高い。私たちは、適切なタイミングで適切なモデルを投入できるようにしたい。これは強力な戦略だ」 ウッドリング氏は、AWS Bedrockの最も価値ある側面の1つは、Rocketにとって標準的なデータ・プラットフォームを確立することであり、これにより住宅ローン貸金業者はデータを「非常に迅速に」適切なAIモデルに提供できるようになると言う。他のケースでは、Rocketは様々なAIモデルをテストし「様々なタスクにおける有効性を確認する」とウッドリング氏は言う。「それは本当に価値がある」 CIOは、AWSも同じような考え方で、「1つの勝者にコミットしない」と主張している。「それは、適切な仕事に適切なAIモデルを選択するという我々の戦略と共鳴している。 データ運用の近代化 ウッドリングのようなCIOは、AIモデルの品質が関係するデータの品質に大きく依存すること、そしてそのデータがデータベース、データウェアハウス、クラウドデータレイクなどから大規模な言語モデルにどのように注入されるかをよく知っている。 そのため、RocketのAI推進にとって最も重要なのは、10年以上にわたってオンプレムのデータウェアハウスに保存されている1万テラバイトのデータと、AWSのクラウドレイクに保存されている半構造化データを統合した最新のデータプラットフォームを構築することだ。多くの企業と同じように、Rocketもまだ使用している古いテクノロジーのために、自社のデータセンターの一部を運用し続けている。 Rocketは、データレイク戦略をAWSデータプラットフォームへと進化させている。このプラットフォームは、構造化データ、半構造化データ、新しい非構造化データに対応し、セマンティクスと分類法を備え、人間やソフトウェアが消費するために「大幅に発見しやすく、使いやすく」するためのAPIを提供する。 これにより、データはAIモデルが取り込むのに最適なリポジトリに押し上げられる。Rocketのデータ全体をきれいにしようとするのは不必要で面倒なことであり、次世代アプリケーションの展開プロセスを遅らせることになると彼は言う。 「われわれはデータ駆動型ビジネスであり、われわれのビジネスである住宅ローン組成はまさにデータ処理ビジネスだ」とウッドリングは言う。 同社のアクティブ・生成AIエンジンと次世代データ・プラットフォームは、あらゆる形態のデータを迅速に提供し、特定のタスクのためにキュレートされ、ポートフォリオを進化させるために適切なフォーマットで提供するよう設計されている、とCIOは言う。 必要なのはチームと時間だけだ、と彼は付け加える。「私たちは、ここで素早く行動し、アイデアをいち早く市場に投入できることを高く評価している」 Financial Services Industry
Oasis Security Raises $35 Million to Tackle Non-Human Identity Management
New York startup Oasis Security banks $35 million in a Series A extension round led by Accel, Cyberstarts, and Sequoia Capital. The post Oasis Security Raises $35 Million to Tackle Non-Human Identity Management appeared first on SecurityWeek.
Traceable AI Raises $30 Million to Safeguard Cloud APIs
Traceable AI has raised $110 million since launching in 2018 with ambitious plans in the competitive API security and observability space. The post Traceable AI Raises $30 Million to Safeguard Cloud APIs appeared first on SecurityWeek.
Reduce your network complexity with AI
As networks continue to grow in complexity and become more prone to damaging attacks, overstretched IT teams need more time, effort, and expertise than ever before to keep them up-and-running and meet user needs. It is becoming increasingly challenging to prevent service degradation, remediate attacks, and deliver consistent, high-quality digital experiences to a hybrid workforce. […]
Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push
Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program. The post Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push appeared first on SecurityWeek.
Adobe Adds Content Credentials and Firefly to Bug Bounty Program
Adobe is providing incentives for bug bounty hackers to report security flaws in its implementation of Content Credentials and Adobe Firefly. The post Adobe Adds Content Credentials and Firefly to Bug Bounty Program appeared first on SecurityWeek.
Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data
Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic. The post Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data appeared first on SecurityWeek.
Internet startup launches while embracing adoption
When Brightspeed launched in 2022, the fiber broadband internet service had ambitious goals, acquiring a service territory encompassing more than 6.5 million locations in mainly rural and suburban communities in 20 U.S. states. As the Charlotte, North Carolina-based company planned its fiber build plan across its footprint, the company’s IT specialists realized that, with artificial intelligence (AI) […]
Internet startup explodes while embracing adoption
When Brightspeed launched in 2022, the fiber broadband internet service had ambitious goals, acquiring a service territory encompassing more than 6.5 million locations in mainly rural and suburban communities in 20 U.S. states. As the Charlotte, North Carolina-based company planned its fiber build plan across its footprint, the company’s IT specialists realized that, with artificial intelligence (AI) […]
Machine Identity Firm Venafi Readies for the 90-day Certificate Lifecycle
Venafi introduced a 90-Day TLS Readiness solution to help enterprises prepare for Google’s proposed 90-day limit for the lifecycle of a digital certificate. The post Machine Identity Firm Venafi Readies for the 90-day Certificate Lifecycle appeared first on SecurityWeek.
DeepKeep Launches AI-Native Security Platform With $10 Million in Seed Funding
AI-Native Trust, Risk, and Security Management (TRiSM) startup DeepKeep raises $10 million in seed funding. The post DeepKeep Launches AI-Native Security Platform With $10 Million in Seed Funding appeared first on SecurityWeek.
5 things CIOs must understand about AI infrastructure
Generative AI has captured everyone’s attention — and for good reason. But getting from potential to profitability does not come without risks, such as assuming that your established processes for deploying mainstream enterprise IT infrastructure will work in the new era of complex AI superclusters. A solid technology infrastructure has always been essential. Still, CIOs […]
CISO Conversations: Talking Cybersecurity With LinkedIn’s Geoff Belknap and Meta’s Guy Rosen
SecurityWeek interviews Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta. The post CISO Conversations: Talking Cybersecurity With LinkedIn’s Geoff Belknap and Meta’s Guy Rosen appeared first on SecurityWeek.
Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server
The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal. The post Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server appeared first on SecurityWeek.
Ingesan embraces a new way to approach HRM with AI
Ingesan, a subsidiary of the OHLA Infrastructure Group, the Madrid-based construction and concession management multinational, has launched the Empath-IA project, a joint initiative between HR management and the digital transformation division that aims to address the increasingly competitive demands and complexities in HRM. And at its center is Nuria Fuentes, Ingesan’s CIO and leader of systems and […]
Expectations vs. reality: A real-world check on generative AI
Is generative AI so important that you need to buy customized keyboards or hire a new chief AI officer, or is all the inflated excitement and investment not yet generating much in the way of returns for organizations? Gen AI takes us from single-use models of machine learning (ML) to AI tools that promise to […]
UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike
UnitedHealth Group’s CEO Andrew Witty shares details on the damaging cyberattack in testimony before a US Congress committee set for May 1, 2024. The post UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike appeared first on SecurityWeek.
エリクソンがクラウドへの移行を強く推進した理由
ハルティン氏(上写真)が4年前にエリクソンのCIOに就任した際、同社は多数の業務委託契約の見直しに乗り出しました。同時に、クラウドサービスVPのヨハン・スポー・レネバーグ氏が率いるクラウドチームは、モダナイゼーションと今後の明確なクラウド戦略を強調しました。 「私たちは新たにパートナーの選定とクラウド移行を組み合わせることに決め、最新のコラボレーション構造をどのようにすべきかに多大な努力を払いました。システムの統合とインフラストラクチャを担当するクラウドパートナーが必要であり、当社の役割はエコシステムをまとめることだと理解していました」と氏は語っています。 どのようなモデルになるか、また各パートナーにどのような要件を課すかを見つけ出すためには長期に及ぶ徹底した調達プロセスが求められ、すべての主要なシステムインテグレーターの参加が必要でした。 「こうしてインスピレーションを得て、最終モデルを具体化することができました。共同作業によって達成できたのです」と氏は述べました。 10社以上のパートナー企業が候補に挙がりましたが、最終的にはグローバル共有サービス企業であるHCLが主要パートナーに選ばれました。協力体制を固めて大規模なクラウド移行を開始する段階になって、新型コロナウィルスによるパンデミックが発生し、緊急性が一気に高まりました。 「『どのように移行するか』から『いかに迅速に移行できるか』を考えなければならなくなったのです」とスポー氏は語っています。 クラウドへの移行の背景には、新しいテクノロジーをより迅速に特定し、使用したいという要求の高まりに基づいた戦略が大きく関与していました。IT部門が長い間やってきたように、6か月や12か月のリードタイムで実行するのは到底持続できるものではありませんでした。新しいテクノロジーにアクセスし、収益を生み出し、インフラを導入するにはスピードが最優先となってきていたのです。 事前作業の必要性 調達プロセス全体と並行して、リスクを中心としたクラウドの下地、および堅実な情報管理と規制コンプライアンスの下地を作る作業が行われました。 「情報の管理と分類をかなり深くまで行わなければなりません」とハルティン氏は述べています。 プロセス全体においてはまた、レビューチームが商業的および法律的要素を継続的にモニタリングし、その結果新たな運用モデルが必要となりました。 「当社はアジャイル作業手法とアジャイルプロダクションを採用しましたから、サービスプロバイダーとの作業を開始した際にはすでに導入されていたのです。基礎を築いたカルチャージャーニーの一環でした。それができていないと、企業は業務の新たな進め方やポリシー、プロセスを受け入れる準備ができていないのです」と氏は述べています。 野心的な目標 中核となるアプリケーションの80%をクラウドに移行するという目標も設定されました。 「全員が正しい考え方を持ち、既存のプロセスやカルチャーに異議を唱えて変えていくためにこの目標を設定しました」と氏は語っています。 目標は高く掲げましたが、達成可能な範囲とされました。 「当社は可能性がどのようなものか、かなりしっかり把握していたのです。10社のサプライヤーを試し、どの程度移行できるかの想定を検証しました。クラウドに移行するための技術面での実現可能性、および企業がどの程度移行して管理できるかをテストしたのです。その結果、80%は現実的な数字であると判断しました」 期待以上の成果 当初の移行から2年後、現在は全アプリケーションの90%以上がパブリッククラウドに移行されています。全アプリケーションの30%は新規のもので、およそ20%が廃止となりました。 「オンプレミスに残っている10%は、法的要件または技術的負債によるものです」 エリクソンのIT部門は、マイクロソフト、AWS、Googleの三大クラウドプロバイダーすべてを使っておよそ半分を使用し、残りの半分は事業外で消費しています。重要な問題はキャパシティやツールに容易にアクセスできる際のコスト管理です。財務プロセスは採用が最も困難なものの1つで、カルチャーを大きく変える必要がありました。 「コスト管理は、以前はインフラチームの担当でしたが、現在は運用チームの担当となり、かなり多くの管理が必要です。予算制限などの対策もまた使用することができます」とハルティン氏は述べています。 業務システムの移行 移行の大部分は業務システムをSAPからクラウドへと移行することでした。これにはおよそ6か月を要しました。 「当社のSAP環境は世界でも最も規模が大きく、複雑なものでした。非常に大規模な移行だったのです」とスポー氏は語っています。 成功に向けて、すべてのパートナーと密に連携し、プラニングが行われました。 「専門家と前向きに協力することが成功の要因でした。私たちは、SAPはAWSクラウドで問題なく作動することを知っていたのです」とハルティン氏は述べています。 300人以上がシフト制で働き、コアシステムの移行は1回の週末で完了しました。綿密なプラニングが功を奏したのです。 「翌週の火曜日に財務担当者から『今週末に移行する時は1時間おきに電話をしてくれ。問題があったらすぐ知りたいから』と言われた時には、移行はすでに完了したことを説明しなければなりませんでした」とスポー氏は語っています。 スピードの重要性 ハルティン氏は、エリクソンが行ったような迅速な移行は成功の手本だと信じています。 「他のインフラ戦略は全く意に介しませんでした。考えているよりもはるかに迅速に移行を完了できるのです。私たちはかなりきついスケジュールを立て、やや強制的に作業を進めました。しかし、クラウド移行を50%以上完了すれば、IT組織全体が変わります。ダラダラ延ばせば延ばすほど、より困難なプロセスになるでしょう」と氏は語っています。 またコストだけに目を向けるのは十分ではないと述べています。 「プロジェクト開始時はコスト削減も念頭にありましたが、より全体を見るようにしたのです」と述べ、それを考えるとクラウドのビジネスはいま、ITとビジネスが新しい形で同期し、よりまとまりができたと付け加えています。 特にコスト節減につながるのは、インフラとツールへのアクセスを得ることです。 「AIのような新規テクノロジーが進出した時に、すぐ利用できます。自分たちで数百万ドルを投資するよりも、クラウドプロバイダーによる何十億という投資を活用することができるのです。どちらが楽かを理解するのは難しくありません」とハルティン氏は語っています。 Cloud Computing, Enterprise Applications, IT Strategy
The impact of AI on edge computing
Enterprises are moving computing resources closer to where data is created, making edge locations ideal for not only collecting and aggregating local data but also for consuming it as input for generative processes. AI, including Generative AI (GenAI), has emerged as a transformative technology, revolutionizing how machines learn, create, and adapt. IDC forecast shows that enterprise […]
6 steps the manufacturer of Arm & Hammer and OxiClean took to harden OT cybersecurity
The threat of cyberattack has never been higher, and nearly nine in 10 (88%) of security leaders believe their organization is not meeting the challenge of addressing security risks, according to the Foundry Security Priorities Study 2023. Manufacturing, in particular, is facing significant threats, with ransomware accounting for almost one-quarter of attacks (24%), according to Verizon’s 2023 […]
Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms
In February 2023, French police arrested well-known Finnish hacker Aleksanteri Kivimäki, who was living under a false identity near Paris. He was deported to Finland. His trial ended last month. The post Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms appeared first on SecurityWeek.
Docker Hub Users Targeted With Imageless, Malicious Repositories
JFrog raises an alarm after finding three large-scale malware campaigns targeting Docker Hub with imageless repositories. The post Docker Hub Users Targeted With Imageless, Malicious Repositories appeared first on SecurityWeek.
Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover
Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host. The post Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover appeared first on SecurityWeek.
Apptega Raises $15 Million for Cybersecurity Compliance Platform
Mainsail Partners leads a $15 million financing round for end-to-end cybersecurity compliance platform company Apptega. The post Apptega Raises $15 Million for Cybersecurity Compliance Platform appeared first on SecurityWeek.
Island Secures $175M Investment as Enterprise Browser Startups Defy Tech Giants
Despite competitive pressures from industry behemoths like Microsoft and Google, investors are still betting big on startups in the specialized enterprise browser space. The post Island Secures $175M Investment as Enterprise Browser Startups Defy Tech Giants appeared first on SecurityWeek.
Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report
While China-linked Muddling Meerkat’s operations look like DNS DDoS attacks, it seems unlikely that denial of service is their goal, at least in the near term. The post Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report appeared first on SecurityWeek.
Tableau further democratizes analytics with AI-fueled features
At Tableau Conference 2024 in San Diego today, Tableau announced new AI features for Tableau Pulse and Einstein Copilot for Tableau, along with several platform improvements aimed at democratizing data insights. Tableau pitched its unveiling of Tableau Pulse last year as the harbinger of a new era of proactive analytics. Officially released earlier this year, […]
FCC Fines Wireless Carriers for Sharing User Locations Without Consent
The Federal Communications Commission leveraged nearly $200 million in fines against wireless carriers AT&T, Sprint, T-Mobile and Verizon for illegally sharing customers’ location data. The post FCC Fines Wireless Carriers for Sharing User Locations Without Consent appeared first on SecurityWeek.
SafeBase Scores $33M Series B Investment
SafeBase has raised north of $50 million since launching in 2020 with plans to simplify vendor risk assessment disclosures. The post SafeBase Scores $33M Series B Investment appeared first on SecurityWeek.
AI is set to transform hiring requirements: Report
The adoption of AI is creating a tectonic shift in the skills requirement and thereby the hiring needs for companies, according to a report by EY. According to a poll conducted by EY in March with over 250 industry leaders, half of the participants expect a trend of simultaneous layoffs and hiring as companies grapple […]
Vulnerability in R Programming Language Enables Supply Chain Attacks
A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack. The post Vulnerability in R Programming Language Enables Supply Chain Attacks appeared first on SecurityWeek.
Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues
Microsoft provides an easy and logical first step into GenAI for many organizations, but beware of the pitfalls. The post Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues appeared first on SecurityWeek.
CIOs in transition: 5 tips for landing your next IT leadership job
At some point in your career, you’re likely to find yourself in transition, having left an IT leadership job without a new one lined up. While you may have planned or negotiated an exit, very often such departures are beyond your direct control, due to a leadership change, acquisition, or another strategic event. Ask your […]
What IT leaders need to know about the EU AI Act
The European Parliament voted in mid-March to approve the EU AI Act, the world’s first major piece of legislation that would regulate the use and deployment of artificial intelligence applications. The vote isn’t the final passage, but it indicates that many CIOs at organizations using AI tools will have new regulations to comply with, as […]
How AI is reshaping Saudi Aramco’s oil exploration and underwater operations strategy
Saudi Aramco is spearheading the innovations by embracing cutting-edge technologies like artificial intelligence, both within its core operations and beyond, which places the company ahead of the curve. The Saudi state-owned oil company has significantly invested in research and development compared to its industry peers, allocating approximately 3.5 USD billion in 2023, representing a 15% […]
Talenti IT: ecco come i CIO curano l’engagement e la retention
Carenza di competenze IT: anche nel 2024, i talenti della tecnologia, soprattutto con skill avanzate e specialistiche, restano difficili da trovare. Fa fatica il 54,6% delle società IT in Italia, contro la media globale del 47,3%, mentre i nostri pari europei vivono situazioni simili (in Spagna è difficile per il 52,9% delle aziende IT, in […]
Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas
CEOs of major tech companies are joining a new artificial intelligence safety board to advise the federal government on how to protect the nation’s critical services from “AI-related disruptions.” The post Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas appeared first on SecurityWeek.
The AI cat and mouse game has begun
If you are a CIO or CISO and haven’t yet read this article – Finance worker pays out $25 million after video call with deepfake ‘chief financial officer,’ you should and then share it with your entire company. It could save your company millions, and potentially much more. The incident involved scammers who, using publicly […]
Capitalizing on technology budgets: A CIO’s story
In today’s competitive business setting, enterprises are constantly under pressure to maintain profitability amid challenging economic conditions. While traditional approaches to bridging the profitability gap, like layoffs and budget cuts, can harm company culture, an innovative and practical alternative is capitalizing on technology budgets. By leveraging data-driven methods, businesses can optimize and reclaim operating capital […]
Microsoft can’t keep up with demand for AI in the cloud — for now
When Microsoft posted its quarterly earnings last week, its CFO Amy Hood said that customers wanted more cloud compute for their AI workloads than the company could supply. “Near-term AI demand is a bit higher than our available capacity,” Hood said Thursday, during a conference call to discuss the company’s quarterly results for the quarter […]
建設DXで業態転換を目指す創業425年の老舗建設会社
会社の生き残りをかけ建設DX推進事業に進出 社会インフラの整備や雇用の受け皿としてこれまで社会に大きく貢献してきた建設業界。しかし慢性的な人手不足と就業人口の高齢化が進み、低い生産性、過酷な労働環境だといわれ続けてきた。 しかも2024 年 4 月からは時間外労働の上限規制が適用されることになり、①働き方改⾰②担い手確保③生産性向上 ④産業構造の変⾰――は建設業界にとっての喫緊の課題となっている。 そのような中で動き出したのが創業425年の中堅建材商社、野原グループだ。 同社は1598年(慶長3年)、長野県飯田で綿問屋として創業、1947年には株式会社に転換し、内装建材を取り扱う商社として事業を拡大してきたが、中間流通を担う建材商社の利益率は低く、同じことの繰り返しでは飛躍的な事業成長は見込めないと判断、ICTを活用した大幅な業態転換を進め、建設DX推進事業へと強力に舵を切っている。 野原グループはどのようにして業態転換を図っているのか。 野原グループが建設DXの推進に舵を切るきっかけとなったのは現社長の野原弘輔氏だ。 野原氏は慶応義塾大学経済学部を卒業後、シカゴ大学の経営大学院を修了、シティバンク、エヌ・エイや日興シティグループ証券を経て、2006年、野原グループに入社した。このとき野原グループの収益性の低さに驚かされたという。 「70年代、80年代には電話で『この材料の使い方がわからない』『図面にこういう情報がはいっているんだけど、わからない』という問い合わせがうちによく来ていたんです。しかしインターネットが普及した今、当社にいちいち聞かなくてもすぐに調べることができる。存在意義が薄れてしまっている」(野原氏) さらにリーマンショックで大打撃を受け野原氏は「いずれ専門商社はなくなってしまうかもしれない」という懸念をもったが、これを社員や役員たちに理解してもらうのは簡単なことではなかった。 「新しい取り組みに社員はなかなか理解してくれなかったし、トライしてもうまくいかず、すぐにあきらめムードになってしまった。役員たちは『このままではダメになってしまう』という危機感は持ち合わせていましたが、『総論賛成、各論反対』。変化の方向性やスピードについていけず、掛け声だけで新しい施策には結びつきませんでした」(野原氏) 思案を繰り返す野原氏は海外の建設業界では建設プロセスにICTを活用し、高収益を上げていることを知る。 そして2015年上期にはICTを活用することで事業強化できると考え、発注者と設計者のやり取りのデジタル化を手掛けるシンガポールのスタートアップ企業と資本提携し、人材を派遣。2015年9月には日本でECの事業で建材の通販「アウンワークス」を開始した。 そのような中で野原氏が注目したのがBIM( Building Information Modelling)関連事業だった。 大手ゼネコンがBIMに注目する理由と大きな落とし穴 ここでまずBIMとはどのようなものであるのか、理解する必要があるだろう。 BIMはコンピュータ上で作成した3次元の形状情報に加え、部屋の名称、材料、部材の仕様・性能、仕上げ等、建築物の属性情報を併せ持つ建物情報モデルを構築することだ。 BIMソフトはポーランドのグラフィソフトの「Archicad」や米国のオートデスクの「Revit」、福井コンピュータアーキテクトの「GLOOBE」、Vectorworksなどがよく知られている。 大手ゼネコンや設計事務所などでもBIMソフトを使った建設プロセスの見直しを始めている。なぜ大手ゼネコンや設計事務所はBIMに注目しているのか。 建設産業の構造は工事を発注する施主がおり、それを引き受けるディベロッパー、その下に工事受注者としてゼネコンや設計事務所がいて、さらに協力会社など専門受注者が27種類いる。 その工程を見ても、設計(外注会社担当)、積算・見積、仕入れ・販売、配送、施工とあまりにも携わる人が多く、サプライチェーンも複雑なので、全体の工事を監督する立場にはいるゼネコンはなかなか全体を見ることはできない。 野原グループ 「ゼネコンは全体の工事を監督する立場にいるのですが、詳細までは見えない。石膏ボードを何枚使っただとか、それがいくらなのか、といったことが今の建設産業の構造ではわからないのです」(野原氏) そのため協力会社各社がそれぞれ自分たちが請け負った工事が最適であればいいという形で工事が行われてきたため、工期が遅れたり、後工程にしわ寄せがきたりするといった問題を抱えていた。 BIMを使えば、3次元モデルで実際にどのような建物ができるのか、その内装がどうなっているのか、一目見てわかる。さらにどのような資材を使うのか、コストはどのくらいかかるのかも紐づけできるので、工期や建設費用なども予測することできる。空調設備、照明の個数、品番、消費電力などの情報を組み込めるので、解析ソフトを使えば環境シミュレーションも可能だ。 BIMプラットフォームを作った狙い しかしBIMにも落とし穴がある。BIMは設計から施工、維持、修繕、解体に至るまであらゆる分野で活用できるが、建設サプライチェーンの中のすべての企業がBIMソフトを導入していなければBIMを活用したコミュニケーションが取れなくなり、効率が悪化する。 しかもBIMソフトはかなり高額で、活用の仕方を習得するにも時間がかかる。「ひとり親方」や小規模事業会社が、購入・活用することは現実的には難しい。 そこでBIMソフトを持っているゼネコンや設計事務所だけでなく、建設サプライチェーン全体でBIMを活用できる仕組みを考え出したのが野原グループだ。 「わたしたちがやっているのはBIMのサブシステムのようなものです。BIMのソフトは世界で大きな会社は『Archicad』のグラフィソフトと『Revit』のオートデスクの2つで、大きなシェアを握っています。ただソフトは非常に重く、値段も高いので大手のゼネコンや設計事務所などは活用できますが、中小零細企業ではなかなか活用できない。しかし建設のプロジェクトというのはゼネコンや設計事務所だけでなりたっているわけではないのです。中小零細企業や職人がいます。そうした人までも巻き込んだ仕組みを作っていきたいと思ったのです」(野原氏) ビルドアップは「Revit」で構築されたクラウド上のBIMモデルを、BIMソフトを持っていない建設サプライチェーンの中の中小零細企業や職人でもスマホやタブレッドで見ることができ、情報をやり取りすることができる仕組みとなっている。施工現場でさまざまな変更などが起こっても、迅速に対応することができる。 動き出した野原グループの新規事業 野原グループがBIM関連事業に乗り出したのは2017年12月。スウェーデンのBIMオブジェクトABと提携。合弁企業BIMオブジェクト・ジャパン(BOJ)を立ち上げた。 BIMオブジェクトABは建材や設備を3次元画像などで設計できるBIMオブジェクトのライブラリー(材料のデータを集めたオンラインサービス)としては世界最大の企業。欧米を中心とした2300以上のブランドのドアや便器、壁材照明などが22の大きな分類で整理され、サイトの利用は無料。収益は掲載されているメーカーなどの広告費などでまかなわれている。 日本でこうしたサービスを提供するのは初めての試みだった。野原グループはBOJ設立を通して海外の最新事情や環境負荷への考え方など日本では得られなかった情報などを学んでいった。 「BIMの事業を進めていくための入り口だと考えていました。どのようにビジネスが作られ、どのように使われているのか、ということを学ぶにはいい機会でした。ただ我々は建材の流通に携わる企業ですから、そうした事業とどう紐づけるのかということが課題でした」(野原氏) 野原氏は2018年7月、社長に就任するとBIMを中心とした建設DX推進事業を本格的に進めていくことになった。 「それまで必要だと思っていた、仕事の見える化や標準化、システム化を進めるとともに、社内の人事制度を変えたり、経営体制を専門性と経験のある経営陣に一新したりしました」(野原氏) 当初はIT技術に詳しい社員もほとんどいなかった。そこでITに詳しい人材を社外からリクールトした。 その口火を切ったのが、ファクトリーオートメーション(工場の自動化)向け部品大手のミスミ出身で、現CDOの山﨑芳治氏の採用だった。2018年のことだ。 「私どもとしては構想はありましたがどこから手をつけていいのかわからなかった。社内には、情報システム部はあるものの、DXの専門家がいない中で、私たちがやりたいと思っていたサプライチェーンのデジタル化の経験のある山﨑さんには入ってもらいました」(野原氏) 山﨑氏もまたIT部隊を構築するのに苦労したという。 「従来から社内にはBIMの事業でシステム開発を担えるIT人材がほぼいなかったため一からの採用活動になりましたが、『建設業界』や『建材商社』には目を向けてくれない。そのために広報活動にも力を入れましたが、それでも厳しかった」(山﨑氏) そうした壁を乗り越え、社員やフリーランス15人と外部のITベンダーを集め、2020年8月に独自でビルドアップ事業を始めることを社内で明らかにし、2021年12月には正式に発表する。 こうした取り組みは世界でもはじめての取り組みだ。 実証実験では50%のコストダウンを実現 実証試験は2021年1月からスタートし、2022年12月時点で、東亜建設工業、東急建設など複数のゼネコンが参加し、結果を発表している。 東亜建設工業はスチールドアなどの生産サプライチェーンでBIMを活用し、「見積・作図承認・スチールドア生産」の各工程で最大50%を削減。研究施設の内装工事でもBIMを活用し専門工場でカットした木材を現場に持ち込み組み立てるプレカット工法を導入し、現場施工時間を最大で20%を削減した。 […]
Data protection activists accuse ChatGPT of GDPR breach
European privacy rights group noyb filed a complaint against OpenAI with the Austrian Data Protection Authority on Monday, accusing the company of breaching the European Union’s General Data Protection Regulation (GDPR). The EU’s strict privacy rules require that companies allow individuals access to personal information held about them, as well as ensuring that such data […]
CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure
New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy. The post CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure appeared first on SecurityWeek.
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat
History of TikTok and how it many view it as a national security threat. The post How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat appeared first on SecurityWeek.
The Java migration imperative: Why your business should upgrade now
Applications are the backbone of modern business. And when it comes to building enterprise applications, Java has made a name for itself as the Swiss Army Knife of programming languages. Its “write once, run anywhere” philosophy has driven widespread adoption and established the platform as the backbone of enterprise applications. In fact, 50% of today’s […]
Get Ready for FutureIT Boston With This AI Infographic
IT decision-makers know that generative AI is the most disruptive technology in decades and are budgeting accordingly. IDC has forecast that spending on AI solutions will grow 27% per year to $423 billion by 2027. Check out the infographic below for AI adoption predictions, including tips for staying prepared. foundry IDC’s Maureen Fleming will discuss […]
Google Says it Blocked 2.28 Million Apps from Google Play Store
In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts. The post Google Says it Blocked 2.28 Million Apps from Google Play Store appeared first on SecurityWeek.
Should Cybersecurity Leadership Finally be Professionalized?
The majority opinion is that a cybersecurity professional body is long overdue and would benefit cybersecurity and cybersecurity practitioners. The post Should Cybersecurity Leadership Finally be Professionalized? appeared first on SecurityWeek.
Kaiser Permanente Discloses Data Breach Impacting 13.4 Million Patients
US healthcare giant is warning millions of current and former patients that their personal information was exposed to third-party advertisers. The post Kaiser Permanente Discloses Data Breach Impacting 13.4 Million Patients appeared first on SecurityWeek.
Beyond the Buzz: Rethinking Alcohol as a Cybersecurity Bonding Ritual
Jennifer Leggio makes the case for more alcohol-free networking events at conferences, and community-building opportunities for sober individuals working in cybersecurity. The post Beyond the Buzz: Rethinking Alcohol as a Cybersecurity Bonding Ritual appeared first on SecurityWeek.
Atos may sell national security activities to French government
Atos may have found a way to alleviate its ongoing debt problems: The French government has offered to pay up to €1 billion ($1.07 billion) for the part of its business handling contracts vital to national security, but stops short of full nationalization of the company. French Minister of Finance Bruno Le Maire said that […]
Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated
An analysis conducted by Honeywell shows that much of the USB-borne malware targeting industrial organizations can still cause OT disruption. The post Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated appeared first on SecurityWeek.
Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies
Okta warned of a spike in credential stuffing attacks using anonymizing services such as Tor, DataImpulse, Luminati, and NSocks. The post Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies appeared first on SecurityWeek.
Top 10 barriers to strategic IT success
To Carm Taglienti, the explosion of all things AI over the past few years has been both a pro and a con to IT teams. On the one hand, artificial intelligence has helped both technology departments and the business units to work better, faster, and cheaper. But on the other hand, AI and generative AI […]
Dump the RFP to reap better outsourcing results
Every day, hundreds of organizations conduct competitive bids to pick the best supplier to meet their needs. But what happens when they rely on the wrong tools to do so? A common pitfall is what University of Tennessee researchers have coined the Outsourcing Paradox — which is when a buying organization procures goods or services […]
The new CIO mandate: Selling AI to employees
As organizations roll out AI applications and AI-enabled smartphones and devices, IT leaders may need to sell the benefits to employees or risk those investments falling short of business expectations. That’s because employees have decidedly mixed feelings about AI coming to their workplaces, according to the recent survey by IT solutions integrator Insight, even as […]
Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People
Financial Business and Consumer Solutions (FBCS) says compromised information may include names, dates of birth, Social Security numbers, and account information. The post Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People appeared first on SecurityWeek.
CIO100 Awards ASEAN
Overview The CIO100 Awards ASEAN stands as the apex of recognition for exceptional achievements in technology leadership. These prestigious awards acknowledge and celebrate the accomplishments of the top 100 senior technology, and digital executives who are at the forefront of innovation, driving transformative change, and nurturing strong organisational cultures throughout Southeast Asia and Hong Kong. […]
Creating new opportunities with AI-driven automation
Artificial intelligence (AI) has been helping organisations find new opportunities and quickly launch new services for some years now, by automating processes and freeing up people’s time. Now generative AI is expanding the possibilities further still, by enabling organisations to automate tasks such as content generation or the summarisation of large volumes of data. When […]
2024 CIO100 ASEAN Awards: Nominations are now open
CIO ASEAN is proud to launch the CIO100 ASEAN Awards for 2024, recognising the top 100 senior technology executives and teams in Southeast Asia and Hong Kong driving innovation and influencing rapid change. The CIO100 ASEAN Awards are aligned with Foundry’s global awards program and viewed as a mark of excellence within the enterprise. Whether […]
Leading infrastructure to accelerate electric power intelligence
Carbon neutrality and carbon peak strategies are driving the adoption of new energy worldwide. However, new energy is restricted by weather and climate, which means extreme weather conditions and unpredictable external environments bring an element of uncertainty to new energy sources. The main challenge for future power systems lies in transitioning from load-based power generation […]
Hackers Claim to Have Infiltrated Belarus’ Main Security Service
A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees. The post Hackers Claim to Have Infiltrated Belarus’ Main Security Service appeared first on SecurityWeek.
TransUnion transforms its business with IT
Count TransUnion among the rising tide of enterprises evolving their identities thanks to IT. “We are thinking like a software company and transforming ourselves like a software company,” says Venkat Achanta, chief technology, data, and analytics officer of the $4 billion credit bureau, which is recasting itself into a customer data services provider intent on […]
Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published. The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek.
Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses
More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives. The post Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses appeared first on SecurityWeek.
Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices
A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices. The post Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices appeared first on SecurityWeek.
In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO
Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO. The post In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO appeared first on SecurityWeek.
Darktrace to be Taken Private in $5.3 Billion Sale to Thoma Bravo
UK cybersecurity firm Darktace has agreed to sell itself to private equity giant Thoma Bravo for approximately $5.32 million in cash. The post Darktrace to be Taken Private in $5.3 Billion Sale to Thoma Bravo appeared first on SecurityWeek.
The 10 highest-paying industries for IT talent
Technology has quickly become a top priority for businesses across every industry. So much so that IT roles are no longer just the purview of the IT department. Every business unit has a stake in the IT services, apps, networks, hardware, and software needed to meet business goals and objectives, and many of them are […]
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites. The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek.
M&A action is gaining momentum, are your cloud security leaders prepared?
As we near the halfway point of the year, organizations are under tremendous pressure to grow businesses across all industries. It’s no secret: bottom lines must rise and 2024 has been earmarked as a pivotal year to revert to growth mode. Many organizations will find an uphill battle here; the previous few years have taken […]
CIOs eager to scale AI despite difficulty demonstrating ROI, survey finds
CIOs rank AI as a top priority alongside cybersecurity for IT departments. However, barriers such as adoption speed and security concerns hinder rapid AI integration, according to a new survey. There is a promising surge in the use of AI technologies across various industries. Of the 750 CIOs around the world surveyed by Lenovo, 81% […]
Top 4 focus areas for securing your software supply chain
The complexity of the software supply chain (SSC) has the potential to expose your organization to greater risk than ever before. In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. Thus, it’s important to assess whether your organization is set up to […]
Predictive Security Startup BforeAI Raises $15 Million
Predictive attack intelligence and risk protection startup BforeAI has raised $15 million in a Series A funding round led by SYN Ventures. The post Predictive Security Startup BforeAI Raises $15 Million appeared first on SecurityWeek.
Salesforce launches Einstein Copilot for general availability
At its World Tour NYC today, Salesforce announced the general availability of Salesforce Einstein Copilot, its conversational AI assistant for CRM. The company first announced Einstein Copilot in September last year, and released Einstein 1 Studio in March as part of its bid to become the platform of choice for building AI assistants for business. […]
Palo Alto Networks Shares Remediation Advice for Hacked Firewalls
Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400. The post Palo Alto Networks Shares Remediation Advice for Hacked Firewalls appeared first on SecurityWeek.
Autodesk Drive Abused in Phishing Attacks
A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive. The post Autodesk Drive Abused in Phishing Attacks appeared first on SecurityWeek.
FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures
The FTC is sending a total of $5.6 million in refunds to over 117,000 Ring customers as result of a 2023 settlement. The post FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures appeared first on SecurityWeek.
Oracle adds AI capabilities to its Fusion Cloud CX
Oracle is adding more AI capabilities to its Fusion Cloud CX that provides software for sales, marketing, and service teams across an enterprise, the company announced on Thursday. The new capabilities, based on the company’s OCI Generative AI service, include generative AI-assisted answer generation, assisted scheduling for field service, opportunity quality scoring, and seller engagement […]
What LinkedIn learned leveraging LLMs for its billion users
With more than 1 billion users globally, LinkedIn is continuously bumping against the limits of what is technically feasible in the enterprise today. Few companies operate at the scale that LinkedIn does or have access to similar troves of data. For the business- and employment-focused social media platform, connecting qualified candidates with potential employers to […]
Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking
The Brocade SANnav management application is affected by multiple vulnerabilities, including a publicly available root password. The post Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking appeared first on SecurityWeek.
IBM doubles down on hybrid cloud with $6.4B HashiCorp acquisition
In a move that significantly bolsters its position in the cloud services market, IBM has announced it is acquiring HashiCorp, a multicloud infrastructure automation company, for $6.4 billion. HashiCorp is known for its Terraform product, an infrastructure automation tool, which is considered an industry standard for infrastructure provisioning in hybrid and multicloud environments. In the […]
DIY cloud cost management: The strategic case for building your own tools
Cloud cost management remains a critical CIO priority. With questions around ROI, increasing outlay, and corporate scrutiny on IT cost savings on the rise, CIOs must know not only what contributes to their organization’s overall cloud spend but also how to optimize it. And that’s all before considering the need to fuel new AI initiatives, […]
FTC’s noncompete decision signals major shifts in IT job market ahead
The Federal Trade Commission has voted to prohibit for-profit US employers from enforcing noncompete clauses in employment agreements. The FTC decision is expected to have significant ramifications for the IT talent market. Experts believe that removing restrictive clauses could lead to a more competitive job market, enabling tech professionals to negotiate better conditions and to […]
Endpoint Security Firm ThreatLocker Raises $115 Million in Series D Funding
Zero trust endpoint security company ThreatLocker has announced a $115 million Series D funding round that brings the total to $240 million. The post Endpoint Security Firm ThreatLocker Raises $115 Million in Series D Funding appeared first on SecurityWeek.
Salesforce debuts Zero Copy Partner Network to ease data integration
At Salesforce World Tour NYC today, Salesforce unveiled a new global ecosystem of technology and solution providers geared to help its customers leverage third-party data via secure, bidirectional zero-copy integrations with Salesforce Data Cloud. “The big thing we hear from many of our customers is, ‘I already have data in N number of XYZ data […]
IBM Acquiring HashiCorp for $6.4 Billion
IBM is acquiring HashiCorp for $6.4 billion for its infrastructure lifecycle management and security lifecycle management capabilities. The post IBM Acquiring HashiCorp for $6.4 Billion appeared first on SecurityWeek.
7 tendenze del 2024 per una valida strategia cloud aziendale
Ogni CIO sa bene che il mercato del cloud è sempre in movimento, nelle più disparate direzioni. Tuttavia, forse, non si rende conto che è possibile tenere il passo con i cambiamenti del mercato della “nuvola”, e persino avere la meglio sui vendor, modificando la strategia della propria impresa per trarre vantaggio da nuovi approcci […]
Cisco Systems Joins Microsoft, IBM in Vatican Pledge to Ensure Ethical Use and Development of AI
Pope Francis has called for an international treaty to ensure AI is developed and used ethically, devoting his annual peace message this year to the topic. The post Cisco Systems Joins Microsoft, IBM in Vatican Pledge to Ensure Ethical Use and Development of AI appeared first on SecurityWeek.
変革をもたらす人材を育成するためにエリーインシュアランスが行っていること
エリー・インシュアランスのリーダーシップ・チームが大規模な変革を計画したとき、ITだけの取り組みではだめだとわかっていた。変革のテーマである近代化、クラス最高の代理店体験、マルチチャネルでの顧客体験、卓越した商品、イノベーションは、非常にビジネス中心的なものであり、全社的な取り組みによってのみ達成できるものだった。 2年前にCIOとして入社したパルタ・スリニヴァーサは、この取り組みを推進する重要なリーダーの一人となった。「私たちの戦略で最も重要なのは、企業マインドを持った統一チームとして働くことです」と彼は言う。「その作業は製品、保険金請求、サービス、ITのどれをとっても、エリーの企業変革推進室という1つのチームによって行われる。」 変革の主要テーマは、近代化、デジタル、データ、クラウドである。モダナイゼーションの取り組みの多くはITに関わるものだが、スリニヴァーサ氏は、それがITに限定されることなく、ビジネスの取り組みであることを保証している。これを実現するために、1つ目のポイントは、スポンサーシップの重要性、特に変革の重要性を強調するCEOの働きかけである。 2つ目は、エリーの企業変革推進室である。「私たちは戦略に基づいてすべての優先順位を決定し、その戦略に沿わない仕事はすべて優先順位を下げることにした。また、戦略、計画、実施に責任を持つ企業変革推進室を率いるリーダーで構成されるクロスファンクショナル・チームを結成した。」 最後に、エリー・インシュアランスが変革を推進する方法は、企業のビジネス・アジリティを活用することである。その鍵となるのが進捗状況の透明性であり、スリニヴァーサは、主要テーマに関する進捗状況を示すスコアカードを通じて、同僚や取締役会に定期的な最新情報を提供することでこれを実現している。「私のダッシュボードは、当社の近代化プログラムの進捗状況を示しており、取締役会には、AからBに針が動いたことを伝えている」と彼は言う。 人材の問題 エグゼクティブ・レベルのスポンサーシップと協力的な変革オフィスは非常に重要だが、IT内部と企業全体の人材が適切なスキルやマインドセットを持っていなければ、その効果は期待できない。 変革をもたらす人材を特定し、その実行に焦点を当て続けるために、スリニヴァーサ氏はIDEATE(イノベーション、デリバリー、効率性、加速、人材、実行品質)という概念を用いている。IDEATEの必要性を念頭に、同社は人材育成に多方面からのアプローチをとっている。 IT部門には、人材の獲得、維持、育成に重点を置いたハイレベルな人材プログラムがいくつかある。重要な人材パイプラインのひとつが、18カ月間実施される見習いプログラムで、研修生はITの少なくとも3つの分野に触れ、学びながら生産性を高めることが期待される。プログラムが終了すると、彼らは自分のスキルと関心が最も合致する部門の職務に就く。 スリニヴァーサはまた、ITのコア・スキルはないが強力なリーダーである人を対象としたITリーダー・プログラムも実施している。「私たちのITリーダー・プログラムは、軍歴があったり、IT以外の部門でリーダー経験があったりするシニアのためのものです」と彼は言う。「しかし、彼らは優れたコミュニケーション能力を持ち、物事を成し遂げる方法を知っている。このプログラムによって、ITチームは技術的スキルとリーダーシップ・スキルの適切なバランスを持つことができる。」 変革を推進する気風 エリー保険のIT組織では、技術者がレガシー技術から新興技術にシフトする「横移動」プログラムも実施している。彼はまた、ストレッチ・アサインメントというアプローチもとっている。「本業はビジネス・アナリストだが、プロジェクト・マネジャーとしてストレッチ・アサインメントを受けることになるかもしれない」と彼は言う。 このようなプログラムと同様に重要なのは、IT組織の全員がクラウド認定を取得し、アジャイル開発のトレーニングを受けることだ。このトレーニングの定着率は高く、IT部門の離職率は業界最低水準であるとスリニヴァーサ氏は言う。 スリニヴァーサ氏がこれらのプログラムすべてに求めているのは、変革人材にとって最も重要なスキルセットであると彼が考えているもの、すなわち、顧客中心主義、先駆的な考え方、協調性、適応性である。しかし、これらのスキルのどれよりも重要なのは、変革を推進する能力だと彼は言う。 「時に企業は、全員が変革に真にコミットする前に変革を始めることがある」と彼は言う。「私が人材に求める最も重要なスキルは、日々の活動をより広範な変革のゴールに結びつける能力であり、古いものから新しいものへとシフトする情熱を持っていることだ」。 Careers
7 enterprise cloud strategy trends for 2024
Every CIO knows the cloud market is always drifting in new directions. But what you may not realize is that it’s possible to keep pace with cloud market changes, and even gain the upper hand on vendors, by adjusting your enterprise’s cloud strategy to take advantage of fresh approaches and emerging opportunities. CIOs need to […]
Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms
Cisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks. The post Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms appeared first on SecurityWeek.
A changing market landscape requires constant evolution: Our mission for VMware customers
Our goal since the Broadcom/VMware acquisition was completed last November has been to help our customers move fast in their digital transformation to position themselves for success. Even before the transaction was finalized, we had been listening to VMware’s customers. As we moved from transaction to integration, we began to translate customer thoughts into a […]
KnowBe4 Plans to Acquire Egress for Email Security Tech
KnowBe4 boasts that the merger will create “the largest, advanced AI-driven cybersecurity platform for managing human risk.” The post KnowBe4 Plans to Acquire Egress for Email Security Tech appeared first on SecurityWeek.
Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon
As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. The post Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon appeared first on SecurityWeek.
North Korean Hackers Hijack Antivirus Updates for Malware Delivery
A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners. The post North Korean Hackers Hijack Antivirus Updates for Malware Delivery appeared first on SecurityWeek.
Tines Bags $50 Million Funding for Security Workflow Automation
Irish startup Tines raises $50 million in new venture capital funding as investors make big bets on automation and orchestration startups. The post Tines Bags $50 Million Funding for Security Workflow Automation appeared first on SecurityWeek.
Google Patches Critical Chrome Vulnerability
Google patches CVE-2024-4058, a critical Chrome vulnerability for which researchers earned a $16,000 reward. The post Google Patches Critical Chrome Vulnerability appeared first on SecurityWeek.
Amplifier Security Emerges From Stealth With AI Copilot, Human-in-the-Loop Automation
Amplifier Security has raised $3.3 million in funding for a solution that includes human-in-the-loop automation and an AI copilot. The post Amplifier Security Emerges From Stealth With AI Copilot, Human-in-the-Loop Automation appeared first on SecurityWeek.
Nagomi Security Emerges From Stealth With $30 Million in Funding
Nagomi Security, a company that helps customers prevent threats by leveraging existing security tools, emerged from stealth with $30 million in funding. The post Nagomi Security Emerges From Stealth With $30 Million in Funding appeared first on SecurityWeek.
CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation
CISA warns organizations of a two-year-old Windows Print Spooler vulnerability being exploited in the wild. The post CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation appeared first on SecurityWeek.
Microsoft and Cognizant team up to boost enterprise Copilot adoption
Microsoft is opening another route for extending the reach of its Copilot offerings in the enterprise through an expanded partnership with global professional services company Cognizant. As part of the deal, Cognizant has acquired 25,000 Microsoft 365 Copilot seats, and 500 each of Sales Copilot and Services Copilot, for use by its associates across […]
Threat Actor Uses Multiple Infostealers in Global Campaign
A threat actor tracked as CoralRaider has been using multiple infostealers to harvest credentials from users worldwide. The post Threat Actor Uses Multiple Infostealers in Global Campaign appeared first on SecurityWeek.
SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking
SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. The post SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking appeared first on SecurityWeek.
New Password Cracking Analysis Targets Bcrypt
Hive Systems conducts another study on cracking passwords via brute-force attacks, but it’s no longer targeting MD5. The post New Password Cracking Analysis Targets Bcrypt appeared first on SecurityWeek.
Prophet Security Emerges From Stealth Mode With $11 Million in Funding
Bain Capital Ventures and angel investors invest $11 million in automated alerts analysis startup Prophet Security. The post Prophet Security Emerges From Stealth Mode With $11 Million in Funding appeared first on SecurityWeek.
How CIOs align with CFOs to build RevOps
The first use of generative AI in companies tends to be for productivity improvements and cost cutting. But there are only so many costs that can be cut. Growing revenues, on the other hand, is where you can see an unlimited upside. CIOs are well positioned to cut costs since they’re usually well acquainted with […]
A comparative assessment of digital transformation in Italy
It’s universally accepted that to thrive, enterprises must embrace transformation through technology. CIOs are at the forefront of this as they help shepherd their organizations through digitalization. “Digital is a powerful business lever,” says Alessandra Luksch, director of the Digital Transformation Academy Observatory at Politecnico di Milano, which has been mapping trends in ICT spending […]
What is a CTO? The exec who sets tech strategy
What is a CTO? The chief technology officer (CTO) is the senior executive who focuses on the technological requirements, opportunities, and challenges within an organization. The CTO role has emerged as a key player in the enterprise C-suite, especially with digital transformation being such a high strategic priority for so many organizations. What does a […]
Global managed services to grow in 2024 as enterprise IT spending rises
The global market for managed services will rise in 2024 due to organizations’ IT spending surge and larger investments in managed services deals involving AI and cloud computing, according to market intelligence firm IDC. “This trend will continue over the next few years as more organizations experiment or go live with AI-enabled services. Although a […]
US government extends warrantless FISA monitoring
A controversial provision of the Foreign Intelligence Surveillance Act was renewed this weekend, despite concerns from lawmakers and other critics that it allows for the largely unregulated gathering of Americans’ personal information. The reauthorization of FISA Section 702, dubbed the Reforming Intelligence and Securing America Act (RISAA), passed the House of Representatives earlier this month, […]
Will AI kill jobs? History says otherwise
In April 1860, the Pony Express launched its operation to much fanfare. Using a series of riders on horses to relay messages from Missouri to California, it became an instant icon of the Wild West. The service lasted all of eighteen months. The Pony Express couldn’t compete with the transcontinental telegraph, completed in 1861, which […]
$10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors
Four Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies. The post $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors appeared first on SecurityWeek.
Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together
The judge with Spain’s National Court said there is reason to believe that the new information provided by France can “allow the investigations to advance.” The post Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together appeared first on SecurityWeek.
Secrets of business-driven IT orgs
At 75 years old, accounting and advisory firm Marcum LLP is far from a digital native. Yet Peter J. Scavuzzo, partner and chief information and digital officer, ensures it acts like one, with his technology team identifying and seizing on opportunities that drive company growth. “We’re introducing technology that reinvents how we do business, and […]
The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success
Mandiant’s M-Trends 2024 report shows that defenses are improving – and that may be true. But the reality remains that these same statistics demonstrate that if anything, the attackers still retain the upper hand. The post The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success appeared first on SecurityWeek.
Salesforce-Informatica acquisition talks fall through: Report
Salesforce’s negotiations to acquire enterprise data management software provider Informatica have fallen through as both couldn’t agree on the terms of the deal. That the talks about the deal had come to a close was reported by The Wall Street Journal (WSJ) and Reuters, citing an anonymous source. The disagreement about the terms of the […]
Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations
Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations. The post Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations appeared first on SecurityWeek.
UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack
UnitedHealth confirms that personal and health information was stolen in a ransomware attack that could cost the company up to $1.6 billion. The post UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack appeared first on SecurityWeek.
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product. The post Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability appeared first on SecurityWeek.
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor
The LockBit ransomware gang leaks data allegedly stolen from government contractor Tyler Technologies. The post Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor appeared first on SecurityWeek.
SAFe certification: launch your Scaled Agile Framework career
What is SAFe certification? Scaled Agile Framework (SAFe) certifications are becoming valuable in larger organizations looking for efficient project delivery, reduced time-to-market, and ways to provide better stakeholder value. These certifications provide a valid, reliable means of assessing skills, knowledge, and mindset of those seeking career advancement working with the framework. Earning a SAFe certification demonstrates you possess […]
CIO risk-taking 101: Playing it safe isn’t safe
As CIO, you’re in the risk business. Or rather, every part of your responsibilities entails risk, whether you’re paying attention to it or not. And in spite of the spate of books that extol risk-taking as the only smart path, it’s worth remembering that their authors don’t face what might be the biggest risk CIOs […]
Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services
Microsoft PlayReady vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services. The post Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services appeared first on SecurityWeek.
Cybersecurity e NIS2: come si muovono i CIO per dormire sonni (un po’) più tranquilli
La cybersecurity toglie il sonno ai CIO? Sicuramente la grande maggioranza dei Chief Information Officer definisce “priorità numero uno” la sicurezza dei sistemi IT aziendali. Questa attenzione massima rispecchia la consapevolezza che le cyber-minacce sono sempre più numerose e preoccupanti. L’ultimo Rapporto Clusit ha contato 2.779 incidenti gravi a livello globale nel 2023 (+12% rispetto […]
Time to digitize all landlines, once and for all (of us)
There has been a public challenge to the fact that AT&T is retiring its copper landlines in the state of California. This issue, however, is much bigger than the state of California and AT&T. It is not only national but global as well. In the US alone, there are estimates from 35 million to 100 […]
権威なしにリードするための7つのヒント
技術者を率いるには、急速に変化するスキルセットが必要です。肩書きがあれば、みんなを威張り散らし、鉄拳で支配し、成功する結果を期待できた時代は終わりました。現在のリーダーシップのムードは、コラボレーション、相互向上、権威なきリーダーシップがすべてです。 たとえあなたが、自分の部下全員が自分の言うとおりに動くことを合理的に期待できるような肩書きを持っていたとしても、指揮命令型のリーダーシップはもはや合理的な賞味期限を持ちません。さらに、伝統的なヒエラルキーから脱却し、必要に応じてスピンアップやダウンが可能なブレンドチームを導入する企業もあります。いずれにせよ、最近のマッキンゼーのレポートが結論付けているように、「旧来の階層型リーダーシップ・モデルは、今日の組織が直面する複雑な要求に応える上で障害となるとの見方が強まっている」のです。 伝統的なリーダーシップのあり方が、自分の直属の部下に対して機能するものであったとしても、ITリーダーは、権限のない他部門や社外の人々を率いることを期待されることが少なくありません。 この微妙なリーダーシップの技術を学ぶのは簡単ではありません。しかし、それは必要なことです。 キース・フェラッツィは、ベストセラー『Leading without Authority(権威なきリーダーシップ)』の中で、このスキルセットは「あなたやあなたの周りの人たちが英雄的で素晴らしいことをするのを助けることができる超能力である」と述べています。それは私たち全員の中にある力です。肩書きが何であれ、私たち一人ひとりが、より優れた、より効果的な、より影響力のある、より魅力的なリーダーになることができるのです。 私は、このコンセプトを実践しているリーダーたちに話を聞き「権威なしにリードする」スキルセットを構築するのに役立つ実践的なヒントを求めました。 1. 共有ビジョンを作る ボブ・ロジャースはデータサイエンティストで、サプライチェーンの設計を自動化するAI企業Oii.aiのCEOです。また、共同設立したヘルスケアAIコラボレーション・プラットフォームBeeKeeperAIのチーフ・サイエンティフィック・アドバイザーでもあります。ロジャースは、権威なきリーダーシップの申し子としてキャリアを築いてきたと言います。 「これは私のキャリアのすべてです。私にとっての実践とは、ストーリーテリングのすべてです。あなたが語るストーリーは、最終ゴールとチームを一挙に創り上げるのです」。 ロジャースは、自分のビジョンが導く先への夢をとらえたストーリーを作ることで、人々を自分の大義に引き込み、人々が進んで、つまり熱狂的に、自分が必要とすることをするように仕向け、驚くべきことを成し遂げることができるのです。 インテルでチーフ・データ・サイエンティストとして働いていたときの例: 彼は、NCMEC(National Center for Missing and Exploited Children:全米行方不明・被搾取児童センター)が、毎年800万件ものオンライン児童搾取の報告を処理するのを助けようとしていました。彼の役割には何の権限もありませんでした。そこで彼は、危険にさらされている子どもたちというストーリーを作り上げ、技術者、プロジェクトマネージャー、そして必要な権限を持つ人々を彼の目的に引き込みました。 彼のストーリーは、当時インテルのデータセンター・グループの責任者であったダイアン・ブライアントを最終的に納得させました。「彼女が採用されると、私たちに必要な資産を与えてくれました。私たちは100万ドルを手に入れ、ボランティア軍団の時間を大幅に割く許可を得ました」。 ロジャースがこの話をして人々を彼の大義に引き入れようとする以前、NCMECは児童搾取の報告について60日間のバックログを抱えていました。彼のチームは、処理パイプラインを自動化するためにAIソリューションを構築しました。「それを導入して2週間後には、24時間以内にすべてのことを処理できるようになりました」と彼は言います。 2. 正しいストーリーを伝える ロジャーズ氏は、共有するビジョンを人々に信じてもらうには、どのようなストーリーを語るかが重要だと指摘します。危機に瀕した子どもたちを救うことは、この種のコミットメントをもたらします。すべてのストーリーに説得力があるわけではありません。しかし、ストーリーをうまく伝えることができれば、その必要はありません。「人々が犯す大きな間違いは、ストーリーの内容です」とロジャーズ氏は言います。 収益を上げたいとか、世界最大のIT企業になりたいとか。しかし、それはストーリーではないとロジャーズ氏はいう。「人々が個人的にコミットできるものは何ですか?どのように世界を変えるのか、世界をより良い場所にするのか?」 あなたの目標の中には平凡なものもあるでしょう。でも、人々が関心を持つようなストーリーを語ってください。 彼の今の会社は、子どもたちを悪から救う会社ではありません。しかし、彼のチームは、彼が語るように、その成果を大いに信じています。「私たちはAIでサプライチェーンのあり方を変えようとしています。パンデミックの最中に人々がトイレットペーパーを手に入れられるように、また製薬会社が重要な医薬品の供給を確実に行えるように、サプライチェーンをよりうまく機能させるつもりです」 3. 成果についての合意を得ること Optimizely社の最高製品責任者であるルパリ・ジェイン氏は、「私は誰にでも何をすべきかを指示することができます。しかし、それは組織として正しいことでしょうか?おそらく違います。私が意思決定のボトルネックになり、現場の人たちよりも私の方が詳しいと思い込み、次のレベルのリーダーを育てることにはなりません。私は絵を描いて、私たちが望む結果を人々に示し、共にそこに到達できるようにすべきです」と語ります。 これは難しいことです。「影響力によって指導する場合、まず自分が達成しようとしている結果が良いものであると誰かを納得させなければなりません。そして、その結果を得るための方法をあきらめなければなりません。どちらも難しいことです」。 しかし、物事を成し遂げるために職権を使うことは、さらに大きな問題を引き起こします。「その結果、組織に力を与えなければ、あなたはボトルネックになります。みんながあなたの決断を待つようになります。規模を拡大することはできません。それは大きな問題です」。 同時に、傍観して人々に決断を委ね、その決断がうまくいかなかった場合に、彼らをバスの下に放り投げることもできません。「人々に力を与えるのであれば、彼らをサポートした方がいいでしょう。もし彼らが決断を下し、何か横槍が入ったときに、その決断をあなたが否定するようなことがあれば、あなたは権限なしに影響力を行使する能力を失ってしまいます。」 4. 企業文化にコラボレーションを組み込む 権威なきリーダーシップは、個人が変化を起こすと決断し、共有する目標に向かって人々をまとめることから始まります。この戦略を信じ、成功させたいのであれば、組織構造の基本に据えることです。 ヴァリメールの人事・業績担当最高責任者であるエレイン・マック氏は、次のように述べています。「私たちはパンデミックの発生と同時に、完全な遠隔組織へと意図的に移行しました。同時に、創業者主導のモデルからチーム主導のモデルへと移行しました。」 この移行には意思決定の民主化、組織内の専門家への依存、コラボレーションを通じた成果の創出に傾注することが必要でした。 ヴァリメールのCTOであるセス・ブランク氏は、 「私は『正しいことではなく、正しいことにする』という言葉を組織に持ち込みました。」 「権威を持たずにどうリードするかという問題の核心です。もしあなたが専門家であり、チームをまとめるのであれば、謙虚な姿勢で臨み、『どうすればいいのか?どうすれば一緒に学べますか?』と尋ねるのです。そうすれば、組織のどこからでも山を動かすことができます。文化が必要であり、それを期待するリーダーが必要なのです。そうすれば、人々は驚くようなことができるのです」とブランク氏は語る。 5. カレンダーに『影響力』を記入 このモデルを信じる文化があっても、ストーリーテリングや影響力構築を偶然や個人のモチベーションに任せてしまえば、人々は古い、快適な、命令とコントロールの手法に戻ってしまいがちです。 Eagleview社のCTOであるトリップ・コックス氏は、このリーダーシップ・スタイルを成功させるためには、影響力構築を日常業務の一部として組み込むことが不可欠であると述べています。 これは、カレンダーにタスクを書き込むことから始まると彼は言います。 「四半期ごとの計画サイクルの最初に、私は組織全体の全員と2、3時間かけて、背景を設定し、私たちの優先事項と、これから着手しようとしている仕事がなぜ重要なのかを説明します。そうすることで、私たち全員のカレンダーにその時間を定期的に入れることができるのです。」 人々に話をすること、そしてそれがいつ行われるかがわかっていれば、誰もが自分の伝えたいストーリーを練り上げ、求めている成果を考えることができます。 「このようなオペレーティング・モデルは、特に、多くのタイムゾーンに分散し、必ずしも1つの権限ラインの下にいない利害関係者がいる場合に、お互いに関与するためのフレームワークとある程度の予測可能性を提供するのに役立ちます」と彼は言います。 6. 専門知識を活用 技術部門のリーダーであれば、人に指示する権限があるかどうかにかかわらず、あなた自身の専門知識は不可欠なリーダーシップツールです。 「私たちは何百人ものエンジニアやナレッジワーカーと仕事をしています。彼らは、あなたが肩書きを持っているというだけでは尊敬しません。彼らはあなたのフィードバックが価値あるものであり、補完的なものであると感じる必要があります。彼らはあなたの技術的な専門知識、信頼性、そしてあなたが彼らの話に耳を傾けているという事実を尊重します。」 […]
Research Shows How Attackers Can Abuse EDR Security Products
Vulnerabilities in Palo Alto Networks Cortex XDR allowed a security researcher to turn it into a malicious offensive tool. The post Research Shows How Attackers Can Abuse EDR Security Products appeared first on SecurityWeek.
Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow
A hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks. The post Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow appeared first on SecurityWeek.
CrushFTP Patches Exploited Zero-Day Vulnerability
CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files. The post CrushFTP Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek.
Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability
Shadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400. The post Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability appeared first on SecurityWeek.
MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability. The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek.
VMware customers take wait-and-see approach amid Broadcom changes
When tech giant Broadcom acquired virtualization market leader VMware last October, it restructured licensing terms, laid off thousands of employees, and terminated partner agreements with resellers and service providers. VMware customers were understandably concerned. Broadcom has made a series of acquisitions under CEO Hock Tan’s leadership, including CA Technologies and Symantec’s enterprise security division, and […]
Cannes Hospital Cancels Medical Procedures Following Cyberattack
Cannes Hospital Centre – Simone Veil cancels medical procedures after shutting down systems in response to a cyberattack. The post Cannes Hospital Cancels Medical Procedures Following Cyberattack appeared first on SecurityWeek.
BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems
Investors make an early-stage $6.5 million bet on BreachRx, a startup promising to shield cybersecurity executives from personal liability. The post BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems appeared first on SecurityWeek.
How Southwest’s CIO modernized the airline through turbulence
Taking the helm as CIO is a major transition for any IT leader, but Lauren Woods’ experience at Southwest Airlines stands apart. Two months before she was officially named CIO in February 2023, Southwest experienced one of the largest operational disruptions in aviation history, right in the middle of the busy holiday travel season, with […]
Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing
VulnCheck banks $8 million in early stage capital to build ‘exploit intelligence’ technologies and services. The post Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing appeared first on SecurityWeek.
Web browsers: Reimagining remote work needs at the enterprise level
In the fast-paced realm of modern business, adaptation is key. As organizations transition to hybrid work models and embrace cloud-based operations, the very fabric of how we work has transformed – opening doors to more security risks. With more freelancers, contractors, and BYOD programs accessing corporate applications (like web and SaaS applications) via their own […]
In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack
Noteworthy stories that might have slipped under the radar: OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company targeted by FIN7. The post In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack appeared first on SecurityWeek.
First Major Attempts to Regulate AI Face Headwinds From All Sides
While over 400 AI-related bills are being debated this year in statehouses nationwide, most target one industry or just a piece of the technology — such as deepfakes used in elections. The post First Major Attempts to Regulate AI Face Headwinds From All Sides appeared first on SecurityWeek.
US Government Releases Guidance on Securing Election Infrastructure
New US guidance details foreign malign influence operations to help election infrastructure stakeholders increase resilience. The post US Government Releases Guidance on Securing Election Infrastructure appeared first on SecurityWeek.
Akira Ransomware Made Over $42 Million in One Year: Agencies
Akira ransomware has hit over 250 organizations worldwide and received over $42 million in ransom payments. The post Akira Ransomware Made Over $42 Million in One Year: Agencies appeared first on SecurityWeek.
Frontier Communications Shuts Down Systems Following Cyberattack
Telecom giant Frontier shuts down systems to contain a cyberattack that led to personal information compromise. The post Frontier Communications Shuts Down Systems Following Cyberattack appeared first on SecurityWeek.
Travelex leverages cloud-based customer data platform to boost retention
Money generated from prepaid travel cards is set to quadruple between 2022 and 2032, from $120.5 billion to $492.80 billion, according to Allied Market Research. This sharp upward trajectory is due in large part to an increase in international travel as tourist numbers slowly climb up to pre-pandemic levels. Acknowledging the potential this trend offers […]
Generative AI gold rush drives IT spending — with payoff in question
A scramble to invest in artificial intelligence and a natural replacement cycle for computing devices purchased during the COVID pandemic will lead to an 8% increase in global IT spending this year, Gartner predicted. Interest in AI, building since last year, will push a 10% increase in data center system spending this year, driving worldwide […]
OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining
Microsoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments. The post OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining appeared first on SecurityWeek.
Cloud native platforms: To build or to buy?
When it comes to cloud native application platforms, we’re at an important evolutionary point: will the best practice for platforms be to build or to buy? Should you choose the components you need for a platform and integrate them together, or should you buy a pre-integrated platform? Unless you’re a handful of organizations, the practical […]
SAP Applications Increasingly in Attacker Crosshairs, Report Shows
Malicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint. The post SAP Applications Increasingly in Attacker Crosshairs, Report Shows appeared first on SecurityWeek.
Multi-Data Platform SIEM Anvilogic Raises $45 Million
Silicon Valley startup Anvilogic has raised $45 million in a Series C funding round led by Evolution Equity Partners. The post Multi-Data Platform SIEM Anvilogic Raises $45 Million appeared first on SecurityWeek.
United Nations Agency Investigating Ransomware Attack Involving Data Theft
United Nations Development Programme (UNDP) investigating a ransomware attack in which hackers stole sensitive data. The post United Nations Agency Investigating Ransomware Attack Involving Data Theft appeared first on SecurityWeek.
Five Eyes Agencies Release New AI Security Guidance
Five Eyes cybersecurity agencies have released joint guidance on securely deploying and operating AI systems. The post Five Eyes Agencies Release New AI Security Guidance appeared first on SecurityWeek.
Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability
Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available. The post Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability appeared first on SecurityWeek.
180k Impacted by Data Breach at Michigan Healthcare Organization
Cherry Health says the personal information of over 180,000 individuals was stolen in a ransomware attack. The post 180k Impacted by Data Breach at Michigan Healthcare Organization appeared first on SecurityWeek.
Phishing Platform LabHost Shut Down by Law Enforcement
LabHost, a major phishing-as-a-service platform, has been shut down as part of a major law enforcement operation. The post Phishing Platform LabHost Shut Down by Law Enforcement appeared first on SecurityWeek.
CIOs not entirely sold on generative AI copilots
A new breed of AI assistant has set its sights on the enterprise user in recent months, with Microsoft and other vendors promising huge productivity gains that offset the cost. But Microsoft still has work to do on its value proposition. Its Copilot for Microsoft 365, a high-profile offering among the growing list of AI […]
Persán embraces Industry 5.0 to manage organizational assets
With a workforce of more than 2,000 and an annual turnover of €665 million in fiscal year 2022, Spanish multinational Persán has been developing, manufacturing and marketing products for home and personal care for more than 80 years. With Sevillian roots and the DNA of a family company, Persán predominately distributes its products throughout Europe, but […]
Cisco Unveils AI-Native Enterprise Security Solution Hypershield
Cisco announces Hypershield, an AI-native and cloud-native enterprise security solution with a wide range of capabilities. The post Cisco Unveils AI-Native Enterprise Security Solution Hypershield appeared first on SecurityWeek.
Oracle to invest $8 billion in Japan through 2034
Oracle is planning to invest $8 billion in Japan over the next 10 years in order to expand its cloud infrastructure footprint, which in turn will help the company meet the growing demand for AI-based workloads, the company announced on Wednesday. As part of the investment, the company said it will increase local customer support […]
La C-suite si sta espandendo e il ruolo del CIO è destinato a evolvere
Il miglioramento della centralità del cliente è un imperativo tutt’altro che nuovo, a livello di organizzazione, ma alcune aziende hanno fatto un passo avanti, istituendo nuovi ruoli nella C-suite per assecondare tale cambiamento. Interlace Health, società specializzata nelle soluzioni di modulistica digitale per il settore della salute, è diventata una di queste realtà, nominando Maggie […]
Accelerating Industry 4.0 at warp speed: The role of GenAI at the factory edge
It’s Wednesday night. You’re fast asleep aboard the USS Enterprise Star Trek. Suddenly, you wake to an urgent announcement and rush to the bridge of the starship. Captain James T. Kirk is activating warp drive and you see the iconic blurred streaks of light as the spaceship reaches warp speed. Within seconds, you are traveling […]
AI活用の成功について医療が教えてくれる4つの教訓
この1年、ジェネレーティブAIにできること、できないこと、そしてすべきでないことに関する新しいツールや主張、アイデアには事欠かなかった。そして、誇大広告にもかかわらず、この技術を適用して成功した現実の企業プロジェクトはほんの一握りだ。ヘルスケア業界は例外で、幅広いジェネレーティブAIの使用事例がある。 大規模言語モデル(LLM)を臨床意思決定支援、患者の旅の軌跡、効率的な医療文書作成に使用することから、医師がクラス最高の医療チャットボットを構築できるようにすることまで、ヘルスケアは、生成AIを実稼働させ、すぐに価値を示すことで大きく前進している。では、AIの応用におけるヘルスケアのベストプラクティスと教訓から、他の実務家は何を得ることができるのだろうか? ここでは、ヘルスケアにおけるAIの応用から得られた4つの教訓を紹介する。 患者の旅の軌跡 従来のLLMの多くは、患者の診断名と年齢しか考慮していない。しかしそれを、人口統計、臨床的特徴、バイタルサイン、喫煙状況、過去の処置、投薬、臨床検査など、複数のマルチモーダルな記録に拡大したらどうだろう?これらの特徴を統一することで、患者をはるかに包括的に見ることができ、その結果、より包括的な治療計画が立てられる可能性が生まれる。 追加データは、疾患進行予測や異なる疾患におけるサブタイプ分類のような、様々な下流タスクのモデル性能を大幅に向上させることができる。追加機能と解釈可能性を考慮すれば、LLMはその後、医師が疾患の軌跡、診断、様々な疾患の危険因子について、より多くの情報に基づいた決定を下すのに役立つ。このアプローチが、マーケティング担当者のカスタマージャーニーや、保険会社や金融会社のリスク評価にどのように適用されるかは容易に想像がつく。 医療チャットボットの改善 構造化されたデータ(電子カルテ、処方箋)と非構造化データ(診療メモ、医療画像、PDF)を組み合わせて、患者の完全なビューを作成することは非常に重要だ。このデータは、患者に関する情報を収集したり、臨床試験、集団衛生、または研究努力の候補となる患者のコホートを特定するためのチャットボットなど、ユーザーフレンドリーなインターフェースを提供するために使用することができる。簡単なことのように聞こえるが、プライバシーやデータの制限を忘れてはならない。 チャットボットを最大限に活用し、規制要件を満たすために、ヘルスケアユーザーは、ノイズの多い臨床データを、質問に自動的に回答できる自然言語インターフェースに移行できるソリューションを見つけなければならない。しかも、完全なプライバシーを守りながら、大規模にだ。これは単にLLMやRAG LLMソリューションを適用するだけでは達成できないため、ヘルスケアに特化したデータ前処理パイプラインから始まる。法律や金融のようなコンプライアンスの高い他の業界は、コモディティ・ハードウェア上でデータを個人的に、大規模に準備し、他のモデルを使ってクエリを実行することで、ヘルスケアを見習うことができる。 ジェネレーティブAIの民主化 AIは、企業レベルのユースケースを支えるデータサイエンティストやIT専門家ほど有用ではない。最も一般的なヘルスケアのユースケースのために特別に設計されたノーコード・ソリューションが登場しつつある。最も注目すべきは、LLMを使ってタスク固有のモデルをブートストラップすることだ。基本的に、これはプロンプトのセットから始め、プロンプトエンジニアリングが提供できる以上の精度を向上させるためにフィードバックを提供することを可能にする。LLMはその後、その特定のタスクのために小規模で微調整されたモデルを訓練することができる。 このアプローチにより、AIが専門家の手に渡り、LLMが単独で提供できるものよりも精度の高いモデルが得られる。これは、データ共有が不要で、ゼロショットプロンプトとLLMを組織のファイアウォールの背後に展開できることから、コンプライアンスの高い企業にとって特に有用である。役割ベースのアクセス、データのバージョン管理、完全な監査証跡など、あらゆるセキュリティ管理を組み込むことができ、AI初心者のユーザーでも簡単に変更点を把握し、長期にわたってモデルを改善し続けることができる。 課題と倫理的配慮への対応 AIが生成するアウトプットの信頼性と説明可能性を確保することは、患者の安全性と医療システムに対する信頼を維持する上で極めて重要である。さらに、内在するバイアスに対処することは、すべての患者集団がAI主導のヘルスケアソリューションを公平に利用するために不可欠である。臨床医、データサイエンティスト、倫理学者、規制機関の間の協力的な努力は、医療とそれ以外におけるAIの責任ある展開のためのガイドラインを確立するために必要である。 このような理由から、CHAI(The Coalition for Health AI)が設立された。CHAIは、ヘルスケアにおけるAIアプリケーションを責任を持って開発・展開するための具体的なガイドラインと基準を策定することを任務とする非営利団体である。CHAIは、米国政府やヘルスケア・コミュニティと協力しながら、ヘルスケアにおけるジェネレーティブAIアプリケーションを展開するための安全な環境を構築し、公正、公平、公平な製品やシステムを構築する際に考慮すべき具体的なリスクやベストプラクティスを網羅している。CHAIのようなグループは、AIの安全で効果的な利用を保証するために、あらゆる業界で複製することができる。 医療は、精密医療、個別化された治療、より良い転帰とQOLの向上につながる改善の新時代によって定義される、生成的AIの最先端にある。しかし、これは一夜にして起こったことではない。医療におけるジェネレーティブAIの統合は、その過程で技術的課題、倫理的考慮事項、規制の枠組みに取り組みながら、思慮深く行われてきた。患者や社会全体に利益をもたらすAI主導のイノベーションに対するヘルスケアの取り組みから、他の業界も多くを学ぶことができる。 上記の分野は、4月2日〜3日に開催される無料のバーチャル・コミュニティ・イベント、ヘルスケアNLPサミットで焦点となったものだ。 Artificial Intelligence
4 tips for championing contact center innovation from an award-winning customer experience leader
Innovation is essential, especially in the contact center as the tip of the spear in customer experience, but how do you activate your modernization plan? I had the opportunity to speak with Mary Daniel, VP of Customer Solutions Center for Aflac, a long-time Avaya customer, at the Gartner Symposium last fall. Mary is a veteran when it […]
Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression
Kapeka is a new backdoor that may be a new addition to Russia-link Sandworm’s malware arsenal and possibly a successor to GreyEnergy. The post Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression appeared first on SecurityWeek.
Generative AI and CIO.com: helping you get the Smart Answers you need
Here at CIO.com we are committed to bringing you high-quality human-created insights, and we are excited to use new technologies to do so. Major news outlets are now regularly publicizing their stances on the use of Generative AI, or Gen AI, by journalists. Some, like Associated Press and The Guardian, have outright banned the use […]
Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology
YL Ventures leads an early stage funding round for Miggo Security, a Tel Aviv startup working on application detection and response technology. The post Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology appeared first on SecurityWeek.
Armis Acquires Silk Security for $150 Million
Armis has acquired cyber risk prioritization and remediation company Silk Security for $150 million. The post Armis Acquires Silk Security for $150 Million appeared first on SecurityWeek.
Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks
Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services. The post Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks appeared first on SecurityWeek.
Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product
Ivanti releases patches for 27 vulnerabilities in the Avalanche MDM product, including critical flaws leading to command execution. The post Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product appeared first on SecurityWeek.
Certinia bakes AI into its latest professional services updates
Certinia has joined the growing ranks of enterprise software vendors turning to generative AI to enhance their offerings. The provider of ERP and professional services automation software based on the Salesforce platform today announced it has added AI-powered features aimed at simplifying common processes for midrange service firms to its latest update. The Spring ’24 […]
Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities
Chrome and Firefox security updates resolve over 35 vulnerabilities, including a dozen high-severity bugs. The post Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Recent OT and Espionage Attacks Linked to Russia’s Sandworm, Now Named APT44
Mandiant summarizes some of the latest operations of Russia’s notorious Sandworm group, which it now tracks as APT44. The post Recent OT and Espionage Attacks Linked to Russia’s Sandworm, Now Named APT44 appeared first on SecurityWeek.
Oracle Patches 230 Vulnerabilities With April 2024 CPU
Oracle releases 441 new security patches to address 230 vulnerabilities as part of its April 2024 Critical Patch Update. The post Oracle Patches 230 Vulnerabilities With April 2024 CPU appeared first on SecurityWeek.
Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release
Palo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released. The post Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release appeared first on SecurityWeek.
10 famous AI disasters
In 2017, The Economist declared that data, rather than oil, had become the world’s most valuable resource. The refrain has been repeated ever since. Organizations across every industry have been investing, and continue to heavily invest, in data and analytics. But like oil, data and analytics have their dark side. According to CIO’s State of […]
Will enterprises soon keep their best gen AI use cases under wraps?
The retail industry has no shortage of cases on display where generative AI has shown tangible benefits. Take for example French multinational Carrefour, who used it to make digital avatars and videos. They had ChatGPT write the script, and other gen AI tools to create a digital person who reads the script, a scalable process […]
Subscription economy defies economic headwinds, fuels recurring growth
Organizations with subscription-based business models have not only survived the recent global economic challenges but have also outperformed their traditional, product-based counterparts, according to The Subscription Economy Index (SEI) report for 2023 by Zuora. The latest SEI findings reveal that subscription-based companies have grown remarkably, outstripping traditional business models significantly. Specifically, over the last 12 […]
Decoding Salesforce’s plausible $11 billion bid to acquire Informatica
Salesforce’s reported bid to acquire enterprise data management vendor Informatica could mean consolidation for the integration platform-as-a-service (iPaaS) market and a new revenue stream for Salesforce, according to analysts. “With this deal, Salesforce would be the dominant data integration company, making it the starting point for enterprises trying to bring disparate data sources together,” said […]
シュナイダーエレクトリック、社員のキャリア開発にAIを活用
AIは、顧客体験の向上から業務プロセスの能率化まで、企業の様々な取り組みをサポートする実用的なテクノロジーとして本領を発揮しています。AIテクノロジーが労働者にもたらす長期の影響はまだ不明瞭ですが、フランスを拠点をするシュナイダーエレクトリックなど、社員のキャリア開発にAIを活用している企業もあります。 エネルギー設備とソリューションを提供するグローバル企業である同社は、2020年初頭にOpen Talent Market (OTM) プラットフォームを立ち上げ、社員がメンタリングの機会を見つけたり、スキルアップを図ったり、組織内のネットワークを拡大する手だてを提供しています。同プラットフォームは、AIを利用してユーザープラファイルをスキャンし、プロジェクトに適したスキルを組織内で特定したり、お互いに助け合える助言者と助言を受ける人をペアリングしたりします。また社員が社内で自身のスキルを売り込むこともできるようにしています。 シュナイダーエレクトリックのシニアタレント開発パートナー、シャノン・ブース氏は、次のように語っています。「私が入社してまもなくの2019年後半に、米国オフィスのホールで初めてOTMがプレゼンされたのを覚えています。ただそこに座って、『これは私にとても役立ちそうだ』と考えていました。私は生来ネットワーキングがあまり得意ではないからです」 ブース氏は早期のリーダーシッププログラムを担当しており、自身のチームは、社員にOTMを紹介する理想的なタイミングは職務についてから6~18か月経った頃であることがわかったとと語っていました。その間に自身の仕事に慣れることができ、「その後、他にどのようなチャンスがあるかを見極め、このツールがキャリア開発にどのように役立つかを学ぶことができます」 このプラットフォームを活用するために、社員はまずプロファイルをセットアップして、自身のスキルやこれまでの経歴、将来の夢などを記した履歴書をLinkedInから直接アップロードします。また逆に、従業員は所属チームに不足しているスキルセットを把握し、他部門の社員が自分たちのプロジェクトに参加するチャンスについて投稿することもできます。 「提供する情報が多ければ多いほど、返ってくるものが多いのです」と氏は語り、このプラットフォームはAIを使って、社員にチャンスや関連職務またプロジェクトについての情報を提供し、キャリア開発をサポートするメンタリングを求める社員同士をマッチングしていると加えています。OTMはキャリア開発機能も備えており、社員は「可能性のあるキャリアパスを探索し、スキルアップのために短期の能力開発トラックを構築できる」と氏は述べています。 さらに重要なことに、プラットフォームのAIは、社員が性別や年齢、民族性にまつわる偏見なしに自身のキャリアパスを構築する助けをしています。 「私たちは社員に意義ある仕事を見つけてもらい、平等な機会を提供したいのです。お互いの様々な違いを認め合って全員が平等な機会とアクセスを持つ環境を構築し、キャリア促進に向けて大きな力を得たと感じてほしいのです。それらの達成は、最終的には人材定着率の向上につながります。それが当社の主な目標の1つなのです」と氏は述べています。 迅速にスキルギャップを埋める OTMのもう一つの大きな利点は、シュナイダーエレクトリックは、臨時社員を雇用したり外部から募集することなく、社内のスキルギャップの解決に取り組むことができるということです。 例えば、同社の社員や外部顧客からの需要が高いソフトウェアアプリケーションを管理するフェリックス・ラモス氏は、小規模で予算に限りのある自身のチームに対し、OTMを使ってその能力向上を図りました。 「オープンタレントマーケットプレイスからのボランティアなしには、我々は全員(同社の社員と外部顧客)をサポートすることはできませんでした」とシュナイダーエレクトリックでエネルギー管理ソフトウェアのプログラムマネージャーを務めるラモス氏は述べています。 OTMボランティアの助けによってチームはその機能を「少なくとも1.5倍から2倍」は拡大することができたと氏は語ります。ボランティアにも等しくメリットがあり、そのボランティアの多くは「私たちのチームで積んだ経験をもとにキャリアコースを変更した」と述べています。 「ボランティア募集は容易に投稿できました。そして数時間で複数の候補者が応募してきたのです。大勢と面談したり、承認を得たり、マイルストーンを経たりすることなく候補者を採用できました」と氏は述べ、OTMの使用により、多様な応募者の募集や管理において多くの経験が積め、マネージャーとしてさらに力をつけることができたと付け加えています。 ソフトウェア製品管理のシニアダイレクターであるジェシカ・キッパー氏は、グローバルなホスピタリティクライアントのウェブサイト上でさらに優れたユーザーエクスペリエンスのオプションを紹介するにあたり、リソースが不足していることに気づきました。作業を迅速に進めたかったため、OTMに投稿してUXデザイナーを募集しました。 「他チームから来たUXデザイナーと共に、4週間にわたって週に4時間から8時間作業をしました。このUXデザイナーも、サステナビリティにさらに精通し、自身のスキルセットを向上し、ネットワークを拡大する興味深いプロジェクトに参加したいと考えていたのです。私のチームのデザイナーと連携し、成果物への問題とアプローチについて概説してくれました」とキッパー氏は述べています。 UKデザイナーはチームと話し合いを持って要件を特定してから、「3つのかなり異なったアプローチを作成し、ユーザーのコアニーズに応じて顧客が検討できる様々なオプションを、迅速に、しかも高忠実度のプロトタイプで提示しました」とキッパー氏は述べています。 OTMから採用したUXデザイナーは、キッパーチームのサポートで「主な成果物を作成してくれた」と氏は述べており、OTMなしにはこれほど効率的に生かせなかったチャンスを有効に活かすことができました。 AIとの繋がりを加速 特定のスキルセットを持つ社内の人材を活用することで、重要なプロジェクトにより情熱を傾けることもできます。OTMは、これらのトピックに関心を持つ人材、また適切なスキルを持つ人材を特定することで、新しい部署や役割で支援する機会をやる気のある社員につなげることができます。ラモス氏が指摘したように、人事が関与する必要がないため煩雑な手続きを排除することができます。マネージャーや一般社員が直接連絡を取り合い、チャンスを通してつながりを構築することができます。 シュナイダーエレクトリックの12万人を超える世界各地の社員が急速につながるようになったとブース氏は語っています。「ある意味では会社が縮小されたのでしょうが、さらに大きく広がったとも言えます」社員は自身のオフィスや勤務地域以外の同僚とつながりを築き、社内のつながりが地域だけでなくグローバルに広がっています。 また、OTMのメンタリング推奨によって、容易に関係を構築できるようになりました。指導者になることに関心がある社員は、システムを通してメンタリングに興味を示す社員とマッチングできます。プロファイルのボックスにチェック印を入れるだけで、あとはAIにまかせればよいのです。 「社員が何に関心を持っているか、どのような目標や野心を持っているかをもとにしてAIがマッチングし、メンタリングの機会を求めるユーザーには週に1回サマリーが届きます」と氏は述べています。AIは組織内で社員のキャリアを伸ばし、社全体でスキルギャップを埋める機会を24時間体制で特定するサポートをしています。人事の手を煩わせることはありません。 戦略プロジェクトサービスイノベーションチームのメンバーであるソフィー・ブラウズ氏は、社員側としては「OTMの利用には時間管理、優先付け、コミュニケーション、透明性、そして上司との優れた関係の構築が必要です」と述べています。 氏がOTMで取り組みたいプロジェクトを見つけた時は、週に何時間か、または月に何度か時間を作るようにしています。「そのプロジェクトに費やす時間がある場合は、カレンダーに予定を書き込み、自分が忙しいことをチームメンバーに知らせます。OTM [での仕事]から得られるスキルや知識、経験が、今の自分の仕事にどのような影響をもたらすか、また反映されるかを考えるようにと上司に言われたことがありました。私はOTMでの自分の作業、また私の現在の仕事との関りについて、時間を取って考えてみるようにしています」と述べています。 顧客体験プログラムマネージャーのローリー・べランド氏は、採用者と候補者の両方の立場からOTMを使用した経験があります。氏はOTMが、同様の目標を持つ同僚とのつながりや「個人的なネットワークを拡大し、社内の新しい分野に眼を向け、新たなスキルを身につけ、チームメンバーとの相性を試してみる「トライアル」の機会を提供してくれたと述べています。 「採用者としても候補者としても、新しいスキルを学びました。OTMは、圧倒されるようなグローバルな環境でつながりを構築するのに役立つすばらしいリソースです。毎日我社について新しいことを学んでいます。何年も働いてきた所属部門についてもです。一人で、あるいはマネージャーやメンターからのサポートを受けても、それをこなしていくのは大変なことがあります。プラットフォームの自動提案のような単純なものでも、これまで存在すら知らなかった新しいキャリアパスを紹介してくれることがあるのです」とべランド氏は述べています。 Artificial Intelligence, Careers, Staff Management
People-centric planning: Fund people, not work
Technological innovation has continued to accelerate, providing capabilities and advantages that would have been unimaginable just a short time ago. The problem is that technology planning and funding approaches continue to look very much like they did 30 years ago. In this post, I’ll look at some of the key problems these legacy approaches pose, […]
Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit
Join this one-day virtual summit as we shine the spotlight on the shadowy dynamics of ransomware attacks and how you can best prepare your organization to defend against and recover from these relentless attacks. The post Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit appeared first on SecurityWeek.
Critical PuTTY Vulnerability Allows Secret Key Recovery
PuTTY vulnerability CVE-2024-31497 allows attackers to compromise private keys and use them to forge signatures. The post Critical PuTTY Vulnerability Allows Secret Key Recovery appeared first on SecurityWeek.
Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million
Charles O. Parks III was arrested and charged with defrauding two cloud-services providers of $3.5 million. The post Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million appeared first on SecurityWeek.
Cloud Users Warned of Data Exposure Risk From Command-Line Tools
Cloud security specialists found data exposure risk associated with Azure, AWS, and Google Cloud command-line tools. The post Cloud Users Warned of Data Exposure Risk From Command-Line Tools appeared first on SecurityWeek.
Generative AI sparks family business renaissance: PwC report
The next generation of leaders in family businesses is poised to embrace the transformative power of generative AI (GenAI) despite marked resistance from the incumbent leaders, according to a PwC report. The global report, based on a survey of over 900 NextGen individuals aged between 18 and early 40s, was aimed at understanding family businesses’ […]
Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative
Kevin O’Connor knew he was a hacker by the time he was in Middle School. He went on to work for the NSA and is now director of threat research at Adlumin. The post Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative appeared first on SecurityWeek.
Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare
The RansomHub group has started leaking information allegedly stolen from Change Healthcare in February 2024. The post Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare appeared first on SecurityWeek.
You Against the World: The Offenders Dilemma
Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. The post You Against the World: The Offenders Dilemma appeared first on SecurityWeek.
Omni Hotels Says Personal Information Stolen in Ransomware Attack
Omni Hotels says customer information was compromised in a cyberattack claimed by the Daixin Team ransomware group. The post Omni Hotels Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
Skills-first hiring has CIOs rethinking talent strategies
Jason Snyder faces the same challenge nearly all CIOs encounter when looking to fill open positions: a tight labor market, where fierce competition for workers has meant months-long vacancies. Snyder, secretary of the Executive Office of Technology Services and Security and Commonwealth CIO for Massachusetts, responded by overhauling the agency’s recruitment and retention practices. Those […]
How to be the CIO every company wants
Companies expect a lot from their CIOs: integral knowledge of the business, visible financial results, and agility, as well as the ability to manage change, actively collaborate with business leaders, and explain IT in plain English. It’s a tall order that requires a broad spectrum of skills. It once prompted a CFO contemporary of mine […]
Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt
PAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw. The post Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt appeared first on SecurityWeek.
Trasformazione digitale e sostenibilità: ecco come i CIO affrontano la sfida
La trasformazione digitale è un percorso a tappe e, per molti CIO italiani, passare di livello due vuol dire sistematizzare i progetti in ottica di data-driven company mettendo al centro la sostenibilità. Se già la continua ridefinizione del ruolo del Chief Information Officer non fosse abbastanza, ecco gli obiettivi ESG (Environment, Sustainability, Governance) diventare un’altra […]
Rocket Mortgageが生成AIの成功の基礎を築く
住宅ローン業界で成功するためには、効率性と正確性が最も重要だ。また、選択肢を広げておくことも重要だ。それが、Rocket Mortgageが機械学習やAI技術を積極的に導入してきた理由であり、ブライアン・ウッドリングCIOが「人間がループに入る」AI戦略を強調する理由である。 デトロイトに本社を置く消費者ローン運営企業は、10年以上にわたって機械学習とAIを導入しており、生成AI機能を市場にリリースしている数少ないパイオニアのひとつである。 ウッドリング氏は、「我々は現在、約1年前から複数の生成AIのケースを製品化しています」と述べ、例えば、同社が開発中の1つの生成AIチャットボットは、話すだけでなく、聞いて理解するように設計されていると指摘する。 Rocketが開発した別の生成AIアシスタントは、応募者の雇用主名を分析し、さまざまな名前で入力される可能性のある雇用主が同じものであると理解されるようにし、意思決定プロセスを大幅にスピードアップする。例えば、ほとんどの人はグーグルとアルファベットが同じ雇用主であることを知っている。このような人間の知識を使って生成AIアシスタントを訓練し、雇用主の身元を確認することは、親会社名のデータベースを構築して子会社やより一般的な会社の身元と照合するよりもはるかに効率的だとウッドリング氏は言う。 生成AIをいち早く実用化したRocket Mortgageは、投資家や規制当局に安全かつ責任ある方法で技術を導入していることを納得させるため、適切なガードレールとガイドラインを整備した上でそれを行った、とウッドリング氏は補足する。同社は現在、いくつかのビジネスプロセスを自家製のコードとAIで完全に自動化している。しかし、住宅ローンを組むかどうかといった決定を伴う生成AIのアプリケーションでは、常に「ループの中に人間がいる」とウッドリングは言う。 「生成AIを搭載したコパイロットやシステム(私たちが構築している多くのもの)では、インターネットに何年も投稿されたものをすべて知っている生成AIモデルと人間の判断が組み合わさることで、判断の精度が10%から15%向上することが分かっています。 生成AIのプロセスの意思決定と結果を承認するために人間の意見を取り入れることが、初期の生成AIの成功に不可欠な原動力であることが証明されつつある、というのがアナリストの意見だ。 IDCのワールドワイドAI・オートメーションマーケットリサーチ・アドバイザリーサービス担当グループバイスプレジデントであるリトゥ・ジョティ氏は、「生成AIは、さまざまなデータポイントを結びつけ、数秒で洞察をまとめ、合成する能力を持つバーチャルナレッジワーカーになりつつあり、より付加価値の高いタスクに集中できるようになっている」と語る。 「AIはローンの引き受けのようなプロセスを変革しつつあるが、真に効果的で実行可能なテクノロジーとなるためには、100%の精度が要求されるため、人間によるイン・ザ・ループが不可欠である。」 モデルにとらわれないAIを目指す 1,000人以上のエンジニアと600人以上のデータサイエンティストが協力し合い、Rocketのコードのほとんどを社内で構築している。 ウッドリングがプロダクト・エンジニアリング・チームを率いるCTOとして2017年に入社したとき、彼の最優先事項の1つは、Rocketのクラウド導入を加速させることだった。 「入社後、6ヶ月目に最初にやったことのひとつは、今後、新しいテクノロジーはすべてクラウドで構築すると宣言したことです」と彼は言う。 現在、Rocketのワークロードの60%から70%はクラウド上で稼働しており、そのうち95%以上はAWSで稼働している。残りはオンプレミスだ。 ウッドリングによると、同社初の機械学習モデルは10年以上前に開発され、マーケティング、リード生成パターン認識、ローン組成プロセスなどのタスクを自動化した。 しかし、ここ5、6年で、RocketにおけるAIの利用は「一気に加速した」とウッドリングは言う。例えば、ローン申込者の収入確認のおよそ3分の2は、現在100%機械学習モデルとAI技術によって行われていると彼は言う。 「私たちのビジネスのほぼすべての側面が、今やMLやAI、タスクの自動化、パターン認識、データ分析によって触れられています」とウッドリング氏は言い、意思決定が必要な場合は常に、人間がクロージング・プロセスの一部であることを繰り返し語った。 Rocketのエンジニアとデータサイエンティストは、AWS BedrockとAnthropic AIテクノロジーを使って生成AIモデルを開発している。主にAWSのショップであるにもかかわらず、Rocketは生成AIプラットフォームに対してモデルにとらわれないアプローチをとっている。PayPalとMicrosoftで経験を積んだ経験豊富な技術幹部であるRocket CompaniesのCEO、Varun Krishnaは、AWS、Anthropic、OpenAI、Google、Mistralを含むすべてのAI基盤モデルプロバイダと直接関係を築いているとウッドリング氏は言う。 ウッドリング氏は、「この複雑なAI軍拡競争において、明確な『勝者』は存在しないだろう」と付け加えた。「むしろ、さまざまな使用ケースに合わせて調整された、さまざまなAIモデルが登場する可能性が高い。私たちは、適切なタイミングで適切なモデルを投入できるようにしたい。これは強力な戦略だ」 ウッドリング氏は、AWS Bedrockの最も価値ある側面の1つは、Rocketにとって標準的なデータ・プラットフォームを確立することであり、これにより住宅ローン貸金業者はデータを「非常に迅速に」適切なAIモデルに提供できるようになると言う。他のケースでは、Rocketは様々なAIモデルをテストし、「様々なタスクにおける有効性を確認する」とWoodringは言う。「それは本当に価値がある」とも話す。 CIOは、AWSも同じような考え方で、「1つの勝者にコミットしない」と主張している。「それは、適切な仕事に適切なAIモデルを選択するという我々の戦略と共鳴している。」 データ運用の近代化 ウッドリングのようなCIOは、AIモデルの品質が関係するデータの品質に大きく依存すること、そしてそのデータがデータベース、データウェアハウス、クラウドデータレイクなどから大規模な言語モデルにどのように注入されるかをよく知っている。 そのため、RocketのAI推進にとって最も重要なのは、10年以上にわたってオンプレムのデータウェアハウスに保存されている1万テラバイトのデータと、AWSのクラウドレイクに保存されている半構造化データを統合した最新のデータプラットフォームを構築することだ。多くの企業と同じように、Rocket社もまだ使用している古いテクノロジーのために、自社のデータセンターの一部を運用し続けている。 Rocket社は、データレイク戦略をAWSデータプラットフォームへと進化させている。このプラットフォームは、構造化データ、半構造化データ、新しい非構造化データに対応し、セマンティクスと分類法を備え、人間やソフトウェアが消費するために「大幅に発見しやすく、使いやすく」するためのAPIを提供する。 これにより、データはAIモデルが取り込むのに最適なリポジトリに押し上げられる。Rocketのデータ全体をきれいにしようとするのは不必要で面倒なことであり、次世代アプリケーションの展開プロセスを遅らせることになると彼は言う。 「われわれはデータ駆動型ビジネスであり、われわれのビジネスである住宅ローン組成はまさにデータ処理ビジネスだ」とウッドリングは言う。 同社のアクティブ・生成AIエンジンと次世代データ・プラットフォームは、あらゆる形態のデータを迅速に提供し、特定のタスクのためにキュレートされ、ポートフォリオを進化させるために適切なフォーマットで提供するよう設計されているとCIOは言う。 必要なのはチームと時間だけだ、と彼は付け加える。「私たちは、ここで素早く行動し、アイデアをいち早く市場に投入できることを高く評価している。」 Generative AI
Cisco Duo Says Hack at Telephony Supplier Exposed MFA SMS Logs
Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks. The post Cisco Duo Says Hack at Telephony Supplier Exposed MFA SMS Logs appeared first on SecurityWeek.
From AI to Empathic Leadership: Your Journey at FutureIT Toronto 2024 Begins Here
Why attend FutureIT Toronto? Because it’s more than just a conference; it’s an experience that will challenge, inspire, and empower you to chart your course in the digital age. On April 23, 2024, CIO + IDC host FutureIT Toronto. Take a journey through the realms of cloud technology, artificial intelligence, cybersecurity, and tech leadership and […]
NightVision Raises $5.4 Million for Application Security Testing
NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding. The post NightVision Raises $5.4 Million for Application Security Testing appeared first on SecurityWeek.
Ransomware Group Claims Theft of Data From Chipmaker Nexperia
The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident. The post Ransomware Group Claims Theft of Data From Chipmaker Nexperia appeared first on SecurityWeek.
Juniper Networks Publishes Dozens of New Security Advisories
Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products. The post Juniper Networks Publishes Dozens of New Security Advisories appeared first on SecurityWeek.
Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure
ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm. The post Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure appeared first on SecurityWeek.
Two People Arrested in Australia and US for Development and Sale of Hive RAT
Authorities in Australia and the US have arrested and charged two individuals for developing and selling the Hive RAT. The post Two People Arrested in Australia and US for Development and Sale of Hive RAT appeared first on SecurityWeek.
Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges
Former security engineer Shakeeb Ahmed was sentenced to prison for hacking and defrauding cryptocurrency exchanges. The post Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges appeared first on SecurityWeek.
Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge
Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. The post Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge appeared first on SecurityWeek.
State of the CIO, 2024: Change makers in the business spotlight
Nimesh Mehta might not have millions of followers on social media, yet he still considers himself an influencer. The senior vice president and chief information and strategy officer at National Life Group, has spent years executing a technology roadmap to modernize the insurance company. More recently, his charter has expanded into helping the organization formulate […]
H&R Block answers tax questions using gen AI
Tax preparation company H&R Block is no stranger to AI and machine learning (ML), having leveraged the technologies across its business for years. But now it’s diving headfirst into gen AI as it sees the potential to transform nearly every aspect of its business, from customer-facing applications to internal functions like engineering, marketing, and legal. […]
What is a managed service provider? Strategic outsourcing for IT services
What is a managed service provider? A managed service provider (MSP) is an outsourcer contracted to remotely manage or deliver IT services such as network, application, infrastructure, or security management to a client company by assuming full responsibility for those services, determining proactively what technologies and services are needed to fulfill the client’s needs. Services […]
House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes
The bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law. The post House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes appeared first on SecurityWeek.
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls
A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks. The post State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls appeared first on SecurityWeek.
Wiz Acquires Gem Security, Pushes Security Tools Consolidation
Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million. The post Wiz Acquires Gem Security, Pushes Security Tools Consolidation appeared first on SecurityWeek.
AI poised to replace entry-level positions at large financial institutions
Global banks and investment firms are currently mulling plans to replace entry-level financial analyst positions with artificial intelligence (AI), with as many as two-thirds of these positions potentially on the chopping block. This anticipated move could completely transform how these companies hire new employees and how they manage and deliver the technology employees use. Major […]
RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang
Operational for at least ten years, RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining and credential phishing. The post RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang appeared first on SecurityWeek.
In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns
Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law enforcement. The post In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns appeared first on SecurityWeek.
US-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race
Military planners envision a scenario in which hundreds, even thousands of AI-powered machines engage in coordinated battle. The post US-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race appeared first on SecurityWeek.
House Will Try Again on Reauthorization of US Spy Program After Republican Upheaval
Speaker Mike Johnson is expected to bring forward a Plan B that would reform and extend Section 702 of the Foreign Intelligence Surveillance Act for a shortened period of two years. The post House Will Try Again on Reauthorization of US Spy Program After Republican Upheaval appeared first on SecurityWeek.
Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. The post Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars appeared first on SecurityWeek.
Palo Alto Networks Warns of Exploited Firewall Vulnerability
Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls. The post Palo Alto Networks Warns of Exploited Firewall Vulnerability appeared first on SecurityWeek.
Tractor Supply enlists AI to deliver ‘legendary’ customer service
Tractor Supply Co. prides itself in delivering “legendary” customer service, and it has turned to artificial intelligence to assist with that goal. The rural lifestyle retailer, with more than 2,200 stores across the US, caters to the needs of rural residents with a wide variety of products on its shelves. Shoppers can find overalls, live […]
10 highest-paying IT skills for 2024
IT has always been known as a lucrative industry for job seekers, but in the past year, with increased layoffs, some of that confidence has wavered. According to a report from Indeed, a large part of this shift has come as organizations focus more on adopting AI in the workplace. As a result, AI skills […]
Threat Actors Manipulate GitHub Search to Deliver Malware
Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code. The post Threat Actors Manipulate GitHub Search to Deliver Malware appeared first on SecurityWeek.
‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages
A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications. The post ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages appeared first on SecurityWeek.
LastPass Employee Targeted With Deepfake Calls
LastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology. The post LastPass Employee Targeted With Deepfake Calls appeared first on SecurityWeek.
US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft
The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts “presents a grave and unacceptable risk to federal agencies.” The post US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft appeared first on SecurityWeek.
An intro to innovation in the U.S. government
Customer experience in the government sector is the sum of the public’s interactions with any government service, from how we contact our state’s social services and emergency services to waste management, public transportation, and healthcare. A positive experience is crucial for building public trust, but the bar is continually being raised. Digital communications like video […]
Zscaler to Acquire Network Segmentation Tech Startup Airgap Networks
Zscaler announces plans to acquire Airgap Networks, a venture-backed startup selling network segmentation and secure access technologies. The post Zscaler to Acquire Network Segmentation Tech Startup Airgap Networks appeared first on SecurityWeek.
AI at the retail edge: What’s new, and what’s coming soon
There’s been an absolute explosion of interest in AI, especially generative AI (GenAI), in the last year. Simultaneously, increases in compute power have made it easier to implement AI use cases at the retail edge. That’s a perfect opportunity for some long-awaited retail use cases to turn prime time. Far from just gimmicks, these use […]
How technology is shaping education in Saudi Arabia
During the pandemic, an estimated 1.500 million students missed school, institutions adopted smart technologies to ensure the continuity of education. This wave of digital transformation brings long-term benefits and goes beyond the mere growth of distance learning. The importance of education in supporting the success of Saudi Vision 2030 cannot be overstated. The transformation of […]
Data Access Platform PVML Launches With $8 Million in Funding
Tel Aviv startup banks seed funding for technology to help organizations connect, secure, and provide access to multiple data sources. The post Data Access Platform PVML Launches With $8 Million in Funding appeared first on SecurityWeek.
Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets
The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools. The post Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets appeared first on SecurityWeek.
Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform
Simbian aims to build a fully autonomous security platform that lets humans make the strategic decisions while AI implements those decisions. The post Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform appeared first on SecurityWeek.
Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks
SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks. The post Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks appeared first on SecurityWeek.
Knostic Emerges From Stealth With Enterprise Gen-AI Access Controls
Startup Knostic emerges from stealth mode with $3.3 million in funding and a gen-AI access control product for enterprises. The post Knostic Emerges From Stealth With Enterprise Gen-AI Access Controls appeared first on SecurityWeek.
Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program
With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. The post Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program appeared first on SecurityWeek.
US Cyber Force Assisted Foreign Governments 22 Times in 2023
USCYBERCOM’s Cyber National Mission Force participated in 22 foreign hunt forward operations in 2023. The post US Cyber Force Assisted Foreign Governments 22 Times in 2023 appeared first on SecurityWeek.
IMF: Financial Firms Lost $12 Billion to Cyberattacks in Two Decades
The financial sector has suffered over 20,000 cyberattacks in two decades, causing more than $12 billion in losses. The post IMF: Financial Firms Lost $12 Billion to Cyberattacks in Two Decades appeared first on SecurityWeek.
Conservative Revolt in the House Blocks Effort to Reauthorize a Key US Spy Tool
A bill that would reauthorize Section 702 of the Foreign Intelligence Surveillance Act was blocked by a conservative revolt. The post Conservative Revolt in the House Blocks Effort to Reauthorize a Key US Spy Tool appeared first on SecurityWeek.
Google Pays Out $41,000 for Three Serious Chrome Vulnerabilities
Google releases a Chrome 123 update to resolve three high-severity memory safety vulnerabilities. The post Google Pays Out $41,000 for Three Serious Chrome Vulnerabilities appeared first on SecurityWeek.
Oracle makes its pitch for the enterprise cloud. Should CIOs listen?
In a cloud market dominated by three vendors, once cloud-denier Oracle is making a push for enterprise share gains, announcing expanded offerings and customer wins across the globe, including Japan, Mexico, and the Middle East. But with Amazon Web Services (31%), Microsoft Azure (24%), and Google Cloud Platform (11%) accounting for two thirds of […]
Black CIOs on the path to IT leadership
For aspiring Black IT professionals and students, the climb to the corner office is additional challenging. Even with more attention being paid of late to the opportunity and advancement gaps Black IT pros face, just 3.7% of all CIO positions in the US are filled by Black IT leaders. To help Black CIO aspirants better […]
Regulation remains the strongest multiplier to cybersecurity growth
In 2023, the United Arab Emirates actively repelled more than 50.000 cyberattacks daily, explained the UAE Cybersecurity Council. In the first three quarters of the same year, the country successfully prevented over 71 million attempted attacks in total. According to a report from Frost & Sullivan, the GCC cybersecurity industry continues to grow, with F&S […]
An Intelligent Future for Manufacturing
Digitalisation plays a key role in the evolution of manufacturing industries. Foundry’s Digital Business Study 2023 shows that 93% of manufacturers surveyed have adopted or plan to adopt a digital-first business strategy, driven by internal demands like cost reduction, operational efficiency improvements, continuous innovation and R&D as well as external pressures due to evolving enterprise […]
IDC and Kuwait’s Central Agency for Information Technology will explore how CIOs embrace the AI era
How do CIOs position themselves as great agents of change in their organizations? How do they face technological leadership to accelerate digital business in a context of profound change? IDC Kuwait CIO Summit 2024, the event for ITDMs organized by IDC will showcase how IT leaders are prepared to explore the reality of ‘The Future […]
Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption
Palo Alto Networks patches several high-severity vulnerabilities, including ones that allow DoS attacks against its firewalls. The post Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption appeared first on SecurityWeek.
Google Cloud Unveils New AI-Powered Security Capabilities
Google adds AI to cloud security features and announces other security capabilities for cloud customers. The post Google Cloud Unveils New AI-Powered Security Capabilities appeared first on SecurityWeek.
Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution
Alethea has raised $20 million in Series B funding for its technology designed to detect and mitigate disinformation. The post Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution appeared first on SecurityWeek.
6 tendenze che definiscono, oggi, il mercato dell’IT
Quando Rebecca Fox, Group CIO dell’azienda di consulenza sulla sicurezza NCC Group, guarda al mercato IT aziendale di oggi, vede un futuro plasmato da molteplici tendenze, ma soprattutto dall’intelligenza artificiale. “Tutti parlano di IA”, afferma, notando che la maggior parte delle aziende ha già incluso l’intelligenza artificiale nelle proprie attività. “È integrata, o viene integrata, […]
Cypago Announces New Automation Support for AI Security and Governance
Cyber GRC software company Cypago has announced a new automation solution for artificial intelligence (AI) governance, risk management and compliance. This includes implementation of NIST AI RMF and ISO/IEC 42001, the newest AI security and governance frameworks. With more and more companies integrating new AI tools into their business processes, daily operations, and customer-facing products […]
Why SASE Sits At The Centre Of A Hybrid Workforce
SASE is going to be worth $25 billion by 2027, growing at a CAGR of 29%, according to Gartner. Given that SASE is an approach that addresses the challenges of delivering seamless and secure connectivity for decentralised work environments, and remote working has remained a key trend over the last few years, this growth is […]
ITモダナイゼーションを加速させる8つの戦略
新しいテクノロジーは、最先端から主流へと、ますます速いペースで移行している。ジェネレーティブAIが前衛的なものからユビキタスなものになるまでのスピードを考えてみよう。2年弱というのは記録的かもしれない。 このような偉業により、CIOは単に近代化するだけでなく、より速く近代化することで、新たなテクノロジーをサポートできるインフラと、メンテナンス・モードに陥っていないチームを持つことで、新たな機会が発生したときにそれを逃さないようにする、というプレッシャーを強めている。 TEKsystemsグローバル・サービスのシニア・バイス・プレジデントであるリカルド・マダン氏は、「より早く、より良く、より速く物事を進めることができる者が市場シェアを獲得できるため、迅速に行動しなければならないという競争上のプレッシャーが非常に大きい」と語る。 これは誇張ではない。TEKsystemsの「2024 State of Digital Transformation(デジタルトランスフォーメーションの現状)」レポートによると、デジタルリーダーに分類される組織の53%は、デジタル投資が期待されるROIを達成できると確信している。これとは対照的に、DX後発企業に分類される企業のうち、そのように回答しているのは27%に過ぎない。 迅速な対応を求めるプレッシャーが高まっているにもかかわらず、ほとんどの近代化プロジェクトは、遅々として進まない。最近の調査では、アプリケーションの近代化には平均16カ月を要した。また、「2024 State of the CIO Survey」によると、インフラストラクチャとアプリケーションの近代化は、今年のCIOの予算増加の主な理由として挙げられており、このペースでは十分な速さとは言えない。 幸いなことに、これらのプロジェクトのスケジュールを短縮する方法はある。ここでは、ベテランのITリーダーやアドバイザーが、ITの近代化を加速させる8つの戦略を提案する。 1. イベントではなくプロセスを考える モダナイゼーションは依然としてCIOのToDoリストの常連項目であるため、このタスクはIT部門のスケジュールの標準的な一部であるべきだ。 「うまくいっている企業は、モダナイゼーションをイベントではなくプロセスにしている」とアドバイザリー会社BlueHour Technologyの社長兼CEO、ロバート・ドボラック氏は言う。「IT部門内で継続的に機能させる必要がある。」 ドボラックは、IT環境を投資ポートフォリオのように管理し、コンポーネントを「買い」「ホールド」「売り」のいずれかにランク付けしているCIOと仕事をした。「売り」と判断されたものはまず近代化の対象となり、「買い」と「ホールド」に分類されたものはビジネスを推進するもの、あるいはビジネスの基盤となるものであった。ドヴォラックは、このアプローチは斬新かもしれないが、継続的な評価、継続的な近代化、合理化のための効果的なプロセスを生み出したと言う。 2. 意思決定の指針となるフレームワークを作る 2021年にIBMから分離独立したITサービス管理会社KyndrylでCIOを務めるマイケル・ブラッドショーは、重要なITの意思決定を促進するために、5つの中核となる指針を中心としたフレームワークを開発した。 その原則とは、データ中心、プラットフォーム・ファースト、クラウドベース、自動化主導、ゼロ・トラスト(最初からすべてが安全であること)である。 ブラッドショー氏は「この原則は、私たちがどのように意思決定を行うかの基準となり、私たちを導いてくれるため、迅速な意思決定に役立ちます」と説明する。「原則の概要を示すこのフレームワークを持つことで、私たちはプロセスに埋没することなく、原則に基づいた決断を下すことに集中し続けることができる。」 このフレームワークは、ポジション・ペーパーのような役割を果たすと彼は言う。 ブラッドショー氏は、このフレームワークがIT部門の迅速な動きにどのように役立っているかを説明するために、彼のチームが引き継いだ基幹業務システムの近代化にどのように取り組んだかを挙げている。従来、このような取り組みには、ビジネスプロセス分析、フィットギャップ分析、プロセスのリエンジニアリングが必要だったが、これらすべてに時間がかかる。しかし、フレームワーク、特にプラットフォーム・ファーストの原則に導かれ、IT部門は、ソフトウェアには優れたプロセスが付属しており、IT部門が事業部門と連携して必要に応じてワークフローを微調整できることを知っていたため、2つの新しい最新プラットフォームの選択とそのプロセスの採用に直行した。 ブラッドショー氏は、IT部門がWorkdayとSAPの両方を67カ国、約90,000人の従業員に導入・展開したことで、従来のアプローチよりもはるかに速いペースで進めることができたと語る。 3. 価値によって優先順位を決める Guidehouse Digitalのパートナーであるブライアン・レイノルズは、「モダナイゼーションは、それ自体が目的であっては良い結果をもたらさないし、スピードアップを可能にするものでもない」と言う。 「努力は必ずしも進歩ではないことを認識することが重要だ。目的意識のないテクノロジーの近代化は、せいぜい目新しさを生み出すだけだ。正しいモダナイゼーションの取り組みに集中することが、モダナイゼーションの成功を加速する鍵だ」とレイノルズは説明する。 彼はこう続ける。「私たちが一緒に仕事をしているCIOは、組織のミッション、利害関係者、経済性、文化に貢献しない近代化には興味がない。むしろ、最も成功しているCIOは、時間をかけて耳を傾け、問題の経験や課題がどこにあるかを理解することの重要性を認識している。CIOは、このような満たされていないニーズに的を絞って近代化の取り組みを行う。これにより、多くの場合、最良の近代化ソリューションだけでなく、最もシンプルな近代化ソリューションがもたらされる。」 4. モダナイゼーションの基盤に集中する TEKsystemsのマダン氏によると、どのようなモダナイゼーションの取り組みがビジネス価値を高めるかを的確に判断し、迅速に進めるために必要なリソースを集めることができるCIOは、そのような取り組みのための優れた基盤の上に立っているという。 その土台を構成する要素の1つは、ITとビジネスの整合性であり、この整合性が取れていないCIOは、必要のない、あるいは価値をもたらさない近代化イニシアチブを追い求め、時間を浪費する可能性があると同氏は説明する。 2つ目は、クラウド・コンピューティングの導入だ。 もう1つの重要な要素は、プロジェクトがビジネスにもたらす価値と、各現代化プロジェクトが他の現代化イニシアチブをいかに加速させるかに基づいて、現代化のニーズをスコア化する能力である、とマダン氏は言う。ある分野の相互依存を解消し、複雑さを解消する近代化プロジェクトは、他の分野の近代化をより簡単かつ迅速にする。 5. アジャイル原則を適用して短期間で成果を上げる レガシー技術はモノリシックである可能性があるが、モダナイゼーションへのアプローチが、無機質なオール・オア・ナッシングの提案である必要はない。その代わりに専門家は、可能な限り迅速な勝利と漸進的な進歩のためにアジャイル原則を活用することを勧めている。 CIOは「小さな物語」を探し、継続的インテグレーションと継続的デリバリー (CI/CD)を導入することで、モノリスの近代化作業に速度を加えることができる、とレイノルド氏は言う。 アジャイル・アプローチを採用し、大きなプロジェクトを小さな成果物に分割することは、ビジネスがより早く利益とROIを見出すことを意味する、とGuidehouseのパートナーであるアリジート・ロイ氏は言う。 彼はこう付け加える:。「CIOは、モダナイゼーションを、機能やサービスを構築するための漸進的なスプリントを行うマラソンと考えるべきだ」 6. 構築ではなく購入の考え方を採用する IT部門は、すべてのソフトウェアを自社で構築していた初期の時代から、長い道のりを歩んできた。今日のCIOは、ソフトウェアやサービスの大半を購入し、市場においてビジネスを真に差別化する機能、機能、プログラムのみを構築する方が良いことを知っている。 しかし、キンドリルのブラッドショー氏は、CIOの中には「差別化要因」のカテゴリーに多くのビジネス・プロセスを入れすぎて、彼らや彼らのチームが必要以上にコードを書き、その結果、より多くの時間を費やしているケースが見られるという。 「差別化要因の定義が広すぎるため、すべてを書くべきだと考えている企業が存在する。しかし、CIOとしては、アプリを書くようなIT組織は必要ない。必要なのは、データを管理し、ビジネス成果を上げるためのOEMプラットフォーム・ベースのオーケストレーションなのだ」と彼は言う。 7. 素早い学習者を見極める […]
CISA Releases Malware Next-Gen Analysis System for Public Use
CISA’s Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. The post CISA Releases Malware Next-Gen Analysis System for Public Use appeared first on SecurityWeek.
AT&T Data Breach Update: 51 Million Customers Impacted
The recent AT&T data breach impacts 51 million customers, the company tells the US government. The post AT&T Data Breach Update: 51 Million Customers Impacted appeared first on SecurityWeek.
Researchers Resurrect Spectre v2 Attack Against Intel CPUs
VUSec researchers resurrect Spectre v2 attack, showing that it works against the Linux kernel on the latest-generation Intel CPUs. The post Researchers Resurrect Spectre v2 Attack Against Intel CPUs appeared first on SecurityWeek.
Inferencing holds the clues to AI puzzles
Inferencing has emerged as among the most exciting aspects of generative AI large language models (LLMs). A quick explainer: In AI inferencing, organizations take a LLM that is pretrained to recognize relationships in large datasets and generate new content based on input, such as text or images. Crunching mathematical calculations, the model then makes predictions […]
Fortinet Patches Critical RCE Vulnerability in FortiClientLinux
Fortinet has released patches for a dozen vulnerabilities, including a critical-severity remote code execution flaw in FortiClientLinux. The post Fortinet Patches Critical RCE Vulnerability in FortiClientLinux appeared first on SecurityWeek.
Thousands of LG TVs Possibly Exposed to Remote Hacking
Many LG TVs may be vulnerable to remote hacking due to a series of vulnerabilities found by Bitdefender researchers. The post Thousands of LG TVs Possibly Exposed to Remote Hacking appeared first on SecurityWeek.
Sprinto Raises $20 Million for Automated Risk and Compliance Platform
Risk and compliance solutions provider Sprinto has raised $20 million in a Series B funding round led by Accel. The post Sprinto Raises $20 Million for Automated Risk and Compliance Platform appeared first on SecurityWeek.
530k Impacted by Data Breach at Wisconsin Healthcare Organization
The personal information of 500,000 people was compromised in a data breach at Group Health Cooperative of South Central Wisconsin. The post 530k Impacted by Data Breach at Wisconsin Healthcare Organization appeared first on SecurityWeek.
New US CIO appointments, April 2024
Movers & Shakers is where you can keep up with new CIO appointments and gain valuable insight into the job market and CIO hiring trends. As every company becomes a technology company, CEOs and corporate boards are seeking multi-dimensional CIOs and IT leaders with superior skills in technology, communications, business strategy, and digital innovation. The […]
Is the power of people skills enough to keep gen AI in check?
Higher-level languages, automation, low-code and no-code development platforms, and better programming environments have been gradually reducing the need for IT staff to perform low-level, routine tasks for years so they can take on more innovative challenges. With generative AI, this trend is accelerating dramatically, and technology professionals will have to diversify their skillsets faster than […]
Canteen Australia’s pursuit of a greater good through tech
Even though he first studied chemical engineering, Raul Caceres always had an interest in computers — databases in particular — and how working in the FMCG sector revealed that data was going to help large multinationals improve operations. “I started doing some work for the United Nations through their online volunteering, and at that time, […]
Seekr finds the AI computing power it needs in Intel’s cloud
For IT leaders, the question of where to run AI workloads and how to do so affordably are fast becoming top of mind — especially at scale. But for Rob Clark, president and CTO of AI developer Seekr, such questions are business-critical. Seekr’s main business is building and training AIs that are transparent to enterprise […]
Microsoft Patches Two Zero-Days Exploited for Malware Delivery
Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. The post Microsoft Patches Two Zero-Days Exploited for Malware Delivery appeared first on SecurityWeek.
Atos staves off bankruptcy, casts wider net for refinancing
Atos may have won a few extra months to find a long-term solution to its financial problems after reaching interim agreements with banks, bondholders, and the French government to provide €450 million (US$490 million) in additional liquidity. But the company is out of ideas for finding new money after the collapse of plans to sell […]
Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers
Patch Tuesday: Microsoft warns that unauthenticated hackers can take complete control of Azure Kubernetes clusters. The post Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers appeared first on SecurityWeek.
Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products
Adobe calls attention to a pair of code execution bugs in Adobe Commerce and Magento Open Source, a product used to manage online stories. The post Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products appeared first on SecurityWeek.
Data Security Firm Cyera Raises $300 Million at $1.4 Billion Valuation
Data security company Cyera’s latest $300 million funding round brings the total raised by the firm to $460 million, at unicorn valuation. The post Data Security Firm Cyera Raises $300 Million at $1.4 Billion Valuation appeared first on SecurityWeek.
Asia-Focused Dark Web Threat Intelligence Startup StealthMole Raises $7 Million
Founded in 2022, Singapore-based StealthMole leverages AI to analyze data from the dark web, deep web, and other sources to provide risk assessment and threat monitoring capabilities. The post Asia-Focused Dark Web Threat Intelligence Startup StealthMole Raises $7 Million appeared first on SecurityWeek.
SAP’s April 2024 Updates Patch High-Severity Vulnerabilities
SAP has released 12 new and updated security notes on April 2024 Security Patch Day, including three notes dealing with high-severity vulnerabilities. The post SAP’s April 2024 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities
Siemens and Schneider Electric release their ICS Patch Tuesday advisories for April 2024, informing customers about dozens of vulnerabilities. The post ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities appeared first on SecurityWeek.
CVS Group Restoring Systems Impacted by Cyberattack
Veterinary services provider CVS Group is restoring systems after a cyberattack disrupted its UK operations. The post CVS Group Restoring Systems Impacted by Cyberattack appeared first on SecurityWeek.
CISO Conversations: Nick McKenzie (Bugcrowd) and Chris Evans (HackerOne)
SecurityWeek discusses cybersecurity leadership with CISOs from crowdsourced hacking organizations Bugcrowd (Nick McKenzie) and HackerOne (Chris Evans) The post CISO Conversations: Nick McKenzie (Bugcrowd) and Chris Evans (HackerOne) appeared first on SecurityWeek.
DOJ-Collected Information Exposed in Data Breach Affecting 340,000
Economic analysis and litigation support firm GMA says personal and medical information was stolen in a May 2023 data breach. The post DOJ-Collected Information Exposed in Data Breach Affecting 340,000 appeared first on SecurityWeek.
Second Ransomware Group Extorting Change Healthcare
RansomHub is extorting Change Healthcare, threatening to release data stolen in a February 2024 BlackCat ransomware attack. The post Second Ransomware Group Extorting Change Healthcare appeared first on SecurityWeek.
StrikeReady Raises $12M to Build AI-Powered Security Command Center
StrikeReady, an early-stage Silicon Valley startup working on technology to modernize cybersecurity command centers, has banked $12 million in new financing from 33N Ventures. The Palo Alto, Calif.-based StrikeReady said the Series A included equity interests for Hitachi Ventures, Monta Vista Capital and a handful of prominent cybersecurity executives. StrikeReady has raised a total of […]
6 trends defining the enterprise IT market today
When Rebecca Fox, group CIO at security consulting firm NCC Group, looks at today’s enterprise IT market, she sees a future shaped by multiple trends, but mostly by AI. “Everyone is talking about AI,” she says, noting that most enterprises already have AI in their business. “It’s built into, or is being built, into existing […]
How Ipsos has digitally adapted to changing business needs
The biggest asset to make decisions in a dynamic world is accurate data relevant to organizations carrying out strategic plans. And Paris-based Ipsos has been well equipped in this area by offering its over 5,000 clients an understanding of how to help them confidently navigate a world in rapid transformation. Over decades, a reliance on […]
Dairyland powers up for a generative AI edge
A Midwestern utility cooperative might not be the first place you’d look for leading-edge implementations of emerging technologies, but thanks to the leadership of CIO Nate Melby, Dairyland Power Cooperative has become an unlikely pioneer in generative AI, churning out large language models (LLMs) that not only automate document summarization but also help manage power […]
Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild. The post Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices appeared first on SecurityWeek.
Si può tornare indietro dal cloud? Ecco che cosa ne pensano i CIO italiani
“Non sono mai stato un fan del cloud, ma non posso dire di essermi pentito della migrazione, del resto, abbiamo spostato poche applicazioni”. Possono essere riassunte con queste parole molte delle testimonianze dei CIO italiani sull’adozione del cloud computing. I manager della tecnologia sono molto realisti nel loro approccio alla “nuvola”, che spesso si declina […]
The C-suite is expanding — and IT leaders are stepping up
Customer centricity is hardly a new organizational imperative, but some organizations have gone a step further, instituting new C-suite roles to help lead the charge. Interlace Health is one such entity, having named Maggie Peña as the electronic forms company’s first-ever chief experience officer. Peña has been with the company for nearly 13 years in […]
「スマート養殖」で漁業を変えるくら寿司のAI戦略
くら寿司では日本国内の天然魚を有効活用するために「天然魚プロジェクト」を2010年からスタート。2015年には漁港でとれた魚をすべて買い取る「一船買い」契約を福井県鷹巣漁協と締結、その後も2017年には愛知県魚島、2019年には香川県小田漁港の漁業者へと「一船買い」を拡大してきた。 しかし「一船買い」では未成魚と呼ばれる子供の魚も買い取らなければならず、その有効活用は至難の業だ。 未成魚は無料同然で市場で売買するか、海に戻してもその多くは鳥や魚のえさになってしまう。 くら寿司ではこうした未成魚をすり身にして、ねり天やコロッケなどの材料にするなどの方法で有効活用してきたが、用途は限られる。 そこで考え出されたのが「一船買い」の定置網にかかった未成魚を人工の生けすですしネタにできるサイズにまで育て、最終的には商品価値の高い成魚として出荷する「畜養」だ。 プロジェクト名は「魚育プロジェクト」。限られた水産資源を守るために2019年6月からスタート、大手回転寿司チェーンでは初めての取り組みとなった。 このプロジェクトでは愛媛県魚島と香川県小田漁港で獲れたハマチやマダイの未成魚を養殖用の生けすに入れて、養殖魚用の餌を与えて育てた。最初は見慣れない餌をなかなか食べようとしない未成魚だが、同じ生けすに“先生役”として養殖魚を混ぜることで、餌を食べる様子を目にした未成魚たちが次第に餌を食べるようになる。 こうした未成魚は1年から1年半ほどかけて育て、寿司ネタとして出荷された。 人手不足と後継者難に苦しむ水産業界 くら寿司は「魚育プロジェクト」などを通して自らも漁業に深く関与してきたことから、水産業界が抱える問題を一取引業者ではなく、当事者として直接目の当たりにしていくことになる。 ここから見えてきたのは水産業界の人手不足や後継者難の問題だった。 農林水産省が発表している「将来の漁業就業者数見通し」によると、日本の漁業者数は、2017年までに約15万人にまで減少、50年後の2068年にはわずか約7万人にまで減少する、と予測されている。 「減少する理由は、不安定な収入、重労働、高齢化、後継者問題など様々な理由が挙げられますが、我々寿司業界にとって漁業従事者がいなくなることは、会社の存続にも影響します」(広報部、岡本愛理氏) そこで、くら寿司では安価で良質な水産物を安定的に供給していくため、漁業従事者とともに、「スマート養殖」に取り組むことになった。 くら寿司では2021年から「スマート養殖」を開始した。 「スマート養殖による委託養殖をマダイ、ハマチ、スマガツオ、みかんサーモンで行い、すでに販売しています。AI を活用したマダイのスマート養殖は大手外食チェーン初、ハマチのスマート養殖は日本で初めて成功しました」(岡本氏) ここでくら寿司が進めるスマート養殖について簡単に説明しておこう。 スマート給餌機を使った「スマート養殖」を漁業者に提供して養殖を任せる「委託養殖」。使用しているスマート給餌機は、水産関連のICT開発を進めるスタートアップのウミトロンが開発したもので、AI が魚の食欲を画像解析することで、給餌の量やタイミングを最適化することができる。社会情勢の影響で、価格高騰が続くエサ代や漁船の燃料費の削減、CO2排出量の削減や環境負荷の低減が期待されている。 くら寿司 また、スマートフォンを活用することで、遠隔地から給餌の様子が確認でき、従来よりも給 餌の効率化、作業量の低減が図れる。 餌をあげるタイミングや量の調整では苦労も くら寿司は2021年11月、「KURAおさかなファーム」を設立した。養殖から販売までのサービスを一貫して漁業者たちに提供するためだ。 「KURAおさかなファームは養殖用の稚魚やスマート給餌機を養殖事業者に提供の上、スマー ト養殖を委託。寿司ネタにできる大きさまで魚を育てていただき、その魚を全量買い取ることで、『クオリティの高い商品の安定供給』と『生産者の方々のリスク低減と収入の安定化』 の両立にも繋げることができると考えています」(岡本氏) しかしAI養殖が簡単に誕生したわけではない。たとえばハマチの養殖はこれまでベテラン漁師の勘に支えられていた。中でも重要なのがえさを与えるタイミングと量だ。魚種によって食べる量や頻度が違っている。 「AIを活用したハマチの養殖というのがこれまで前例がなく、スマート給餌機を使うのも初の試みだったので、エサを食べてくれるのか、当初は心配しました」(岡本氏) 魚種ごとに給仕プログラムを作成していく作業は非常に苦労したという。中でも「餌を上げ続ければいいのか」「ここでやめた方がいいのか」といった微調整は非常に難しかった。 「餌をあげるタイミングやどの程度の餌が消費されているのかといったデータは職人さんたちに送られ、映像もストックしているものを遠隔操作で見ることができます。そのようにして調整してきました」(広報部マネージャー、辻明宏氏) くら寿司 最終的には通常の養殖と遜色のないものができたといい、コスト削減と作業の軽減にもつながっている。ちなみに養殖のコストのうち7、8割がえさ代だといわれているが、ここに大きなメスをいれたことが、大きな成果につながっている。 「AI で解析した『魚の食欲』に応じて給餌することで、従来と比較し、マダイもハマチも餌代を1割削減できました。さらに、スマート給餌機の活用により、毎日生けすに行くという作業が 2~3 日に 1 回でよくなり、養殖事業者の作業効率向上や、燃料代の削減にも繋がっています」(岡本氏) 2022年3月11日にはスマート養殖初となる「【愛媛県産】AI桜鯛(一貫)」を販売した。 2024年には、マダイもハマチもくら寿司で扱う総量の3分の1をそれぞれスマート養殖で賄う計画だ。 ガートナージャパンのディスティングイッシュト・バイス・プレジデント・アナリストの亦賀忠明(またが ただあき)氏は次のように語っている。 「AIがどこに使えるのか、それを導入したら本当に儲かるのか、出来るのか、コストはさがるのか、といったような議論だけをしているところは、永遠に何もできないでしょう。そうではなく、きちんとした人材と組織、またリーダーシップをどう用意していくかが全ての企業に問われています。いつまでもこうした議論をしている企業は、今後、存亡リスクが高まっていきます」 Analytics
US proposes draft data privacy legislation
Two US lawmakers have proposed a draft bipartisan data privacy legislation, poised to overhaul the current data privacy landscape, with significant implications for businesses across various sectors. The draft legislation, negotiated between Democratic Senator Maria Cantwell, and Republican Congresswoman Cathy McMorris Rodgers, represents a concerted effort to establish a unified national standard for data privacy, […]
A new era for VMware Cloud Service Provider Partners begins
Broadcom’s strategy is to drive adoption of our full stack VMware Cloud Foundation as the best subscription-based private cloud platform for our customers’ innovation. We will rely heavily on partners to help customers transform their business with our private cloud infrastructure. Our goal is to accelerate innovation, enhance customer value, and optimize profitability and market […]
Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability
Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution. The post Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability appeared first on SecurityWeek.
Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks
The US Department of Health warns of financially motivated social engineering attacks targeting healthcare organizations. The post Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks appeared first on SecurityWeek.
Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right
The American Privacy Rights Act would preempt most state privacy laws — though it wouldn’t impact certain states’ laws already on the books that protect financial, health or employee data. The post Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right appeared first on SecurityWeek.
Confidential VMs Hacked via New Ahoi Attacks
New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs. The post Confidential VMs Hacked via New Ahoi Attacks appeared first on SecurityWeek.
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits
Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. The post Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits appeared first on SecurityWeek.
Google Adds V8 Sandbox to Chrome
Google fights Chrome V8 engine memory safety bugs with a new sandbox and adds it to the bug bounty program. The post Google Adds V8 Sandbox to Chrome appeared first on SecurityWeek.
NSA Appoints Dave Luber as Cybersecurity Director
US National Security Agency appoints Dave Luber as its new cybersecurity director following the retirement of Rob Joyce. The post NSA Appoints Dave Luber as Cybersecurity Director appeared first on SecurityWeek.
Sport analytics leverage AI and ML to improve the game
Nearly 10 years ago, Bill James, a pioneer in sports analytics methodology, said if there’s one thing he wished more people understood about sabermetrics, pertaining to baseball, it’s that the data is not the point. The point is to use the data like a razor to cut through false convictions to find the truth. “The […]
Enterprise AI Security Firm TrojAI Raises $5.75M in Seed Funding
TrojAI, a provider of enterprise AI security solutions, announced a $5.75 million funding round of additional seed capital and the appointment of Lee Weiner as CEO. The post Enterprise AI Security Firm TrojAI Raises $5.75M in Seed Funding appeared first on SecurityWeek.
House to Take up Bill to Reauthorize Crucial US Spy Program as Expiration Date Looms
Section 702 of the Foreign Intelligence Surveillance Act expires on April 19. The post House to Take up Bill to Reauthorize Crucial US Spy Program as Expiration Date Looms appeared first on SecurityWeek.
Browsing in Incognito Mode Doesn’t Protect You as Much as You Might Think
Incognito modes generally do not prevent the websites you visit from seeing your location, via your IP address, or stop your internet service provider from logging your activities. The post Browsing in Incognito Mode Doesn’t Protect You as Much as You Might Think appeared first on SecurityWeek.
EU and US agree to chart common course on AI regulation
The European Union and the US have agreed to increase co-operation in the development of technologies based on artificial intelligence (AI), placing a particular emphasis on safety and governance. The announcement came at the end of a meeting of the EU-US Trade and Technology Council in Leuven, Belgium, on Friday, and followed this week’s broadly […]
Cisco Warns of Vulnerability in Discontinued Small Business Routers
Cisco says it will not release patches for a cross-site scripting vulnerability impacting end-of-life small business routers. The post Cisco Warns of Vulnerability in Discontinued Small Business Routers appeared first on SecurityWeek.
Tech Companies Want to Build Artificial General Intelligence. But Who Decides When AGI is Attained?
With so much money riding on the promise of AI advances, it’s no surprise that AGI is also becoming a corporate buzzword that sometimes attracts a quasi-religious fervor. The post Tech Companies Want to Build Artificial General Intelligence. But Who Decides When AGI is Attained? appeared first on SecurityWeek.
NIST Grants $3.6 Million to Boost US Cybersecurity Workforce
NIST announced $3.6 million in grants for 18 education and community organizations to build the future cybersecurity workforce. The post NIST Grants $3.6 Million to Boost US Cybersecurity Workforce appeared first on SecurityWeek.
In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution
Noteworthy stories that might have slipped under the radar: the CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK nuclear site prosecution. The post In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution appeared first on SecurityWeek.
Cybersecurity Firms Raised $2.3 Billion in Q1 2024: Report
Cybersecurity companies raised $2.3 billion in funding in Q1 2024, a 20% decrease compared to the same period of 2023, according to Pinpoint. The post Cybersecurity Firms Raised $2.3 Billion in Q1 2024: Report appeared first on SecurityWeek.
Magento Vulnerability Exploited to Deploy Persistent Backdoor
Attackers are exploiting a recent Magento vulnerability to deploy a persistent backdoor on ecommerce websites. The post Magento Vulnerability Exploited to Deploy Persistent Backdoor appeared first on SecurityWeek.
The complex patchwork of US AI regulation has already arrived
As artificial intelligence adoption has surged in the past year, many voices have called for regulation to protect people from adverse machine decisions — and regulatory bodies are responding with a complex patchwork of emerging statutes and mandates that CIOs will need to navigate to ensure their AI strategies are compliant wherever their organizations do […]
CBAP certification: A high-profile credential for business analysts
The Certified Business Analysis Professional (CBAP) is a credential for business analysts offered by the International Institute of Business Analysis (IIBA). IIBA is a nonprofit professional association founded in 2003 to promote the field of business analysis. The organization describes CBAP as a credential that “recognizes seasoned BA professionals who have over five years of practical business […]
Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info
Acuity, the tech firm from which hackers claimed to have stolen State Department and other government data, confirms hack, but says stolen info is old. The post Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info appeared first on SecurityWeek.
Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack
Japanese lens maker Hoya says production processes and ordering systems were disrupted by a cyberattack. The post Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek.
Cisco-led consortium to spread AI expertise in the workforce
Cisco and eight other companies today announced they would form the AI-Enabled ICT Workforce Consortium, as a venue to share generative AI knowledge and expertise in the workforce, and to help workers gain skills relevant to the newly AI-centric jobs of tomorrow. In an official statement, the companies said that the first order of business […]
LA Public Defender CIO digitizes to divert people to programs, not prison
Mohammed Al Rawi was appointed as the first CIO of Los Angeles County Public Defender’s (LACPD) office roughly five years ago, signaling the beginning of an era where technology and justice intersect to help the most vulnerable in the court system. He arrived at a crucial time when the office, laden with paper records and […]
Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz
Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization. The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek.
Center Identity Launches Patented Passwordless Authentication for Businesses
Portland, Oregon, April 4th 2024, Cyber Newswire Center Identity Launches Patented Passwordless Authentication for Businesses Prevent phishing attacks using a secret location. April 4th 2024, Portland, Oregon – Center Identity, a pioneering cybersecurity company, is excited to unveil its patented secret location authentication, reshaping how businesses manage workforce digital identity. This proprietary technology enables users […]
Cyberattack Causes Disruptions at Omni Hotels
Omni Hotels & Resorts tells customers that recent disruptions have been caused by a cyberattack that forced it to shut down systems. The post Cyberattack Causes Disruptions at Omni Hotels appeared first on SecurityWeek.
US Cancer Center Data Breach Impacting 800,000
City of Hope is notifying 800,000 individuals of a data breach impacting their personal and health information. The post US Cancer Center Data Breach Impacting 800,000 appeared first on SecurityWeek.
Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems
A critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system. The post Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems appeared first on SecurityWeek.
SurveyLama Data Breach Impacts 4.4 Million Users
Data breach impacting users’ personal information prompts survey rewards platform SurveyLama to reset passwords. The post SurveyLama Data Breach Impacts 4.4 Million Users appeared first on SecurityWeek.
Pixel Phone Zero-Days Exploited by Forensic Firms
Google this week patched two Pixel phone zero-day vulnerabilities actively exploited by forensic companies to obtain data from devices. The post Pixel Phone Zero-Days Exploited by Forensic Firms appeared first on SecurityWeek.
Cloud Threat Detection Firm Permiso Raises $18 million
Cloud security firm provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities. The post Cloud Threat Detection Firm Permiso Raises $18 million appeared first on SecurityWeek.
Amazon downsizes AWS in a fresh cost-cutting round
In a fresh round of layoffs, Amazon is laying off hundreds in the company’s cloud division, Amazon Web Services (AWS). The layoffs will affect AWS’ sales, marketing, and brick-and-mortar technology development teams. This move comes as the company seeks to streamline its operations and focus on areas that deliver a better return on investment. “We’ve […]
New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset
New HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks. The post New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset appeared first on SecurityWeek.
Zoom Paid Out $10 Million via Bug Bounty Program Since 2019
Video conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019. The post Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 appeared first on SecurityWeek.
The full-stack architect: A new lead role for crystalizing EA value
Skim recent articles about enterprise architecture (EA) and you’ll notice a contradiction. Of them, plenty suggest that, unless a company develops a strong EA muscle, it will limit itself. Yet just as many seem to question the function’s value, or spotlight material that does. A recent report from Forrester, for example, opens: “[While] enterprise architecture […]
Microsoft’s Security Chickens Have Come Home to Roost
News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China’s audacious Microsoft’s Exchange Online hack and isn’t at all surprised by the findings. The post Microsoft’s Security Chickens Have Come Home to Roost appeared first on SecurityWeek.
Investire nell’intelligenza artificiale più che nelle persone? Ecco perché può essere un errore
L’intelligenza artificiale generativa ha il potere di reinventare ogni aspetto di un business. Le aziende si stanno rendendo conto del suo potenziale, ma prima di poter spostare le loro strategie gen AI dallo status di “promesse” a quello di “profitti”, dovranno rispondere a diverse domande legate alla tecnologia: ho il giusto LLM per il mio […]
Amazon drops ‘just walk out’ technology at its US retail locations
Amazon’s US-based Amazon Fresh stores will no longer offer customers the option to “just walk out,” and will move to a system of scanners attached to carts instead of the more advanced computer vision system that obviated the checkout process altogether. Amazon confirmed the report, first published this week by The Information, in a statement […]
くら寿司、ロボティクス活用での非接触型店舗実現の歴史
群雄割拠の回転すし業界。生き残りをかけた戦いは熾烈を極める。回転すしは1958年に大阪に一号店を出店した元禄寿司がそのルーツだといわれ、その後1990年代に入るとベルトコンベアの代わりに水流で寿司を回転させ、均一100円売りを展開していたかっぱ寿司が一躍注目を集めるようになり、業界トップに躍り出た。 しかし質の高いネタと多店舗展開で収益を拡大し2011年に業界トップに躍り出たスシローは12年もの間、業界トップの座を守り続けている。 そんなスシローに猛追しているのがくら寿司だ。2021年からは外食業界がコロナで辛酸をなめる中で増収を実現している。 くら寿司は1977年に田中邦彦が大阪の堺に普通の寿司屋として創業。 87年には座席の間をすしレーンが流れていくE型レーンにボックス席を導入し、95年には本格的な回転すしチェーンを展開するため株式会社化された。 「食の戦前回帰」と「無添」を掲げ、無添加で新鮮なネタを使う一方でロボティックス化やITを活用して店内の効率化を図り、急成長してきた。入店から退店まで利用者自身がセルフで行える「非接触型店舗」をいち早く全店舗で実現したのもくら寿司だけだ。くら寿司のDX戦略とはどのようなものなのだろうか。 「当社では、DXという言葉がなかった時代から、テクノロジーの活用を積極的に進めてきております。一番わかりやすいものだと、水回収システムや時間制限管理システムなどがあげられると思います」 くら寿司の広報部マネージャー、辻明宏氏はこう語る。 水回収システムは1996年7月に導入されたもので、利用者が寿司を食べ終わると、その皿をテーブルに設置してあるお皿ポケットに投入し、すしの回転レーンの下を流れる水流で厨房の洗い場まで運ばれるという仕組みである。皿をお皿ポケットに投入する際に皿の枚数を数える仕組みもこの時考え出されたものだ。 時間制限管理システムは1997年2月に導入された仕組みで、レーンの上に流れている寿司の時間を正確に管理し、廃棄の時間になると厨房に知らせて廃棄するというものだ。 「こうした取り組みはそれぞれ店舗が抱える課題を解決するためにそれぞれ取り組んできたものです」(辻氏) 課題解決の基本は現場の声、店長の声 では新しい技術を使ってどのように課題解決を進めていったのだろうか。 「水回収システムが導入された1996年というのはまだ大阪で20店舗程度、本社も総務部ぐらいしかない小規模な会社でした。課題設定については、安全性、経費削減、品質管理を常に進めていくという観点から100円で提供するためにより質の高いものを提供するにはどうすればいいのか、という前提の中で課題を見つけています。基本は現場の声、店長からの声です。システムの導入では、実店舗に社長が行ってお客様の声なども聞いていました」(辻氏) 今でこそ、DXソリューション部が存在するが、当時はまだシステム開発を進めていくようなチームは存在しなかった。 「社長がいて、その下に総務の担当がいて、店長がいて、といったレベルでした。ただ私たちが開発したいと思っているものは、世の中にはないもの。そのためそうした取り組みに力を貸していただける業者さんを探してきて開発を進めていました」(辻氏) ではどのようにして開発は進められてきたのか。 例えば水回収システムについて見てみよう。きっかけは利用者の声だった。それまでは食べた皿はテーブルの上に高く積み上げられ、その皿の枚数を店員が数えて会計していたが、テーブルに高く積みあがる皿をほかのお客にみられるのが恥ずかしいという声が利用者の間から広がっていた。 利用者が直接皿を返却するような仕組みを採用している回転すしチェーンは現在でもくら寿司以外にはないが、これを既存のやり方を改良して進めていってもいろいろ大きな問題が発生する。 例えば、回転すしチェーンは店員が皿の枚数を数えた後、それをトレーなどで集めて客席と厨房とをつなぐベルトコンベアのようなもので洗い場に運ぶ。しかしこれを客席まで広げると、商品のにおいが客席に広がってしまう恐れがある。 「だから自分たちで、『こんなことできないか』ということを考えて、やってもらえるような業者を探して提案したのです」(辻氏) ロス率改善で収益力をアップ 1997年2月には一定時間経過した回転レーンに流れている商品を安全のために廃棄し、新鮮でおいしいネタを提供するために、お皿の裏の高台の部分に取り付けたQRタグ(現在は抗菌寿司カバーに付いている)を厨房に設置しているカメラで横から読み込み、回転レーン上の商品の時間を管理する「時間制限管理システム」を導入した。 「それまで廃棄は1時間ごとに人が目視して確認していました。1996年に堺市でO-157による集団食中毒が発生し風評被害をすごく受けたのです。人の命にかかわる問題なので『人の目に頼っていてはダメ、機械を入れ、きちんと管理しよう』という話になったのです」(辻氏) しかし管理するだけではダメ。しっかりと管理していることを利用者にも理解してもらわなければならない。 「客席から見えるところにレーンを敷いて、時間がたった皿をベルトで引き込んで廃棄しているところをお客様が一目見てわかるようにしたのが自動廃棄システム(1999年4月導入)なのです。当時は食品偽装の問題などが社会問題化し、そうした問題にも企業としての姿勢をお客様に示したいという思いもあったと思います」(辻氏) ところが時間制限管理システムで厳しい時間管理を行ったことにより、廃棄ロスが増えてしまった。そこでくら寿司ではこの問題を解決するため、1998年に「製造管理システム」を導入した。これは食品ロスの削減を目指したものだ。 製造管理システムの仕組みはこうだ。利用者の滞在時間を3段階で分け、時間の経過ごとに消費される皿数(食べる量)を予想し、係数化して表示し、厨房に設置されたパネル画面に数値として表示する。くら寿司ではこの数値を「顧客係数」と呼び、いわば「お客様のおなかのすき具合」を数値に置き換え、見える化したものだ。その係数から、レーンに流す皿数や種類を、新人からベテランまで誰が見てもわかるようにしたことで、食品ロスを軽減することができた。また、スタッフは次に行うべきことが判断しやすくなり、さまざまな無駄を省くことにもつながっている。 くら寿司 お寿司の廃棄時間を教えてくれる「時間制限管理システム」と、レーンに流すべきお寿司の種類や量が見てわかる「製造管理システム」の2つのシステムを組み合わせることで、「商品鮮度の維持」と「廃棄ロスの低減」が両立でき、「低価格で高品質」の商品提供を実現した。 この製造管理システムの導入・進化により、元々12%だった廃棄率が約6%まで減少した。 「従来は、各店舗の店長が経験や感覚でレーンに流すお寿司の種類や量を決めていましたが、人によって精度にばらつきがありました。しかし、製造管理システムの導入により、 必要なタイミングで、必要な種類、必要な量を提供できるようになり、食品ロスの削減に繋がりました。また、食品ロスの軽減だけでなく、常に鮮度のよい商品がレーンを流れるようになるなど、CSの向上にも役立っています」(広報部、岡本愛理氏)女性) ただSARSやノロウイルスなどが一般にも知られるようになった2003年にくら寿司は一つの課題を突き付けられていた。 「時間制限管理システムで菌の増殖による食中毒の問題を解決したため、それまで使っていた使い捨てのカバーはいったん廃止されました。ところが社長が、『空気中のウイルスやほこりが舞う中で、カバーもなしにすしを回転させるのは衛生上どうなんだ』と指摘し、カバーが再びつけられるようになりました」(岡本氏) そして2011年11月に導入されたのがカバーを触れずに皿の出し入れができる抗菌すしカバー『鮮度くん』だ。 しかしお皿全体を包み込むような「鮮度くん」を導入したことで、皿の高台につけられたQRタグが読めなくなり、自動廃棄もできなくなった。 そこで「鮮度くん」のカバーにQRタグをつけ、客席の前に設置したAIカメラで読み込み、厨房側に廃棄するものをブザーと独自のやり方で知らせることができる仕組みに変えた。 「こうしたシステムの導入があったからこそ、コロナ禍でも大きく売り上げを落とさずに済んだのです」(岡本氏) IT化加速のために専門部署設立 くら寿司ではIT化を加速させるために2010年ごろ、専門部署「DXソリューション部」の前身「店舗開発部システム担当」を設立した。これは独自で「鮮度くん」などを開発する一方で、外注業者とくら寿司とのつなぎ役を務めている。 「自分たちが考えたシステムを業者に委託するときに、ITに詳しい人間が間に入って交渉した方がいいのではないか、ということからこうした部署が誕生しました。ただテクノロジーの担当者は外部からの採用だけでなく、営業上がりの人間もいます。店舗のことをよくわかっていますから。しかも当時店長でもパソコンに非常に詳しい人間がいたので、そんな機械に詳しい人間が選抜されていました」(辻氏) 店舗開発部システム担当は2022年11月、DX本部DXソリューション部(人員は30人弱)に移行。DX本部長には元パナソニック出身の執行役員、中林章氏が就任した。 「それまではお客様が関わってくる部分を中心に取り組んでいましたが、今後お客様や従業員、事業基盤など全面的にDXをやっていこうということで部署名を変更しました」(岡本氏) DXソリューション部の内部ではどのようにして開発を進めているのだろうか。 「すでに世の中にあるものはそれを活用したり、外部に依頼したりしていますが、まだ世の中になく、くら寿司で必要としているものは、我々が独自で作ります。今活用しているAIカメラも部内の従業員が独自で開発しました。このAIを使ったシステム開発なども、いきなりAIありきで始まったわけではなく、課題と向き合った際に赤外線を使うかなど複数のアイデアが出てきた中で、たどり着いた手段の一つなんです」(辻氏) 赤外線を選ばなかったのは、商品が流れてくるときに、その高さによっては機能しないといた不具合があったからだという。 ロス率は6%から2%へ その後AIカメラの技術の進化とともに、2023年3月には廃棄時間の確認だけでなく各テーブルに1台(ベルトの上に設置)設置されたAIカメラはカバーが開けられたかどうかなどもチェックできるようになり、利用者が皿を取ったかどうかも分かるようになった。 くら寿司 「昨年2月ごろに迷惑動画の問題などから、AIカメラの仕組みを応用して、お寿司のカバーだけがレーン上で開閉される仕組みを察知できるようにシステム改修したので、2か月ぐらいで防犯の仕組みができました」(辻氏) 不審な皿の開閉についてはAIカメラが従業員にアラートを発信し、声がけするようにしている。皿にはすべてナンバーリングがされており、不審な開閉のあったさらはすぐにレーンから取り除く。 しかし客席へのAIカメラの導入当初は苦労したという。 「お客様から監視されているみたいでいやだという声が上がるんじゃないかといった不安はあったのですが、寿司をとる動作だけを検知するものです。お客様をずっと狙っているものではないのです。回転レーンに流れているお寿司のカバーの開閉だけをチェックしているのです」(辻氏) ところで、客席すべてにAIカメラを設置するとなると、かなりのコストがかかると考えられる。この点についてくら寿司ではどのように考えているのか。 […]
Two great reads (and one listen) to prepare for CIO’s Data, Analytics & AI Summit
One thing that sets apart Foundry events is that they are informed by the always-insightful editorial coverage from titles such as CIO, CSO, and InfoWorld. Members of the event team are not only avid readers, we pick the brains of the journalists to help guide the event content and invite them to join us as […]
Number of Chinese Devices in US Networks Growing Despite Bans
An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans. The post Number of Chinese Devices in US Networks Growing Despite Bans appeared first on SecurityWeek.
Know Your Audience When Speaking to Security Practitioners
How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? The post Know Your Audience When Speaking to Security Practitioners appeared first on SecurityWeek.
CVE and NVD – A Weak and Fractured Source of Vulnerability Truth
MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done? The post CVE and NVD – A Weak and Fractured Source of Vulnerability Truth appeared first on SecurityWeek.
Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack
Cyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior U.S. officials. The post Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack appeared first on SecurityWeek.
Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek.
Missouri County Hit by Ransomware
Jackson County, Missouri, discloses ‘significant disruptions’ to IT systems, says ransomware attack likely at fault. The post Missouri County Hit by Ransomware appeared first on SecurityWeek.
PwC Middle East and Microsoft launch an AI excellence center in Saudi Arabia
Artificial Intelligence will be a big game changer in the global economy. We have seen a global shift towards AI and advanced technologies in the Middle East. According to PwCm the Middle East is expected to accrue 2% of the total global benefits of AI in 2030. This is equivalent to 320 billion USD. In […]
Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own
Google pushes a new Chrome update to patch another zero-day vulnerability demonstrated at a hacking contest. The post Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own appeared first on SecurityWeek.
XZ Utils Backdoor Attack Brings Another Similar Incident to Light
The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago. The post XZ Utils Backdoor Attack Brings Another Similar Incident to Light appeared first on SecurityWeek.
AI adoption accelerates as enterprise PoCs show productivity gains
Like other CIOs, Katrina Redmond has been inundated with opportunities to deploy AI that promise to speed business and operations processes, and optimize workflows. “Everyone is running around trying to apply this technology that’s moving so fast, but without business outcomes, there’s no point to it,” says Redmond, CIO at power management systems manufacturer Eaton […]
An IT leader’s mission to retrofit the tech foundation at Eon
Three years ago, Essen-based Eon’s IT function was in the dumps, according to CIO Sebastian Webers’ colleagues when he took on his new role. In his keynote speech at the Hamburg IT Strategy Days in February, Weber looked back on those first three years and the journey he and his team took during that time. At […]
Google Patches Exploited Pixel Vulnerabilities
Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild. The post Google Patches Exploited Pixel Vulnerabilities appeared first on SecurityWeek.
7 steps to prepare your organisation for changes to Australia’s privacy legislation
Michael Fagan, former chief transformation officer at Village Roadshow, examines the proposed changes to the Privacy Act and how CIOs in Australia can prepare for them. Australian privacy legislation is about to undergo a major overhaul with more than 100 proposals under consideration, you can see the detail here. While the exact details of changes […]
エンタープライズアーキテクチャにまつわる6つの大罪
企業の運営維持は決してたやすいことではありません。ソフトウェアツールの台頭により、誰にとってもワークフローの多くの部分がより高速で、よりスムーズで、より一貫性のあるものになりましたが、ソフトウェアを稼働させ続けなければならない人たちにとってはそうではありません。それは、池を滑るように進んでいくアヒルについての使い古されたセリフのようなものです。水の上はすべて穏やかに見えますが、水面下では必死に足を動かしているのです。 何気なく使っているだけのエンドユーザーやマネージャー、経営幹部にとって、エンタープライズアーキテクトの仕事は魔法のようなものです。同期化や統合化、安定化などの終わりない作業はすべてコンピューターが行い、人は最も得意とする作業に集中できます。しかし、ウェブポータルやコラボレーションスタック、レポジトリオムニツールなどの順調な実行には、果てしない課題が隠れているのです。すべての進化にとって、エンタープライズアーキテクチャは依然として、誰もが完全に把握できていない作業や責任で溢れた新しい世界なのです。 エンタープライズアーキテクトはまだ、様々なことを学び、試している段階にあります。何をすべきか、さらに重要なことは何をできないかについてさらに学んでいます。ソフトウェアスタックを実行し続け、企業全体のすべての社員のワーキングライフをできる限りシンプルにする方法を模索する過程において多くの間違いを犯してきましたし、今後も何度も間違いを犯していく可能性があります。作業が高度に技術的で複雑なことがその理由の1つですが、エンタープライズアーキテクトが犯す以下のような罪(過ち)もその原因となっています。 保存するデータが多すぎる(または少なすぎる) ソフトウェア開発者は何でも詰め込みすぎがちです。できることなら、すべてのデータをキャッシュし、すべての事象をログし、企業の限りない進化に関わるバックアップコピーを保管するでしょうが、これらのギガバイトやメタバイトはどんどん多くなっていってしまいます。一部のクラウドベンダーが提供する低コストのコールドストレージでも、データが大量になればコストは高額になります。 さらに困ったことには、データレイクがいっぱいになるにつれて、適切なビットを見つけるのがさらに困難になっていきます。「レイダース/失われたアーク《聖櫃》」の終盤に出てくる聖櫃と同じです。技術的にはすべての情報はそこにありますが、それを見つけることができるのでしょうか。 問題は、保持する情報が少なすぎると、それ自体による不具合やペインポイントが伴ってしまいます。規制が許す限り、すべてを破壊するデータ保持ポリシーを設定しようした企業もあります。しかしそうすると、あらゆる質問への回答を探そうにも、「ファイルが存在しない」という記憶喪失のような状態になってしまいます。誰も何もわからなくなってしまうのです。 正確なバランスを見つけることは不可能かもしれません。私たちにできることはただ、暗闇の中を手探りで電気のスイッチを捜すような事態を避けるために、適切な情報を簡単にアクセスできる構造で保管して、優れたデータストレージアーキテクチャを見つけることです。 1つのプラットフォームに依存しすぎる(または多数を採用しすぎる) エンタープライズソフトウェアの最もシンプルな構築方法は、外部企業が構築した様々なツールやポータル、プラットフォームのの力を活用することです。作業の90%以上は、発注書にサインして少しだけグルーコードを書けば完了します。 しかし、企業の主要部分の構築に外部企業を頼ることには多くのリスクが伴います。非公開投資会社の中には、外部企業を買収して優秀な社員をすべて解雇し、相手が逃げられないとわかっていて価格を吊り上げるところもあるかもしれません。1つのプラットフォームですべてをインスタンス化することが急にひどくまずいことになり始めます。1つのプラットフォーム、単一のインターフェイスからくるシンプルさと一貫性をもう誰も覚えていないのです。 複数のプラットフォームを採用することもまた、同じぐらいに苦痛が伴います。ツールは相互運用でき、業界標準プロトコルに沿っているとセールスチームは約束するかもしれませんが、それだけではまだ到底十分ではありません。各プラットフォームがデータをSQLデータベータに保管していても、MySQLを使うものもあれば、PostgreSQLやOracleを使うものもあります。 正解は簡単には出ないのです。プラットフォームが多すぎるとバベルの塔のように実現不可能な計画になってしまいます。少なすぎるとベンダーロックインのリスクにつながり、契約更新のメールを開く際の諸々の苦痛が伴います。すべての開発を社内で実行することにかかるコストはまた別の問題です。 クラウドへのアウトソーシングが多すぎる(または少なすぎる) クラウドによってエンタープライズアーキテクトの作業はかなり楽になりました。特定サイズのマシンが必要であれば、数分で利用できるようになります。発注書を作成する必要もなく、ラックスペースを探す必要もありません。クラウド企業にクレジットカードの番号を渡すだけで、他には何もする必要がないのです。 どんなマシンでも数分または数秒で利用できるメリットは確かに明らかですが、最大の欠点はそれにかかるコストです。クラウドコンピューティングは、社内での管理に比べて驚くほど高額です。そのコストは予想以上に高額なことが多いため、多くのCFOが毎月びくびくしながらクラウドの請求書を確認しています。 しかし自社で管理すると、スタッフやデータセンタなどを管理し、そのコストを払うことになります。それに伴う悩みや準拠すべき規制リストは延々と続き、低コストはつかの間の喜びになってしまいます。 エンタープライズアーキテクトの中にはクラウドで大きな成功を収めるものもいます。毎週、毎月、毎年のわずかな時間に需要が急増するのであれば、その負荷に対処するために数分または数時間サーバーを起動するだけで、社内で何かするより格段に安価になります。他の企業は皆、クラウドへの投資が多すぎたのか少なすぎたのか悩むことになります。 フレームワークを狂信的に受け入れる(または無視する) 現在のエンタープライズスタックの複雑さに伴い、優れたアーキテクトの中にはそれらを整理するのに役立つフレームワークを構築した人もいます。例えばOpen Group Architecture Format (TOGAF)。企業が必要とするほとんどすべてのもを構築する戦略的フレームワークです。TOGAFは、アーキテクチャ開発手法(ADM)やアーキテクチャ・コンプライアンス・フレームワーク(ACF)など、多数のガイドランやベストプラクティスを提供しています。その他、Zachmanフレームワークや連邦エンタープライズアーキテクチャなどのアプローチには、スタック構築において独自の規則や規制があります。 最も大きなメリットは一貫性かもしれません。スタッフ全員がテクニックや理論に慣れてれば、ソフトウェアを使いこなすのが容易になります。データやコードは(通常)構成されており、すべて予想できる場所に収まっています。 しかし人によっては多少行きすぎることもあります。ルールを採用するだけにとどまらず、狂信してしまうのです。スペックを徹底して読み、必ずルールに従って意思決定をしなければならなくなります。道から外れる者は災いなるかな。 全員がフレームワークを狂信し、オフィスの計画会議が喜んでルールに従う人たちで埋め尽くされていたとしても、別の問題が生まれることもあります。完璧なオープンソースコードであっても、自分たちが求めるアーキテクチャフレームワークに適合しないという理由だけでチームが拒否したり、ベンダーが優れたオプションを提供しても、適切な方向性のもとに開発されたものではないという理由だけで拒否してしまうこともあります。 何よりも方法論を遵守 フレームワークは構造を提供してくれますが、ずさんな行為や怠惰な行為、時には悪意のある行為の隠れ蓑になってしまうこともあります。チームの誰かが適切なTOGAFフォームに記入するのを待っているため、決定を長引かせてしまうこともあるかもしれません。改善を支援するルールと閉塞的な煩雑な手続きの違いは紙一重です。 以前一緒に仕事をしたある男性はアジャイル方法論の信者でそれをこじらせてしまったため、チームはアジャイルとは言えないもにになってしまいました。彼はミーティングでの儀式をすべて心得ており、先週書かれたばかりのコードをリファクタリングするために、数多くのストーリーポイントを「スプリント」に詰め込むのが得意でした。チームは、彼が納品することになっていたクレジットカードのチェックアウト方式の再構築においてそれほど速く動いているようには見えなかったのですが、各スプリントで獲得したアジャイルポイントのグラフを見るとオフィス内で最速に作業が進んでいるように見えました。 開発ワークフローを整理するためのなんらかの方法が必要です。プログラマーは、アジャイルかウォーターフォールかについて何日も延々と議論することができます。週末に1人だけで完了できない規模のプロジェクトであれば、なんらかの戦略が必要です。 目に見えるもの以上に方法論を信じるようになると問題が起こります。そうなると、賢いコーダーは、自分のコードがたいしたことをしなくてもシステムを操作して大きな成果を出してしまいます。 トレンドを追う(または無視する) 開発者は、エンタープライズアーキテクチャのための最新のアイディアやモデルに飛びつくのが大好きです。時には運よく新しいトレンドが彼らのニーズに合うこともあります。開発者のアプリケーションが、トレンドセッターが最初にそのアイディアを思い付くきっかけとなった良い例です。 しかしほとんどの場合、部分的にした当てはりません。ユースケースはトレンドに発想を与えたアプリケーションに似ているかもしれませんが、少々ごまかした後でのことです。一方、開発チームはそのコードをトレンドに合わせるために必死になっています。時には、完全に適合したコードの膨大なブロックが、以前流行っていた目標に合わせて書かれたというだけで破棄されてしまうこともあります。 ここで問題になるのは、流行を完全に無視することも命取りになるということです。確かに、ありがたいことに、コードは適切に機能するデータベースやフォーマット、コーディング標準、プロトコルを使い、当初のバージョンに忠実であり続けています。しかし、全世界が何らかのトレンドを追いかけたとしたら、すべてのベンダーやツールメーカー、将来の新入社員もそうしたことになります。トレンドや流行はある時点で標準となり、時にはもっとひどい場合は法的にコンプライアンスが義務付けられた要件となってしまいます。 エンタープライズアーキテクトに勝ち目はないということです。トレンドを追うと大衆が生み出す流行の奴隷になってしまい、トレンドを無視すると取り残されてしまいます。EAにできることは、トレンドを把握すべき組織の技術スタックやIT担当者のために、やるべき正しいことを慎重に行うしかないのです。 Enterprise Architecture
3 ways Generative AI is transforming the retail industry
Generative artificial intelligence (GenAI) tools such as Azure OpenAI have been drawing attention in recent months, and there is widespread consensus that these technologies can significantly transform the retail industry. The most well-known GenAI application is ChatGPT, an AI agent that can generate a human-like conversational response to a query. Other well-known GenAI applications can […]
The fast track to intelligent retail modernization with TCS and Microsoft Cloud
Retail organizations face an urgent need to accelerate digital transformation efforts in response to economic insecurity, persistent inflation, and growing consumer price sensitivity. Consumer product goods manufacturers (CPGs) and physical and online retail stores need to increase investments in strategic real-time pricing, supply chain resiliency, and customer experience management to keep pace with the competition. […]
The power players of retail transformation: IoT, 5G, and AI/ML on Microsoft Cloud
Thanks to cloud, Internet of Things (IoT), and 5G technologies, every link in the retail supply chain is becoming more tightly integrated. These technologies are also allowing retailers to capture and gather insights from more and more data – with a big assist from artificial intelligence (AI) and machine learning (ML) technologies – to become […]
Improving employee experience in the AI-powered hybrid workplace on Microsoft Cloud
Though three-quarters of U.S. employers now offer hybrid work, some retailers have been slow to embrace emerging hybrid work models, even for corporate employees. We spoke with Ashok Krish, Global Head of Digital Workplace at TCS, about how hybrid work will impact employers – and their employees – in the retail industry. Do you believe […]
Why 5G and edge computing are key to retail success on Microsoft Cloud
The retail industry is transforming rapidly. Modern retailers rely heavily on automation for managing inventory, shelf design, customer service, and logistics. Video cameras and sensors that allow for unique store design help to enhance the customer experience. Technology is truly powering retail transformation, setting modern stores apart from traditional brick-and-mortar ones. It is no easy […]
How to Build ROI from Cloud Migration
Organizations are racing to modernize their legacy technology, architecture, infrastructure, and databases. Modernization often revolves around cloud migration. But not every approach provides the same ROI. Before committing to a migration strategy, organizations must identify the best approach for their business requirements. Each approach comes with its own benefits, time commitments, and cost. This whitepaper […]
How to power a sustainable enterprise on Microsoft Cloud
Now, more than ever, global businesses have an opportunity. With people and infrastructure touching every point on the planet — and new technology empowering us to radically change the way we consume resources — we can lead the world toward a better, more sustainable future. That optimism stems from three core beliefs: We can build […]
How to power intelligent enterprises with SAP on Microsoft Cloud
TCS’ strategic, decade-long partnership with Microsoft has helped enterprises migrate their on-premises SAP workloads to the cloud for native integrations, unmatched security, compliance, automation, and better data insights. With SAP on Microsoft Cloud, enterprises can unlock the potential of machine learning, advanced analytics, and automation. Many CIOs have made the move as a catalyst […]
Walgreens empowers pharmacists with an intelligent prescription data platform on Microsoft Cloud
Walgreens processes hundreds of millions of prescription dispenses each year across nearly 9,000 stores, and each of those transactions creates hundreds of associated data points. In order to future-proof its infrastructure with a cloud-first approach and modern AI capabilities, Walgreens worked with Tata Consultancy Services (TCS) and Microsoft to build a data platform that uses […]
Retail innovation playbook: Fast, economical transformation on Microsoft Cloud
Inflation, high energy prices, and a looming recession have dampened consumer purchasing. All this while retailers are still dealing with pandemic-related disruptions to supply chains and consumer shopping habits. To win back consumers and protect profit margins, retailers need to optimize operations across the enterprise. That means fixing their supply chains, understanding shifting consumer preferences, […]
How the metaverse will help financial organizations transform employee and customer experience on Microsoft Cloud
The metaverse—a fast-emerging combination of technologies including augmented and virtual reality, IoT, and blockchain—is poised to change the way financial services organizations and other companies do business. “By blending the physical and the digital worlds, the metaverse is changing the rules of engagement and enabling us to connect without barriers,” says Anupam Singhal, a […]
Improving ESG performance in financial services on Microsoft Cloud
Anxious to meet international standards, satisfy investors, and profit from a growing array of sustainable products, financial services firms are intensifying their focus on environmental, social, and governance (ESG) goals. While the incentives for ESG are compelling, managing programs and demonstrating success are fraught with challenges. But by adhering to the right standards and using […]
Chrome to Fight Cookie Theft With Device Bound Session Credentials
Google is bringing to Chrome new features to bind browser sessions to the device and protect users against cookie theft. The post Chrome to Fight Cookie Theft With Device Bound Session Credentials appeared first on SecurityWeek.
Security Flaw in WP-Members Plugin Leads to Script Injection
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek.
Hotel Self Check-In Kiosks Exposed Room Access Codes
Self check-in kiosks at Ibis Budget hotels were affected by a vulnerability that exposed keypad codes that could be used to enter rooms. The post Hotel Self Check-In Kiosks Exposed Room Access Codes appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 27 Deals Announced in March 2024
Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024. The post Cybersecurity M&A Roundup: 27 Deals Announced in March 2024 appeared first on SecurityWeek.
Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!
Heartbleed made most certificates vulnerable. The future problem is that quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone. The post Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! appeared first on SecurityWeek.
Prudential Financial Data Breach Impacts 36,000
Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach. The post Prudential Financial Data Breach Impacts 36,000 appeared first on SecurityWeek.
OWASP Data Breach Caused by Server Misconfiguration
The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members. The post OWASP Data Breach Caused by Server Misconfiguration appeared first on SecurityWeek.
6 hidden risks of IT automation
Automating business processes continues to be a high priority for enterprises and IT organizations, as they look for ways to improve services, cut costs, and add efficiencies. According to the 2024 State of the CIO survey, IT leaders cite business process and IT automation as the No. 2 technology initiative driving the most IT investment […]
Digital transformation’s fundamental change management mistake
Over the past decade, CIOs have invested significantly in digital transformation initiatives in an effort to improve customer experiences, build data analytics capabilities, and deliver productivity enhancements with automation. Underpinning these initiatives is a slew of technology capabilities and strategies aimed at accelerating delivery cycles, such as establishing product management disciplines, building cloud architectures, developing […]
US and UK sign agreement to test the safety of AI models
The US and the UK have signed an agreement to test the safety of large language models (LLMs) that underpin AI systems. The agreement or memorandum of understanding (MoU) — signed in Washington by US Commerce Secretary Gina Raimondo and UK Technology Secretary Michelle Donelan on Monday — will see both countries working to align […]
Boat Dealer MarineMax Confirms Data Breach
MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files. The post Boat Dealer MarineMax Confirms Data Breach appeared first on SecurityWeek.
Il cliente al centro: come i CIO potenziano la customer experience mentre trasformano il business
Le aziende capaci di offrire una customer experience superiore hanno tassi di crescita cinque volte più elevati dei loro concorrenti e, nella gestione della CX, il CIO ha un ruolo fondamentale, scriveva Forrester Research (“Improving CX Through Business Discipline Drives Growth”) nel 2019. Cinque anni dopo, nel 2024, queste affermazioni sono molto più che attuali. […]
Google to Purge Billions of Files Containing Personal Data in Settlement of Chrome Privacy Case
Google agreed to purge billions of records containing personal information collected from more than 136 million people using its Chrome web browser as part of settlement in a lawsuit accusing it of illegal surveillance. The post Google to Purge Billions of Files Containing Personal Data in Settlement of Chrome Privacy Case appeared first on SecurityWeek.
SharePoint PremiumがCIOにとっての厳しい挑戦を浮かび上がらせる
2023年後半に登場したSharePoint Premiumは、ソフトウェア史上最も不適切な名前かもしれません。 言い過ぎかもしれませんが、このタイトルを争うものは数多くあります。しかし、一般的にソフトウェアの名前に「Premium」とつけると、無料版では利用できない幾つかの機能があり、それらを利用する価値があると判断すれば支払いを検討することを意味します。 しかし、マイクロソフトが「AI駆動のコンテンツ管理と体験の未来」と紹介する内容をじっくり読むと、マイクロソフトが約束を実現すれば、SharePoint Premiumは単なるSharePointに幾つかの便利機能を追加したものではなく、全く異なる、興味深い可能性を持つものであることがわかります。ただし、生成AIによって強化されたエンタープライズソフトウェアの時代に突入するにあたり、CIOが直面する厳しい課題を示すいくつかの重大な欠点が存在します。 SharePoint Premiumの可能性 SharePoint Premiumが重要である可能性を理解するには、一般的な企業で約20%のデータが構造化されているという事実を見れば十分です。これは、リレーショナルデータベースに適切に収められるデータのことです。残りの80%は非構造化データで、メール、文書、プレゼンテーション、スプレッドシート、ボイスメールなどが含まれます。 昔、ITがその前提、方法論、そして全体的な文化を築いた時、ITは重点の逆転という問題に直面しており、予算と努力の大部分を構造化データの20%に注ぎ込み、非構造化データの80%を支援するためにはほんの少ししか注意を払いませんでした。 さらに、非構造化データをより適切に扱うために、アプリケーションベンダーは製品を2つに分けました。一方は非構造化データを純粋な形で扱い、もう一方は文書管理に注力しました。少し簡略化すると、非構造化データを「コンテンツ」と考え、これを原子に見立てます。この比喩では、文書は分子に相当します。 このようにして、コンテンツ管理システム(CMS)とドキュメント管理システム(DMS)が存在します。DMSは、ある意味で、洗練されたフォルダツリーであり、CMSは、コンテンツの断片から文書を即座に組み立てることを可能にします。例えば、契約書を文書の分子とし、契約書の定型文をコンテンツの原子と考え、弁護士が契約書の分子を組み立てることができると考えてみてください。 MicrosoftがSharePointに「Premium」を追加するまで、SharePointは主にDMSでしたが、それ以外にもDBMSやアプリ開発環境のような機能を持っていて、より多機能でした。 単純化からの脱却と機会の探求 フォルダツリーが文書に対して行うことは、それらをカテゴリ化し、探しやすくすることです。これは、ある主題やカテゴリーに関する全ての情報を一箇所で確認できるようにし、その内容を知識に変換しやすくします。 しかし、フォルダツリーには大きな限界があります。ほとんどの文書は論理的に複数のカテゴリーに属します。例えば、今読んでいるこの文書を、DMSフォルダー、CMSフォルダー、SharePointドキュメントフォルダー、そして鮮烈な洞察フォルダーにファイルするかもしれません。 シンプルなフォルダツリーを使用すると、最も役立つかもしれないカテゴリーを選ぶ必要があります。または、文書を論理的に属する各フォルダーにコピーを保存するかもしれません。しかし、その場合は各フォルダー内の内容を固定しておく必要があります。そうでなければ、現在のバージョンを追跡することがフルタイムの仕事になってしまいます。 SharePointとその他のDMSは、この問題を、ユーザーが文書をカスタマイズされたメタデータタグを通じて複数のフォルダツリーにファイルできるようにすることで解決します。 問題は解決されましたが、治療法が病気よりも悪いということになります。なぜなら、文書を論理的に属する全てのフォルダーにファイルする手間を誰もかけたくないからです。 それを「素晴らしい理論だけど」フォルダーに入れておきましょう。 ここでSharePoint Premium、特にそのSyntexサブプロダクトが登場します。このプロダクトは(来るべきことを知っていたと言ってください)人工知能を使用して、多重カテゴリー化の問題を解決します。それは、各文書を最も適したフォルダツリーとフォルダーに配置し、その文書が論理的に属する他の全てのフォルダツリー/フォルダーへのポインターを提供します。 もし実際にその主張どおりの機能を果たすなら、SharePoint Premiumは理論上、フォルダーツリーナビゲーションとセマンティック検索の両方の利点をユーザーに提供するでしょう。 さらに、理論上、SharePoint PremiumのAI機能はCMS/DMSの原子/分子の視点を逆転させ、文書をコンテンツに変え、そこから生成AIの奇跡を通じて知識へと変換します。 SharePoint Premiumが逃したチャンス マイクロソフトのWindowsは、さまざまなタイプのファイルを整理するのに便利なフォルダツリーをユーザーに提供しています。SharePointもまた、さまざまなタイプのファイルを整理するのに役立つフォルダツリーをユーザーに提供します。 Microsoft Outlookでは、再びフォルダツリーが登場します。これは、SharePointのフォルダツリーがさまざまなタイプの文書を整理するのに役立つのと同じ理由で、メールを整理するのに便利です。しかし、「Introducing SharePoint Premium」ページで「email」と検索しても、メールの統合が利用可能になったという言及が1つだけ見つかりますが、それが何を意味するのかは不明です。 私にとって、これはマイクロソフトが大きなチャンスを逃したことを意味します。メールもWord、Excel、PowerPointのプレゼンテーションと同様に文書です。文書をコンテンツに、そしてコンテンツを知識に変えることは、共有可能な文書だけでなく、メールのコミュニケーションに対しても同じくらい価値があります。そして、メールをSharePoint Premiumの下に統一することは、実用的には、OutlookのフォルダをSharePointのフォルダと重複するツリーとして設定する必要から私たちを解放します。 SharePoint Premiumの致命的な欠陥 マイクロソフトのSharePoint Premiumの難解なWordサラダを解読できると想像してください。それが広告通りに機能し、マイクロソフトが有名な通常のv.1の問題点なしで動作すると想像してください。 マイクロソフトのAI駆動の深いコンテンツの見方が十分に魅力的で、すべてを利用したいと思うと想像してください。 さて、あなたがサポートするユーザーコミュニティを考えてみてください。そうです—直接テキストフォーマットの代わりにWordスタイルを使用するよう説得できないようなエンドユーザーです。彼らは、マーケティングとあなたが時間と労力を節約し、一貫性を加えるために慎重に作成したテンプレートを無視して、PowerPointのスライドを一からフォーマットします。 彼らについて文句を言っている間に、彼らはCFOとの戦いを経てライセンスの許可を得るために導入した自動ノート取りツールを試してみることさえ拒否します。 エンドユーザーコミュニティが、マイクロソフトのコンテンツビジョンを十分に理解し、SharePoint Premiumが可能にする素晴らしい機能を利用するために、真剣に時間と注意を投資する意欲があると思いますか? いいえ、そうはなりません。エンドユーザーにはやるべき仕事があります。そして彼らは、馴染み深いために、ユーザーが仕事を上手くこなすことを可能にする固定観念を持っています。 確かに、マイクロソフトの代理人としてあなたが提供するものは、深く一貫性のあるコンテンツアーキテクチャの観点からは優れています。しかし、これが実現するためには、マイクロソフトがITが新たに受け入れたAI支援コンテンツアーキテクチャと同じくらい魅力的な組織変更管理のビジョンを提供する必要があります。 ああ、もう一つ:CIOとして、あなたは実行部屋で使用するためのより良い、よりシンプルな説明が必要になります。なぜなら、マイクロソフトの説明を使用しても、進めるための承認を得ることはできないでしょう。首をかしげることはあっても、承認はありえません。 ChatGPTが初めて一般の意識に登場して以来、コメント提供者は、その生成AI能力が私たち人間を単に陳腐化させ、私たちが行うことをより上手に行うことで人間を不要にするかもしれないと心配してきました。 しかし、コメント提供者はそれを逆に理解していたようです。挑戦は、AIが人間が行うことを単に上手く行うことから来るのではなく、人間がペースを保つために、人間自身にもっと多くを要求することから来るようです。 CIO
Veracode Buys Longbow Security for Automated Root Cause Analysis Tech
Veracode announces a deal to acquire Longbow Security, a Texas seed-stage startup working on automated root cause analysis technology. The post Veracode Buys Longbow Security for Automated Root Cause Analysis Tech appeared first on SecurityWeek.
Avoid generative AI malaise to innovate and build business value
Despite the promise generative AI holds for boosting corporate productivity, closing the gap between its potential and business value remains one of CIOs’ chief challenges. It isn’t for lack of effort, as recent research suggests. Sixty-six percent of C-level executives are ambivalent or dissatisfied with the progress of their AI or GenAI efforts, according to […]
‘WallEscape’ Linux Vulnerability Leaks User Passwords
A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard. The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek.
‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities
NCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities. The post ‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities appeared first on SecurityWeek.
AI Hallucinated Packages Fool Unsuspecting Developers
Software developers relying on AI chatbots for building applications may end up using hallucinated software packages. The post AI Hallucinated Packages Fool Unsuspecting Developers appeared first on SecurityWeek.
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions. The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on SecurityWeek.
8 strategies for accelerating IT modernization
New tech moves from bleeding edge to mainstream at an ever-increasing pace. Consider how fast generative AI went from avant-garde to ubiquity: At under two years, it may be a record. Feats like that have ramped up pressure on CIOs to not just modernize, but modernize faster so they’re ready to seize new opportunities as […]
Nvidia points to the future of AI hardware
GPU powerhouse Nvidia has bet its future on AI, and a handful of recent announcements focus on pushing the technology’s capabilities forward while making it available to more organizations. During its GPU Technology Conference in mid-March, Nvidia previewed Blackwell, a powerful new GPU designed to run real-time generative AI on trillion-parameter large language models (LLMs), […]
AT&T Says Data on 73 Million Customers Leaked on Dark Web
AT&T used the Easter holiday weekend to quietly share details on data that surfaced on the dark web roughly two weeks ago. The post AT&T Says Data on 73 Million Customers Leaked on Dark Web appeared first on SecurityWeek.
SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding
Generative-AI security startup SydeLabs emerges from stealth mode with $2.5 million in seed funding led by RTP Global. The post SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding appeared first on SecurityWeek.
In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing
Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users. The post In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing appeared first on SecurityWeek.
Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base
US Defense Department releases defense industrial base cybersecurity strategy with a focus on four key goals. The post Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base appeared first on SecurityWeek.
The Complexity and Need to Manage Mental Well-Being in the Security Team
It is the CISO’s responsibility to build and maintain a high functioning team in a difficult environment – cybersecurity is a complex, continuous, and adversarial environment like none other outside of military conflict. The post The Complexity and Need to Manage Mental Well-Being in the Security Team appeared first on SecurityWeek.
VP Harris Says US Agencies Must Show Their AI Tools Aren’t Harming People’s Safety or Rights
U.S. federal agencies must show that their artificial intelligence tools aren’t harming the public, or stop using them, under new rules unveiled by the White House on Thursday. “When government agencies use AI tools, we will now require them to verify that those tools do not endanger the rights and safety of the American people,” […]
Energy Department Invests $15 Million in University Cybersecurity Centers
The US Department of Energy announces $15 million funding for university-based electric power cybersecurity centers. The post Energy Department Invests $15 Million in University Cybersecurity Centers appeared first on SecurityWeek.
Massachusetts Health Insurer Data Breach Impacts 2.8 Million
Harvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack. The post Massachusetts Health Insurer Data Breach Impacts 2.8 Million appeared first on SecurityWeek.
26 Security Issues Patched in TeamCity
JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities. The post 26 Security Issues Patched in TeamCity appeared first on SecurityWeek.
Rocket Mortgage lays foundation for generative AI success
To succeed in the mortgage industry, efficiency and accuracy are paramount. So too is keeping your options open. That’s why Rocket Mortgage has been a vigorous implementor of machine learning and AI technologies — and why CIO Brian Woodring emphasizes a “human in the loop” AI strategy that will not be pinned down to any one […]
10 fastest growing US tech hubs for IT talent
After several years of unprecedented growth, tech salaries have started to stall and even drop in the aftermath of massive layoffs across the industry. In 2023, the average tech salary fell by $155 from 2022 to $111,193, according to the 2024 Dice Tech Salary Report. But cities where tech communities are growing are still seeing […]
4 lessons healthcare can teach us about successful applications of AI
There’s been no shortage of new tools, claims, and ideas about what generative AI can, cannot, and should not do over the past year. And despite the hype, there are only a handful of successful real-world enterprise projects applying the technology. The healthcare industry is the exception, with a breadth of generative AI use cases […]
White House requires agencies to create AI safeguards, appoint CAIOs
US government agencies will need to provide human oversight to AI models that make critical decisions about healthcare, employment, and other critical issues affecting people to comply with a new policy from the White House Office of Management and Budget (OMB). The AI use policy, announced Thursday, requires agencies to hire chief AI officers and […]
Malware Upload Attack Hits PyPI Repository
Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek.
Splunk Patches Vulnerabilities in Enterprise Product
Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue. The post Splunk Patches Vulnerabilities in Enterprise Product appeared first on SecurityWeek.
Cybersecurity Mesh: Overcoming Data Security Overload
A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach. The post Cybersecurity Mesh: Overcoming Data Security Overload appeared first on SecurityWeek.
Cyberespionage Campaign Targets Government, Energy Entities in India
Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek.
Robust remote access security for the utilities sector advances with Zero Trust
Cyberattacks on utilities more than doubled from 2020 to 2022. It’s likely the case that the rapid growth of connected assets is outstripping security capabilities. One analyst firm predicts that by 2026, industrial organizations will have more than 15 billion new and legacy assets connected to the cloud, internet, and 5G. Security and IT leaders […]
Coro Raises $100 Million for All-in-One Security Platform
Coro has raised $100 million in Series D funding for its enterprise-grade platform tailored for the small- and mid-sized market. The post Coro Raises $100 Million for All-in-One Security Platform appeared first on SecurityWeek.
NetSuite adds more Text Enhance gen AI capabilities
NetSuite is expanding on the generative AI capabilities added to its SaaS-based ERP offerings in October last year. The new capabilities, which include incremental feature additions to its Text Enhance offering and two new connectors for its analytics warehouse and point of sale (POS) offerings, were announced on Thursday at the company’s SuiteConnect event in New York. […]
Cisco Patches DoS Vulnerabilities in Networking Products
Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS). The post Cisco Patches DoS Vulnerabilities in Networking Products appeared first on SecurityWeek.
Zafran Emerges From Stealth With Risk and Mitigation Platform, $30M in Funding
Zafran has emerged from stealth mode with a risk and mitigation platform and $30 million in funding from Sequoia Capital and Cyberstarts. The post Zafran Emerges From Stealth With Risk and Mitigation Platform, $30M in Funding appeared first on SecurityWeek.
Chinese Cyberspies Targeting ASEAN Entities
Two Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN. The post Chinese Cyberspies Targeting ASEAN Entities appeared first on SecurityWeek.
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023
In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. The post Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 appeared first on SecurityWeek.
US Offering $10 Million Reward for Information on Change Healthcare Hackers
The US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure. The post US Offering $10 Million Reward for Information on Change Healthcare Hackers appeared first on SecurityWeek.
7 tips for leading without authority
Leading a technical workforce requires a rapidly changing skillset. Gone are the days when your title allowed you to boss everyone around, rule with an iron fist, and expect a successful outcome. The mood of leadership now is all about collaboration, mutual elevation, and leading without authority. Even if you have a job title where […]
Swiss Federal Railways CIO relies more on AI than concrete
Railway construction couldn’t be more laborious than in Switzerland, as the country consists almost exclusively of mountains, most of which are now spanned with bridges and riddled with holes, like the famous local cheese. The rail network is also the densest in Europe to the point where it can no longer be expanded because all the necessary […]
Prepping for the post-CIO chapter of a storied career
It seems every week I’m on the phone with a CIO or other technology executive who’s either contemplating, on the verge of, or has recently gone through the process of retiring. Most struggle with it. They’ve been so heads-down doing the work that they’ve failed to properly and intentionally prepare themselves for this next chapter. […]
Details and Lessons Learned From the Ransomware Attack on the British Library
Although the attack on the national library of the UK occurred five months ago, the Library’s infrastructure won’t be rebuilt until mid-April 2024, and then the full restoration of systems and data can begin. The post Details and Lessons Learned From the Ransomware Attack on the British Library appeared first on SecurityWeek.
CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities
CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities. The post CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities appeared first on SecurityWeek.
ChatGPT: le nuove sfide della strategia sui dati nell’era dell’IA generativa
Le aziende italiane investono in infrastrutture, software e servizi per la gestione e l’analisi dei dati (+18% nel 2023, pari a 2,85 miliardi di euro, secondo l’Osservatorio Big Data & Business Analytics della School of Management del Politecnico di Milano), ma quante sono giunte alla data maturity? Il Data Strategy Index incluso nel report rileva […]
Why CIOs need to pay attention to the most significant overhaul of Australian privacy law in 40 years
Michael Fagan, former chief transformation officer at Village Roadshow, examines the proposed changes to the Privacy Act and what CIOs in Australia need to be aware of. I received 7 unsolicited CVs and resumes in the last 12 months, from well-educated and qualified people, seeking to join the organisation where I was working. Unbeknownst to […]
Turbocharging business processes
One of the few certainties in this world is that customers will always expect more from their service providers, and that whether they remain customers depends greatly on whether that expectation is met. And it isn’t just customers whose expectations are rising. Employees have witnessed what modern technology can do to enhance internal services and […]
「ブーメラン」CIO:ITリーダーは戻ってくることでレベルアップする
マット・ポストゥルカは、COVID-19の流行が始まった時に副CIOとしてアーベラ・インシュアランス・グループを去ったが、その後を振り返るつもりはなかった。ポストゥルカはCIOになることを目指していたが、それを達成し、ボストン連邦準備銀行のCIO兼テクノロジー・オペレーション担当上級副社長の職に就いた。 アーベラ銀行を退職したのは、「素晴らしいリーダーがいた」ことと、「CIOになるのは数年先のことだと感じていた」ことが理由だった、とポストゥルカは説明する。彼は「少し変わったことをしたい」と考えており、2つの事業分野を担当する準政府機関でテクノロジーをリードすることに大きな魅力を感じていた。「だから、事業運営に自分の手を汚す興味深い機会があった」 しかし2022年、2年間の銀行勤務の後、ポストゥルカは副社長兼CIOとしてアルベラに戻ってきた。 ポストゥルカは、ブーメランITリーダー(会社を辞め、別の場所で経験を積んだ後、より高い技術指導者のポジションに戻ってくるプロフェッショナル)の一例である。 ヘラー・サーチ・アソシエイツのマーサ・ヘラー最高経営責任者(CEO)によれば、こうしたブーメランCIOには、従来の社外新入社員と同じように成功する理由がある。「テクノロジーの進歩は非常に速く、企業文化は大きな変革期を迎えている。これまでの人間関係は、ブーメラン・リーダーを素早くスピードアップさせるのに役立つが、企業文化に対する思い込みが脱線させることもある。」 新鮮な視点を得る ケビン・ミラーは、エンタープライズ・ソフトウェア・プロバイダーのIFS Americasでテクニカル・ソリューション・アーキテクトとして約2年間働いた後、2020年にソフトウェア・プロバイダーのLoftwareでグローバル・プリセール・ソリューション・アーキテクトのディレクターになった。 IFSは新しいオーナーのもとで移行期にあり、プライベート・エクイティによる資金調達と新社長の就任を受けていたため、社風が変わりつつあったとミラーは振り返る。「それは素晴らしいことで、私は100%乗り気だったのですが、変化しない可能性のある職務に就いていると感じ、自分が成長していないと感じたのです」と彼は言う。Loftwareへの移籍は、他のチームを再編成する機会だった。 しかし、それから1年余り後、ミラーはアソシエイト・バイスプレジデントとしてIFSに戻り、現在は米州担当CTOを務めている。ロフトウェアでの仕事について、彼はこう語る。「エンタープライズ・ソフトウェアも開発していた会社だったが、規模はもっと小さかった。」 Loftwareにいたとき、ミラーは異なる文化やタイムゾーンにいるチームとの付き合い方やリーダーシップの取り方を学び、パンデミックの真っ只中だったため、「リモート・リーダーシップのスキルをたくさん学びました。」 当時アメリカ大陸担当CTOだった元マネージャーは、引退を計画しており、ミラーに連絡を取った。「私は60日ほど留守にしていたのですが、彼は私に電話をかけてきて、私とのリーダーシップの機会を逃したと言ったのです」とミラーは振り返る。「率直に言って、私たちはチームをどのように再編成し、私が彼の後継者としてどのような役割を果たすかについて、何カ月も話し合った。」 その後、話し合いは行き詰まり、ミラーは懐疑的になったが、最終的にIFSの米州担当社長が彼の復帰を正式に決定した。 IFSでの最初の任期中、ミラーは「彼はたくさんの創造的なアイデアを持っていましたが、それらはほとんどが”私たちはいつもそうしてきたから、そのようにするんだ”という返答に遭遇しました。私はそれが言うべき最悪のことの一つだと思います。」 ミラーが復帰する前、IFSの社長はミラーのアイデアが聞き入れられることを明確にした。「私は変化をもたらすために戻ってきたかったし、私が戻って自分のスキルをチームに注入できることに興奮し、乗り気だった。」 そして、彼が戻って半年後、CTOは退職し、ミラーは昇進した。 Loftwareにいる間、ミラー氏はソフトウェア製品を実証するためのさまざまな方法論や技術に触れたという。「ロフトウェアの組織はずっと小さかったが……彼らは我々(IFS)が苦労していることを実現していた。」 ミラーの目標は、より機敏に、より大きな自主性をソフトウェアチームに与える環境を育成することだった。彼は、”チームよ、こうする必要がある “という伝統的なトップダウンのアプローチではなく、”彼らに力を与え、彼らが最高の仕事ができるようにサポートするために “そこにいることを明確にしたと言う。 離れたことで、「他の多様な状況」や「異なる顧客」に触れることができ、問題解決への「創造的なアプローチ」を身につけることができたからだ。 慣れ親しんだ文化と人々 連邦準備銀行にいたとき、ポストゥルカはサイバーセキュリティとインフラについて多くのことを学んだが、それはアプリ開発やソフトウェア・エンジニアリングのスキルを補完するものだったと言う。 C-suiteに異動し、特にパンデミック(世界的大流行)の最中に、ポストゥルカは幹部として、ビデオ会議を通じて遠隔地のチームを率いるために何が必要かを知った。それは、国中の人々と効果的にコミュニケーションをとり、影響を与えなければならないことを意味すると彼は言う。 アルベラでCIOの職務が与えられたとき、ポストゥルカは興味をそそられた。慣れ親しんだ会社で自分のキャリア目標を達成するというのは魅力的なアイデアだったが、「正直なところ、私を引き戻したのは文化と人々でした」と彼は言う。「アーベラは素晴らしい職場だし、長年一緒に働いてきた多くの人たちと連絡を取り合っていた。」 ポストゥルカは、忍耐強く人々の話に耳を傾けることで、人脈と人間関係を築くことの大切さを教えてくれたのは、この2つの組織だと信じている。支持を得たいアイデアがあるとき、反発を受けるかもしれないが、そのときこそ交渉の出番だと彼は言う。 成功するCIOになるには、「どこで自分の立場を守り、いつ利己的でなく無私になるべきか」を学ぶ必要がある。……それは、経営幹部レベルの支持を得るのに役立つ」とポスタルカは言う。「また、役員会に味方がいても損はない。」 ポストゥルカがアルベラを去り、またアルベラに戻ってくる過程で学んだ最も重要なリーダーシップの原則は何だろうか?適切なチームに囲まれることの重要性と、才能を維持することがいかに重要であるかということだ。「誰もがそう言う」とポストゥルカは指摘する。「しかし、それはあなたの成功と組織の成功にとって非常に重要なことなのだ。」 どのようにブーメランを放つのがベストか ポスタルカとミラーの両氏は、以前の会社でより高いレベルのITポジションに戻ることを考えるなら、まず自分のキャリアで何を達成しようとしているのかを考えるべきだと言う。 以前の組織の状況は変化し、数年が経過することもあるが、「もしあなたがまだその文化に馴染みがあり、一貫したものがあり、それが過去にあなたにとって魅力的であったなら、それが今後あなたにとって活力となるかどうかを強く考慮することだ」とポスタルカは言う。 レベルアップのためとはいえ、以前の従業員に戻るのは後戻りのように感じる人もいるかもしれない。しかし、ポストゥルカにとってはそうではない。むしろ、自分自身のため、そして彼が大切に思い続けている組織のために何かを形作り、構築する機会となった。 「連邦準備銀行の2年間で多くの経験を積み、物事の進め方について広い視野を持つことができた。」 ミラーもこれに同意し、IFSでやり残したことがあると感じたという。「戻ってきてから、自分の家のように感じている。」 彼は、「自分の条件と、それが自分の個人的な成長と、自分が成し遂げたいことのキャリアストーリーにどのように合致するかで、やっていかなければならない」と付け加えた。 Careers
Code Execution Flaws Haunt NVIDIA ChatRTX for Windows
Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks. The post Code Execution Flaws Haunt NVIDIA ChatRTX for Windows appeared first on SecurityWeek.
Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own
Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest. The post Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek.
Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working
Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. The post Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working appeared first on SecurityWeek.
VPN Apps on Google Play Turn Android Devices Into Proxies
Human Security identifies 28 VPN applications for Android and an SDK that turn devices into proxies. The post VPN Apps on Google Play Turn Android Devices Into Proxies appeared first on SecurityWeek.
Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters
Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters. The post Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters appeared first on SecurityWeek.
Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products
In the past week Rockwell Automation addressed 10 vulnerabilities found in its FactoryTalk, PowerFlex and Arena Simulation products. The post Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products appeared first on SecurityWeek.
CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks
CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild. The post CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks appeared first on SecurityWeek.
What Erie Insurance does to develop transformational talent
When the leadership team at Erie Insurance planned a large-scale transformation, they knew it couldn’t be an IT-only effort. The themes of the transformation — modernization, best-in-class agent experience, multi-channel customer experience, product excellence, and innovation — are so business centric that they could only be achieved with an enterprise-wide effort. When Partha Srinivasa joined […]
Think you can ignore quantum computing? Think again.
“It’s been known since the 1990s that a large-scale quantum computer will be able to break many of the crypto systems we rely on for security,” says Dustin Moody, leader of Post Quantum Cryptography (PQC) at the National Institute for Standards and Technology (NIST) in Maryland. In 1994, American mathematician Peter Shor developed quantum algorithms […]
Meet digital transformation experts making waves with Value Stream Management
We’ve all heard the saying about the journey of a thousand miles starting with a single step. For enterprise leaders, what’s key is making that first step, and every step thereafter, the best one possible. When you’re guiding a large enterprise on a complex, long-term digital transformation journey, it can be very difficult to know […]
Women in tech increasingly dissatisfied, job search rates surge
A troubling trend within the tech industry is coming into sharp focus: women are significantly more likely to be actively seeking new employment than their male counterparts. A new study from the tech job search platform Dice reveals that 38% of women in tech are currently engaged in a job search, compared to 30% of […]
Cisco: Workers like the hybrid model, but crave better offices
Workers around the world are broadly positive about the idea of returning to the office, at least part-time, but CIOs should know that many are also skeptical about the suitability of in-office technology to sustain productivity. According to a new survey of about 14,000 workers and 3,800 employers released today by Cisco, 72% of employees […]
Binarly Attracts $10.5M to Tackle Software Supply Chain Security
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post Binarly Attracts $10.5M to Tackle Software Supply Chain Security appeared first on SecurityWeek.
Researchers Discover 40,000-Strong EOL Router, IoT Botnet
Malware hunters sound an alarm after discovering a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities. The post Researchers Discover 40,000-Strong EOL Router, IoT Botnet appeared first on SecurityWeek.
UK Firm Think Cyber Raises $3.8 Million for Staff Security Nudging
Startup says simple awareness training is not sufficient – users need to practice ‘good’ behavior beyond simply acknowledging poor behavior and bad intent. The post UK Firm Think Cyber Raises $3.8 Million for Staff Security Nudging appeared first on SecurityWeek.
VMware by Broadcom: The First 100 Days
We recently passed the 100-day mark since VMware joined Broadcom. While much work remains, we’ve made substantial progress as we build the world’s leading infrastructure technology company. In the 18-month process of evaluating and acquiring VMware, we looked at everything to identify what’s needed to create more value for our customers. We’ve acted decisively to […]
Airbus to Buy German Cybersecurity Firm Infodas
Airbus Defence and Space is set to acquire Infodas, a Germany-based company that boasts €50 million revenue. The post Airbus to Buy German Cybersecurity Firm Infodas appeared first on SecurityWeek.
UK Court Says Assange Can’t be Extradited on Espionage Charges Until US Rules Out Death Penalty
UK Judges said the U.S. must guarantee that Assange, who is Australian, “is afforded the same First Amendment protections as a United States citizen, and that the death penalty is not imposed.” The post UK Court Says Assange Can’t be Extradited on Espionage Charges Until US Rules Out Death Penalty appeared first on SecurityWeek.
Eliminating unexpected cloud costs: FinOps strategies for enterprises
Enterprises seeking to thrive in an innovation-centric economy are capitalizing on multi-cloud strategies to leverage unique cloud services. These services help accelerate initiatives supporting AI, data processing, and other pursuits, such as driving compute to the edge. That’s all well and good – until the CIO gets the bill. In a survey of more than […]
Webinar Today: How to Reduce Cloud Identity Risk
Please the fireside chat as Phil Bues, Cloud Research Manager at IDC, discusses the challenges and best practices for cybersecurity leaders managing cloud identities. The post Webinar Today: How to Reduce Cloud Identity Risk appeared first on SecurityWeek.
Suspicious NuGet Package Harvesting Information From Industrial Systems
A suspicious NuGet package likely targets developers working with technology from Chinese firm Bozhon. The post Suspicious NuGet Package Harvesting Information From Industrial Systems appeared first on SecurityWeek.
ZenHammer Attack Targets DRAM on Systems With AMD CPUs
A new Rowhammer attack named ZenHammer has been demonstrated against DRAM on systems with AMD CPUs, including DDR5. The post ZenHammer Attack Targets DRAM on Systems With AMD CPUs appeared first on SecurityWeek.
Greylock Makes $10M Bet on Bedrock Security
Silicon Valley startup deposits $10 million in seed-stage funding to help organizations manage risk from cloud and gen-AI technologies. The post Greylock Makes $10M Bet on Bedrock Security appeared first on SecurityWeek.
Apple Patches Code Execution Vulnerability in iOS, macOS
Apple has released iOS 17.4.1 and macOS Sonoma 14.4.1 with patches for an arbitrary code execution vulnerability. The post Apple Patches Code Execution Vulnerability in iOS, macOS appeared first on SecurityWeek.
HP MPS provides certified carbon neutral printing
The global climate crisis is one of the most significant and urgent issues facing the planet today, threatening the ecosystems we depend upon. A collective effort is urgently required. One way to help protect the environment for future generations is for every business to begin moving towards carbon neutrality. A carbon neutral business is one […]
Integrate home and office print management
As the trend to a borderless workplace accelerates, supporting work wherever it happens—whether at home or in the office—has become a critical need. And the demands on IT can be overwhelming. Finding the right device with the right set of printing and scanning features to fit your employees’ needs is just the beginning. You’re also […]
Free your business to accelerate into change
While organizations respond to urgent demands to transition to the cloud, they may overlook the print environment. Even if printing is on IT’s radar, their time and resources are often barely enough to keep on top of day-to-day management tasks. There’s little time and not enough people for all current and new projects. HP Managed […]
Digital security for the world of anywhere work
Anywhere work comes with all-around security risks. When HP moved its workforce of 70,000 employees and contractors to a hybrid model, the umbrella of devices it had to protect expanded exponentially. HP had to ensure that they could: Meet today’s rising security challenges Guard employee data Make layers of security transparent and automated Keep software […]
Trends in the threat landscape
Each quarter HP’s security experts highlight notable malware campaigns, trends and techniques identified by HP Wolf Security. By isolating threats that have evaded detection tools and made it to endpoints, HP Wolf Security gives an insight into the latest techniques used by cybercriminals, equipping security teams with the knowledge to combat emerging threats and improve […]
How digital workspaces can secure hybrid work
The enterprise workplace has changed significantly over the past few years with the rapid adoption of hybrid work. Organizations across all industries can leverage digital workspaces to implement hybrid work models that (1) provide employees with a superior user experience, (2) meet security, productivity, collaboration, and employee satisfaction goals for the business, and (3) are […]
How to securely implement digital workspaces
As more organizations pivot to incorporating digital workspaces, IT will have to make important decisions around security. There has been an increase in cybersecurity incidents over the last few years. IT can’t rely on traditional or established security protocols. They need to be aware of the latest threats and the best ways to mitigate them. […]
Five ways to thrive in the new world of work
When it comes to facilities, IT, staffing, and supply chain, businesses today need a whole new kind of blueprint to thrive in the new era of uncertainty. Discover the five ways to help prepare for whatever is thrown your way while still meeting your desired business outcomes. Workforce Experience The whole purpose of gathering people […]
Achieve digital effectiveness
Discover how continuous digital optimization can drive positive business outcomes, boost revenue, and supercharge your workforce. Here are the four key advantages: Increased agility and flexibility Digital tools and solutions empower employees to work remotely, which ensures seamless operations in diverse locations. It enables collaborative work across geographically scattered teams and departments, fostering innovation and […]
Solving the top 3 IT challenges of anywhere work
The workforce is no longer bound to the traditional workplace, requiring you to transform your organization’s ways of working. Here’s how the right Managed Services provider can help ensure successful IT transformation and allow your workforce to perform at their best. Securing endpoints for remote workers The majority of remote workers tend to use their […]
US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities
CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software. The post US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities appeared first on SecurityWeek.
10 best practices when partnering for strategic skills
Enterprise CIOs have always been at a disadvantage competing with tech firms for skilled IT pros, but accelerated transformation efforts and an AI gold rush have significantly intensified the talent war, prompting CIOs to increasingly turn to outside firms for help. “Collaboration with external partners allows enterprises to enhance their IT prowess, drive innovation, and […]
Customer science: A new CIO imperative
It may be far-fetched to imagine a future where IT professionals morph into customer scientists, but next-gen IT needs to be on a path toward more rigorous and systematic customer analysis to craft cause-and-effect theories of customer behavior. Every organization claims to be customer-focused, some going so far as to insist they are customer-obsessed. In […]
MWC 2024 Replay: Huawei unlocks resilient, ‘non-stop’ banking with four-pronged solutions strategy
With the goal to enhance intelligence in the digital banking arena, Huawei has unveiled a new framework to bolster infrastructure resilience. Speaking at Mobile World Congress 2024 in Barcelona, Jason Cao, Huawei’s CEO of Digital Finance BU, acknowledged that digital financial services are “booming” and that the rise of open architecture as well as emerging […]
Dell cuts jobs amid growing economic uncertainties
Reflecting a wider industry trend, Dell has revealed workforce reductions, attributing this decision to the ongoing macroeconomic environment that continues to affect demand across the sector. In its latest filing, the company said it continued executing cost management measures, “including limiting external hiring, employee reorganizations, and other actions” to align its investments with strategic priorities […]
Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks
CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild. The post Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks appeared first on SecurityWeek.
UK, New Zealand Accuse China of Cyberattacks on Government Entities
Australia and New Zealand support the UK in condemning Chinese hackers for targeting UK institutions and parliamentarians. The post UK, New Zealand Accuse China of Cyberattacks on Government Entities appeared first on SecurityWeek.
Salesforce adds Contact Center updates to Service Cloud
Salesforce has announced new Contact Center updates to its Service Cloud — an offering targeted at bettering customer experience and boosting the productivity of service teams. The new updates to the Contact Center include features such as conversation mining and generative AI-driven survey summarization among other features. Dubbed Einstein Conversation Mining, one of the […]
Stability AI CEO steps down ‘to fix concentration of power in AI’
Emad Mostaque stepped down as CEO of Stability AI, the developer of the Stable Diffusion image generation tool, over the weekend, saying he wanted to “fix” the concentration of power in AI. The company said he had also quit its board of directors, which had appointed COO Shan Shan Wong and CTO Christian Laforte as […]
7 modi per rendere le IT operation più efficienti
Nessun CIO vuole essere alla guida di un’organizzazione IT inefficiente: è un dato di fatto. Tuttavia, a causa della disattenzione o della conduzione di pratiche obsolete, l’IT può diventare progressivamente inefficiente e improduttivo. Il perseguimento dell’efficienza nell’IT dovrebbe essere un processo continuo, non un evento una tantum, afferma Robert Orshaw, global cloud operate leader di […]
新たなデジタル・ソリューションの潮流がもたらす顧客とベンダーのパートナーシップに新たなアプローチ
問題は、経営幹部や事業部門のマネジャーが、これらすべての新しいデジタル・システムを効果的に計画し、圧縮された時間枠の中で展開することを要求していることだ。ITチームがすでに現在のタスクで手一杯の状態では、それは難しい。また、社内のITスキルセットが新しい製品やサービスの要求に合致していない場合は、さらに難しい。 この事実は、こうした新しい製品やサービスを提供するプロバイダーも気づいていないわけではなく、その多くは、ITチームが経営陣の要求に応じて新しいテクノロジーを迅速に立ち上げ、稼働させるためのリソースとなることを提案している。彼らや他のプロフェッショナル・サービス企業、ベンダーの様々なパートナー組織が提供するユーティリティは、購入プロセスにおける重要な考慮事項となっている。CIO懇談会の参加者の多くは、このような外部リソースをまず確保することなしに、新しいテクノロジーの導入プロセスやパイロット・プロジェクトを開始することはないと言う。また、最初は社内チームで始めたものの、プロジェクトが進むにつれて社外のリソースを加えることになったという例も多い。 このような外部リソースの活用は、もちろん目新しいことではないが、現在ではより一貫して行われている。今日のプロジェクトは難易度が高いが、それは単に、組織の運営や業績に与える影響がはるかに大きく、ビジネスが何年にもわたってそれに依存するからである。もう1つの要因は、今日実装されているテクノロジーの多くが1.0テクノロジーであり、スピード感を持ちながら最初に正しいことをするのがより難しくなっていることである。 ラウンドテーブルの出席者は、テクノロジーや業界を問わず共通する成功のカギをいくつか挙げている: パートナーやベンダーは、深く効果的なレベルの技術的交流と知識を持たなければならない。トレーニングやサポートは、プロジェクトの重要性に見合ったレベルで実施されなければならない。 ベンダーと顧客の方程式にパートナーを加えても、責任の押し付け合いになってはならない。顧客を中間に置くことは、過去にもうまくいったことはないし、今もうまくいかないだろう。 関係のすべては透明でなければならない。責任、報酬、役割、コミットメントを詳細に、最初に明示する必要がある。これは、設計、配備、運用の各段階において、新しいテクノロジーが旧来のテクノロジーよりも多くの変動要素を持つ可能性がある場合に、特に重要になる。 急速な変化のスピードは、一向に衰える気配がない。 そして、組織がこれらの新しいシステムを使いこなすようになり、より多くのことを要求するようになると、絶え間ないアップグレードと機能強化が必要になる。 その結果、熟練した人材の必要性が高まる。 重要なベンダーと協力し、効果的な戦略計画を立てることが、成功の中心となる。 Industry
US Treasury Slaps Sanctions on China-Linked APT31 Hackers
The US Treasury Department sanctions a pair of Chinese hackers linked to “malicious cyber operations targeting US critical infrastructure sectors.” The post US Treasury Slaps Sanctions on China-Linked APT31 Hackers appeared first on SecurityWeek.
Leen Banks Early Stage Funding for Data Security Technology
Leen Security, a new startup building technology to help reduce chaos in the data security space, has banked a $2.8 million pre-seed funding. The post Leen Banks Early Stage Funding for Data Security Technology appeared first on SecurityWeek.
The OODA Loop: The Military Model That Speeds Up Cybersecurity Response
The OODA Loop can be used both by defenders and incident responders for a variety of use cases such as threat assessment, threat monitoring, and threat hunting. The post The OODA Loop: The Military Model That Speeds Up Cybersecurity Response appeared first on SecurityWeek.
Why Internet Performance Monitoring is the new frontier in a distributed world
The landscape of applications and their delivery has undergone a dramatic transformation. Applications are no longer standalone entities but are now intricate collections of services, APIs, and distributed applications across various cloud environments. This ecosystem relies heavily on core internet services such as DNS and BGP, while networks have evolved to embrace a variety of […]
Over 100 Organizations Targeted in Recent ‘StrelaStealer’ Attacks
More than 100 organizations in the US and EU have been targeted in recent StrelaStealer infostealer campaigns. The post Over 100 Organizations Targeted in Recent ‘StrelaStealer’ Attacks appeared first on SecurityWeek.
Government, Energy, and IT sectors identified as primary targets for cyber threat actors in the UAE
Cybersecurity is established as one of the priorities of companies in the UAE, proof of this is the increase in investment and the participation of the CISO in the management committee. Cybersecurity in UAE’s companies is one of the top priorities; new work models and growing cyber threats have caused companies to dedicate more staff […]
Top Python Developers Hacked in Sophisticated Supply Chain Attack
Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama. The post Top Python Developers Hacked in Sophisticated Supply Chain Attack appeared first on SecurityWeek.
Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own
Firefox browser updates address two zero-day vulnerabilities exploited at the Pwn2Own hacking contest. The post Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own appeared first on SecurityWeek.
White House Nominates First Assistant Secretary of Defense for Cyber Policy
Michael Sulmeyer has been nominated by the White House as the first assistant secretary of defense for cyber policy at the Pentagon. The post White House Nominates First Assistant Secretary of Defense for Cyber Policy appeared first on SecurityWeek.
Women IT leaders take center stage
Judy Balaban has seen firsthand how stepping into the professional spotlight, even on a small stage, pays dividends. Early in her career as a program management specialist at AT&T, Balaban became an active member with the Project Management Institute’s New Jersey chapter, which put her front and center at plenty of events. She considered her […]
How to get your CFO to buy into a better model for IT funding
CFOs want certainty when it comes to spend. And they want to know exactly how much return on investment (ROI) can be expected when IT leaders make technology-related changes. Meanwhile, CIOs want certainty when it comes to funding. Continuous and dependable funding facilitates IT leaders’ ability to deliver leading-edge technology solutions while not increasing technical debt. Modern […]
High-Quality 10 Gbps CloudCampus. The next evolution of campus networks.
The global campus network market is quietly but steadily expanding. The first quarter of 2023 saw a 43.3% YoY increase in the enterprise segment of the worldwide wireless local area network (WLAN) market, achieving a market value of $2.8 billion. This strong growth was largely driven by the adoption of the latest industry standards Wi-Fi […]
2024 CSO30 Middle East Awards: Nominations are now open
Foundry and IDC Middle East are proud to launch the first edition of CSO30 Awards in the UAE, KSA and Qatar, recognising the top 30 senior security executives in each country with outstanding leadership in driving positive business outcomes through effective risk mitigation strategies Reflecting Foundry’s (formerly IDG Communications) and IDC’s increasing commitment to the […]
Finite State Raises $20 Million to Grow Software Supply Chain Security Business
Software risk management firm Finite State has raised a $20 million growth round led by Energy Impact Partners (EIP). The post Finite State Raises $20 Million to Grow Software Supply Chain Security Business appeared first on SecurityWeek.
German Authorities Shut Down Online Marketplace for Drugs, Data and Cybercrime Services
German authorities took down the Nemesis Market, a major online marketplace for drugs, cybercrime services and stolen credit card data. The post German Authorities Shut Down Online Marketplace for Drugs, Data and Cybercrime Services appeared first on SecurityWeek.
Ask yourself: How can genAI put your content to work?
By Bryan Kirschner, Vice President, Strategy at DataStax One of the major findings of our recently released State of AI Innovation report was how bullish managers and technical practitioners were about generative AI enhancing, rather than threatening, their careers. A key reason why I think they’re right is generative AI’s ability to operate in useful […]
ChatGPT isn’t an AI strategy—but it should be a strategic tool
By Bryan Kirschner, Vice President, Strategy at DataStax For all the deserved enthusiasm about the potential of generative AI, “ChatGPT is not your AI strategy” remains sound advice. That said, it’s still worthwhile to think about how to use large language model (LLM)-powered tools like ChatGPT in more strategic ways. New research from Microsoft on […]
From fear to abundance: Rethinking job security in the age of generative AI
By Chet Kapoor, Chairman & CEO at DataStax Along with the exciting possibilities of generative AI (genAI), there have been concerns around job (in)security and displacement. Leaders are feeling the pressure to implement genAI quickly and automate as much as possible. Some will see this as an opportunity to “get lean” and reduce headcount. Others […]
Deutsche Telekom calls on SAP for Rise all-in-one offer
SAP has won another convert to its Rise with SAP managed software offering. Deutsche Telekom intends to migrate systems used by its European operating companies to Rise over the next two years. It’s following in the footsteps of IBM and Microsoft, which like the German telco have an edge over regular companies contemplating a similar […]
Russian APT29 Hackers Caught Targeting German Political Parties
Security researchers at Mandiant raises an alarm after discovering Russia’s APT29 hacking group expanding targets to political parties in Germany. The post Russian APT29 Hackers Caught Targeting German Political Parties appeared first on SecurityWeek.
UN Adopts Resolution Backing Efforts to Ensure Artificial Intelligence is Safe
The resolution, sponsored by the United States and co-sponsored by 123 countries, including China, was adopted by consensus with a bang of the gavel and without a vote, meaning it has the support of all 193 U.N. member nations. The post UN Adopts Resolution Backing Efforts to Ensure Artificial Intelligence is Safe appeared first on […]
Ransomware Group Takes Credit for Attack on Boat Dealer MarineMax
The Rhysida ransomware group has taken credit for the cyberattack on MarineMax and is offering to sell stolen data for 15 bitcoin. The post Ransomware Group Takes Credit for Attack on Boat Dealer MarineMax appeared first on SecurityWeek.
‘Brain Weasels’: Impostor Syndrome in Cybersecurity
There are several attributes that tie the cybersecurity community together–namely our collective passion for solving complex problems in order to reduce harm – but one has stood out prominently over the years: impostor syndrome. The post ‘Brain Weasels’: Impostor Syndrome in Cybersecurity appeared first on SecurityWeek.
In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap
Noteworthy stories that might have slipped under the radar: Google’s post-quantum cryptography threat model, keyboard typing sounds can expose data, DHS publishes AI roadmap. The post In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap appeared first on SecurityWeek.
39,000 Websites Infected in ‘Sign1’ Malware Campaign
Over 39,000 websites have been infected with the Sign1 malware that redirects visitors to scam domains. The post 39,000 Websites Infected in ‘Sign1’ Malware Campaign appeared first on SecurityWeek.
US Government Issues New DDoS Mitigation Guidance
CISA, the FBI, and MS-ISAC have released new guidance on how federal agencies can defend against DDoS attacks. The post US Government Issues New DDoS Mitigation Guidance appeared first on SecurityWeek.
BlueFlag Security Emerges From Stealth With $11.5M in Funding
BlueFlag Security emerges from stealth mode with $11.5 million in a seed funding round led by Maverick Ventures and Ten Eleven Ventures. The post BlueFlag Security Emerges From Stealth With $11.5M in Funding appeared first on SecurityWeek.
New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys
Researchers detail GoFetch, a new side-channel attack impacting Apple CPUs that could allow an attacker to obtain secret keys. The post New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys appeared first on SecurityWeek.
Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors
Vulnerability in Dormakaba’s Saflok electronic locks allow hackers to forge keycards and open millions of doors. The post Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors appeared first on SecurityWeek.
Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024
Exploits targeting Tesla cars, operating systems, and popular software earned participants over $1.1 million at Pwn2Own Vancouver 2024. The post Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024 appeared first on SecurityWeek.
15 highest-paying IT jobs
The past year was rough for the tech industry, with many companies reporting layoffs and the threat of recession looming. But despite a bumpy year, demand for IT skills remains, even as average salaries for sought-after roles have taken a hit. Much of this can be attributed to unprecedented growth in the tech sector between 2019 and […]
The big changes forcing PostNord to digitally restructure
Digitization is changing business models, particularly at PostNord, where it’s seen a continuous reduction in national letters sent that’s in line with the long-term digitization trend. For over 20 years, the volume of letters has dropped by 65%, which has led to delivery now only taking place every other day. By contrast, the growth of e-commerce has […]
SAP user group: S/4HANA usage is growing, but still in the minority
The German-speaking user group for enterprise software giant SAP says that customers’ willingness to invest in the company’s S/4HANA cloud product is rising, but still lags behind flagship ERP products like ECC 6, and some customers see the need for more discussion on SAP’s prolonged move to the cloud. DSAG, a group representing SAP users […]
New Bipartisan Bill Would Require Online Identification, Labeling of AI-Generated Videos and Audio
Key provisions in the legislation would require AI developers to identify content created using their products with digital watermarks or metadata. The post New Bipartisan Bill Would Require Online Identification, Labeling of AI-Generated Videos and Audio appeared first on SecurityWeek.
Lost Crypto Wallet? New Firm Promises Ethical, Transparent and Inexpensive Recovery
Praefortis is a new company pushing ethical and transparent recovery of lost or forgotten crypto wallet passwords. The post Lost Crypto Wallet? New Firm Promises Ethical, Transparent and Inexpensive Recovery appeared first on SecurityWeek.
Dymium Snags $7M to Build Data Security Platform with Secure AI Chat
Two Bear Capital leads a venture capital bet on Dymium, a California startup building data protection technologies. The post Dymium Snags $7M to Build Data Security Platform with Secure AI Chat appeared first on SecurityWeek.
House Passes Bill Barring Sale of Personal Information to Foreign Adversaries
H.R. 7520 prohibits data brokers from selling Americans’ data to foreign adversary countries or entities controlled by them. The post House Passes Bill Barring Sale of Personal Information to Foreign Adversaries appeared first on SecurityWeek.
Tarsal Raises $6 Million for Security Data Movement Platform
Tarsal raises $6 million in a seed funding round led by Harpoon Ventures and Mango Capital and appoints new CTO. The post Tarsal Raises $6 Million for Security Data Movement Platform appeared first on SecurityWeek.
Risk and Regulation: Preparing for the Era of Cybersecurity Compliance
The next twelve months will see the implementation of several regulations designed to improve cybersecurity standards across various industries. The post Risk and Regulation: Preparing for the Era of Cybersecurity Compliance appeared first on SecurityWeek.
Microsoft Patches Xbox Vulnerability Following Public Disclosure
Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue. The post Microsoft Patches Xbox Vulnerability Following Public Disclosure appeared first on SecurityWeek.
Vulnerability Allowed One-Click Takeover of AWS Service Accounts
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack. The post Vulnerability Allowed One-Click Takeover of AWS Service Accounts appeared first on SecurityWeek.
Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM
Ivanti has released patches for two critical-severity vulnerabilities leading to arbitrary command execution. The post Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM appeared first on SecurityWeek.
GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta
GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities. The post GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta appeared first on SecurityWeek.
CDOs, data science heads to fill Chief AI Officer positions in India
Indian enterprises are more likely to see Chief Digital Officers CDOs) and data science heads fill the upcoming position of Chief AI Officer (CAIOs), analysts and experts have said. “The role of a Chief AI Officer might be combined with other existing roles, such as a Chief Digital Officer or a head of data […]
US government enters the race for AI talent
US government agencies have ramped up their efforts to hire AI talent, filling newly created chief AI officer positions and aggressively seeking out AI-related skills. The Justice Department hired its first chief AI officer in February. That addition came on the heels of other recent CAIO appointments at the Education Department, the General Services Administration, […]
Driving 15 years of IT transformation in 5
In 2018, the day after his employer publicly announced it was being acquired, Lynn Lovelady, then VP of IT at Energen, received a pivotal phone call that would reshape his career. It was from Charlie Nowlin, then CFO at McWane, who for more than a year had been searching for the company’s first chief information […]
$200,000 Awarded at Pwn2Own 2024 for Tesla Hack
Participants earned a total of $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software. The post $200,000 Awarded at Pwn2Own 2024 for Tesla Hack appeared first on SecurityWeek.
Pioneering 5G Acceleration, Indonesia Marks a Revolutionary Digital Era Through Its First 5G Warehouse
In a rapidly evolving global landscape, Indonesia acknowledges the crucial role of the digital economy in driving sustainable development and promoting inclusive growth. As such, Golden Indonesia Vision 2045 places a strong emphasis on leveraging digital technologies to enhance productivity, competitiveness, and resilience across all sectors of the economy. Indonesia’s digital economy is projected to […]
AI Act, via libera dall’Europarlamento: tutto quello che i CIO devono sapere
Il Parlamento europeo ha approvato l’AI Act, la legge dell’Unione europea sull’intelligenza artificiale: dopo l’accordo raggiunto con gli Stati membri lo scorso dicembre, c’è il via libera dei deputati (con qualche modifica nel testo definitivo rispetto all’accordo politico di fine anno). Il regolamento deve essere ancora formalmente approvato dal Consiglio, ma, in pratica, è fatta: […]
How to succeed at digital transformation in India
Digital transformation refers to using technology to fundamentally change how your organization operates and delivers value to your customers and stakeholders. However, it goes beyond simply acquiring new technologies. It also requires a rethink of your business strategy to embrace advances in cloud computing, analytics, AI, IoT and automation. You may not have started your […]
Navigating the future: the rise of SD-WAN in India
In the realm of Wide Area Networks (WANs), traditional routers have long been the backbone of network infrastructure, albeit with their limitations. The conventional approach involves configuring and maintaining each router individually, which often lacks the flexibility required for the dynamic needs of modern businesses. However, a transformative technology known as Software-Defined Wide Area Network […]
Why cloud evolution needs a cohesive approach to succeed
Many organisations in India are migrating to the cloud, and there is no shortage of cloud providers. But if you want cloud to revolutionise your business, it won’t help to get stuck with a basic cloud configuration that works by default but doesn’t keep pace with your evolving goals. This is what Mobicule Technologies, an […]
8 network trends shaping India’s digital landscape
India, like the rest of the world, is witnessing profound digital transformation in business – and networks play a key role in enabling this transformation. So, it is in your organization’s best interests to evolve your network to make it smarter and faster. As we head into 2024, let’s explore 10 network trends that are shaping […]
How technology is enabling Melbourne Airport’s growth
Melbourne Airport, currently Australia’s second busiest, is aiming to overtake Sydney to become the country’s number one destination airport. For Melbourne Airport CIO Anthony Tomai and his team, that overall strategic objective fuels their approach to create and deliver tech innovation at the airport campus at Tullamarine, northwest of the city. “The vision is to […]
The rocky road ahead for AI
Since inception, artificial intelligence (AI) has been changing fast. With the introduction of ChatGPT, DALL-E, and other generative AI tools, 2023 emerged as a year of great progress, putting AI into the hands of the masses. Even in all its glory, we’re also at an inflection point. AI will revolutionize industries and augment human capabilities, […]
French regulator fines Google $271M over generative AI copyright issue
France’s competition authority fined Google, its parent company Alphabet, and two subsidiaries a total of €250 million ($271 million) for breaching a previous agreement on using copyrighted content for training its Bard AI service, now known as Gemini. The Autorité de la concurrence said Wednesday that the search giant failed to comply with a June […]
企業が採用している需要の高いクラウドの14の職種
パンデミックを乗り越えるためにクラウドの導入が著しく増加した後、企業はクラウドインフラストラクチャのセキュリティ、メンテナンス、管理といった新たな課題に直面しています。これに対処するため、企業は予算をクラウドへと回しています。CIO.comの親会社であるFoundryの「2023 Cloud Computing Study」によると、IT意思決定者の3人に2人が2024年にクラウドの予算を増やす予定であり、約3分の1(31%)がIT予算の31%をクラウドコンピューティングに充てると報告しています。 こうした予算の増加には、企業のクラウドネットワークの維持や継続的な改善、拡張をサポートするクラウドおよびクラウドに関連する従業員に対する需要の増加が含まれます。Foundryのレポートによると、78%の企業が組織によるクラウド投資に応じて、新しい職種を追加したと回答しています。 Foundryの調査による、企業がクラウド投資をサポートするために追加する可能性が最も高い職種を以下でご紹介します。 1.クラウドアーキテクト クラウドコンピューティングがますます複雑化するなか、クラウドアーキテクトはクラウド環境の実装、移行、維持を管理する重要な役割を担うようになりました。これらのITプロフェッショナルは、クラウドセキュリティにまつわる潜在的なリスクを回避し、会社全体のクラウドへのスムーズな移行を実現するサポートもできます。IT部門の意思決定者の65%が、技術をアップグレードする際にクラウドベースのサービスを選択することが既定路線となっており、クラウドアーキテクトの重要性は企業の成功にとってますます高まるでしょう。 スキル:この職務のスキルには、アプリケーションアーキテクチャ、自動化、ITSM、ガバナンス、セキュリティ、リーダーシップの知識が含まれます。 職務の伸長度:Foundryの調査によると、クラウド投資の一環としてクラウドアーキテクトの職務を追加した企業は30%にのぼります。 2.クラウドシステム管理者 クラウドシステム管理者は、クラウドインフラストラクチャの全般的なメンテナンスと管理を監督する役割を担っています。クラウドベースのポリシーの実装、パッチやアップデートの展開、ネットワークパフォーマンスの分析など、これらのITプロフェッショナルは仮想化環境の管理に長けています。 スキル:この職務に必要な知識とスキルには、実装と統合、セキュリティ、構成、およびAzure、AWS、GCP、Exchange、Office 365などの一般的なクラウドソフトウェアツールの知識が含まれます。 職務の伸長度:27%の企業が、クラウド投資の一環としてクラウドシステム管理者の職種を追加しています。 3.DevOpsエンジニア DevOpsは、ITシステムを改善し、コーディングチームとエンジニアリングチーム間のコミュニケーションの流れを維持するための仲介役として機能するために、IT運用と開発プロセスを融合させることに重点を置いています。自動化されたアプリケーションの展開、ITおよびクラウドインフラストラクチャのメンテナンス、新しいソフトウェアやシステムの潜在的なリスクとメリットの特定に重点を置く役割を担っています。 スキル:DevOpsエンジニアに関連するスキルには、自動化、Linux、QAテスト、セキュリティ、コンテナ化、JavaやRubyなどのプログラミング言語の知識などがあります。 職務の伸長度:21%の企業が、クラウド投資の一環としてDevOpsエンジニアの職務を追加しています。 4.クラウドシステムエンジニア クラウドへの移行には、クラウド環境を最大限に活用するための新たなインフラストラクチャの導入が伴います。クラウドシステムエンジニアは、企業のクラウドイニシアチブをサポートするために必要なインフラストラクチャの設計、実装、保守を担当します。 スキル:クラウドシステムエンジニアに関連するスキルには、ネットワーキング、自動化とスクリプト、Python、PowerShell、自動化、セキュリティとコンプライアンス、コンテナ化、データベース管理、災害復旧、パフォーマンスの最適化などがあります。 職務の伸長度:20%の企業が、クラウド投資の一環としてクラウドシステムエンジニアの職種を追加しています。 5.クラウドソフトウェアエンジニア クラウドソフトウェアエンジニアは、クラウドプラットフォーム上で動作するソフトウェアアプリケーションの開発やメンテナンスを行い、これらのアプリケーションがスケーラブルで信頼性が高く、アジャイルに動作するよう徹底するのが仕事です。クラウドに移行した企業は、クラウド環境を最大限に活用するために、企業独自のサービスやアプリケーションを構築できるITプロフェッショナルを必要としている場合が多いです。IT意思決定者の半数以上が、自社のIT環境全体がクラウドに移行していると回答し、今後1年半の間に63%まで増加すると予想されているなか、クラウドソフトウェアエンジニアは組織において急速に重要な役割を担うようになってきています。 スキル:クラウドソフトウェアエンジニアに関連するスキルには、Python、Java、C#、JavaScript、マイクロサービス アーキテクチャ、サーバーレス コンピューティング、APIとSKD、DevOps、サイバーセキュリティ、アジャイル手法の知識などがあります。 職務の伸長度:19%の企業が、クラウド投資の一環としてクラウドソフトウェアエンジニアの職務を追加しています。 6.セキュリティアーキテクト セキュリティアーキテクトは、ITインフラストラクチャの安全性を維持するために、企業におけるセキュリティソリューションの構築、設計、実装を担当します。クラウド環境で働くセキュリティアーキテクトにとって、ビジネスのクラウドベースのインフラストラクチャ、データ、アプリケーションを保護するセキュリティソリューションの設計と実装が焦点となります。クラウド投資を促進するビジネス目的の第1位は「障害復旧と事業継続の実現」(40%)であり、セキュリティアーキテクトは、企業がこれらの目標を達成するために適切な対策を講じることをサポートすることができます。 スキル:クラウド環境で働くセキュリティアーキテクトに関連するスキルには、セキュリティアーキテクチャの設計、ネットワークセキュリティ、セキュリティのコンプライアンスとガバナンス、インシデント対応とフォレンジック、データ暗号化、IDとアクセスの管理(IAM)、自動化、DevSecOpsなどがあります。 職務の伸長度:18%の企業が、クラウド投資の一環としてセキュリティアーキテクトの職務を追加しています。 7.データアーキテクト データアーキテクトは、組織のデータが容易にアクセスでき、安全で、効率的に保存され、ビジネスニーズを満たすように構造化されているようにすることに重点を置いています。データは企業が分析を行い、ビジネスの意思決定を支援するための主要な手段となっており、そのデータのほとんどは現在クラウドに保存されています。 スキル:クラウド環境で働くデータアーキテクトには、データウェアハウス、スケーラビリティとパフォーマンスの最適化、自動化と仮想化、データガバナンスとクラウドセキュリティ、データ移行、ハイブリッド クラウド ソリューションの知識などのスキルが必要になります。 職務の伸長度:18%の企業が、クラウド投資の一環としてデータアーキテクトの職種を追加しています。 8.セキュリティエンジニア セキュリティエンジニアの仕事は、組織のシステム、ネットワーク、データのセキュリティを監督し、サイバーセキュリティの脅威から確実に保護することです。クラウドに投資する企業にとって、セキュリティエンジニアは、クラウドプラットフォーム上で実行されるサービス、アプリケーション、データが安全であり、あらゆる政府規制を遵守していることを確実にするのに一役買うことができます。 スキル:クラウド環境で働くセキュリティエンジニアに関連するスキルには、ネットワークセキュリティ、IDとアクセスの管理(IAM)、暗号化、脆弱性の管理、セキュリティアーキテクチャ、クラウドセキュリティ、自動化、インフラストラクチャの設計と最適化などがあります。 職務の伸長度:16%の企業が、クラウド投資の一環としてセキュリティエンジニアの職種を追加しています。 9.クラウドコンサルタント クラウドの急速な普及と移行に伴い、企業はクラウドのテクノロジーを活用してビジネスニーズを満たし、ビジネスを成長させ、効率を向上させる方法を指導できる専門家を求めています。これらのプロフェッショナルはクラウドの専門家であり、クラウド技術の最新イノベーションを常に把握し、ビジネスリーダーに最適なアドバイスを提供します。クラウドコンサルタントの重要性は、回答者の50%が挙げた「持続可能な収益の増加」を達成するためにクラウドを導入する企業にとってますます高まっています。 スキル:クラウドコンサルタントに関連するスキルとしては、アーキテクチャおよびソリューションの設計、DevOps、自動化、プロジェクト管理、クラウドセキュリティ、コンプライアンス、クラウドへの移行、一般的なクラウドプラットフォームに関する知識などがあります。 職務の伸長度:16%の企業が、クラウド投資の一環としてクラウドコンサルタントの職種を追加しています。 10.クラウド開発者 クラウド開発者は、クラウド環境でソフトウェアの開発と展開を行うための重要な役割を担っています。これらのITプロフェッショナルは、クラウドプラットフォーム上で動作するように設計されたアプリケーションの設計、作成、展開を担当し、ビジネスニーズを満たすための拡張性、信頼性、コスト効率の高いソリューションの構築に重点を置いています。 スキル:クラウド開発者に関連するスキルとしては、Java、C#、Pythonなどのプログラミング言語や、一般的なクラウドプラットフォーム、マイクロサービス アーキテクチャ、データベースストレージ、アジャイル手法、APIとSKD、コンテナとオーケストレーションに関する知識が挙げられます。 職務の伸長度:16%の企業が、クラウド投資の一環としてクラウド開発者の職種を追加しています。 11.クラウドネットワークエンジニア クラウドネットワークエンジニアは、組織のクラウドベースのネットワークの設計、実装、管理を担当します。これらのITプロフェッショナルは、ネットワーク管理、仮想化、仮想LAN、広域ネットワーク(WAN)、TCP/IP、HTTP、ネットワークセキュリティ、ハイブリッドクラウドやマルチクラウドの展開の統合を監督する任務を負っています。 […]
Payment-processing outages at UK retailers raise reliability issues for cashless transactions
Payment-processing failures at several high-profile retail brands in the UK over the past week disrupted on-site customer service and stirred speculation about the cause of the outages. The problems at fast food restaurant McDonalds, supermarkets Tesco and Sainsbury’s, and bakery chain Greggs, highlight retailers’ increasing reliance on third-party payment systems and the technical issues hampering […]
1 in 4 Organizations Shut Down OT Operations Due to Cyberattacks: Survey
A Palo Alto Networks survey shows many industrial organizations experience cyberattacks and 1 out of 4 has shut down OT operations. The post 1 in 4 Organizations Shut Down OT Operations Due to Cyberattacks: Survey appeared first on SecurityWeek.
Governance and Fighting the Curse of Complexity
The task is Sisyphean. The mountain is IT complexity. The boulder is made from complex infrastructure, network connections, data stores, and devices. The person pushing the boulder up the steep slope? Every IT and security leader and worker. Will we ever rein in IT complexity? Unfortunately, not. But we can try. There are two routes […]
Microsoft Hires Influential AI Figure Mustafa Suleyman to Head up Consumer AI Business
Microsoft hired Mustafa Suleyman to head up its new AI business, adding an influential figure to its pool of talent leading the charge to build a technology that Suleyman views as both as a boon and threat to humanity. The post Microsoft Hires Influential AI Figure Mustafa Suleyman to Head up Consumer AI Business appeared […]
Hacker Caught Stealing Personal Data of 132,000 Individuals Pleads Guilty
Idaho man pleads guilty to hacking charges over cyberattacks he conducted in 2017 and 2018, which involved data theft and extortion. The post Hacker Caught Stealing Personal Data of 132,000 Individuals Pleads Guilty appeared first on SecurityWeek.
How CIOs navigate generative AI in the enterprise
In its infancy, gen AI is already transforming organizations and profoundly impacting IT strategies. But while language models (LLMs) accelerate engineering agility, they also open the floodgates to unprecedented technical debt accumulation. “Generative systems are likely to accelerate the amount of code that gets produced, so on that basis alone, technical debt will increase,” says […]
Generative AI takes center stage in latest ServiceNow release
ServiceNow’s latest platform release, dubbed Washington DC, moves the cloud-based IT management and operations software company sharply in the direction of generative AI, with new features designed to help companies working with that technology. The Washington DC platform applies generative AI technology to several of ServiceNow’s flagship solutions. Its ITOM AIOps platform can now use […]
Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server
Atlassian releases patches for two dozen vulnerabilities, including a critical-severity bug in Bamboo Data Center and Server. The post Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server appeared first on SecurityWeek.
Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon
Government agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon. The post Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon appeared first on SecurityWeek.
Chrome 123, Firefox 124 Patch Serious Vulnerabilities
Chrome and Firefox security updates released on Tuesday resolve a critical-severity and multiple high-severity vulnerabilities. The post Chrome 123, Firefox 124 Patch Serious Vulnerabilities appeared first on SecurityWeek.
If you invest more in AI than people, you’re doing it wrong
Generative AI has the power to reinvent every facet of an organization. Companies are realizing its potential, but before they can shift their gen AI strategies from “showing promise” to “making profit,” they’ll need to answer several technology-related questions: do I have the right LLM for my industry and function; is my data foundation rigorous […]
Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024
Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues The post Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024 appeared first on SecurityWeek.
White House Calls on States to Boost Cybersecurity in Water Sector
The White House is calling on state environmental, health, and homeland security agencies to convene on safeguarding water systems. The post White House Calls on States to Boost Cybersecurity in Water Sector appeared first on SecurityWeek.
Risk Management Firm CyberSaint Raises $21 Million
Cyber risk management company CyberSaint announced on Wednesday that it has raised $21 million in Series A funding. The latest investment, which brings the total raised by the company to $29 million, was led by Riverside Acceleration Capita (RAC), with participation from Sage Hill Investors, Audeo Capital, and BlueIO. CyberSaint said the new funding enables […]
300,000 Systems Vulnerable to New Loop DoS Attack
Academic researchers describe a new application-layer loop DoS attack affecting Broadcom, Honeywell, Microsoft and MikroTik. The post 300,000 Systems Vulnerable to New Loop DoS Attack appeared first on SecurityWeek.
Control D Launches Control D for Organizations: Democratizing Cybersecurity for Organizations of All Sizes
Toronto, Canada, January 29th, 2024, Cyber NewsWire In an era where online threats no longer discriminate by business size, Control D, powered by Windscribe VPN‘s robust security expertise, announced today the launch of ‘Control D for Organizations‘. This modern DNS service democratizes cybersecurity, making it accessible to businesses of every size, from budding start-ups to late stage […]
情報の価値を再発見
スマートフォンの先駆者でGeneral Magicの創立者兼CEOであるマーク・ポラット氏は、スタンフォード大学在学中の1976年に執筆した卒論で、未来は情報機械や情報労働者、情報企業によって定義されると正確に予言しました。 今日、私たちは「情報社会」に生き、「情報経済」の中で働いているというのが一般的な認識です。驚くべきことに、現代人が持つ情報量の多さにもかかわらず、例えば1日に35億件の検索が行われているているにもかかわらず、情報を使って価値を創造するための具体的な戦略の特定に窮しているのです。 情報管理について真剣に取り組む時がきています。情報技術ではなく、情報管理にです。技術=進歩ではありません。情報から価値を生み出すことこそが進歩なのです。 エグゼクティブブリーフィングや年間レポートは、「注目の新技術にこれだけの予算を費やしている」という類似事実であふれています。サブスクリプションリサーチ会社によって数字は異なりますが、世界はいま情報技術に多額の支出をしており、いわば4兆6000億ドル支出しています。分析会社のDeep Analysisは、インテリジェントドキュメント処理の400以上のベンダー市場のみでも2026年末までには40億ドルに成長する可能性があると推測しています。 しかし、情報発信が事実上無料のグーテンベルク後(ソーシャルメディア)経済時代に入った今、情報を発信する機械やシステムにかかるコストに目を向けることをやめ、代わりに情報から価値(および意味)を生み出す経済に目を向けるべきではないでしょうか。主要な意思決定者が必要な情報を得るためにどれだけのコストをかけているかを実際に把握している人はいるのでしょうか。 情報戦略を構築する時機到来 2、3年おきに、粗雑な情報管理によっていかに容易に価値が損なわれるかを思い知らされます。最近の例では、21歳の「サイバートランスポートシステムのジャーニーマン」、ジャック・テイシェイラの事件です。彼はケープコッド共同基地内のオーティス空軍州兵基地に本部を置く第102情報航空団に配属されていましました。テイシェラは、国防機密情報を意図的に保持・送信し、機密国家情報をビデオゲーム仲間と共有したとして起訴されました。 この事件は、政府の機密情報管理プロセスの正当性全体に疑問を投じました。これは政府だけで起きていることではありません。 企業部門においては、情報管理の不備によって破壊された価値は、罰金や訴訟の和解金の支払額で計測されることがよくあります。このような大惨事が明るみに出る前に、上場企業はしっかりと情報管理をしているかどうかを判断するためにどのような指標を使っているでしょうか。また使うべきでしょうか。P&Gとユニリーバ、コカ・コーラとペプシ、GMとフォード、マクドナルドとチポトレ、マリオットとヒルトン、どちらの企業がより効率的に情報管理をしているのでしょうか。就職希望者を面談する際に、その候補者が情報管理のスキルを持ち、責任ある行動を取ることができる人かどうかをどのように確認すればよいのでしょうか。 経営史の専門家によると、世紀の変わり目の10年ほど前、それまで普遍的に「良いもの」と思われていた「情報」が、問題視され始めるようになりました。パソコンの発明からおよそ20年後、一般の人たちは日々生成される情報量に圧倒されるようになりました。私たちは情報によって栄え、情報に依存していますが、情報に雁字搦めにされることもあります。1人の人間が処理できる以上の情報があふれかえっています。 情報ナラティブはとても前向きなものから、情報を「止められない蒸気ローラー」や「川、しかもとても汚染された川」として描く暗い比喩や例えへと変わってしまいました。 フューチャリストの資金集めパーティで出会った仲間で、現在ニューヨーク大学の副学長を努めているニューメディア教授のクレイ・シャーキー氏は、「これは情報過多ではなく、フィルタリングの失敗だ」と名言を残しました。これは情報戦略に疑問を投じるものです。あなたは利用できる情報リソースから価値を創造する戦略を個人的にお持ちでしょうか。貴社はどうでしょうか。 情報を利用して価値を創造 私たちは皆、情報科学者です。私たちは i.schoolの学位は持っているわけでも、情報管理にフォーカスを当てたAssociation for Intelligent Information ManagementやARMAなどの業界団体や職能団体のメンバーであるわけではありませんが、私たち一人一人が情報を生成し、整理し、管理し、保管し、検索し、使用しているのです。 経済界の中には、情報戦略についてじっくり考えている人もいます。1994年4月12日、アリゾナの弁護士であるローレンス・キャンターとマーサ・シーゲル夫妻は、6000以上のUsenetニュースグループに迷惑メールを送り、史上初の大量スパム行為に乗り出しました。彼らは10万ドル以上の収益を生み出しながら、ほとんど全く経費が掛からない情報戦略を使っていたのです。私はこの情報戦略を容認しているのではありません。情報から価値を生み出したければ、それには戦略が必要だということを認めているだけです。 情報戦略では、いくつかの根本的な課題に対処しなければなりません。例えば、不必要な情報によって限られた注意力が圧倒されるのをどのように防ぐか、いかにして個人情報や機密情報が公になるのをどのように防ぐか、などといったことです。 効果的な情報管理戦略の構築から得られるものは多大なのです。 Data Management, IT Strategy
Airbus abandons possible acquisition of Atos data division
Another attempt by Atos to solve its debt problems by selling off part of its business has ended in failure. Airbus, a potential acquirer of the IT services company’s big data and security business, has walked away from the deal after completing its “due diligence” investigation. As a result, Atos has postponed — again — […]
Generative AI copilots are your productivity rocket boosters
So much digital ink has been spilled regarding how generative AI is a first-class productivity booster. Estimates on this score remain speculative, even if the expectations are robust. Ninety-one percent of business and technology leaders surveyed by Deloitte1 expect genAI to improve their organizations’ productivity, with 27% expecting a significant productivity boost.Such stats sound great […]
The HP-Autonomy lawsuit: Timeline of an M&A disaster
Around the turn of the century, Autonomy Corporation was one of the darlings of the UK technology industry, specializing in knowledge management and enterprise search. It went on an acquisition spree in the early 2000s, driving up its revenue, before being swallowed itself by Hewlett-Packard in 2011, in a deal that valued it at over […]
Airbus Pulls Out of Deal to Buy Atos Cybersecurity Unit
Atos shares tank after Airbus decides not to move ahead with discussions to acquire its cybersecurity business. The post Airbus Pulls Out of Deal to Buy Atos Cybersecurity Unit appeared first on SecurityWeek.
Chinese APT Hacks 48 Government Organizations
Earth Krahang, likely a penetration team of Chinese government contractor I-Soon, has compromised 48 government entities worldwide. The post Chinese APT Hacks 48 Government Organizations appeared first on SecurityWeek.
BigID Raises $60 Million at $1 Billion Valuation
Data security firm BigID raises $60 million in a growth round that brings the total to $320 million and values the company at over $1 billion. The post BigID Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek.
Nations Direct Mortgage Data Breach Impacts 83,000 Individuals
Nations Direct informs 83,000 individuals that their personal information was compromised in a data breach. The post Nations Direct Mortgage Data Breach Impacts 83,000 Individuals appeared first on SecurityWeek.
Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle
The rapid evolution of AI and analytics engines will put campaign-year disinformation into hyperspeed in terms of false content creation, dissemination and impact. The post Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle appeared first on SecurityWeek.
7 ways to make IT operations more efficient
No CIO wants to lead an inefficient IT organization. That’s a given. Yet due to inattention or by sticking to outdated practices, IT can become progressively inefficient and unproductive. Addressing IT efficiency should be an ongoing process, not a one-time event, says Robert Orshaw, global cloud operate leader with Deloitte Consulting. Continuous improvement is key, […]
A CIO primer on addressing perceived AI risks
Ask your average schmo what the biggest risks of artificial intelligence are, and their answers will likely include: (1) AI will make us humans obsolete; (2) Skynet will become real, making us humans extinct; and maybe (3) deepfake authoring tools will be used by bad people to do bad things. Ask your average CEO what […]
Misconfigured Firebase Instances Expose 125 Million User Records
Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple organizations in the US, including fast food chains such as Applebee’s, Chick-fil-A, KFC, Subway, Taco Bell, and Wendy’s, three security researchers […]
Mintlify Data Breach Leads to Exposure of Customer GitHub Tokens
Mintlify announces vulnerability disclosure program after a data breach exposed 91 customer GitHub tokens. The post Mintlify Data Breach Leads to Exposure of Customer GitHub Tokens appeared first on SecurityWeek.
Aiohttp Vulnerability in Attacker Crosshairs
A recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group. The post Aiohttp Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
Digital workplace trends: How India is adapting to the new normal
COVID-19 pandemic significantly changed the way we work. According to NTT DATA’s 2023 Global Employee Experience Trends Report, nearly 60% of employees around the world are now working remotely all or some of the time – and India is no exception. Clearly, hybrid working is now slowly becoming the norm. Employees value the flexibility of […]
High-Quality 10 Gbps CloudCampus. High-Quality must be included.
The global campus network market is quietly but steadily expanding. The first quarter of 2023 saw a 43.3% YoY increase in the enterprise segment of the worldwide wireless local area network (WLAN) market, achieving a market value of $2.8 billion. This strong growth was largely driven by the adoption of the latest industry standards Wi-Fi […]
L’attenzione dei CIO verso l’espandersi del SaaS
Dopo anni di strategie incentrate sull’adozione di soluzioni cloud point, i CIO si trovano sempre più spesso a dover gestire un conto in sospeso: la razionalizzazione, la gestione e l’integrazione di una serie sempre più ampia di offerte SaaS, molte delle quali non sono state introdotte da loro stessi nel patrimonio cloud dell’azienda. Salesforce, Workday, […]
Aembit Announces New Workload IAM Integration with CrowdStrike to Help Enterprises Secure Workload-to-Workload Access
Silver Spring, Maryland, January 30th, 2024, Cyberwire Aembit Becomes the First Workload IAM Platform to Integrate with the Industry-Leading CrowdStrike Falcon Platform to Drive Workload Conditional Access Aembit, the Workload Identity and Access Management (IAM) platform that enables DevOps and security teams to discover, manage, enforce and audit access between workloads, today announced the availability […]
ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On
Brea, California, February 26th, 2024, Cyberwire The current large surge in cyber threats has left many organizations grappling for security so ThreatHunter.ai is taking decisive action. Recognizing the critical juncture at which the digital world stands, ThreatHunter.ai is now offering their cutting-edge cybersecurity services free of charge to all organizations for 30 days, irrespective of […]
UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack
UnitedHealth is testing the last major system it must restore from last month’s Change Healthcare cyberattack, but it has no date yet for finishing the recovery. The post UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack appeared first on SecurityWeek.
SAP and Nvidia expand partnership to aid customers with gen AI
SAP and Nvidia announced an expanded partnership today with an eye to deliver the accelerated computing that customers need in order to adopt large language models (LLMs) and generative AI at scale. Under the partnership, SAP is integrating Nvidia’s generative AI foundry service, including the newly announced Nvidia NIM inference microservices, into SAP Datasphere, SAP […]
Nvidia AI Enterprise adds generative AI microservices
Version 5.0 of Nvidia’s enterprise-spanning AI software platform will feature a smorgasbord of microservices designed to speed app development and provide quick ways to ramp up deployments, the company announced today at its GPU Technology Conference. These microservices are provided as downloadable software containers used to deploy enterprise applications, Nvidia said in an official blog […]
2024年サイバー攻撃最前線 その脅威と対策
もはやサイバー攻撃は対岸の火事ではない。 サイバーセキュリティ大手のトレンドマイクロが2023年6月、特定非営利活動法人 CIO Loungeと国内の法人組織のセキュリティやリスクマネジメントの責任者(部長職以上)305人を対象に「サイバー攻撃による法人組織の被害状況調査」を実施した。 この調査の中で過去3年間におけるサイバー攻撃の被害経験有無を聞いたところ、「経験した」と回答した割合は56.8%だった。 「過去3年間に外部から受けたサイバー攻撃の中で最も被害コストが大きかったもの」を聞いたところ、ランサムウェアが17.4%で最多。続いてビジネスメール詐欺が14.4%、サービス妨害攻撃(DoS、DDo S)が8.9%、サービス不正使用(不正購入・不正カード利用)が6.2%、スパムメール送信の踏み台として自社メールシステムを利用(4.9%)、機密情報の窃取・暴露(2.0%)、Webサイト改ざん(1.3%)、他社侵入の踏み台として自社システムを利用(0.7%)など。 ランサムウエアは、PCに感染して、保存されているファイルを暗号化して開けなくした上で、ファイルをもとに戻すことと引き換えに身代金を要求するマルウエア(コンピュータウイルス)のことだ。 以前は無差別にウイルスを送り付けることが一般的だったが、最近ではより巧妙化し、特定の個人や企業を狙い撃ちして、セキュリティ対策の甘い部分を狙い、執拗に攻撃する事例が増えているという。 「サイバー空間における脅威は増加しています。近年はさまざまな新興技術というのが世の中で台頭してきています。各企業や組織はそうした技術を活用することで、業務の効率化や新しいサービスの提供を行っています。しかし新興の技術というのは、普及度が低かったり、利用用途が明確でなかったりして、そうした技術を利用したサービスを提供する側も、利用する側もサイバーセキュリティに対するリテラシーや習熟度が相対的に低くなる傾向があります。サイバー犯罪者はそうした脆弱性を突いてサイバー攻撃を行ってくるわけです」 トレンドマイクロのセキュリティマーケティング部シニアスレットスペシャリストの平子正人氏はこう語る。 2024年に予測される5つの脅威 では2024年はどのようなサイバー攻撃が主流となってくるのだろうか。 トレンドマイクロでは2024年に予測される脅威としては以下の5つの事柄を上げている。 クラウドネイティブワーム攻撃 生成AIによるソーシャルエンジニアリングの強化 クラウドベースの機械学習の武器化 サプライチェーンのCI/CDシステムの侵害 ブロックチェーンへの攻撃 ではそれぞれ見ていくことにしよう。まずはクラウド環境に対するサイバー攻撃だ。多くの企業が数年の間にデジタルトランスフォーメーション(DX)の推進に伴って、クラウドシフトを進めている。 クラウドは簡単に展開できる一方で、設定の不備やミスがよくある。クラウド環境のセキュリティの重要性については常に注意喚起が行われている。クラウドの設定ミスによって、組織の個人情報や機密情報が漏洩することは日本でもいくつか散見されるようになった。 「私たちはクラウドの脅威の中でも、その環境の中で利用されている特定の技術の悪用の可能性について注意喚起するようにしています」(平子氏) それがオーケストレーションツール(Orchestration Tool)とよばれるものだ。クラウド上のコンテナ(アプリ開発をするために必要なものをひとまとめにできる仕組み)を自動化するツールだ。 代表的なものとしてはグーグルが開発したオープンソースのKubernetes、Docker社が提供するdocker-compose、AWSが提供するAmazon Elastic Container Service (Amazon ECS)がある。 「こうした環境全体をコントロールする自動化ツールの権限というものを攻撃者が掌握することができれば、マルウエアの拡散の効率化にもつながるわけです。例えば攻撃者が、認証やアクセス制御が適切に行われていないAPI(アプリケーションプログラミングインターフェース)にマルウエアを送り込むことで、大規模な感染を引き起こすことができます。こうした手法が今後、実行される恐れがあると考えています」(平子氏) これはクラウド寄生型攻撃(Living off the Cloud)と呼ばれるもので、攻撃者はセキュリティソフトによる検知を避けるために、できるかぎりクラウド環境に存在しているクラウド・ネイティブ・ツールを悪用する。 「クラウド環境側においてもオーケストレーションツールのような強力なツールが悪用されていくと私どもでは予測しております」(平子氏) 攻撃者に狙われている生成AI関連技術 ChatGPTのリリース以降、サイバー犯罪における生成AIの活用が活発化している。 サイバー犯罪アンダーグラウンドマーケットでは、「Dark AI」というAI専門の不正プログラムを売買するセクションが新たに設けられていることが確認されている。 「フィッシング」や「ビジネスメール詐欺(BEC)」を支援するサイバー犯罪用の生成AIツール「WormGPT」が販売されていたことが明らかになっている。 FBI の Internet Crime Complaint Center (IC3)によると、人の心理的な隙や行動ミスにつけ込み、個人が持つ秘密情報を搾取する「ソーシャルエンジニアリング」は攻撃者にとって最も利益の高い攻撃手法の一つとして確立しているという。 「特に2024年はアメリカ大統領選などが控えているので、政治的な『インフルエンスオペレーション(虚偽情報を拡散したり、特定組織の機密情報をリークしたりすること)』の増加に生成AIが悪用されることが予想されます」(平子氏) 生成AIが悪用されることで、より洗練されたソーシャルエンジニアリングが可能になった。 例えば、攻撃者が特定の個人の音声や画像を生成AIにインプット。本人に酷似した音声や画像を生成し、「音声クローニング(特定の話者の声を別の話者が模倣する技術)」や「合成メディア」を作成。さまざまなソーシャルエンジニアリングに悪用し、「なりすまし」や「フィッシング」「BEC」を行っている。 「今の段階ではまだいたずらレベルで、インシデントとしては上がっていませんが、企業や組織の場合、CEOや役員の音声や画像、SNSに公開されている情報を生成AIの学習モデルにインプットすると、本物そっくりの音声や映像ができます。なりすましやビジネスメール詐欺などの攻撃に活用することで、受信者が、本物か偽物かを見分けることが難しくなると予測しています」(平子氏) 機械学習モデルを汚染する「データポイズニング」も大きなクライシスとなっている。 攻撃者は不正な情報を大型言語モデル(LLM)に送り、生成AIを活用したユーザーが「○○について教えて」「××を作成して」といった質問をインプットする。その結果として不適切なコンテンツや変更した内容が表示されるようなことも起こっている。 「生成AIのLLMに悪意をもって不適切な内容をインプットすることをデータポイズニングといいます。このサービスを使うユーザーは、事実と異なるアウトプットが返ってくる可能性があるわけです。サービスの提供企業側は、サービスそのものの評判が悪くなり、利用者が減少するという深刻な現象が発生する可能性があります。サービスの利用者側は利用責任、提供者側は管理責任がありますから、生成AIやLLMに対して適切なセキュリティ対策がおこなわれているかどうか、透明性という部分を意識し、こうした新興技術を利用する際には意識をする必要があります」(平子氏) 狙われるCI/CDシステムやブロックチェーン 近年、アジャイル開発の現場などで、アプリケーション開発におけるビルドやテストの自動化をサポートするツールとして「Continuous Integration(継続的インテグレーション)/ […]
CIOs weigh where to place AI bets — and how to de-risk them
Amid the turbulence of AI, technologies are emerging rapidly, startups are clamoring for attention, and hyperscalers are scrambling to corral market share. It’s an environment that taxes the decision-making skills of the even the most savvy CIOs. But ready or not, choices with far-reaching repercussions must be made. And standing still is not an option. […]
What the Digital Operational Resilience Act means for you
We’re at a critical time for digital transformation. Every business in some form or another is looking to adopt and integrate emerging technologies—whether that’s artificial intelligence, hybrid cloud architectures, or advanced data analytics—to help achieve a competitive edge and reach key operational goals. But while there’s plenty of excitement and change underway, security risks and […]
Make the most of mainframe security services
At a time when emerging technologies are grabbing headlines, it’s easy to overlook the importance of mainframe systems. Doing so, however, would be a mistake. Some of a business’ most sensitive data is stored, tightly locked away, on mainframe systems. There’s a reason that—according to a Rocket Software survey, over half (51%) of IT leaders […]
3 Ways Your Enterprise Commerce Platform Can Make You More Money
Too many enterprise businesses have been held back by their commerce technology. Increasing tech debt, disparate sales channels, costly innovation to improve customer experiences, and worst of all: an outsized total cost of ownership (TCO). It’s time to put an end to that era. Modern enterprises require a cost-effective, high-converting platform to outpace competitors. Shopify […]
Data replication holds the key to hybrid cloud effectiveness
At the heart of every business decision, regardless of industry or sector, is data. It’s what business leaders rely on to show them where gaps in knowledge and opportunities for growth exist within their own organizations. As more businesses look to carve out an advantage in an increasingly competitive market, many are turning toward cloud […]
Technology’s role in social sustainability
Technology has a critical role to play in any organization’s social sustainability strategy. And according to a survey from NTT, a majority of senior executives recognize this and are actively working to harness digital technology and innovation to support their social sustainability initiatives. In North America, 59 percent of C-suite executives surveyed said digital […]
Ethics and the future of innovation
The transformative power of technologies like artificial intelligence (AI) and machine learning is undeniable. But, without careful stewardship, they could have detrimental consequences. That’s why ethics must take center stage – even as these technologies continue to advance – in order to safeguard the future of people, prosperity and our planet. Consider the many innovations […]
AI Ethics
The transformative power of technologies like artificial intelligence (AI) and machine learning is undeniable. But, without careful stewardship, they could have detrimental consequences. That’s why ethics must take center stage – even as these technologies continue to advance – in order to safeguard the future of people, prosperity and our planet. Consider the many innovations […]
UK Government Releases Cloud SCADA Security Guidance
UK’s NCSC releases security guidance for OT organizations considering migrating their SCADA solutions to the cloud. The post UK Government Releases Cloud SCADA Security Guidance appeared first on SecurityWeek.
Fujitsu Data Breach Impacts Personal, Customer Information
Fujitsu says hackers infected internal systems with malware, stole personal and customer information. The post Fujitsu Data Breach Impacts Personal, Customer Information appeared first on SecurityWeek.
Cisco Completes $28 Billion Acquisition of Splunk
The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023. The post Cisco Completes $28 Billion Acquisition of Splunk appeared first on SecurityWeek.
Pentagon Received Over 50,000 Vulnerability Reports Since 2016
Since 2016, the US DoD has received over 50,000 submissions through its vulnerability disclosure program. The post Pentagon Received Over 50,000 Vulnerability Reports Since 2016 appeared first on SecurityWeek.
Exposure to new workplace technologies linked to lower quality of life
Exposure to new technologies such as trackers, robots, and AI software in the workplace work is linked with lower quality of life for workers, a UK study has found. The Institute for the Future of Work surveyed over 6,000 people and examined how four types of technologies that are becoming more common in the workplace […]
Indian government asks genAI developers to self-regulate
Developers of risky generative AI models are now free to release them without government approval, but are being encouraged to self-regulate by adding labels to the output of their models warning of their potential unreliability. In a reversal of its previous stance, The Ministry of Electronics and Information Technology (MeitY) issued a fresh advisory on […]
Hacker Conversations: Stephanie ‘Snow’ Carruthers, Chief People Hacker at IBM X-Force Red
The desire to be a hacker is usually innate, and commonly emerges in early life. This did not happen with Snow: she was a married freelance special effects makeup artist when it all began. The post Hacker Conversations: Stephanie ‘Snow’ Carruthers, Chief People Hacker at IBM X-Force Red appeared first on SecurityWeek.
New Attack Shows Risks of Browsers Giving Websites Access to GPU
Researchers demonstrate remote GPU cache side-channel attack from within browsers against AMD and NVIDIA graphics cards. The post New Attack Shows Risks of Browsers Giving Websites Access to GPU appeared first on SecurityWeek.
Moldovan Operator of Credential Marketplace Sentenced to US Prison
Sandu Diaconu has been sentenced to 42 months in prison for operating a marketplace for compromised credentials. The post Moldovan Operator of Credential Marketplace Sentenced to US Prison appeared first on SecurityWeek.
Gen AI’s ultimate potential? Hive mind teamwork
Under a sun-bleached tent outside Baghdad, we came to a grim conclusion: Our elite counterterrorism teams (JSOC) — composed of the best-equipped forces in history — were losing to an enemy armed with tech you could fish out of a bargain bin. This enemy could form a plan, execute it on the battlefield, and be […]
PoC Published for Critical Fortra Code Execution Vulnerability
A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution. The post PoC Published for Critical Fortra Code Execution Vulnerability appeared first on SecurityWeek.
IMF Emails Hacked
The International Monetary Fund (IMF) detects a cybersecurity incident that involved nearly a dozen email accounts getting hacked. The post IMF Emails Hacked appeared first on SecurityWeek.
6 key considerations for selecting an AI systems vendor
Many IT leaders are responding to C-suite pressure for artificial intelligence (AI) capabilities by increasing the organization’s AI investment in 2024. They’re finding that AI success is a complex task, and they need all they help they can get. Choosing the right AI systems vendor – one with the right capabilities – won’t solve all […]
ASUS unveils powerful, cost-effective AI servers based on modular design
For successful AI deployments, IT leaders not only need the latest GPU/CPU silicon, they also need artificial intelligence (AI) servers that establish a foundation. That means hardware designed from the ground up for maximum performance, data center integration, AI development support, optimal cooling, and easy vertical and horizontal scaling. ASUS’ collaboration with AI chip leader […]
CIOs take aim at SaaS sprawl
Years into strategies centered on adopting cloud point solutions, CIOs increasingly find themselves facing a bill past due: rationalizing, managing, and integrating an ever-expanding lineup of SaaS offerings — many of which they themselves didn’t bring into the organization’s cloud estate. Salesforce, Workday, Atlassian, Oracle, Microsoft, GitHub, and ServiceNow are but a few of the […]
Canadian CIOs discuss driving digital transformation at a rapid pace
According to the State of the CIO, 2024 research “79% of heads of IT say that CIOs have a strong educational partnership with the CEO/board of directors “and “88% of CIOs say that their role is becoming more digital and innovation focused”. I moderated roundtables across Canada from Vancouver to Ottawa in the fall of […]
Pentagon’s first chief AI officer leaves after two years
The first leader of the fledgling Chief Digital and Artificial Intelligence Office [CDAO] in the US Department of Defense is leaving his post, but the Pentagon already has a successor lined up. Chief Digital and Artificial Intelligence Officer Craig Martell, the first head of the CDAO, was hired by the Pentagon in April 2022, just […]
Codezero Raises $3.5 Million for DevOps Security Solution
Secure enterprise microservices development firm Codezero raises $3.5 million in seed funding. The post Codezero Raises $3.5 Million for DevOps Security Solution appeared first on SecurityWeek.
In Other News: CISA Hacked, Chinese Lock Backdoors, Exposed Secrets
Noteworthy stories that might have slipped under the radar: CISA hacked via Ivanti vulnerabilities, Chinese electronic lock backdoors, secrets exposed on GitHub. The post In Other News: CISA Hacked, Chinese Lock Backdoors, Exposed Secrets appeared first on SecurityWeek.
Eroski apuesta por la innovación abierta y crea su Venture Program
También te puede interesar: El Consorci de la Zona Franca abre la primera incubadora de ‘startups’ de logística 4.0 Cinco consejos para asociarse con éxito a una ‘startup’ Por qué los CIO no deben desestimar la colaboración con ‘startups’ Al igual que muchas empresas que ven la innovación como una prioridad de negocio, la cadena de […]
Discontinued Security Plugins Expose Many WordPress Sites to Takeover
Thousands of WordPress sites are at risk of takeover due to a critical privilege escalation vulnerability in two closed MiniOrange plugins. The post Discontinued Security Plugins Expose Many WordPress Sites to Takeover appeared first on SecurityWeek.
Tech Support Firms Agree to $26M FTC Settlement Over Fake Services
Restoro and Reimage agree to a $26 million settlement after selling fake antivirus and tech services to undercover FTC agents. The post Tech Support Firms Agree to $26M FTC Settlement Over Fake Services appeared first on SecurityWeek.
Freeing up finance: how to control spend, without slowing down business
In the hustle of running a business, many companies overlook the hidden costs that can silently eat away at their bottom line. Take business expenses. You probably have systems set up to manage your strategic spending. But if you’re like many companies, a good chunk of your spending – perhaps as much as one-fifth – […]
43 Million Possibly Impacted by French Government Agency Data Breach
Recent data breach at unemployment agency France Travail (Pôle Emploi) could impact 43 million people. The post 43 Million Possibly Impacted by French Government Agency Data Breach appeared first on SecurityWeek.
Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate
Red Canary’s 2024 Threat Detection Report is based on analysis of almost 60,000 threats across 216 petabytes of telemetry from over 1,000 customers’ endpoints. The post Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate appeared first on SecurityWeek.
20 organizations advancing women in tech
Despite national conversations about a lack of women in IT, women remain largely underrepresented in technology roles, according to a study by the National Science Foundation. And the pipeline doesn’t suggest a near-term correction — women accounted for just 21% of computer science degrees in 2020, up from 18% in 2011 but still lower than the […]
Is DaaS just another tool in the shed for you? Then you’re missing out on these 6 benefits
Gone are the days of the rigid 9-5. Employees have been working flexibly for years now, and the stats show that they love it. To support a consistent experience between work and home, many employers are using Desktop-as-a-Service (DaaS) technology, but many companies could achieve even more by unlocking its full potential. While some CEOs […]
UK public sector urged to ‘maximize the opportunities’ of gen AI
The UK government could improve productivity through widespread and systematized uptake of generative AI, but only if it takes steps to build its expertise and come up with an adoption strategy, a new study has found. Generative AI offers the possibility of “large-scale productivity gains” for UK government workers, but the government lacks an overarching […]
Ballistic Ventures Closes $360 Million Cybersecurity-Focused Fund
Venture capital firm Ballistic Ventures closed an oversubscribed $360 million fund that will be used to fund cybersecurity companies. The post Ballistic Ventures Closes $360 Million Cybersecurity-Focused Fund appeared first on SecurityWeek.
Chrome’s Standard Safe Browsing Now Has Real-Time URL Protection
Chrome’s standard Safe Browsing protections now provide real-time malicious site detection and Password Checkup on iOS now flags weak passwords. The post Chrome’s Standard Safe Browsing Now Has Real-Time URL Protection appeared first on SecurityWeek.
Boat Dealer MarineMax Hit by Cyberattack
MarineMax, one of the world’s largest retailers of recreational boats and yachts, discloses a cyberattack. The post Boat Dealer MarineMax Hit by Cyberattack appeared first on SecurityWeek.
BotGuard Raises $13 Million to Protect Against Harmful Web Traffic
BotGuard OU raises $13 million in Series A funding to help hosting providers filter traffic and protect infrastructures. The post BotGuard Raises $13 Million to Protect Against Harmful Web Traffic appeared first on SecurityWeek.
Zscaler Acquires Avalor for $350 Million
Zscaler acquires Avalor, a risk management platform powered by Data Fabric for Security, for $350 million. The post Zscaler Acquires Avalor for $350 Million appeared first on SecurityWeek.
Telstra – Building A Better Operations Management Platform
One of the most satisfying parts of my job is to write about digital transformation and the extraordinary ways companies are using technology to solve real problems and create business opportunities. I also like highlighting the heroes who make it happen, hoping it will inspire others. Two such heroes are Beba Brunt, executive for field […]
Microsoft Copilot for Security Official Launch Date Announced
Microsoft announces that its Copilot for Security generative AI security solution will become generally available on April 1. The post Microsoft Copilot for Security Official Launch Date Announced appeared first on SecurityWeek.
Cisco Patches High-Severity IOS RX Vulnerabilities
Cisco releases patches for high-severity denial-of-service and elevation of privilege vulnerabilities in IOS RX software. The post Cisco Patches High-Severity IOS RX Vulnerabilities appeared first on SecurityWeek.
Cyber Madness Bracket Challenge – Register to Play
SecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting events. The post Cyber Madness Bracket Challenge – Register to Play appeared first on SecurityWeek.
Shadow AI – Should I be Worried?
Overzealous policies and blanket bans on AI tools risk forcing users underground to use unknown tools with unknown consequences. The post Shadow AI – Should I be Worried? appeared first on SecurityWeek.
Bill That Could Ban TikTok Passed in the House. Here’s What to Know
The House passed legislation that would ban TikTok if its China-based owner ByteDance doesn’t sell its stakes in the popular social media platform within six months of the bill’s enactment. The post Bill That Could Ban TikTok Passed in the House. Here’s What to Know appeared first on SecurityWeek.
Intelligenza artificiale e gen AI: i quattro elementi per passare al “next level”
Le capacità dell’intelligenza artificiale aprono le porte a una nuova era per l’efficienza in azienda. L’arrivo dell’IA generativa, poi, è una promessa senza precedenti: ChatGPT ha raggiunto il traguardo di 100 milioni di utenti in appena due mesi (analisi di Ubs su dati di Similarweb; il World Wide Web, negli Anni ’90, ha impiegato sette […]
AIを従業員の手に
1990年代後半にインターネットへの一般アクセスが登場したとき、CIOはある問いに直面した。従業員が自由に検索できるようにするのか、それとも仕事中のアクセスに制限を設けるのか。それがどうなったかは周知の通りだ。制限はすぐに戦いに敗れ、今ではほとんどの従業員がインターネットに自由にアクセスできるようになった。 ジェネレーティブAIでも、我々は同じような難問に直面している。例えば、アマゾンやアップルは従業員のChatGPT利用を制限しているが、一方でフォードやウォルマートのように、従業員のイノベーションを喚起する目的で、従業員にジェネレーティブAIツールを提供している企業もある。 2021年に株式公開した車両管理SaaSプロバイダー、サムサラのCIO、スティーブン・フランケッティは、AI戦略(あるいは新興テクノロジー戦略)を最適化する唯一の方法はボトムアップ・アプローチだと考えている。「1年前にジェネレーティブAIが爆発的に普及したとき、サムサラはそのテクノロジーを理解していなかったため、かなり限定的なアプローチから始めた」とフランケッティは言う。「当時は、プライバシーとセキュリティのガードレールを設置することに集中していた。 しかし、チームがこのテクノロジーにもっと時間を費やした後、これらの制限を解除した。「ジェネレーティブAIがもたらすものを認識した今、我々の方針は今年劇的に進化した。ナレッジワーカーや専門家にテクノロジーをできるだけ近づけたい。彼らにその能力を与え、実験や創造をさせたいのです」。 フランケッティ氏は、KPIや成果主導の手法が多くのテクノロジー導入に適していることは認めているが、「AIには有機的なアプローチが適している。「もちろん、これらのテクノロジーはより大きなアーキテクチャに統合されなければならないが、ITチームはそれを支援することができる。」 従業員を解放してジェネレーティブAIの実験をさせたことで、フランチェッティ氏はその効果を実感し始めている。「多くの有望なパイロット版が本番稼動し、実験が繰り返されています」と彼は言う。 また、ITヘルプデスク、カスタマーサポート、営業・マーケティング向けの専用ツールでも、AIによる実証実験が進んでいる。「汎用的なコ・パイロットやアシスタントも実験中だ。LLMの商用サービスとオープンソースのものがある。サムサラの従業員は、ドキュメントや職務記述書の作成、コードのデバッグ、APIエンドポイントの作成など、さまざまなユースケースにこれらの汎用アシスタントを適用している。」 例えば、コード生成にLLMの機能を使用することで、サムサラのエンジニアは、定型的なコードの生成や、同社にとって重要なプラクティスであるコードの文書化やコメントの生産性が向上している。「エンジニアの中には英語を母国語としない人もいます」とフランケッティ氏は付け加える。 AIイノベーションへのボトムアップ・アプローチに1年を費やしてきたフランチェッティは、いくつかのアドバイスをしている。 「市民による創造」をエンジニアに限定しないこと: サムサラ社では、AI活用の50%はエンジニアによるもので、残りの半分は法務、営業、マーケティング、財務、カスタマーサポートによるものだとフランケッティは推定している。 現在のアーキテクチャーが足かせになってはいけない: フランケッティ氏は、サムサラのようなクラウドで生まれた企業は、レガシーなインフラで稼働している旧来の企業よりもAIを活用できることを認めている。しかし、だからといってボトムアップ・アプローチの成果を享受できないわけではない。「私は、従業員はアーキテクチャに関係なく実験できると信じています」と彼は言う。「マーケティング資料の作成や財務照合にAIを使うことで、生産性を向上させることができる。これらの特定のツールは、より広範なアーキテクチャとの統合に依存していないため、どのような環境でもこれを行うことができる。 企業データをクリーンアップする: クリーンなデータがなければ、AIの成果は限定的なものになる。「AIとGEN AIの威力は、モデルとコンテキストを共有する能力から生まれる。そうすることで、モデルはあなたの環境を理解し、より良い答えを出すために微調整することができる。」とフランケッティ氏。「AIはあなたのビジネスについて初心者としてスタートするが、あなたのデータで訓練されるにつれて、ツールはエキスパートになる。様々なシステムにデータがあり、真実のソースが相反する場合、AIはより賢くなるために必要なコンテキストを持つことができない。」 何をスケールさせるかを選択する:多くの市民による創造が進行中であるため、CIOはどのパイロットをエンタープライズ・ソリューションに発展させるかを選択するプロセスを開発する必要がある。最も可能性のあるソリューションに時間と資金を費やすために、フランケッティ氏は結果に注目することを提案する。「あるツールが何かをつかんだと確信できる段階になったら、それがどのような測定可能なビジネス成果を達成するのかを問う」と彼は言う。「顧客満足度を向上させるのか、生産性を向上させるのか、どのくらい向上させるのか。」 例えば、サムサラのテクノロジー・チームはここ数カ月、社内のITヘルプデスクにAIを導入する実験を行ってきた。「LLMに支えられたテクノロジーを導入し、Slack内でヘルプデスクのサポートケースを解決するボットを提供できるようになりました」と彼は言う。「現在、ITサポートの35%が完全に自動化されている。これは測定可能な改善であり、サポート・エンジニアはより高次の仕事に集中できる。このような成果が得られたので、チームはカスタマーサービスのための同様のLLMの実験を開始した。LLMは、カスタマーサポート・エージェントの生産性を20%向上させると予測している。」 Generative AI
European Parliament approves EU AI Act: What impact on the enterprise?
After months of wrangling, the European Parliament has signed off on the world’s first comprehensive law to govern artificial intelligence (AI). Members of the European Parliament (MEPs) voted 523 in favor and 46 against, with 49 abstentions, approving a text that had already been agreed in principle by the European Union’s 27 member states in […]
OneFamily’s response to the data quality question
OneFamily is a financial services organization, operating broadly in savings and investments, and responsible for £8 billion of assets under management. But what’s most interesting, says group CIO Graham O’Sullivan, is it’s also a mutual, which means its over two million customers across the UK are also members, so they have a strong voice in […]
3 areas where gen AI improves productivity — until its limits are exceeded
Even though generative AI is a relatively new technology, it’s now difficult to imagine a world without it, given the impact it’s making, and the business value it can create. According to a research report IDC released in November, based on a survey of over 2,100 business leaders and decision makers with responsibility for AI […]
Oracle touts AI as major driver of Q3 gains
Oracle’s latest financial report boasts substantial increases in revenue, net income, and earnings per share, largely thanks to cloud sales, which the company was quick to credit to the rise of AI. The report for Q3 of fiscal 2024, released yesterday, said that Oracle had signed multiple large-scale cloud infrastructure contracts in the previous three […]
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
A high-severity Kubernetes vulnerability tracked as CVE-2023-5528 can be exploited to execute arbitrary code on Windows endpoints. The post Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints appeared first on SecurityWeek.
Government Launches Probe Into Change Healthcare Data Breach
The HHS is investigating whether protected health information was compromised in the Change Healthcare data breach. The post Government Launches Probe Into Change Healthcare Data Breach appeared first on SecurityWeek.
Nissan Data Breach Affects 100,000 Individuals
Nissan is notifying roughly 100,000 individuals of a data breach resulting from a ransomware attack conducted by the Akira cybercrime group. The post Nissan Data Breach Affects 100,000 Individuals appeared first on SecurityWeek.
7 ways an MBA will advance your IT career — and 5 ways it won’t
Does it make sense for an IT leader to seek an MBA? Ben King, head of mobile app development firm Aviato Consulting, is convinced that it can provide a major career boost. He credits his decision to earn an MBA with transforming his career. While an individual contributor at Google, King spent several years working […]
How CIOs reinterpret their role through AI
As businesses digitally transform, technology is increasingly integrated into every activity, and the CIO is becoming more of a catalyst for data-driven value creation through analytics, new AI model training, software development, automation, vendor engagement, and more. “It’s a role that requires dual technical and functional expertise,” says Giuseppe Ridulfo, CIO and deputy COO of […]
Modernizing your resume for executive IT leadership
For IT leaders seeking a new position, condensing an extensive and storied employment history into a short, readable resume can be daunting. But by embracing modernized approaches to resume presentation, and eliminating outdated and redundant content from your CV, a streamlined resume that stands out can be readily achieved. To give an example of this […]
LockBit Ransomware Affiliate Sentenced to Prison in Canada
Mikhail Vasiliev was sentenced to prison in Canada and faces additional charges in the US for his role in the LockBit ransomware operation. The post LockBit Ransomware Affiliate Sentenced to Prison in Canada appeared first on SecurityWeek.
Europe’s World-First AI Rules Get Final Approval From Lawmakers. Here’s What Happens Next
Lawmakers in the European Parliament voted overwhelmingly in favor of the Artificial Intelligence Act, five years after regulations were first proposed. The post Europe’s World-First AI Rules Get Final Approval From Lawmakers. Here’s What Happens Next appeared first on SecurityWeek.
Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities
Intel and AMD publish 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products. The post Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities appeared first on SecurityWeek.
Healthcare’s Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming Frequency
Healthcare has long been a primary target for ransomware attacks. This is not changing and is not likely to change. The post Healthcare’s Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming Frequency appeared first on SecurityWeek.
ChatGPT Plugin Vulnerabilities Exposed Data, Accounts
Three types of vulnerabilities related to ChatGPT plugins could have led to data exposure and account takeovers. The post ChatGPT Plugin Vulnerabilities Exposed Data, Accounts appeared first on SecurityWeek.
Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business
Series E funding of $100 million includes investments from Mitsubishi Electric and Schneider Electric. The post Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business appeared first on SecurityWeek.
White House Budget Proposal Seeks Cybersecurity Funding Boost
The White House again wants to boost cybersecurity spending, proposing a $3 billion budget for CISA and billions more for other initiatives. The post White House Budget Proposal Seeks Cybersecurity Funding Boost appeared first on SecurityWeek.
Stanford University Data Breach Impacts 27,000 Individuals
Stanford University is notifying 27,000 people of a data breach impacting their personal information. The post Stanford University Data Breach Impacts 27,000 Individuals appeared first on SecurityWeek.
US Seizes $1.4 Million in Cryptocurrency From Tech Scammers
The US seized approximately $1.4 million worth of Tether tokens suspected of being fraud proceeds from tech scams. The post US Seizes $1.4 Million in Cryptocurrency From Tech Scammers appeared first on SecurityWeek.
Webinar Today: CISO Strategies for Boardroom Success
You’re invited join SecurityWeek and Gutsy for the webinar, “From Protector to Influencer: CISO Strategies for Boardroom Success,” as we address the emerging responsibilities for the CISO role. The post Webinar Today: CISO Strategies for Boardroom Success appeared first on SecurityWeek.
Rockwell Automation Hires Stephen Ford as Chief Information Security Officer
Rockwell Automation hired Stephen Ford as vice VP & CISO, who joins the company from McKesson Corporation, where he was Vice President, Global Security. The post Rockwell Automation Hires Stephen Ford as Chief Information Security Officer appeared first on SecurityWeek.
Major CPU, Software Vendors Impacted by New GhostRace Attack
CPU makers Intel, AMD, Arm and IBM, as well as software vendors, are impacted by a new speculative race condition (SRC) attack named GhostRace. The post Major CPU, Software Vendors Impacted by New GhostRace Attack appeared first on SecurityWeek.
Fortinet Patches Critical Vulnerabilities Leading to Code Execution
Fortinet has released patches for critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. The post Fortinet Patches Critical Vulnerabilities Leading to Code Execution appeared first on SecurityWeek.
US Spearheads First UN Resolution on Artificial Intelligence
The US is spearheading the first United Nations resolution on artificial intelligence, aimed at ensuring the new technology is “safe, secure and trustworthy” and that all countries have equal access. The post US Spearheads First UN Resolution on Artificial Intelligence appeared first on SecurityWeek.
Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server
Microsoft ships patches for at least 60 security vulnerabilities in the Windows ecosystem and warned of remote code execution risks. The post Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server appeared first on SecurityWeek.
Creatio adds Copilot, Copilot Designer to its automation platform
Workflow automation software provider Creatio has added a suite of generative AI capabilities to its customer relationship management (CRM) offerings. The new generative AI features include Copilot, the generative AI-based assistant, and Copilot Designer, a centralized workplace where enterprise users can tweak pre-built Copilot scenarios to suit their business requirements, akin to Salesforce’s Einstein 1 Studio. […]
SAP Patches Critical Command Injection Vulnerabilities
Enterprise software maker SAP documents multiple critical-severity issues and warns of risk of command injection attacks. The post SAP Patches Critical Command Injection Vulnerabilities appeared first on SecurityWeek.
Adobe Patches Critical Flaws in Enterprise Products
Patch Tuesday: Adobe ships a hefty batch of security updates to fix critical-severity vulnerabilities in multiple enterprise-facing products. The post Adobe Patches Critical Flaws in Enterprise Products appeared first on SecurityWeek.
Google Paid Out $10 Million via Bug Bounty Programs in 2023
Google paid out $10 million via its bug bounty programs in 2023, bringing the total to nearly $60 million since 2010. The post Google Paid Out $10 Million via Bug Bounty Programs in 2023 appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities
Siemens and Schneider Electric publish March 2024 Patch Tuesday advisories to inform customers about over 200 vulnerabilities. The post ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities appeared first on SecurityWeek.
Faster, more personal, proactive: How generative AI is transforming digital government for citizens
Government and public sector agencies are already exploring the potential of generative AI in delivering more effective services from the inside. As AI technologies and practices mature, however, we’re likely to see more projects that transform the citizen experience. New research by McGuire Research Services for Avanade shows that 98% of government and public service […]
Eye Security Raises $39 Million in Series B Funding
Eye Security raises $39 million to bring enterprise-level security and cyber insurance products to mid-market businesses. The post Eye Security Raises $39 Million in Series B Funding appeared first on SecurityWeek.
EquiLend Ransomware Attack Leads to Data Breach
EquiLend is informing its employees that their personal information was compromised in a January ransomware attack. The post EquiLend Ransomware Attack Leads to Data Breach appeared first on SecurityWeek.
CISA’s OT Attack Response Team Understaffed: GAO
GAO study finds that CISA does not have enough staff to respond to significant OT attacks in multiple locations at the same time. The post CISA’s OT Attack Response Team Understaffed: GAO appeared first on SecurityWeek.
US, Russia Accuse Each Other of Potential Election Cyberattacks
US and Russia suspect each other of intent to disrupt presidential elections set for this week in Russia and November in the US. The post US, Russia Accuse Each Other of Potential Election Cyberattacks appeared first on SecurityWeek.
Exploited Building Access System Vulnerability Patched 5 Years After Disclosure
Vulnerabilities affecting a Nice Linear physical access product, including an exploited flaw, patched five years after their disclosure. The post Exploited Building Access System Vulnerability Patched 5 Years After Disclosure appeared first on SecurityWeek.
The early returns on gen AI for software development
Generative AI is already having an impact on multiple areas of IT, most notably in software development. Early use cases include code generation and documentation, test case generation and test automation, as well as code optimization and refactoring, among others. Still, gen AI for software development is in the nascent stages, so technology leaders and […]
Selling the C-suite on preemptive IT investments
It’s common knowledge among CIOs that disaster recovery investments are always de-prioritized by company boards — until disaster strikes. But disaster recovery is just one example of projects that are of an important and preemptive nature that CIOs want to fund but find de-prioritized when it comes to budget approval. Others include preparation for zero-day […]
Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences
Officials are set to warn that companies and people who deliberately misuse AI technology to advance a white-collar crime like price fixing and market manipulation will be at risk for a harsher sentence The post Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences appeared first on SecurityWeek.
Ecco le ragioni che spingono i migliori manager IT a lasciare l’azienda
Nel mondo del lavoro c’è un detto che non si dimentica tanto facilmente: le persone lasciano i loro capi, non i loro posti di lavoro. Ma è davvero così? Quando si tratta di capire perché i migliori manager IT si licenziano, le domande che ci si pone possono avere molteplici risposte. La prima è che […]
The French Government Says It’s Being Targeted by Unusual Intense Cyberattacks
A group of hackers called Anonymous Sudan, considered by cybersecurity experts as pro-Russia, claimed responsibility for the attacks in online posts. The post The French Government Says It’s Being Targeted by Unusual Intense Cyberattacks appeared first on SecurityWeek.
Vertical solutions rise in 2024
2023 was a challenging year, to say the least, for our industry – and software/SaaS vendors were hit particularly hard. As was clear from our recently conducted CIO.com poll, buyers strongly believe that they have overinvested in “point” solutions and are taking steps to consolidate vendors. Although there are signs of general economic recovery including […]
An archetype-based approach to driving your global workforce transformation
This article was co-authored by Michael Bertha, Partner, Metis Strategy, and Ishan Prakash, Manager, Metis Strategy In today’s ever-expanding digital landscape, in which many IT teams operate across geographies, it’s no secret that your ability to leverage technology to its fullest depends crucially on your workforce composition: on how your resources are allocated across various […]
エドワード・ジョーンズのCIOフランク・ラキンタの勝つためのプレー
フランク・ラキンタは、エドワード・ジョーンズのデジタル、データ、オペレーション部門の責任者であり、金融サービス会社のテクノロジー、デジタル、データのリーダーシップ、ビジョン、戦略を統括する役割を担っている。彼はウォール街で30年間テクノロジーに携わった後、2016年にエドワード・ジョーンズに入社し、2018年に最高情報責任者に任命された。 最近のTech Whisperersポッドキャストのエピソードで、ラキンタは現在の職務で引き受けた追加的な責任と、大きく大胆な約束を実現するために必要なこと、継続的に成功を推進し、挫折に直面しても忍耐する方法、世界クラスのチームを構築するためのアプローチ、変革的リーダーとしての経験から学んだことなどについて語った。また、番組終了後には、彼のリーダーシップのもう一つの側面、つまり、何十年もの間、最高のCIOの特徴であった、よく考え抜かれ、明確化されたリーダーシップの原則を持つことについても、少し時間を割いて探った。以下は、その対談を長さとわかりやすさのために編集したものである。 ダン・ロバーツ:リーダーシップの原則を持ち、それを実践し、文書化し、明確に示すことの力について話してくれる? フランク・ラキンタ:リーダーとして成長するにつれて、自分自身について多くのことが分かってくる。やがて私は、変革を成功に導くために明らかにすべき5つの原則にたどり着いた: リーダーシップ」「学習」「コミュニケーション」「理解」「勝つためのプレー」である。これらは変革のための私の理念であり、エドワード・ジョーンズと私が率いる従業員に対する説明責任を常に支えるものだ。 これらはどのようにして組織の北極星となったのか? これは宣言であり、一連の指針でもある。そして私は、これを企業レベルとシニア・リーダーシップ・レベルの両方で捉えている。 企業レベルでは、これらの原則は、変革をリードすること、将来にわたって会社を存続させること、ステークホルダーに特別な体験を提供すること、すべての業務を簡素化し近代化すること、すべての人のために文化、才能、機会を最大化すること、そして全人格を発揮することで全員がより良くなるような居場所を作ることに求められる。 私のリーダーシップ・チーム・レベルでは、チームを率いること、チャンピオン・チーム・マインドセットで協力すること、部門や会社全体の変革をリードすること、自分自身と周囲の人々をより良くすること、周辺視野を持つこと(目隠しをしないこと)、そして興奮を生み出し、楽しんで行動し、祝福することで、自分たちの仕事を愛することに責任を持たせている。 このアプローチを採用することで、効率と能力の向上、キャリアアップの機会、約束と約束を守ること、そして常に実行に集中することなど、多くのメリットが生まれると私は確信している。また、支店、クライアント、ホームオフィスのアソシエイトがより良い経験をすることができる。それは、当社の成長と北米のアドバイザーになるという当社の野望をサポートする。セキュアでスケーラブル、かつパフォーマンスの高いプラットフォームを構築し、リーダーシップを発揮することで、すべての人の能力を向上させることができる。全体として、それはより良いエドワード・ジョーンズにつながり、当社のステークホルダーに提供されるインパクトと価値が向上する。 あなたの5つのリーダーシップ原則をそれぞれ紐解いてみたいが、まず、これらの原則をどのように決めたのか? どのような変革であれ、その実現可能性は人材、すなわち社員やリーダー、企業文化、帰属意識を育み、継続的な学習とイノベーションを重視する方法から始めなければならない。 今日の世界におけるソフトウェアの普及の役割を認識することは重要だ。テクノロジーの向上は、さまざまな形で私たちの生活に日々影響を及ぼしている。私たちは皆、スマートフォンやジェネレーティブAIの影響を痛感しているが、コネクテッド・ソフトウェアが自動車、テレビ、サーモスタット、さらには家電製品でも稼働していることを忘れてはならない。私たちは、提供するソリューションにこれらのエキサイティングなテクノロジーを取り入れることに前向きでなければならない。 ユニークなビジネス上の問題に対して適切な技術的ソリューションを活用するには実験が必要であり、その結果、チーム全体でサポートする技術が進歩することになる。私たちは、奨励的な雰囲気の中で変化を受け入れ、ビジネス価値と継続的な改善を提供するための迅速な仕事の流れを促進するために、社風を活性化する必要がある。 今後必要とされるスキルを構築するために、私たちは社員の育成、人材の獲得と維持、第三者との関わり、好奇心と継続的な学習意欲を刺激する革新的な方法を実施し続ける。このような活動はすべて、「リーダーシップ」「学習」「コミュニケーション」「理解」「勝つためにプレーする」という理念によって継続的に支えられていなければならないと、私は強く確信している。 理念としてのリーダーシップをどのように定義するか? あなたがリーダーであろうとなかろうと、毎日、そしてどの会議に出席しても、リーダーシップを発揮する瞬間がある。例えば、模範を示すことで、自分のリーダーシップの強さを示すことができる。 決断を下し、権限を与えられていると感じ、仕事に最も近い立場の人に力を与えることで、リーダーシップを発揮することができる。リーダーシップとは、他者を助け、他者を支え励ます方法を積極的に探すことである。戦略と実行の両方に集中し、アライメントの機会、影響、リスクテイク、自分が求めるインパクトを与えることについて熟慮することだ。 リーダーは人材に強い関心を持つ必要がある。高いスキルを持つ人材を惹きつけ、育成し、維持するだけでなく、自分自身の能力開発計画にも力を注ぐ必要がある。また、リーダーシップとは、特に困難な時期には、目に見える存在であること、そして常に責任を負うことでもある。 リーダーシップの原則は、イノベーションを伴うリーダーシップ、つまり新しいことに挑戦し、アソシエイトがイノベーションを推進するために計算されたリスクを取ることができる安全な空間を作ることを奨励するものである。リーダーとして、あなたは自分のストーリーを共有しなければならない。そしてもちろん、成功を認識し、公私にわたって他の人々に感謝することだ。 この原則は、リーダーシップの瞬間は毎日あり、真の変化をもたらすためにはその瞬間をとらえる必要があることを思い出させてくれる。 私はいつも、最高のリーダーは最高の学習者でもあると見てきた。あなたの学習原則について教えてほしい。 毎日、私は何か新しいことを学び、何かを還元しようと努めている。それができれば、いい日になる。また、(エドワード・ジョーンズのマネージング・パートナーである)ペニー・ペニントンは、『不快であることに快感を覚える』こと、そして『知ったかぶり』から『学びまくり』になることを奨励している。 毎日猛スピードで動いている世界では、テクノロジー・スキルもライフ・スキルも、新しいスキルを学ぶ時間を見つけなければならない。そして、学ぶことは伝染する。もしあなたが積極的に自分を向上させようとしているのを他の人が見れば、同じようにそうすることが安全で良いことだと知るだろう。このことは、AIの世界でこれほど明らかなことはない。AIの専門家などほとんどいないのだから、まったく新しい土俵なのだ。学び、達成し、競争する機会を得て、世界をより良い場所にするのはどうだろう? コミュニケーションと理解は次の2つの原則であり、両者は密接に関係している。特にテクノロジー・リーダーにとって、なぜこれらの原則が重要なのだろうか? どんな変革も、まず「なぜ」から始めなければならない。なぜ変革が必要なのか?その影響は何か?その変化における自分の役割と機会は何か?その変化は自分にどのような影響を与え、挑戦し、脅かすのか?不快に感じることはないか? コミュニケーションが鍵だ。そして、それは決して1回で終わることはない。毎日、自分のストーリーを伝えなければならない。そして、変革のチャンピオンを受け入れ、疑念を抱く人には倍返しで取り組むことだ。コミュニケーションとは、聞くことでもある。フィードバックに耳を傾け、それをコミュニケーションに取り入れなければならない。人々は、話を聞いてもらえたと感じることで、未来はまだ完全に書き尽くされているわけではなく、それを形作る手助けをする機会があることを知る。すべての人が変化にまつわるメッセージを気に入るとは限らないが、あなたのコミュニケーションは、従業員に変化の中に自分自身を見い出させ、来るべき変化に参加できるようにする必要がある。 理解のないコミュニケーションは不完全だからだ。相手に向かって話し、相手の質問に耳を傾けなければ、理解や前向きな行動にはつながらない。だから、リスニング・ポスト、オープンな質疑応答、プランをより良くするための提案でフォローするようにしなければならない。アソシエイトが我々の方向性を理解すればするほど、彼らが我々の未来に与える影響は大きくなる。 最後は勝つためのプレーだ。それを私たちのために解き明かしてほしい。 戦略やプレーする場所を決めるときは、勝つためにプレーしなければならない。しかし、それは非常に広い意味での勝利でなければならない。私たちが共にすることは、私たちの会社、アソシエイト、クライアント、そして私たちが奉仕する地域社会に利益をもたらすものでなければならない。 リーダーとして、私たちは組織とチームのために奉仕し、他の人々が達成し、勝利するのを助けるような大志を掲げ、条件を整える必要がある。だからこそ私は、勝つためのプレーについて、単なるオールスター・チームではなく、チャンピオンシップ・チームの観点から考えている。 チャンピオン・チームは勝つために次のようなプレーをする: 信頼関係を強化するために、リーダーシップの影響力を誇示する。 互いに向上心を持ち、リスクを取ることに挑戦する。 利害関係者の明確な成果(単なる動きではなく、真の進歩)に焦点を当て、その成果を測定する。 短期的な選択が長期的な戦略的選択にどのような影響を与えるか、あるいはどのように整合するかを明確にする。 率直に話すことを重視する-言いたいことを言い、言いたいことを言う。その場でオープンに、プロフェッショナルに議論する。何かを素通りしてはいけない。 他人を会話に引き込む-これは、傍観者を作らず、過度に支配的な声を出さないことを意味する。沈黙は意見の不一致に等しい。 やることとやらないことを明確にする。 祝杯をあげ、旅を楽しみ、楽しむ。 世界は点数をつけているのだから、私たちは勝つためにプレーする必要がある。 私は、15億ドルのテクノロジーと作戦予算を監督するあなたが、この「勝つためにプレーする」という原則をプロとしてどのように適用しているかを高く評価している。最近もカージナルス・ファンタジー・キャンプに参加するなど、アスリートとしても活躍している。何か読者に伝えることはあるか? 人生の大半はホッケーをやっていたが、最近になって別のスポーツを選ぶ必要があると思うほどケガをするようになった。エドワード・ジョーンズのチーフ・マーケティング・オフィサーである同僚で友人のティム・レアは、数年前からカージナルス・ファンタジー・キャンプで野球をやっていて、僕も一緒に参加できないかと彼に頼んだんだ。ちなみに、彼はハーバード大学でプレーしていた本物だ。私はもう何十年も野球をやっていなかったので、調子を取り戻すのに少し時間がかかった。でも、僕は勉強も早いから、すぐに野球を再開したよ。 各チームにはプロが1人ずつついていて、総当たり戦の1つで、私はマウンドで大型左腕のレイ・ランクフォードと対戦した。プロのレジェンドを歩かせたら、ランナーがベースを踏んでしまうから、そのレジェンドに投げ続けなければならない。プロのレジェンドを避けて投げることはできない。だから、捕手であるティム(私たちはEJバッテリーと呼んでいる)はカーブを呼び続けた。レイはそれをファウルし続けたが、それはボールがカーブしていなかったからだ。誰もどうしていいかわからない瞬間があった。彼はショックを受け、私はさらにショックを受け、ティムは笑っていた。そして私はそのボールをキープした。 次の打席で私は、レイがプレートに群がっているのに気づいた–私の破壊的なカーブボールのせいだ(実際にはそうではないが、夢はある)。彼は不機嫌で、ヒットを打った後、試合の後半に私が一塁に着いたとき、彼は私の頭にグローブを置いて、『二度とあんなことはするな』と言った。それが私の短い15分間の名声だったわけだ。 ファンタジー・キャンプは本当に素晴らしい経験で、ティムと私は今年も6月のセントルイス・キャンプと9月のクーパーズタウン・キャンプに参加する予定だ! Industry
Simplify IT operations with observability and AIOps
IT organizations are taxed with managing, maintaining, and augmenting complex IT infrastructures that are constantly evolving. At the same time, they must deliver consistent IT service performance and availability to end users, while enabling innovative digital transformation for the business. And yet, IT teams face significant challenges, including: • Addressing information overload• Predicting capacity planning• […]
Broadcom Merges Symantec and Carbon Black Into New Business Unit
Fresh off its $69 billion acquisition of VMware, Broadcom creates an Enterprise Security Group unit that merges Symantec and Carbon Black. The post Broadcom Merges Symantec and Carbon Black Into New Business Unit appeared first on SecurityWeek.
Software Reliability Firm Steadybit Raises $6 Million
Steadybit was founded in 2019 and has now raised a total of $13.8 million in funding. The post Software Reliability Firm Steadybit Raises $6 Million appeared first on SecurityWeek.
Recent TeamCity Vulnerability Exploited in Ransomware Attacks
Servers impacted by recently patched TeamCity vulnerability CVE-2024-27198 targeted in ransomware attacks and abused for DDoS. The post Recent TeamCity Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites. The post Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks appeared first on SecurityWeek.
SecurityWeek Cyber Insights 2024 Series
Cyber Insights 2024 talks to hundreds of industry experts from dozens of companies covering seven primary topics. The post SecurityWeek Cyber Insights 2024 Series appeared first on SecurityWeek.
Critical Vulnerability Allows Access to QNAP NAS Devices
Critical-severity vulnerability could allow network attackers to access QNAP NAS devices without authentication. The post Critical Vulnerability Allows Access to QNAP NAS Devices appeared first on SecurityWeek.
Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
150,000 systems possibly impacted by the recent Fortinet vulnerability CVE-2024-21762, but there is still no evidence of widespread exploitation. The post Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks appeared first on SecurityWeek.
Magnet Goblin Delivers Linux Malware Using One-Day Vulnerabilities
The financially motivated threat actor Magnet Goblin is targeting one-day vulnerabilities to deploy Nerbian malware on Linux systems. The post Magnet Goblin Delivers Linux Malware Using One-Day Vulnerabilities appeared first on SecurityWeek.
The Hidden Gem of Savings in the Software Delivery. And no, it’s not AI
According to Deloitte research, AI will boost the productivity of software development processes from 50% to 1000%. It will improve project management, help with requirements creation, assist developers with coding, cover the system with auto-tests, report defects, and improve deployment. The bad news is that it will take years for corporations to widely adopt this […]
New Open Source Tool Hunts for APT Activity in the Cloud
The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments. The post New Open Source Tool Hunts for APT Activity in the Cloud appeared first on SecurityWeek.
Has the CIO title run its course?
There’s a lot in a name, and as Tim Wenhold sees it, the time has come to revamp the CIO title so it reflects how integral technology is to business. “We technologists have disrupted and augmented so many industries, yet that [title] has stayed … we’re really talking about digital leaders now,’’ says Wenhold, chief […]
Covanta’s step-by-step approach to AI enablement
Internal and external customer experience has always been a top priority for most companies, especially as demands increase for faster response and improved personalization. The arrival of generative AI and advanced chatbots has accelerated the development of intelligent systems that go well beyond scripted queries by intuitively adapting and engaging in more dynamic and context-aware […]
UAE’s TII launches ‘Falcon Foundation’ to spearhead the open-sourcing of Generative AI Models
Commencing with TII’s powerful homegrown Falcon AI models, the Foundation will convene stakeholders, developers, academia, and industry, as well as individuals, and will help realize the power of cooperative decision-making among the contributors. It will accelerate the democratization of AI. The Foundation is to support the customization of the Falcon models to address specific industries […]
Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails
Microsoft says the Midnight Blizzard APT group may still be poking around its internal network after stealing source code, spying on emails. The post Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails appeared first on SecurityWeek.
CISA Outlines Efforts to Secure Open Source Software
Concluding a two-day OSS security summit, CISA details key actions to help improve open source security. The post CISA Outlines Efforts to Secure Open Source Software appeared first on SecurityWeek.
Reach Security Raises $20M to Help Manage Cybersecurity Products
California startup banks $20 million Series A financing for technology to help businesses manage the maze of security tools and products. The post Reach Security Raises $20M to Help Manage Cybersecurity Products appeared first on SecurityWeek.
Defense Unicorns Raises $35 Million for National Security Software Solutions
Sapphire Ventures and Ansa Capital have invested $35 million in national security systems software startup Defense Unicorns. The post Defense Unicorns Raises $35 Million for National Security Software Solutions appeared first on SecurityWeek.
In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility
Noteworthy stories that might have slipped under the radar: Google AI bug bounties, font vulnerabilities, IBM opens new training facility. The post In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility appeared first on SecurityWeek.
Change Healthcare Restores Pharmacy Services Disrupted by Ransomware
Change Healthcare says it has made significant progress in restoring systems impacted by a recent ransomware attack. The post Change Healthcare Restores Pharmacy Services Disrupted by Ransomware appeared first on SecurityWeek.
Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks
Chinese APT Evasive Panda compromises a software developer’s supply chain to target Tibetans with malicious downloaders. The post Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks appeared first on SecurityWeek.
Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors
Multiple vulnerabilities in Sceiner firmware allow attackers to compromise smart locks and open doors. The post Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors appeared first on SecurityWeek.
State AGs Send Letter to Meta Asking It to Take ‘Immediate Action’ on User Account Takeovers
A group of 40 state attorneys general have sent a letter to Meta expressing concern over Facebook and Instagram account takeovers. The post State AGs Send Letter to Meta Asking It to Take ‘Immediate Action’ on User Account Takeovers appeared first on SecurityWeek.
Quantum Attack Protection Added to HP Business PCs
An upgraded ESC security chip makes the firmware of several HP business PCs resilient to quantum computer attacks. The post Quantum Attack Protection Added to HP Business PCs appeared first on SecurityWeek.
NCWIT digitally transforms the DEI journey to help uplift women in IT
For the National Center for Women & Information Technology (NCWIT), effecting change for women working in IT is a holistic endeavor. Founded in 2004, NCWIT’s mission has always been to “increase the meaningful and influential participation of women in tech” while respecting intersecting identities, with an overall emphasis on avoiding “treating women as a […]
Women in tech statistics: The hard truths of an uphill battle
Diversity is critical to IT performance. Diverse teams perform better, hire better talent, have more engaged members, and retain workers better than those that do not focus on diversity and inclusion, according to a report from McKinsey. Despite this, women remain widely underrepresented in IT roles. And the numbers back up this assertion, often in […]
Women still underrepresented in top tech roles
Today is International Women’s Day, a day that provides an opportunity to acknowledge achievements and highlight struggles faced by women around the world. For the tech industry in particular, it’s a chance to reflect on progress made, and devise more robust strategies progress, given the work that still needs to be done. While a leadership gap […]
Self-belief is your superpower: CIO Ange Nash on getting ahead as a woman in tech
Ange Nash, Chief Information Officer at AA Insurance, and one of our top CIO50 New Zealand alumni, reflects on her career in technology and how to encourage more young women into the industry. Growing up in Taihape on an army base in Waiouru New Zealand, I was a typical rural kid, but with technology […]
A CISO POV: Securing AI in your company
In my recent column, I delved into the challenges enterprises face in integrating AI into the workplace and outlined strategies for CISOs to monitor or control the use of AI effectively. The focus was on ensuring safe generative AI practices within organizations. Here are the key recommendations I provided: AI training implementation: Introduce AI training […]
UNESCO finds ‘pervasive’ gender bias in generative AI tools
Generative AI’s outputs still reflect a considerable amount of gender and sexuality based bias, associating feminine names with traditional gender roles, generating negative content about gay subjects, and more besides, according to a new report from UNESCO’s International Research Centre on Artificial Intelligence. The report, published today, centered on several individual studies of bias, including […]
Industry clouds give CIOs on-ramp to gen AI
Greg Beltzer has been beta testing key generative AI technologies for the past six months and is eager to capitalize on them when released this spring. As head of technology for the US division of RBC Wealth Management, Beltzer says one feature in particular, Prompt Builder, will enable more than 2,100 advisors in RBC US’s […]
The business value of social sustainability
Social sustainability is good for business. It can help to unlock new markets, attract and retain customers, build trust and credibility, and spark innovation. And companies are taking it seriously: a recent NTT report found that more than 40 percent of executives surveyed said social sustainability is a top imperative for their C-suite and Board […]
Building the future of construction
The construction industry in many countries around the world is facing a labor shortage crisis. The workforce is aging, fewer young people are entering the field, and those who are working have to take on longer hours to meet the demand. The issue particularly acute in Japan, where strict overtime regulations started in 2024. For […]
Cryptography Firm Zama Raises $73 Million for FHE Solution
Zama raises $73 million in Series A funding for a fully homomorphic encryption (FHE) solution for AI and blockchain applications. The post Cryptography Firm Zama Raises $73 Million for FHE Solution appeared first on SecurityWeek.
FBI: Cybercrime Losses Exceeded $12.5 Billion in 2023
FBI’s IC3 publishes its 2023 Internet Crime Report, which reveals a 10% increase in the number of cybercrime complaints compared to 2022. The post FBI: Cybercrime Losses Exceeded $12.5 Billion in 2023 appeared first on SecurityWeek.
Cayosoft Raises $22.5 Million for Microsoft AD Recovery Tech
Ohio security vendor Cayosoft banks new capital to fuel growth of its flagship Active Directory forest recovery product suite. The post Cayosoft Raises $22.5 Million for Microsoft AD Recovery Tech appeared first on SecurityWeek.
Nigerian BEC Scammer Pleads Guilty in US Court
Henry Echefu admitted in a US courtroom to participating in a $200,000 business email compromise fraud scheme. The post Nigerian BEC Scammer Pleads Guilty in US Court appeared first on SecurityWeek.
Cisco Patches High-Severity Vulnerabilities in VPN Product
High-severity flaws in Cisco Secure Client could lead to code execution and unauthorized remote access VPN sessions. The post Cisco Patches High-Severity Vulnerabilities in VPN Product appeared first on SecurityWeek.
Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks
Threat actor tracked as TA4903 spoofing US government entities in phishing and fraud campaigns. The post Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks appeared first on SecurityWeek.
Apple is Making Big App Store Changes in Europe Over New Rules. Could it Mean More iPhone Hacking?
Apple is opening small cracks in the iPhone’s digital fortress as part of a regulatory clampdown in Europe— at the risk of creating new avenues for hackers to steal personal and financial information stored on the devices. The post Apple is Making Big App Store Changes in Europe Over New Rules. Could it Mean More […]
Cyber Insights 2024: A Dire Year for CISOs?
The role of the CISO continuously evolves in tandem with the growing reliance on cybersecurity as a business enabler. But it is possible that the SEC has pitched a curveball with its increasing assertiveness? The post Cyber Insights 2024: A Dire Year for CISOs? appeared first on SecurityWeek.
Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure
Critical TeamCity authentication bypass vulnerability CVE-2024-27198 exploited in the wild after details were disclosed. The post Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure appeared first on SecurityWeek.
Fidelity Investments Notifying 28,000 People of Data Breach
Fidelity says 28,000 individuals were impacted by data breach at third-party services provider Infosys McCamish System. The post Fidelity Investments Notifying 28,000 People of Data Breach appeared first on SecurityWeek.
Former Amazon exec John Rossman on delivering big bets
An expert on digital transformation, leadership, and innovation, John Rossman is the bestselling author of three books, including The Amazon Way, which translates Amazon’s leadership and tactics into actionable steps that businesses can apply to accelerate their digital transformations. He was an early Amazon executive himself, with key responsibilities in launching the Amazon Marketplace business […]
Salesforce bids to become copilot building platform of choice
The potential for generative AI copilots to transform businesses has created a lucrative opportunity for vendors vying to become the go-to platform for building AI assistants. On Wednesday, Salesforce unleashed its latest offering in the race for the prize with Einstein 1 Studio, a new set of low-code/no-code AI tools for accelerating the development of […]
A roundup of the top security news and updates
Cybersecurity remains top priority for business and technology leaders alike. In collaboration with CyberWire, we help you to keep a pulse on the cybersecurity landscape by gathering some of the top movements and stories. ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On CyberWire ThreatHunter AI, an […]
Per i leader IT, l’operatività dell’intelligenza artificiale generativa è ancora un obiettivo in divenire
La quantità di aziende che hanno già implementato l’intelligenza artificiale generativa o che la stanno esplorando in modo attivo sta crescendo in maniera esponenziale. Se guardiamo al recente passato, nel novembre del 2022, il suo tasso di utilizzo era quasi, limitato com’era ai generatori di immagini o di testi, cioè gli unici strumenti allora disponibili. […]
現在取得可能なアジャイル資格トップ16
プロジェクトマネジメントのアジャイルアプローチは、その柔軟性と、プロジェクトを個別のパーツとして可視化し、スプリント単位で迅速に提供することを重視することから、ほぼすべての業界で絶大な人気を博している。 今日のデジタル・ビジネス環境ではスピードが要求されるため、アジャイルはプロジェクト管理およびソフトウェア開発の方法論として際立っており、ITプロフェッショナルが高品質な成果を迅速に提供するのに役立っている。 アジャイルの専門知識を身につけることは、ITリーダーの能力を向上させ、マルチスキルを持つアジャイルチームを最大限に活用することにもつながる。アジャイルのノウハウを身につけることで、企業のテクノロジリーダーは、ビジネス目標の達成に向けてプロジェクトを成功させる見込みを高めることができ、ひいてはキャリアアップにもつながる。 ここでは、ITキャリアを次のレベルに引き上げるために必要なスキルと知識を提供する16のアジャイル認定資格を紹介する。 トップアジャイル資格 アジャイルプログラムマネジメント(AgilePgM) アジャイルプロジェクトマネジメント(AgilePM) プロフェッショナル・スクラム・マスター(PSM) プロフェッショナル・スクラム・プロダクト・オーナー(PSPO) 認定アジャイルプロジェクトマネージャー SAFeをリードする SAFeプロダクトオーナー/プロダクトマネージャー SAFeスクラムマスター 認定スクラムマスター(CSM) 認定スクラムプロダクトオーナー(CSPO) ICAgileアジャイルファンダメンタルズ(ICP) ICAgileアジャイルプロダクトオーナーシップ(ICP-APO) ICAgileアジャイルチームファシリテーション(ICP-ATF) ICAgileビジネス・アジリティ・ファウンデーション (ICP-BAF) ICAgileアジャイルプロジェクトおよびデリバリーマネジメント (ICP-APM) PMIアジャイル認定プラクティショナー(PMI-ACP) アジャイルプログラムマネジメント(AgilePgM) 英国を拠点とするAPMG Internationalが提供するAgilePgM認定資格は、アジャイルプログラムの実装に必要な計画、管理、コミュニケーションのスキルを提供する。この資格は、インクリメンタル開発に関する実践的な知識を提供するもので、製品の連続する各バージョンは使用可能であり、ユーザーからのフィードバックに基づいて前のイテレーションに基づいて開発される。AgilePgMは、コースワークなしで単独で取得することができるが、コースワークが必要な人のために、さまざまなトレーニングプロバイダーが提供している。この資格は現在、基礎的な熟練度のみで提供されている。 費用:365ドル。トレーニング費用は、必要に応じて別途請求される。 アジャイルプロジェクトマネジメント(AgilePM) APMGが提供するAgilePM認定資格は、実践的なプロジェクトマネージャやアジャイルチームメンバーが、アジャイルプロジェクトマネージャとしてスケールアップできるようになることを目的としている。この資格は、アジャイルのフレームワークと原則、アジャイルプロジェクトにおけるチームメンバーの役割と責任をカバーしている。アジャイルプロジェクトライフサイクルを扱い、代替構成と適用される技法、およびそれらの利点と制約を含む。AgilePMは、必要であればさまざまなトレーニングプロバイダによって提供されるコースワークなしで、単独で行うことができる。この資格は現在、ファウンデーションとプラクティショナーの両方のプロフィシエンシーで提供されている。 費用:ファウンデーションは288ポンド[365ドル]、プラクティショナーは435ポンド[551ポンド]。 プロフェッショナル・スクラム・マスター(PSM) スクラムフレームワークとその適用に関する知識を証明したい人は、Scrum.orgが提供するプロフェッショナルスクラムマスターI認定を利用することができる。Applying Professional ScrumコースやProfessional Scrum Masterコースなど、アセスメント準備のためのコースが用意されているが、コースワークなしで直接PSM Iアセスメントを受けることもできる。この資格は、より高い熟練度(PSM IIとPSM III)でも提供されている。Scrum.orgのアセスメントはすべて英語で行われる。多くの受験者はGoogle翻訳プラグインを使ってアセスメントを受けている。すでに相当なレベルのスクラムの知識とスクラムチーム内でのスクラムの適用を理解している場合は、コースに登録する必要はない。 費用:PSM I、II、IIIそれぞれ200ドル、250ドル、500ドル プロフェッショナル・スクラム・プロダクトオーナー(PSPO) Scrum.orgのProfessional Scrum Product Owner認定資格は、プロダクトオーナーが製品のバリュードライバーを明確に理解し、その価値を最大化するためにアジャイルプラクティスとスクラムをどのように使うかについて鋭い感覚を身につけることを目的としている。スクラムフレームワークの知識と、価値の創造と提供をサポートする能力を検証することを意図している人は、この認定を受けるべきである。 費用:PSPO I、II、IIIそれぞれ200ドル、250ドル、500ドル 認定アジャイルプロジェクトマネージャー 国際プロジェクトマネジャー協会(IAPM)が提供するこの資格は、アジャイルプロジェクトマネジメントの基本的な知識を持つ受験者のためのものである。アジャイルプロジェクトを効率的に立ち上げ、実施する方法を理解することを目的としており、プロジェクトの開始から終了までの日常的なプロジェクト活動を完了するためのツールを提供する。IAPM認定資格は、3つの習熟度レベルで提供される: ベーシック(認定ジュニアプロジェクトマネージャー)、インターミディエイト(認定アジャイルプロジェクトマネージャー)、アドバンス(認定シニアアジャイルプロジェクトマネージャー)である。自己準備が十分であれば、トレーニングプロバイダーからのコースワークなしで受講することができる。 費用:555ドル リーディングSAFe Leading SAFe認定資格は、SAFeの基礎、リーンアジャイル変革の原則と実践、分散チームが存在するリモート環境でSAFeアジャイルをリードするために必要なツールをカバーする。さまざまな言語で提供されるこの認定資格は、企業がSAFeでビジネスの俊敏性を構築し、品質、生産性、従業員エンゲージメント、市場投入までの時間を改善する方法を理解するのに役立つ。資格取得者には、組織をより顧客中心にし、PI計画などの重要なSAFeアラインメントや計画イベントを実行するための専門知識が提供される。また、この認定は複数のトレーニングプロバイダーと提携しており、単独では提供されていない。どれを選択するかによって、価格が大きく異なる可能性がある。 […]
3 business benefits of stronger security using Zero Trust principles
Operational technology (OT) organizations face increasing challenges when it comes to cybersecurity. Manufacturing in particular has become a bigger target for bad actors; in fact, it was one of the sectors most impacted by extortion attacks, according to Palo Alto Networks’ 2023 Unit 42 Extortion and Ransomware Report. Palo Alto Networks As Industry 4.0 continues […]
Innovate, Collaborate, Elevate: FutureIT Los Angeles Unveiled
What makes a great event? Speakers who are willing to share their knowledge, successes, and failures in order to help others in their profession; a host who is a leader in the profession and passionate about sharing his wisdom; a keynote speaker who can provide a vision for the future; sponsors with a collaborative mindset […]
Ultimate guide to implementing digital workspaces
Over the past few years, more businesses have adopted digital workspaces to enable a seamless and productive hybrid work experience. As a result, chief information officers (CIOs) and ITDMs have had to pivot their strategies so they can choose software to securely deploy and manage digital workspaces at scale. This is an IT reality that […]
IDC Foundry India CIO Summit 2024: How CIOs Are Transitioning into the AI Era
We may just have a time machine, for we are in the future! The stage is set, and the clocks are ticking down to India CIO Summit 2024, to be held at the JW Marriott, Aerocity in India’s capital New Delhi on March 14 and 15, 2024 by IDC and Foundry, heralding the theme, The […]
IT’s role in moving the organisation towards a circular economy
The concept of the circular economy has gained significant attention in recent years as the world continues to grapple with environmental issues. We currently exist in what’s known as a linear economy, where finite resources are extracted to make products that are used and then thrown away. In contrast, the circular economy is a system […]
Transform your IT operations to enhance employee experience
In the modern business landscape, the strength of your workforce productivity depends on the efficiency of your IT operations. Many businesses grapple with archaic processes, downtimes, security risks, and the challenge of managing remote employees. These challenges can seriously decrease productivity in isolated incidents and impact your organization’s workflow if not adequately addressed. A revitalized […]
Maximising efficiency, empowering teams
Digital transformation is not a one-time implementation, it is an ongoing process that requires continuous efforts. The ultimate goal of digital transformation is to achieve digital effectiveness by optimizing strategies, tools, and processes to yield maximum impact. Start by optimizing IT resources and lightening the burden of the basics. Increase agility and flexibility for faster […]
The focus shift: A guide to five key business outcomes
How is that five-year playbook you drew up 3 years ago looking today? Chances are that your projections for facilities, IT, staffing, and supply chain all turned upside down. The reality is that you need a whole new kind of blueprint today—not one that attempts to dictate a fixed future but rather one that prepares […]
Linux Malware Campaign Targets Misconfigured Cloud Servers
A new malware campaign has been observed targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The post Linux Malware Campaign Targets Misconfigured Cloud Servers appeared first on SecurityWeek.
Fresh $100 Million Claroty Funding Brings Total to $735 Million
XIoT cybersecurity company Claroty has raised another $100 million at a reported valuation of $2.5 billion. The post Fresh $100 Million Claroty Funding Brings Total to $735 Million appeared first on SecurityWeek.
Anatomy of a BlackCat Attack Through the Eyes of Incident Response
Incident response experts at Sygnia provide a detailed blow-by-blow of a BlackCat ransomware attack and share tips for survival. The post Anatomy of a BlackCat Attack Through the Eyes of Incident Response appeared first on SecurityWeek.
How to create secure, collaborative and productive digital workspaces
The workplace has fundamentally changed. Rapid adoption of remote work during the pandemic proved that organizations could be successful and employees productive and happy while working outside of the office. But the long-term reality for many companies is that employees aren’t working exclusively in offices or at home. If a workplace is no longer a […]
HP’s focus on sustainability runs far and deep
With environmental, social and governance (ESG) regulations coming into force and reputations at stake, organisations are under mounting pressure to make credible progress towards sustainability goals. However, for IT leaders who play a critical role in helping their businesses move towards net-zero targets, it can be difficult to know where to begin. Thankfully, leaders within […]
Maximise productivity for employees and IT staff in the hybrid work era
Work has fundamentally shifted in today’s post-pandemic world. For example, 40% of employees no longer have a dedicated desk, according to research from Start Standing. In addition, a study by Harvard Business Review in 2023 found senior executives expect remote and hybrid work to continue to grow over the next five years. At the same […]
Bring your most productive self to work
No matter where you conduct work – in the office, at a customer’s location, in your home or a combination of these settings – your computing devices must live up to your needs and expectations. That might mean, for example, that your laptop or PC should deliver: Long battery life to sustain lengthy video conferencing […]
Cloud Security Firm Sweet Security Raises $33 Million, 6 Months After Emerging From Stealth
Sweet Security announces a $33 million Series A funding round just six months after emerging from stealth with an initial $12 million seed funding. The post Cloud Security Firm Sweet Security Raises $33 Million, 6 Months After Emerging From Stealth appeared first on SecurityWeek.
Cisco Releases Open Source Backplane Traffic Visibility Tool for OT
Cisco has released an open source PoC tool named Badgerboard designed for improved backplane network visibility for OT. The post Cisco Releases Open Source Backplane Traffic Visibility Tool for OT appeared first on SecurityWeek.
SAP enhances Datasphere and SAC for AI-driven transformation
SAP announced today a host of new AI copilot and AI governance features for SAP Datasphere and SAP Analytics Cloud (SAC). Jurgen Mueller, SAP CTO and executive board member, called the innovations, which includes an expanded partnership with data governance specialist Collibra, a “quantum leap” in the company’s ability to help customers drive intelligent business […]
How device security is evolving and why that matters
We all used to know exactly what an office was and what it meant to “go to work.” Except for certain fieldwork, the traditional definition of being in the office or “at work” is increasingly disassociated from a single physical building. What now defines the office is much more of a virtual perimeter, which aspects […]
HHS Aiding Organizations Hit by Change Healthcare Cyberattack
US government lays out actions to assist healthcare providers following the highly disruptive Change Healthcare cyberattack. The post HHS Aiding Organizations Hit by Change Healthcare Cyberattack appeared first on SecurityWeek.
SecurityWeek to Host AI Risk Summit June 25-26 at the Ritz-Carlton, Half Moon Bay CA
Conference brings together business and government stakeholders to provide meaningful guidance on risk management and cybersecurity in the age of artificial intelligence. The post SecurityWeek to Host AI Risk Summit June 25-26 at the Ritz-Carlton, Half Moon Bay CA appeared first on SecurityWeek.
Endpoint security and the rise of Managed Device Services
Despite growing interest in “as a service” consumption models for everything from infrastructure to storage, most enterprises have continued to procure, maintain, and manage endpoint devices in-house. But as the security threat landscape becomes more complicated, and hybrid and remote working models take root at scale, IT leaders are questioning this traditional approach to device […]
5 tips for securing your remote workspace
Hybrid and remote working have become a permanent feature for the majority of businesses, as shown by multiple studies. However, for IT teams changing working models represent a challenge. Security professionals must adapt controls to a world where the perimeter is distributed, and users can log into corporate resources from any network and any device. […]
Salesforce rebrands its low-code platform to Einstein 1 Studio
Salesforce on Wednesday rebranded its low-code platform, Einstein Studio, to provide developers a set of tools to customize Einstein Copilot and add new capabilities to it. Einstein Studio, now rebranded to Einstein 1 Studio, comes bundled with the company’s Data Cloud at no added cost and features capabilities such as a control panel to […]
Android’s March 2024 Update Patches Critical Vulnerabilities
Android’s March 2024 security update resolves 38 vulnerabilities, including two critical flaws in the System component. The post Android’s March 2024 Update Patches Critical Vulnerabilities appeared first on SecurityWeek.
Cyber Insights 2024: OT, ICS and IIoT
In an age of increasing geopolitical tensions caused by actual wars, and the threat of Chinese action against Taiwan, OT is a target that cannot be ignored by nation states. The post Cyber Insights 2024: OT, ICS and IIoT appeared first on SecurityWeek.
BlackCat Ransomware Gang Suspected of Pulling Exit Scam
The BlackCat ransomware gang announces shutdown as an affiliate accuses theft of $22 million ransom payment. The post BlackCat Ransomware Gang Suspected of Pulling Exit Scam appeared first on SecurityWeek.
CISA Warns of Pixel Phone Vulnerability Exploitation
CISA adds Pixel Android phone (CVE-2023-21237) and Sunhillo SureLine (CVE-2021-36380) flaws to its known exploited vulnerabilities catalog. The post CISA Warns of Pixel Phone Vulnerability Exploitation appeared first on SecurityWeek.
India’s advisory on LLM usage causes consternation
India’s Ministry of Electronics and Information Technology (MeitY) has caused consternation with its stern reminder to makers and users of large language models (LLMs) of their obligations under the country’s IT Act, after Google’s Gemini model was prompted to make derogatory remarks about Indian Prime Minister Narendra Modi. The ministry’s reaction, in the form of […]
How CIOs use AI to elevate CX services
IT industry researchers believe the biggest impact of gen AI this year will be in customer experience (CX), with organizations using vast amounts of data to communicate with consumers and resolve problems faster. Technology specialist Salesforce reports that more than two-thirds of service professionals believe gen AI will help them serve their customers better, while Forrester expects […]
The change management Informatica needed to overhaul its business model
What is the business transformation currently underway at Informatica? When we were taken private in 2015, we were a traditional software vendor, but the market was starting to embrace the cloud. Many of our customers had already started to move their applications and it made sense they would want to transition to data management in […]
CrowdStrike to Acquire Flow Security
CrowdStrike says the acquisition of Flow Security will expand its cloud security capabilities with Data Security Posture Management. The post CrowdStrike to Acquire Flow Security appeared first on SecurityWeek.
Apple Blunts Zero-Day Attacks With iOS 17.4 Update
Apple rolls out urgent patches to fix multiple security flaws in its flagship iOS platform and warned about zero-day exploits in the wild. The post Apple Blunts Zero-Day Attacks With iOS 17.4 Update appeared first on SecurityWeek.
DXにおける黒魔術とその取得方法
DXへの抵抗は様々な形で現れます。そんな時は魔法使い、あるいはCIOがトリックを使って解決しなければなりません。 新しいことに挑戦して運用方法を変えるよう、社員や中間管理職を説得する必要が出てきます。権力や規則に縛られ苦境に陥ったり、「社内で構築されたものではない」という考え方と闘わなければならないこともあります。おそらく、自身の縄張りを守ろうとする熾烈な企業政治家にも出くわすことでしょう。 ここでは、(あまり多くの)敵を作ることなく、無関心や無知、無気力、テクノフォビア、ありきたりの強情さなどを克服しなければならないということです。 それを実行する方法は通常、業務管理ガイドには記されていませんが、Book of SpellsやNecronomiconは多少参考になるかもしれません。周りの反対を押し切ってIT戦略を実現するコツについて、トップのITリーダーに聞いてみました。 1.反対勢力を魅了する 確固とした意見を持ち、さらには強いエゴを持っていなければ、大企業のトップにまで上りつめることはできません。しかし、これらの人たちに耳を傾けてもらうのに、まじないをかけたり呪文を唱える必要はありません。 チョコレートの中におもちゃが入ったお菓子だけで十分なこともあります。 男性優位の世界において、153センチの小柄な女性、ジョアナ・フリードマン氏は、自身のキャリアを通して周りの関心を引くためにより努力する必要がありました。彼女の魔術とは、キンダーサプライス(中におもちゃが入っている卵型チョコレート)のプレゼントです。 「チョコレートは私が大好きな経営ツールです」とトロントを拠点とするITアドバイザリーグループ、ConnektedmindsでスマートマニファクチャリングのCEOおよびプリンシパルを務めるフリードマン氏は語ります。製造業界のベテランである氏は、これまでにIBM、ブリストル・マイヤーズスクイブ、また大手製薬会社のグラクソスミスクライン、およびセレスティカでキャリアを積んできました。「CIOとしてミーティングに参加している時に誰かがやる気を見せなかったり、機嫌が悪そうな時は、キンダーサプライズをあげるんです。もらった人がチョコレートを食べておもちゃで遊び始めると、部屋全体の雰囲気が変わるんですよ」 氏は、このチョコレートの入った箱をオフィスにキープしています。それを聞いた経営幹部たちが午後チョコレートを求めて部屋に来ることもあります。程なく彼女は主要関係者たちとの関係を育み、彼らの懸念事項について学び、ビジネス目標の達成に向けてITがどのようにサポートできるかについて話し合いました。 それから数か月後、製造業者のPLMシステムの見直しにさらなる40万ドルを求めた際、予算外の支出であったためCFOは強く反対しましたが、会議に参加していた他のビジネスリーダーからはサポートが得られました。氏は最終的に本プロジェクトに60万ドルの予算を勝ち取ったのです。 「私は身長が153センチしかありません。ゴルフはどんなに頑張っても上手になれませんが、チョコレートがたくさん入った箱を持って会議室に入り、『誰がどのおもちゃをもらえるのでしょうね?』と尋ねることはできます。とっても喜んでもらえるんですよ。CIOができる最高のトリックは、思いがけないことを前向きな方法で実行するということです」と氏は述べています。 子どもが窒息する可能性があるために、FDA制限により、残念なことにキンダーサプライズはアメリカでは販売されていません。アメリカ在住のCIOは何か他のスイーツのお守りを見つけなければならないということです。 2.戦略的提携の確立 トロールやゴブリンに勝ちたければ、エルフとドワーフの助けが必要になります。エンジニアリング効率化プラットフォーム、SleuthのCEOおよび共同創立者であるディラン・エトキン氏は、組織の優れたテクノロジーリーダーになるには、組織内で適切な同盟者を得ることが不可欠であると述べています。 「エンジニアリング分野でリーダーシップを取るためには、製品分野に強力な同盟者がいなくては成功しません。開発者は時に、管理者は必要ないと考えたり、技術以外の側面を低く見ることがあります。そのような考えでは絶対に何も達成できないのです」と氏は語ります。 Jiraのオリジナルアーキテストであり、Atlassianでの勤務経験がある氏は、同僚との協力関係の構築に苦労したこともあると述べています。作業の進め方についてかなり異なる考え方を持つ同僚たちと同じ認識を持つ方法を見つけなければならなりませんでした。それを実現するには、たくさん質問してその答えに耳を傾けることが必要でした。 「同僚はあなたの仕事を促進してくれる人たちであり、彼らとある程度足並みを揃えていくことが必要なのです。彼らの取り組みが理に適っていないと思う場合でも、十分緊密な関係を築いていれば、彼らの決定事項にある程度影響を及ぼすことができます」と氏は述べています。 氏がAtlassianでBitbucketチームを先導していた際、同社の設立者たちが好んで使用していた分散型バージョン管理システム(Mercurial)をやめさせ、市場の80%を占めるGitへの移行するよう説得することができました。 「GitHubで競合優位性を高めるには、技術的負債を負うことに対する経営幹部の懸念にも関わらず、Gitのサポートが必要であることは明確でした。その分野で競争力を得るためには、彼らの同意を得ることが重要だったのです」と氏は述べています。 その他には、法的部門と人事部門との連携が必要だと氏は付け加えています。 「こういった部門の人たちはいつの日かあなたを救うか苦しめることになるでしょう。私は彼らとは常にフレンドリーな関係をキープするようにしています」 3.敵の救助 あなたが制圧しようとしている勢力はあなたに反対している個人ではなく、彼ら自身が閉じ込められているシステムであるかもしれないという可能性を忘れてはなりません。 特定の方法で運用が成功している組織は、物事を大きく変える理由があまり見出せないかもしれません。破壊的な新規参入者による競争の激化や、革新的テクノロジーの出現などで変更が必要になった場合でも、社内の慣性の克服にあなたの魔法の力をすべて使い果たしてしまうかもしれません。 フルスタックDX企業であるRise 8の創立者兼CEOのブリオン・クローガー氏は、真に妨害しているものが何であるかを識別して、適切なターゲットに向けて取り組まなければならないと述べています。 「何かを変えようとしているあなたの努力が妨げられていると感じる時、その敵が個人や集団であるかのように感じることがよくあります。確かにそういう時もありますが、ます『抵抗しているのは人なのか、それとも社風なのか』を考えることが重要です」 LinkedInで 「官僚制度のハッカー」の役職名を使っているクローガー氏は、10年間アメリカ空軍に勤務していました。米空軍のアジャイルソフトウェア開発ラボであるKessel Runの共同創立者でもある氏は、階層構造が根強い組織への対応に長けています。 Kessel Runを構築している際、クローガー氏と彼のチームは、米空軍のガバナンス、リスク管理、コンプライアンスの膨大なプロセスと対立することが往々にしてありました。氏のチームは監査役を敵として扱うのではなく、時間をかけて彼らのペインポイントの理解に努めました。その後、監査プロセスを自動化・合理化し、コンプライアンスチームがリアルタイムでレポートを得られる新システムを設計しました。 「1年に1度レポートを提出する代わりに、彼らのリスクコンプライアンスフレームワークを全く却下することなく、継続的なコンプライアンスを実現できたのです。4半期ごとにセキュリティスキャンを実行するのではなく、すべての確定ごとに1日複数回スキャンしたのです。最終的には、デリバリーのスピードを遅らせることなく、必要なことをすべて実行できました」と氏は述べています。 彼らの成功への鍵は、「共感」という言葉に要約されます。 「まず共感を育むことが必要です。相手の仕事をより楽に、より速く、より効率的にできるようにするにはどのようにすればいいか考えます。真の意味での共感とは、何かが変わることを期待せずにその人の立場を理解することなのです」 4.大胆不敵になる 改革を推進する時は必ず、様々な方向から攻撃されます。松明や槍を抱えたオークがあなたの城の扉を壊そうとするのです。それが競合企業の場合もありますが、多くは隠れた意図を持ったり、変化に抵抗する組織内の同僚であったりすることが多いのです。 コードレスアプリケーション開発プラットフォームであるUnqorkの創立者兼CEOのギャリー・ホバーマン氏は次のように語っています。「CIOだった頃は、私をトラックでひいてやりたいと思ってた人が少なくとも15人はいました。それが15人未満になったら、私は自分の仕事をきちんとしていないと感じたものです」 氏はUnqorkの創立前、ウォールストリートで25年間働いていましたが、そのほとんどはフォーチュン50金融サービス企業にてテクノロジー担当の専務取締役を務めていましました。敵を作ることはこの業界では避けることができません。 「CIOとしての私の役割は組織全体の改革でした。顧客は私のビジネスパートナーではなく、会社のお客様であると信じていましました。つまり、私は常に常識に逆らい、自分を拒絶しようとする抗体と戦っていたのです」と氏は述べています。 2000年代の中頃、ホバーマン氏は、Eコマースのプラットフォームを開発し、社全体で広く採用されました。当時のトレーニング担当者から、新規採用のトレーダーがより早く仕事に慣れるためのソフトウェア開発を依頼されました。当時はトレーダーにコンピューターとアカウントを提供するのに2週間も要し、その結果、会社は何百万ドルもの損失を被っていたのです。ホバーマン氏のチームは1か月以内にすべてのプロセスを自動化し、トレーダーはすぐに仕事に取り掛かれるようになりました。 これがうまくいったとたん、企業の官僚主義が働いて、『いいね、これから4年間かけて、毎月、建物ごとに展開していこう』と言われたんです。だから私は『そんなのクソくらえだ。君たちは私に追いつく方法を考えてくれ』と言ってやったんですよ」とホバーマンは述懐しています。 このソフトウェアのおかげで、この金融サービス会社の生産性が年間およそ3億ドル向上したと氏は見積もっています。 「テクノロジーのリーダーは大胆不敵であることが必要です。『私はチームをサポートし、変化を推進し、物事を破壊していくんだ』と怯むことなく言えなければなりません。それが成功への秘訣です」と氏は述べています。 5.戦いをせず、平和を作る 状況が不利な場合、通常は武器を置いて交渉する方がいいのです。Wake County, N.CのCIOであるジョナサン・フェルドマン氏は、社内政治はテクノロジーリーダーに忌み嫌われることが多いものだけれども、代替案よりはましだろうと語っています。 「IT関係者は従来から『反政治的』立場を取ってきました。しかし私は、いつもスタッフに、政治に代わるものは戦争だと言い聞かせています。戦争は誰の利益にもならず、必ず誰かが傷つくのです」と氏は述べています。 ある程度社内政治に関わることでより理解が深まり、相互に利益のある協力につながると氏は付け加えています。 内心、経営陣が誤った判断をしていると思っても、時には「反対だけれどコミットする」ことが必要だとエトキン氏は述べています。例えば、氏のスタートアップ企業がアトラシアンに買収された直後、エトキン氏はシングルサインオンシステムを導入しなければならないと言われました。 […]
Three predictions for AI and automation business adoption
AI’s honeymoon with the enterprise is coming to an end. It’s time to get to business. That’s one of the main themes from IDC’s recent predictions report, “IDC FutureScape: Worldwide Artificial Intelligence and Automation 2024 Top 10 Predictions”. But even though IT decision-makers will be scrutinizing AI and automation investments, you can rest assured they […]
AWS to invest $5.3 to build data centers in Saudi Arabia to bolster tech in the region
Amazon Web Services (AWS) is the latest high-tech giant to announce a major stake in Saudi Arabia’s burgeoning technology industry, unveiling a plan this week to invest more than $5.3 billion in the Middle East kingdom to build data centers and a significant cloud presence in the region. Specifically, AWS will launch what it’s calling […]
US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials
The Treasury Department sanctioned individuals associated with Intellexa Consortium, maker of the powerful Predator Spyware. The post US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials appeared first on SecurityWeek.
Simplify IT operations with observability and AIOps
IT organizations are taxed with managing, maintaining, and augmenting complex IT infrastructures that are constantly evolving. At the same time, they must deliver consistent IT service performance and availability to end users, while enabling innovative digital transformation for the business. And yet, IT teams face significant challenges, including: Addressing information overload Predicting capacity planning Assessing […]
VMware Patches Critical ESXi Sandbox Escape Flaws
The most serious flaws allow hackers with local admin rights to execute code as the virtual machine’s VMX process running on the host. The post VMware Patches Critical ESXi Sandbox Escape Flaws appeared first on SecurityWeek.
Prosperity Bank embraces AIOps with BMC Helix
There’s immense pressure on IT to become more productive, increase uptime, and reduce outages all while keeping costs in check. It’s a big challenge for CIOs to meet, which is why so many are turning to AIOps. Recently, that’s exactly the course Gisela Riggan, EVP and CIO at Prosperity Bank, chose to pursue, and she […]
Dtex Systems Snags $50M from Alphabet’s CapitalG
Insider threat detection firm Dtex Systems raises $50 million in a funding round led by the investment arm of Google’s parent company. The post Dtex Systems Snags $50M from Alphabet’s CapitalG appeared first on SecurityWeek.
Cloudflare Introduces AI Security Solutions
Cloudflare introduces security products that use AI, protect AI, and defend against AI-enhanced phishing. The post Cloudflare Introduces AI Security Solutions appeared first on SecurityWeek.
Axonius Banks $200 Million in Late-Stage Funding
Axonius has raised approximately $600 million since 2017 and is considered one of cybersecurity’s so-called unicorns with a valuation of $2.6 billion. The post Axonius Banks $200 Million in Late-Stage Funding appeared first on SecurityWeek.
Investment Firm Team8 Raises Additional $500 Million
Investment firm Team8 has raised $500 million in new funds, bringing its total assets under management to over $1 billion. The post Investment Firm Team8 Raises Additional $500 Million appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 27 Deals Announced in February 2024
Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in February 2024. The post Cybersecurity M&A Roundup: 27 Deals Announced in February 2024 appeared first on SecurityWeek.
Achieve scalable cyber resiliency in the cloud during an age of exponential data growth
Data volumes continue to grow exponentially, and there’s no end in sight. IDC predicts that the amount of commercial data in storage will be 12.8 ZB by 2026. A typical novel contains 1 MB of data and is about 12 mm thick, so 12.8 ZB of data in novelized form would create nearly 400,000 stacks of […]
American Express Discloses Data Breach
American Express says names, card account numbers, and card expiration dates were compromised in a data breach. The post American Express Discloses Data Breach appeared first on SecurityWeek.
Zeek Security Tool Vulnerabilities Allow ICS Network Hacking
Vulnerabilities in a plugin for the Zeek network security monitoring tool can be exploited in attacks aimed at ICS environments. The post Zeek Security Tool Vulnerabilities Allow ICS Network Hacking appeared first on SecurityWeek.
Critical Vulnerability Exposes TeamCity Servers to Takeover
A critical authentication bypass in TeamCity allows remote attackers to take full control of vulnerable servers. The post Critical Vulnerability Exposes TeamCity Servers to Takeover appeared first on SecurityWeek.
Generative AI copilots: What’s hype and where to drive results
GitHub first launched its copilot in 2021, and Microsoft 365 Copilot became generally available a few months ago. These AI assistants often use the term copilot to indicate how generative AI capabilities embedded in workflow tools can augment and assist people in performing tasks and prompting for information more efficiently. The term copilot has caught […]
What’s enabled Fresenius to transform IT
Transformation should be completed quickly, without getting lost in the minutiae, says Ingo Elfering, group CIO of Fresenius. “It’s better to do it quickly, like taking a Band-Aid off, even if it hurts for a short time,” he summed up at the recent Hamburg IT Strategy Days 2024. So this has been the approach to IT […]
Re-imagining Business Workflows with AI-Powered Automation
Artificial intelligence (AI) is delivering rapid change for Australian business by raising customers’ expectations, generating new competitive challenges, and creating opportunities for new products and services. This rapid change demands a rapid response, but the strength of that response depends greatly on two factors – the agility of systems and processes and the availability of […]
IT Governance: le strategie dei CIO che rendono le loro aziende più competitive
Che l’IT sia strategico per il business non è più un segreto per i CIO. Ma, quando tutto il top management – anzi, l’intera organizzazione – abbracciano questo concetto, allora la trasformazione digitale diventa davvero innovazione. Si tratta di un cambiamento organizzativo spesso incarnato dall’istituzione di una IT Governance, che suggella il ruolo centrale della […]
Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison
The 22-year-old Air National Guard member admitted illegally collecting some of the nation’s most sensitive secrets and sharing them with other users on Discord. The post Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison appeared first on SecurityWeek.
アジャイル開発を進める6つのポイント
6割以上の企業がアジャイル開発を導入 コロナ禍以降、大企業はこぞってDXを推進している。急速な社会の変化の中で企業の生産性や顧客満足度を向上しコストを削減していくためにはデジタル化は不可欠の要素だからだ。 そうしたDX戦略の要となるシステム開発は、インターネットの普及やクラウド化などの影響で開発手法も大きく変わろうとしている。 これまでは要件の定義から設計、開発、テストといった具合に滝のように流れるウォーターフォールという手法でシステム開発が進められてきた。 ところが最近では開発の単位を細かく区切り、それぞれで実装とテストを反復しつつ開発を進めていくアジャルという開発手法に注目が集まっている。 世界屈指のテクノロジー調査会社、ガートナーが2023年7月10日~12日にかけて行ったアジャイルの採用状況の調査(対象は400件)によると、「全てアジャイル開発」と答えた企業は17.5%、「一部アジャイル開発」と答えた企業は44.3%、すでに6割以上の企業がアジャイル開発を導入していることが明らかになっている。 「数年前からアジャイル的な開発は増えてきています。大企業では多くの開発案件が存在するのでどこかの案件でアジャイル開発が行われているということも珍しくはなくなりました。ビジネス環境の変化に迅速に対応する必要があるからです。アジャイル開発でより早くより安く開発したいという思いがあるのだと思います。ただ今までウォーターフォールで開発してきたものをいきなりアジャイルで開発するのは難しい。新しく作る部分や新しいアプリなどでそうした手法が注目されているのだと感じています。一方でアジャイル開発には向かないと思われていた領域でもアジャイル開発の採用が検討されるケースも出てきています」 ガートナージャパンのシニアディレクターアナリストの片山治利氏はこう解説する。 「アジャイル開発とは何か」 そもそもアジャイル開発とは何か。片山氏は「正解がわからない状態で、正解に近づくためのアプローチ(開発手法)」であるという。 Incremental(少しづつ)とIterative(繰り返し)を行い試行錯誤の中でValue(ビジネス価値)を実現していくのが大きな特徴だ。 ウォーターフォールとの違いについて片山氏は「従来のウォーターフォール型開発では外注にお願いしてプロジェクトを進め、いったんプロジェクトが完了すればチームが解散する。後どうなっているのかがわからない。それに対してアジャイル開発では正解に近づくために少しずつ、繰り返しながら進めていく開発なので、成果を確認しながらやっていくことができます。作りっぱなしにならないというのが大きな特徴だと思います」と語る。 片山氏はアジャイルを4つのパターンに類型化している。 1番目は短期間のうちに開発を繰り返していくやり方。1週間から2週間(期間は案件で決められる)を基準にタイムボックスという期間を構築し、そのタイムボックスごとに仕様設計や開発、リリースを行うスプリントを固め、この工程を何度も繰り返して開発を行う手法だ。製造の工程から無駄を省き必要なものだけを残すリーン開発(トヨタの生産方式が応用されたもの)などでよく利用されている。 2番目は上流工程を少しずつ繰り返すパターン。要件定義の部分を繰り返して議論を重ね、開発工程をウォーターフォールで進める手法だ。ユーザーの視点に立ってサービスやプロダクトの本質的な課題・ニーズを発見し、ビジネス上の課題を解決するデザインシンキングなどで利用されている。 3番目は、要件定義・設計をやった後にプロトタイプを作成し、ユーザーが試したフィードバックを受けつつ改善を繰り返す手法だ。パッケージソフトウエアなどを採用する際に利用される手法で、大手航空会社が海外で利用されている予約・発券システムを導入する際に活用された。 4番目は最初に要件定義やグランドデザインを決め、機能単位、稼働単位で五月雨式に開発する手法だ。基幹系のシステム開発など大規模な開発などで活用されている。大手不動産会社がマンション管理や販売管理などの業務システム群の統合と改善をおこなったときにこの手法を利用したほか、大手損害保険会社でも自賠責保険のシステムを再構築した時に活用している。 「議論の中には、1番は本物だけれども2番から4番は偽物なんだという意見もありますが、現場で案件を進める立場からすると、本物も偽物もない。案件の特徴によって合理的な手法を選択すればいいわけです。最近はローコード、ノーコードなどの開発も進んでいます。こうした開発手法では2番と3番を一緒にしたような開発手法も珍しくないようです」(片山氏) アジャイルは「安い」「早い」というイメージが持たれているが必ずしもそうではない。 「アジャイルは試行錯誤の中で開発を進めますが、ウォーターフォールは段取りよく進めていくわけですから、ある程度の規模をもつシステムを開発する場合、アジャイル開発の方がウォーターフォールよりも工数もかかりますし、期間が延びたりすることもあります。(ゴールが明確でプロセスの予測可能性が高い場合などでは)ウォーターフォールをアジャイル的なやり方に変えただけでは、逆にコストが高くなってしまうということもあるのです」(片山氏) アジャイル開発を始めるときに抑えておくべきポイント ではアジャイル開発を進めていく際にどのようなことに注意すればいいのだろうか。片山氏は6つのポイントを挙げている。 「なぜアジャイルか?」について共通認識を持つ 品質をおろそかにしない 迅速な意思決定の仕組みを整える 外部(案件の外側)の阻害要因を克服する 他チーム(ウォーターフォールなど)との調整を図る 未経験者の育成の仕組みを整える ではそれぞれ見ていくことにしよう。 アジャイルは非常によく知られた概念だが、実はさまざまな解釈がある。解釈によってとらえ方が違う。開発者側、ユーザー側などのステークホルダーの間でアジャイルに対して全く違うイメージを抱いていれば、おのずと求められる結果も違ってくる。 「安い」「早い」を求めている人と、「必要なもの」を求めている人ではおのずと求められる結果は異なる。「アジャイル的なことをやり、結果として必要なものができても、安くも早くもないので、会社としてはいったんアジャイルによる開発を中止する、なんて話も聞いたことがあります」(片山氏) 期限についても同じことが言える。アジャイルが「正解がわからない状態で正解に近づくためのアプローチ」であり、少しずつ繰り返しながら価値を実現するものであるとするなら、どこで期限を切るのか、という問題が出てくる。 ウォーターフォールはプロジェクトが終了すれば製品化してプロジェクトは解散されるが、アジャイルはプロジェクトというよりも製品を継続してブラッシュアップしていく商品開発のようなものであるという考え方だ。案件の認識についても共通認識としてしっかりと押さえておかなければならない。 ステークホルダーの間で同床異夢の開発にならないためにはアジャイルに対する共通の認識を持つことが重要だ。 アジャイルは「正解がわからない状態で正解に近づくためのアプローチ」だから、多少の失敗は起こりうる。 しかし品質をおろそかにしてもいいということではない。 「アウトプットされているソフトウエアはきちんと動かなければならないし、バグがたくさんあるような状態でリリースしてもいけない。短い時間で品質を管理しなければならないので、ウォーターフォール以上に品質管理は難しい」(片山氏) 既存の商慣習がアジャイルの難敵に 次に「迅速な意思決定の仕組みを整える」という点について考えてみることにしよう。アジャイルでソフトなどを開発するときには、それを利用するビジネス側の意思決定権者と開発者側リーダー(自社もしくは外部)、そしてビジネス、IT全体の上部管理者が常に課題を共有し、機敏に意思決定していかなければならない。時機を逃さないことが重要だ。 「アジャイルでは短期間で開発を進めていくので、どんどん意思決定していかなければならない。ウォーターフォールの場合は、毎週ミーティングがあって、ステークホルダーとのミーティングが月一回あって、大きな課題の意思決定は月一回ということも多いと思います。月一のミーティングもメンバーの調整がつかなければ翌月に持ち越しても問題はなかった。そうして意思決定が遅れていくことがよくあったのです。最近はビデオカンファレンスなどツールがそろってきているので、上位者たちの意思決定を迅速にすることは可能ですし、迅速化することが重要なのです」(片山氏) アジャイル開発ではプロジェクトの外部にさまざまな阻害要因がある。これまで日本のシステム開発は外部のベンダーなどに頼ってきたことからこれが慣例化し、従来のウォーターフォールを前提とした社内ルールを設けている会社も少なくない。 「会社の中にはさまざまな開発に関するルールがあります。ルールの中には純粋なウォーターフォール的なやり方を想定している場合があるのです。それに合っていないと、会社がそのプロジェクトを認めてくれない。予算や稟議書などの決まり事に合わないとプロジェクトを立ち上げることすらできない。会社としてアジャイル開発を推進していくときには整理しておかなければならない問題です」(片山氏) 「調達」部門が、請負しか開発を認めないという会社もあれば、アジャイル開発のような要件変更は「予算」上NGという会社もある。 会計でもアジャイルに特化した会計はない。したがって既存の会計基準に従って会計処理しなければならないが、ソフトウエアの資産計上のタイミングや範囲が難しい。 そのほか人事ではいままでのIT部門の人事基準がアジャイル人材の評価体系に合わないという問題も出てくる。 「ある会社の方は、アジャイル開発の一番の壁は外注との契約を担当する調達だとおっしゃっていました。これまでのウォーターフォールと違うからダメだといわれてしまう。そしてアジャイル開発を認めてもらうまで3か月もかかり、これだけの時間をかければすでにシステムができていたのに、という話も耳にします。会社の既存のルールとどう調整を図っていくのかということが重要になります」(片山氏) 丸投げ体質を克服できるのかが成功のカギ 調整が必要なのは既存の社内ルールだけではない。「他チーム(非アジャイル)との調整を図る」ことも重要だ。システム開発といってもアジャイル・チームだけでは完遂できない事案が多い。ところがお互いの価値観、手法が異なり協力できない、両方の統括ができるリーダーがいないといった問題もある。結果的には目まぐるしく変化する環境に対して組織が機敏に対応できるようにするアジリティ的手法の成果を発揮できない場合があるのである。 例えばウォーターフォールは品質や堅牢性を重視するが、アジャイルはスピードや流動性を重視する。非アジャイル・チームとの調整が図る必要があるというわけだ。 お互いのビジネス目標を共有化させ、お互いを認めてコミュニケーションを図る。そのためにはお互い丁寧に説明し、事情を理解し、アジャイルを押し付けないで受け入れることが重要だ。 「未経験者の育成の仕組みを整える」ことも重要だという。 開発チームは事業部などでの経験のあるアジャイル未経験者を取り込み、実際の実務がどうなっているのかをしっかりと把握する必要がある。それを踏まえた上でシステムやソフトウエアの開発をする。だから未経験者の育成は必須条件となる。 しかし最初のうちは未経験者が足かせになることもある。 ではどのように育成すればいいのか。誰がどういう立ち位置で育成するのか。ベンダー側の未経験者の育成をどう考えるのか。 「どのような会社でもアジャイルの経験者がたくさんいるわけではないので、未経験者をどう育てていくのかというのは重要な課題となります。研修やOJTなどやり方はいろいろあると思いますが、ちゃんとやっていかないと人は育ちません。アジャイルは経験者でプロフェッショナルが集まって進められていくことを期待されるところがありますが、そこにベンダー側であれユーザー側であれ、未経験者を入れていかなければならないのです。未経験者の存在はそれ自体がプロジェクトの足を引っ張ることになります。誰が面倒みるのかというのも難しい問題です。だからこそ、上手に育てていくことが必要なのです」(片山氏) […]
As insurers look to be more agile, data mesh strategies take centerstage
In an era of business where every industry requires its stakeholders to be capable of quick pivots and sharp turns, siloed information that ultimately slows decision-making can be the ultimate vulnerability. In this way, data may just be the ultimate disruptor – a fact that the insurance industry knows all too well. As data volumes […]
German Authorities Take Down ‘Crimemarket’ Cybercrime Website
With over 180,000 users, Crimemarket was a trading hub for narcotics, cybercrime tools, and crimeware guides. The post German Authorities Take Down ‘Crimemarket’ Cybercrime Website appeared first on SecurityWeek.
Hikvision Patches High-Severity Vulnerability in Security Management System
A high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs. The post Hikvision Patches High-Severity Vulnerability in Security Management System appeared first on SecurityWeek.
How Traffic, State, and Organizational Data Help Fortify Your Network
Traffic data is the lifeblood of network security, representing the raw, unfiltered truth of what is happening on the network. The post How Traffic, State, and Organizational Data Help Fortify Your Network appeared first on SecurityWeek.
Linux Foundation Tackles Financial Fraud With Open Source Platform
The open source platform Tazama provides cost-effective monitoring of digital financial transactions to prevent fraud in real time. The post Linux Foundation Tackles Financial Fraud With Open Source Platform appeared first on SecurityWeek.
FCC Employees Targeted in Sophisticated Phishing Attacks
Advanced phishing kit employs novel tactics in attack targeting cryptocurrency platforms and FCC employees. The post FCC Employees Targeted in Sophisticated Phishing Attacks appeared first on SecurityWeek.
Webinar Tomorrow: OT Cybersecurity Risk Mitigation Strategies
Webinar will provide valuable insights from Honeywell professionals who will guide you through the intricacies of industrial cybersecurity. The post Webinar Tomorrow: OT Cybersecurity Risk Mitigation Strategies appeared first on SecurityWeek.
Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers
Researchers demonstrate that remote Stuxnet-style attacks are possible against many modern PLCs using web-based malware. The post Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers appeared first on SecurityWeek.
Women in Tech: “It’s still essential to celebrate and encourage more women to join the industry”
As Women’s Day approaches, Sirin Aktas, CIO and Executive Committee Member at Edenred Turkey talks to CIO Middle East shining a light on the critical role of women in technology. Q. First of all, how are you? A. I am doing great. Q. Sirin, for those who don’t know you, let us know more about […]
Why your best IT managers quit
It’s one of those sayings that sticks around: People quit managers, not jobs. But, for all its staying power, is it actually accurate? When it comes to why your best IT managers quit, the answer is yes, no, and maybe. Yes, top managers — like all high performers — are less likely to tolerate working […]
4 ways higher ed can close the tech industry’s gender gap
In 2022, women represented 49% of the total employed adults in the US, but a mere 26% of roles in computing and technology, according to a State of the Tech report released last year by the Computing Technology Industry Association (CompTIA), with significantly less representation by Black and Hispanic women. Despite efforts to address this […]
The future of European cybersecurity is autonomous
Globally, 2023 was a challenging year for organisations looking to stay one step ahead of cyber criminals. And Europe was no different. The Royal Mail (UK), software provider Nebu (The Netherlands), eyewear company Luxottica (Italy), and government software provider Xplain (Switzerland) were among a string of organisations to fall victim to cyber attacks. In a […]
Is your print environment secure? Here’s why it should be your 2024 priority
For its 2023 Security Priorities report, Foundry surveyed 790 IT security workers to understand their projects and priorities. Its conclusions were less than optimal. “The adversaries, at least for now, have the upper hand on many global organisations,” the report concluded. Worse, it said “adversaries are accelerating and widening their range of sophisticated attacks at […]
Georgia’s Largest County Is Still Repairing Damage From January Cyberattack
Georgia’s largest county is still repairing damage inflicted on its government offices by a cyberattack in January 2024. The post Georgia’s Largest County Is Still Repairing Damage From January Cyberattack appeared first on SecurityWeek.
Pentagon Leak Suspect Jack Teixeira Expected to Plead Guilty in Federal Case
The Air National Guardsman accused of leaking highly classified military documents on social media is expected to plead guilty in his federal case. The post Pentagon Leak Suspect Jack Teixeira Expected to Plead Guilty in Federal Case appeared first on SecurityWeek.
Some Doorbell Cameras Sold on Amazon and Other Online Sites Have Major Security Flaws, Report Says
Major vulnerabilities were found in cameras manufactured by the Chinese company Eken Group Ltd., which produces video doorbells under the brand names EKEN and Tuck, among others. The post Some Doorbell Cameras Sold on Amazon and Other Online Sites Have Major Security Flaws, Report Says appeared first on SecurityWeek.
The US is Bracing for Complex, Fast-Moving Threats to Elections This Year, FBI Director Warns
FBI Director Christopher Wray says advances in generative AI make it easier for election interference and meddling easier than before. The post The US is Bracing for Complex, Fast-Moving Threats to Elections This Year, FBI Director Warns appeared first on SecurityWeek.
Equipping BPOs is a heavy lift for enterprise IT and security teams. We need a radical change in approach
Nowadays, most any business function — customer contact centers, data analysis, software development, finance, payroll, and more — can be outsourced. Cost-cutting remains a major driver, but companies also like the potential to build more resilient and agile organizations. There are plenty of benefits, ranging from the ability to tap specialized talent, to minimizing fixed […]
In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO Spyware
Noteworthy stories that might have slipped under the radar: Unpatched Google vulnerability exploited, 3D printers hacked by white hats, WhatsApp will get NSO spyware. The post In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO Spyware appeared first on SecurityWeek.
3 data security disciplines to drive AI innovation
AI hype and adoption are seemingly at an all-time high with nearly 70% of respondents to a recent S&P report on Global AI Trends saying they have at least one AI project in production. While the promise of AI can fundamentally reshape business operations, it has also created new risk vectors and opened the doors […]
US Charges Iranian Over Cyberattacks on Government, Defense Organizations
The US has charged an Iranian company’s employee over cyberattacks on State and Treasury Departments and defense contractors. The post US Charges Iranian Over Cyberattacks on Government, Defense Organizations appeared first on SecurityWeek.
Data Breach at Golden Corral Impacts 180,000 Employees
Restaurant chain Golden Corral says personal information was compromised in an August 2023 data breach. The post Data Breach at Golden Corral Impacts 180,000 Employees appeared first on SecurityWeek.
Silence Laboratories Raises $4.1 Million to Protect Sensitive Information
Silence Laboratories will invest the new funds in the research and development of privacy-enhancing technologies. The post Silence Laboratories Raises $4.1 Million to Protect Sensitive Information appeared first on SecurityWeek.
Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks
US government agencies warn of Backmydata, Devos, Eight, Elking, and Faust ransomware attacks connected to Phobos. The post Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks appeared first on SecurityWeek.
Governments Urge Organizations to Hunt for Ivanti VPN Attacks
Credentials stored on Ivanti VPN appliances impacted by recent vulnerabilities are likely compromised, government agencies say. The post Governments Urge Organizations to Hunt for Ivanti VPN Attacks appeared first on SecurityWeek.
CISA Warns of Windows Streaming Service Vulnerability Exploitation
CISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild. The post CISA Warns of Windows Streaming Service Vulnerability Exploitation appeared first on SecurityWeek.
Hackers Stole ‘Sensitive’ Data From Taiwan Telecom Giant: Ministry
Hackers stole “sensitive information” including military and government documents from telecom giant Chunghwa Telecom and sold it on the dark web, the island’s ministry of national defense said. The post Hackers Stole ‘Sensitive’ Data From Taiwan Telecom Giant: Ministry appeared first on SecurityWeek.
Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday
Industry professionals comment on the official release of the NIST Cybersecurity Framework 2.0. The post Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday appeared first on SecurityWeek.
The startup CIO’s guide to formalizing IT for liquidity events
Suppose you lead IT at a VC-backed startup. It just crossed $100M in revenue and is approaching a major liquidity event, such as an IPO. It’s exciting stuff. But as you speak with an expanding cadre of lawyers, accountants, and bankers, you start to appreciate what such an event means for your department. You start […]
15 worthwhile conferences for women in tech
Diversity is a hot topic in the tech industry — and because it’s discussed frequently, it might be easy to feel like things have already changed. But according to data from a survey from Women Tech Network, women earn around $15,000 less per year than their male counterparts, with an average annual salary of $60,828 […]
Biden Administration Will Investigate National Security Risks Posed by Chinese-Made ‘Smart Cars’
Government probe could lead to new regulations aimed at preventing China from using sophisticated technology in connected vehicles to track drivers and their personal information. The post Biden Administration Will Investigate National Security Risks Posed by Chinese-Made ‘Smart Cars’ appeared first on SecurityWeek.
German Steelmaker Thyssenkrupp Confirms Ransomware Attack
German steelmaking conglomerate Thyssenkrupp confirms one of its automotive units was disrupted by a ransomware attack. The post German Steelmaker Thyssenkrupp Confirms Ransomware Attack appeared first on SecurityWeek.
Discount Retail Giant Pepco Loses €15 Million to Cybercriminals
European discount retailer Pepco has lost €15.5 million as a result of what it described as a phishing attack. The post Discount Retail Giant Pepco Loses €15 Million to Cybercriminals appeared first on SecurityWeek.
Iranian Hackers Target Aviation and Defense Sectors in Middle East
An Iranian threat actor tracked as UNC1549 is abusing Azure infrastructure in attacks targeting organizations in the Middle East. The post Iranian Hackers Target Aviation and Defense Sectors in Middle East appeared first on SecurityWeek.
Meta Patches Facebook Account Takeover Vulnerability
Meta has patched a critical vulnerability that could have been exploited to take over any Facebook account via a brute-force attack. The post Meta Patches Facebook Account Takeover Vulnerability appeared first on SecurityWeek.
Cisco Patches High-Severity Vulnerabilities in Data Center OS
Cisco’s semiannual FXOS and NX-OS security advisory bundle resolves two high- and two medium-severity vulnerabilities. The post Cisco Patches High-Severity Vulnerabilities in Data Center OS appeared first on SecurityWeek.
The Imperative for Modern Security: Risk-Based Vulnerability Management
By prioritizing vulnerabilities based on risk and aligning security efforts with business objectives, organizations can enhance their resilience to cyberattacks, optimize resource allocation, and maintain a proactive security posture. The post The Imperative for Modern Security: Risk-Based Vulnerability Management appeared first on SecurityWeek.
By enabling “ask and expert” capabilities, generative AI like Microsoft Copilot will transform manufacturing
Manufacturers are increasingly looking to generative AI as a potential solution to these and other challenges. Research from Avanade, a technology expert that specialises in the Microsoft ecosystem and partner solutions, suggests that 92% of manufacturers aim to be AI-first within a year. This is an ambitious target given that just 7% currently use AI […]
BlackCat Ransomware Gang Claims Attack on Change Healthcare
The Alphv/BlackCat ransomware gang says 6 terabytes of data were stolen from healthcare technology firm Change Healthcare. The post BlackCat Ransomware Gang Claims Attack on Change Healthcare appeared first on SecurityWeek.
Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack
North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. The post Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack appeared first on SecurityWeek.
Captive centers are back. Is DIY offshoring right for you?
Captive centers are on the rise. You’d be forgiven if you’re wondering whether you’ve stumbled on an article from 2016, but, in fact, the practice of launching an offshore IT center wholly owned and operated by the enterprise it serves is back in vogue with notable twists. Everest Group, which monitors 8,500 captive centers around […]
What is a chief data officer? A leader who creates business value from data
The chief data officer (CDO) is a senior executive responsible for the utilization and governance of data across the organization. While the chief data officer title is often shortened to CDO, the role shouldn’t be confused with chief digital officer, which is also frequently referred to as CDO. “The chief data officer is the senior […]
The trick to better answers from generative AI
Generative AI offers great potential as an interface for enabling users to query your data in unique ways to receive answers honed for their needs. For example, as query assistants, generative AI tools can help customers better navigate an extensive product knowledge base using a simple question-and-answer format. But before using generative AI to answer […]
Ecco come i CIO stanno ripensando alle strategie sul cloud
Dopo anni di marcia al ritmo della migrazione al cloud, i CIO stanno diventando sempre più cauti riguardo al mantra cloud-first, comprendendo la necessità di estromettere alcuni carichi di lavoro dal cloud pubblico verso piattaforme in cui verranno eseguiti in modo più produttivo, più efficiente e più economico. “La ‘Cloud exit’ è diventata un tema […]
CIOがAIに光を与える5つの方法
ジェネレーティブAIの急速な普及と民主化は、約150年前に電気と同じことをした電球と比較されてきた。電気の発明(1831年)から数十年後の1879年に発明された電球が、大衆や企業に実用的なユースケースをもたらしたように、ジェネレーティブAIはAIにも同じことをもたらそうとしている。 テクノロジーが研究室から日常生活へと移行するとき、主流への採用は通常、ますます強力になり、証明された初期のユースケースに乗る。このような急速な採用には、可能性の芸術に対する興奮が伴う。これが、ガートナーのハイプ・サイクルにおいて、AIが現在、期待のピークに達している理由の一部である。 実際、ChatGPTは昨年、わずか2ヶ月で1億人以上の月間アクティブユーザーを獲得し、テクノロジー採用のライフサイクルにおける位置づけは、ハイプ・サイクルにおける位置づけを上回っている。私たちはメインストリームでの採用(現在、一般人口の半数近くがジェネレーティブAIを使用している)に達しているが、私たちはまだ膨らんだ期待のピークにいる。つまり、よくよく考えてみると、私たちはまだジェネレーティブAIのガス灯の瞬間にいて、電球の瞬間はまだ来ていないのかもしれない。そして、これは悪いことではない。 ジェネレーティブAIの世界では、コンピューターがいかに驚くべき方法で物事を誤ることができるかを発見している。公的データと私的データの両方にジェネレーティブAIを適用して実験する中で、我々は何がうまく機能し、何がうまく機能しないかをリアルタイムで学んでいる。 以下は、CIOがジェネレーティブAIのハイプ・サイクルをナビゲートし、幻滅の谷から啓蒙の坂道への迅速な移行に備えるための5つの提言である。 顧客、従業員、利害関係者と現実的に向き合う ジェネレーティブAIや関連ソリューションの変革的性質を伝道する一方で、必ずマイナス面も指摘すること。コンサルタント会社や技術ベンダーは、AIが持つ変革の力を誇示する一方で、その欠点にはあまり注意を払わないことが多い。しかし、公平を期すために、多くの企業がこれらの問題への対応に取り組み、様々なプラットフォームやソリューション、ツールキットを提供している。 現実的であるということは、長所と短所を理解し、この情報を顧客、従業員、C-suiteの同僚と共有することを意味する。彼らは、あなたの率直さを高く評価するだろう。明確に説明し、理解できるように、権威ある弊害と欠点のリストを作成する。AIアドバイザーが指摘しているように、ブラックボックス問題、人間の誤った主張に対するAIの脆弱性、幻覚など、マイナス面は枚挙にいとまがない。 企業としての利用方針を定める 以前の記事で述べたように、企業利用方針と関連するトレーニングは、従業員にテクノロジーのリスクや落とし穴について教育し、テクノロジーを最大限に活用するためのルールや推奨事項を提供するのに役立つ。ポリシーの策定にあたっては、関連するすべてのステークホルダーを必ず参加させ、組織内で現在どのようにAIが利用されているか、また将来どのように利用される可能性があるかを検討し、組織全体で広く共有すること。ポリシーは生きた文書とし、必要に応じて適切な周期で更新することが望ましい。このポリシーを導入することで、契約、サイバーセキュリティ、データプライバシー、欺瞞的取引行為、差別、偽情報、倫理、知的財産、検証などに関する多くのリスクから守ることができる。 各ユースケースのビジネス価値を評価する 純粋なテキスト出力の場合、私たちは、優れた文法で書かれたAIからの回答を信じる傾向がある。心理学的に言えば、私たちは背後に強力なインテリジェンスがあると信じがちだが、実際には何が真実で何が誤りなのか、AIは全く理解していない。 ジェネレーティブAIには優れた使用例がいくつかあるが、ケースバイケースでそれぞれを検討する必要がある。例えば、AIは一般的に技術的な予測を書くのが苦手だ。出力される内容は、私たちがすでに知っていることを教えてくれることが多く、また盗作である可能性もある。リライトツールやリフレーズツールを使うことさえ、問題を悪化させる可能性があり、チームは自分たちで予測を書くよりも、こうしたツールを使うことに多くの時間を費やすことになる。戦いを選び、そうすることに明確な利点がある場合にのみ、ジェネレーティブAIを使うのがベストだ。 厳格なテスト基準を維持する ジェネレーティブAIは、組織内の多くの従業員によって利用される可能性が高いため、従業員に長所と短所について教育し、企業の使用ポリシーを出発点として使用することが重要である。これだけ多くのAIが採用される中、我々は皆、事実上テスターであり、学びながら行動している。 組織内では、IT部門であれ事業部門であれ、本番稼働前にテストや実験を行うことを重視し、かなりの時間を確保すること。従業員が経験や学んだ教訓を共有できる社内実践コミュニティを立ち上げることも、全体的な意識を高め、組織全体でベストプラクティスを推進するのに役立つ。 技術的な問題が発生した場合の計画を立てる 私たちは、長く続いた英国の郵便局のスキャンダルで、AI非対応のシステムでさえ、人生を変えるような重大なミスを犯す可能性があることを目の当たりにした。これらのシステムが正しいと誤って思い込むと、何百人もの労働者が誤って標的にされることになる。イギリスの郵便局の事件では、15年の間に700人以上の郵便局長が不正の濡れ衣を着せられ、評判を落とし、離婚や自殺にまで至った。 そのため、AIが誤った行動をとった場合の対策を立てておくことは非常に重要だ。企業の使用ポリシーはガードレールを設定するが、物事がうまくいかなくなったとき、IT部門のガバナンス・プロセスはどのように状況を監視し、対応できるのだろうか?計画はあるのか?ガバナンス・プロセスは、どのようにして正しい答えや判断を区別するのだろうか?間違いが生じた場合のビジネスへの影響はどのようなもので、その修復は容易なのか困難なのか? ジェネレーティブAIが光明を見出す瞬間はそう遠くないが、まずは幻滅の谷を乗り越え、悟りの坂を登り、最終的に生産性のプラトーに到達するまではない。ガス灯も、実験も、途中の学習も、すべてプロセスの一部なのだ。 Careers
Bio digital twins and the future of health innovation
Healthcare technology innovation is poised to revolutionize the medical landscape. At the forefront of this transformation lies biological digital twin (bio digital twin) technology. This technology will help to improve personal, social, and economic outcomes, and help to build a healthier, more prosperous and sustainable future for all. The promise of bio digital twin technology […]
The role of data centers in building a sustainable future
Data is the fabric of our connected world. The rise of streaming and enterprise cloud adoption have driven an explosive surge in computing demand, giving rise to data centers around the world. Now, a new wave of demand driven by data-hungry generative AI applications is arriving, and it’s bringing with it increasing environmental pressures. From […]
Cyber Insights 2024: APIs – A Clear, Present, and Future Danger
The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale. The post Cyber Insights 2024: APIs – A Clear, Present, and Future Danger appeared first on SecurityWeek.
How technology is reshaping the college student experience
Question: Is higher education worth it? Only 59% of students who say they’re likely to re-enroll at their four-year university seem to think so, according to a study recently conducted by RNL, and that number is only slightly higher for community college students. The rest report being dissatisfied with their overall experience at the institution they attend. […]
White House Issues Executive Order on International Data Protection
A coming White House Executive Order seeks to protect personal information by preventing the mass transfer of Americans’ sensitive data to countries of concern. The post White House Issues Executive Order on International Data Protection appeared first on SecurityWeek.
Atos deal to sell its legacy service business falls through
French IT services company Atos has put an end to its attempts to sell its ailing legacy managed infrastructure services business after failing to reach an agreement with a prospective buyer and will now have to glue the two halves of its business back together. Exclusive talks with EP Equity Investment over the sale of […]
US Bans Trading With Canadian Network Intelligence Firm Sandvine
The US has restricted trade with Canadian company Sandvine for aiding the Egyptian government’s web monitoring operations. The post US Bans Trading With Canadian Network Intelligence Firm Sandvine appeared first on SecurityWeek.
Hackers Steal Personal Information From Pharma Giant Cencora
Pharmaceutical solutions provider Cencora discloses a cyberattack that resulted in personal information being stolen from its systems. The post Hackers Steal Personal Information From Pharma Giant Cencora appeared first on SecurityWeek.
US Government Urges Cleanup of Routers Infected by Russia’s APT28
The US government says Russia’s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide. The post US Government Urges Cleanup of Routers Infected by Russia’s APT28 appeared first on SecurityWeek.
Is XDR Enough? The Hidden Gaps in Your Security Net
When evaluating XDR, consider its value based on its ability to reduce complexity and improve threat detection and response times. The post Is XDR Enough? The Hidden Gaps in Your Security Net appeared first on SecurityWeek.
Chinese Cyberspies Use New Malware in Ivanti VPN Attacks
Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades. The post Chinese Cyberspies Use New Malware in Ivanti VPN Attacks appeared first on SecurityWeek.
Intel Core Ultra vPro Platform Brings New Security Features
Intel announces new and improved security features with the latest vPro platform and Core Ultra processors. The post Intel Core Ultra vPro Platform Brings New Security Features appeared first on SecurityWeek.
The multi-faceted digital transformation of Barcelona City Council
A holistic digital transformation of its services, comprised of many technological initiatives, earned Barcelona City Council a place as a finalist for Public Entity of the Year at the CIO 100 Awards Spain 2023 in December. And as its CIO, Nacho Santillana Montiel was the central figure of this distinction due to a series of innovative projects […]
For IT leaders, operationalized gen AI is still a moving target
The rate of companies that have either already deployed generative AI or are actively exploring it is accelerating to the point where, combined, there are very few holdouts. The use of gen AI in the enterprise was nearly nothing in November 2022, where the only tools commonly available were AI image or early text generators. […]
CIOs rethink all-in cloud strategies
After years of marching to the cloud migration drumbeat, CIOs are increasingly becoming circumspect about the cloud-first mantra, catching on to the need to turn some workloads away from the public cloud to platforms where they will run more productively, more efficiently, and cheaper. “‘Cloud exit’ became a big theme in 2023 and there’s good […]
US Gov Says Software Measurability is ‘Hardest Problem to Solve’
White House calls for the “timely, complete, and consistent” publication of CVE and CWE data to help solve the security metrics problem. The post US Gov Says Software Measurability is ‘Hardest Problem to Solve’ appeared first on SecurityWeek.
Whether your technology is new or old, lifecycle management is key
Does your organization see technology infrastructure as a commodity or as a strategic business enabler? The answer will shape your approach to infrastructure: you can keep legacy infrastructure going as long as you can, or you can pursue the cutting edge of technology. However, in an increasingly software-centric environment, both new and legacy assets must […]
Q&A: Businesses need to be the boss of AI, or else
As with any revolutionary technology, artificial intelligence (AI) is viewed with both optimism and fear. The optimistic outlook posits that AI is our virtual assistant, taking care of mundane, task-oriented activities so we have time to conjure up new business ideas. On the other hand, the fearful outlook paints a dystopian picture where robots take […]
A digital paradigm shift for emergency communications: Toronto Fire Services makes history with Avaya
The first telephone call was made almost 150 years ago in Ontario, Canada by Alexander Graham Bell. Today, that call would probably look different. He might have texted Mr. Watson, record a video, or send a DM. There are so many ways we now communicate, and we don’t think twice about the details. We expect […]
Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws
The Black Basta and Bl00dy ransomware gangs have started exploiting two vulnerabilities in ConnectWise ScreenConnect. The post Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws appeared first on SecurityWeek.
Energy Department Invests $45 Million in 16 Projects to Improve Cybersecurity
The US government makes a $45 million investment in 16 projects to improve cybersecurity across the energy sector. The post Energy Department Invests $45 Million in 16 Projects to Improve Cybersecurity appeared first on SecurityWeek.
Domains Once Owned by Major Firms Help Millions of Spam Emails Bypass Security
8,800 domains, many once owned by major companies, have been abused to get millions of emails past spam filters as part of SubdoMailing campaign. The post Domains Once Owned by Major Firms Help Millions of Spam Emails Bypass Security appeared first on SecurityWeek.
Cyber Insights 2024: Quantum and the Cryptopocalypse
Quantum computers are coming, and will defeat current PKE encryption. But this cryptopocalypse is not dependent upon quantum computers — it could happen through other means, at any time. The post Cyber Insights 2024: Quantum and the Cryptopocalypse appeared first on SecurityWeek.
How CIOs in the Middle East address talent shortages
IT organizations are having to transform themselves to meet the evolving needs of the future enterprise, and CIOs are increasingly being tasked with leading this transformation as IT becomes the enterprise operating system. As the world of work continues to evolve and organizations shift to hybrid work models, new challenges and opportunities present themselves. Finding […]
67,000 U-Haul Customers Impacted by Data Breach
U-Haul says customer information was compromised in a data breach involving a reservation tracking system. The post 67,000 U-Haul Customers Impacted by Data Breach appeared first on SecurityWeek.
Artificial Arms Race: What Can Automation and AI do to Advance Red Teams
The best Red Team engagements are a balanced mix of technology, tools and human operators. The post Artificial Arms Race: What Can Automation and AI do to Advance Red Teams appeared first on SecurityWeek.
Canada’s RCMP, Global Affairs Hit by Cyberattacks
Canadian authorities are actively investigating cyberattacks impacting the RCMP network and Global Affairs Canada. The post Canada’s RCMP, Global Affairs Hit by Cyberattacks appeared first on SecurityWeek.
NIST Cybersecurity Framework 2.0 Officially Released
NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago. The post NIST Cybersecurity Framework 2.0 Officially Released appeared first on SecurityWeek.
The biggest enterprise technology M&A deals of the year (so far)
Antitrust regulators in the US and Europe are proving increasingly willing to hold technology giants to account, derailing or delaying proposed acquisitions and enforcing commitments they made to secure past deals. Adobe abandoned its $20 billion bid for Figma in December 2023, and it took Broadcom 59 weeks spanning three fiscal years to get approvals […]
Managing the ‘H’ out of AI
To survive in the Paleolithic Age, you had to be able to hunt and gather. In the Agrarian Age, thriving meant being able to farm. In today’s post-Industrial Age, you will need to master artificial intelligence. Full stop – end of conversation. Well, “master” might not be the right word. Like outrunning the proverbial lion, […]
Composability, come costruire – mattone dopo mattone – un’azienda Agile
Sviluppare un modello operativo capace di mettere insieme le funzioni di business, l’IT e le operation è uno dei compiti più difficili della trasformazione digitale, perché implica profondi cambiamenti nei processi e nei modi di lavorare, ha scritto McKinsey nello studio “Rewired to outcompete (giugno 2023)”. Per questo un numero crescente di CIO è attratto […]
Defining a new era of exponential companies
Before the popularization of DALL-E, Stable Diffusion, and Chat GPT, very few business executives were tasking technology leaders with accelerating AI strategies. That’s all changed. Now, Gartner estimates that by next year, 35% of large organizations will have named a Chief AI Officer reporting to a CEO or COO. And by 2033, the same study […]
How to make the most of global talent opportunities
This article was co-written by Chris Davis, Partner, Metis Strategy, and Kelley Dougherty, Associate, Metis Strategy To succeed as a large, global company, there is no choice but to harness the power of technology talent around the world. There simply aren’t enough people with the right skills, and at the right cost within a single […]
AIがNFLの選手の安全性向上にどのように貢献しているか
日曜日にラスベガスのアレジアント・スタジアムで行われるスーパーボウルLVIIIの最初のキックオフから、人工知能プラットフォームがフィールド上のあらゆる動きを追跡し、選手の安全確保に貢献する。 他の多くのプロスポーツリーグと同様、NFLは何年も前からデータ主導の変革の最先端にいる。例えば2015年、リーグは全選手にRFIDセンサーを装備させ、データ収集の取り組みを劇的に強化した。今シーズン、NFLはアマゾン・ウェブ・サービス(AWS)と緊密に連携し、両者の共同取り組みのための新しいクラブ・ポータルをデビューさせた。これがDigital Athleteである。 Digital Athleteは、AIと機械学習(ML)を活用したプラットフォームで、プレーや体勢から怪我のリスクが高い選手を予測する。このプラットフォームは、選手のRFIDタグ、毎秒60フレームを撮影するフィールド周辺に設置された38台の5K光学追跡カメラ、さらに天候、用具、プレーの種類などその他のデータからデータを取得し、選手の経験に関する完全なビューを構築する。これらのデータソースのひとつが次世代スタッツシステム(NGS)で、全選手の位置、スピード、加速度データをリアルタイムで取得している。 デジタルアスリートは毎週の試合中、680万フレームのビデオをキャプチャして処理し、フィールド上の選手の位置とポジションを約1億件記録している。練習中は、1週間あたり約15,000マイルの選手追跡データを処理しており、これは5億以上のデータポイントに相当する。 AWSのスポーツ部門グローバル責任者であるジュリー・サウザは、「私たちは試合中のシナリオで何百万ものシミュレーションを行い、どの選手が最も怪我のリスクが高いかをチームに伝え、チームはその情報を使って個別の怪我予防コースを開発しています」と語る。 サウザ氏は、ESPNとNBAやその他のスポーツリーグのデータトラッキングと分析を提供するSecond Spectrumの両方で事業開発と戦略の責任者を務めた後、3年以上AWSのスポーツ部門の責任者を務めている。現在、彼女とAWSのチームは、ファンとのエンゲージメントや会場管理から、ゲーム戦略、スカウティング、ルール開発まで、あらゆるものを網羅するデータ駆動型ソリューションをスポーツやエンターテイメント組織が構築するのを支援している。 NFLは昨シーズン、Digital Athleteを試験的に導入し、今シーズンから全32チームが利用できるようになった。 ゲームを変える Digital Athleteを構築する最初のステップは、コンピュータービジョンとMLを使って、AIに試合や練習の映像から情報を引き出すことを教えることだった。例えば、AIプラットフォームが頭部への衝撃を追跡する前に、あらゆる角度からヘルメットの画像を取り込み、ヘルメットの識別方法を学習する必要があった。ヘルメットを識別できるようになると、ヘルメットの衝撃を認識し、NGSデータを相互参照して、どの選手が関与していたかを判断するようになった。 Digital Athleteは、すべてのデータを自由に使用することで、負傷がいつどのように発生したかの状況を再構築し、異なる選手セットを使用してあらゆるプレーのシミュレーションを実行することができる。そして、リスク軽減モデリングを使ってトレーニングデータを分析し、怪我のリスクを最小限に抑えながら選手の理想的なトレーニング量を決定することができる。チームは現在、ポーズ推定と呼ばれる機能に取り組んでいる。これは、空間と時間を通して選手の動きを評価し、身体のポジショニングがどのように怪我につながるかをよりよく理解するためのものだ。 サウザ氏は、このデータは選手にパーソナライズされたトレーニングプログラムを作成するのに役立つだけでなく、リーグレベルでの意思決定の原動力にもなると指摘する。Digital Athleteが使用したデータは、2023年にデビューしたNFLのキックオフの新フェアキャッチルールの重要な要因となった。旧ルールでは、キッカーがボールをエンドゾーンに蹴り込んだり、エンドゾーンを過ぎたりしない限り、チームはキックオフをキャッチしてリターンすることを試みなくてはならなかった。これにより、キックリターナーは、ボールがエンドゾーンの手前で蹴られた場合でもフェアキャッチを要求できるようになり、キックリターンプレーは終了し、フットボールはリターンチームの25ヤードラインに置かれる。 この新ルールの目的は、キックオフリターンを7%減らすことであり、その結果、このプレーによる脳震盪が15%減少することがデータから示唆された。 「キックオフのランバックは、頭からぶつかる場面が多くなる。「ルールやゲームの進め方が変わってきていることを示していると思う」。 Digital Athleteの目的のひとつは、プレーシナリオと負傷の結果との間に似たような相関関係があることを明らかにし、軽減できるリスクに光を当てることにある。 「ケガの可能性を高める特定のプレーやルールを見つけることができれば、そのルールを変更することができる」と彼女は言う。 勘よりデータ デジタルアスリートの最終的な目標は、試合や練習中にフィールドで起こっていることを理解するために、勘や直感ではなくデータを使うことである。このことは、試合の他の分野でも実証されている。例えば、アナリティクスの情報を得たチームが4thダウンコンバージョンを試みる傾向が強まっている。 「以前はこのようなことは話せなかった。直感とか、そういうものがあった。直感的に分かっていることを教えてくれ。それを証明することも、反証することもできるだろう」。 これはスポーツだけでなく、すべてのビジネスに当てはまることだとサウザ氏は言う。 「好奇心を持つというマインドセットを持つことが重要なのです」と彼女は言う。「まずはデータ戦略を立て、データの基礎を築き、その上で質問を投げかける。 その後、データ主導の変革を成功させるには、AI能力の構築は反復プロセスであり、それらの能力が時間とともに成長するよう忍耐が必要であることを知る必要があると彼女は言う。 「モデルを構築して、設定して、それで終わり、ではないですよね?モデルは使いながら賢くなっていくものだ」とサウザ氏は語っていた。 Artificial Intelligence
DOJ hires first chief AI officer to examine internal and external uses
US Attorney General Merrick Garland has appointed the first chief AI officer to the Department of Justice, indicating the technology will face new legal scrutiny. Jonathan Mayer, a well-known computer science and public policy professor at Princeton University, will serve as both the DOJ’s chief AI officer and as its chief science and technology officer. Mayer […]
Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts
US government and allies expose TTPs used by notorious Russian hacking teams and warn of the targeting of dormant cloud accounts. The post Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts appeared first on SecurityWeek.
Cyber Insights 2024: Artificial Intelligence
AI will allow attackers to improve their attacks, and defenders to improve their defense. Over time, little will change — but the battle will be more intense. The post Cyber Insights 2024: Artificial Intelligence appeared first on SecurityWeek.
Zyxel Patches Remote Code Execution Bug in Firewall Products
Taiwanese networking vendor Zyxel confirms security flaws in firewall and access points put users at risk of remote code execution attacks. The post Zyxel Patches Remote Code Execution Bug in Firewall Products appeared first on SecurityWeek.
From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements
Open source is a great way to test the waters and define requirements. But when looking at putting a platform into production, an enterprise-ready solution will ensure you can keep up with business demands. The post From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements appeared first on SecurityWeek.
Generative AI upskilling can help future-proof your company
Many people compare the impact of generative AI on society to the way the Internet democratized information access at the turn of the century. The Internet provided a digital gateway to information discovery, ecommerce and social connections, creating millions of jobs. GenAI is poised to do likewise, but on an exponential scale. Some smart people […]
Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin
The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin. The post Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin appeared first on SecurityWeek.
State-Sponsored Group Blamed for Change Healthcare Breach
UnitedHealth Group is blaming a state-sponsored threat actor for a disruptive cyberattack on its subsidiary Change Healthcare. The post State-Sponsored Group Blamed for Change Healthcare Breach appeared first on SecurityWeek.
LoanDepot Ransomware Attack Exposed 16.9 Million Individuals
Lending firm LoanDepot said the personal information of 16.9 million people was stolen in a ransomware attack in early January. The post LoanDepot Ransomware Attack Exposed 16.9 Million Individuals appeared first on SecurityWeek.
LockBit Ransomware Gang Resurfaces With New Site
The LockBit ransomware operators announce a new leak site as they try to restore credibility after law enforcement takedown. The post LockBit Ransomware Gang Resurfaces With New Site appeared first on SecurityWeek.
5 hot IT leadership trends — and 4 going cold
Amid disruptive leaps in technology, leaders who will succeed in the near future, say experts, are the ones who stay focused on a decidedly low-fi resource: their employees. CIOs and others who manage technology teams are advised to see beyond the churn of constant upskilling, and consider what people excel at: creativity and critical thinking, […]
CAPM certification: Cost, salary, training, and more
What is CAPM certification? The Project Management Institute (PMI) offers several globally recognized certifications in project management, and the Certified Associate Project Manager (CAPM) certification is a great introductory credential to jump-start a career in the field. For those without the requisite experience for the Project Management Professional (PMP) exam, earning the CAPM certification can help demonstrate […]
4 core AI principles that fuel transformation success
New projects can elicit a sense of trepidation from employees, and the overall culture into which change is introduced will reflect how that wariness is expressed and handled. But some common characteristics are central to AI transformation success. Here, in an extract from his book, AI for Business: A practical guide for business leaders to […]
How can businesses prepare their workforce to have the digital skills of tomorrow’s AI-powered workplace?
While the past few years have left us with a business landscape scarred by the impact of economic and geopolitical uncertainties, the current AI movement has become a rocket ship for significant transformative changes set to accelerate new opportunities. Alongside this AI buzz is the exponential data growth within every enterprise; studies show that global […]
White House Wades Into Debate on ‘Open’ Versus ‘Closed’ Artificial Intelligence Systems
The White House is seeking public comment on the risks and benefits of having an AI system’s key components publicly available for anyone to use and modify. The post White House Wades Into Debate on ‘Open’ Versus ‘Closed’ Artificial Intelligence Systems appeared first on SecurityWeek.
Kyndryl bets on partnerships, consulting arm to redeem itself
IBM spin-off Kyndryl is betting on its consulting arm, dubbed Kyndryl Consult, to return to growth by rapidly expanding its partnership ecosystem to deliver more diversified offerings. “We have established an ecosystem of around 30 partners since our spin from IBM well over 24 months ago. Our most recent global partnerships were announced late last […]
Toward Better Patching — A New Approach with a Dose of AI
Use of AI to cut through the noise and confusion of the current vulnerability prioritization approaches suggests an exciting future for AI-assisted operations to vulnerability triaging. The post Toward Better Patching — A New Approach with a Dose of AI appeared first on SecurityWeek.
Apple Shortcuts Vulnerability Exposes Sensitive Information
High-severity vulnerability in Apple Shortcuts could lead to sensitive information leak without user’s knowledge. The post Apple Shortcuts Vulnerability Exposes Sensitive Information appeared first on SecurityWeek.
In Other News: Spyware Vendor Shutdown, Freenom-Meta Settlement, 232 Threat Groups
Noteworthy stories that might have slipped under the radar: Spyware vendor Varonis is shutting down, Crowdstrike tracks 232 threat actors, Meta and Freenom reach settlement. The post In Other News: Spyware Vendor Shutdown, Freenom-Meta Settlement, 232 Threat Groups appeared first on SecurityWeek.
‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery
ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware. The post ‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery appeared first on SecurityWeek.
230k Individuals Impacted by Data Breach at Australian Telco Tangerine
Tangerine Telecom says attackers stole the personal information of 230,000 individuals from a legacy customer database. The post 230k Individuals Impacted by Data Breach at Australian Telco Tangerine appeared first on SecurityWeek.
Nvidia’s strong earnings highlight AI’s rapid incursion across industries
Nvidia has announced stellar earnings for the fourth quarter, further fueling the momentum behind its soaring valuations. This highlights a broad interest in AI across various sectors, including enterprise, healthcare, and automotive. Revenue for the quarter, which ended January 28, reached $22.1 billion, marking a surge of 265% year-on-year. For fiscal 2024, revenue climbed to […]
What are the main challenges CISOs are facing in the Middle East?
Q. From a cybersecurity perspective, how has been 2023? Very eventful year as far as cybersecurity is concerned. The year has been marked by a general increase in state-sponsored attacks due to geopolitical conflicts. The rise of AI has also been increasing and has greatly affected the way cybersecurity could be enhanced at the same […]
AT&T Says the Outage to Its US Cellphone Network Was Not Caused by a Cyberattack
AT&T said the hourslong outage to its U.S. cellphone network Thursday appeared to be the result of a technical error, not a malicious attack. The post AT&T Says the Outage to Its US Cellphone Network Was Not Caused by a Cyberattack appeared first on SecurityWeek.
American Honda IT to fuel innovation with generative AI
The digital reinvention of American Honda Motor Co. may not seem as dramatic as its transformation to fully electric vehicles, but it provides the company’s 30,000-plus employees the engine necessary to help fuel the automaker’s ingenuity. The Torrance, Calif.-based subsidiary of the Japanese automaker, which debuted its first hybrid EV in 1996, is moving into […]
8 revealing statistics about career challenges Black IT pros face
In the past several years, there has been a push to address diversity issues in IT, but data shows that Black professionals still face an uphill battle, receiving less recognition, opportunity, and acceptance than non-Black peers. A 2023 report from Built In found that only 33% of leaders said their company’s DEI metrics improved from […]
Microsoft Releases Red Teaming Tool for Generative AI
Microsoft releases PyRIT red teaming tool to help identify risks in generative AI through automation. The post Microsoft Releases Red Teaming Tool for Generative AI appeared first on SecurityWeek.
FTC Accuses Avast of Selling Customer Browsing Data to Advertisers
European security vendor Avast is charged with harvesting consumer web browsing data through its browser extension and anti-virus software and “and sold it without adequate notice and without consumer consent.” The post FTC Accuses Avast of Selling Customer Browsing Data to Advertisers appeared first on SecurityWeek.
Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million
Eye care practice management firm American Vision Partners faces lawsuit over data breach impacting 2.3 million patients. The post Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million appeared first on SecurityWeek.
Russian Turla Cyberspies Target Polish NGOs With New Backdoor
Russian state-sponsored threat actor Turla has been using a new backdoor in recent attacks targeting Polish NGOs. The post Russian Turla Cyberspies Target Polish NGOs With New Backdoor appeared first on SecurityWeek.
Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool
Threat actors are actively deploying the recently released self-replicating and self-propagating SSH-Snake worm. The post Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool appeared first on SecurityWeek.
Copilot: an indispensable tool for banking security teams
The threat to banks from cyber crime is becoming increasingly complex, as state actors and criminal gangs become more adept at targeting vulnerabilities. A report by the Bank for International Settlements singled out the growth of cloud-based services and remote working as two of the primary drivers behind the heightened risk. System perimeters are more dispersed, with […]
An Online Dump of Chinese Hacking Documents Offers a Rare Window Into Pervasive State Surveillance
Leaked documents show how Chinese authorities surveil dissidents overseas, hack other nations and promote pro-Beijing narratives online. The post An Online Dump of Chinese Hacking Documents Offers a Rare Window Into Pervasive State Surveillance appeared first on SecurityWeek.
US Government Issues Guidance on Securing Water Systems
CISA, FBI and EPA release guidance on how Water and Wastewater Systems Sector entities can secure their environments. The post US Government Issues Guidance on Securing Water Systems appeared first on SecurityWeek.
Change Healthcare Cyberattack Causes Significant Disruption
Change Healthcare is experiencing network disruptions after taking systems offline in response to a cyberattack. The post Change Healthcare Cyberattack Causes Significant Disruption appeared first on SecurityWeek.
US Offering $10M for LockBit Leaders as Law Enforcement Taunts Cybercriminals
The US is offering big rewards for information on LockBit cybercriminals as law enforcement claims to have identified some individuals. The post US Offering $10M for LockBit Leaders as Law Enforcement Taunts Cybercriminals appeared first on SecurityWeek.
Google integrates Gemini AI into enterprise tools
Tech major Google has announced that it is replacing Duet AI for Google Workspace with Gemini for Google Workspace as it attempts to offer an alternative to ChatGPT Enterprise. Duet AI for Workspace offered AI integration with Google’s popular applications like Docs and Gmail. The company also announced the launch of two plans, Gemini Business, […]
ESG software: 6 tips for selecting the best fit for your business
Increasing pressures around environment, social, and governance (ESG) concerns have organizations across industries turning to their CIOs to revamp their strategies for ESG reporting. After putting in place the right data infrastructure and governance for ESG reporting, ensuring the enterprise has the right ESG reporting tools in place is critical. To date, many companies have […]
Ferrovial puts AI at the heart of its transformation
With the aim to accelerate innovation and transform its digital infrastructures and services, Ferrovial created its Digital Hub to serve as a meeting point where research and experimentation with digital strategies could, for example, provide new sources of income and improve company operations. Since its creation over five years ago, the Digital Hub has included […]
CIO Gray Nester on fostering a culture of success
Brown & Brown Insurance EVP and CIO Gray Nester leads with intention. In heading up people, strategy, operations, and processes for the world’s seventh-largest insurance brokerage, he instills in his team the courage to challenge the status quo and explore solutions that will further differentiate the firm in the marketplace. Like all the best CIOs, Nester […]
4 rischi che possono nascondersi in una strategia cloud aziendale
Mentre cercano di trovare l’equilibrio ideale tra il cloud e l’on-premise per i loro carichi di lavoro IT, non è raro che i CIO possano trovarsi ad affrontare sorprese che non avevano previsto, cioè quelle in cui le promesse della “nuvola” e dei suoi vendor non si sono rivelate all’altezza delle realtà dell’IT aziendale. Anche […]
SAP 2024年の展望:顧客のための5つの予測
SAPの顧客は、2024年にナビゲートしなければならないことがたくさんある。多くの新製品や新機能の発表、レガシープラットフォームの顧客に対するSAPのコミットメント管理計画に関する疑問、SAP RISEなどの人気製品におけるジェネレーティブAIの加速は、SAPの顧客が今後1年間に把握しておく必要がある主要な問題のほんの一部に過ぎない。 以下は、今年SAPの顧客が直面するであろう5つの予測である。 1. SAP RISEは、顧客がクラウドに移行する際の必然的な一部となるだろう。 顧客は、再生可能な収益と受注残を増やすために導入を促進するというSAPの明白な動機を越えて、RISEの必然性を受け入れるようになるだろう。SAPが単にインフラを管理したり、新しい製品のリパッケージやライセンス体系を導入したりすることに興味があるとは、もはや考えない方がいい。SAPの意図に耳を傾ける人は、SAPの目標が、RISEとGROWの提供を通じてアクセスできる顧客データを活用し、ジェネレーティブAIによって実現される次世代プラットフォームを通じて、加速度的な成長を実現することだと理解するだろう。 SAPの意図に懐疑的な企業は、クリスチャン・クライン最高経営責任者(CEO)が最近の記者会見で、複雑なビジネス上の問題を解決する目的でSAPの基盤モデルに情報を提供するために顧客データを活用することについて、SAPが3万社の顧客から同意を得ていることを語ったSAPの記者会見を見る必要はない。RISEとGROWを通じてのみ次世代AIとサステナビリティ・ソリューションを提供するという彼らの選択は、SAPの意図のさらなる証拠であり、非常に議論を呼んでいる。 そのため、顧客はRISEを技術的、運用的、財務的、商業的な観点から広範かつ総合的に評価するための準備を整える必要がある。さらにSAPの顧客は、データへのアクセスと引き換えにSAPが提供するメリット、保護、制限を理解する必要がある。顧客の現在及び将来のビジネスモデルを混乱させ、予期せぬ競争上の不利益をもたらす可能性を含め、潜在的なビジネス上の影響を考慮すること。 2. SAP は顧客の成功事例を活用し、RISE の採用に影響を与え、推進する。 過去3年間、SAPはRISEとGROW with SAPの舞台を整え、業界ごとに一定の採用を獲得してきた。しかし、各業界で参考になるようなフラッグシップの導入事例は、特に企業顧客レベルでは限られている。 アーリーアダプターがRISE導入成功のメリットを伝え始め、SAPがより多くのフラッグシップ顧客獲得を発表すれば、業界幹部へのプレッシャーは高まるだろう。これは、SAPが克服しなければならない以下のような顧客の課題にもかかわらず、起こるだろう: RISEとS/4 HANAオンプレミスのメリットを比較評価する必要性 RISEの運用モデルと商業モデルの複雑さ 運用サポートを提供するSAPへの信頼 SAP導入による疲労 このような課題があるにもかかわらず、顧客のリーダーシップは、自社のロードマップがSAPの戦略から逸脱している可能性を懸念し、SAP RISEを通じてイノベーションにアクセスできないために競争上の優位性を失うリスクを抱えていると予想される。ミッドレベルのリーダーシップは、SAPのビジョン、成功、そして最大8,000人のSAP従業員に影響を与える可能性のある20億ドルのリストラクチャリング・イニシアチブを位置づけ、エグゼクティブ・リーダーシップに影響を与えるSAPの能力を過小評価すべきではない。 自社のSAP関係の責任者は、現状維持(すなわちECCまたはS/4オンプレミスのまま)がSAPの影響力に対抗するための正しい行動である理由を正当化するために、RISEを徹底的に評価する準備をすべきである。そうでなければ、SAPはあなた方との関係のアジェンダ、順序、結果を不釣り合いにコントロールすることになる。 3. SAPの商業モデルは、RISEとGROWのビジネス慣行が発展するにつれて進化する。 新しいテクノロジーの導入は、常にテクノロジープロバイダー、製品パッケージ、価格設定、契約モデルに影響を与える。RISEとGROWの導入も同様である。しかし、既存のライセンス契約から SAP RISE に移行する SAP 顧客への影響は大きく、以下のような考慮事項がある: RISEパッケージオプション(ベース、プレミアム、プレミアムプラス)の調整 永久ライセンスモデルからサブスクリプションライセンスモデルへの転換 インフラおよび運用サポート要件の調整 セキュリティ、データ保護、データ使用権の交渉 上記の影響の評価に加え、SAP の顧客は、過去 3 年間に導入された以下の SAP RISE 商用モデルおよびバリエーションについても評価および査定を行う必要がある: パブリッククラウド版モデル プライベートクラウド版モデル Private Tailored Optionモデル エンタープライズ版モデル SAPが最近発表した「RISE with SAP Migration and […]
Cyber Insights 2024: Ransomware
Ransomware insights: When ransomware first appeared, the term became associated with encrypting data. This is a misconception. The post Cyber Insights 2024: Ransomware appeared first on SecurityWeek.
Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers
Researchers document VoltSchemer attacks that manipulate power voltage to take over commercial wireless chargers. The post Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers appeared first on SecurityWeek.
ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation
Security experts describe exploitation of the CVSS 10/10 flaw as “trivial and embarrassingly easy.” The post ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation appeared first on SecurityWeek.
Vector Database vs. Knowledge Graph: Making the Right Choice When Implementing RAG
Generative AI (GenAI) continues to amaze users with its ability to synthesize vast amounts of information to produce near-instant outputs. While it’s those outputs that get all of the attention, the real magic is happening behind the scenes where complex data organization and retrieval techniques are allowing these connections between disparate data points to be […]
Webinar Tomorrow: The Active Threat Landscape in the Cloud
Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them. The post Webinar Tomorrow: The Active Threat Landscape in the Cloud appeared first on SecurityWeek.
Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes
A new Biden executive order to boost the cybersecurity of US ports highlights the risks associated with the use of Chinese cranes. The post Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes appeared first on SecurityWeek.
Apple Adds Post-Quantum Encryption to iMessage
Apple unveils PQ3, a new post-quantum cryptographic protocol for iMessage designed to protect communications against quantum computing attacks. The post Apple Adds Post-Quantum Encryption to iMessage appeared first on SecurityWeek.
Diversifying Defenses: FjordPhantom Malware Shows Importance of a Multi-Pronged Approach
Security teams need to combine the angles of client-side and server-side detection in order to have the best chance of mitigating the risk of advanced mobile malware. The post Diversifying Defenses: FjordPhantom Malware Shows Importance of a Multi-Pronged Approach appeared first on SecurityWeek.
Redis Servers Targeted With New ‘Migo’ Malware
Attackers weaken Redis instances to deploy the new Migo malware and install a rootkit and cryptominers. The post Redis Servers Targeted With New ‘Migo’ Malware appeared first on SecurityWeek.
Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox updates. The post Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Control Systems Firm PSI Struggles to Recover From Ransomware Attack
German control system solutions provider PSI Software says it is still recovering from a ransomware attack. The post Control Systems Firm PSI Struggles to Recover From Ransomware Attack appeared first on SecurityWeek.
NSA Announces Retirement of Cybersecurity Director Rob Joyce
NSA says Rob Joyce is retiring as cybersecurity director and will be replaced by David Luber, the current deputy director of cybersecurity. The post NSA Announces Retirement of Cybersecurity Director Rob Joyce appeared first on SecurityWeek.
Why Jackson CIO Mike Hicks had to flip the script on his proven 100-day plan
What has your 100-day plan looked like historically? It’s evolved over my 25 years as a CIO, but in general my approach has been a “listen-plan-act” model. The first 30 days are about listening more than speaking, engaging my business stakeholders and IT team, and identifying people who will be trusted advisors on our transformational […]
Higher-ed CIOs embrace academia’s AI challenges
CIOs on university campuses across the country have an obligation, as technology leaders, to provide the tools and expertise that staff, administration, and professors require to help fulfill the potential of students, and the university itself. But their commitment is becoming more demanding and complex as AI, in its many applications, rises to the top […]
Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force
The ransomware threat is declining as actors pivot to infostealing, according to IBM, which says that attacks on cloud services and critical infrastructures are growing. The post Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force appeared first on SecurityWeek.
Data centers in space
Imagine a world in which data centers were deployed in space. Using a satellite networking system, data would be collected from Earth, then sent to space for processing and storage. The system would use photonics and optical technology, dramatically cutting down on power consumption and boosting data transmission speeds. The Earth’s weather or natural disasters […]
クラウド市場の7つのトレンドとITに与える影響
最近のクラウド市場はまさに成熟の様相を呈しています。 クラウドインフラストラクチャの序列は比較的安定しています。AWSの市場シェアは33%、2番目のMicrosoft Azureは22%、3番目のGoogle Cloudは11%で後塵を拝しています。(IBM、Oracle、Salesforceは2~3%程度) 収益成長率は業界全体で安定していますがやや伸び悩んでいます。ビッグ3のどれもが勢力図を大きく変えるほど他を上回っていません。市場全体の安定性は価格にも及び、いくつかの例を覗いては比較的均一価格です。現時点では、大手企業が同様の製品を提供するまで市場が成長しています。 しかしジェネレーティブAIの出現がすべてを変えます。 OpenAIのChatGPTの一般公開が招いた狂乱は、ハイパースケーラーの間に軍拡競争を引き起こしました。各社は、自社の大規模言語モデル(LLM)を開発し、ジェネレーティブAIアプリケーションを作成できるプラットフォームを構築し、サービス提供のポートフォリオ全体にジェネレーティブAIを統合することによって差別化を図ろうとしているのです。 クラウドコンピューティングのエキスパートであるデビッド・リンティカム氏は、次のように説明しています。「クラウドプロバイダーは、競合企業と比較して自社が提供できるサービスが飽和状態に近づいているのです。その結果、これらのサービスがコモディティ化し、マルチクラウドが人気を高めている今、ストレージやコンピューティングなどの中核サービスはどのクラウドでもほぼ同様になります。 これはクラウドプロバイダーによるジェネレーティブAIの促進が関連しています。誰がこの分野を所有し、従来のクラウドサービス上にこの新しいテクノロジー積み重ねることで、サービスの脱コモディティ化を図ることができるかを決定するレースなのです」ジェネレーティブAIに関するレースはまだ始まったばかりであり、明確なリーダーは存在しませんが、すべてのプレイヤーはレースにリソースをつぎ込んでいます。 OpenAIに100億ドル程出資したマイクロソフトは、WordやExcelなどの生産性アプリからそのEdgeブラウザ、企業向けのクラウド製品であるAzure OpenAI Serviceに至るまで、あらゆるものにChatGPTを埋め込んでいます。 Googleは、ジェネレーティブAIプラットフォームの構築を急いでいます。共同創業者のセルゲイ・ブリン氏とラリー・ペイジ氏も半引退状態から脱却して、ジェネレーティブAIのイニシアチブを立ち上げたくらいです。Googleは、PaLMと呼ばれる自社の大規模言語モデル(LLM)を所有し、自社のAIチップ(テンソル・プロセッシング・ユニット)を開発しており、Vertex AIバナーを基盤に、業界特有の新しいAIベースのサービスを開始しています。近年は、ヘルスケア企業とライフサイエンス企業を対象としたジェネレーティブAIベースのサービスを開始しました。 AWSは近年、企業のソフトウェア開発者が自社のプログラムにジェネレーティブAI機能を埋め込むことができるフルマネージドサービス、Bedrockを発表しました。AWSはまた、低コストのAIチップ (InferentiaとTrainium) を数量限定で製造しています。このチップを社内で使用してジェネレーティブAI機能を強化しており、顧客にもチップを提供しています。 ジェネレーティブAIはクラウド市場において最もホットなトレンドであることは間違いありませんが、CIOが目を向けるべきものは他にもあります。クラウド市場のトップトレンドと、それらがCIOのクラウド戦略に与える影響をここで見てみましょう。 ジェネレーティブAIのゴールドラッシュ – コストの不明確さ 「今年はAIの年だ」とForrester Researchは宣言しています。「どのハイパースケーラーやSaaSプロバイダー、新興企業も、AIへの注目を利用して自社を有利な立場にしたいと思っています。クラウドプロバイダーは、AIサービスを推進して伸び悩む収益から脱却し、ライバル社との差別化を図ろうとしています。企業向けクラウドの顧客は、自社の戦略イニシアチブに出来る限りAIを使いたいと思っていますが、マルチクラウドの複雑さとスプロール化からすでに逼迫しているIT予算を破綻させることなしに実行したいと考えています。 企業のIT部門にジェネレーティブAIベースのクラウドサービスを提供しているのはビッグ3のハイパースケーラーだけではありません。IBMは、オープンスタックベースのwatsonx AIプラットフォームでさらに力を入れています。自社のジェネレーティブAIチップ(GPU)の大部分を各社に提供しているNvidiaは、DGXクラウドと呼ばれるフルスタックのクラウドプラットフォームを構築しました。これはOracleクラウド内に存在するAIサービスで、まもなくAzureとGoogleクラウドで利用できるようになります。 これはCIOにとって、現行の業務プロセスにジェネレーティブAI機能を構築する際にクラウドベースのオプションが多数あるということです。AIベースの新たなアプリケーションを構築するというオプションもあります。 VMwareでエグゼクティブテクニカルアドバイザーを務めるバーナード・ゴールデン氏は、企業の機密データをどのように保護し、LLMデータベースを構築するデータプールに入らないようにすることが課題であると述べています。 リンティカム氏は、ジェネレーティブAIベースのアプリは「実行には高いコストがかかるため、CIOはこのテクノロジーを使う適切なユースケースを見つける必要がある」と付け加えています。 自社が依存するクラウドサービス上に構築されたジェネレーティブAI機能を最大限に活用したいCIOにとって、価格設定に関する当初の説明はかなり曖昧でした。 クラウド価格 – AIのおかげで急上昇 IBMが最高26%のストレージサービスの値上げ、およびIaaSとPaaSサービスの少額の値上げを発表して大いに話題を呼びました。 一般的に言えば、クラウドプロバイダーは競合性を保つために価格上昇を抑えてきました。しかし、業界全体における成長の鈍化により、今後すべてのクラウドベンダーに値上げのプレッシャーが強まる可能性が高くなっています。リンティカム氏は「テクノロジーへの投資から価値を得なければならない時期に来ており、今後数年でクラウドサービスの価格はじわじわと上がっていくと思われる」と述べています。 もちろんクラウドサービスを使用する利点は、顧客は自身のニーズを満たすインフラ構成を選べることです。初代プロセッサーを選べば、それなりの価値があります。しかし高性能のコンピューティングが必要な企業や、AIの恩恵を享受したい企業がより新しいモデルチップを選択する際は、高額になってしまいます。 例えば、Nvidia H100チップでワークロードを実行する場合、前モデルのA100と比較して価格上昇は220%を超えると、Liftr Insightsの運用・製品担当のドリュー・ビクスビー氏は述べています。 さらにハイパースケーラーがGPU(従来のCPUに比べてかなり高価である)を自社のデータセンターに追加すれば、それにかかるコストは顧客に転嫁される可能性が高くなります。 業種別クラウド – ジェネレーティブAIの優位性を享受 業種別クラウドは上昇傾向にあり、ジェネレーティブAIの台頭から恩恵を得るだろうとDeloitte Consultingのプリンシパルであるブライアン・キャンベル氏は述べ、業種別クラウドは「ビジネスとテクノロジーのエグゼクティブ両方の最重要課題である傾向がある」と説明しています。 テクノロジー部門の幹部は、業界特化型クラウドが提供するスピードや柔軟性、および効率性を求めており、ビジネスリーダー達は、自社のビジネスを差別化できる分野に社内の希少な人材を重点的に投入できることを高く評価しています。ヘルスケアや銀行、テクノロジー企業が早期に業種別クラウドを採用しましたが、現在ではエネルギー、製造、公共部門、メディアにまで広がっています。 「近年のジェネレーティブAIの爆発的な急増により、経営幹部たちはジェネレーティブAIを概念実証の域を超えてどのように使用するかを検討するようになってきており、他のテクノロジーと共にジェネレーティブAIを迅速に自社のサービスに取り入れている業種別クラウドの大手プロバイダーやハイパースケーラー、独立ソフトウェアベンダー、システムインテグレーターに目を向けるようになっています」と同氏はさらに述べています。 クラウドとオンプレミス間の不鮮明なライン クラウドとオンプレミスの明確な境界線という古いパラダイムはもう存在しません。様々なシナリオに一斉に展開されるクラウドスタイルサービスの現象にあてはまる用語は多数あります。ハイブリッドクラウド、プライベートクラウド、マルチクラウド、エッジコンピューティング、あるいはIDCが定義するDedicated Cloud Infrastructure as a Service (DCIaaS、サービスとしての専用クラウドインフラ)などです。 […]
Powering the world from space
The demand for energy has never been greater. Traditional sources of energy, such as coal, oil and natural gas, cannot keep up – and are also not environmentally friendly. We need new, more sustainable options for generating power. The solution may lie in a surprising innovation: space solar power systems. Solar power is clean, inexhaustible, […]
ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool
ConnectWise ships patches for extremely critical security defects in its ScreenConnect remote desktop access product and urges emergency patching. The post ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool appeared first on SecurityWeek.
The potential for generative AI in government and public services
Governments and public service agencies understand the enormous potential of generative AI. Recent research by McGuire Research Services for Avanade, shows 82% of government employees are using AI on a daily or weekly basis, while 84% of organisations plan to increase their IT investments by up to 24% to take advantage of AI. Many see […]
Preparing the foundations for Generative AI
Governments and public services agencies are keen to push forwards with generative AI. Recent research by McGuide Research Services for Avanade found 91% of organisations in the sector believe they need to shift to an AI-first operating model within the next 12 months, while 87% of employees feel generative AI tools will make them more […]
Making OT-IT integration a reality with new data architectures and generative AI
Manufacturers have long held a data-driven vision for the future of their industry. It’s one where near real-time data flows seamlessly between IT and operational technology (OT) systems. Where all data – structured, semi-structured, and unstructured – is sourced, unified, and exploited in automated processes, AI tools and by highly skilled, but over-stretched, employees. In […]
Creating value with generative AI in manufacturing
In the face of increased competition, shrinking profit margins, and increasing ESG obligations, manufacturers are looking for ways to make products better, faster, and with less waste. Others are weighing the advantages of subscription-based business models where industrial equipment, automation, and processes are delivered as a service. As the manufacturing sector evolves in these and […]
Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day. The post Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers appeared first on SecurityWeek.
Patient data is at greater risk than ever. AI can help
Patient data represents a treasure trove for hackers. Sensitive personal and medical information can be used in multiple ways, from identity theft and insurance fraud to ransomware attacks. It’s little wonder that data theft is increasingly common in the healthcare sector. In the US, for example, the medical data of more than 88 million individuals […]
Microsoft Copilot will transform the healthcare profession. Here’s how
As generative AI becomes better understood, attitudes towards the technology are shifting dramatically. This can be seen clearly in the healthcare sector, where practitioners are embracing AI applications as a much-needed boost to productivity. New research from Avanade, a technology company that specialises in the Microsoft platform, has revealed that 56% of healthcare and life-science […]
Cyber Insights 2024: Supply Chain
Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers. The post Cyber Insights 2024: Supply Chain appeared first on SecurityWeek.
Volt Typhoon Seen Exfiltrating Sensitive OT Data
Volt Typhoon and two other threat groups that emerged in 2023 can pose a serious threat to ICS/OT, according to industrial cybersecurity firm Dragos. The post Volt Typhoon Seen Exfiltrating Sensitive OT Data appeared first on SecurityWeek.
Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin
Attackers are exploiting a recent remote code execution flaw in the Bricks Builder WordPress plugin to deploy malware. The post Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin appeared first on SecurityWeek.
How strategic partnerships are the key to AI-driven innovation
“Innovate or die,” Peter Drucker’s 1985 exhortation on the importance of constant reinvention, was great business advice for the last 40 or so years. But things have gotten a little more complicated now, as the large-scale roll-out of generative artificial intelligence (GenAI) has introduced the need for a multidisciplinary approach to innovation. Today, it is […]
Cactus Ransomware Group Confirms Hacking Schneider Electric
Cactus ransomware has added Schneider Electric to its leak site, claiming to have stolen 1.5 terabytes of data. The post Cactus Ransomware Group Confirms Hacking Schneider Electric appeared first on SecurityWeek.
Law Enforcement Hacks LockBit Ransomware, Delivers Major Blow to Operation
The LockBit ransomware operation has been severely disrupted by an international law enforcement operation resulting in server seizures and arrests. The post Law Enforcement Hacks LockBit Ransomware, Delivers Major Blow to Operation appeared first on SecurityWeek.
Anatsa Android Banking Trojan Continues to Spread via Google Play
Recent Anatsa Android banking trojan attacks have become more targeted, showing an evolution in tactics. The post Anatsa Android Banking Trojan Continues to Spread via Google Play appeared first on SecurityWeek.
La convergenza tra IT e business: ecco come i CIO reinterpretano il loro ruolo con l’aiuto dell’IA
Analisi dei dati, addestramento dei nuovi modelli di intelligenza artificiale, sviluppo software, ammodernamento dei sistemi legacy, partecipazione alla definizione del budget, dialogo con le funzioni di business, relazione con i fornitori: i compiti del CIO si moltiplicano ogni giorno di più. Non è una sorpresa: mentre le aziende si digitalizzano, la tecnologia si integra in […]
4 hidden risks of your enterprise cloud strategy
As enterprise CIOs seek to find the ideal balance between the cloud and on-prem for their IT workloads, they may find themselves dealing with surprises they did not anticipate — ones where the promise of the cloud, and cloud vendors, fall short versus the realities of enterprise IT. While cloud risk analysis should be no […]
The last thing most CIOs need is an AI plan
Sometimes knowing history (aka “remembering what happened”) can keep you out of trouble. Artificial intelligence presents a case in point. To succeed with AI, your rollout could benefit from a rear-view mirror. Take, for example, how IT’s strategic planning process paved the way for smoothly deploying personal computers throughout the enterprise. Oh, that’s right. It […]
優れたITリーダーの9つの特徴
ITリーダーはメッセージを受け取っている: 仕事を成功させるために必要なのは、技術的なスキルだけではない。仕事を成功させるには、技術的なスキルだけでなく、一般的なビジネス感覚、業界知識、会計の才能も必要だ。マーケティング、オペレーション、サイバーセキュリティ、その他の機能分野での専門知識も重要だ。 近年、ベテランCIOやエグゼクティブ・アドバイザー、経営コンサルタントからは、このようなメッセージが聞かれる。 しかし、このようなアドバイスは、CIOがIT部門を成功裏に管理するために必要なこと、つまりオペレーショナル・エクセレンスを実現し、主要な業績要件を満たすために必要なことだけを語っている。真に際立った存在となるためには、他のトップ・エグゼクティブと同様、優れたCIOもまた、指導者としての心得を備えていなければならない。 ここでは、ベテランCIOとエグゼクティブ・リーダーシップの専門家が、今日、傑出したITリーダーになるために必要な本質的な特徴を紹介する。 1. 成果を出す ITマネジメント・リーダーシップ研究所(IT Management and Leadership Institute)のエグゼクティブ・ディレクターであり、Society for Information Management(SIM)リーダーシップ研究所の一員であるエリック・ブルーム氏は、真のITリーダーは「ITビジネスに長けている」と語る。 つまり、IT予算、プロジェクト、人材ニーズなどの管理に長けているのだ。彼らは、ITポートフォリオ内の様々なテクノロジーについて、深くはないがある程度理解している。そして、ITがサイバーセキュリティや組織の他の機能領域とどのように相互関連しているかを理解している。 このような優れた職務遂行能力は、優れたITリーダーになるための基盤であるとブルームは説明する。なぜなら、第一に、「IT担当者は技術的能力を尊敬している」こと、第二に、マネージャーやエグゼクティブが部下の技術的成長を助けることができること、第三に、その知識によってITマネージャーやエグゼクティブがチームの能力と限界を理解することができることである。 そのため、彼らは「テクノロジーとチームのスキルセットに基づいて何が可能かを知ることができる。それによって、チームを成功に導くことができるのです」とブルームは言う。 2. 優れたコミュニケーターである 長年、CIOには優れたコミュニケーション能力が必要だと言われてきた。ブルーム氏らは、その理由をいくつか挙げている。 まず、CIOの多くは(ほとんどではないにせよ)、地理的に分散し、リモートで働く、より多様な従業員を率いている。さらに、CIOは同様にバーチャルかつ分散した経営陣の一員でもある。 さらにCIOは、自社のITチームからビジネス・プロジェクト・オーナー、C-suiteの同僚、CEO、取締役会メンバー、時には社外の顧客やパートナーに至るまで、より広範なステークホルダーを巻き込まなければならなくなった。そして、それぞれのグループに、それぞれのグループが理解し、受け入れられるような方法で、技術的なロードマップとビジョンを説明することが求められている。 ブルーム氏によれば、CIOはより意図的かつ計画的な対話を行う必要があるという。なぜなら、「ITに関する最高のビジョンを思いついても、それをやる気にさせたい人々に明確に伝えることができなければ、耳に入らないからだ」。 Info-Tech Research Groupは、ITリーダーにとっての優れたコミュニケーション・スキルの重要性を定量化しており、その調査によると、コミュニケーションが10%向上するごとに、ITに対するステークホルダーの満足度が8.6%向上すると指摘している。 3. 他者に影響を与える 優れたITリーダーは、情報交換だけでなく、影響力を行使するためのコミュニケーション・スキルの使い方を心得ている、とリーダーシップ・アドバイザリー会社、ラッセル・レイノルズ・アソシエイツのCIOプラクティス・リーダー、エリック・シグルドソンは言う。 確かに、影響力を行使する能力は、あらゆる分野のリーダーの長年の特徴だ。しかしシグルドソン氏によると、企業の成功に対するテクノロジーの貢献度が飛躍的に高まった今、ITエグゼクティブにとってこの能力はより重要なスキルになっているという。 例えば、CIOの多くはCEOの直属の部下であり、C-suiteの他のすべての責任者と対等な立場にある。 「問題を解決するために上司に相談することができないため、同僚に影響を与えることができなければならない。彼らは水平的に問題を解決しなければならないのです」と彼は付け加える。 同様に、現代のCIOは、IT以外の成果物、つまりデジタルやテクノロジーを駆使したビジネス・イニシアチブに対してより大きな責任を負うようになっている。 その結果、シグルドソン氏は、「CIOが成功するためには、単に教えるだけでなく、有意義なテーマについて他のシニアリーダーを巻き込み、仲間とともに困難なトレードオフに取り組むことができるようになる必要がある」と述べている。 4. 自己主張ができる 自己主張ができることも優れたITリーダーの特徴であると、SIM Leadership Instituteのエグゼクティブ・ディレクターであるジム・ナイト氏は言う。 彼はこう説明する。「多くのIT担当者は、今日でも、どちらかというと命令者のようになり、ビジネスと呼ばれるものに従属的だと感じている。しかし、筋の通らないビジネス上の要求に背中を押せるようになる必要がある。それは、ビジネスの洞察力を持つこと、ビジネスを知ること、業界を知ることと密接に関係している。」 「はっきりさせておきたいのは、アサーティブであるということは、非協力的であったり、独裁的であったり、攻撃的であったりすることではない、ということだ。それについて話し合いましょうと言うことだ。そのためには自信が必要だ。自分のITスキルとビジネススキルに対する自信だ」と彼は言う。 例えば、自己主張の強いCIOは、非現実的なプロジェクトの期限や実行不可能な戦略に対する要求を自信を持って押し返すことができる。 このようなITリーダーは、「知識を駆使して自分の主張を伝え、何がうまくいかないかを説明し、(他者に)実行可能な道筋と、そのために必要なサポート(追加予算や時間の増加など)を示すことを恐れません」と、SIMの役職に就く前はChubb InsuranceのグローバルCIOなど、さまざまなITリーダー職を務めていたナイト氏は付け加える。 5. 他人を信頼している 優れたITリーダーは、他人の偉大さも認めている。 長年のITエグゼクティブで元コンサルタントのジェイミー・スミスは、これを「人を信じること」と呼んでいる。 「自分のチームと彼らの能力を信じ、彼らが最高の仕事ができるように支援することだ」と彼は言う。そのためには、マネジャーやエグゼクティブは、「ボビー・フィッシャーになってチェスの駒を動かすのではなく、仕事が行われているチームが問題を解決するのがベストだ」と認識する必要がある。 さらにこうも言う。「ITで行っていることの複雑さは増しており、(ITマネージャーやエグゼクティブは)もう指揮命令型ではいられない。そのことを意識することが、誰が最も成功するかという大きな差別化要因になる」 現在フェニックス大学のCIOを務めるスミス氏は、このアプローチの価値を実感しているという。 同大学のCIOに就任して間もない頃、IT部門がデータセンターからクラウドへの移行を進めていたところ、システム停止に見舞われたという。 「まだ比較的経験の浅いチームで、彼らは “あと20分待ってくれ […]
Ukrainian Raccoon Infostealer Operator Extradited to US
Alleged Raccoon Infostealer operator Mark Sokolovsky is awaiting trial in the US, after being extradited from the Netherlands. The post Ukrainian Raccoon Infostealer Operator Extradited to US appeared first on SecurityWeek.
Russian Cyberspies Exploit Roundcube Flaws Against European Governments
Russian cyberespionage group targets European government, military, and critical infrastructure entities via Roundcube vulnerabilities. The post Russian Cyberspies Exploit Roundcube Flaws Against European Governments appeared first on SecurityWeek.
Ransomware Group Takes Credit for LoanDepot, Prudential Financial Attacks
The BlackCat/Alphv ransomware group has taken credit for the LoanDepot and Prudential Financial attacks, threatening to sell or leak data. The post Ransomware Group Takes Credit for LoanDepot, Prudential Financial Attacks appeared first on SecurityWeek.
New Google Initiative to Foster AI in Cybersecurity
Google’s new AI Cyber Defense Initiative focuses on boosting cybersecurity through artificial intelligence. The post New Google Initiative to Foster AI in Cybersecurity appeared first on SecurityWeek.
iOS Trojan Collects Face and Other Data for Bank Account Hacking
Chinese hackers use Android and iOS trojans to obtain information needed to steal money from victims’ bank accounts. The post iOS Trojan Collects Face and Other Data for Bank Account Hacking appeared first on SecurityWeek.
IT leaders turn to HBCUs for future IT talent
Officials at the North Carolina Department of Information Technology found themselves in a position familiar to most IT organizations: aware of the need to do more to attract IT workers given that they — like most employers — faced fierce competition for talent. They also believed they needed to take more responsibility for increasing the […]
Build trust to win out with genAI
Over the past 12 months, generative AI has generated fervor and fear in almost equal measure. We’ve all marveled at the tech’s ability to pass bar exams or create award winning photography. But that level of ingenuity is deeply unsettling for many consumers, who perhaps prefer to know that the humans are still at the wheel. This presents […]
Tech Companies Sign Accord to Combat AI-Generated Election Trickery
Executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI and TikTok gathered at the Munich Security Conference to announce a framework for how they respond to AI-generated deepfakes that deliberately trick voters. The post Tech Companies Sign Accord to Combat AI-Generated Election Trickery appeared first on SecurityWeek.
ADP’s cloud transformation pays dividends
For most organizations, a shift to the cloud brings scalability, access to innovative tools, and the possibility of cost savings. For payroll services company ADP, it has paved the way to becoming a SaaS provider capable of taking on big names in enterprise software. An early partner of Amazon, the Roseland, N.J.-based company migrated to […]
Unleashing the power of banks’ data with generative AI
The implications of generative AI on business and society are widely documented, but the banking sector faces a set of unique opportunities and challenges when it comes to adoption. Avanade’s latest research found that bankers view automation and efficiency as the biggest benefits of generative AI – with AI having the potential to fundamentally change […]
The generative AI revolution is transforming how banks work
The generative AI revolution has the power to transform how banks operate. Banks are increasingly turning to AI to assist with a wide range of tasks, from customer onboarding to fraud detection and risk regulation. For generative AI to be truly effective it must have access to the right data, but banks are almost unique […]
Permit.io Raises $8 Million for Authorization Platform
Tel Aviv startup raises $8 million in Series A funding to help developers add secure access approval flows to applications. The post Permit.io Raises $8 Million for Authorization Platform appeared first on SecurityWeek.
Mysterious ‘MMS Fingerprint’ Hack Used by Spyware Firm NSO Group Revealed
The existence of a previously unknown infection technique used by spyware firm NSO Group is suggested by a single line in a contract between NSO and the telecom regulator of Ghana. The post Mysterious ‘MMS Fingerprint’ Hack Used by Spyware Firm NSO Group Revealed appeared first on SecurityWeek.
Ex-Employee’s Admin Credentials Used in US Gov Agency Hack
A threat actor employed the administrative credentials of a former employee to hack a US government organization. The post Ex-Employee’s Admin Credentials Used in US Gov Agency Hack appeared first on SecurityWeek.
EU Watchdog Urged to Reject Meta ‘Pay for Privacy’ Scheme
Civil rights groups called on an EU watchdog to rule against Facebook owner Meta’s scheme to let Europeans pay to opt out of data tracking, which they say violates EU law. The post EU Watchdog Urged to Reject Meta ‘Pay for Privacy’ Scheme appeared first on SecurityWeek.
In Other News: US Hacks Iranian Spy Ship, Rhysida Ransomware Decryption, NIST Guidance
Noteworthy stories that might have slipped under the radar: US hacks Iranian military vessel used for spying, Rhysida ransomware free decryption tool, NIST guidance. The post In Other News: US Hacks Iranian Spy Ship, Rhysida Ransomware Decryption, NIST Guidance appeared first on SecurityWeek.
Eight Vulnerabilities Disclosed in the AI Development Supply Chain
Details of eight vulnerabilities found in the open source supply chain used to develop in-house AI and ML models have been disclosed. All have CVE numbers, one has critical severity, and seven have high severity. The post Eight Vulnerabilities Disclosed in the AI Development Supply Chain appeared first on SecurityWeek.
Vulnerabilities in CUSG CMS Exposed Credit Unions to Attacks
Three vulnerabilities in CU Solutions Group CMS exposed 275 credit unions to credential theft, account takeover. The post Vulnerabilities in CUSG CMS Exposed Credit Unions to Attacks appeared first on SecurityWeek.
CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks
CISA has added CVE-2020-3259, an old Cisco ASA vulnerability exploited by ransomware, to its KEV catalog. The post CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks appeared first on SecurityWeek.
SAP names Philipp Herzig as chief artificial intelligence officer
SAP is reorganizing its AI activities. Philipp Herzig, formerly head of cross-product engineering and experience, now leads a new “end-to-end growth area” focused on AI as the company’s chief artificial intelligence officer (CAIO). Herzig now reports directly to CEO Christian Klein, and will oversee the entire value chain for SAP business AI from research and […]
US Offers $10 Million for Information on BlackCat Ransomware Leaders
The US announces a $10 million reward for information on key members of the Alphv/BlackCat ransomware group. The post US Offers $10 Million for Information on BlackCat Ransomware Leaders appeared first on SecurityWeek.
Why Tomago Aluminium reversed course on its cloud journey
Tomago Aluminium is an industry giant in the Asia-Pacific region, and as IT superintendent, Dennis Moncrieff is responsible for leveraging the right technologies to make the process of producing aluminum more efficient. When talking about the organization’s digital transformation journey, he describes it as a constant. “Sure, digital transformation is a buzzword that’s been bouncing around […]
Ukrainian Pleads Guilty in US to Key Role in Zeus, IcedID Malware Operations
Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to holding key roles in the Zeus and IcedID malware operations. The post Ukrainian Pleads Guilty in US to Key Role in Zeus, IcedID Malware Operations appeared first on SecurityWeek.
FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies
The US government says it has neutralized a network of hundreds of Ubiquiti Edge OS routers under the control of the Russia’s APT28 hackers. The post FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies appeared first on SecurityWeek.
Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn
Hospitals around the country are at risk for attacks like the one that is crippling operations at a children’s hospital, and some say the government is doing too little prevent such breaches. The post Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn appeared first on SecurityWeek.
Microsoft invests €3.2 billion in AI and the cloud in Germany
Microsoft will invest €3.2 billion in Germany by the end of 2025 to double the artificial intelligence and cloud capacities of its data centers there. The company also wants to train more than 1.2 million people in digital skills. Brad Smith, Vice Chair and President of Microsoft, said the aim is to enable the German […]
Cyberattack Disrupts Production at Varta Battery Factories
Production at five plants of German battery maker Varta has been disrupted by a cyberattack, possibly a ransomware attack. The post Cyberattack Disrupts Production at Varta Battery Factories appeared first on SecurityWeek.
ESET Patches High-Severity Privilege Escalation Vulnerability
ESET has released patches for a high-severity elevation of privilege vulnerability in its Windows security products. The post ESET Patches High-Severity Privilege Escalation Vulnerability appeared first on SecurityWeek.
No Security Scrutiny for Half of Major Code Changes: AppSec Survey
Only 54% of major code changes go through a full security review, a new CrowdStrike State of Application Security report reveals. The post No Security Scrutiny for Half of Major Code Changes: AppSec Survey appeared first on SecurityWeek.
New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks
A couple of Wi-Fi authentication bypass vulnerabilities found in open source software can expose enterprise and home networks to attacks. The post New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks appeared first on SecurityWeek.
Microsoft Warns of Exploited Exchange Server Zero-Day
Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks. The post Microsoft Warns of Exploited Exchange Server Zero-Day appeared first on SecurityWeek.
DDoS Hacktivism is Back With a Geopolitical Vengeance
DDoS attacks have evolved from social protests through criminal extortion, hack attack smokescreens and competitor suppression to geopolitical vengeance. The post DDoS Hacktivism is Back With a Geopolitical Vengeance appeared first on SecurityWeek.
Henkel embraces gen AI as enabler and strategic disruptor
Four years ago, German multinational Henkel found itself at a crossroads. Like many incumbents in the consumer packaged goods (CPG) industry, Henkel was slow to embrace digital technologies, resulting in a widening disconnect between the 147-year-old company and the changing needs of its customers. As Henkel CDIO Michael Nilles puts it, by 2019, Marc Andreessen’s […]
4 ways to ensure CEO support for your digital strategy
In the age of digital transformation, the CIO’s role is increasingly central to business, focused on driving growth and establishing a new digital culture across the organization. But without the full support of the CEO, a CIO’s innovation and digital transformation agenda will only go so far. If the CEO doesn’t understand how the CIO […]
5 modi in cui i CIO possono aiutare l’IA generativa a raggiungere il suo momento di gloria
La rapida adozione e il processo di democratizzazione che sta interessando l’IA generativa sono stati paragonati all’avvento della lampadina, che ha fatto lo stesso per l’elettricità, quasi 150 anni fa: la sua invenzione, avvenuta nel 1879, decenni dopo l’invenzione dell’elettricità (1831), ha portato a un radicale cambiamento nella vita per masse di individui e aziende, […]
Cisco Announces It is Laying Off Thousands of Workers
About 5 percent of Cisco’s global workforce will be affected by layoffs, the Silicon Valley-based company said. The post Cisco Announces It is Laying Off Thousands of Workers appeared first on SecurityWeek.
セブン銀行、AI・データ活用への2つの戦略
デジタル技術を活用してビジネスモデルを変革し、企業の競争上の優位性を確立するDX(デジタルトランスフォーメーション)を進めていくうえでAIを活用する企業が増えてきている。 AI活用することでビックデータの分析や分析結果に基づく予測を自動化することが可能になるだけでなく、事業戦略の立案や業務効率化の有効なツールにもなるからだ。 ATMサービスの変革によって現金だけでなく情報の出し入れができる「プラットフォーム」づくりに力を入れるセブン銀行はAIモデル(機械学習モデル)・データを活用し、2つの改革を進めている。 一つはATMやセブン&アイグループのデータを使って新しい商品やサービスを開発したり、潜在的な顧客ニーズを発掘したりして収益拡大につなげる「データビジネス」の領域。 そしてもう一つは各事業部門などが持つ社内データをAIで分析し業務の効率化を図る「データ経営」の領域だ。 すでに「データ経営」ではATMの入出金予測の最適化やインドネシアにおけるATMの設置場所の探索などで実績を上げている。 セブン銀行は2021年7月1日、2021年度から2025年度までの中期経営計画を発表。「人材・組織・企業文化」と「データを軸としたビジネスモデル・プロセス」の両面における企業変革に力を入れることを明らかにした。 しかし水面下ではすでにセブン銀行の「AI・データ」戦略への取り組みは進んでいた。 中心となって動いたのは専務執行役員でセブン・ラボを担当していた松橋正明現社長だ。 4、5人のデータサイエンティストたちと2018年から「データ経営」の検討、ATMのデータの活用やセブン&アイグループのデータ活用についてPOC(Proof of Concept(概念実証))が行われた。 「当初から社員がデータ・AIを活用できる全社的な『データドリブン経営』に変えていこうと考えていました」(松岡氏) コーポレート・トランスフォーメーション部(CX部)の副調査役でデータサイエンティストの松岡真司氏はこう語る。 しかし当時はデータプラットフォームも何もなく、POCをするための環境の構築からやっていかなければならなかった。 「当初は社内ネットワークではデータ分析(python使ったり)をする環境構築が難しかったので、分析用の環境を構築してそこでデータ分析やAI構築(機械学習モデルの構築)をおこなった」(松岡氏) そして2019年には組織化され、セブン・ラボ、データチームが誕生した。 セブン銀行がAI・データ経営を内製化した理由 そして2021年にはデータチーム12人をCX部に移管、AIデータ推進チームとなった。 「それまでは他社に伴走してもらう形で取り組みを進めていたのですが、2021年ごろからは完全内製化に舵を切り、現在のAI構築はAI・データ推進グループの社員データサイエンティストたちで取り組んでいます。AI構築には一部でAutoMLツールを使っているものもいます」(松岡氏) 内製化を選択した理由は、AI活用は不確実性が高く、柔軟性が求められる取り組みだからだ、という。 AIを導入するにはいろいろ多くのハードルがある。AI分析を進めていくためには仮説を立て、データを集めて分析する。それでも精度が出なければ、原因がなんであるのかを究明するために新しいデータを集めたり、機械学習のためのアルゴリズムを変えてみたりする。 こうした業務を外部にゆだねてしまうとなかなか迅速な対応ができず、長期化すればコストかさむ。 しかも貴重なデータが自社には残らないという問題もある。だからこそセブン銀行は内製化に踏み切ったというわけだ。 ではどのようにして現場の社員を取り込みながら内製化してDX化を進めていったのだろうか。 例えばATMの入出金予測にAIを導入したケースを見てみることにしよう。 ATMの集配金など現金管理のサービスは各地にある現金センター単位で計画が立てられ、実行されてきたが、ATMの現金が不足する前に補充するタイミングを経験則だけで予測するのは難しい。そこで2020年夏からAI・データを活用してATMの利用実績データを分析、ATMの紙幣の増減を予測し、ATMの紙幣管理の最適化を図るために、CX部AI・データ推進グループの前身であるセブン・ラボがATMオペレーション統括部を支援する形で行われた。 このとき特に注意を払ったのはデータ集計や機械学習の経験のない業務部門の社員を取り込んでいく仕組みづくりだったという。 CX部はPythonなどでコーディング(プログラミング言語を使ってソフトウエアやアプリケーションを開発するプロセス)して、データ集計や機械学習モデルを作る特徴量作成を行っていたが、そうした経験のない業務部門にとってはコーディングの必要な作業は敷居が高い。そこでマイクロソフトのデータ統合サービス「Azure Date Factory」を採用してノンコーティングのGUI(Graphical User Interface)で特徴量作成やデータ管理が行えるようにし、機械学習モデル作成についても機械学習サービス「Azure Machine Learning」のAuto ML(自動機械学習)機能を使うことでさまざまなモデルが作成できる環境を実現した。 さらにこのプロジェクトでは、「Microsoft Azure」を使ってデータ分析・活用を進めたいという企業向けにマイクロソフトのデータサイエンティストチームが支援するサービス「Data Hack」が採用された。 「CX部では業務部門と連携したデータ活用に取り組んできましたが、業務部門の方自身にもデータ活用のスキルをシェアしていきたいと考えていました。基盤やツールの知識の技術支援、スキルシェア含むテーマ推進の支援を受けられたことがDataHackプログラムの意義かと思います」(松岡氏) このプロジェクトの検証は2021年2月に完了したが、実証実験では37か所ある現金センターのうち、29か所で現行の予測精度を大きく上回る分析結果をあげることができた。 しかし実用化への道は決して平たんなものではない。このやり方で構築したAIは実装当日、精度と処理時間に問題が発生したため、2023年にAI・データ推進チームのデータサイエンティストにより全く異なるアプローチでAIを構築し、現在はそれが利用されている。 しかしこうした取り組みが全社員を巻き込んだ「データドリブン経営」の第一歩につながっていることは間違いない。 データサイエンティストが中心となり社内のIT人材を育成 セブン銀行のAI・データ推進グループのデータサイエンティストは10人。これだけでは取り組めるプロジェクトは限界がある。各部署の協力がいる。 しかし当時のセブン銀行ではほとんどの社員はデータをどう活用すれば社内の改革ができるのかといったことさえよくわかっていなかった。 そこでデータサイエンティストが中心となり社内でのIT人材の育成に力を入れた。 具体的にはどのようなことを行ったのか。 「データサイエンス初級」という教育プログラムを開発し、2021年7月から社内で提供した。 データサイエンティストが社員たちに指導したのは、「AI・データがなぜ注目されているのか」「どのような可能性がるのか」といった基礎的な知識から、社内で誰もが利用できるツールを使ったデータ加工やレポート作成のやり方などだ。 プログラムはオンラインで開催し、毎月10人程度が参加。すでに約550人いる社員のうち230人弱の社員がこのプログラムに参加している。 「特に中途採用の社員の方たちが積極的だという印象を受けます。どの部署でも『データ活用しなければ』という意識があって、新しく入られた方が社内のデータを理解するとか、使えるようになるという意味でも、申し込んでいただいている印象です」(松岡氏) しかし1度の研修だけではなかなか簡単に理解できない人もいる。時間がたてば研修で学んだことを忘れてしまう人たちもいる。そこでデータ活用コミュニティーを立ち上げ、データサイエンティストが中心となって各部署の社員たちに自分たちが作成したAIを披露したり、社員たちがデータサイエンティストの力を借りて作成したAIを発表したりしている。 さらに研修受講者から「自分でもAIを構築できるようなになりたい」という要望があったことから「データサイエンス中級」のプログラムもスタートしている。中級プログラムでは受講者自身がAIを活用することを想定して、「課題の設定」「データセットの作成」「AIの構築、評価」といたAI活用プロジェクトの基本的な進め方から、実際に使う機械学習ツールの使い方までを学ぶ内容となっている。座学2日間、演習・実践2日間の計4日間のプログラムとなっている。 データマネジメントのフレームワーク「DMO」 セブン銀行では2022年3月、中期経営計画の成長戦略として掲げる「事業領域の拡大」を実現するためにシステム基盤を刷新し、日本マイクロソフトが提供するパブリッククラウドプラットフォーム「Microsoft Azure」と野村総合研究所が提供する東西2つの国内データセンターへ移行した。 […]
Microsoft Catches APTs Using ChatGPT for Vuln Research, Malware Scripting
Microsoft threat hunters say foreign APTs are interacting with OpenAI’s ChatGPT to automate malicious vulnerability research, target reconnaissance and malware creation tasks. The post Microsoft Catches APTs Using ChatGPT for Vuln Research, Malware Scripting appeared first on SecurityWeek.
South Korea Says Presumed North Korean Hackers Breached Personal Emails of Presidential Staffer
South Korean President Yoon Suk Yeol’s office said presumed North Korean hackers breached the personal emails of one of his staff members. The post South Korea Says Presumed North Korean Hackers Breached Personal Emails of Presidential Staffer appeared first on SecurityWeek.
Kubernetes Security Firm KTrust Emerges From Stealth With $5.3M in Funding
Israel-based Kubernetes security firm KTrust emerges from stealth mode with $5.3 million in seed funding from VC Awz Ventures. The post Kubernetes Security Firm KTrust Emerges From Stealth With $5.3M in Funding appeared first on SecurityWeek.
Prudential Financial Discloses Data Breach
Prudential Financial says administrative and user data was compromised in a cyberattack earlier this month. The post Prudential Financial Discloses Data Breach appeared first on SecurityWeek.
Zoom Patches Critical Vulnerability in Windows Applications
Zoom patches seven vulnerabilities in its products, including a critical-severity bug in its Windows applications. The post Zoom Patches Critical Vulnerability in Windows Applications appeared first on SecurityWeek.
Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities
AMD and Intel patch dozens of vulnerabilities on February 2024 Patch Tuesday, including multiple high-severity bugs. The post Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities appeared first on SecurityWeek.
KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers
Patches released for a new DNSSEC vulnerability named KeyTrap, described as the worst DNS attack ever discovered. The post KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers appeared first on SecurityWeek.
Beyond the Hype: Questioning FUD in Cybersecurity Marketing
Could cybersecurity professionals benefit from FUD awareness training in the same way that users benefit from phishing awareness training? The post Beyond the Hype: Questioning FUD in Cybersecurity Marketing appeared first on SecurityWeek.
Windows Zero-Day Exploited in Attacks on Financial Market Traders
CVE-2024-21412, one of the security bypass zero-days fixed by Microsoft with Patch Tuesday updates, exploited by Water Hydra (DarkCasino). The post Windows Zero-Day Exploited in Attacks on Financial Market Traders appeared first on SecurityWeek.
Albanian Authorities Accuse Iranian-Backed Hackers of Cyberattack on Institute of Statistics
Albania’s cybersecurity authorities have accused a hacker group “sponsored” by the Iranian government of attacking the country’s Institute of Statistics earlier this month. The post Albanian Authorities Accuse Iranian-Backed Hackers of Cyberattack on Institute of Statistics appeared first on SecurityWeek.
Mapping the progress of Air New Zealand’s digital rebuild
As a household name in international air carriers, Air New Zealand is used to punching above its weight, mainly due to being so remotely based; if you draw 1,200-mile line from Auckland, you don’t even get to the east coast of Australia. So meeting challenges to compete is nothing new, but business all but came […]
Prioritizing AI? Don’t shortchange IT fundamentals
Generative AI continues to dominate IT projects for many organizations, with two thirds of business leaders telling a Harris Poll they’ve already deployed generative AI tools internally, and IDC predicting spend on gen AI will more than double in 2024. But the usual laundry list of priorities for IT hasn’t gone away. Fundamentals like security, […]
SAP Patches Critical Vulnerability Exposing User, Business Data
SAP patches a critical code-injection vulnerability in the SAP ABA (Application Basis) cross-application component. The post SAP Patches Critical Vulnerability Exposing User, Business Data appeared first on SecurityWeek.
Tech Companies Plan to Sign Accord to Combat AI-Generated Election Trickery
Major technology companies are planning to sign an agreement this week that would guide how they try to put a stop to the use of AI tools to disrupt democratic elections. The post Tech Companies Plan to Sign Accord to Combat AI-Generated Election Trickery appeared first on SecurityWeek.
A new way of working transforms Foodstuffs South Island’s digital services
When Shayne Tong took up the role of chief digital officer at New Zealand supermarket co-operative Foodstuffs South Island in 2022, it was clear there was opportunity to modernise and reset how the team worked. The organisation had conducted an independent IT capability review in the months prior, which found that the digital services team […]
Microsoft Confirms Windows Exploits Bypassing Security Features
Patch Tuesday: Microsoft pushes a massive batch of security-themed updates and calls urgent attention to exploits bypassing security features. The post Microsoft Confirms Windows Exploits Bypassing Security Features appeared first on SecurityWeek.
Patch Tuesday: Adobe Warns of Critical Flaws in Widely Deployed Software
Adobe ships patches for at least 30 documented security flaws, warning that users are exposed to code execution, security feature bypass and denial-of-service attacks. The post Patch Tuesday: Adobe Warns of Critical Flaws in Widely Deployed Software appeared first on SecurityWeek.
French Healthcare Payments Processor Breaches Affect Half of Population
France’s data protection agency CNIL says it is investigating massive data breaches at two companies that manage third-party healthcare payments, warning that more than 33 million people may be affected. The post French Healthcare Payments Processor Breaches Affect Half of Population appeared first on SecurityWeek.
Preserving rainforests through innovation and collaboration
Rainforests are under threat from deforestation and climate change. Urgent action is needed to preserve these vital ecosystems, often called the lungs of the Earth. Recognizing that this will take long-term innovation and collaboration, NTT has teamed up with ClimateForce, an organization dedicated to combating climate change, to launch the Smart Rainforest project. NTT’s Smart […]
Willis Lease Finance Corp Discloses Cyberattack
Aircraft parts dealer Willis Lease Finance Corporation (WLFC) notified the SEC that it fell victim to a cyberattack. The post Willis Lease Finance Corp Discloses Cyberattack appeared first on SecurityWeek.
Bank of America Customer Data Stolen in Data Breach
Bank of America is notifying some customers that their personal information was stolen in a data breach at third-party services provider. The post Bank of America Customer Data Stolen in Data Breach appeared first on SecurityWeek.
JFK Airport Taxi Hackers Sentenced to Prison
Two individuals involved in hacking the taxi dispatch system at JFK airport have been sentenced to prison. The post JFK Airport Taxi Hackers Sentenced to Prison appeared first on SecurityWeek.
Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor
Backdoor deployed using recent Ivanti VPN vulnerability enables command execution, web request and system log theft. The post Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities
February 2024 ICS Patch Tuesday: Siemens and Schneider Electric release a total of 18 new security advisories. The post ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities appeared first on SecurityWeek.
Oracle Cloud SCM gets new capabilities to help manage logistics
Oracle is adding new capabilities to its Supply Chain and Manufacturing (SCM) Fusion Cloud to help enterprises manage their logistics. The new features appear in its Oracle Transportation Management and Oracle Global Trade Management applications, and include expanded business intelligence capabilities, enhanced logistics network modelling, a new trade incentive program, and an updated Transportation Management […]
Seeing is Believing… and Securing
Because you can’t secure what you can’t see, having real-time asset visibility across the network is vital to maximizing security, minimizing risk, and protecting the enterprise. The post Seeing is Believing… and Securing appeared first on SecurityWeek.
Ransomware Attack Knocks 100 Romanian Hospitals Offline
Romanian hospitals turn to pen and paper after ransomware attack on centralized healthcare management system. The post Ransomware Attack Knocks 100 Romanian Hospitals Offline appeared first on SecurityWeek.
CISA Warns of Roundcube Webmail Vulnerability Exploitation
CISA has added the Roundcube flaw tracked as CVE-2023-43770 to its known exploited vulnerabilities catalog. The post CISA Warns of Roundcube Webmail Vulnerability Exploitation appeared first on SecurityWeek.
5 key metrics for IT success
IT leaders are drowning in metrics, with many finding themselves up to their KPIs in a seemingly bottomless pool of measurement tools. The result is wasted time, confusion, and, in some cases, conflicting insights. There are several important metrics that can be used to achieve IT success, says Jonathan Nikols, senior vice president of global […]
Step 1 to becoming a business-savvy CIO
Business alignment is often heralded as a key tenet of successful IT strategies. Popular ways of ensuring IT efforts align with business goals range from co-developing strategic plans with executives on the business side of the company to actively collaborating with business users on projects aimed to derive more value from their efforts. All are […]
Black Tech Pipeline connects Black IT pros to DEI-committed employers
In 2018, Pariss Chandler posed a question on Twitter, asking “What does Black Twitter in Tech look like?” A software engineer at the time, Chandler consistently found herself to be the only Black person in the room at work and wanted to connect with others who were having similar experiences. The tweet went viral, connecting […]
IDC Middle East CIO Summit 2024: How CIOs Are Embracing the AI Era
Get ready for the IDC Middle East CIO Summit 2024. Addressing the theme ‘The Future of IT: Rethinking Digitalization for an AI Everywhere World’. This 17th annual edition will explore the pivotal shift that is reshaping the region’s IT landscape and provide essential guidance on navigating AI’s transformative influence across industries. Expert speakers will dissect […]
Digital transformation: nei progetti a tutto campo la chiave è il change management
“Per noi è arrivato il momento di realizzare un forte cambiamento: una trasformazione del modo di operare abilitato dalla tecnologia”. Quanti CIO annunciano con parole simili la ‘svolta’ che imprimono alla loro azienda grazie alla digitalizzazione? “Il digitale è riconosciuto come forte leva di business”, conferma Alessandra Luksch, Direttore dell’Osservatorio Digital Transformation Academy e dell’Osservatorio […]
Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive
A malware tactic dubbed ‘hunter-killer’ is growing, based on an analysis of more than 600,000 malware samples. This may become the standard approach for advanced attacks. The post Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive appeared first on SecurityWeek.
Embracing shadow AI will help accelerate innovation
Emerging technologies catch IT leaders flat-footed, so it comes as no surprise that some are clenching their teeth over shadow AI, or the unsanctioned use of generative AI and associated services. CIOs recall when cloud computing disrupted the industry more than a decade ago. They remember business line leaders using corporate credit cards for cloud […]
Generative AI readiness is shockingly low – these 5 tips will boost it
Generative AI is the biggest breakthrough technology in years, democratizing information creation for the masses. As genAI caught fire in 2023, many organizations rushed to test and learn from the technology and harness it to grow productivity and improve processes. Yet ironically, genAI’s potential has created a paradox within organizations. On one hand, 76% of […]
CIOがAPIガバナンスを支持する理由
ほとんどの企業は、よりソフトウェア中心へと移行しており、この変革に伴い、アプリケーション・プログラミング・インターフェース(API)が急増している。同時に、API標準は膨れ上がる技術カタログの中で実施するのが難しくなっており、APIガバナンス、つまり一貫した設計、バージョン管理、アクセス制御を保証するポリシーを定義し、実施することの実践がより重視されるようになっている、とGartnerのソフトウェアエンジニアリング担当副社長アナリスト兼リサーチ主任のマーク・オニール氏は言う。 ノーコード自動化プラットフォーム企業WorkatoのCIOであるカーター・ブッセ氏は、APIは現在、ビジネスプロセス内の大規模な言語モデル(LLM)を統合し、相互作用させるための重要な接続組織であると付け加える。「企業がこれらのデジタル頭脳を入力し、活用し、ビジネスに組み込みたいのであれば、LLMを様々なビジネス・アプリケーションに接続するAPIが必要になる」と彼は言う。そして、ジェネレーティブAIへの信頼が高まるにつれ、使用されるAPIの数もそれに応じて増加すると予想される。 しかし、APIは次世代テクノロジーをサポートするだけではなく、すでにほとんどの企業で基礎的な役割を果たしている。APIセキュリティ・ソリューションを提供するNoname SecurityのフィールドCISOであるカール・マットソン氏は、APIはほぼすべてのCIOがビジネス価値を提供するための戦略的計画の基盤であると語る。そのため、彼はAPIガバナンスを、この価値が評価され、洗練されるためのテコと見なしている。「優れたガバナンスは、戦略目標を達成するために、運用と戦術の計画を調整し、集中することができる、その投資の遠隔測定である」と彼は言う。 台頭するAPIファースト戦略 APIは、現代のソフトウェア・アーキテクチャの中でいたるところに存在し、無数の接続された機能を促進するために舞台裏で働いている。「プラットフォーム間のデータやビジネスサービスの統合を可能にするAPIは、現在の技術トレンドに非常にマッチしている」と、ソフトウェア会社BizagiのCIO、アントニオ・バスケス氏は言う。「再利用性、コンポーザビリティ、アクセシビリティ、スケーラビリティは、ハイブリッドクラウド、ハイパーオートメーション、AIなどの技術トレンドをサポートするために、優れたAPI戦略が提供できる核となる要素の一部だ。」 これらの理由から、APIファーストは、開発者向けのインターフェースの開発を他の懸念事項よりも優遇する慣行として、盛り上がりを見せている。「APIファースト戦略は、現代の技術トレンドをナビゲートし、イノベーションを促進し、急速に進化する技術的ランドスケープにおける適応性を確保するために不可欠となる」と、エンタープライズ・フラッシュ・ストレージ・プロバイダーであるPure StorageのCIO、クリティカ・バット氏は言う。彼女は、クラウド・コンピューティングとマイクロサービス・アーキテクチャの採用の増加が、正式なAPIファースト・アプローチの最重要推進要因であると考えている。デジタルトランスフォーメーションとサードパーティ・サービスへの依存の高まりも重要な要因だと彼女は付け加える。 APIファーストの文化は、組織全体にポジティブな波及効果をもたらす可能性もある。「IT部門はすでにAPIを使って目的主導のアプリケーションを動かしており、シームレスな統合を可能にし、カスタマイズされパーソナライズされたアプリケーションを通じて従業員のイノベーションを促進しています」とWorkatoのブッセ氏は言う。 ゼロ・トラスト・データ・セキュリティ企業Rubrik, Inc.のCIO兼CDOであるアジャイ・サブロック氏も、APIが今日の技術状況、特にB2B接続において重要であることに同意している。「主にSaaSアプリケーションベースのITアーキテクチャでは、アプリケーション間の双方向のデータフローはAPIを介して実現するのが最適です」と彼は言う。APIファーストの開発は、基礎となるデータの抽象化、自動化の促進、データ使用に関するより良いガバナンス、よりアクセスしやすい監査証跡など、多くの利点をもたらすと同氏は付け加える。 次世代プラットフォームがAPI利用を促進する APIは最先端の開発トレンドの最前線にあり、ここ数年、最新のウェブ・モバイル開発ではフロントエンドのフレームワークがバックエンドでAPIを呼び出している。「現在のAPIトレンドは、開発者が牽引するものであり、より開発者に優しく、軽量なAPIゲートウェイへの移行や、GraphQLの台頭などがあります」と彼は付け加える。 しかし、多くの関心はAIの見通しと、それがどのようにAPI採用を促進するかに集中している。「APIは技術戦略の中心であり続け、OpenAIプラグインを含むLLMによる利用により、これまで以上に不可欠なものとなっている」とオニール氏は言う。「Gen AI LLMは、複数のAIアプリケーションで活用されるAPIを提供し、APIの利用を指数関数的に増加させている。」 API利用が増加する背景には、他にも重要な原動力がある。例えば、サブロック氏は、EV自動車メーカーやライドシェアリング企業を挙げる。これらの企業は、消費者やサードパーティの補完製品メーカーがAPIを通じて容易にやり取りできる、アクセス可能なプラットフォームやデバイスを開発しているという。また、マイクロサービスやローコード/ノーコード・プラットフォームも、しばしば通信ゲートウェイとしてAPIを活用している。さらに、APIは内部の再利用性や統合されたデータフロープロセスのためのビルディングブロックとして日常的に使用されている。 APIの乱立は新たな管理オーバーヘッドをもたらす 企業は現在、社内サービスからパートナーとの統合やサードパーティのSaaSプロバイダーまで、多様なAPIポートフォリオで構成されている。多くの新しいAPIを管理することで、新たな運用オーバーヘッドが発生するとPure Storageのバット氏は言う。「組織はメンテナンス、アップデート、サポートのためにリソースを割り当てる必要があり、API管理の費用対効果に影響を与える」と同氏は言う。 APIが増えれば、設計の一貫性を維持し、スケーラビリティやエンドユーザー・エクスペリエンスに関する懸念を軽減するために、さらなる努力が必要になる。「認証、認可、データ保護に関連するセキュリティ・リスクに積極的に対処し、軽減することが極めて重要になります」とバット氏は付け加える。APIは日常的に侵害に関与しており、APIのライフサイクル全体を通してAPIを保護するベストプラクティスは比較的未熟である、とNoname Securityのマットソン氏は付け加える。 信頼性の高い統合を維持するためには、さまざまなAPIのライフサイクルを通じて変更を同時に管理する必要がある。「APIを管理することは、ソフトウェアを構築することに似ている。開発者とITチームは、アプリケーション間の効果的で安全な統合を可能にするために、APIを実装する際に適切な変更管理、ソースコード管理、リリース管理プロセスがあることを確認しなければならない。」とブッセ氏は言う。 適切なAPIインベントリ管理がなければ、企業は再利用の減少に悩まされ、肥大化と技術的負債につながる。開発文化は、APIを効果的にカタログ化していなければ、カスタムビルドのアプリケーションで似たような機能を持つAPIが拡散する可能性に悩まされることになる、とサブロック氏は言う。 ピュア・ストレージのCTO兼VPとしてAPIガバナンスとセキュリティを監督しているラティンダー・ポール・シン・アフジャ氏は、「APIの偏在は、一貫性のないデザインパターン、コミュニケーションのサイロ化、アクセス制御、ドキュメンテーションのハードル、モニタリング、パフォーマンス、スケーラビリティの懸念など、多くのIT管理上の課題をもたらす」と語る。Bizagi社のバスケス氏は、「技術的な検討事項のほかに、ビジネスへの影響も考慮しなければならない。バリュー・プロポジション、ターゲット・ユーザーは誰か、ビジネス目標との整合性、そして可能であればAPIをどのように販売し収益化できるか、に取り組まなければなりません」と言う。 流れを止める APIガバナンスは、このようなエスカレートする管理ハードルに対応するために登場し、APIのライフサイクルを通じてAPIの多くの要素を監督し、安全で信頼性の高いROIを得るのに役立っている。「APIが企業でより一般的になるにつれ、ITとビジネス組織はAPIへの投資がパフォーマンス、効率性、セキュリティ、コンプライアンスを含む意図した結果を達成することを保証するためにAPIガバナンス・プログラムを構築してきた。 アフジャ氏によると、APIガバナンスは一貫したAPI開発のための標準とポリシーを実施し、API運用の全範囲をカバーしなければならない。「有意義なAPIガバナンスには、一貫性、運用化、遠隔測定、セキュリティ、そしてAPIライフサイクルを通じた継続的改善を包含するAPI管理慣行が含まれる」と彼は言う。 急成長するAPI文化には、高度にセキュアな状態を可能にするガバナンス・フレームワークも必要だ。「どのようなガバナンス・プログラムであれ、製品が時間内に適切に管理されるようなフレームワークを定義しなければなりません」とバスケス氏は言う。「APIの場合、どのように監視し、維持するかに取り組む必要がある。また、将来のアップデートやバージョンアップを通じて、品質、セキュリティ、コンプライアンスを保証する必要がある。」 優れたAPIガバナンスとはどのようなものか 実際には、多くの要素がAPIガバナンスのイニシアチブを成功させる。まず、優れたAPIガバナンスはAPIの設計を改善し、サービス間で一貫性を持たせる必要がある。Gartnerのオニール氏は「優れたAPIガバナンスが実施されている場合、一貫した設計とは、組織の全てのAPIが、たとえ多くのチームが関与していたとしても、同じチームによって定義されたように見えることを意味する」という。彼は、API戦略がAPIの生産者や消費者にとって官僚的なボトルネックにならないように、ガバナンスは可能な限り自動化されるべきであると付け加えている。 API設計標準の確立に加えて、サブロック氏は質の高いAPIガバナンスはAPIの可視性を考慮すべきだと強調する。これは、包括的な文書化、アクティブなインベントリの維持、観測可能性の利用、設計段階から廃止までの運用ガイダンスの作成といった戦略によって達成できる。また、フレームワークのコンポーネントをレビューし更新し、必要な場合には是正措置を講じるためのセンター・オブ・エクセレンスを設立することも提案している。 質の高いAPIガバナンスモデルに貢献する要素は、全体的なIT戦略の将来性も保証するものでなければならない。「効果的なAPIガバナンスは、APIの容易な作成、共有、監視、調整を可能にすることで、組織が変化に迅速に適応することを可能にし、長期的に競争力を維持することを支援する。さらに、組織はワークフローを合理化・自動化できるため、時間を節約し、個人やチームはビジネスクリティカルなタスクに集中できる。」とブッセ氏は語る。 ガードレールがCIOに安心をもたらす 健全なAPI在庫を維持することは、IT全体の俊敏性を高めることにつながるため、CIOはAPIガバナンスを考慮する必要がある。「APIポートフォリオが健全であることを確認することで、拡張性、柔軟性、コスト最適化を実現し、シームレスで信頼性の高い方法で、AIなどの新技術の導入に備えることができます」とバスケズ氏は言う。 さらに、ガバナンスは、より良い開発者エクスペリエンスと、よりセキュアな技術体制を確立するのに役立つ。「APIガバナンスは、APIが一貫して設計されていることを保証するため、APIの導入には不可欠です。APIガバナンスはAPIのアクセス・コントロール・ポリシーの策定を含むため、APIセキュリティの中心でもある。」とオニール氏は言う。 さらに、ガバナンスは、運用とIT戦略の戦略的な整合性を導くために極めて重要である。「定義された標準とポリシーを遵守することで、CIOはITプロセスを合理化し、開発サイクルを加速し、チーム間の効果的なコラボレーションを促進することができる。APIガバナンスは、まとまりのあるよく管理されたデジタル・インフラストラクチャを促進することで、戦略的アライメントに貢献する。」とアフジャ氏は語る。 APIガバナンスはまた、より迅速な市場投入で、よりスリムで安全なデジタル体験を提供することで、CIOに安心感を与えることができる、とマットソン氏は説明する。「APIガバナンスを効果的に実施することで、組織はすべてのAPIをライフサイクルを通じて作成、更新、管理し、最適な効果に向けて継続的に調整することができる。適切なガバナンスは、機能の正しい開発と提供を導き、リスクを減らし、顧客の期待に応えるのに役立つ。」 「CIOはAPIガバナンスをサポートしなければならない。しかし、初日から完全なガバナンスで大海原を沸騰させるようなことは避け、小さなステップを踏んで早い段階で進捗を検証するのがベストだ。早い段階で特定し、サポートを得ることは、後にガバナンスを実現する妨げとなるような、API技術やプロセスの負債を抱え込むことを避けるための優れた方法です」と彼は付け加える。 ビジネス目標の達成を支援する 今日のハイブリッドでコネクテッドなデジタル経済では、データとソフトウェアの機能は本質的に価値と結びついている。「本質的に、APIファースト戦略は、現代の技術トレンドをナビゲートし、イノベーションを促進し、急速に進化する技術的ランドスケープにおける適応性を確保するために不可欠となる」とバット氏は言う。適切なガバナンスは、APIファースト戦略に関連するあらゆる目的を正しい方向に導く。 したがって、API運用を管理するための投資は、ビジネス目標を達成するために必要である。「APIは、ビジネス価値を提供するための、ほぼすべてのCIOの戦略的計画の基盤です。APIガバナンスへの注目と投資は、これらの戦略目標が想定通りに達成されることを確認するために必要である。」とマットソン氏は言う。 サブロック氏によると、ガバナンスは、アプリケーション間でよりすぐに使えるAPIをもたらすだけでなく、新しい技術イニシアチブの継続的な成功を測る指標としても機能する。同氏によれば、APIガバナンスは、「プロセスの強化や修正を行う際の影響評価をより確実に行う」ことで、ビジネスを向上させる。また、パフォーマンス、データの問題、トランザクションの欠落、停止、セキュリティなど、プロセスの健全性に関する経験を共有するための共通のフォーラムも提供する。 APIガバナンスは、IT戦略の将来性を担保し、ビジネスが最先端のテクノロジーを採用できるよう、より良いポジションを確保するのに役立つ。APIは、競争力を維持するための重要なツールであるAIやLLMをプラグインするために不可欠であるため、これは重要なことだ、とブッセ氏は付け加える。「このため、APIはAI主導の未来において、顧客やパートナーとのビジネスのあり方にとって非常に重要になる」と彼は言う。 多くの可能性はAPIの製品化にもあり、ガバナンスがそのような外部化を実現する。「APIからビジネス上の優位性を得るには、APIから製品を生み出すことが必要になることが多い」とオニール氏は言う。「APIガバナンスは、APIが一貫して設計・管理されていることを保証することで、これをサポートする。」 ガバナンスはより確実な利用を導く APIは単なる目的達成のためのツールではあるが、現代のテクノロジー・スタック全体におけるその急増する信頼性は、鋭い評価を受けるに値する。従って、APIガバナンスがITとビジネス戦略の将来を確固たるものにするために不可欠な役割を果たすというのが、エグゼクティブの意見だ。「APIは武器庫のツールであり、多くの場合、主要なツールです」とマットソン氏は言う。「ガバナンスの実践は、組織とそのツールを導き、これらすべての目的を自信を持って達成する。」 最終的に、APIガバナンスは組織の俊敏性、革新性、市場の要求への対応力に貢献する。「それは包括的なビジネス目標をサポートし、デジタル・エコシステムの有効性を保証します」と彼は言う。 APIs
5 tips for calculating business value in a multicloud world
An IT leader on the way to the promised land comes to a fork in the road. There’s a sign up ahead with two arrows. The arrow pointing to the left path says: This way lies oral surgery. An arrow for the right: This way lies calculating the cost of IT assets versus their business […]
Optical technology enabling the growth of artificial intelligence
We face complex and dire challenges in today’s world. The only certainty is change. In order to predict future developments for the good of all, we will need to absorb and analyze information on an unprecedented scale. Artificial intelligence (AI) has a pivotal role to play. But in order for AI to expand, we need […]
Addressing cloud waste: 4 steps to cloud computing cost optimization
By: Scott Sellers, Co-Founder and CEO, Azul From the get-go, the cloud promised to help companies scale up their architectures in seconds, run their applications faster, never turn away a transaction, and save money through economies of scale. How could any CIO or application manager resist the call to the cloud when companies started sharing […]
Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel
An active cloud account takeover campaign has impacted dozens of Azure environments and compromised hundreds of user accounts. The post Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel appeared first on SecurityWeek.
ExpressVPN User Data Exposed Due to Bug
ExpressVPN disables split tunneling on Windows after learning that DNS requests were not properly directed. The post ExpressVPN User Data Exposed Due to Bug appeared first on SecurityWeek.
Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years
A possibly China-linked threat actor uses a custom backdoor in a cyberespionage campaign ongoing since at least 2021. The post Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years appeared first on SecurityWeek.
Bugcrowd Raises $102 Million
Bugcrowd has raised $102 million in strategic growth funding, which it will use to accelerate growth and improve its platform. The post Bugcrowd Raises $102 Million appeared first on SecurityWeek.
Exploitation of Another Ivanti VPN Vulnerability Observed
Organizations urged to hunt for potential compromise as exploitation of a recent Ivanti enterprise VPN vulnerability begins. The post Exploitation of Another Ivanti VPN Vulnerability Observed appeared first on SecurityWeek.
9 traits of great IT leaders
IT leaders have gotten the message: To successfully perform their jobs, they need more than technical skills. They also need general business acumen, industry knowledge, and accounting talent. Some expertise in marketing, operations, cybersecurity, and other functional areas is important, too. That has been the message coming from veteran CIOs, executive advisors, and management consultants […]
SAP 2024 outlook: 5 predictions for customers
SAP customers have a lot to navigate in 2024. A host of new product and feature launches, questions about SAP’s plans for managing commitments to legacy platform customers, and the acceleration of generative AI in popular products such as SAP RISE are just a few of the major issues enterprise SAP customers will need to […]
SAP has a new succession plan
The changing of the guard at the top of SAP’s supervisory board is anything but smooth. The German software company has announced that Punit Renjen, who it originally intended would become chairman of the supervisory board, is to be replaced. They have mutually decided to go their separate ways, SAP said in a statement. The […]
Warzone RAT Shut Down by Law Enforcement, Two Arrested
Warzone RAT dismantled in international law enforcement operation that also involved arrests of suspects in Malta and Nigeria. The post Warzone RAT Shut Down by Law Enforcement, Two Arrested appeared first on SecurityWeek.
UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion
U.N. experts are investigating 58 suspected North Korean cyberattacks valued at approximately $3 billion, with the money reportedly being used fund development of weapons of mass destruction. The post UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion appeared first on SecurityWeek.
Cohesity to Buy Veritas’ Data Protection Businesses
Data security firm Cohesity will buy Veritas’ data protection business, creating a data security and management giant valued at roughly $7 billion. The post Cohesity to Buy Veritas’ Data Protection Businesses appeared first on SecurityWeek.
How AI is helping the NFL improve player safety
From the initial kickoff at Allegiant Stadium in Las Vegas for Super Bowl LVIII on Sunday, an artificial intelligence platform will be tracking every move on the field to help keep players safer. Like many other professional sports leagues, the NFL has been at the leading edge of data-driven transformation for years. For example, in […]
Lawmakers Want Clampdown on American VCs Funding Chinese Tech Companies
A congressional investigation finds that US venture capital firms invested billions in Chinese technology companies in semiconductor, AI and cybersecurity, sectors that are a threat to national security. The post Lawmakers Want Clampdown on American VCs Funding Chinese Tech Companies appeared first on SecurityWeek.
In Other News: $350 Million Google Settlement, AI-Powered Fraud, Cybersecurity Funding
Noteworthy stories that might have slipped under the radar: $350 million Google+ data leak settlement, AI used for fraud, 2023 cybersecurity funding report. The post In Other News: $350 Million Google Settlement, AI-Powered Fraud, Cybersecurity Funding appeared first on SecurityWeek.
New macOS Backdoor Linked to Prominent Ransomware Groups
Written in Rust, the new RustDoor macOS backdoor appears linked to Black Basta and Alphv/BlackCat ransomware. The post New macOS Backdoor Linked to Prominent Ransomware Groups appeared first on SecurityWeek.
Salesforce’s Einstein 1 platform to get new prompt-engineering features
Salesforce is working on adding two new prompt engineering features to its Einstein 1 platform to speed up the development of generative AI applications in the enterprise, a top executive of the company said. The two new features, namely a testing center and the provision of prompt engineering suggestions, are the fruit of significant […]
Ivanti Patches High-Severity Vulnerability in VPN Appliances
An XXE flaw in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways could lead to unauthenticated access to resources. The post Ivanti Patches High-Severity Vulnerability in VPN Appliances appeared first on SecurityWeek.
AnyDesk Shares More Information on Recent Hack
AnyDesk has provided more information on the recent hack, including when the attack started and its impact. The post AnyDesk Shares More Information on Recent Hack appeared first on SecurityWeek.
US Offers $10M Reward for Information on Hive Ransomware Leaders
One year after taking down Hive ransomware, US announces a $10 million reward for information on the group’s key members. The post US Offers $10M Reward for Information on Hive Ransomware Leaders appeared first on SecurityWeek.
Fortinet Warns of New FortiOS Zero-Day
Fortinet patches CVE-2024-21762, a critical remote code execution vulnerability that may have been exploited in the wild. The post Fortinet Warns of New FortiOS Zero-Day appeared first on SecurityWeek.
5 ways CIOs can help gen AI achieve its lightbulb moment
The rapid adoption and democratization of generative AI has been compared to that of the lightbulb, which did the same for electricity nearly 150 years ago. Much as its invention in 1879, which came decades after the invention of electricity (1831), brought practical use cases to the masses and businesses, generative AI is doing the […]
Microsoft in talks over cloud licensing complaint in the EU
Microsoft is in talks with Cloud Infrastructure Services Providers in Europe (CISPE) to settle the trade body’s complaint about its cloud software licensing practices in the European Union (EU). “Today, CISPE confirms that it has opened discussions with Microsoft aimed at resolving ongoing issues related to unfair software licensing for cloud infrastructure providers and their […]
Ransomware Payments Surpassed $1 Billion in 2023: Analysis
The payments made by victims in response to ransomware attacks doubled in 2023 compared to 2022, according to Chainalysis. The post Ransomware Payments Surpassed $1 Billion in 2023: Analysis appeared first on SecurityWeek.
IOWN: Innovating for a sustainable future
Today, most of our devices and technologies use electronics to process and transmit information. Wired, wireless, fiber optics, LTE and 5G networks all do what we need – for now. But, when it comes to tomorrow’s enterprise and consumer innovations, those networking options have some serious limitations. What’s needed is an energy-efficient network that can […]
Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft
Iran’s offensive cyber operations against Israel went from chaotic in October 2023 to targeting new geographies a month later. The post Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft appeared first on SecurityWeek.
Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Election Offices
CISA launched a program aimed at boosting election security, shoring up support for local offices and hoping to provide reassurance to voters that elections will be safe and accurate. The post Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Election Offices appeared first on SecurityWeek.
The path to socially responsible AI
For 15 years, Stack Overflow has enabled developers and technologists to build and innovate faster. Blending a historic technical knowledge base of more than 59+ million questions and answers with a global platform to connect with and learn from peers and experts, Stack Overflow is the workspace developers and technologists use to stay at the […]
LimaCharlie Lands $10.2 Million Series A Funding
California startup lands new financing to build and supply tools to run an MSSP or SOC on a pay-as-you-use model. The post LimaCharlie Lands $10.2 Million Series A Funding appeared first on SecurityWeek.
Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks
Fortinet warns that Chinese and other APTs are exploiting CVE-2022-42475 and CVE-2023-27997 in attacks. The post Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks appeared first on SecurityWeek.
Cisco Patches Critical Vulnerabilities in Enterprise Communication Devices
Two critical vulnerabilities in Cisco Expressway series devices can be exploited in CSRF attacks without authentication. The post Cisco Patches Critical Vulnerabilities in Enterprise Communication Devices appeared first on SecurityWeek.
Introducing Smart Answers, a genAI tool for CIO.com readers
Today we launched Smart Answers, a generative AI chatbot that answers your questions based on our editorial content. The goal is simple: To help you, our readers, find relevant, accurate, up-to-date information that you can trust. And if you can do that using an interface that is intuitive and fun to use, so much the […]
Google Announces Enhanced Fraud Protection for Android
Google Play Protect will block the installation of sideloaded applications requesting permissions frequently abused by fraudsters. The post Google Announces Enhanced Fraud Protection for Android appeared first on SecurityWeek.
IT budget shock: Global IT services firms continue to struggle
The global IT services industry is at a significant crossroads, with the explosive growth of generative AI and deepening economic uncertainties reshaping its future. Recent financial reports from major global IT services firms have highlighted a concerning slowdown in the industry that could persist, signaling potential changes to hiring and spending plans. Cognizant Technology Solutions […]
How to Predict Your Patching Priorities
Implementing a smart and timely approach to patching remains one of the primary ways for organizations to protect their networks from attackers. The post How to Predict Your Patching Priorities appeared first on SecurityWeek.
6 best practices for better vendor management
Vendor partnerships are becoming increasingly vital to IT agendas today. And how well an IT leader deals with and orchestrates vendor relationships can mean the difference between a well-organized and efficient IT operation and a mess that costs an organization millions of dollars without delivering positive results. To ensure vendor relationship help their organizations achieve […]
Top 16 agile certifications available today
The agile approach to project management has gained immense popularity across nearly every industry due to its flexibility and emphasis on visualizing projects as discrete parts that can then be delivered quickly in sprints. Given the demand for speed in today’s digital business environment, agile stands out as a project management and software development methodology, […]
Edward Jones’ CIO Frank LaQuinta plays to win
Frank LaQuinta is head of digital, data, and operations at Edward Jones, a role that encompasses responsibility for the financial services firm’s technology, digital, and data leadership, vision, and strategy. He came to Edward Jones in 2016 after a 30-year career in technology on Wall Street and was named chief information officer in 2018. On […]
3 Million Toothbrushes Abused for DDoS Attack: Real or Not?
Three million electric toothbrushes were reportedly used for disruptive DDoS attacks, but cybersecurity experts questioned the claims. The post 3 Million Toothbrushes Abused for DDoS Attack: Real or Not? appeared first on SecurityWeek.
10 modi per migliorare le prestazioni dell’IT (senza che il morale ne risenta)
Ogni leader IT vuole creare un’organizzazione IT veloce, efficiente e innovativa. In fin dei conti, nel mondo degli affari di oggi, caratterizzato da ritmi incalzanti, un team tecnologico creativo e produttivo è fondamentale per stare davanti alla concorrenza, aumentare i ricavi e diventare leader di mercato. Per creare una cultura IT ad alte prestazioni, i […]
Biden Administration Names a Director of the New AI Safety Institute
The Biden administration named Elizabeth Kelly as the director of the newly established safety institute for artificial intelligence. The post Biden Administration Names a Director of the New AI Safety Institute appeared first on SecurityWeek.
スターリンクはいかにしてオーストラリアの観光会社の技術オペレーションを変革したか
衛星インターネット・プロバイダーであるスターリンクの開始は、オーストラリア有数のデスティネーション・ツーリズム会社であるジャーニー・ビヨンドにとって、運営面で大きな変革をもたらし、進歩と革新の新時代を牽引している。ジャーニービヨンドのICT担当GMであるマドゥミタ・マズムダール氏は、「スターリンクの登場で、状況は一変した」と説明する。「スターリンクが来て、ゲームは変わった。1mbpsのアクセスから、場所によっては250mbpsになった。100mbpsや150mbpsしか出ていなくても、これは大きなことだ。」 マズムダール氏は6年前、Covid-19の大流行による混乱に対処しながら、3ブランドから10ブランドへと急成長した急拡大期に入社した。 ジャーニー・ビヨンドの最大の投資は鉄道で、大陸を横断する豪華列車4本を所有・運営している。しかし、水上飛行機、海上船舶、フェリー、ポンツーン、コーチなどの小規模なフリートも運営し、最高の体験型観光を提供している。 技術的な観点から見ると、急成長は新たな機会をもたらしたが、同時に問題や混乱ももたらした。「一夜にして、同じことをする6つのソリューションを手に入れた」とマズムダールは言う。「特に古くて時代遅れのものをサポートするのは大変だった。買収した企業の中には、インターネットにまったく接続していないところもあった。」 つまり、オペレーションに関するリアルタイムのデータがなかったのだ。例えば、メンテナンスの問題は、優先順位をつけずに紙で記録しなければならなかった。「トラッキングができないため、カーブやデータが何を物語っているのかがわからない。その結果、データに基づいた意思決定ができない」とのこと。運用面では、総合的なインターネット・ソリューションが必要だった。彼女によれば、VSATも試したが、最大8メガバイトしか提供できず、1メガバイトにとどまることも多く、帯域幅は小さく、費用がかかり、目的に適していなかったと言う。 スペースXが所有する衛星インターネット・コンステレーションであるスターリンクは、2021年第1四半期にオーストラリアで開始することを発表し、ビクトリア州北部とニューサウスウェールズ州南部に試験的な取り組みを集中させた。 現場での一般客への販売は、早急に解決しなければならない最大の問題のひとつだった。例えば、西オーストラリアのロットネスト急行フェリーだ。「このツアーでは、携帯電話の接続が不安定だ」と彼女は言う。「問題は、買い物を処理するときに支払いを受けられないことだ。多くの場合、クルーは人々が来るのを待ち、後で接続が可能になったときに支払いをしなければならなかった。そのため、オペレーションに大きな影響があった。」 ジャーニービヨンドが2021年12月にスターリンクとの契約に踏み切ったのは、スターリンクがジャーニービヨンドのような企業に低遅延パフォーマンスを約束し、音声やビデオ会議、オンライン取引、VPNアクセス、クラウドコンピューティングなどのアプリケーションを可能にしたからだ。最大200Mbpsのダウンロード速度と20msの低遅延により、企業はどこでも業務を遂行できると信頼している。 例えば、100km沖合のポンツーンにスタッフが住み、そこで仕事をする場合、これは重要だ。「ポンツーンでは、クルーとホスピタリティ・スタッフが数週間ずつ出掛ける。以前はネットフリックスのコンテンツをダウンロードする程度だったが、今はもっと多くのことができるし、家族や友人と話すこともできる。以前は高価な衛星電話しかなかった。今、私たちは膨大な帯域幅を提供しているので、クルーはより幸せになり、私たちは公式な事柄に従事させることができる。また、以前はクルーへの通信に1週間かかっていた。今は同じプラットフォームで、みんなと同じ日に見ることができる。」 効率性のモデル パンデミックによる混乱期に、ジャーニービヨンドは標準化プロジェクトを実施した。6つの電話システムと7つのPOSシステムを運用していた同社は、統合を図り、現在ではすべてのブランドで1つの標準的な最新プラットフォームを運用している。「オフィス・プラットフォームとクラウド・プラットフォームは、95%クラウド標準化されています」とマズムダー氏は言う。「コンタクトセンター・ソリューションも予約も同じだ。 数年かかったが、今ではビジネス全体でシームレスな環境を実現している」。 また、スターリンクのソリューションを導入する以前は単に利用できなかった、より多くの機会を発見できた。例えば、グレート・バリア・リーフ周辺でシュノーケリングやスキューバ・ダイビングをする人のデータを取得することに関する厳しい規制要件がある。以前はその情報はすべて紙ベースだったが、今ではすべてのプロセスをデジタル化している。「イベントやクレームが発生した場合、どうすれば人々の体験をより簡単で快適なものにできるかを考えている」と彼女は言う。 マズムダール氏は新進気鋭のCIOに、ビジネスのあらゆる側面について深い知識を得るために没頭し、そこからロードマップを作成する必要があるとアドバイスする。「しかし、長期的なプロジェクトに集中することを犠牲にしてはならない。一度にすべてをやる必要はないことを忘れないでほしい。」 スターリンクはジャーニー・ビヨンドにとって業務上の恩恵である一方、同社はそれを顧客に提供することについて複雑な思いを持っている。「我々は人々を素晴らしい場所に連れて行く。このような素晴らしい場所でスマホを操作してほしくない。人々はそこで楽しみ、立ち止まり、呼吸し、仲間の旅行者と話をする。インターネット接続が彼らの体験を大きく向上させるとは思えない。もしかしたら、まったく逆かもしれない。」 Careers
Report: AI giants grow impatient with UK safety tests
Key AI companies have told the UK government to speed up its safety testing for their systems, raising questions about future government initiatives that too may hinge on technology providers opening up generative AI models to tests before new releases hit the public. OpenAI, Google DeepMind, Microsoft, and Meta are among companies who have agreed […]
CISA: China’s Volt Typhoon Hackers Planning Critical Infrastructure Disruption
New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers. The post CISA: China’s Volt Typhoon Hackers Planning Critical Infrastructure Disruption appeared first on SecurityWeek.
Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability
A critical remote code execution vulnerability in Shim could allow attackers to take over vulnerable Linux systems. The post Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability appeared first on SecurityWeek.
JetBrains Patches Critical Authentication Bypass in TeamCity
JetBrains releases patches for a critical-severity TeamCity authentication bypass leading to remote code execution. The post JetBrains Patches Critical Authentication Bypass in TeamCity appeared first on SecurityWeek.
Device Authority Raises $7M for Enterprise IoT Identity and Access Management Platform
Device Authority raises $7 million in a Series A funding round for its enterprise identity and access management for IoT solution. The post Device Authority Raises $7M for Enterprise IoT Identity and Access Management Platform appeared first on SecurityWeek.
Verizon Discloses Internal Data Breach Impacting 63,000 Employees
Verizon is informing 63,000 employees that their personal information was exposed in an internal data breach. The post Verizon Discloses Internal Data Breach Impacting 63,000 Employees appeared first on SecurityWeek.
Fortinet Patches Critical Vulnerabilities in FortiSIEM
Two critical OS command injection flaws in FortiSIEM could allow remote attackers to execute arbitrary code. The post Fortinet Patches Critical Vulnerabilities in FortiSIEM appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 34 Deals Announced in January 2024
Thirty-four cybersecurity-related merger and acquisition (M&A) deals were announced in January 2024. The post Cybersecurity M&A Roundup: 34 Deals Announced in January 2024 appeared first on SecurityWeek.
How Mobily plans to be a leading digital innovator in the region
Digital Transformation is a key pillar of Mobily’s GAIN strategy. Mobily has successfully executed the GAIN strategy in 2021, amongst its four core tracks: grow core revenue, accelerate digital revenue streams and implement and optimize efficient delivery. Yousef Al Suhaibani, Chief Information Officer at Mobily explains to CIO Middle East the reasons why he joined […]
Get AI in the hands of your employees
When public access to the internet emerged in the late 1990s, CIOs were faced with a question: Do we allow our employees to search freely, or do we put restrictions on access while at work? We all know how that turned out. Restrictions soon lost the battle, and most employees now have open access to […]
Why CIOs back API governance to avoid tech sprawl
Most companies have transitioned to become more software-centric, and with this transformation, application programming interfaces (APIs) have proliferated. At the same time, API standards are becoming difficult to enforce among ballooning technology catalogs, influencing a greater emphasis on API governance: the practice of defining and enforcing policies that ensure they’re consistently designed, versioned, and have […]
Meta Says It Will Label AI-Generated Images on Facebook and Instagram
Facebook and Instagram users will start seeing labels on AI-generated images that appear on their social media feeds, as the tech industry aims to sort between what’s real and not. The post Meta Says It Will Label AI-Generated Images on Facebook and Instagram appeared first on SecurityWeek.
IOWN and the Next Internet
We’re moving into an era of AI and advanced technologies. A better, more sustainable future is on the horizon. But there is a major roadblock preventing progress: the limitations of our communication networks and computing infrastructure. In fact, computing and networking have already reached a limit due to increasing power consumption, data bandwidth, and the […]
フレゼニウス・メディカルケア、予測分析によって透析合併症が予測可能に
血液透析は腎不全の患者の救命治療です。腎臓透析と呼ばれる治療は、腎臓に代わって血液をきれいにする働きをしますが、それにはリスクが伴います。腎臓透析の提供を専門とするドイツの医療会社、フレゼニウス・メディカルケアは、ほぼリアルタイムIoTデータと臨床データを使って、透析に伴う最も一般的な合併症の1つを予測しています。 同社は世界中に4,000以上の透析センターを構え、特に末期腎不全(ESRD)患者の治療に取り組んでいます。末期腎不全の患者は一生、週に3回透析を受けなければなりません。血液透析を受ける患者のおよそ10%は透析低血圧(IDH)、いわゆる低血圧を引き起こす。 「IDHは透析中の患者に差し迫った重篤なリスクをもたらす可能性があり、医療スタッフはすぐに対応しなければなりません。IDHはこのように患者の生活の質を低下するだけでなく、罹患率や死亡率にも関連しており、臨床効率や有効性も低下します」とフレゼニウス・メディカルケア・ホールディングスの完全所有子会社である腎臓研究所でコンピュータ統計学と人工知能のダイレクターを務めるハンジ・ジャン氏は述べています。 腎臓研究所のリサーチダイレクターであるピーター・コカント医師は、「患者の血圧が低下してIDHが確認されると、医療スタッフが介入しなければならず、クリニックの運営が中断されます」とさらに説明しています。 2021年9月、フレゼニウス社は、IDH発症を15分から75分前に予測するモデル開発のために、機械学習とクラウドコンピューティングの使用を開始しました。医療現場にて患者の治療に前向きに介入することができます。これを実現するには、チームには3つの大きな課題がありました。スケーラビリティ、クオリティとプロアクティブモニタリング、そして正確さです。「機械学習とクラウドコンピューティングを使用した透析低血圧の実時間予測」と呼ばれるプロジェクトにより、同社は2023 CIO 100 Award in IT Excellenceに輝きました。 健康転帰向上に向けたデータの活用 フレゼニウス・メディカルケアの米国支社データー・分析アーキテクチャおよびエンジニアリング部門のダイレクター、ピート・ワゲスパック氏は次のように述べています。「IDHのリスクには患者関連または治療関連の要因が多数あるため、血液透析患者のIDH予測は困難なのです。臨床的には、透析中の特定患者に対してIDHの可能性を予測する方がより有益なのです。ほぼリアルタイムの予測と反応の必要性を定義するために、臨床、運用、そしてテクノロジー専門家から構成された部門横断的チームを作ることが不可欠でした」 当ソリューションはフレゼニウス社の全透析センターに展開する必要があり、各センターはピークタイムには10MBpsの医療データを送信していました。透析機械と医療センサーからのデータ生成から報告・通知まで10秒間の、低レイテンシーで時間的制限のあるソリューションが非常に重要でした。 また、チームが問題に気づき素早く対応するために必要な、体系的および自動の監視・アラートメカニズムも必要でした。本ソリューションは、障害やエラーが発生した際にCloudWatchアラートを使ってDataOpsチームに通知を送り、データ品質アラートの生成にはKinesis Data AnalyticsとKinesis Data Streamsを使用しています。 「アジャイルアプローチを利用して、6か月間にわたって実用可能な最小限のプロトタイプを提供できる機能を優先しました。当社の主な課題は、ピーク負荷の際(毎秒6000件のメッセージ、毎秒6万件のLambda同時実行で19MBps)、および終日(24時間年中無休で5億5000万以上のメッセージを処理)というサービスレベル合意書を満たすために、リアルタイムデータのエンジニアリング、推定、リアルタイムモニタリングをスケーリングする当社の能力でした」とワゲスパック氏は述べています。 フレゼニウス社の機械学習モデルは、透析中の血圧測定と、治療および患者レベルの複数の変数から構成される電子カルテシステムを使用しています。チームは、同社センターで透析を受ける693人の患者による4万2,656回の透析セッションからの観測データを使用したモデルをトレーニングし、検証しました。これらのトレーニングにて、当モデルは、IDHイベント発症の15秒から75秒前にIDHアラートを出すように最適化されました。 透析の改革 本プロジェクトはフレゼニウス社にとって新境地であり、同社はクラウド上の医療情報や、臨床現場でのAIの役割を保護するための手法を調査しなければならなかったとワゲスパック氏は述べています。それぞれは、実際のブロッカーと認識されたブロッカーに関連しています。 「すべての関係者に全面協力してもらうことが不可欠でした。品質改善、作業における完全な透明性にフォーカスを当てて完全に連携し、我々自身の期待に応えることで最大限の誠実さを示し、これが実現したのです」と氏は述べています。 成功するためには、IT組織がよりアジャイルな姿勢をとり、早期の失敗から学び、そこから学んだことを新機能の追加と同様に価値ある成果物として吸収することが必要だったと語っています。 「この姿勢と期待の変化は、トップダウン(上意下達)とボトムアップ(下意上達)でなければなりませんでした。トップダウンでは変更に向けたサポートとスペースを提供し、ボトムアップでは、アジャイルアプローチの経験を持ち、絶えずそれに合わせた行動を取ることができる人材が提供します。この変化は、私たちが使う言葉、学習や進捗を称賛する方法、およびお互いに敬意を持って協力し合うというチームの特徴に見られます」 IDHツールはまだアメリカ食品医薬品局(FDA)の評価を受けておらず、使用許可が下りていませんが、チームは最近その結果をトップの学術腎臓雑誌で発表したとジャン氏は述べています。IDHの予測とタイムリーで適切な防止策が、IDH率を低下して患者の転帰を向上するかを検証するにはさらなる臨床試験が必要ですが、検証コホートにおける当モデルの高性能は前途有望だと氏は語っています。ワゲスパック氏はまた、当モデルはフレゼニウス・メディカルケアの継続的なデジタル改革におけるさらなるステップになったと加えています。 「透析中のIDHを予測する機会は、当社をモノのインターネットやビッグデータ、人工知能の世界に導くための複数の構成要素の1つなのです。この取り組みの成功を踏まえ、現代のデータプラットフォームの新たなソースからテラバイト単位のデータを収集していきます。ここからは、データを効果的に管理するためにプロセスやテクノロジーを繰り返し使用し、画像分類アプリのための機械学習、ゲノム研究、大規模言語モデルをはじめとする継続的な技術革新を実現していきます」 Healthcare Industry, IT Strategy, Predictive Analytics
Tidal wave of new digital solutions demands a new approach to the customer-vendor partnership
CIO’s Executive Roundtables offer CIOs and other senior IT professionals a chance to get together and discuss important issues of the day, such as how to optimize the value of new digital solutions. I’ve been leading these roundtables for nearly two decades, and it is clear that the present state is very different from the […]
‘Boomerang’ CIOs: IT leaders level up by coming back
When Matt Postulka left Arbella Insurance Group as deputy CIO at the start of the COVID-19 pandemic, he didn’t intend to look back. Postulka aspired to become a CIO — and he achieved it, landing a job as CIO and senior vice president of technology and operations at the Federal Reserve Bank of Boston. It […]
ZeroFox to be Taken Private in $350 Million Deal
ZeroFox agrees to be acquired by PE firm Haveli Investments for $350 million and become a privately held company. The post ZeroFox to be Taken Private in $350 Million Deal appeared first on SecurityWeek.
Tech Giants Form Post-Quantum Cryptography Alliance
The Linux Foundation, AWS, Cisco, IBM, and other tech companies establish the Post-Quantum Cryptography Alliance. The post Tech Giants Form Post-Quantum Cryptography Alliance appeared first on SecurityWeek.
Millions of User Records Stolen From 65 Websites via SQL Injection Attacks
The ResumeLooters hackers compromise recruitment and retail websites using SQL injection and XSS attacks. The post Millions of User Records Stolen From 65 Websites via SQL Injection Attacks appeared first on SecurityWeek.
A Chicago Children’s Hospital Has Taken Its Networks Offline After a Cyberattack
Chicago children’s hospital forced to take networks offline after cyberattack, limiting access to medical records and hampering communication. The post A Chicago Children’s Hospital Has Taken Its Networks Offline After a Cyberattack appeared first on SecurityWeek.
Canon Patches 7 Critical Vulnerabilities in Small Office Printers
Canon announces patches for seven critical-severity remote code execution flaws impacting small office printer models. The post Canon Patches 7 Critical Vulnerabilities in Small Office Printers appeared first on SecurityWeek.
Ionix Adds $15M to Series A Funding Round
Ionix, formerly known as Cyperpion, has attracted $15 million in new capital to complete a $42 million Series A funding round. The post Ionix Adds $15M to Series A Funding Round appeared first on SecurityWeek.
Critical Remote Code Execution Vulnerability Patched in Android
Android’s February 2024 security patches resolve 46 vulnerabilities, including a critical remote code execution bug. The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek.
Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers
SecurityWeek talks to Rob Dyke, discussing corporate legal bullying of good faith researchers. The post Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers appeared first on SecurityWeek.
Google Links Over 60 Zero-Days to Commercial Spyware Vendors
More than 60 of the Adobe, Google, Android, Microsoft, Mozilla and Apple zero-days that have come to light since 2016 attributed to spyware vendors. The post Google Links Over 60 Zero-Days to Commercial Spyware Vendors appeared first on SecurityWeek.
SharePoint Premium highlights the hard road CIOs face with generative AI
SharePoint Premium, introduced in late 2023, just might be the worst bit of product naming in the history of software. Hyperbolic? Perhaps. And yes, I know, it has a lot of competition for this prize. But as everyone knows, postfixing a software moniker with “Premium” means it has a handful of features the free version […]
UK commits over $125 million to address AI challenges
Amid growing concerns about the adverse effects of AI, the British government has announced a $125 million (£100 million) investment to support regulators and advance research and innovation in AI. Close to $113 million (£90 million) is being allocated to establish nine new research hubs throughout the UK, alongside a collaboration with the US on responsible […]
Intelligenza artificiale e IA generativa: ecco come si stanno muovendo le aziende italiane
Nel 2023 le imprese italiane hanno investito 760 milioni di euro nelle tecnologie per l’intelligenza artificiale, con un balzo del 52% rispetto al 2022 (quando la spesa già era aumentata del 32% rispetto al 2021). Lo ha svelato il recentissimo studio dell’Osservatorio Artificial Intelligence della School of Management del Politecnico di Milano. I CIO hanno […]
UK, France Host Conference to Tackle ‘Hackers for Hire’
Britain and France will host 35 nations alongside business and technology firm leaders at an inaugural conference in London to tackle “hackers for hire” and the market for cyberattack tools. The post UK, France Host Conference to Tackle ‘Hackers for Hire’ appeared first on SecurityWeek.
GRCとは何か?高まるガバナンス・リスク・コンプライアンスの重要性
リスクを管理し、規制を遵守し、それらのタスクを管理するプロセスを確立する必要性は、ビジネスが存在する限り、組織運営の一部であった。 しかし、ここ数十年の間に、法律の数、ビジネスの複雑さ、リスクの種類、テクノロジーの利用が爆発的に増加したため、これらの業務は、現代において組織の成功にとってますます重要になってきている。 今日では、小規模な事業であってもグローバルな事業展開が可能であり、国際法や、適切に管理されなければ事業の存続や閉鎖につながりかねない数々の脅威との戦いを余儀なくされている。 その結果、リスクを管理し、規則や規制へのコンプライアンスを確保することは、組織の使命を導き守る統治機構とともに、サイロ化した業務からGRCと呼ばれる集団的な規律へと変化した。 GRCとは何か? ガバナンス・リスク・コンプライアンス(GRC)とは、組織の全体的なガバナンス、企業リスク管理、規制遵守の取り組みを管理するための業務戦略である。この規律あるアプローチにより、組織はガバナンス、リスク、コンプライアンスへの取り組みを、戦略目標、事業目標、業務を可能にするテクノロジーに整合させることができる。 「GRCは包括的なものである。それは基調と戦略を設定し、方針と手続きを定義し、何が期待されるかを明確にする」とアメリカンセキュリティアンドプライバシーのガバナンス、リスク、コンプライアンス、プライバシーのディレクターであり、ガバナンス協会ISACAの新興トレンドワーキンググループのメンバーでもあるリサ・マッキーは説明している。 マッキー氏は、GRCを車道や運転法に例えている。車道は、ドライバー(組織のようなもの)が、確立された規制や道路標識に従うことで、災難の可能性を最小限に抑えつつ、できるだけ速く目的地に到着できるように、フリーウェイと同様に車線、境界線、制限を定めている。 なぜGRCが重要なのか? よく計画されたGRC戦略は、意思決定の改善、より最適なIT投資、サイロの排除、部門や部署間の分断の減少など、大きなメリットを生み出す。 その重要性が増しているため、GRCは多くの組織でハイレベルな機能となっており、GRCの責任と説明責任はCレベルの経営幹部に割り当てられている。この業務をサポートするために、ベストプラクティス、フレームワーク、テクノロジーが開発されてきた。 「現代のビジネス環境において、GRCは複数の理由から重要である。データプライバシーと保護の法律の増加、グローバル化、相互接続性により、規制環境はより複雑になっている」とトレーニングおよび認証機関ISC2でCGRC試験のコンテンツ開発者であるクリス・スタンリーは言う。「このレベルの複雑さは、組織が評判損傷と法的な罰則を避けるのを助けるために、強固なGRCフレームワークを必要とする。」 スタンレー氏はまた、「AI、IoT、クラウドコンピューティングのようなテクノロジーの進歩も、コンプライアンス上の課題や新たなサイバーセキュリティの脅威を導入している」と指摘する。 彼はこう付け加える。「ステークホルダーは、組織がプライバシーとデータを保護することを信頼しており、そうしたステークホルダーは、組織の個人を含む組織に責任を求めるようになってきている。強力なGRCフレームワークは企業の責任を支え、ひいては投資家の信頼と財務の安定性を高める。」 それでも、多くの組織はまだGRC能力を構築中である。 組織のリスク・コンプライアンス・プログラムに影響力を持っているか、管理している世界中の1,300人以上の回答者を対象とした2023年の調査では、自社のプログラムが成熟していると評価したのはわずか53%だった。さらに、GRCソフトウェアメーカーのNAVEXが発表した「リスクとコンプライアンスの現状レポート」によると、20%が自社のプログラムを初期段階と評価している。 GRCが意味するものを分解する GRCの各要素には、以下のような目的とプロセスがある。 ガバナンス: GRCのガバナンスの側面は、組織の確立されたリスク・パラメータとコンプライアンス・ニーズを遵守しながら、ITオペレーションの管理などの組織活動が、組織のビジネス目標をサポートする方法で整合することを保証することを目的としている。 FTIコンサルティングのシニア・マネジング・ディレクター、ティルシア・トレドは言う。「ガバナンスとは、誰がその部屋にいて、何をすることが許され、何をしないことが許されるのか、彼らが依拠するデータは何なのか、そして彼らの行動はどのような順序で行われるのか、ということである」。 トレドによれば、ガバナンスは組織内の複数のレベルに適用され、取締役会、経営陣、従業員がルールを理解し、ルールに従い、従わない場合はその結果に直面することを保証する。 リスク:GRCのリスク管理要素は、組織の活動に関連するあらゆるリスクが特定され、組織のビジネス目標をサポートする方法で対処されることを保証する。ITの文脈では、これは組織のエンタープライズ・リスク管理機能と連携する包括的なITリスク管理プロセスを持つことを意味する。 リスクは、組織のリスク選好度(リスク選好度とは、組織が許容できるリスクと許容できないリスクを設定し、残存リスク、すなわち許容できないリスクに対するコントロールが実施された後でも残るリスクを管理することである。 「リスクとは、組織がどこでプレーしたいのか、どこでプレーしたくないのかということである。リスクとは、組織が遊びたいところと遊びたくないところの境界線のことである」とトレドは言い、企業リスクは常に進化していると指摘する。 コンプライアンス: GRCにおけるコンプライアンス機能とは、組織の活動が、その活動に関連する法律や規制に適合した形で行われていることを確認することである。例えば、ITシステムとそのシステムに含まれるデータが適切に使用され、保護されていることを確認することを意味する。 コンプライアンスには、組織が戦略を実行する際に従わなければならない法律や規制が含まれる、とトレドは説明する。「言い換えれば、ビジネスが運営される法律や規制環境とは何かということだ。 ガバナンス、リスク、コンプライアンスはそれぞれ特定の要件に焦点を当てているが、トレドによれば、これらは重複しており、連携しているという。例えば、リスク部門はガバナンスの実践に依存し、統制を実施することでリスクを軽減し、組織のリスク境界を逸脱する行為があれば上司に警告する。 デジタル時代におけるGRCの戦略的性質 ガバナンス、リスク、コンプライアンスは、組織が成功するための長年の要素であったが、企業幹部やGRCの専門家によると、グローバルに接続されていることが例外ではなく標準となっているデジタル時代においてビジネスを行うことの複雑さが増しているため、GRCは組織にとってより最優先事項となっているという。 サイバー攻撃やデータ漏洩といった現代の脅威は、すべての組織における強力なGRC戦略の必要性を高めており、データの保護と安全確保に関する法律や規制の増加も、成熟したGRC機能を持つことを組織にプレッシャーをかけている。サイバー攻撃に成功したり、保有するデータの保護に失敗したりした組織は、壊滅的とまではいかなくても、重大な結果を招く可能性があるからだ。 「GRCは戦略的なものであり、それが適切に機能していれば、組織を守ることができるからだ。なぜなら、GRCが適切に機能していれば、組織を保護し、強固な評判などを維持することができるからです」とトレドは言う。 企業におけるGRCの仕組み 企業運営の他の部分と同様に、GRCは人、プロセス、テクノロジーの組み合わせで構成される。 ISACAロンドン支部の理事会副会長であり、ISACA Emerging Trends Working Groupのメンバーであるアメート・ジュグナウト氏によると、効果的なGRCプログラムを実施するために、企業のリーダーはまず自社のビジネス、ミッション、目標を理解しなければならない。 経営幹部は次に、組織が満たさなければならない法的・規制的要件を特定し、組織が活動する環境に基づいて組織のリスクプロファイルを確立しなければならない、と彼は言う。 「ビジネス、ビジネス環境(内部および外部)、リスク選好度、そして政府が何を達成することを望んでいるかを理解する。そのすべてがGRCを設定するのです」と彼は付け加える。 これらの活動を主導する役割は、組織によって異なる。中規模から大規模の組織では、一般的にCレベルの幹部、すなわち最高ガバナンス責任者、最高リスク責任者、最高コンプライアンス責任者がこれらの業務を監督している、とマッキーは言う。これらのエグゼクティブは、専任チームを擁するリスク部門やコンプライアンス部門を率いている。 中小企業では通常、GRCの責任を取締役や管理職(コンプライアンス・マネージャーやリスク管理ディレクター)に負わせるか、他の経営幹部にGRCの責任を負わせることがある。 GRCの役割と責任 スタンレー氏によると、GRC は多くの場合、リーダーシップのトップ層からカスケードダウンしており、役割と責任は以下のように分かれている: 取締役会:方針および戦略的決定の監督と承認を行う。 最高経営責任者(CEO):リーダーシップを発揮し、GRCの取り組みに十分なリソースを確保する。 最高リスク管理責任者:リスクの評価や取締役会および経営陣への報告など、リスク管理の取り組みにリーダーシップを発揮する。 チーフ・コンプライアンス・オフィサー:コンプライアンスの監督、コンプライアンスに関するトレーニングやコミュニケーションを提供する。 CIO/CTO:テクノロジーとデジタル資産のリスク管理、IT全般のコンプライアンスとセキュリティを提供する。 CFO(最高財務責任者):財務規制の遵守と報告、および組織の財務に関するリスク管理を行う。 法務: 法的リスクを管理しながら、あらゆる法的要件へのコンプライアンスを提供する。 […]
US to Roll Out Visa Restrictions on People Who Misuse Spyware to Target Journalists, Activists
Officials said the visa restriction policy can apply to citizens of any country found to have misused or facilitated the malign use of spyware The post US to Roll Out Visa Restrictions on People Who Misuse Spyware to Target Journalists, Activists appeared first on SecurityWeek.
Generative AI is hot, but predictive AI remains the workhorse
Since the release of ChatGPT in November 2022, generative AI (genAI) has become a high priority for enterprise CEOs and boards of directors. A PwC report, for instance, found that 84% of CIOs expect to use genAI to support a new business model in 2024. Certainly, there’s no doubt that genAI is a truly transformative […]
How BUiLT unites Black IT pros and builds equity
Growing up as one of the only Black students in his schools, Peter Beasley felt accepted by his peers and didn’t experience a sense of being different as he set his own course for advancement. But as he entered college to study electrical engineering and later launched a career in IT, that began to change. […]
Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations
Critical and high-severity Mitsubishi Electric Factory Automation vulnerabilities can allow privileged access to engineering workstations. The post Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations appeared first on SecurityWeek.
Embracing the future with AI at the edge
Why edge AI is a strategic imperative Deploying AI at the edge (or edge AI) represents a paradigm shift. Unlike traditional AI models, which are centralized in the cloud, edge AI processes data locally on devices or edge servers. This decentralized approach brings intelligence closer to the data source, reducing the latency associated with cloud-based […]
Atos calls for help after plan to raise new capital falters
French IT services company Atos has called on a third-party trustee to help it negotiate debt refinancing with its banks after plans to raise €720 million in new capital through a rights issue fell through. It announced it requested the appointment Monday, promising to give an update on the negotiations in due course. Last year, […]
Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities
Google announces $1 million investment in improving Rust’s interoperability with legacy C++ codebases. The post Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities appeared first on SecurityWeek.
QNAP Patches High-Severity Bugs in QTS, Qsync Central
Two high-severity vulnerabilities in QNAP’s operating system could lead to command execution over the network. The post QNAP Patches High-Severity Bugs in QTS, Qsync Central appeared first on SecurityWeek.
SAP and IBM under scanner of Indian investigative agency for Air India deal
India’s premier investigating agency, the Central Bureau of Investigation (CBI), has filed a charge sheet against former Air India Chief Managing Director, SAP India, and IBM India for alleged irregularities in acquiring an ERP solution by Air India in 2011. CBI had registered the case based on the recommendations of the Central Vigilance Commission (CVC), […]
Google Open Sources AI-Aided Fuzzing Framework
Google has released its fuzzing framework in open source to boost the ability of developers and researchers to identify vulnerabilities. The post Google Open Sources AI-Aided Fuzzing Framework appeared first on SecurityWeek.
Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm
Navblue Flysmart+ Manager allowed attackers to modify aircraft engine performance calculation, intercept data. The post Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm appeared first on SecurityWeek.
OT Maintenance Is Primary Source of OT Security Incidents: Report
A new ICS security report from TXOne Networks says many OT security incidents involved ransomware and vulnerability exploitation. The post OT Maintenance Is Primary Source of OT Security Incidents: Report appeared first on SecurityWeek.
Customer centricity: How Mashreq Bank is placing its customers at the forefront of its operations.
Mohamed Salah Abdel Hamid Abdel Razek, Senior Executive Vice President and Group Head of Tech, Transformation & Information, Mashreq explains how the bank is integrating advanced technologies and expanding its digital footprint. The company aims to provide customers with a banking journey that is not just efficient and secure, but also innovative, engaging, and memorable. […]
AnyDesk Revokes Passwords, Certificates in Response to Hack
AnyDesk is revoking certificates and passwords in response to a recently discovered security breach impacting production systems. The post AnyDesk Revokes Passwords, Certificates in Response to Hack appeared first on SecurityWeek.
10 ways to improve IT performance (without killing morale)
Every IT leader wants to create a fast, efficient, and innovative IT organization. After all, in today’s rapid-paced business world, a creative, productive IT team is vital for staying ahead of the competition, increasing revenue, and becoming a market leader. To establish a high-performing IT culture, IT leaders must be able to push their teams […]
General Timothy Haugh Takes Lead of NSA and Cyber Command
General Timothy D. Haugh assumed command of NSA and USCYBERCOM on February 2, 2024, taking over the role from General Paul M. Nakasone. The post General Timothy Haugh Takes Lead of NSA and Cyber Command appeared first on SecurityWeek.
In Other News: Palo Alto Loses Patent Lawsuit, Identity Firms Get Funding, Government Hackers
Noteworthy stories that might have slipped under the radar: Palo Alto Networks ordered to pay $150 million in patent lawsuit, identity solutions firms get big funding, government hacker techniques. The post In Other News: Palo Alto Loses Patent Lawsuit, Identity Firms Get Funding, Government Hackers appeared first on SecurityWeek.
US Slaps Sanctions on ‘Dangerous’ Iranian Hackers Linked to Water Utility Hacks
The US government slaps sanctions against six Iranian government officials linked to cyberattacks against Israeli PLC vendor Unitronics. The post US Slaps Sanctions on ‘Dangerous’ Iranian Hackers Linked to Water Utility Hacks appeared first on SecurityWeek.
Generative AI is hot, but predictive AI remains the workhorse
Since the release of ChatGPT in November 2022, generative AI (genAI) has become a high priority for enterprise CEOs and boards of directors. A PwC report, for instance, found that 84% of CIOs expect to use genAI to support a new business model in 2024. Certainly, there’s no doubt that genAI is a truly transformative […]
Layoffs Hit Security Vendors Okta, Proofpoint, Netography
Prominent security vendors Okta and Proofpoint announced layoffs affecting almost 1,000 employees in the United States and Israel. The post Layoffs Hit Security Vendors Okta, Proofpoint, Netography appeared first on SecurityWeek.
Women IT leaders on their climb to the top
For women who aspire to leadership roles in IT, the climb to the top can be particularly arduous — and lonely. Just 28% of IT leadership roles are filled by women, according to DDI’s 2023 Global Leadership Forecast, and many women end up leaving IT careers due to workplace culture, pay equity, microaggressions, and a lack […]
Clorox Says Cyberattack Costs Exceed $49 Million
Cleaning products maker Clorox puts the impact of the damaging cyberattack at $49 million so far and expects to incur more costs in 2024. The post Clorox Says Cyberattack Costs Exceed $49 Million appeared first on SecurityWeek.
FTC Orders Blackbaud to Address Poor Security Practices
FTC and fundraising software company Blackbaud reach settlement over poor security practices that led to a major data breach. The post FTC Orders Blackbaud to Address Poor Security Practices appeared first on SecurityWeek.
DraftKings Hacker Sentenced to 18 Months in Prison
Joseph Garrison has received an 18-month prison sentence for accessing 60,000 DraftKings user accounts using credential stuffing. The post DraftKings Hacker Sentenced to 18 Months in Prison appeared first on SecurityWeek.
31 People Arrested in Global Cybercrime Crackdown
Law enforcement in 50 countries partner to take down ransomware, banking malware, and phishing threats. The post 31 People Arrested in Global Cybercrime Crackdown appeared first on SecurityWeek.
GenAI demand helps AWS accelerate revenue growth
Amazon Web Services (AWS), the cloud computing arm of Amazon, posted a 13% growth in revenue in the fourth quarter of 2023 buoyed by demand for generative AI-related services, despite continued cost optimization activity by enterprises. “Similar to what we shared last quarter, we continue to see the diminishing impact of cost optimizations. And […]
Biden to Veto Attempt to Overturn SEC Cyber Incident Disclosure Rules
President Biden would veto Republican lawmakers’ attempt to overturn the SEC’s recent cyber incident disclosure rules. The post Biden to Veto Attempt to Overturn SEC Cyber Incident Disclosure Rules appeared first on SecurityWeek.
Cloudflare Hacked by Suspected State-Sponsored Threat Actor
A nation-state threat actor accessed internal Cloudflare systems using credentials stolen during the Okta hack. The post Cloudflare Hacked by Suspected State-Sponsored Threat Actor appeared first on SecurityWeek.
Netherlands Fines Uber Over Data Protection
Dutch regulators impose a 10 million euro ($10.8 million) fine on ride-hailing app Uber for lack of transparency in treating the personal data of its drivers. The post Netherlands Fines Uber Over Data Protection appeared first on SecurityWeek.
10 master data management certifications that will pay off
As data and analytics become the beating heart of the enterprise, it’s increasingly critical for the business to have access to consistent, high-quality data assets. Master data management (MDM) is required to ensure the enterprise’s data is consistent, accurate, and controlled. MDM is a set of disciplines, processes, and technologies used to master an organization’s […]
Ex-CIA Computer Engineer Gets 40 Years in Prison for Giving Spy Agency Hacking Secrets to WikiLeaks
Former CIA software engineer sentenced to 40 years in prison for biggest theft of classified information in CIA history and for possession of child sexual abuse images and videos. The post Ex-CIA Computer Engineer Gets 40 Years in Prison for Giving Spy Agency Hacking Secrets to WikiLeaks appeared first on SecurityWeek.
Albania’s Institute of Statistics Suffers Cyberattack, Some Systems Affected
Albania’s Institute of Statistics (INSTAT) suffered a cyberattack which affected some of its systems. The post Albania’s Institute of Statistics Suffers Cyberattack, Some Systems Affected appeared first on SecurityWeek.
Insights into IR sniping and AI’s changing face of cyberthreats
In today’s rapidly evolving cybersecurity landscape, having a proficient security team in place is not enough. Organizations must understand the nuances of modern risks. The third and fourth episodes of the Unit 42 Threat Vector podcast shed light on two critical aspects: IR sniping and the disruptive role of AI in cyberattacks. These factors revolutionize […]
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products
In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The post CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products appeared first on SecurityWeek.
Embracing Generative AI in health: focus on adoption, execution, outcomes and the human side
Healthcare systems around the world are under extreme pressure as a result of staffing shortages, low retention rates and clinician burnout. In the U.S., due to higher turnover rate of nurses, hospitals have employed traveling nurses. On average, hospitals would save $3,084,000 per year by eliminating the need for traveling nurses, according to NSI. In […]
Landing Your First CIO Role? Learn how Next CIO Winners Gathered to Support Their C-suite Tech Leadership Journey.
The Next CIO cohort sat with Natalie Whittlesey and James Lawson from InX to discuss how to transition into a first time C-suite role. Next CIO workshops are designed to support the Next CIO cohort into their first CIO role. These are held throughout the year as part of the initiative. From determining career paths, […]
‘Leaky Vessels’ Container Escape Vulnerabilities Impact Docker, Others
Snyk discloses information on Leaky Vessels, several potentially serious container escape vulnerabilities affecting Docker and others. The post ‘Leaky Vessels’ Container Escape Vulnerabilities Impact Docker, Others appeared first on SecurityWeek.
Watch: Top Cyber Officials Testify on China’s Cyber Threat to US Critical Infrastructure
Video: Top US cyber officials testify on China’s cyber threat to U.S. national security and critical infrastrcuture. The post Watch: Top Cyber Officials Testify on China’s Cyber Threat to US Critical Infrastructure appeared first on SecurityWeek.
4 paths to sustainable AI
Regulators, investors, customers, and even employees are pushing companies to minimize the climate impact of their AI initiatives. Everything from geothermal data centers to more efficient graphic processing units (GPUs) can help. But AI users must also get over the urge to use the biggest, baddest AI models to solve every problem if they truly […]
Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping
Daniel James Junk sentenced to six years in prison for stealing millions in cryptocurrency through SIM swapping. The post Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping appeared first on SecurityWeek.
New York Sues Citibank Over Poor Data Security, Anti-Breach Practices
New York attorney general is suing Citibank for failing to protect customers against hackers and fraudsters who have stolen millions. The post New York Sues Citibank Over Poor Data Security, Anti-Breach Practices appeared first on SecurityWeek.
At Least 30 Journalists, Lawyers and Activists Hacked With Pegasus in Jordan, Forensic Probe Finds
Pegasus spyware from NSO Group was used in Jordan to hack the cellphones of journalists, lawyers, human rights and political activists. The post At Least 30 Journalists, Lawyers and Activists Hacked With Pegasus in Jordan, Forensic Probe Finds appeared first on SecurityWeek.
Johnson Controls Ransomware Attack: Data Theft Confirmed, Cost Exceeds $27 Million
Johnson Controls confirms that the recent ransomware attack resulted in data theft and says expenses reached $27 million. The post Johnson Controls Ransomware Attack: Data Theft Confirmed, Cost Exceeds $27 Million appeared first on SecurityWeek.
Why Are Cybersecurity Automation Projects Failing?
The cybersecurity industry has taken limited action to reduce cybersecurity process friction, reduce mundane tasks and improve overall user experience. The post Why Are Cybersecurity Automation Projects Failing? appeared first on SecurityWeek.
How to calculate TCO for enterprise software
When organizations buy a shiny new piece of software, attention is typically focused on the benefits: streamlined business processes, improved productivity, automation, better security, faster time-to-market, digital transformation. The other side of the cost/benefit equation — what the software will cost the organization, and not just sticker price — may not be as captivating when […]
20 professional organizations for Black IT pros
Despite diversity being a much-discussed topic in the tech industry, representation for Black tech workers is still not where it needs to be, with African Americans holding just 7% of positions in the tech industry, and only 2% of tech executive roles, according to data from the Diversity in High Tech report published by the US Equal […]
Apple Patches Vision Pro Vulnerability as CISA Warns of iOS Flaw Exploitation
Apple releases first security update for Vision Pro VR headset as CISA issues warning about exploitation of iOS vulnerability. The post Apple Patches Vision Pro Vulnerability as CISA Warns of iOS Flaw Exploitation appeared first on SecurityWeek.
8 errori da evitare nelle strategie sui dati
Le imprese non si possono permettere di commettere errori nelle proprie strategie sui dati, perché la posta in gioco nell’economia digitale è troppo alta. Il modo in cui raccolgono, archiviano, ripuliscono, proteggono e accedono ai loro dati può essere un fattore importante per la loro capacità di raggiungere gli obiettivi di business. Purtroppo, la strada […]
US Says it Disrupted a China Cyber Threat, but Warns Hackers Could Still Wreak Havoc for Americans
Chinese government hackers are busily targeting water treatment plants, the electrical grid, transportation systems and other critical infrastructure inside the United States, FBI Director Chris Wray told lawmakers. The post US Says it Disrupted a China Cyber Threat, but Warns Hackers Could Still Wreak Havoc for Americans appeared first on SecurityWeek.
Democratizing IT at Munters
Stockholm-based Munters, founded in 1955, works across a wide range of industries to supply innovative and energy-efficient air treatment and climate solutions. Today, the company, with nearly 4,000 employees in 30 countries and 2022 net sales of SEK10.4 billion [$1 billion], is supplemented with more specific niche systems for data centers and food tech software […]
キャセイパシフィック航空、クラウドの旅を新たな高みへ
クラウドの旅が巡航高度に達しても、キャセイパシフィックグループのIT部門は減速していない。それどころか、キャセイパシフィック航空とHKエクスプレスを運営するこの上場企業は、全面的なクラウド化からさらなる利益を引き出そうと、移行から最適化モードへと移行しつつある。 「クラウドの最適化は2024年の新しい取り組みです」と、香港に本社を置くアジア太平洋地域の大手航空会社で貨物輸送会社でもあるキャセイのITインフラ・セキュリティ担当ゼネラルマネージャー、ラジーブ・ナイール氏は言う。「クラウドのワークロードを最適化し、アプリケーションの一部を書き直し、ESGが全体像の中に入ってくるにつれて、CO2排出量を削減するためにどのように効率化できるかが重要になってくる。 キャセイ航空は4年前にクラウドの旅を開始し、過去3年間で移行を加速させてきた。現在までに、キャセイ航空は400のアプリケーションの98%をAWSに移行しているが、一部のワークロードはAzureに移行しており、キャセイ航空が特定のベンダーに縛られないようにするため、クラウドプロバイダーのさらなる「リバランス」を計画しているとナイル氏は言う。 多くの企業がそうであるように、キャセイパシフィック航空も初期段階では、クラウドの即時的な効率性と拡張性の恩恵を受けるために、リフト・アンド・シフトのアプローチに大きく依存していた。2011年にアプリケーション・サービス・マネージャーとしてキャセイ航空に採用され、10年後に現職に就いたナイール氏は言う。 データ管理は、キャセイ航空にとって今年のもうひとつの重要な優先事項である。同社は、すべてのアプリケーションでより優れた分析を可能にするために、複数のデータウェアハウスからデータフィードとデータリポジトリを統合することを目指しているからだ、とナイール氏は言う。 最適化戦略には、Salesforce CRM、ServiceNow、SAPなど、キャセイのSaaSベースの導入に対する修正も含まれる。 自動化とセルフサービスの強化も、クラウド最適化戦略の一環として重視されるとナイールは言う。キャセイの社内ビジネス・プロセスの多くはUiPathを使って自動化されているが、ナイールはこれらの実装を改善し、リクエストやインシデント解決に対応する従業員のセルフサービスをより有効にすることを目指している。 ビジネス面では、旅客便にエアバス機、貨物便にボーイング機を使用しているキャセイ航空は、中国への路線を拡大し、航空機を満席にして収益性を高めると同時に、燃料効率を高めることを目指しているとナイール氏は言う。 ネットワークの確保 キャセイのクラウド最適化計画の主要な側面のひとつは、Aryakaの統合セキュア・アクセス・サービス・エッジ(SASE)統合ネットワーキング、セキュリティ、観測可能性プラットフォームをグローバルネットワーク全体に採用することだとナイール氏は言う。SASEは標準的なMPLSネットワークに取って代わることになる。 キャセイ航空が最新のSASEに移行することで、信頼性の高いインターネット帯域幅が提供され、ネットワーク要素間の相互運用性が強化され、AWSとAzure上の何百ものワークロードをよりよく管理し、セキュアにすることが可能になる、とナイール氏は言う。 13年前にキャセイ航空に入社する前はエミレーツ航空に勤務していたナイール氏は、アプリケーション側での深い経験から、クラウド環境で旧式のネットワーク技術に依存することのビジネス上の問題についてユニークな見識を持っているという。 「インフラ側にいると、顧客の悩みを理解できないことがよくあります」とナイル氏は言う。 アナリストによると、複雑さを管理可能な状態に保ちながら、ゼロトラストのセキュリティ態勢でデジタル・ビジネスの変革をサポートできることが、SASE採用の大きな原動力になっているという。 ガートナーのアナリストであるジョン・ワッツ氏は、「デジタル・ビジネスは、クラウドやエッジ・コンピューティング、Work-from-Anywhere構想など、新たなデジタル機能に対する要求を促進し、その結果、エンド・ユーザーにセキュリティのためにマネージド・ネットワークへの接続を強制することから、場所に関係なくアクセスを保護することへと、アクセス要件が逆転している」と指摘する。「同時に、企業はますますゼロトラスト戦略を追求するようになっている。同時に、企業はますますゼロ・トラスト戦略を追求するようになっている。ゼロ・トラストのセキュリティ態勢を提供することは、SASEアーキテクチャの不可欠な部分であり、新たなSASE製品には不可欠である。」 IDCは、SASEを「サービスとしてのネットワーク」と「サービスとしてのセキュリティ」を統合したクラウド・ネイティブ・アーキテクチャと定義しており、トラフィック中心からアイデンティティ・ベースの手法に重点を移している。 Aryakaのほか、Cato Networks、Cisco、Fortinet、Palo Alto Networks、Zscalerなどが、SASEソリューションを世界的に提供しているベンダーのリストに名を連ねている。 AryakaのSASEは、Cisco Viptela SD-WANサービス、インターネット閲覧用のSymantec Web Security Service (WSS)プロキシ、セキュリティコントロール用のゾーンベースのファイアウォール、スタッフ用のMerakiコーポレートWiFiサービス、リモートワーク用のVPN、Amadeus、Champ Cargosystems、The HAECO Groupなどのビジネスパートナーと接続するためのCXビジネスパートナーネットワークなど、現在キャセイ航空が使用している無数のレガシーネットワーキングテクノロジーを置き換えることになる。 12月に発表されたIDCのレポートによると、脅威の空域が拡大するにつれ、接続性、ネットワーク機能、セキュリティの「融合」を含め、ネットワーク化されたインフラへのニーズが高まっているという。 「アジア太平洋地域におけるサイバーセキュリティの脅威の状況は悪化の一途をたどっている。「このような課題に対処するため、企業はSASE/SSEフレームワークの下で重要なセキュリティ技術を統合している。 俊敏性のための微調整 キャセイにとって、セキュリティは重要な関心事だが、サイバーセキュリティは効果的に設計されなければ、俊敏性の障害になりかねないとナイールは指摘する。クラウドの最適化には、各ワークロードに割り当てられる容量を微調整することも含まれる。過剰なプロビジョニングを減らすという目標は、コストを削減するだけでなく、キャセイの持続可能性の目標を達成し、「環境に優しい」企業になることにも役立つとナイールは言う。 「キャビンクルーとフライトクルーのロスターが発表される毎月特定の日があり、この期間にはキャパシティーの問題が発生するため、その特定の瞬間を管理するためにチームが舞台裏で働くことになります」とナイル氏は説明する。「クラウドのおかげで、私たちはよりスケーラブルで俊敏になりました」とナイルは説明する。 キャセイ航空はまた、ブロックチェーンのデジタル台帳技術を活用する初期のイノベーターでもある。2019年、キャセイパシフィック・カーゴは、香港国際空港の自社貨物ターミナルでこの技術を適用し、ユニット・ロード・デバイス(ULD)の在庫の保管管理にブロックチェーンを使用した最初の航空会社になったとナイールは主張している。 「第2段階では、香港の貨物代理店も対象となった。以前は、ドライバーが梱包済みの貨物や空のULDを配達・回収する際、ULD番号をメモし、カーゴ・ターミナルで手作業で書類を交換していた。新しいシステムでは、ドライバーはULD番号を専用のスマートフォンアプリに入力し、ブロックチェーン台帳に保管の移管を記録することができる。」 ナイールによると、ブロックチェーン・ソリューションは、キャセイ航空が200の港で所有権と在庫をリアルタイムで割り当てられるよう、配送のあらゆる段階でULDの所有権を確実に追跡する。 AI世代の登場 航空機メーカーは、飛行中の航空機を完全に制御する高度な自動化技術を採用している。これは、航空会社がパイロットの雇用を見つけるのが困難な時代に役立っている。キャセイ・パシフィック・グループは、こうした新たなジェネレーティブAIコパイロットの利用を模索している多くの企業のひとつだ。 多くのタスクを自動化し、従業員の生産性を向上させるマイクロソフトが最近リリースしたCopilotの初期ユーザーであるキャセイパシフィック航空は、機械学習モデルも最近「頻繁に」使用しており、より洗練されたジェネレーティブAIの使用も視野に入れているとナイール氏は言う。 それでも、キャセイ航空は開発とテストのごく初期段階にあり、導入がどれほどのスピードで大規模なビジネスに変化をもたらすかは未知数だ、とナイルは言う。デジタル変革が10年足らずですでに企業文化や消費者文化に大きな影響を与えていることは間違いなく、それは加速する一方だ。 かつてはビジネスをサポートする機能と見なされていたITは、今やビジネスにおける最大のゲーム・チェンジャーになったとネールは言う。「テクノロジーは組織のバックボーンになりつつある。テクノロジーを受け入れていないなら、あなたは負けている。AIはまだ黎明期にあるが、それを理解し、あらゆる可能性を考え抜かなければならない。」 Industry
US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon
The US government neutralizes a botnet full of end-of-life Cisco and Netgear routers being by a notorious Chinese APT group. The post US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon appeared first on SecurityWeek.
Big tech ‘acquihires’ suppress IT wages, drain high-demand talent pools
The biggest companies in the world are keeping tech workers’ wages low by buying up companies instead of hiring their talent, creating an increasingly limited number of potential workplaces for developers and other high-tech professionals — all while draining talent pools for enterprise CIOs. This condition — called monopsony, which describes a market in which […]
Podcast: Palo Alto Networks Talks IT/OT Convergence
SecurityWeek interviews Del Rodillas, Senior Director of Product Management at Palo Alto Networks, about the integration of IT and OT in the ICS threat landscape. The post Podcast: Palo Alto Networks Talks IT/OT Convergence appeared first on SecurityWeek.
GNU C Library Vulnerability Leads to Full Root Access
Researchers at Qualys call attention to a vulnerability in Linux’s GNU C Library (glibc) that allows full root access to a system. The post GNU C Library Vulnerability Leads to Full Root Access appeared first on SecurityWeek.
Dawn Rising: Jumpstarting a new age of AI supercomputing in the U.K.
In November 2023, the Cambridge Open Zettascale Lab announced the deployment of the U.K.’s fastest AI supercomputer: Dawn Phase 1.1 Powered by the latest Intel GPUs and CPUs aboard liquid-cooled Dell servers, the Dawn supercomputer combines breakthrough artificial intelligence (AI) and advanced high-performance computing (HPC) technology to help researchers solve the world’s most complex challenges […]
After Delays, Ivanti Patches Zero-Days and Confirms New Exploit
Ivanti documents a brand-new zero-day and belatedly ships patches; Mandiant is reporting “broad exploitation activity.” The post After Delays, Ivanti Patches Zero-Days and Confirms New Exploit appeared first on SecurityWeek.
Trust: The foundation for successful digital transformation
In today’s dynamic, digitally evolving business landscape, establishing a strong foundation of trust within an organization is more vital than ever. In this article, we look at why trust is so critical in an enterprise and offer some key approaches for establishing a solid foundation of trust. Trust is critical and difficult to maintain In […]
Generative AI’s role in increasing IT efficiency
CIOs and their IT teams — including operations/DevOps, site reliability engineering, and platform engineering — are charged with building and managing IT services that can provide near 100% uptime. When incidents do occur, they need to resolve them quickly. That’s a high bar, since a typical enterprise IT environment spans the cloud, edge, and hosted […]
How AIOps can help reduce costs and drive economic efficiencies
The history of IT operations (ITOps) can pretty much be summed up in one phrase: Do more with less. But for CIOs, additional expectations are often layered on top. While doing more with less, CIOs must also increase the value IT provides to the business, with new capabilities, improved reliability, and increased uptime. This is […]
Reken Emerges From Stealth With $10 Million Seed Funding
Reken, an AI-defense cybersecurity startup, emerged from stealth – but without a publicly demonstrable product. The post Reken Emerges From Stealth With $10 Million Seed Funding appeared first on SecurityWeek.
Tor Code Audit Finds 17 Vulnerabilities
Over a dozen vulnerabilities discovered in Tor audit, including a high-risk flaw that can be exploited to inject arbitrary bridges. The post Tor Code Audit Finds 17 Vulnerabilities appeared first on SecurityWeek.
Leaked GitHub Token Exposed Mercedes Source Code
A leaked token provided unrestricted access to the entire source code on Mercedes-Benz’s GitHub Enterprise server. The post Leaked GitHub Token Exposed Mercedes Source Code appeared first on SecurityWeek.
Two More Individuals Charged for DraftKings Hacking
Nathan Austad and Kamerin Stokes have been charged for hacking user accounts at fantasy sports and betting website DraftKings. The post Two More Individuals Charged for DraftKings Hacking appeared first on SecurityWeek.
Aim Security Raises $10M to Tackle Shadow AI
A new Israeli startup called Aim Security has raised $10 million in seed financing to help with the secure deployment of generative-AI technologies. The post Aim Security Raises $10M to Tackle Shadow AI appeared first on SecurityWeek.
How to Align Your Incident Response Practices With the New SEC Disclosure Rules
By turning incident response simulation into a continuous process and employing innovative tools, you can address the stringent requirements of the new SEC incident disclosure rules. The post How to Align Your Incident Response Practices With the New SEC Disclosure Rules appeared first on SecurityWeek.
US Sanctions Two ISIS-Affiliated ‘Cybersecurity Experts’
US Treasury Department announces sanctions against two Egyptian nationals accused of running an ISIS cyber platform. The post US Sanctions Two ISIS-Affiliated ‘Cybersecurity Experts’ appeared first on SecurityWeek.
45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation
Shadowserver Foundation has seen 45,000 Jenkins instances affected by CVE-2024-23897, which may already be exploited in attacks. The post 45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation appeared first on SecurityWeek.
Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet
Akamai flags six zero-day vulnerabilities in Hitron DVRs exploited to ensnare devices in the InfectedSlurs botnet. The post Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet appeared first on SecurityWeek.
Transforming IT culture for business success
Back in the day, IT culture was all about the perks. Would-be employees were drawn in by modern, open spaces punctuated by game tables and fully stocked kitchens along with an array of services that might include on-site gyms, coffee bars, even chef-inspired cafeteria fare. The evolving role of IT, coupled with new pandemic-era work […]
Generative AI is earning good grades in education
As Nelson Mandela opined, “Education is the most powerful weapon which you can use to change the world.” Teachers and access to education play a crucial role in our future. Teachers educate the next generation by sharing knowledge, fostering critical thinking skills, managing parents, and developing children. At the same time, teachers face an increasingly difficult […]
ChatGPT Violated European Privacy Laws, Italy Tells Chatbot Maker OpenAI
Italian regulators told OpenAI that its ChatGPT artificial intelligence chatbot has violated GDPR. The post ChatGPT Violated European Privacy Laws, Italy Tells Chatbot Maker OpenAI appeared first on SecurityWeek.
The Ransomware Threat in 2024 is Growing: Report
Anyone who believes ransomware will go away doesn’t understand the nature of criminality. Extortion has and always will be a primary criminal business plan. The post The Ransomware Threat in 2024 is Growing: Report appeared first on SecurityWeek.
Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums
A massive database containing the information of 85% of the Indian population has emerged on the dark web. The post Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums appeared first on SecurityWeek.
Juniper Networks Patches Vulnerabilities in Switches, Firewalls
A high-severity flaw in the J-Web interface of Juniper’s Junos OS could lead to arbitrary command execution, remotely. The post Juniper Networks Patches Vulnerabilities in Switches, Firewalls appeared first on SecurityWeek.
SAP offers big discount to lure on-prem S/4HANA customers to Rise
SAP is offering on-premises S/4HANA users a credit of 60% of their first year’s fees if they migrate to its all-in-one cloud-based offering, Rise with SAP. The credit, to be spent on other SAP services, should be enough to offset around half of the overall cost of a typical migration, according to Jan Gilg, the […]
US Lawmakers Introduce Farm and Food Cybersecurity Act
New bipartisan, bicameral legislation aims to improve cybersecurity protections within the food and agriculture sector. The post US Lawmakers Introduce Farm and Food Cybersecurity Act appeared first on SecurityWeek.
US Disrupted Chinese Hacking Operation Aimed at Critical Infrastructure: Report
US government reportedly disabled parts of a botnet-powered cyber campaign conducted by the Chinese threat actor Volt Typhoon. The post US Disrupted Chinese Hacking Operation Aimed at Critical Infrastructure: Report appeared first on SecurityWeek.
Oracle plans to expand its cloud region across the Middle East
Oracle’s annual flagship event, CloudWorld Tour returned to the UAE for the second consecutive year to share the company’s latest AI innovations to power UAE’s Digital Economy and its regional plans. The company that just turned 35 years old in the UAE will continue to invest in local infrastructure to bring cloud capabilities that will […]
1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates
Insurance brokerage firm Keenan & Associates says personal information stolen in an August 2023 cyberattack. The post 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates appeared first on SecurityWeek.
Schneider Electric Division Responding to Ransomware Attack, Data Breach
Schneider Electric’s Sustainability Business division disrupted as a result of a ransomware attack and data breach. The post Schneider Electric Division Responding to Ransomware Attack, Data Breach appeared first on SecurityWeek.
CIOs rise to the ESG reporting challenge
Corporate ESG reporting is getting real for companies around the globe. Enacted and proposed regulations in the EU, US, and beyond are deepening reporting requirements in an effort to change business behavior. What were once theoretical goals around environmental, social, and governance issues are rapidly evolving into mandatory efforts. The foundation for ESG reporting, of […]
Today’s best CIOs are strategy wranglers
When we started this century the buzz in IT was “everything is going to have a chip.” Twenty-plus years in, CIOs have discovered that, when it comes to IT, everything is going to need a strategy. As CIO, you need a data strategy. You need a cloud strategy. You need a security strategy. If you […]
Cloud, modelli a confronto: nativo, SaaS, multi-vendor e ibrido privato
Per il cloud in Italia è davvero l’epoca della maturità: imprese private ed enti pubblici di tutte le dimensioni non solo adottano, in misura crescente, soluzioni “as-a-service”, ma sempre di più guardano a modelli cloud-first o cloud-native anche laddove esiste una forte eredità IT. La gestione della fattura mensile può essere uno scoglio del modello […]
中小企業のDX戦略には何が必要なのか
DX化に取り組めない中小企業は全体の7割 2023年に中小企業基盤整備機構が全国1000社に行った「中小企業のDX推進に関する調査」(調査期間は2023年7月28日から8月1日)によると、「(DXを)理解している」「ある程度理解している」と答えた企業は49.1%。半分近くの企業がDXに理解を示している。さらにDXが「必要だと思う」「ある程度必要だと思う」と答えた企業が71.9%と大多数の会社が答えている。 DXに期待する成果・効果についてはどうだろうか。アンケートの上位を見ると「業務の効率化」が64.0%と最も多く、「コストの削減」(50.5%)、「データに基づく意思決定」(31.0%)と続いている。 500社以上の中小企業のIT導入やDX推進支援に取り組んできたIT経営ワークス代表取締役の本間卓哉氏は次のように語る。 「これまでの経営の在り方に危機感を持ち始めている中小企業の経営者は多くなっている。人の問題が大きな引き金になっていると思います。例えば長年勤めていた経理担当の人がいなくなってしまったが、仕事が属人化しているせいで、ほかの人では代替できなくなってしまったケースなどがある。経営者側はなんとか属人化をなくしたいと考え、仕組み化をする、システムを入れたいと思うようになるわけです」 ここで再びアンケートに戻ってみよう。DXについて「既に取り組んでいる」と答えた企業はわずかに14.6%、「取り組みを検討している」と答えた企業を合わせても31.2%とわずか3分の1しかない。 さらに「必要だと思うが取り組めていない」と答えた企業は31.6%、「取り組む予定はない」と答えた企業が37.2%もある。 つまり全体の68.8%の中小企業はDXに取り組めていないと回答している。 中小企業のDX化が進まない要因としては『人』『知識』『お金』の3つがあげられる。 日本の企業は長い間、システムの開発は業務システムやOA機器の営業担当者から提案されたシステム機器を言われるがままに導入し、古くなったら交換するということを繰り返してきた。 しかもシステムの管理は外部のベンダー任せ。社内でITに詳しい人材を育成してこなかったし、社内にも知識が蓄積されてこなかった。しかしローコードやノーコード、クラウドなどITの技術が身近なものになってくると、社内でのIT活用は重要な課題となる。 ところが今となってしまっては、IT人材は空前の人手不足に見舞われ人件費は高騰している。中小企業が優秀なIT人材を獲得しようとしても資金力の豊富な大手には太刀打ちできない。 ではどうすればいいのか。 「中小企業は自前のIT人材を集めるより、外部の人材を有効に活用することが重要だと思います」(同) DXはコストではなく稼ぐ力をつけるための取り組み DXを推進していくためには経営者の意識改革も重要だ。 「多くの中小企業の経営者はIT導入のために発生する費用を単なる『コスト』だと考えている。業務の効率アップのためにITツールの月額使用料がかかるなら、現状のままでもいいと考えてしまうことが多いのです。こうした発想をまず変えていかなければなりません」(同) では経営者はどう発想を変えていけばいいのだろうか。 「何のためにDXに取り組むのかというと、従業員の仕事を楽にするためにやっているわけではなく、企業の経営者がもっと稼ぎたいという思いがあるからです。稼ぐ力をつけるための取り組みという意識を持つことが大切です」(同) ここで重要なのは業務フローを数値化、定量化するということだ。これによってDXが「コスト」ではなく儲けるための「投資」であるかどうかが、はっきりと見えてくるからだ。 この時特に注意してみなければならないのが一人あたりのIT投資をどのくらいかけるのか、という点だ。 例えば40人の会社で経費精算に一人30分かかっていたとしよう。経費精算システムを導入して、その作業時間を10分でできるようにしたら、全社で800分、約13時間の節約になる。 正社員の時給を3000円だとすると、時給換算で約4万円、経費精算システムは一人当たり月500円程度で利用できるから導入費用は2万円。すでに得をしている計算になる。 そうした時間を削れれば残業代などの人件費が減り、いちいち紙に印刷する機会も減るので消耗品費も減る。浮いた時間で新しい取り組みをすれば売り上げアップも期待できるというわけだ。 「DXの過程で発生する社内インフラの整備やITツールの導入にかかる費用は、売り上げや利益を上げていくための『投資』です。経営者にはITツールの導入が『コスト』ではなく『投資』だという意識をぜひ持っていただきたい」(同) DXを進めるには明確なビジョンと強力なリーダーシップが必要 では実際にDXを進めていくためにはどのようなことが必要なのでしょうか。 「ひとくちにDXといっても企業によって求められているものは違います。そのためにはDXによって何を実現したいのか、ビジョンをしっかりと定め、トップ自ら『組織を挙げて取り組むんだ』という強い意志を示し、それをしっかりと発信することです」(同) このとき注意しなければならないのは「知り合いの社長がいいといっていたから」といった安易な理由でITツールを導入してしまうようなケースだ。その会社に必要なものであっても、自分の会社に本当に必要なものであるかどうかは、別の話だからだ。 あくまでも自分の会社が抱える課題がどのようなものなのかをしっかりとロードマップを敷いて検証しなければITツールの導入は宝の持ち腐れとなってしまうおそれがある。 「ある程度の規模の会社は、業務フローについての規定をつくっているのですが、いざ現場にいってみてみると、その通りになっていないことが圧倒的に多いのです。業務フローがきちんと把握できなければDX化を進めても、自分たちの業務にマッチしたDXなのかどうかはわかりません。場合によっては経営効率が逆に悪くなってしまう恐れもあります。業務フローを理解するためにはまず目で見てわかるように可視化することが重要です」(同) 業務フローを整理するためには「従業員」と「顧客」という2つの軸で業務を整理する。 「従業員」軸には「採用管理」「労務管理」「勤怠管理」「経費管理」などに区分してそのフローを図にまとめ、各部門の中身を詳細に書き出していく。 同時にグループウエアやインフラなども整理する。グループウエアとは、チャットやweb会議、クラウドストレージなどさまざまな業務効率を上げるためのツールで、インフラは資産管理、セキュリティ対策、通信機械、共用サーバーなどだ。 一方で「顧客」軸は、顧客と接点を持って売り上げが立つまでの流れを指し、「名刺管理」や見込み客から受注を得るまでの「営業管理」などを可視化する。 「『従業員』軸では採用から会計までの間をきちんと管理できているのか、ということが問題となります。人事部で採用情報を管理し、採用された社員は配属された各部署などで業務管理されるわけですが、部門や部署が違うと扱っているシステムが違っていたりすることがあります。そのときシステムごとにデータ連携できていないと、採用から会計までの流れを可視化できません。『顧客』軸については名刺交換やホームページからの問い合わせなどきちんと一元管理できているのかが問題となります」(同) 「顧客」軸は「従業員」軸に比べ、流れがわかりやすいので業務フローを認識している企業は多いが、部門ごとに異なるレガシーシステムが存在しているなど、全体像を把握している人がいないようなケースもある。 こうした業務フローの可視化によってボトルネックになっている個所を見つけ出し、どうなったら理想的かを考えていく。 たとえば現在のシステムでは紙しか出力できず、印刷したあとに、スキャンしてPDFを保存しているとしよう。これを変えていくには最初からデータを保存できる状態にすることが理想だ。 別々の部門で同じ動作が発生しているような場合は二つのシステムのデータを連携できるような状態にすることが目標となる。 ITツールは会計から逆算する 取り組むべき課題が明確になったらITツールの選定に入る。ITツールの導入にあったって本間氏は「会計から逆算する」ことを提唱している。 「従業員の業務フローでも顧客の業務フローでも必ず最終的に会計に行き着くからです。今使っている会計システムから逆算していって、どのような流れになっているのかということを見ていくと、そこに必要なシステムというものが見えてきます」(同) 例えば経費精算システムの導入について見てみることにしよう。ある中小企業が経費精算ソフトを導入するにあたって自社の業務フローを見える化したところ旅費精算する場合には、①領収書の内容をエクセルの経費精算書ファイルに入力②精算書を印刷し、上長に提出③上長の承認④精算書と領収書を経理担当者に提出⑤経理部門の精算書の内容の確認⑥会計ソフトにデータ入力と――6つの工程で処理されていたことが分かった。 これを「会計から逆算」してみると、⑥で入力業務の無駄が発生していることがわかる。エクセルに経費を導入しているにもかかわらず紙にいったん落としているため、経理担当者が同じデータを会計ソフトに再入力しなければならなくなっている。しかも精算書は紙に印刷するため社員は会社に出社しなければ旅費精算ができない。会計担当者にも社員にも余計な労力を使わせていることがここからわかるだろう。 この会社は⑥を省力化するために会計ソフトと経費精算データを連携させ、①②③を効率的に行うために外出先から申請・承認できるようにした。 ただここで中小企業がDXを進めていく場合に注意しなければならないのは、優先度の高いものから対応していくということだ。 「いきなり何でもできるわけではないですから優先度の高いものからやっていく必要があると思います。本当に業務をシステム化した方がいいのか、どうかも検討する。現場が、『この問題はたいへんだからシステム化した方がいい』といっていても、実際には割に合わないということもあります」(同) ポイントはまず機能性の要件が合うかどうか、そして2つ目は使い勝手、テスト導入してみて現場が使えるかどうかだ。既存の基幹システムとうまく機能するかという点も重要だ。 データの連携、データの蓄積という点にも目を配らなければならない。データ連携ではCSV連携(テキストベースのデータ形式で、異なるソフトウェア間でデータを共有するための方法)、API連携(異なるソフトウェアシステム間でデータや機能を共有するためにAPI(Application Programming Interface)を使用する方法)、RPA活用(ソフトウェアロボットを使用して、人間が行うルーチンな業務プロセスを自動化する方法)の3つの方法がある。最近の会計ソフトには銀行口座や預金データやクレジットカードとのAPI連携機能が搭載されているものも多いので、これらもうまく活用したいところだ。 そしてデータを蓄積することでデータに基づく経営(データドリブン)が可能になる。経験や勘に頼った企業経営からデータに基づく企業経営に変えていくことで、より迅速な意思決定を進めていくことができるのではないか。 DX化を進めていくためにはチーム作りも欠かせない。 「DXというのは単発で何かをやって終わるという話ではない。全社一丸となって進めていけるような横ぐしを刺したようなチームをつくることが必要です。求めているものは全社最適であって部分最適ではないのです。ただチームを作ればいいというのではなく、そこに権限がないと意味はありません」(同) […]
Ivanti Struggling to Hit Zero-Day Patch Release Schedule
Ivanti is struggling to hit its own timeline for the delivery of patches for critical — and already exploited — flaws in its flagship VPN appliances. The post Ivanti Struggling to Hit Zero-Day Patch Release Schedule appeared first on SecurityWeek.
Canadian Man Sentenced to Prison for Ransomware Attacks
Matthew Philbert was sentenced to two years for launching cyberattacks on Canadian businesses and government entities. The post Canadian Man Sentenced to Prison for Ransomware Attacks appeared first on SecurityWeek.
Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution
Two memory safety vulnerabilities in WatchGuard and Panda Security products could lead to code execution with System privileges. The post Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution appeared first on SecurityWeek.
PoC Exploit Published for Critical Jenkins Vulnerability
PoC exploit code targeting a critical Jenkins vulnerability patched last week is already publicly available. The post PoC Exploit Published for Critical Jenkins Vulnerability appeared first on SecurityWeek.
US Aid Office in Colombia Reports Its Facebook Page Was Hacked
The Colombia office of the U.S. government agency that oversees foreign aid and development funding said its Facebook page was hacked and asked the public to ignore any posts or links from the account. The post US Aid Office in Colombia Reports Its Facebook Page Was Hacked appeared first on SecurityWeek.
AI Companies Will Need to Start Reporting Their Safety Tests to the US Government
The Biden administration will start implementing a new requirement for the developers of major artificial intelligence systems to disclose their safety test results to the government. The post AI Companies Will Need to Start Reporting Their Safety Tests to the US Government appeared first on SecurityWeek.
SecurityWeek Analysis: Cybersecurity M&A Dropping, Over 400 Deals Announced in 2023
An analysis conducted by SecurityWeek shows that 413 cybersecurity-related mergers and acquisitions were announced in 2023. The post SecurityWeek Analysis: Cybersecurity M&A Dropping, Over 400 Deals Announced in 2023 appeared first on SecurityWeek.
Bastille Networks Raises $44 Million to Secure Wireless Devices
Goldman Sachs leads wireless threat intelligence firm Bastille Networks’ $44 million Series C funding round. The post Bastille Networks Raises $44 Million to Secure Wireless Devices appeared first on SecurityWeek.
Decision support systems: Drive better decision-making with data
Decision support systems definition A decision support system (DSS) is an interactive information system that analyzes large volumes of data for informing business decisions. A DSS supports the management, operations, and planning levels of an organization in making better decisions by assessing the significance of uncertainties and the tradeoffs involved in making one decision over […]
Ford’s high-tech business transformation, fueled by cloud
Ford Motor Co.’s wholesale pivot to technology has transformed not only the automaker’s business operations but its corporate identity. “We have become much more of a software company than we were 10 to 20 years ago,” says John Musser, director of engineering for Ford’s commercial division, Ford Pro. “People don’t think of a large, 100-year-old […]
In Other News: Secure Use of AI, HHS Hacking, CISA Director Swatting
Noteworthy stories that might have slipped under the radar: guidance on secure use of AI, HHS grant money stolen by hackers, CISA director target of swatting. The post In Other News: Secure Use of AI, HHS Hacking, CISA Director Swatting appeared first on SecurityWeek.
Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations
CISA informs organizations that Westermo Lynx switches are affected by eight vulnerabilities and some devices are reportedly exposed to the internet. The post Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations appeared first on SecurityWeek.
Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware
The China-linked cyberespionage group Blackwood has been caught delivering malware to entities in China and Japan. The post Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware appeared first on SecurityWeek.
Russian TrickBot Malware Developer Sentenced to Prison in US
Vladimir Dunaev sentenced to 5 years in prison after admitting to participating in the development and distribution of the TrickBot malware. The post Russian TrickBot Malware Developer Sentenced to Prison in US appeared first on SecurityWeek.
Critical Jenkins Vulnerability Leads to Remote Code Execution
A critical vulnerability in Jenkins’ built-in CLI allows remote attackers to obtain cryptographic keys and execute arbitrary code. The post Critical Jenkins Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
Top 10 AI graduate degree programs
Artificial Intelligence (AI) is a fast-growing and evolving field, and data scientists with AI skills are in high demand. The field requires broad training involving principles of computer science, cognitive psychology, and engineering. If you want to grow your data scientist career and capitalize on the demand for the role, you might consider getting a […]
Nozomi Unveils Wireless Security Sensor for OT, IoT Environments
Nozomi Networks extends its offering with Guardian Air, a security sensor designed to help organizations detect wireless threats in OT and IoT. The post Nozomi Unveils Wireless Security Sensor for OT, IoT Environments appeared first on SecurityWeek.
Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive
Participants have earned more than $1.3 million for hacking Teslas, EV chargers and infotainment systems at Pwn2Own Automotive. The post Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive appeared first on SecurityWeek.
Top 5 industry trends in strategic portfolio planning for 2024
Over the years, I’ve had the opportunity to work with contacts in many leading enterprises, including businesses across a wide range of industries and regions. This experience has given me a unique vantage point, enabling me to see those specifics that are unique to each team and organization—as well as common themes that apply to […]
Gen AI: The software developer’s new best friend
Software developers, no matter how skilled, face tasks they’re not very good at. For Geoffrey Bourne, cofounder of Ayrshare (“airshare”), a New York-based startup that automates and manages social sharing for corporate clients, it’s using what’s called regular expressions—tools used in virtually every programming language to identify patterns of text. Generative AI platforms like GitHub Copilot […]
4 industries where chatbots will have the biggest impact
Enterprise spending on consumer-facing generative AI tools will grow from $40 billion in 2023 to $1.3 trillion by 2032, according to a Bloomberg Intelligence analysis. Where will companies pour those hundreds of billions? More than 80% of business leaders believe that the best bang for their gen AI buck is in chatbots for automating customer service and improving knowledge […]
4 skills that can help companies thrive with AI
Organizations investing in artificial intelligence should never lose sight of one constraint: Capturing value from the technology ultimately comes down to the skills of people tasked with using it. With two decades of experience as a human resources leader, Deepa Subbaiah, a senior director for HR at Freshworks, has deep expertise in exploring how enterprise teams can […]
How to kick-start your generative AI strategy
How do you lose the AI race? By not entering. So says Andrew McAfee, principal research scientist at the MIT Sloan School of Management. “When a technology this powerful comes along where you have to learn by doing, finding reasons not to do it is a pretty big error,” he says. Despite the mass embrace […]
The CIO’s 2024 AI playbook
The AI hype cycle has peaked: Tens of thousands of companies helped get it there with generative AI in 2023, with two-thirds now reporting they have deployed GAI tools to their workforce. For enterprise executives in 2024, that means right-sizing those expectations and getting to work: justifying the right use cases, forming teams, and tracking progress and ROI. Here […]
In the Context of Cloud, Security and Mobility, It’s Time Organizations Ditch Legacy MPLS
If organizations understand the benefits SASE offers over MPLS and traditional SD-WAN, they will realize that SASE is poised to replace aging MPLS in due time. The post In the Context of Cloud, Security and Mobility, It’s Time Organizations Ditch Legacy MPLS appeared first on SecurityWeek.
Fintech Company EquiLend Restoring Systems Following Cyberattack
Fintech firm EquiLend is investigating a cyberattack (possibly a ransomware attack) that knocked some of its systems offline. The post Fintech Company EquiLend Restoring Systems Following Cyberattack appeared first on SecurityWeek.
New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security
Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain. The post New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security appeared first on SecurityWeek.
$1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis
$1.7 billion were stolen last year as a result of 231 cryptocurrency platform hacks, according to a report from Chainalysis. The post $1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis appeared first on SecurityWeek.
Tesla Infotainment Hack Earns Researchers $100,000 at Pwn2Own Automotive
Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks. The post Tesla Infotainment Hack Earns Researchers $100,000 at Pwn2Own Automotive appeared first on SecurityWeek.
Cisco Patches Critical Vulnerability in Enterprise Collaboration Products
A critical flaw in Cisco Unified Communications and Contact Center Solutions products could lead to remote code execution. The post Cisco Patches Critical Vulnerability in Enterprise Collaboration Products appeared first on SecurityWeek.
Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users
Amazon-owned Ring will stop allowing police to request doorbell camera footage from users following criticism from privacy advocates. The post Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users appeared first on SecurityWeek.
Firefox 122 Patches 15 Vulnerabilities
Updates released for Firefox and Thunderbird resolve 15 vulnerabilities, including five high-severity bugs. The post Firefox 122 Patches 15 Vulnerabilities appeared first on SecurityWeek.
Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug
Over 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability. The post Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug appeared first on SecurityWeek.
Cengage Group CTO Jim Chilton on the P&L difference
Jim Chilton is an award-winning CIO who serves as the chief technology officer of Cengage Group, an innovative disruptor in the edtech space. As a business and technology executive, Chilton leverages his unique experiences to drive innovation and optimize technology throughout the company. On a recent episode of the Tech Whisperers podcast, Chilton and I […]
6 signs you might need an executive coach — and 2 signs you don’t
IT leaders are more integral to a company’s business success than ever and that brings pressure to expand their roles, better understand and collaborate with the business, and launch major initiatives. To master the various aspects of leadership, it’s often helpful to get professional help. That’s where executive coaching comes into play. As technical people […]
HPE Says Russian Government Hackers Had Access to Emails for 6 Months
HPE told the SEC that Russian state-sponsored threat group Midnight Blizzard had access to an email system for several months. The post HPE Says Russian Government Hackers Had Access to Emails for 6 Months appeared first on SecurityWeek.
6 difficili questioni sull’intelligenza artificiale che ogni leader IT deve affrontare
Poche tecnologie hanno suscitato la stessa quantità di riflessioni e dibattiti come l’intelligenza artificiale, con lavoratori, dirigenti di alto profilo e leader mondiali che hanno spaziato tra elogi e timori. Certo, i CIO non sono stati chiamati a testimoniare davanti al Congresso. Ma vengono torchiati negli uffici dei dirigenti e nei consigli di amministrazione, poiché […]
Agent Swarms – an evolutionary leap in intelligent automation
This article was co-authored by Shail Khiyara, Founder, VOCAL COUNCIL, and Pedro Martins, Global Transformation Leader, Nokia. “The strength of a hive lies not in a single bee, but in the collective power of the swarm, where unity is the true source of their strength.” During the rapid evolution of AI, there emerges a concept […]
What executives should know about SOAR
Coined in 2015 and later updated in 2017 by Gartner, SOAR (security orchestration, automation, and response) describes a platform that is designed to orchestrate the response to incidents, leveraging automated processes designed in decision tree mapping, typically called playbooks. The value of a SOAR platform is focused on improving the accuracy, speed, and depth of […]
NASAがAI活用検索で科学を加速
米国航空宇宙局(NASA)のように多くのデータを生成・収集する場合、研究プロジェクトに適したデータセットを見つけることは問題になり得る。 7つのオペレーションセンター、9つの研究施設、18,000人以上のスタッフを擁するNASAは、常に圧倒的な量のデータを生成し、天体物理学、太陽物理学、生物科学、物理科学、地球科学、惑星科学という5つの専門分野にまたがる30以上の科学データリポジトリに保存している。全体では、128のデータソースにわたって、88,000以上のデータセットと715,000以上のドキュメントが保管されている。地球科学データだけでも、2025年までに250ペタバイトに達すると予想されている。このような複雑さを考慮すると、科学者はそのすべてをナビゲートするために、単なる専門知識以上のものを必要とする。 「研究者は、どのリポジトリに行けばいいのか、そのリポジトリには何があるのかを知る必要があります」と、アラバマ州ハンツビルにあるマーシャル宇宙飛行センターのNASAデータサイエンティスト、ケイリン・バグビーは言う。「科学リテラシーとデータリテラシーの両方が必要だ」。 2019年、NASAの科学ミッション本部(SMD)は、科学者との一連のインタビューに基づいた報告書を発表し、科学者たちが必要なデータを見つけるための一元的な検索機能を必要としていることを明らかにした。SMDの使命は、米国の科学コミュニティと協力し、科学研究を支援し、地球周回軌道、太陽系、そしてそれ以遠の調査のために航空機、気球、宇宙飛行プログラムを利用することである。SMDは、科学者や研究者がSMDのデータにアクセスできるようにすることがSMDの目的の基本であることを認識し、公的資金による科学研究の透明性、包括性、アクセス性、再現性を高めるため、報告書の結果としてオープンソース・サイエンス・イニシアティブ(OSSI)を開発した。OSSIの使命は、ソフトウェア、データ、知識(アルゴリズム、論文、文書、付随情報を含む)を科学的プロセスのできるだけ早い段階でオープンに共有することである。 「これは本当に科学者や科学コミュニティから生まれたもので、学際的な科学を可能にするというSMDの広範な優先事項とも一致しています」とバグビーは言う。「そこで新しい発見がなされるのです」とも言う。 その使命を促進するために、現在、科学者の手元に膨大な量のデータを置くために、ニューラルネットと生成AIの組み合わせに目を向けている。 秩序を取り戻す OSSIの重要な要素は、サイエンス・ディスカバリー・エンジン(SDE)である。これは、NASAのすべてのオープン・サイエンス・データと情報を一元的に検索・発見する機能で、Sinequaのエンタープライズ検索プラットフォームによって提供される。 「SDEが作成されるまで、NASAのオープンデータやドキュメントを検索するために単一の場所に行くことはできなかった。今では、我々のオープン・サイエンス・データの単一の検索機能として機能している」とバグビーは言う。 ニューヨークを拠点とするSinequaは、20年以上前にセマンティック検索エンジンでスタートし、AIと大規模言語モデル(LLM)を活用して文脈に沿った検索情報を提供することに注力している。その後、マイクロソフトのAzure OpenAI Serviceと独自のニューラル検索機能を統合し、プラットフォームを強化している。 具体的には、Sinequaのニューラル検索機能は、キーワード検索とベクトル検索を組み合わせて情報を発見し、GPTは収集した情報を迅速に消化可能で再利用可能な形式に要約する。また、科学者が自然言語を使用して、より深い質問をしたり、検索や回答を洗練させたりすることもできる。SDEは約9,000種類の科学用語を理解し、その数はAIが学習するにつれて増えていくと予想される。 バグビーと彼女の学際的なチームは、データ・スチュワードシップと情報学の専門知識を持つ科学者、開発者、AIとMLの専門家を含み、利害関係者と緊密に協力して彼らのニーズを理解し、またNASAのCIO室とSinequaと協力して概念実証を構築した。 「彼らは私たちが必要とする環境を整える手助けをしてくれた」と彼女は説明する。「私たちはオープンな機能を持たなければならなかったので、いくつかの特別なアーキテクチャが必要だった。」 バグビーによると、すべてを立ち上げ、稼働させるにあたって彼女のチームが直面した最大の課題のひとつは、NASAのエコシステム全体でコンテンツがいかに分散しているかということだった。彼女のチームは、情報ランドスケープ、データ、メタデータスキーマを理解するのに約1年を費やした。 「コードやGitHubのようなもの、データがどのように開発されたかを説明するアルゴリズム文書など、データに豊かさをもたらす文脈的な情報はすべて、多くのウェブページに分散している。」 立ち上げに向けた準備 バグビーは、データ管理やデータ・スチュワードシップに精通している。彼女は、Data.govやオバマ大統領の気候データイニシアチブのメタデータの質を向上させるために、この分野で歯を食いしばってきた。しかし、SDEに携わることで、優れたキュレーションのワークフロー、つまり原則に基づいて管理されたデータの作成、維持、管理のプロセスの重要性が身にしみた。 「もし過去に戻れるなら、最初からもっと強固なキュレーションワークフローを構築していたでしょう」と彼女は言う。「しかし、本当に望む結果を得るためには、キュレーションのワークフローが必要だった。」 SDEはまだベータ版であるが、バグビーによれば、彼女のチームは今日までに科学者から多くの好意的なフィードバックを得ており、今年後半にはより完全に運用可能なシステムを提供する予定である。すでにチームは、ユーザーが検索を開始する前にトピックでフィルタリングできる新しいユーザーインターフェイスを実装している。 Artificial Intelligence
The AI continuum
ChatGPT has turned everything we know about AI on its head. Or has it? AI encompasses many things. Generative AI and large language models (LLMs) like ChatGPT are only one aspect of AI. But it’s the well-known part of AI. In many ways, ChatGPT put AI in the spotlight, creating a widespread awareness of AI […]
Modular IT architecture drives productivity and risk management at Gilbane
Gilbane is one of the largest privately-held real estate development and construction companies in the US. The $6.5 billion company has been family owned from its inception in 1870, with sixth-generation employees currently in the business. Karen Higgins-Carter, previously CIO of Webster Bank, joined Gilbane just over a year ago as CDIO with the responsibility […]
Healthcare cybersecurity: Our hospital’s path to better cyber resilience
Cyberattacks in the healthcare industry undermine our ability to deliver quality care and can endanger the safety, and even the lives, of our patients. Unfortunately, hackers see our industry as a prime target, particularly for ransomware and data privacy attacks. None of us want to hear the news that a hospital has been breached, nor […]
Orca Flags Dangerous Google Kubernetes Engine Misconfiguration
Attackers could take over a Kubernetes cluster if access privileges are granted to all authenticated users in Google Kubernetes Engine. The post Orca Flags Dangerous Google Kubernetes Engine Misconfiguration appeared first on SecurityWeek.
Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits
On the first day of Pwn2Own Automotive participants earned over $700,000 for hacking Tesla, EV chargers and infotainment systems. The post Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits appeared first on SecurityWeek.
CISO Conversations: The Legal Sector With Alyssa Miller at Epiq and Mark Walmsley at Freshfields
SecurityWeek talks to legal sector CISOs Alyssa Miller at Epiq and Mark Walmsley at Freshfields Bruckhaus Deringer The post CISO Conversations: The Legal Sector With Alyssa Miller at Epiq and Mark Walmsley at Freshfields appeared first on SecurityWeek.
A new era of cybersecurity with AI: Predictions for 2024
Artificial intelligence (AI) has been table stakes in cybersecurity for several years now, but the broad adoption of Large Language Models (LLMs) made 2023 an especially exciting year. In fact, LLMs have already started transforming the entire landscape of cybersecurity. However, it is also generating unprecedented challenges. On one hand, LLMs make it easy to […]
Israeli Startup Gets $5M Seed Capital to Tackle AI Security
Prompt Security emerges from stealth with $5 million in seed to help businesses with generative-AI security tasks. The post Israeli Startup Gets $5M Seed Capital to Tackle AI Security appeared first on SecurityWeek.
340,000 Jason’s Deli Customers Potentially Impacted by Credential Stuffing Attack
Jason’s Deli says hackers targeted users in credential stuffing attacks, likely compromising their personal information. The post 340,000 Jason’s Deli Customers Potentially Impacted by Credential Stuffing Attack appeared first on SecurityWeek.
PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability
PoC code exploiting a critical Fortra GoAnywhere MFT vulnerability gets published one day after public disclosure. The post PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability appeared first on SecurityWeek.
Cybersecurity Market Forecasts: AI, API, Adaptive Security, Insurance Expected to Soar
Cybersecurity market projections for the next years focusing on AI, ICS, email, API, insurance, application and adaptive security.x The post Cybersecurity Market Forecasts: AI, API, Adaptive Security, Insurance Expected to Soar appeared first on SecurityWeek.
Chrome 121 Patches 17 Vulnerabilities
Google releases Chrome 121 to the stable channel with 17 security fixes, including 11 reported by external researchers. The post Chrome 121 Patches 17 Vulnerabilities appeared first on SecurityWeek.
Major US, UK Water Companies Hit by Ransomware
Two major water companies, Veolia in the US and Southern Water in the UK, have been targeted in ransomware attacks that resulted in data breaches. The post Major US, UK Water Companies Hit by Ransomware appeared first on SecurityWeek.
SAP announces $2.2B restructuring program that’ll impact 8,000 jobs
German tech major SAP has announced a 2 billion euro ($2.17 billion) restructuring program for 2024, impacting 8,000 employees as it focuses on AI. “In 2024, SAP will further increase its focus on key strategic growth areas, in particular Business AI. It also intends to transform its operational setup to capture organizational synergies, AI-driven efficiencies and to […]
Giant Eagle CIO Kirk Ball on what’s fresh in the digital grocery experience
Based in Pittsburgh and privately owned, grocery chain Giant Eagle, with about 34,000 employees across nearly 500 locations, raced to deliver new digital experiences and buying capabilities for their customers during those intensely challenging early months of the pandemic. And it’s during that time when Ball joined, in June 2020. “The pandemic accelerated the growth […]
8 data strategy mistakes to avoid
Organizations can’t afford to mess up their data strategies, because too much is at stake in the digital economy. How enterprises gather, store, cleanse, access, and secure their data can be a major factor in their ability to meet corporate goals. Unfortunately, the road to data strategy success is fraught with challenges, so CIOs and […]
US, UK, Australia Sanction Russian Man Over Ransomware Attack on Healthcare Insurer
US, UK and Australia announce sanctions against Alexander Ermakov for his role in the 2022 ransomware attack on healthcare insurer Medibank. The post US, UK, Australia Sanction Russian Man Over Ransomware Attack on Healthcare Insurer appeared first on SecurityWeek.
Amazon’s French Warehouses Fined Over Employee Surveillance
France’s data protection agency fines Amazon’s French warehouses unit 32 million euros ($34.9 million) for “excessively intrusive” employee surveillance system. The post Amazon’s French Warehouses Fined Over Employee Surveillance appeared first on SecurityWeek.
Cybercrime’s Silent Operator: The Unraveling of VexTrio’s Malicious Network Empire
VexTrio is a traffic direction system (TDS) with more than 60 affiliates feeding an unknown number of malicious campaigns. The post Cybercrime’s Silent Operator: The Unraveling of VexTrio’s Malicious Network Empire appeared first on SecurityWeek.
データ統合に伴う現代の5つの課題とCIOの対応策
この投稿を読み終える頃には、Web上とデバイス上で人により2,730万テラバイトのデータが生成されます。企業が高度の統合テクノロジーを採用しない場合、これだけでも制御不可能な量のデータや課題が企業にもたらされているのが明確です。データのサイロ化(たこつぼ化)がもたらす脅威については、別の議論が必要になります。本投稿は、現行の統合的ソリューションに伴う様々な課題を厳選しています。 データ量の増大は懸念すべきことです。IDGのアンケートに回答した企業の20%は1000以上の情報源からデータを引き出し、自社の分析システムにフィードしています。第一歩を踏み出すことを躊躇している組織は、以下のような課題に直面することになる可能性が高いのです。データ統合は見直しが必要です。それは以下のギャップを考慮することによってのみ達成できます。では簡単に見てみましょう。 異種のデータソース 異なる複数のソースからのデータは、Excel、JSON、CSVなどの複数のフォーマットや、Oracle、MongoDB、MySQLなどのデータベースから提供されます。例えば、2つのデータソースは同じフィールドの異なるデータタイプや、同じパートナーデータの異なる定義を持っていることがあります。 異種ソースは異なるフォーマットやストラクチャのデータを生成します。多様なスキーマはデータ統合のスコープを複雑化し、データセットの統合にかなりのマッピングを必要とします。 データ専門家は、1つのソースからのデータを他のソースに手動マッピングしたり、すべてのデータセットを1つのフォーマットに変換したり、データを抽出・変換して他のフォーマットと互換性を持たせることができます。これらはすべて、有意義でシームレスな統合の実現を困難にします。 データストリーミングの扱い データのストリーミングは継続的で終わりがありません。記録されたイベントの途切れることないシーケンスから構成されています。従来のバッチ処理技術は、始まりと終わりが明確に定義された静的データベース用に設計されており、途切れなく流れるデータストリーミングには適していません。これによって同期化とスケーラビリティ、異常検知、貴重なインサイトの取得、意思決定の強化が複雑になります。 これに取り組むためには、企業はリアルタイムの解析、集約、受信データのストリーム変換を可能にするシステムを必要とします。従来のアーキテクチャとダイナミックデータストリーム間のギャップを減らすことで、企業は、連続的情報の流れが持つパワーを利用することができます。 非構造化データフォーマットの問題 増大するデータには大量の非構造化データを含まれているため、さらに問題となります。Web 2.0では、ソーシャルプラットフォーム上のユーザー生成データが、音声や映像、画像などで飛び交っていました。 非構造化データには定義済みのフォーマットがなく、一貫性のあるスキーマや検索可能な属性を持っていないため、扱いが困難です。データベースに保管されている構造化データセットのような検索可能な属性を持っていません。そのため、分類や索引付け、関連情報の抽出が複雑となります。 予測不可能な様々なデータタイプにはよく、無関係なコンテンツやノイズが含まれています。これらには、有意義な分析のために合成データの生成、自然言語処理、画像認識、およびMLテクニックが必要になります。複雑なのはこれだけではありません。データ量の大幅な増加を管理するためのストレージのスケーリングやインフラの処理が困難なのです。 しかしながら、この混乱から価値あるインサイトを引き出すための様々な優れたツールが存在します。例えばMonkeyLearnは、パターンを見つけるためにMLを導入しています。K2viewは、特許取得済みのエンティティベースの合成データ生成のアプローチを取っています。Cogitoもまた、自然言語処理を使って価値あるインサイトを提供しています。 データ統合の未来 データ統合は、従来のETL(Extract(抽出)-Transform(変換)-Load(格納)から、自動ELT、クラウドベースのインテグレーション、またMLを採用するその他のインテグレーションに迅速に移行します。 ELTは変換フェーズをパイプラインの最後に移し、生データセットをウェアハウスやレイク、レイクハウスに直接格納します。これによってデータを変換・変更する前に、システムがデータをチェックすることができます。このアプローチは、分析やBIで大量のデータを処理する際に効率的です。 Skyviaと呼ばれるクラウドベースのデータ統合ソリューションが人気を集めています。複数のソースからデータを統合し、クラウドベースのデータウェアハウスに送り込むことができます。リアルタイムでデータ処理をサポートするだけでなく、業務の効率性を大幅に向上することができるのです。 バッチインテグレーションソリューションは、レガシーシステムと新規システムの両方に採用でき、大量のデータ用に容易にスケーリングできます。ウェアハウスやCSVエキスポート/インポート、クラウド・ツー・クラウドのマイグレーションなどのデータ統合に完全にフィットします。 データ手動業務の90%がクラウドベースのインテグレーションを採用する傾向があり、人気のある多くのデータ製品はすでに有利な立場にあります。 さらにまた、企業は今後、自社のデータ統合のソリューションが、業務効率を損なうことなしにあらゆる種類のデータを処理することを期待することができます。これは近い将来データソリューションが、多数のテラバイト単位のデータを同時に処理する高度な弾性処理をサポートすることを意味しています。 データサイエンティストは、クラウドインスタンスを維持するために必要な労力を軽減することを期待しているため、サーバーレスのデータ統合もまた今後人気が高まることでしょう。 データ駆動の未来への足がかり 本投稿では、異種のデータソースや分割駆動型のストリーミングデータ、非構造化フォーマットに伴う課題について検討してきました。企業はいま行動を起こし、シームレスな統合を実現するための慎重なプラニング、高度なツール、ベストプラクティスを採用するべきです。 また、企業が期限内に取り組めば、このような課題も今後の成長や革新を生み出すチャンスになるということも加えておきたいと思います。これらの課題に正面から挑戦することにより、企業はデータフィードを最適に活用できるだけでなく、その意思決定にも役立てることができます。 Data Integration, IT Strategy
Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets
Hackers could exploit Lamassu Douro ATM vulnerabilities to take over devices, steal bitcoin from users. The post Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets appeared first on SecurityWeek.
AI Testing Startup RagaAI Emerges From Stealth With $4.7M in Seed Funding
AI testing platform RagaAI raises $4.7 million in seed funding to help identify AI issues and improve security and reliability. The post AI Testing Startup RagaAI Emerges From Stealth With $4.7M in Seed Funding appeared first on SecurityWeek.
High-Severity Vulnerability Patched in Splunk Enterprise
The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version. The post High-Severity Vulnerability Patched in Splunk Enterprise appeared first on SecurityWeek.
Doppel Secures $14M for AI-Powered Brand Protection Technology
San Francisco startup banks $14 million in Series A funding led by prominent venture capital outfit Andreesen Horowitz (a16z). The post Doppel Secures $14M for AI-Powered Brand Protection Technology appeared first on SecurityWeek.
Identity Security Firm Silverfort Lands $116 Million Investment
Israeli late-stage startup Silverfort raises a whopping $116 million in new financing to scale its ambitions in the identity security space. The post Identity Security Firm Silverfort Lands $116 Million Investment appeared first on SecurityWeek.
Aircraft Lessor AerCap Confirms Ransomware Attack
AerCap confirms ransomware attack after emerging cybercrime gang lists the company on its leak website. The post Aircraft Lessor AerCap Confirms Ransomware Attack appeared first on SecurityWeek.
FTC forbids Intuit from advertising services as ‘free’
The US Federal Trade Commission (FTC) ordered Intuit, a TurboTax software maker, to stop advertising its services as free if they are not free for most of its users. Alternatively, the company will need to reveal the percentage of consumers who qualify for its free services. In addition, Intuit will also need to clearly disclose […]
F5 Names Samir Sherif as New CISO
F5 names Samir Sherif as Chief Information Security Officer (CISO), taking over the role from Gail Coury who will retire March 1st. The post F5 Names Samir Sherif as New CISO appeared first on SecurityWeek.
SEC Says X Account Hacked via SIM Swapping
SEC says hackers used SIM swapping to take over its X (formerly Twitter) account on January 9. The post SEC Says X Account Hacked via SIM Swapping appeared first on SecurityWeek.
Russian Hackers Suspected of Sweden Cyberattack
Swedish government agencies and shops were disrupted by a ransomware attack believed to have been carried out by Russian hackers. The post Russian Hackers Suspected of Sweden Cyberattack appeared first on SecurityWeek.
Sandwich Chain Subway Investigating Ransomware Group’s Claims
The LockBit ransomware group claims to have stolen hundreds of gigabytes of data from US sandwich chain Subway. The post Sandwich Chain Subway Investigating Ransomware Group’s Claims appeared first on SecurityWeek.
IT services spending signals major role change for CIOs ahead
Analyst firm Gartner has released its 2024 worldwide IT spending forecast, and the topline is eyepopping: Overall IT expenditures are projected to grow 6.8% this year to a hair under $5 trillion. That growth more than doubles what the firm pegs as 2023’s growth rate (3.3%), doldrums Gartner attributes not to macroeconomic forces but largely […]
Digital KPIs: The secret to measuring transformational success
Regardless of where organizations are in their digital transformation, CIOs must provide their board of directors, executive committees, and employees definitions of successful outcomes and measurable key performance indicators (KPIs). Do a little research, and you’ll find many frameworks, taxonomies, and recommendations for digital KPIs. For example, McKinsey suggests five metrics for digital CEOs, including […]
A Sanction Has Been Imposed on a Hacker Who Released Australian Health Insurer Client Data
Russian national sanctioned by the Australian government for his role in the Medibank attack impacting more than 10 million Australians. The post A Sanction Has Been Imposed on a Hacker Who Released Australian Health Insurer Client Data appeared first on SecurityWeek.
UAE President announces the establishment of the AI and Advanced Technology
The Ruler of Abu Dhabi, HH Sheikh Mohamed, has unveiled the Artificial Intelligence and Advanced Technology Council. This move highlights the UAE’s commitment to embracing technological advancements and promoting innovation. The AIATC will play a crucial role in shaping the future of the country’s digital landscape, paving the way for a more efficient and sustainable […]
Big data: ecco come orientarsi tra data warehouse, data lake e data lakehouse
L’85% dei CEO esige dai manager senior di produrre informazioni data-driven su cui fondare le attività di innovazione, ha scritto IDC nel suo “FutureScape: Worldwide Future of Digital Innovation 2023 Predictions”. Nel 2024 il ruolo della conoscenza estratta dai dati è quanto mai attuale. La natura dei big data continua a cambiare, e una loro […]
2024年にITリーダーとして成長する15の方法
IT部門内で進化しているのはテクノロジーの展望だけではないし、スキルアップが期待されるITプロフェッショナルは平社員だけではない。 CIO(最高情報責任者)も、直面する課題が刻々と変化する中、当然のように経営者としての能力を高めている。 こうした課題から、ITリーダーはリーダーシップ・スタイルを向上させる方法として、既存のスキルを磨いたり、新しいスキルを開発したりしている。また、エグゼクティブ・プロフィールを高めるために、新たな機会を模索したり、仕事の責任を拡大したりしているリーダーもいる。 ITリーダー、リクルーター、研究者、アドバイザーは、あらゆるレベルの労働者が2024年に向けて能力開発計画をまとめる中、成長マインドセットを取り入れたいと考えるCIOがキャリアアップのために取るべき行動をここで紹介する。 1. 学習に再び取り組む 「パンデミックによって、私たちの多くはカンファレンスへの出席から解放された。私も、カンファレンスの食事やフライトの遅れから解放されたことを楽しんだが、今こそ再び学習に取り組む時だ」と、セントラルコネティカット州立大学のCIO、ジョージ・F・クラフィー・ジュニア氏は言う。「個人的には、サーティフィケートコースやプログラムによる体系的な学習と、業界カンファレンスへの出席の両方に重点を置いている。 例えば、クラフィー・ジュニアは秋にMITが運営する6週間のウェブベースのAIコースを修了し、また外部のカンファレンスに参加し始めた。「テクノロジーのさまざまな応用例を観察し、時には共有するのに最適な場」だという。 2. AIをマスターする クラッカマス・コミュニティ・カレッジのCIO兼CISOであるサビー・ワライヒ氏は、2024年以降に一流のITリーダーになるためには、AIをめぐる会話をマスターすることが必要だと語る。そうでなければ、取り残される危険性があるという。 「AIは急速に変化している。だからこそ、私はAIについて、それがどのように変化し、どのような影響を与えるのかを学ぶことにもっと時間を割かなければならない」と彼は言い、AIのコースを受講し、情報管理協会のポートランド支部が結成したAI特別関心グループに参加する予定だと述べた。 3. 個人役員会を作る 個人的な取締役会の活用は、長年にわたってエグゼクティブに推奨されている。 エグゼクティブ・コーチングを専門とする戦略コンサルティング会社、the10companyの創業者で代表のヴァレリー・ディ・マリアは、それには理由があると言う。 ディ・マリアは、信頼できるアドバイザーのグループを持つことは、CIO、あるいはどのような専門家にとっても、欠点を特定して修正し、強みを磨いて構築するのに役立つと言う。 ディ・マリア氏は、CIOが多様な経験や視点から得ることができるように、他の機能分野や業界の人を含め、現在の組織外のエグゼクティブを何人か起用するようCIOにアドバイスしている。CIOが有意義な改革を行えるように、CIO自身の目標や改善が必要な分野をこれらの役員と共有することを勧めている。 ジェンパクトのチーフ・デジタル・ストラテジストであるサンジャイ・スリバスタバ氏は、このリーダーシップ構築戦略の価値を証明している。 「私は、成長マインドを持ち、互いに分かち合い、学び合うことを望む仲間を探している」と彼は言う。「テクノロジー、実践的なアプローチ、作業フレームワークなどを共有し、学ぶ。このおかげで、私は自分のゲームを続けることができている。」 4. パーソナル・ブランドを育成する ディ・マリアはまた、CIOがまだそうしていないのであれば、今年はエグゼクティブ・ブランドを作ることを勧めている。 「これは、あなたがより良いリーダーになり、前進するのに役立つ。どのように現れ、何をするかに集中することで、より効果的な仕事ができるようになる。自分が何をすべきなのか、何を優先すべきなのか、自分のしていることが職場でどのような価値をもたらしているのかを把握するのに役立つ」。 彼女は、この戦略の良いアプローチの例として、未来に焦点を当てたパーソナル・ブランドを持っていたあるCIOを挙げる。しかし、効果的であるためには、パーソナル・ブランドは本物であり、差別化でき、信頼でき、一貫性があり、職場において価値があり、行動によって証明できるものでなければならない、とディ・マリアは言う。 「単なる口先やレッテルではない。それは本当にあなたの仕事と関連していなければなりません」と彼女は付け加える。 5. 講演の仕事を増やす クラカマス・コミュニティ・カレッジのワライヒのキャリア形成のもう一つの目標は、講演の機会を増やすことだ。講演は、コミュニケーション・スキルを磨き、オピニオン・リーダーとしての地位を築き、CIOとしてのブランドを確固たるものにするための手段だと考えている。また、専門家コミュニティに貢献し、基調講演の専任スピーカーになるなど、新たな機会を開くことにもつながるという。 6. 内なるストーリーテラーを育てる Caitlin McGaw Coachingのキャリアストラテジスト兼求職コーチであり、自身も専門的ガバナンス団体ISACAのライターであるケイトリン・マクゴーは言う。 2024年はそれを変える年にしよう。 もちろん、CIOは長年コミュニケーション・スキルに重点を置いてきた。しかし、マクゴーは、ストーリーテリングは、ストレートな情報共有にはない方法で、影響力を与え、情報を与え、鼓舞することができると言う。 「メッセージをストーリーにまとめれば、そのメッセージの価値がわかる。ストーリーテリングは、片方の耳から入ってもう片方の耳から出て行ってしまうような事実や概念とは異なり、記憶に残るものになる」と彼女は説明する。「ストーリーテリングは大胆な変化を促し、チームがあなたのビジョンに従い、取るべきリスクを取るよう促す。」 そんなことができるようになりたいと思わない人はいないだろう。 しかし、ストーリーテリングはほとんどの人にとって自然にできるものではない。そこでマクゴーは、技術を学ぶのに役立つクラスを受講したり、ストーリーテリングのフレームワークを利用したりすることを提案している。小さなことから始め、ストーリーに課題や葛藤、明確な物語、解決策といった重要な要素が含まれていることを確認する。そして、練習することを勧める。まず仲間やメンターとストーリーを練り上げ、そのストーリーが望ましい反応を喚起するか、意図したメッセージを伝えるかをテストしよう。 「ストーリーは個人的なものであっても、より広いレベルのものであっても、誰か他の人についてのものであってもよい。」 7. 人間力を磨く AIは、ここ数年で最も変革的なテクノロジーのひとつである。そのため、ある人は興奮し、ある人は恐れ、ある人は混乱する。 技術部門のリーダーであるCIOは、このような変化の中で人々を導く役割を担っており、これまでよりも優れた手腕を発揮する必要があると、IT関連の人材紹介・コンサルティング会社であるハーヴェイ・ナッシュUS&カナダの社長兼マネージング・ディレクター、ジェイソン・パイル氏は言う。 「それは、人間的な要素すべてをうまく操れるかどうかにかかっている」と彼は言う。 パイル氏はCIOに対し、感情的知性、共感力、コミュニケーション能力、傾聴力など、対人スキルを高めるようアドバイスしている。 パイル氏は、CIOはメンターと協力したり、同僚に率直な評価を求めたりすることで、改善すべき点を明確にすることができると付け加えた。 「変革の道を歩み始めるときはいつでも、信頼できる人に相談し、取り組んでいることを伝え、物差しを設定する必要がある」とパイル氏は言う。「調整を行い、自己評価と他者評価を行うためのステップを踏むことだ」 8. 財務センスを磨く エグゼクティブは、今後の経済情勢をうまく読み取ることができない。国際紛争、二極化する政治、争いの絶えない大統領選挙が、現在進行中の経済の不確実性にさらに予測不可能な要素を加えている。 このため、多くのCEOや役員はCIOに、より少ない人数でより多くのことをこなすよう求めている。例えば、2023年ナッシュ・スクェアード・デジタル・リーダーシップ・レポートは、その調査から、2024年に技術系リーダーに求められるビジネス優先事項のトップは業務効率の改善であると断定した。 このような効率化に関する議論に完全に関与したいCIOは、会計と財務に関する見識を高める必要がある、とパイル氏は言う。 「キャッシュフロー計算書を理解し、さらに重要なこととして、キャッシュフロー計算書が所属する組織の財務の健全性とどのように一致しているかを理解することだ。CFOが本当は何を見ているのかを理解する。たとえ資金が以前のように使われていなくても、財務情報を活用して説得力のあるユースケースを作成できるような、CFOと並行して歩むところまで到達するのだ」。 9. […]
Discovery : A key requirement for enabling AIOps
CIOs have been charged with a difficult mission. The CEO and board of directors expect the CIO to provide higher service reliability, faster time-to-resolution for issues, fewer incidents that affect business operations, and an increasingly efficient IT department that can do more with less. To achieve these goals, CIOs are turning to AIOps, a method […]
Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation
Apple pushes out fresh versions of its iOS and macOS platforms to fix WebKit vulnerabilities being exploited as zero-day in the wild. The post Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation appeared first on SecurityWeek.
Security Experts Describe AI Technologies They Want to See
SecurityWeek interviews a wide spectrum of security experts on AI-driven cybersecurity use-cases that are worth immediate attention. The post Security Experts Describe AI Technologies They Want to See appeared first on SecurityWeek.
How to minimize remote access cyber security threats in 2024
Remote work began as a temporary measure during the pandemic but has long been a permanent fixture in our new way of working. Organizations have shifted to remote desktop work environments at an increasing speed since then – simultaneously expanding their attack surface and exposing themselves to greater cybersecurity threats. The remote work revolution has […]
Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure
The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed. The post Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure appeared first on SecurityWeek.
New NTLM Hash Leak Attacks Target Outlook, Windows Programs
Varonis finds one vulnerability and three attack methods that can be used to obtain NTLM hashes via Outlook and two Windows programs. The post New NTLM Hash Leak Attacks Target Outlook, Windows Programs appeared first on SecurityWeek.
LoanDepot Breach: 16.6 Million People Impacted
Lending giant LoanDepot (NYSE: LDI) said that roughly 16.6 million individuals were impacted as a result of a ransomware attack. The post LoanDepot Breach: 16.6 Million People Impacted appeared first on SecurityWeek.
Owner of Cybercrime Website BreachForums Sentenced to Supervised Release
Conor Brian Fitzpatrick, the owner of the cybercrime website BreachForums, was sentenced to time served and supervised release. The post Owner of Cybercrime Website BreachForums Sentenced to Supervised Release appeared first on SecurityWeek.
Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021
CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half. The post Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 appeared first on SecurityWeek.
Savvy CIOs step up to support business hypergrowth
Supporting business objectives has long been IT’s mantra, but how to go about doing that when the objective is aggressive business growth isn’t always cut and dry. For Jim McCullen, CIO of Century Supply Chain Solutions, doing so effectively for the past several years has meant a lot of IT work on the fly. As […]
What is your data strategy for an AI future?
As enterprises become more data-driven, the old computing adage garbage in, garbage out (GIGO) has never been truer. The application of AI to many business processes will only accelerate the need to ensure the veracity and timeliness of the data used, whether generated internally or sourced externally. The costs of bad data Gartner has estimated […]
France Fines Yahoo 10 Mn Euros Over Cookie Abuses
France’s data protection watchdog fines Yahoo 10 million euros for not respecting users’ refusals of internet-tracking “cookies” The post France Fines Yahoo 10 Mn Euros Over Cookie Abuses appeared first on SecurityWeek.
In Other News: WhatsApp Privacy Issue, Spying via Ambient Light Sensor, Bigpanzi Botnet
Noteworthy stories that might have slipped under the radar: WhatsApp privacy issue remains unpatched, spying via tablet ambient light sensors, and the Bigpanzi botnet. The post In Other News: WhatsApp Privacy Issue, Spying via Ambient Light Sensor, Bigpanzi Botnet appeared first on SecurityWeek.
Microsoft Says Russian Gov Hackers Stole Email Data from Senior Execs
A Russian government-backed hacking team broke into Microsoft’s corporate network and stole emails and attachments from senior executives. The post Microsoft Says Russian Gov Hackers Stole Email Data from Senior Execs appeared first on SecurityWeek.
Start your zero-trust journey with ZTNA over VPN
Zero trust is a cybersecurity framework that assumes that no user should be automatically trusted. By 2025, Gartner analysts predict that 60% of organizations1 will be adopting zero-trust principles. Yet, it can be difficult to implement a full blown zero-trust architecture because IT teams often must first retool systems and deploy many new components. Consequently, the first […]
CISOs are not just the keepers of our data – they must be its custodians
The frequency and sophistication of cybercrime have risen enormously in recent years. According to Deep Instinct’s research, 75% of security professionals observed an increase in cyberattacks in 2023, with 85% of them attributing the rise to generative AI. These attacks come in various formats, often including accessing private data through phishing, which AI is making […]
CISA Issues Emergency Directive on Ivanti Zero-Days
The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities. The post CISA Issues Emergency Directive on Ivanti Zero-Days appeared first on SecurityWeek.
The use cases for private wireless networks are many and increasing
In industries such as manufacturing, logistics, transportation, agriculture, and energy exploration, extreme and ever-changing conditions illustrate the critical need for robust and reliable connectivity. Whether an enterprise’s use cases demand 4G LTE connectivity or the unprecedented speed and low latency of 5G, private wireless networks are helping keep devices, networks, and people connected and able to […]
Yogurt maker stirs in SAP to boost its demand planning capability
In 1919, Isaac Carasso was on a mission. Using cultures from the Pasteur Institute, he created yogurt to help improve the health of children with gut issues in Barcelona. At that time, yogurt was not widely known in the region as a food item. Instead, he sold his product as a medicine to pharmacies. Over […]
Critical Vulnerabilities Found in Open Source AI/ML Platforms
Security researchers flag multiple severe vulnerabilities in open source AI/ML solutions MLflow, ClearML, Hugging Face. The post Critical Vulnerabilities Found in Open Source AI/ML Platforms appeared first on SecurityWeek.
Game on: The evolution of gaming through generative AI innovation
You step forward into a dark, lush forest, steeped in fog. Except for the trees, you are alone–and without tools or resources. You must create your very own reality and adventure, using your hands to build a virtual world by relentlessly punching the trees. You take a deep breath and begin…BAM! If you’re a video […]
US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels
US charges Russian cybercriminals, including man allegedly involved in hacking of Neiman Marcus and Michaels Stores in 2013. The post US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels appeared first on SecurityWeek.
The NIS2 Directive: why cyber-resilience is the new normal for European organisations
Due to be adopted as law by member states by October 2024, the EU Network and Information Systems (NIS2) Directive is the most important cybersecurity legislation ever enacted across member states. While the original NIS1 Directive of 2016 was viewed as a major evolution in cybersecurity regulation, a lot has changed since then, particularly assumptions […]
VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million
Apparel and footwear brands owner VF Corp shares more details on the impact of a December 2023 ransomware attack. The post VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million appeared first on SecurityWeek.
US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities
CISA, FBI and EPA document aims to help water and wastewater organizations improve their cyber resilience and incident response. The post US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities appeared first on SecurityWeek.
Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases
The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited list. The post Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases appeared first on SecurityWeek.
Stakeholder management: Your guide to influencing project outcomes
Stakeholder management is vital to project success. When key individuals are informed and on task, projects run smoothly. But when those impacted by or have an impact on a project are left out, the project can fall apart. Many project managers struggle to implement effective stakeholder management, despite its importance. Often, this is a top-down […]
12 data science certifications that will pay off
Data scientist is one of the hottest jobs in IT. Companies are increasingly eager to hire data professionals who can make sense of the wide array of data the business collects. If you’re looking to get into this lucrative field, or want to stand out from the competition, certification can be key. The US Bureau […]
VMware vCenter Server Vulnerability Exploited in Wild
VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. The post VMware vCenter Server Vulnerability Exploited in Wild appeared first on SecurityWeek.
Top Official Says Kansas Courts Need at Least $2.6 Million to Recover From Cyberattack
Kansas Courts needs funding to cover the costs of bringing computer systems back online, pay vendors, improve cybersecurity and hire three additional cybersecurity officials. The post Top Official Says Kansas Courts Need at Least $2.6 Million to Recover From Cyberattack appeared first on SecurityWeek.
Private wireless networks – addressing IT and operational imperatives for dynamic enterprises
It’s a frustrating situation facing many organizations that are far along their “digital transformation” journeys: they want and need more and more connected devices to optimize operations and enable data-driven decision-making, but they operate in environments where it’s too hard to scale traditional Wi-fi and wired connectivity. This is an all too common challenge for […]
3 ways AI is set to disrupt the C-suite
No one questions the tremendous impact generative artificial intelligence (gen AI) platforms and tools will have on the future of work. The impending disruption is obvious even before the effects materialize. The question IT and business leaders must ask is, How do we leverage this sea change rather than drown in it? Half of CEOs […]
Today’s business challenges call for a private wireless network
Today’s dynamic organizations – among them manufacturers, logistics warehouses, and transportation hubs like airports, seaports and rail yards – increasingly rely on an ever-growing network of connected devices, systems and people to operate successfully. From employee safety systems to robotics, security cameras and autonomous vehicles, connected devices and applications have become critical to business. Like their counterparts in “carpeted” environments, “uncarpeted” […]
Value Stream Management for digital transformation: A new maturity model
New research 1 underscores the common challenges many enterprises face in advancing their Value Stream Management (VSM) maturity levels for digital transformation, emphasizing the crucial need for effective guidance. Recognizing this need, we have created a cutting-edge VSM maturity model. Drawing upon our extensive experience facilitating successful VSM initiatives within large-scale enterprises, this model serves […]
Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks
Seven vulnerabilities found in Rapid SCADA could be exploited to gain access to sensitive industrial systems, but they remain unpatched. The post Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks appeared first on SecurityWeek.
Software Supply Chain Security Startup Kusari Raises $8 Million
Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain. The post Software Supply Chain Security Startup Kusari Raises $8 Million appeared first on SecurityWeek.
DEWA’s Smart Ball technology saved last year 243 million gallons of water
Dubai Electricity and Water Authority (DEWA) utilises innovation and disruptive technologies in detecting leaks in the water transmission underground pipelines. This helped DEWA save 243 million gallons of water and AED 9.66 million in 2023. DEWA’s Smart Ball technology detects leaks that are usually difficult to detect using traditional techniques. Since its utilisation in April […]
Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns
Russian threat group ColdRiver has developed Spica, a malware that enables it to compromise systems and steal information. The post Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns appeared first on SecurityWeek.
Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions
Organizations can earn up to $3 million in federal funding for cyber tools securing the clean energy infrastructure. The post Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions appeared first on SecurityWeek.
Oleria Secures $33M Investment to Grow ID Authentication Business
Seattle identity and authentication startup Oleria has attracted renewed interest from venture capital investors. The post Oleria Secures $33M Investment to Grow ID Authentication Business appeared first on SecurityWeek.
List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old
Naz.API credential stuffing list containing 70 million unique email addresses and old passwords found on hacking forum. The post List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old appeared first on SecurityWeek.
Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations
Exposed credentials for an email address at an Indian Toyota insurance broker led to customer information compromise. The post Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations appeared first on SecurityWeek.
Outsmarting Ransomware’s New Playbook
Encryption is a technological necessity and also a legal safeguard, with importance in both defending against and mitigating the consequences of cyberattacks. The post Outsmarting Ransomware’s New Playbook appeared first on SecurityWeek.
Ransomware Group Targets Foxconn Subsidiary Foxsemicon
Foxsemicon’s website defaced with a message from the LockBit ransomware group, which claims to have stolen 5 Tb of data. The post Ransomware Group Targets Foxconn Subsidiary Foxsemicon appeared first on SecurityWeek.
What it takes to land a CIO gig in 2024
By all accounts, 2024 will be a good year on the CIO hiring front. Global spending on technology is predicted to be up by virtually all forecasts. Most midsize and large organizations are spending significantly on cloud capabilities. Cybersecurity has been pegged as a top priority for funding in many industries. And nearly every company […]
How software can digitally transform child adoption
Each new iteration of technology development creates renewed hope to be a vehicle for good and empower those in need. But it’s not the technology type that enables such work but its application. Scottsdale-based charity Both Ends Believing (BEB) is just such an example. Through the right intentions and business technology leadership, BEB has placed […]
Ecco come i CIO affrontano l’X factor dell’IA generativa sul posto di lavoro
Nella fretta di stabilire strategie tecniche per mantenere la promessa dell’IA generativa, molti CIO si trovano a dover affrontare quello che potrebbe essere il loro compito più impegnativo: preparare gli utenti finali della loro azienda – dai lavoratori della conoscenza e delle catene di montaggio ai medici, ai commercialisti e agli avvocati – a coesistere […]
ベンダーによる小売業向けAI活用販売促進ツール、全米小売業協会の年次展示会で目立つ
全米小売業協会(National Retail Federation)の年次展示会「NRF 2024」に参加する小売業のCIOは、年末商戦がもたらすショッピングの熱狂を終えて棚卸しをする際、今後1年間に自社のITシステムのパフォーマンスをどのように向上させることができるかを考えているかもしれない。ソフトウェア・ベンダーの思惑通りなら、その答えにはより多くの人工知能が絡んできそうだ。 販売統計 最近実施された2つの調査でも、現在AIを導入する予定がない小売企業はごく少数であることが確認されている。1つはセールスフォースが実施したもので、商業組織の3%未満がAIを計画していない一方で、29%がすでにワークフローに完全に導入していることがわかった。もう1つはNvidiaによるもので、より具体的にジェネレーティブAIに注目し、98%が投資を計画していることがわかった。 エヌビディアはまた、すでにAIを使用している企業のうち、69%がAIが年間収益の増加に貢献していると考えていることも明らかにした。回答者の15%は15%以上、さらに28%は5%から15%の増加と回答している。 NRFによると、2023年の最初の11ヶ月間に全米の小売業の売上高は、AIがあろうとなかろうと、平均で前年比3.7%増加したという。 しかし、NRFのチーフ・エコノミストは、2023年の個人消費の伸び率が2024年に持続可能であるとは限らないと警告している。 小売業がAIを導入する理由は、収益の向上以外にも、業務の効率化(回答者の53%)、消費者体験の向上(42%)、意思決定の改善(37%)、より正確な需要予測(21%)など、数多く挙げられている。 SAPは新たな予測機能のためにAIを活用 SAPは、NRF 2024で発表された新しいコンポーザブル・ツールで、より優れた需要予測への欲求をターゲットにしている。SAPはAIを活用し、実店舗とオンラインストアにおける在庫補充と注文管理を簡素化している。このような機能はIndustry Cloud製品群の一部であり、SAPだけでなく、あらゆるERPシステムと統合することができる。 需要予測プランニング・ソリューションでは、SAPは自己学習モデルを使用して、より長期的な予測を提供し、予測変更の根本原因をユーザーに警告し、推奨を行う。 SAPはまた、既存の予測補充ツールを店舗レベルまで順次拡張していく。SAPはすでに、配送センター・レベルでの補充スケジューリングの推奨を提供している。SAPはここでも人間をループの中に入れている: ビジネス・ユーザーがシステムの提案に満足すれば、それを調達システムに簡単に転送し、発注書の作成を自動化することができる。 マイクロソフトはショッピングをパーソナライズするCopilotを提供 消費者体験の向上はマイクロソフトの目標であり、NRFに先立ち、オンライン小売業者が顧客のショッピング体験をパーソナライズするのに役立つ新しいCopilotテンプレートなど、小売向けの新しいジェネレーティブAI機能をリリースした。また、Copilotテンプレートには、実店舗が商品、ポリシー、手順に関するスタッフの質問に答えるデジタルアシスタントを構築するのに役立つものもある。 同社のマーケティング分析ツール「Dynamics 365 Customer Insights」も、スタッフがマーケティング・キャンペーンを構築・管理するのを支援する新しいCopilotで、ジェネレーティブAIに生まれ変わろうとしている。 Mojixは、小売データを探索するためのジェネレーティブAIツールを導入 MaivenはMojixのAI搭載ツールで、サプライチェーンデータへのアクセスを改善することで、小売業者の意思決定を改善することを目的としている。Google CloudのVertex AI機械学習プラットフォームを利用し、小売スタッフが在庫情報を調査できる自然言語チャット・インターフェースを提供する。在庫切れや欠品などのインシデントを報告し、その経済的影響を測定し、店舗レベルやサプライチェーン全体で在庫管理を改善する方法を提案することができる。 Sensormaticはロス防止に取り組む CIOはデータ・ロスの防止に慣れているが、Sensormatic社はシュリンク、つまり盗難による在庫ロスの防止にCIOを関与させたいと考えている。同社のSaaSベースのShrink Analyzerアプリケーションは、RFIDタグ、店舗内CCTVと連動したコンピュータビジョン、分析を組み合わせて使用し、小売業者がロスの原因を特定するのを支援する。 さらに、ヒートマップ分析を通じて店舗レイアウトを最適化するツール「Store Guest Behaviors」を提供するために、AIを活用したコンピュータ・ビジョン分析を活用している。 CommercecetoolsはAIで開発者支援 Commercecetoolsは、カート・ツー・チェックアウトのeコマースのための「事前構成型」コンポーザブル・コンポーネントの新しいスイートであるFoundryを発表した。他の顧客がどのようにシステムを構築して成功したかに基づいた青写真をオンライン小売業者に提供し、AIを使って開発者が適切なコンポーネントをより早く組み合わせられるように支援する。 Amazonは、セールスフォースの顧客のオンライン販売強化を狙う 一部の顧客にとっては、「送料無料」は、パーソナライズされた推奨やAIに適応したセールスコピーよりも説得力がある。SalesforceとAmazonは、Salesforce Commerce Cloud向けのAmazonの “Buy with Prime “統合で、いくつかの相互プロモーションを行っている。これにより、加盟店は自社のSalesforceを利用したオンラインストアを通じて、Amazonプライムによる送料無料を顧客に提供できるようになり、AmazonとSalesforceの間で注文やプロモーションのデータを同期できるようになる。 Analytics
Vulnerability Management Firm Vicarius Raises $30 Million
New York based vulnerability management firm Vicarius has raised $30 million in a Series B funding round led by Bright Pixel. The post Vulnerability Management Firm Vicarius Raises $30 Million appeared first on SecurityWeek.
CIOs confront generative AI’s workplace X factor
In the rush to establish technical strategies for making good on the promise of generative AI, many CIOs find themselves running headlong into what may be their most challenging task yet: preparing their organization’s end-users — from knowledge workers and assembly line laborers to doctors, accountants, and lawyers — to co-exist with generative AI. Although […]
Microsoft: Iranian APT Impersonating Prominent Journalist in Clever Spear-Phishing Attacks
Microsoft says an APT with links to Iran’s military intelligence is impersonating a prominent journalist in clever spear-phishing attacks. The post Microsoft: Iranian APT Impersonating Prominent Journalist in Clever Spear-Phishing Attacks appeared first on SecurityWeek.
Swiss Govt Websites Hit by Pro-Russia Hackers After Zelensky Visit
Switzerland said that a cyberattack claimed by a pro-Russian group disrupted access to some government websites, following Ukrainian President Volodymyr Zelensky’s visit to Davos. The post Swiss Govt Websites Hit by Pro-Russia Hackers After Zelensky Visit appeared first on SecurityWeek.
US Gov Issues Warning for Androxgh0st Malware Attacks
A joint advisory from CISA and the FBI warns about Androxgh0st malware attacks ensnaring devices in a botnet. The post US Gov Issues Warning for Androxgh0st Malware Attacks appeared first on SecurityWeek.
Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances
Out-of-date Confluence Data Center and Server instances are haunted by a critical vulnerability leading to remote code execution. The post Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances appeared first on SecurityWeek.
AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs
Researchers show how a new attack named LeftoverLocals, which impacts GPUs from AMD, Apple and Qualcomm, can be used to obtain AI data. The post AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs appeared first on SecurityWeek.
Achieving “Frictionless Defense” in the Age of Hybrid Networks
A “frictionless defense” is about integrating security measures seamlessly into the digital landscape to safeguard against threats while ensuring a positive user experience. The post Achieving “Frictionless Defense” in the Age of Hybrid Networks appeared first on SecurityWeek.
GitHub Rotates Credentials in Response to Vulnerability
GitHub rotates credentials and releases patches after being alerted of a vulnerability affecting GitHub.com and GitHub Enterprise Server. The post GitHub Rotates Credentials in Response to Vulnerability appeared first on SecurityWeek.
Here’s How ChatGPT Maker OpenAI Plans to Deter Election Misinformation in 2024
ChatGPT maker OpenAI outlines a plan to prevent its tools from being used to spread election misinformation in 2024. The post Here’s How ChatGPT Maker OpenAI Plans to Deter Election Misinformation in 2024 appeared first on SecurityWeek.
Oracle Patches 200 Vulnerabilities With January 2024 CPU
Oracle releases 389 new security patches to address 200 vulnerabilities as part of the first Critical Patch Update of 2024. The post Oracle Patches 200 Vulnerabilities With January 2024 CPU appeared first on SecurityWeek.
Storytelling for CIOs: From niche to bestseller
What do the following quotes have in common? “Call me Ishmael;” “It was a bright cold day in April, and the clocks were striking thirteen;” “I write this sitting in the kitchen sink.” Whether it’s Moby-Dick, Nineteen Eighty-Four, or I Capture the Castle, respectively, these opening lines from classic novels make us want to read […]
A history of tech adaptation for today’s changing business needs
The best weapon to make decisions in a dynamic world is accurate and relevant information so organizations can carry out strategic plans in the most reliable way. Ipsos, for example, has been offering its more than 5,000 clients an understanding and vision of the actions, opinions, and motivations of millions of citizens, consumers, patients, and […]
Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation
Citrix is aware of attacks exploiting two new NetScaler ADC and Gateway zero-day vulnerabilities tracked as CVE-2023-6548 and CVE-2023-6549. The post Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation appeared first on SecurityWeek.
Google Warns of Chrome Browser Zero-Day Being Exploited
The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine. The post Google Warns of Chrome Browser Zero-Day Being Exploited appeared first on SecurityWeek.
Ho, Ho, Hoooold on a Minute: A New Year Resolution That IoT Isn’t a Gift That Keeps on Taking
Some IoT products may make your life easier, but they also may be somewhat of a Trojan Horse. The post Ho, Ho, Hoooold on a Minute: A New Year Resolution That IoT Isn’t a Gift That Keeps on Taking appeared first on SecurityWeek.
Vulnerabilities Expose PAX Payment Terminals to Hacking
Vulnerabilities in Android-based PoS terminals from PAX can be exploited to downgrade bootloaders, execute arbitrary code. The post Vulnerabilities Expose PAX Payment Terminals to Hacking appeared first on SecurityWeek.
Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation
Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec. The post Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation appeared first on SecurityWeek.
Remote Code Execution Vulnerability Found in Opera File Sharing Feature
A vulnerability in Opera browser’s file sharing feature My Flow could be exploited for remote code execution. The post Remote Code Execution Vulnerability Found in Opera File Sharing Feature appeared first on SecurityWeek.
180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE
Two DoS vulnerabilities patched in 2022 and 2023 haunt nearly 180,000 internet-exposed SonicWall firewalls. The post 180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE appeared first on SecurityWeek.
VMware Urges Customers to Patch Critical Aria Automation Vulnerability
Aria Automation is affected by a critical vulnerability that could be exploited to gain access to remote organizations and workflows. The post VMware Urges Customers to Patch Critical Aria Automation Vulnerability appeared first on SecurityWeek.
Hacker Conversations: HD Moore and the Line Between Black and White
SecurityWeek talked to HD Moore, best known as the founder and original developer of Metasploit. The post Hacker Conversations: HD Moore and the Line Between Black and White appeared first on SecurityWeek.
Mastering the art of motivation
Good CIOs don’t get things done. They build an IT organization that gets things done. This starts with the dreaded organizational chart, but only because the org chart is the manager’s tool for documenting what responsibilities have been delegated and to whom. In an effective organization, it should go without saying, everyone knows who’s responsible […]
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins
The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech. The post Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins appeared first on SecurityWeek.
Cloud e costi: quali strumenti usano i CIO per evitare la bolletta-shock
Non si può andare in cloud senza avere gli strumenti per gestirne i costi: questo è il messaggio che arriva dalle esperienze dirette dei CIO. “Tutto nel cloud si paga”, è la dura lezione da apprendere, ma, con questa consapevolezza in mente, gli IT manager possono estrarre tutto il valore di flessibilità, velocità e sicurezza […]
IT業界で最も過小評価されている6つのテクノロジー、そしてまだ死んでいない1つ
ジェネレーティブAI、より具体的にはChatGPTは2023年の企業界を魅了し、取締役、CEO、その他の経営幹部がこのテクノロジーに熱狂した(そして時には恐れた)。 彼らの熱狂は正当なもので、AIが投資に対して強力な価値とリターンをもたらしていることが複数の研究で判明している。IBMは、全社的なAIイニシアチブの平均ROIは5.9%で、ベスト・イン・クラスの企業は「うらやましいことに13%のROIを得ている」ことを明らかにした。 彼らがこぞってAIについて語るのも無理はない。 しかし、失礼ながら、AIはこの世界で唯一の重要な技術とは言い難い。確かに、最近のAIの進歩は画期的であり、それらの進歩は革命的な可能性を秘めているが、人工知能は、大げさに宣伝されている他のテクノロジーと同様に、全く栄光に輝いていないように見える他の数多くのテクノロジーの肩の上に構築されている。 見過ごされ、過小評価されている技術のいくつかが、その役割を果たす時ではないだろうか? 我々はそう考える。 そこで、ITリーダーや技術アナリストのグループに、過小評価されているテクノロジー、見過ごされている理由、見過ごすべきでない理由を挙げてもらった。ここでは、彼らが今日のITで最も過小評価されていると考えるテクノロジーを紹介する。 IT管理ソフトウェア CIOとそのチームは、IT環境を把握していなければ、仕事をこなすことも、AIや今日市場に出ているその他の最新技術をサポートするために必要な広範な技術スタックを構築・管理することもできない。 IT管理ソフトウェアは、そのタスクを達成する手助けをする。 「IT管理ツールの範疇に入るものはすべて脇に追いやられがちだが、これらはITの主力製品だ」と、ファイナンス・テクノロジーやその他の専門分野でコンサルティングやマネージド・サービスを提供するE78パートナーズのジョン・ブッコラCTOは言う。 ブッコラ氏が「縁の下の力持ち」に挙げるツールには、Active Directoryやアクセス・アイデンティティ管理ソリューションなどがある。(ブッコラ氏は、情報管理学会南カリフォルニア支部の役員でもある。) 「何も考えなくていい。これらはすべて単に機能するだけであり、それこそが人々がITに求めるものなのです」とブッコラ氏は付け加える。 ブッコラ氏は、ITサービス管理(ITSM)とITインフラストラクチャー・ライブラリ(ITIL)ソリューションも、IT経費を抑えるために特に重要だと言う。 クラウド・コンピューティング・サービスに誰も目を向けなければ、そのコストは爆発的に膨れ上がる可能性がある。ブッコラ氏が言うように、「これらの資産に関連するコストが制御不能にならないよう、何かがその上に乗っかっていなければならない」のだ。 実際、ITコストの管理に熱心に取り組む必要のないCIOを見つけるのは不可能に近い。 「このようなことはあまり報道されませんが、ITチームにとっては必要不可欠なものなのです」とブッコラ氏は付け加える。 クラウド・コンピューティング クラウドが話題を呼んでいた15年前、アナリストたちは現実と誇大広告を切り離そうとしていた。 今日、このモデルはそれほど驚異的なものには見えないが、考えてみれば、クラウドは今でも賞賛に値する。 「クラウドに移行したおかげで、今やっている他のすべてのことができるようになった。しかし、AIがすべての話題を吸い上げてしまったため、クラウドは完全に影に隠れてしまった」と、情報管理協会(SIM)のマーク・テイラー最高経営責任者(CEO)は言う。 多くの人がクラウドの強力な変革力を認識しているにもかかわらず、クラウドの重要性が軽視されている理由を示唆する調査結果がある。そのヒントは、プロフェッショナル・サービス企業PwCの「2023年クラウドビジネス調査」にある。同調査によると、回答した経営幹部の78%が、ビジネスのほとんど、あるいはすべての部分にクラウドを導入しているが、半数以上が、コスト削減、耐障害性の向上、新たな収益チャネルなど、期待された成果を実現できていないと回答している。 しかしPwCは、クラウド・コンピューティングのせいではなく、組織のクラウドの使い方に問題があると指摘している。「クラウドに移行することや、ビジネスの一部をクラウドで実行することは、クラウドパワーであることと同じではない。クラウドに移行したり、ビジネスの一部をクラウドで実行したりすることと、クラウドパワーになることとは同じではない」と。 調査対象者の約10%は、その答えを知っているようだ。彼らはクラウドによってビジネスを改革し、価値を実現するための障壁を減らし、他の企業の2倍の割合でそれを実現していると報告している。そして、現在のビジネス環境においても、15%以上の継続的な収益成長を見込んでいる。 クラウドベースのERP クラウドベースの企業資源計画(ERP)もまた、より新しく、より光沢のある技術に優先して見過ごされがちな縁の下の力持ち的な技術である、とAbt AssociatesのCIO、ジェフ・ストーバル氏は言う。 「しかし、クラウドERPによって、ビジネスがどのようにイノベーションを起こすことができるかに変化が起きている」と、元シャーロット市CIOでSIMの理事でもあるストーバル氏は言う。 オンプレミスからクラウドに移行することで、組織はビジネスプロセスを再構築し、業務の中核となる部分をどのように行うかを変革できる、とストバル氏は言う。「ERPという概念に馴染んでしまっているため、ERPの変革能力について考えることはない。」 実際、ストバル氏は、IT環境やビジネスプロセスの他の部分を変革しようとしているにもかかわらず、オンプレミスのERPに固執する組織もあると見ている。 クラウド移行ツール 調査・アドバイザリー会社Everest Groupのパートナーであるユガル・ジョシ氏は、クラウド評価ツールを、過小評価され、十分に利用されていないもう1つの技術として挙げている。 クラウド評価ツールやクラウド移行ツール、あるいはクラウド対応プラットフォームは、いずれもITチームがアプリケーションやクラウドインフラを分析・理解するのに役立つもので、クラウド導入のロードマップをしっかりと作成するのに必要な情報を得ることができる。 もちろん、IT監査ソフトウェアなど他のテクノロジーも、手作業による評価と同様に、ここで役立つこともあるが、ジョシ氏は、クラウド評価ツールがクラウド・イニシアティブを成功させる可能性を高めることが証明されていると言う。 「CIOは、クラウドへの移行が浸透しているため、このようなツールは必要ないと考えることがある。CIOはクラウドへの移行は簡単だと考えているが、移行は複雑であり、クラウドベンダーやクラウドサービスの選択肢も増えているため、複雑さが増している」とジョシ氏は説明する。 基本的なITツールとバックオフィスの主力製品 同様に、Farmers Business NetworkのCIOであるKumud Kokal氏は、IT環境の中で過小評価されている基本的なテクノロジーとして、かつては驚異的であったが、今では誰も価値を見出そうとしないものを挙げている。具体的には、給与計算システム(労働者に支払うべき金銭をシームレスに提供)やWiFiネットワーク(あらゆる場所に接続可能)などが挙げられる。 このような過小評価にはマイナス面もあると彼は言う。CIOはしばしば、目に見えず、頭にもないテクノロジーを維持するための十分な資金を求める際に、困難に直面する。 「舞台裏の配管のことなど誰も考えなくなっていますが、すべて重要なのです」と彼は付け加える。 データ管理ソフトウェア AIが注目される一方で、AIを機能させる重要なコンポーネント(データなど)は注目されないことが多い。しかし、組織があらゆる形態のAIを熱心に受け入れる一方で、多くの組織はデータ管理のニーズの一部を軽視してきたと、大規模な企業規模の変革を支援するパラダイム・ソリューションズの社長兼創業者兼原則であるローラ・ヘメンウェイは言う。 データ管理に精通している人でさえ、データ管理ツールが行っている強力な働きを軽視していることが多い。ヘメンウェイ氏は、データ管理ソフトウェアが重要な役割を担っていることは、もっと評価されるべきだと考えている。たとえ、その作業が、ChatGPTを最大限に活用するような華やかさを持たない、退屈な作業だと思われがちだとしても。 しかし、健全なデータ管理はAIやその他の分析作業の要であり、自動化されたプロセスからパーソナライズされたカスタマーサポートまで、現代のビジネスで重要だと考えられている多くのプロセスを支えている。そのため、それを正しく行うことが不可欠なのだ。 空間コンピューティング、バーチャル・プレゼンス、メタバース 数年前、来るべきメタバースについて多くの話題があったが、2021年にフェイスブックが社名をメタに変更すると発表したとき、その興奮はピークに達した。 しかし、大きなブレークスルーがなかったため、関心は冷め、メタバースは過大評価された技術リストに載ることになった。しかし、早合点してはいけないとテイラーは警告する。テイラーは、この技術カテゴリは不当に低く評価されており、過小評価されている技術のリストに入っていると考えている。 空間コンピューティングやバーチャル・プレゼンスという言葉をメタバースよりも好むテイラーは、このカテゴリーに属するテクノロジーはすべて、その違いに関係なく没入型の仮想世界体験を可能にするものだと指摘する。約束したシームレスなバーチャル体験を十分に提供できていないベンダーの膨れ上がった期待が、誇大宣伝が急速に冷え込んだ主な理由だとテイラーは言う。 「しかし、AIのように、それが解明されれば、すべてが変わるだろう。しかし、AIと同じように、解明されればすべてが変わるだろう。しかし、AIと同じように、それが解明されたとき、すべてが変わる。」 IT Leadership
Atos CEO Yves Bernaert quits over governance differences
Atos CEO Yves Bernaert has quit; The board immediately replaced him with Paul Saleh, CFO of the company since August 2023. Bernaert cited differences of opinion over governance as the reason for his departure: He disagreed with the board about the need for recent changes in the company’s strategy, and the way they were executed. […]
Hacker Behind $2 Million Cryptocurrency Mining Scheme Arrested in Ukraine
Ukrainian authorities have arrested an individual allegedly involved in a $2 million cryptojacking operation. The post Hacker Behind $2 Million Cryptocurrency Mining Scheme Arrested in Ukraine appeared first on SecurityWeek.
Software vendors offer AI sales boost for retail at NRF show
As they take stock after the year-end frenzy of shopping the holiday season always brings, retail CIOs attending the National Retail Federation’s annual show, NRF 2024, may be wondering how they can improve their IT systems’ performance over the next 12 months. If software vendors have their way, the answer is likely to involve more […]
Information Stealer Exploits Windows SmartScreen Bypass
Attackers exploit a recent Windows SmartScreen bypass vulnerability to deploy the Phemedrone information stealer. The post Information Stealer Exploits Windows SmartScreen Bypass appeared first on SecurityWeek.
GitLab Patches Critical Password Reset Vulnerability
GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails. The post GitLab Patches Critical Password Reset Vulnerability appeared first on SecurityWeek.
Cloud Server Abuse Leads to Huge Spike in Botnet Scanning
Netscout sees over one million IPs conducting reconnaissance scanning on the web due to increase in use of cheap or free cloud servers. The post Cloud Server Abuse Leads to Huge Spike in Botnet Scanning appeared first on SecurityWeek.
15 ways to grow as an IT leader in 2024
The technology landscape isn’t the only element evolving within the IT department, nor are rank-and-file staffers the only IT professionals expected to upskill. CIOs, too, are expanding their executive capabilities — as they should be — given the everchanging list of challenges they face. Those challenges have IT leaders sharpening existing skills and developing new […]
NASA accelerates science with gen AI-powered search
When you generate and collect as much data as the US National Aeronautics and Space Administration (NASA) does, finding just the right data set for a research project can be a problem. With seven operating centers, nine research facilities, and more than 18,000 staff, the agency continually generates an overwhelming amount of data, which it […]
Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches
Juniper Networks patches over 100 vulnerabilities, including a critical flaw that can be exploited for remote code execution against firewalls and switches. The post Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches appeared first on SecurityWeek.
“If organisations are hacked, they should stay calm and act quickly by instantly activating their incident response plan”
CIO Middle East discuss with Muath AlHomoud, Director of Cybersecurity about how organisations should learn from the hacking activities performed on them so they can implement more effective cyber defences and plan against similar or more sophisticated attacks. Q. From a cybersecurity perspective, how has 2023 been? A. The year has been marked by a […]
9 CRM trends for 2024
Customer relationship management (CRM) has long been a mature, commoditized product category. An estimated 90% of companies with 10 or more employees already have at least one CRM system. And the major players in the CRM market are among the most established names in the industry — Salesforce, Microsoft, Oracle, and SAP. But several key […]
Brad Arkin is New Chief Trust Officer at Salesforce
Veteran cybersecurity leader Brad Arkin has left Cisco and is joining Salesforce as SVP and Chief Trust Officer. The post Brad Arkin is New Chief Trust Officer at Salesforce appeared first on SecurityWeek.
Laptop Maker Framework Says Customer Data Stolen in Third-Party Breach
Device maker Framework is notifying users that their personal information was stolen in a data breach at its external accounting partner. The post Laptop Maker Framework Says Customer Data Stolen in Third-Party Breach appeared first on SecurityWeek.
In Other News: WEF’s Unsurprising Cybersecurity Findings, KyberSlash Cryptography Flaw
Noteworthy stories that might have slipped under the radar: WEF releases a cybersecurity report with unsurprising findings, and KyberSlash cryptography vulnerabilities. The post In Other News: WEF’s Unsurprising Cybersecurity Findings, KyberSlash Cryptography Flaw appeared first on SecurityWeek.
New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise
Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. The post New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise appeared first on SecurityWeek.
Russian Hackers Likely Not Involved in Attacks on Denmark’s Critical Infrastructure
Researchers find no direct link between Russian APT Sandworm and last year’s attacks on Denmark’s critical infrastructure. The post Russian Hackers Likely Not Involved in Attacks on Denmark’s Critical Infrastructure appeared first on SecurityWeek.
When CX and EX collide: technology strategies for a new era of working
The shift from using offices to hybrid working has changed how we define “working” and also how we think about the customer experience and employee experience (CX and EX). Before the rise in hybrid working, these experiences were split: there was the office-based employee experience and the (usually) contact-center-based customer experience. But although customers would […]
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout
Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. The post Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout appeared first on SecurityWeek.
Apple Patches Keystroke Injection Vulnerability in Magic Keyboard
Apple’s latest Magic Keyboard firmware addresses a recently disclosed Bluetooth keyboard injection vulnerability. The post Apple Patches Keystroke Injection Vulnerability in Magic Keyboard appeared first on SecurityWeek.
Survey: Execs eager to implement generative AI, but few know how
Overwhelming majorities of executives around the world are planning to spend money on generative AI this year, but very few are truly ready for the technology, according to a survey released today by the Boston Consulting Group. Fully 85% of the more than 1,400 executives surveyed for BCG’s AI Radar report said that they were […]
CIO insights: What’s next for AI in the enterprise?
CIOs are under increasing pressure to deliver AI across their enterprises – a new reality that, despite the hype, requires pragmatic approaches to testing, deploying, and managing the technologies responsibly to help their organizations work faster and smarter. The top brass is paying close attention. Seventy-one percent of business leaders expect AI and ML to have […]
Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services
The tool, called FBot, is capable of credential harvesting for spamming attacks, and AWS, PayPal and SaaS account hijacking. The post Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services appeared first on SecurityWeek.
Top IT exec recruiters weigh in on talent trends today
When I last dedicated an episode of the Tech Whisperers podcast to the state of tech talent, we were just coming out of a multi-year “sellers” market, and we could sense that we were hitting an inflection point. Fast-forward a year and things have changed significantly. Two of the top executive recruiters in the CIO […]
Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears
Microsoft said that it is upgrading its cloud computing service to let customers store all personal data within the European Union. The post Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears appeared first on SecurityWeek.
SAP pays multi-million fine for bribery
SAP is paying a total of over $220 million to settle investigations by the US Department of Justice and the US Securities and Exchange Commission (SEC) into violations of the Foreign Corrupt Practices Act (FCPA). This is according to a statement from the US Department of Justice. The German software company is alleged to have […]
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments
Chinese APT Volt Typhoon appears engaged in new attacks against government entities in the US, UK, and Australia. The post China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments appeared first on SecurityWeek.
Coming Soon to a Network Near You: More Shadow IoT
Consumer IoT devices will increase the threat to commercial, government, healthcare, educational, and other organizations. The post Coming Soon to a Network Near You: More Shadow IoT appeared first on SecurityWeek.
Intel, AMD, Zoom, Splunk Release Patch Tuesday Security Advisories
Intel, AMD, Zoom and Splunk released security advisories on Patch Tuesday to inform customers about vulnerabilities found in their products. The post Intel, AMD, Zoom, Splunk Release Patch Tuesday Security Advisories appeared first on SecurityWeek.
AI-Powered Misinformation is the World’s Biggest Short-Term Threat, Davos Report Says
False and misleading information supercharged with cutting-edge AI that threatens to erode democracy and polarize society, the World Economic Forum said in a new report. The post AI-Powered Misinformation is the World’s Biggest Short-Term Threat, Davos Report Says appeared first on SecurityWeek.
Cisco Patches Critical Vulnerability in Unity Connection Product
Cisco Unity Connection flaw could allow remote, unauthenticated attackers to upload arbitrary files and execute commands on the system. The post Cisco Patches Critical Vulnerability in Unity Connection Product appeared first on SecurityWeek.
CISA Urges Patching of Exploited SharePoint Server Vulnerability
CISA has added a critical Microsoft SharePoint Server flaw (CVE-2023-29357) to its Known Exploited Vulnerabilities catalog. The post CISA Urges Patching of Exploited SharePoint Server Vulnerability appeared first on SecurityWeek.
Mandiant Details How Its X Account Was Hacked
Mandiant’s X account was hacked as a result of a brute force attack as part of a cryptocurrency scheme that earned at least $900k. The post Mandiant Details How Its X Account Was Hacked appeared first on SecurityWeek.
Accenture buys Navisite in its 4th acquisition of 2024
Accenture on Wednesday said it is acquiring digital transformation services provider Navisite in an effort to boost its cloud transformation business. While the terms of the acquisition from private equity investment firm Madison Dearborn Partners were not disclosed, the Massachusetts-based firm is expected to bolster Accenture’s application and infrastructure-managed services capabilities in North America. The […]
Top 8 challenges IT leaders will face in 2024
2023 was a year made notable by a range of unexpected, unpredictable, and fast-moving challenges that, despite seemingly having little to do with technology, had profound impacts on IT strategies. Add the rapid rise of generative AI, and the past year was one in which CIOs often found themselves on the back foot, reacting to […]
13 buoni propositi per l’IT del 2024
I CIO si stanno preparando per un altro anno impegnativo, prevedendo che, per il 2024, saranno in gioco l’intelligenza artificiale, l’incertezza economica, le richieste aziendali e le aspettative su livelli di velocità sempre maggiori. Tuttavia, i Chief Information Officer non si lasciano scoraggiare da questo elenco e si aspettano di poter raggiungere i loro obiettivi. […]
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days
Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won’t be available until January 22. The post Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days appeared first on SecurityWeek.
南アフリカの汚職調査機関でのIT近代化のためのフォレンジックな取り組み
1996年に設立された南アフリカの特別調査ユニット(SIU)は、財政的な損失を回復し、不正行為を正すために、信頼できる汚職防止、フォレンジック調査、訴訟機関として活動してきた。しかし、長い歴史にはレガシー技術や非効率がつきものだ。SIUのような組織には余裕がない。 トゥメロ・ズワネCIOは、新しいテクノロジーがSIUの業務を効率化するためにいかに重要な役割を果たすかを理解しており、彼女と彼女のチームは最近、ユニットのコミュニケーションとコラボレーション・テクノロジーのアップデートに着手した。このプロジェクトは2022年の初めに開始された。当時、SIUはまだグループワイズ(電子メール、インスタントメッセージ、文書管理をサポートするプラットフォーム)を使用していたとズワネは言う。グループワイズを稼働させている組織はまだ相当数あるが、多くの組織がこのプラットフォームから離れ、より新しいテクノロジーに移行することを選択した。 「技術的な観点から見ると、グループワイズはもはや私たちのニーズを満たしておらず、私たちが求めていた機能に欠けていました」と彼女は言う。この移行は、SIUの広範なデジタルトランスフォーメーションとクラウド移行戦略の一環であり、4年ほど前に、広範な技術スタックを標準化する目的で始まった。しかし、彼女が指摘するように、SIUは完全なクラウドベースではなく、ハイブリッド戦略を採用している。データ主権法やガバナンス構造によって、クラウドに保存できる情報と保存できない情報の種類が決まっているからだ。 移行をナビゲートする もちろん、これは簡単な作業ではなかった。特に、この機関が扱っているデータの量を考えると、なおさらだ。「ほとんどの人がメールボックスをアーカイブツールとして使っていたため、ユーザーの中には非常に巨大なメールボックスを持っている人もいました」と彼女は言う。 SIUは移行の設定面ではマネージド・サービス・プロバイダー(MSP)と協力し、このパートナーから指導を受けたが、実際の移行作業は結局自分たちで行った。「組織内で達成したいタイムラインと目標があったのですが、市場に支援を求めたときに得られたさまざまなアウトラインを見ると、我々が望んでいたよりもはるかに時間がかかりそうだったのです」と彼女は言う。「そこで、さまざまな要件や最適な方法、アプローチについて調査し、テストを行い、必要な前提条件を実装し、すべてを自分たちで移行することに成功した」。このため、彼女はチームを機能別に分け、特定のタスクに集中できるよう各個人のスキルアップを図った。ユーザーが特定の問題を抱えた場合、チームの誰かがサポートし、解決できるようにしたのだ。 SIUの運営継続性を確保し、組織の持続可能性を保証するためには、すべてを内部で行うという動きが重要だった。「将来、同じようなプロジェクトをより自信をもって引き受けることができるよう、自分たちの材木を作り、自分たちの能力を開発するのです」と彼女は言う。 プランニングの力 手始めとして、彼らは特定のデータをアーカイブし、バックアップするようアドバイスした。さらに、ユーザーがメールにアクセスできない期間を作らずに移行する方法についても考えなければならなかった。そのため、ほとんどの作業を夜間に行う必要があった。 しかし、タイミングの問題はそれだけではなかった。南アフリカの電力会社はエネルギー需要を減らすために特定の地域への配電を一時的に止めていたのだ。このため、データ転送プロセスはより複雑なものとなった。「大量のデータを移行している最中に停電になったら、最初からやり直しです」と彼女は言う。この問題を軽減するため、彼らはデータ転送の試みが中断されないよう、停電のスケジュールを注視していた。「タイミングを合わせるために、多くの慎重な計画とリソースの同期が必要でした」と彼女は付け加え、これは大きなハードルではあったが、何とかなるものだったとのこと。 今にして思えば、ズワネ氏は、旅の各段階でユーザーにもっと積極的に情報を提供する以外には、あまり変わったことはしなかっただろう。「プロセスを通じて多くの情報を発信しましたが、もしまた同じことをするとしたら、私たちが望むようなペースで必ずしも動いてくれなかったので、情報を浴びせたでしょう」と彼女は言う。「そのため、再度トレーニングを実施するしかなかったのです」と彼女は言う。「ユーザーと同じ目線に立ち続けることは非常に重要だ。コミュニケーションとチェンジマネジメントが大きな違いを生むのです」。 ズワネ氏によると、この移行から得られた最大のメリットのひとつは、より充実したデジタル対応能力を持つSIUが誕生したことだ。SIUは現在、官民両部門で広く使われている、より俊敏なプラットフォーム上で運営されている。「マイクロソフトのプラットフォームは、組織の運営方法を変え、生産性と効率性を生み出し、向上させた。これによって、調査の納期が短縮され、より効率的に職務に対応できるようになった」と彼女は言う。 Data Management
French Computer Hacker Jailed in US
A computer hacker who was part of a criminal gang that stole data from hundreds of millions of people and sold it on the dark web was jailed in the United States on Tuesday. The post French Computer Hacker Jailed in US appeared first on SecurityWeek.
ExtraHop Banks $100M in Growth Funding, Adds New Execs
Seattle network detection and response firm secures $100 million in growth funding and adds to its executive team. The post ExtraHop Banks $100M in Growth Funding, Adds New Execs appeared first on SecurityWeek.
SAP doubles down on cloud-first innovation with executive reshuffle
SAP is reshuffling its executive board to place even more emphasis on serving its cloud customers. Executive board member Thomas Saueressig, previously responsible for product engineering, will soon take on a new role as head of customer services and delivery, focused on maximizing potential for customers in the cloud, said Hasso Plattner, chairman of the […]
Know before you go: 6 lessons for enterprise GenAI adoption
In 1895, Mary Lathrap penned a poem that inspired the quote, “You can’t really understand another person’s experience until you’ve walked a mile in their shoes.” That quote aptly describes what Dell Technologies and Intel are doing to help our enterprise customers quickly, effectively, and securely deploy generative AI and large language models (LLMs).Many organizations […]
HMG Healthcare Says Data Breach Impacts 40 Facilities
The compromised information includes names, contact information, dates of birth, health information, medical treatment details, Social Security numbers, and employee records. The post HMG Healthcare Says Data Breach Impacts 40 Facilities appeared first on SecurityWeek.
Anecdotes Raises $25 Million for Enterprise GRC Platform
Anecdotes has raised $25 million in Series B funding, which brings the total investment to $55 million, for its compliance platform. The post Anecdotes Raises $25 Million for Enterprise GRC Platform appeared first on SecurityWeek.
Kyocera Device Manager Vulnerability Exposes Enterprise Credentials
An improper input validation flaw in Kyocera Device Manager allows attackers to capture credentials, compromise accounts. The post Kyocera Device Manager Vulnerability Exposes Enterprise Credentials appeared first on SecurityWeek.
SAP’s First Patches of 2024 Resolve Critical Vulnerabilities
SAP has released patches for critical vulnerabilities in Business Application Studio, Web IDE, and Edge Integration Cell. The post SAP’s First Patches of 2024 Resolve Critical Vulnerabilities appeared first on SecurityWeek.
Android’s January 2024 Security Update Patches 58 Vulnerabilities
Android’s first security update of 2024 resolves high-severity elevation of privilege and information disclosure vulnerabilities. The post Android’s January 2024 Security Update Patches 58 Vulnerabilities appeared first on SecurityWeek.
China Says State-Backed Experts Crack Apple’s AirDrop
Chinese state-backed experts have found a way to identify people who use Apple’s encrypted AirDrop messaging service, according to the Beijing municipal government. The post China Says State-Backed Experts Crack Apple’s AirDrop appeared first on SecurityWeek.
Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report
An engineer recruited by intelligence services used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop. The post Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report appeared first on SecurityWeek.
Canada Life’s efforts to equally strengthen talent and tech
With headquarters in Winnipeg and a total of nearly 11,000 employees worldwide, Canada Life prides itself on being a technology-first organization, but equally people-centric. From IT’s point of view, there’s going to be a steep trajectory over the next few years, spearheaded by generative AI and machine learning, that will dramatically change how people live […]
5 ways to maximize your cloud investment
Migrating infrastructure and applications to the cloud is never straightforward, and managing ongoing costs can be equally complicated. “Overspending is easy to do,” says Chris McMasters, CIO at the City of Corona, California. No IT organization wants to get caught short on processing or storage resources that could negatively affect operations, or have to suddenly […]
Hewlett Packard Enterprise to Acquire Juniper Networks for $14 Billion
This acquisition is expected to double HPE’s networking business and expand its portfolio with AI-native networking offerings. The post Hewlett Packard Enterprise to Acquire Juniper Networks for $14 Billion appeared first on SecurityWeek.
SEC Chair Says Account on X Was Hacked
The SEC said that a post on X, announcing that the securities regulator had approved the trading of exchange-traded funds holding bitcoin was fake, and that the agency’s account had been “compromised.” The post SEC Chair Says Account on X Was Hacked appeared first on SecurityWeek.
How to gain a five star security reputation in hospitality
Achieving and sustaining compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a daunting challenge for hotels because they handle many complex payment business cases. For example, consider the numerous new booking options and services to improve the customer’s experience during the reservation process and their stay. Also, debit and credit card […]
オールステート:デジタル改革へのクラウドファーストアプローチがもたらした成果
ほとんどの企業は、レガシーアプリケ―ションからクラウドへの移行によって、デジタルジャーニーを始めています。作業負荷をリフトアンドシフトすることがクラウド独自のサービスや機能の迅速な開始につながるという理論です。 しかし、住宅・自動車保険会社のオールステートは異なるアプローチを取っています。同社のEVP兼CIOであるズルフィ・ジーバンジー氏は、次世代の業務プロセスと現代のITプラットフォームを構築してアライメントを図るには、一から構築することが最善の方法だと確信しています。氏はDX(デジタルトランスフォーメーション)に向けてクラウドファーストのアプローチを取っており、その過程でレガシ―システムをすべて排除しています。 その結果生まれたのがテクノロジー主導のビジネス戦略であり、「とてもパワフルなものだ」と氏は述べています。 イリノイ州に本拠地を置く保険会社のノースブルックは、DX促進に向け、業務プロセスのポートフォリオ全体を見直すために、保険金請求処理、セールス、サポート、プランのコアアプリケーションを再構築しましました。すべて顧客エクスペリエンスの強化と促進を目標としています。同社によると、業務プロセスのほぼ40%がデジタル化され、顧客満足度の重要な尺度である保険金請求の提出時間が4分から43秒に減少しました。 オーステートは、プロセスのデジタル化とは別にマルチクラウドアーキテクチャを系統的に採用しています。コンテナと開発は主にAWSをベースとし、AIに特化した作業負荷はGoogle BigQuery、Vertex、およびMicrosoft Azure GenAIをベースにしています。 多くの企業が同様のアプローチを取っています。新たなインサイトを得てより優れた業務成果を挙げるために、生成AIパイロットアプリケーションにはBigQueryとVertexを使用しています。グーグルが近頃開催したGoogle Nextコンファレンスにおいて、ロレアルとショッピファイは、生成AIパイロットでBigQueryを使用して、業務プロセスの促進と最適化を行っていると発表しました。 オールステートのジーバンジー氏は、ITインフラと新たな業務プロセスを連携する重要性を理解した同社の上層部の功績を評価しています。デジタル業務への切り替えによる利益を最大化し、リスクを最小化するために再構築する必要があったのです。そしてすべてはクラウドファーストのアプローチで実行されましました。 「クラウド上での実行を念頭に構築され、設計されました。オンプレミスでの実行は配慮されていないのです」と氏は述べています。 保険金請求処理方法の見直し オールステートはいろいろな意味でデジタルジャーニーを始めたばかりです。「帳簿」に計上された請求処理のわずか3%から4%のみがクラウド上で処理されており、ほとんどのデータは保険会社が一般的に使用するオンプレミスのXMLデータベースで処理されています。しかしながら先進技術とビジネス近代化の青写真は確固たるものであるとCIOは述べています。 北米、北アイルランド、インドにスタッフを擁するオールステートのグローバルITチームが、インフラと新たなプロセスを開発しました。まずオールステートの本拠地であるイリノイ州で9か月導入して、新たなデジタルエクスペリエンスに対する顧客の反応を確認した後、テネシー州で展開しました。同社は今年度、自動車保険の直接販売を通して米国の約3分の1でこれを立ち上げる予定です。 「顧客の反応をしっかり学ぶことができましました。これが組織を変えていくということなのです。顧客体験にまず焦点を当てたことは、顧客に最高の経験の提供することにおいて最も有益でした」とジーバンジー氏は述べています。 オールステートは2019年にクラウドへの移行を開始し、2022年のジーバンジー氏の同社への復帰を機に、キュレートされたマルチクラウドの青写真の配置を開始しました。 同社は各州の住宅・自動車保険会社のすべての側面の見直しと評価を行い、AIなどの特化されたアプリケーションにグーグルやマイクロソフトのサービスを活用しながら、中核となる主要製品としてAWS上に構築しています。 系統的なアプローチを取っていても、オールステートがテクノロジーに未熟だというわけではありません。同社はかなり以前に業務プロセスを自動化し、手作業のステップを廃止して決済をスピードアップしています。 同社は実際、主要アプリケーションに複数の機械学習モデルを採用しています。これには事故にあった車が全損であるかなどの請求予測も含まれており、またこれらの推奨事項を自律的に作成するより進化した自社製の機械学習モデルも含まれています。 生成AIで顧客エクスペリエンスを向上 オールステートはまた、MyStoryを非公式に吹き替えたChatGPT3.3をベースにした生成AIアプリケーションを開発し、事故やインシデント発生後の請求提出にかかる時間を大幅に削減しました。顧客は事故について様々な担当者や清算人に繰り返し説明する必要がなくなり、一度詳しく説明すれば文書にまとめられ、関係者全員に送られます。 担当者から電話があった時はすでにすべての情報が伝わっており、すぐに次の段階に進むことができます。「最も重要な時にスムーズに流れるようにするんです。プロセスをこのように変えたことで、顧客満足度が大幅に向上しました」と氏は語っています。 ガートナー社の著名なVPおよびアナリストであるアルン・チャンドラセカラン氏は、同様の生成AIを採用したパイロット事業が金融サービスやその他の保険会社、またテクノロジー、メディア、エンターテイメント企業にて実施されていると述べています。 氏によれば、保険会社は請求処理をスピードアップして顧客満足度を高めるために、音声文字変換などのテクノロジーを率先して採用してきたということです。生成AIは現在保険業界ではあまり使用されていませんが、今後12か月間で大きな成長が予測されており、すぐれた成果を挙げるための最新の試みと言えます。 「これらのユースケースは実際、保険業界にはここしばらく存在していましました。言語モデルが本質的に付加価値を与えられるというのは、優れた認識という観点からであり、言語モデルが応答を作成することができるからなのです」と氏は述べています。より正確に請求を処理するために、イベントの再作成に必要な多くの情報をもたらしてくれます。「今後モデルが進化して完全にマルチモーダルとなれば、異なるタイプのデータをトラバースできるようになります」 アメリカの4大自動車・住宅保険会社の1社であるオールステートはおよそ1億9,000万件の保険証券を扱っており、これには自動車や住宅、モーターバイク、健康、障がい、生命、個人用デバイス、ID向けなどの保険が含まれると同社の広報担当者は述べています。 同社はおよそ5万4,500人を雇用し、専属営業職員は1万100人、独立代理店は5万1,900に登ります。ジーバンジー氏のリーダーシップのもと、社全体で7,000人のIT専属スタッフが働いています。 クラウドネイティブアプローチ開始に伴うCIOの最大の課題は、「デジタル企業になるために社風を変える」ことであるとジーバンジー氏は述べ、経営幹部全員が計画を受け入れてくれたことで自身の仕事が大変やりやすくなったと指摘しています。「我々は当社の全プロセスを見直して、デジタルレディネスを実現したのです」 Cloud Computing, Digital Transformation
Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V
Patch Tuesday: Redmond patches critical, remote code execution vulnerabilities haunting Windows Kerberos and Windows Hyper-V. The post Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V appeared first on SecurityWeek.
Adobe Patches Code Execution Flaws in Substance 3D Stager
Patch Tuesday: Adobe patches six security flaws in the Substance 3D Stager product and warned of code execution risks on Windows and macOS. The post Adobe Patches Code Execution Flaws in Substance 3D Stager appeared first on SecurityWeek.
CISA Warns of Apache Superset Vulnerability Exploitation
CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Apache Superset Vulnerability Exploitation appeared first on SecurityWeek.
Delinea Acquires Authomize to Tackle Identity-Based Threats
Delinea acquires Israeli startup Authomize to add identity threat detection and response (IDTR) technologies to its product portfolio. The post Delinea Acquires Authomize to Tackle Identity-Based Threats appeared first on SecurityWeek.
Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024
Industrial giants Siemens and Schneider Electric publish a total of 7 new security advisories addressing 22 vulnerabilities. The post Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024 appeared first on SecurityWeek.
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe
Researchers at Securonix warn that Turkish threat actors are targeting organizations in the Americas and Europe with ransomware campaigns. The post Turkish Hackers Target Microsoft SQL Servers in Americas, Europe appeared first on SecurityWeek.
Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cybersecurity
Despite the drastically newer and more complex technology, many of the core incident response principles remain the exact same and we should never forget the fundamentals. The post Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cybersecurity appeared first on SecurityWeek.
Ransomware Gang Claims Attack on Capital Health
The LockBit ransomware gang claims to have stolen over 7 terabytes of data from hospital system Capital Health. The post Ransomware Gang Claims Attack on Capital Health appeared first on SecurityWeek.
Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines
Hackers can take complete control of Bosch Rexroth nutrunners, installing ransomware or altering settings to cause financial impact and brand damage. The post Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines appeared first on SecurityWeek.
LoanDepot Takes Systems Offline Following Ransomware Attack
Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions. The post LoanDepot Takes Systems Offline Following Ransomware Attack appeared first on SecurityWeek.
Cybersecurity Funding Dropped 40% in 2023: Analysis
The volume of cybersecurity transactions increased in 2023 compared to 2022, but the total amount of funding decreased significantly. The post Cybersecurity Funding Dropped 40% in 2023: Analysis appeared first on SecurityWeek.
Managing CEO expectations is this year’s Priority No. 1
Once upon a time, CEOs’ IT expectations legendarily came from in-flight magazines — a source that’s morphed from CIO irritant to quaint memory as the magazines faded into nostalgia-land. Today’s CEOs are more likely to get their IT visions from stories written by credulous writers authoring for online business media. That’s if we’re lucky. If […]
6 tough AI discussions every IT leader must have
Few technologies have provoked the same amount of discussion and debate as artificial intelligence, with workers, high-profile executives, and world leaders waffling between praise and fears over AI. Granted, CIOs have not been called before Congress to testify. But they are being grilled in executive suites and boardrooms, as enterprise leaders turn to their technology […]
Leadership: 3 ostacoli che possono compromettere la fiducia nel CIO
Una delle maggiori barriere a un’effettiva trasformazione digitale [in inglese] è da ricercarsi nella leadership: quando si spezza il legame di fiducia tra il CIO e il CEO, o tra il CIO e i team del business chiamati ad attuare i cambiamenti, i progetti di digitalizzazione restano incompiuti. In qualche caso il Chief Information Officer […]
ドイツITZBund、連邦政府のITのクラウド化目指す
レガシー・アプリケーションの罠に陥ることを避けるため、ドイツ連邦情報技術センター(ITZBund)は、未来志向のクラウド・ランドスケープを実行することを早くから認識していたと、連邦政府のCIO兼副技術部長であるクリスティーネ・セレット氏は言う。ITZBundは連邦行政の中央ITサービス・プロバイダーとして、例えば交通、予算、税金、内部セキュリティ、統合などの分野で幅広い重要なプロセスを運営している。そのため、クラウドファーストは、アジャイルな作業方法、入札や契約締結を評価するインシデント報告ツールであるフェデラルクライアントと並んで、同センターの3つの戦略目標のひとつとなっている。 連邦政府のクラウドとオペレーティング・プラットフォーム クラウドへの道は2016年にフェデラル・クラウドを構築したことから始まり、ITZBundはフェデラル・クラウドを連邦電子ファイル、コラボレーション・シナリオ、プロジェクト管理・開発プラットフォームとして使用しているとセレット氏は言う。 その過程で、さまざまなセキュリティ・レベルに分けられたプライベート・クラウド環境である連邦オペレーティング・プラットフォームが構築された。「2022年、私たちはこのクラウドで世界初のVS-NfD承認とBSIからの基本保護認証を取得しました」と彼女は言う。これは、当局の4段階の機密レベルのうち最も低いレベルである、公式使用に限定された機密情報のための承認である。 次の開発はBundescloud 2.0と呼ばれ、BSI認証を失うことなく新しいプライベートクラウドプラットフォームにアップグレードすることなどが含まれる。 「しかし、私たちは現実的でもあり、市場が発展しているようには開発できないため、長期的にプライベートクラウドを利用することも考えています」と彼女は言う。このような背景から、ITZBundをマルチクラウド・マネージャーとしてさらに発展させることを目的としたプログラムが作られた。このプログラムには、BC Business Transformation、Multi-Cloud Platform、Federal Cloud 2.0、MS Sovereign Cloudなど、いくつかの重要なプロジェクトが割り当てられており、セレット氏は変革の一環として、社内プロセスと顧客との対話の両方を適応させ、再設計したいと考えている。「発注、調達、提供、請求のプロセスを根本的に変えなければならない」と彼女は言う。 マルチクラウド・プラットフォーム・プロジェクトは、マルチクラウド管理のための技術的要件を策定するためのものだ。既存の連邦クラウドに加え、ITZBundは独自のデータセンターに外部クラウドを構築し、サービス・プロバイダーによって運用され、さらに開発される。セレット氏はまた、将来的にはSAPなどの外部プロバイダーが提供するソブリン・クラウドのサービスも利用したいと考えている。「特別な保護を必要としないデータやアプリケーションについては、パブリッククラウドを利用するつもりです」と彼女は語る。 しかし、そのためのハードルはかなり高い。例えば、ITZBundはさまざまなITレベルを管理し、公開入札を行うための高度なシステムを開発しなければならない。セレット氏のチームは、マルチクラウド管理プログラムのマーケティングとコミュニケーション戦略も開発した。 価値提案 セレット氏は、彼女のチームが顧客にデジタル化への迅速な道筋を提供することを強調している。「私たちは、迅速かつ柔軟に行動し、短期間でサービスを利用できるようにし、同様に短期間でサービスを廃止することができます」と彼女は言う。これに基づいて、各省庁は、連邦電子ファイル、研修システム、開発・プロジェクト管理プラットフォームなど、さまざまな重要なサービスを提供している。ITZBundはコンテナ・プラットフォームを使って、ドイツのデジタル近代化の法的根拠となるオンライン・アクセス法(OZG)の関連プロジェクトも支援しており、行政ポータルを通じた行政サービスのデジタル化を規制している。 IT Leadership
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws. The post QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products appeared first on SecurityWeek.
Turkish Cyberspies Targeting Netherlands
Turkish state-sponsored group Sea Turtle has been targeting multiple organizations in the Netherlands for espionage. The post Turkish Cyberspies Targeting Netherlands appeared first on SecurityWeek.
How to Get Started with Security Automation: Consider the Top Use Cases within Your Industry
Organizations in different industries may approach security automation from a different entry point, but the requirements for an automation platform are consistent across use cases. The post How to Get Started with Security Automation: Consider the Top Use Cases within Your Industry appeared first on SecurityWeek.
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks
NIST has published guidance on adversarial machine learning (AML) attacks and mitigations, warning that there is no silver bullet. The post NIST: No Silver Bullet Against Adversarial Machine Learning Attacks appeared first on SecurityWeek.
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack
Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks. The post Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack appeared first on SecurityWeek.
Lebanon Airport Screens Display Anti-Hezbollah Message After Being Hacked
The information display screens at Beirut’s international airport were hacked by domestic anti-Hezbollah groups. The post Lebanon Airport Screens Display Anti-Hezbollah Message After Being Hacked appeared first on SecurityWeek.
CISO Conversations: Jason Rebholz and Jason Ozin From the Insurance Sector
SecurityWeek interviews two CISOs from the insurance sector: Jason Rebholz at Corvus Insurance and Jason Ozin at UK-based PIB Group. The post CISO Conversations: Jason Rebholz and Jason Ozin From the Insurance Sector appeared first on SecurityWeek.
Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs
A total of more than 28,000 CVE IDs were assigned in 2023 and 84 new CVE Numbering Authorities (CNAs) were named. The post Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs appeared first on SecurityWeek.
Cathay Pacific to take cloud journey to new heights
Even as its cloud journey reaches cruising altitude, Cathay Pacific Group IT is not slowing down. Instead, the publicly held operator of Cathay Pacific Airlines and HK Express is shifting from migration to optimization mode in an effort to wrest additional benefits from its all-in cloud transformation. “Cloud optimization is the new initiative in 2024,” […]
10 top priorities for CIOs in 2024
Last year was certainly a wild ride, with the ascendent rise of AI impacting a wide range of IT sectors and capturing the imagination (and fears) of the world at large. IT leaders can look forward to even more surprises, as well as continuing challenges, over the next 12 months. To stay on top of […]
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected
Global law firm Orrick, Herrington & Sutcliffe discloses a data breach that affects a whopping $600,000 individuals. The post Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected appeared first on SecurityWeek.
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved
In a landmark case that blurs the lines between cyber and kinetic warfare, Merck reached a settlement with insurers over a $1.4 billion claim stemming from the NotPetya malware attack. The post Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved appeared first on SecurityWeek.
New ‘SpectralBlur’ macOS Backdoor Linked to North Korea
SpectralBlur is a new macOS backdoor that shows similarities with North Korean hacking group’s KandyKorn malware. The post New ‘SpectralBlur’ macOS Backdoor Linked to North Korea appeared first on SecurityWeek.
In Other News: US Ransomware Attacks, 23andMe Blames Victims, Nuclear Waste Hacking Attempt
Noteworthy stories that might have slipped under the radar: report on US ransomware attacks, 23andMe blames victims for hack, nuclear waste company targeted. The post In Other News: US Ransomware Attacks, 23andMe Blames Victims, Nuclear Waste Hacking Attempt appeared first on SecurityWeek.
Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities
A Nigerian national arrested in Ghana faces charges in the US for a BEC scheme involving two charitable organizations. The post Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities appeared first on SecurityWeek.
Ivanti Patches Critical Vulnerability in Endpoint Manager
CVE-2023-39336, a critical vulnerability in Ivanti EPM, may lead to device takeover and code execution on the server. The post Ivanti Patches Critical Vulnerability in Endpoint Manager appeared first on SecurityWeek.
US Says 19 People Charged Following 2019 Takedown of xDedic Cybercrime Marketplace
Justice Department says 19 people involved in the xDedic cybercrime marketplace have been charged to date following its 2019 takedown. The post US Says 19 People Charged Following 2019 Takedown of xDedic Cybercrime Marketplace appeared first on SecurityWeek.
Russia Hacked Residential Cameras in Ukraine to Spy on Air Defense, Critical Infrastructure
Ukraine said Russia hacked two surveillance cameras and used them to spy on air defense systems and critical infrastructure in Kyiv. The post Russia Hacked Residential Cameras in Ukraine to Spy on Air Defense, Critical Infrastructure appeared first on SecurityWeek.
Energy Department Offering $70 Million for Security, Resilience Research
US Department of Energy offering up to $70 million in funding for research into technologies that boost the resilience and security of energy sector. The post Energy Department Offering $70 Million for Security, Resilience Research appeared first on SecurityWeek.
IT to thank for most of Radisson Hotel Group’s business initiatives
With stints at Procter & Gamble, HPE and DHL, Jaime González-Peralta landed at Radisson Hotel Group four years ago as CIO for EMEA and then became global CIO in April 2020 — a particularly complex moment due to the paralysis that the pandemic inflicted on the world of travel. During this time, thanks to the period of reflection the […]
The 15 most in-demand tech jobs for 2024 — and how to hire for them
As we head into 2024, businesses are dialed in on hiring for cloud, DevOps, digital transformation, security and privacy, development, AI, automation, system upgrades, and data integration and analytics, according to Robert Half Technology’s 2024 IT salary report. Recruiting in the tech industry remains strong, according to the report, with job gains outpacing losses in the […]
Vigilant Ops Raises $2 Million for SBOM Management Platform
Vigilant Ops receives $2 million seed investment from DataTribe to help organizations manage SBOMs. The post Vigilant Ops Raises $2 Million for SBOM Management Platform appeared first on SecurityWeek.
Optimizing PCI compliance in financial institutions
In the fast-evolving world of finance, data security is of paramount importance. Financial institutions must ensure the protection of sensitive personal information, most commonly payment card data, to maintain, trust and meet various regulatory requirements. The Payment Card Industry Data Security Standard (PCI DSS) is a crucial framework to which financial institutions must adhere. However, […]
Mimecast Acquires User Education Startup Elevate Security
Elevate Security raised $18.3 million in venture capital financing and scored investments from the likes of Cisco and CrowdStrike. The post Mimecast Acquires User Education Startup Elevate Security appeared first on SecurityWeek.
Intel spins off enterprise AI company Articul8 with outside funding
Intel has set up a new company, Articul8 AI, to sell enterprise generative AI software it developed. Articul8 AI will be led by Arun Subramaniyan, formerly vice president and general manager in Intel’s Data Center and AI Group. The new company’s investors include global investment firm DigitalBridge Ventures. “With its deep AI and HPC [High […]
Top 8 ways to improve cybersecurity for your organization
Sick of hearing you should “do more with less?” This is the time to “do fewer things better.” As you plan your security budget, know that your recommendations to improve cybersecurity will be scrutinized more than ever before. Expect your CFO to ask: “Don’t we already have a tool that does this?” or “How long […]
Airbus Offering to Buy Atos Cybersecurity Unit for Up to $2 Billion
French aerospace giant Airbus could acquire Atos’ cybersecurity unit for up to $2 billion, but discussions are at a preliminary stage. The post Airbus Offering to Buy Atos Cybersecurity Unit for Up to $2 Billion appeared first on SecurityWeek.
Google Patches Six Vulnerabilities With First Chrome Update of 2024
Google has released a Chrome 120 update to resolve six vulnerabilities, including four reported by external researchers. The post Google Patches Six Vulnerabilities With First Chrome Update of 2024 appeared first on SecurityWeek.
4.5 Million Individuals Affected by Data Breach at HealthEC
HealthEC says personal information received from business partners was compromised in a July 2023 data breach. The post 4.5 Million Individuals Affected by Data Breach at HealthEC appeared first on SecurityWeek.
How AI can boost customer satisfaction, retention, and loyalty in the contact center
AWS | IBM Customer communication is a vital aspect of any business, especially when it comes to the contact center. The contact center is where customers interact with companies through various channels, such as phone, email, chat, or social media. The quality and efficiency of customer communication can affect customer satisfaction, retention, and loyalty That […]
Estes Express Lines Says Personal Data Stolen in Ransomware Attack
Estes Express Lines is informing over 21,000 individuals that their personal information was stolen in a ransomware attack. The post Estes Express Lines Says Personal Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Beyond Protocols: How Team Camaraderie Fortifies Security
The most efficient and effective teams have healthy and constructive cultures that encourage team members to go above and beyond the call of duty. The post Beyond Protocols: How Team Camaraderie Fortifies Security appeared first on SecurityWeek.
RIPE Account Hacking Leads to Major Internet Outage at Orange Spain
Orange Spain’s internet went down for several hours after its RIPE account was hacked, likely after malware stole the credentials. The post RIPE Account Hacking Leads to Major Internet Outage at Orange Spain appeared first on SecurityWeek.
Hacked Mandiant X Account Abused for Cryptocurrency Theft
Mandiant’s account on X, formerly Twitter, was hacked and used to lure users to a cryptocurrency phishing site. The post Hacked Mandiant X Account Abused for Cryptocurrency Theft appeared first on SecurityWeek.
Atos contemplates fire sale as break-up plan falters
French IT services company Atos is floundering as it seeks to refocus its business. Negotiations over the sale of its legacy infrastructure services business are dragging on, and the company is contemplating the sale of more profitable activities such as its big data and security business to meet debt repayment obligations. Last year, it announced […]
6 warning signs CIOs should look out for in 2024
CIOs had to navigate a labyrinth of challenges in 2023: generative AI rewrote the rulebook of technological possibility, governments started to draft new regulatory frameworks for the tech sector, and global conflicts disrupted business operations. Through it all, CIOs had to adapt swiftly. The lessons learned will prove useful in the year to come, as […]
How Starlink transformed tech operations for Journey Beyond
The launch of satellite internet provider Starlink has been operationally transformative for Journey Beyond, one of Australia’s premier destination tourism companies, and it’s driving a new era of progress and innovation. “When Starlink came, the game changed,” explains Madhumita Mazumdar, GM of ICT at Journey Beyond. “We went from accessing 1mbps to 250mbps in some […]
Weighing risk and reward with gen AI vendor selection
In mid-November, OpenAI’s board fired the CEO of the company, Sam Altman, the guy who put ChatGPT on the map and ushered in a new era of corporate AI deployments. Within the next three days, nearly all of the company’s employees said they’d walk out the door, and the fate of OpenAI looked extremely uncertain. […]
CIO, una professione al bivio: se non evolve, sarà senza prospettive
Sono tempi difficili per i CIO. Un complesso mix di instabilità macroeconomica, progressi tecnologici e disruption digitale spinge le aziende a cercare leader IT in grado di essere all’altezza della situazione e di trasformare quelle che potrebbero essere difficoltà insuperabili in opportunità di business. Le cattive notizie che emergono da una ricerca Forrester di inizio […]
Value stream management (VSM) delivered $81M in savings
Organizations considering value stream management (VSM) must look at several deciding factors, not the least of which is the potential return on investment (ROI). In fact, VSM has been shown to deliver significant organizational benefits and quantifiable, financial ROI. In November 2023, Forrester Consulting conducted a Total Economic Impact™ (TEI) study, commissioned by Broadcom, which […]
Supercharging retail with AI: Blending commerce and lifestyle
Global events and changing consumer behaviors in the digital era are causing retailers to look toward the future with concern. In 2024, these pressures will drive businesses increasingly to ask: How can I increase sales without raising overhead? How can I create year-round stability for sourcing, inventory, restocking, and order management? And how can I […]
ITリーダーを悩ませ続ける10のこと
CIOはラッダイト(訳註:19世紀初頭に機械化に反対した英国熟練労働者組織)とは言い難いが、一部の技術者でさえ、人工知能や技術進化の急速なペース、それについていけるかどうかを心配している。 だからといって、本物のラッダイトのように、自分の役割を放棄したり、機械を叩き壊したりしようとしているわけではない。 しかし、CIOは最近、複数の問題に頭を悩ませていることを認めている。以下は、ITリーダーを夜も眠らせないようにしている10の心配事である。 1. サイバーセキュリティのリスク サイバー攻撃の数の増加、攻撃の成功率、侵入された場合の深刻な影響など、恐ろしい統計を考えれば、これは驚くことではない。 最近の数字を見ても、不安を和らげることはできない。サイバーセキュリティ企業のNCCグループが発表した9月の月例脅威インテリジェンス・レポートには、心配する理由がたくさん書かれている。例えば、2022年9月から2023年9月にかけて、世界的なランサムウェア攻撃は153%増加するとしている。また、これらの期間の間に、二重の恐喝を行うランサムウェアグループの数が76%増加していることを指摘し、この数字は「営利目的のランサムウェアへの関心が決して低下していない」ことを示唆していると付け加えた。 このような現実を考えると、CIOが侵害やハッキングを心配するのは当然だろうか? 「企業のセキュリティが確保され、データが保護されているかどうかを心配することは、ますます増えているようだ。なぜなら、それが最初に対処されなければ、他のすべてが水の泡になってしまうからだ」と、財務テクノロジーやその他の専門分野でコンサルティングやマネージド・サービスを提供するE78パートナーズのジョン・ブッコラCTOは言う。 セキュリティを監督するCISO(最高情報責任者)がいる組織で働くCIOでさえも、この点については免れないことがブッコラ氏の調査でわかった。「情報漏洩が発生した場合、所有権は共有され、全員が対応に責任を持つことに変わりはありません」とブッコラ氏は言う。 2. AIの影響 データサイエンティストでなくとも、AIがこのリストに入るであろうことは予測できた。結局のところ、業界のリーダーたちでさえAIに警鐘を鳴らし、このテクノロジーは人類に存亡の危機をもたらすと警告している。 そのような恐れを抱いているCIOもいるだろうが、もっと差し迫った、そしてもっと現実的なことを懸念しているというCIOもいる。 情報管理協会(Society for Information Management:SIM)が最近実施した年次トレンド調査によると、世論調査を行ったITリーダーの4分の1近くが、AIと機械学習を懸念事項として挙げていた、とSIMのマーク・テイラーCEOは言う。 これらのCIOは、人類の未来に対する恐怖を表明しているわけではないとテイラーは言う。むしろ、AIが自分たちの組織にどのような影響を与えるかについてストレスを感じているのだ。ChatGPTや一般的なジェネレーティブAIのようなAI技術が、どのようにリスクを増大させるのかに疑問を抱いているのだ。適切なセーフガードを導入しているかどうか、これらのテクノロジーを利用する適切な機会を捉えているかどうかに疑問を抱いているのだ。 「CIOには大きなプレッシャーがかかる」とテイラーは言う。 さらにテイラー氏によると、多くのCIOは、CEO、C-suiteの同僚、組織全体の従業員がそのテクノロジーを熱望し、そのテクノロジーを使った独自のプロジェクトを立ち上げ、さらにストレスを高めているという。 3. 技術負債 技術負債は、クローゼットに潜む怪物であり、CIOを夜も眠らせないもう一つの問題かもしれない。 2023年にDXC Leading Edgeが発表した「近代化の受容: テクニカルデットから成長へ」と題された研究は、その問題に光を当てている。750人のIT幹部を調査し、わずか5人の回答者しかリスクレジスタにテ技術負債を記載していないことを発見した。さらに、他の回答者は「技術負債が組織の変化への適応能力を制限する」と認識していることが明らかになった。 報告書はこう続けている。 「こうした時代遅れの技術、コード、慣行、仕事のやり方は、別の意味でも障害となる。イノベーションへの道を阻むのだ。同レポートは、ITエグゼクティブの46%が、デジタル・トランスフォーメーションと成長を追求する組織の能力に対して、制限に遭遇することが非常に多い、あるいは技術的負債が劇的な影響を及ぼしている」と回答していることを指摘している。 セキュリティ・ソフトウェアのプロバイダーであるPing IdentityのCIO、ジョン・カンナヴァ氏は、IT環境があまりにももろく、拡張性がほとんどなく、進化するビジネス要件や最新のアプリケーション・ニーズをサポートできないことが懸念されると述べている。 DXCのリーディング・エッジ・レポートの著者は、「減価償却前の技術資産全体の価値の20%から40%が技術的負債に縛られているかもしれないと考えると、どんな経営者でも血の気が引く」と述べ、恐怖の要因を認めている。 4. ITの未知数 一方、多くのCIOは、似たような関連する問題、つまり、IT環境に何があるのかを十分に把握し、可視化できていないことに頭を悩ませている。 「知らないことを知らないということです」と、大規模な企業規模の変革を支援するParadigm Solutions社の社長兼創業者兼代表のローラ・ヘメンウェイ氏は言う。 多くのIT部門は、コード、プロセス、システムに関する強力な文書化を欠いている、とヘメンウェイは言う。彼はまた、部分的CIOとして、アリゾナSIM支部のリーダーでもある。さらに、組織のデータがどのような場所に存在し、誰が、なぜそれに触れているのかをすべて把握しているわけでもない。 「CIOはここ数年で急速に多くのことを経験したため、データの不明点、プロセスのギャップ、壊れたインターフェース、期限切れのプログラムなどがない変革プロジェクトは存在しない。」 「そして、CIOがしっかりとした基盤を作る時間を取らない限り、このようなことは頭の片隅でグルグルと回っていることでしょう」と彼女は言う。 5. 経済 もうひとつ、CIOを少し不安にさせている未知の要素がある。 調査によると、経営陣の見通しはまちまちで、何が起こるかわからないという不透明感を示している。CIOはその影響を感じている。 例えば、Transnetyx社のインフラ・サービス・セキュリティ担当バイスプレジデントで、SIMメンフィス支部のマーケティング委員長を務めるアントニオ・テイラーは、インフレの影響に対処していると言う。何年もの間、年率3%前後で上昇していた製品やサービスのコストが、今では10%以上にも跳ね上がっている。 「もちろん、より良い料金になるよう交渉したいのは当然だが、払っただけのものは手に入ると信じている」と彼は言い、「いつ値上がりが均等になるのか、時期はわからない」と指摘する。 そのため、テイラーのようなCIOは夜更かしをし、予算について考え、優先順位リストを再考し、無理をしていないか確認している。 調査会社エベレスト・グループのパートナーであるニティシュ・ミタル氏は、「どのCIOも予算を増やそうと苦心している」と付け加える。 同氏は、COVID関連の混乱を乗り切るために企業がデジタル・プログラムに多額の投資を行ったため、近年は多くのCIOが財布の紐が緩むことに慣れていたと指摘する。そのため、今日のような厳しい支出要求は、少々衝撃的であるという。 6. ビジネスニーズに対応する CIOが、進化し続けるビジネス・ニーズのペースに遅れを取らないよう取り組んでいる中で、こうした経済的な懸念と、それに対応する(そして、一見、恒常的な)、より少ないコストでより多くのことをこなさなければならないというプレッシャーが生じる。 シュナイダーエレクトリックの北米担当上級副社長兼CIOであるボビー・カイン氏は、このようなプレッシャーがもたらす不安を認めている。 「夜も眠れないのは、ビジネス上の問題を解決するためだ。シュナイダーエレクトリックと当社の成長を見ると、それは超成長である。変革的な成長だ。シュナイダーエレクトリックと私たちの成長を見てみると、それは超成長であり、変革的成長である。それはシステム面だけでなく、IT環境全体、つまりデータから構造、ITに費やす予算の割合に至るまでである。そして、明かりを灯し続けることと、革新的な支出とのバランスをとることだ。それが私の関心事だ」。 […]
Aqua Security Scores $60M Series E Funding
Late-stage player in the CNAPP space secures a $60 million extended Series E funding round at a valuation north of $1 billion. The post Aqua Security Scores $60M Series E Funding appeared first on SecurityWeek.
SentinelOne Snaps up Seed-Stage CNAPP Startup PingSafe
SentinelOne plans to acquire PingSafe in a cash-and-stock deal that adds cloud native application protection platform (CNAPP) technologies. The post SentinelOne Snaps up Seed-Stage CNAPP Startup PingSafe appeared first on SecurityWeek.
Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service
The personal information of more than 900,000 individuals was stolen in a data breach at Fallon Ambulance Service. The post Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service appeared first on SecurityWeek.
SonicWall Buys Banyan Security For ZTNA Technology
SonicWall announces the acquisition of Banyan Security, a deal that adds zero-trust network access tooling to its product portfolio. The post SonicWall Buys Banyan Security For ZTNA Technology appeared first on SecurityWeek.
Hacker Conversations: Runa Sandvik
SecurityWeek interviews Runa Sandvik, a cybersecurity researcher focused on protecting journalists, defenders of human rights and lawyers, The post Hacker Conversations: Runa Sandvik appeared first on SecurityWeek.
Several Infostealers Using Persistent Cookies to Hijack Google Accounts
A vulnerability in Google’s authentication process allows malware to restore cookies and hijack user sessions. The post Several Infostealers Using Persistent Cookies to Hijack Google Accounts appeared first on SecurityWeek.
Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks
A group of claimed Palestinian state cyber warriors has hit over 100 Israeli organizations with wipers and data theft. The post Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 25 Deals Announced in December 2023
Twenty-five cybersecurity-related merger and acquisition (M&A) deals were announced in December 2023. The post Cybersecurity M&A Roundup: 25 Deals Announced in December 2023 appeared first on SecurityWeek.
21 New Mac Malware Families Emerged in 2023
A total of 21 new malware families targeting macOS systems were discovered in 2023, a 50% increase compared to 2022. The post 21 New Mac Malware Families Emerged in 2023 appeared first on SecurityWeek.
Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack
Xerox says personal information was stolen in a cyberattack at US subsidiary Xerox Business Solutions. The post Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack appeared first on SecurityWeek.
5 best practices for digital twin implementation
Digital Twins are making solid headway in the civil infrastructure arena with notable examples such as the twin of the entire Republic of Singapore, and the city of Dubai. As mentioned in an earlier article, Keith Bentley of software developer Bentley Systems describes digital twins as the biggest opportunity for IT value contribution to the […]
States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities
The hacking of a municipal water plant is prompting new warnings from U.S. security officials at a time when governments are wrestling with how to harden water utilities against cyberattacks. The post States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities appeared first on SecurityWeek.
Are Security Appliances fit for Purpose in a Decentralized Workplace?
Security appliances are amongst the most riskiest enterprise devices and are a often method for threat actors to infiltrate a business. The post Are Security Appliances fit for Purpose in a Decentralized Workplace? appeared first on SecurityWeek.
8 pressing needs for CIOs in 2024
With the merging of operational efficiency and embracing new technologies, today’s CIOs are under increasing pressure to do more with less and become both technologists and business leaders, says Sunny Azadeh, CIO at digital services company GlobalLogic. “In a world underpinned by change, it remains constant that digital transformation must be a core organizational competency,” […]
Free Decryptor Released for Black Basta Ransomware
A vulnerability in Black Basta ransomware’s encryption algorithm allows researchers to create a free decryptor. The post Free Decryptor Released for Black Basta Ransomware appeared first on SecurityWeek.
New DLL Search Order Hijacking Technique Targets WinSxS folder
Attackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder. The post New DLL Search Order Hijacking Technique Targets WinSxS folder appeared first on SecurityWeek.
Want to tackle technical debt? Sell it as business risk
Whenever IT infrastructure upgrades are mentioned, it’s often in the same sentence as technical debt. Technical debt is what accrues when IT teams borrow against future performance to meet demands and deadlines today. That includes maintenance and upgrades deferred in favor of other projects or priorities, which can result in high future costs when those […]
13 IT resolutions for 2024
CIOs are readying for another demanding year, anticipating that artificial intelligence, economic uncertainty, business demands, and expectations for ever-increasing levels of speed will all be in play for 2024. Yet, CIOs remain both undaunted by that list and expectant about what they can achieve. They’re articulating ambitions and formulating objectives, turning those would-be challenges into […]
L’IT del 2024 visto dagli esperti: 10 trend che i CIO non possono trascurare
Nel 2024, le aziende italiane continueranno investire in tecnologia (+1,9% previsto rispetto al 2023) e i CIO metteranno in agenda sempre più progetti che riguardano l’implementazione dell’intelligenza artificiale (IA). Nelle grandi imprese, la spesa si concentra ancora innanzitutto sui sistemi di information security (57%), sulle soluzioni di business Intelligence, per la visualizzazione dati (45%) e […]
法律情報サービス大手LexisNexisの生成型AIへの挑戦
生成型AIの破壊的脅威を食い止めるための青写真を探しているITリーダーは、LexisNexisのEVP兼CTOであるジェフ・ライールのアドバイスが役に立つかもしれない。 1970年代初頭に創業して以来、LexisNexisとその法務・ビジネスデータおよび分析サービスのポートフォリオは、インターネット、グーグル検索、オープンソースソフトウェアの台頭によってもたらされた競争上の脅威に直面してきた。 ライールは、ジェネレイティブAIは、40年近くにわたってITのリーダーを務めてきた彼のキャリアの中で見てきたものよりもはるかに速いスピードで進化していることを認めている。この新しい現実に対処するため、昨年3月にOpenAIのGPT-4が発表された後、彼の会社の経営幹部が集まって戦略を練った。会議のコンセンサスは、新しいイノベーションに正面から取り組むために、会社の年間目標をすべて書き直し、優先順位をつけ直すことだ。 「我々は総力を挙げて取り組んだ。インタラクティブな能力だけでなく、回答の包括性やデータ生成能力という点でも、ゲームチェンジャーだったからだ。その能力の高さには驚かされました」 LexisNexisの中核事業である、法律、保険、金融会社、政府・法執行機関への情報収集と分析提供から考えると、生成型AIの脅威は現実的だ。しかし、レイールは、今日の汎用大規模言語モデル(LLM)の不完全性や、LexisNexisが自社サービスに使用するLLMを強化・カスタマイズするために磨いてきた独自のデータや独自のツール(AnthropicのClaude AIアシスタントやMicrosoft Azure上のGPT-4など)により、LexisNexisは生成型AIの進歩に取り組むことができると確信している。 LexisNexisの2,000人を超える技術者と約200人のデータサイエンティストは、生成型AIを活用し、同社のグローバルな顧客ベースにより付加価値を与える独自の機能を取り入れるために熱中してきた。しかし、この取り組みはまったく新しいものではない。LexisNexisは、自然言語処理(NLP)モデルのファミリーであるBERTを、グーグルが2018年に導入して以来、またChat GPTを導入して以来、遊んできた。 しかし現在、同社はすべての主要なLLMをサポートしている、とライールは言う。 「あなたがエンドユーザーで、私たちの会話型検索の一部である場合、これらのクエリの一部は、単一のトランザクションでAWSのAnthropicだけでなく、AzureのChatGPT-4の両方に行くでしょう」とCTOは言う。「クエリを入力すると、質問の種類に応じて両方に行く可能性がある。我々は最適なLLMを選ぶ。我々はAWSとAzureを使っている。我々はAWSとAzureを使用しており、顧客の質問に答えるために最適なモデルを選択する。」 先月末、LexisNexisは、独自の生成AIソリューションであるLexis+ AIを米国で発表した。このソリューションは、AIの「幻覚」を根絶し、リンクされた法律引用を提供することで、弁護士が正確で最新の判例にアクセスできるようにすることを約束している。 イノベーションの基礎を築く LexisNexisは2015年にクラウドへの移行を開始した。主にAWSの顧客であるLexisNexisは、Microsoft Officeやその他のマイクロソフトのプラットフォームを使用する多くの顧客向けにMicrosoft Azureも提供している。 しかし、クラウドへの移行は上り坂だった。 ライールがLexisNexisに入社した2007年当時、同社のコア・プラットフォームを含むインフラの約半分はメインフレームをベースにしていた。同社は米国で2つの非常に大規模なデータセンターを運営し、いくつかの買収を行ったため、非常に多様なテクノロジーと多種多様な形式のデータが存在していた。 その直後、LexisNexisのITリーダーは取締役会に、XMLベースのオープンシステムにすべてのインフラを置き換えるために数億ドルを要求するよう持ちかけた、とライールは言う。同社は、メインフレームからオープンシステムにリフト・アンド・シフト方式でデータの多くを移行し、同時に独自の検索機能、インデックス作成、自動化機能を追加した。しかし、アプリケーションはクラウド用に最適化されていなかったため、10年近く前に同社がクラウドを採用し始めると、最終的にはマイクロサービス用に再設計する必要があった。 2020年、LexisNexisは最後のメインフレームを停止し、大幅なコスト削減を実現し、クラウドプラットフォームに全力を注いだ。 一部のワークロードはまだ残りのデータセンターで稼働しているが、LexisNexisが活用するデータのほとんどは、裁判所提出書類、法律事務所、ニュースソース、ウェブサイトなど5万以上のソースから、同社独自のコンテンツ作成システムに流れ込んでいる。また、同サービスの編集スタッフが独自のコンテンツを強化・充実させ、自動化がクラウド上のワークフローに付加価値を与えている。 LexisNexisは、大幅なコスト削減、スケーラビリティ、俊敏性、イノベーションのスピードなど、企業がクラウドに移行することで得られるのと同じメリットを数多く享受している。しかし、おそらく最大のメリットは、LexisNexisが自社の生成型AIアプリケーションに機械学習とLLMを迅速に取り入れることができたことだろう。 「AIを使った最初の仕事のいくつかはここから始まった。私たちはNLPと基本的な機械学習を通じて、すべてのことを行っていた。」 変革のもう1つの大きな側面は、従業員のスキルアップと新たな人材の獲得に取り組んできたことだ。LexisNexisのチーム構成は、UXデザイナー、プロダクトマネージャー、ソフトウェアエンジニアから、主題専門家、法律や法律用語を理解する知的財産弁護士、200人近いデータサイエンティストや機械学習エンジニアも含むようになった。 CTOによれば、LexisNexisはデジタル変革に総額14億ドルを費やしたという。その投資価値は十分にあったようだ。 LexisNexisは10月、生成型AIを強化したマルチモデルLLMソリューション、Lexis+ AIを米国市場で発売した。市場でも数少ないAIのSaaSプラットフォームであるこの法律業界向けの微調整されたAIプラットフォームは、幻覚を排除するための検索機能強化型生成型・エンジンを搭載し、洗練された会話型検索機能、法律文書の起草、事例要約、文書アップロード機能を提供し、ユーザーは法律文書から数分で分析、要約、核心的な洞察を抽出することができるという。 CTOによると、このプラットフォームは、ベータ版に携わった顧客と共同開発され、プロンプトや検索を改良し、弁護士にとって重要なプライバシーや特定の検索を社内で行えるようにするためのセキュリティを実装するのに役立ったという。 LexisNexisにとって最大の課題は、どの組織も直面する、十分な人材の確保である。 「人材が不足しているため、データに精通した人材を育成しています」とライールは言う。200人のデータ・サイエンティストが在籍する同社は、来年には国際市場でサービスを提供する準備が整っている。 Cloud Computing
Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’
Google agreed to settle a $5 billion privacy lawsuit claiming that it continued spying on people who used the “incognito” mode in its Chrome browser. The post Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’ appeared first on SecurityWeek.
In Other News: Ubisoft Hack, NASA Security Guidance, TikTok Requests iPhone Passcode
Noteworthy stories that might have slipped under the radar: Ubisoft investigating alleged hack, NASA releases security guidance, TikTok scares iPhone users. The post In Other News: Ubisoft Hack, NASA Security Guidance, TikTok Requests iPhone Passcode appeared first on SecurityWeek.
Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover
Two flaws in Google Kubernetes Engine could be exploited to escalate privileges and take over the Kubernetes cluster. The post Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover appeared first on SecurityWeek.
Pentagon Wants Feedback on Revised Cybersecurity Maturity Model Certification Program
DoD is requesting public opinion on proposed changes to the Cybersecurity Maturity Model Certification program rules. The post Pentagon Wants Feedback on Revised Cybersecurity Maturity Model Certification Program appeared first on SecurityWeek.
Europe’s Largest Parking App Provider Informs Customers of Data Breach
EasyPark says hackers stole European customer information, including partial IBAN or payment card numbers. The post Europe’s Largest Parking App Provider Informs Customers of Data Breach appeared first on SecurityWeek.
Critical Apache OFBiz Vulnerability in Attacker Crosshairs
Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070. The post Critical Apache OFBiz Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
Operations, Trading of Eagers Automotive Disrupted by Cyberattack
Eagers Automotive, a vehicle dealer in Australia and New Zealand, has halted trading after being targeted in a cyberattack. The post Operations, Trading of Eagers Automotive Disrupted by Cyberattack appeared first on SecurityWeek.
Cyberattack Targets Albanian Parliament’s Data System, Halting Its Work
Albania’s Parliament said it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. The post Cyberattack Targets Albanian Parliament’s Data System, Halting Its Work appeared first on SecurityWeek.
Palo Alto Networks Completes Acquisition of Talon
Palo Alto Networks completed the acquisition of Talon Cyber Security, an Israeli startup selling a secure browser technology to enterprise customers. The post Palo Alto Networks Completes Acquisition of Talon appeared first on SecurityWeek.
The Emerging Landscape of AI-Driven Cybersecurity Threats: A Look Ahead
While AI can significantly bolster defense mechanisms, it also equips adversaries with powerful tools to launch sophisticated cyberattacks. The post The Emerging Landscape of AI-Driven Cybersecurity Threats: A Look Ahead appeared first on SecurityWeek.
Ohio Lottery Hit by Ransomware, Hackers Claim Theft of Employee and Player Data
The DragonForce ransomware group has taken credit for the Ohio Lottery hack, claiming to have stolen millions of data records. The post Ohio Lottery Hit by Ransomware, Hackers Claim Theft of Employee and Player Data appeared first on SecurityWeek.
LoanCare Notifying 1.3 Million of Data Breach Following Cyberattack on Parent Company
LoanCare is informing 1.3 million individuals that their personal information was compromised in a data breach. The post LoanCare Notifying 1.3 Million of Data Breach Following Cyberattack on Parent Company appeared first on SecurityWeek.
Mysterious Apple SoC Feature Exploited to Hack Kaspersky Employee iPhones
iOS zero-click attack targeting Kaspersky iPhones bypassed hardware-based security protections to take over devices. The post Mysterious Apple SoC Feature Exploited to Hack Kaspersky Employee iPhones appeared first on SecurityWeek.
IT leaders explore footing amid shifting needs and the AI power struggle
While 2023 brought on many changes to IT departments around the world, by far the biggest surprise was generative AI. Many technology leaders already worked with AI for over a decade for things like predictive maintenance and supply chain planning. Some even implemented their own virtual personal assistants (VPAs), which included at least natural language […]
What is GRC? The rising importance of governance, risk, and compliance
The need to manage risk, adhere to regulations, and establish processes to govern those tasks has been part of running an organization as long as there have been businesses to run. But those tasks have become increasingly critical to organizational success in the modern era, as the number of laws, the complexity of doing business, […]
Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ
The new Barracuda ESG zero-day CVE-2023-7102 has been used by Chinese hackers to target organizations in the US and APJ region. The post Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ appeared first on SecurityWeek.
8 grandi fallimenti IT del 2023
L’IT fornisce le tubature a quasi tutte le aziende esistenti. Nella maggior parte dei casi, funzionano bene ma, quando qualcosa va storto, può essere più imbarazzante (e più costoso) del più disastroso allagamento del bagno. Abbiamo raccolto otto casi di grandi fallimenti tecnologici che hanno colpito aziende e altre organizzazioni nel 2023. Naturalmente, ogni problema […]
非構造化データの力を引き出す8つのヒント
企業データを最大限に活用することは、今日のITリーダーの最大の関心事である。組織がよりデータ主導でビジネス上の意思決定を行おうとする中、ITリーダーは、データがどこに、あるいはどのような形で存在しようとも、データから価値を生み出すためのデータ戦略を考案しなければならない。 多くの企業にとって、テキスト、ビデオ、オーディオ、ソーシャルメディア、画像、センサー、その他の形式の非構造化データは、とらえどころがなく、未開拓のままである。Foundry社の調査によると、業界調査では企業データの90%が非構造化データであると推定されているが、ITリーダーの61%は非構造化データの管理が組織の問題であると回答しており、さらに24%は非構造化データをデータおよびアナリティクスのショートリストに含めていないという。 非構造化データ・リソースは、ビジネス上の洞察を得たり、問題を解決したりする上で非常に価値がある。重要なのは、その価値を生み出す方法を見つけ出すことだ。こうした膨大な情報リソースを活用することに長けた組織は、主要なビジネス・プロセスに実用的な洞察を提供する上で大きな優位性を得ることができる。 ここでは、独創的な企業がどのように非構造化データをビジネス価値に変えているのか、また、非構造化データを組織のために活用するためのヒントを紹介する。 クリエイティブなプロセスを強化する モバイルゲーム開発会社レトロスタイル・ゲームスでは、非構造化データはビジネスの成長とゲームの改善に直接貢献する「金鉱」であることが証明されたと、同社のデータアナリストであるイヴァン・コノヴァルは言う。 レトロスタイル・ゲームズが非構造化データを利用する方法は数多くあるが、最もインパクトがあるのはコンセプトアートの収集とオーディオデータだろう。 「ゲーム開発者のクリエイティブなプロセスは、スケッチやムードボード、コンセプトアートから始まることが多い。これらの作品は、構造化されてはいないものの、ゲームで表現したいことの本質を捉えている。これらの作品が他の作品の中に紛れ込まず、将来ゲームの続編を制作する際に簡単に探し出せるようにするため、私たちは高度な画像認識ツールを使用している」とコノヴァルは言う。 これらのツールは、キャラクターや風景など、アートワークのさまざまな要素を分類し、タグ付けする。「これにより、当社のアーティストや開発者は、関連するアートワークをすぐに見つけることができ、デザインの一貫性を保ち、開発プロセスをスピードアップすることができる」とコノヴァルは言う。「さらに、このシステムによって、会社のアートワークの開発に関する情報を保存することができ、新入社員を教育する際に非常に役立っている」。 音声データについては、プレイヤーがゲームの世界で体験する上で、声優が重要な役割を果たしているとコノヴァルは言う。「ゲーム内のダイアログ、背景音、プレイヤーのボイスチャットから膨大な量のデータを収集している。音声認識とサウンド分析を使って、ムードや感情などのニュアンスを抽出する。」 例えば、あるダイアログの結果、プレイヤーが常に興奮してボイスチャットに入るような場合、開発者はこれに注目する。同様に、環境に合わないバックグラウンドノイズなどの異常も特定され、対処される。 「この音声データから得られた洞察は、ゲームの音声体験の改善に直接貢献し、プレイヤーが常に感情的にゲームプレイに没頭し、環境とインタラクションできるようにしています」とコノヴァルは語る。 ゲームは動的なものであり、それが生成するデータも同様である、とコノヴァルは言う。ゲーム内のチャット感情分析などの機能には、プレイヤーの不適切な行動をフィルタリングするためのリアルタイム処理が必要だった。「Apache Kafkaのようなストリーム処理フレームワークを活用することで、この問題に対処した。これにより、ゲームモデレーターは、新たなパターンや問題にリアルタイムで対応できるようになった。 ゲームのリリースやアップデートが行われるたびに、処理される非構造化データの量は指数関数的に増えていくとコノヴァルは言う。「このデータ量は、ストレージと効率的な処理という点で深刻な問題を引き起こす。」 この問題に対処するため、レトロスタイル・ゲームスはデータレイクに投資した。「これにより、膨大な量の非構造化データを保存できるだけでなく、効率的に照会・分析できるようになり、データサイエンティストや開発者が必要な情報に即座にアクセスできるようになった」とコノヴァルは言う。 ジェネレーティブAIを強化する 従業員認識・体験ソフトウェアのプロバイダーであるWorkhuman社は、クラウドベースのプラットフォームで非構造化データをさまざまな方法で活用している。 「非構造化データは最も一般的なデータ形態でありながら、効果的な活用が最も難しいデータです」とハリオットは言う。 Workhumanのクラウドには、世界中の従業員からの何百万もの承認メッセージが保存されており、一緒に働いている誰かについてポジティブなフィードバックを共有している。 「彼らは自分の言葉でこれを行うので、それぞれの承認の瞬間は完全にユニークなものだ」とハリオットは言う。「私たちはこのデータを使ってAIモデルを構築し、従業員が組織内でどのように協力しているか、メッセージの中でどのようなトピックが最も頻繁に出てくるか、組織全体で表彰の公平性が保たれているかなどを、企業がより明確に定義できるようにしている。」 同社はまた、大規模言語モデル(LLM)を使用して、時系列での表彰傾向を要約し、効果的な表彰メッセージの文言を提案している。 「私が特に誇りに思っているイニシアチブのひとつは、インクルージョン・アドバイザーというツールだ。これは、AIベースのコーチング・ツールで、受賞者に送られる前に、表彰の言葉における無意識のバイアスを特定し、修正を提案する」とハリオットは言う。 非構造化データから価値を引き出す最大の課題のひとつは、組織にとって焦点となるビジネスユースケースに対して、信頼できる有効なトレーニングデータへのアクセスが限られていることだ。 「大量の非構造化データがあっても、モデルを作成し検証するための効果的なトレーニングデータがなければ、進捗と品質は低下する」とハリオットは言う。「LLMの活用はこの点で確かに役立つが、多くのビジネスユースケースは、既存のLLMでは効果的に捕捉できない。」 加えて、「LLMでは、トレーニングデータのバイアスの問題が残る可能性がある」とハリオットは言う。Workhumanには、こうした問題に対処するため、データの注釈、補強、検証を担当する言語学チームがある。「また、大規模で多国籍な顧客と提携し、モデルが意味のある有用な結果をもたらすようにしています」とハリオットは言う。 非構造化データを価値に変えるヒント ハリオット、コノヴァルをはじめとしたデータの専門家は、非構造化データを扱う際に成功するためのアドバイスを以下のように語っている。 1. イニシアチブをビジネス成果に結びつける。ITリーダーは、非構造化データを活用するイニシアチブがビジネスニーズと緊密に連携しており、経営幹部のスポンサーシップがあることを確認する必要がある、とハリオットは言う。 「非構造化データの独創的なユースケースをチームが持っていても、重要なビジネス成果との関連性が周囲に明らかでなく、支持を失うことがよくある」とハリオットは言う。「そのユースケースがなぜ重要なのか、そして、それがどのように直接的または間接的にビジネス上の利益をもたらすのかについて、組織を教育するのはリーダーの責任である。」 2. 過程を認識する。また、データリーダーは、構造化されていないデータで価値を創造することがいかに困難な課題であるかを考慮し、イニシアチブのマイルストーンを設定し、達成されたことを祝うべきである。 「非構造化データを実用的なものにするには、ビジネスが期待する以上の時間と労力が必要になるかもしれない」とハリオットは言う。「マイルストーンを認識することで、リーダーは他のステークホルダーに進捗状況を可視化し、チームメンバーが非構造化データを実用化するために注いでいる努力のレベルを評価されていると感じられるようにする」。 3. 品質が第一。成功のもう一つの鍵は、データ品質を優先することである。 「ガーベージ・イン、ガーベージ・アウト」という格言ほど適切なものはないとコノヴァルは言う。「データ品質を確保せずに分析に入ることは逆効果になりかねない。我々は常にデータをきれいにし、不要なものを取り除き、品質基準を満たしていることを確認するアプローチをとってきた。」 ゲーム業界では、「誤った情報による決定は、プレーヤーが共感しないような高価な機能開発や、さらに悪いことに、評判を落とすようなバグを生む可能性がある」とコノヴァルは言う。「当社の厳格なデータガバナンスの枠組みは、分析の基盤が揺るぎないものであることを保証している」。 4. 実用的なデータと有益なデータを分ける。ビジネスユーザーが行動できるデータに優先順位をつけることも重要だ。「重要なのは、データ量と、何が実用的で何が有益かを見極めることだ」と、コロケーション・データ・サービス・プロバイダーであるDataBank社のCOO、ジョー・ミナリックは言う。 この重要性を強調するために、ミナリックは非構造化データをシステム監視に利用する例を挙げている。「実用的な側面は、優先順位をつけて迅速に対処しなければならない。システムの非常に多くの側面が監視されているため、ひとつの問題が下流の機器からアラームや情報を発生させ、アラート、アラーム、情報が氾濫することになる。」 5. AIを十分に活用する。ミナリックは、非構造化データストリームを長期にわたって分析する上で、AIと機械学習が果たす貴重な役割を指摘する。「システムの相関関係を構築するのに役立つ。それによって、ノイズを取り除き、根本的な問題に即座にたどり着くことができる」。 例えば、組織は名前付きエンティティ認識(NER)を導入することができる。NERは自然言語処理(NLP)のコンポーネントで、非構造化テキスト内の名前付きエンティティを識別・分類することに重点を置き、”人”、”組織”、”場所 “などのタグを付ける。 「実用的には、エンティティ認識は多くのアプリケーションで重要な役割を果たしています」とミナリックは言う。これには、コンテンツにインデックスを付けて整理する情報検索システム、テキスト内の回答を見つける質問応答システム、認識されたエンティティに基づいてコンテンツをパーソナライズするコンテンツ推薦エンジンなどが含まれる。 「名前付きエンティティを識別・分類することで、NERはデータアナリストやシステムエンジニアに、収集された膨大なデータから貴重な洞察を引き出す力を与える」とミナリックは言う。 6. 可視化によって価値を保証する。非構造化データを使えるようにするプロセスは、分析だけで終わらない、とミナリックは言う。それは、調査結果の報告とコミュニケーションに結実する。 「報告書には通常、主要な調査結果、方法論、分析の意味合いを構造化して示すことが含まれる」とミナリックは言う。「チャート、グラフ、ダッシュボードなどの視覚化は、複雑なデータを理解しやすい形式で伝えるのに役立つ。視覚的な表現は理解を容易にするだけでなく、利害関係者が傾向や異常値、重要な洞察を特定しやすくし、データに基づいたタイムリーな意思決定が行われるようにする。」 7. モニターしながら進める。時に見落とされがちなもう1つの重要なプラクティスは、継続的なモニタリングとメンテナンスの必要性である、とミナリックは言う。「現実のデータはダイナミックで、常に進化している。継続的なモニタリングとメンテナンスは、データが長期にわたって使用可能であることを保証するために不可欠である。」 そのために重要なのは、データの正確性と信頼性を維持するために、定期的にクリーニングを行い、品質チェックを行うことだとミナリックは言う。データの異常、矛盾、重複は、歪んだ分析や誤った分析を防ぐために、速やかに特定し、修正しなければならない。 8. チームのスキルを磨いておく。最後に、適切なスキルの開発に投資することは良い習慣である。基盤となるツールが常に進化していることを考えると、この努力は継続的でなければならない。 […]
Refocusing on Cybersecurity Essentials in 2024: A Critical Review
By supplementing traditional perimeter defense mechanisms with principles of data integrity, identity management, and risk-based prioritization, organizations can reduce their exposure to data breaches. The post Refocusing on Cybersecurity Essentials in 2024: A Critical Review appeared first on SecurityWeek.
Cyberattack Disrupts Operations of First American, Subsidiaries
A cyberattack appears to have caused significant disruption to the systems and operations of title insurer First American and its subsidiaries. The post Cyberattack Disrupts Operations of First American, Subsidiaries appeared first on SecurityWeek.
CBS Parent National Amusements Discloses Year-Old Data Breach
CBS parent company National Amusements is informing 80,000 individuals of a December 2022 data breach. The post CBS Parent National Amusements Discloses Year-Old Data Breach appeared first on SecurityWeek.
Ransomware Group Claims 100 Gb of Data Stolen From Nissan
The Akira ransomware group has taken credit for the recent attack that impacted Nissan Australia and New Zealand. The post Ransomware Group Claims 100 Gb of Data Stolen From Nissan appeared first on SecurityWeek.
Police Warn Hundreds of Online Merchants of Skimmer Infections
Law enforcement authorities in 17 countries discovered more than 400 online merchants infected with skimmers. The post Police Warn Hundreds of Online Merchants of Skimmer Infections appeared first on SecurityWeek.
Integris Health Data Breach Could Impact Millions
Integris Health has started informing patients of a data breach impacting their personal information. The post Integris Health Data Breach Could Impact Millions appeared first on SecurityWeek.
Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day
Chinese hackers exploited a zero-day tracked as CVE-2023-7102 to deliver malware to Barracuda Email Security Gateway (ESG) appliances. The post Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day appeared first on SecurityWeek.
Top 10 countries attracting international tech talent
Making an international move can be dauting — but moving for a new job can take some of the pressure off. Using your skills and expertise to land a job in another country can offer a unique opportunity to experience different cultures and travel, while maintaining your resume. And with tech talent in high demand […]
CIOs in financial services embrace gen AI — but with caution
Highly regulated, customer-centric, and dependent on layers of human involvement and manual processes, financial services are ripe for automation through artificial intelligence (AI). Those same characteristics, however, reveal the risks AI pose to this sector. So business technology leaders in financial services are carefully navigating a path toward AI. But as they reveal, it’s a […]
デジタルサクセスを実現するIT改革
CIOとそのITチームは近年、権力と名声の上昇を享受しています。企業の経営幹部が継続的な変革、デジタルのすべて、多数の新興技術を受け入れているからです。 その結果ほとんどのIT部門の予算が増加し、より多くのスタッフがサポート受け、企業戦略の策定により深く関与するようになってきたとの報告が相次いでいます。 しかしながら、多くのIT部門は現在の使命を果たすための自己改革に苦労しています。 専門サービス会社のアクセンチュア社からの報告を見てみましょう。2023年発行の研究論文『Total Enterprise Reinvention』によると、トータル・エンタープライズ・リインベンション(企業全体の再創造)の戦略採用に向けて動いている企業はわずか8%に留まっています。 その一方アクセンチュア社は、86%を「リインベンターズ」と見ています。これらの企業は、「業務全体ではなく、その一部を再創造すると言う意味です。継続的プロセスとしてではなく、限定的なプログラムとして再創造に取り組んでいるのです」 しかしさらなる向上を求める企業もあり、リインベンターズの43%がパフォーマンスの向上に努めています。 その方法の1つはIT部門の再考であり、経営コンサルタントやエグゼクティブアドバイザー、またCIO自身などがそれに当たります。この再創造はクラウドやアジャイル開発の原理、最先端のテクノロジー採用の範囲を超えています。それは、テクノロジー組織が広範の企業への提供を求められている継続的変革と歩調を合わせるために、IT自体がどのように作用し、スケーリングし、進化するかを変革していくということです。 「保守的な企業は、ビジネスニーズと変革目標に一致する明確な役割や責任を持って、リーダーのペースに従わなければなりません」と、IT サービス企業のTEKsystemsで最高テクノロジー責任者を務めるラム・パラニアパン氏は述べています。 デジタルサクセスを実現するIT変革に向けた戦略には以下が含まれます。 1.真に顧客中心の考え方 顧客を大切にする行動は実を結びます。管理コンサルティング会社のマッキンゼー社によると、顧客エクスペリエンスを向上する企業は売り上げが7%上昇し、収益性が1%から2%向上しています。 これらの数字は IT内で顧客中心の考え方を開発するのに説得力のある事例です。 しかしながら、Info-TechリサーチグループでCIO実務を務めるリサーチダイレクター主任のマニッシュ・ジェイン氏は、多くのIT部門がカスタマーアウトカム(顧客成果)よりも製品要件を満たすことに集中しすぎていると述べています。 「多くの企業が製品やユースケース中心になっています。ITはそれらを超え、顧客に対するバリュープロポジションを考える必要があるのです」 ジェイン氏はまず「顧客」の定義を理解することから始めなければならないと語り、それを「企業のサービスや製品の恩恵にあずかるすべての人」と定義してます。 その定義はシンプルですが、多くのIT部門は自身の顧客を識別する能力に欠けていると氏は語っています。「ほとんどの場合ビジネス(ニーズ)についてのみ考えており、そこから先に進めていない」と述べており、顧客中心に考えるということはまた、それぞれの顧客接点の向上を目標としたポイントソリューションの提供以上が求められていると付け加えています。 デジタル企業のウェストモンロー社が2023年に発行したレポート『The Digital Disconnect: Linking Vision to Real-World Execution』ではこの点について述べており、 企業の86%が自社を「顧客が求めるデジタル製品やデジタル体験の提供に長けている」と評価していますが、同社の製品スコアカードで9ポイント中4ポイント以上を獲得したのはわずか17%にすぎません。 それを向上するためには、エンドツーエンドのカスタマージャーニーという視点と、およびそのジャーニーに沿った改善の余地のある領域への見識をIT部門に与えるプロセスやポリシーをCIOが作成する必要があるとジェイン氏は述べています。テクノロジーチーム内でより顧客中心の考え方を高めるベストプラクティスには、アジャイル開発方法論の採用や顧客中心の重要業績評価指標の設定、および業務上のサイロを打破するための業務部門横断的な取り組みなどがあります。 2.クラウドの適切な活用 「クラウドの活用もまた、野心と現実が一致していない領域です」とジェイン氏は語っています。 CIOは長年にわたってリフト&シフト戦略を採用し、新しい環境で最適なパフォーマンスを達成するための再構築をせずに、既存システムをオンプレミスサーバーからクラウドに移行してきたとジェイン氏は述べています。 これらのCIOは、一般的にクラウド移行への出発点としてそのようなアプローチを取ったのでした。しかし、組織がクラウドコンピューティングを採用して10年以上経った今でも、多くのITチームはそれらのアプリケーションを再構築していません。 「スケーリングする計画はなく、柔軟性を向上するためのリファクタリングも行わず、その結果、コストが急上昇したのです」とジェイン氏は語っています。同氏はクラウド戦略にFinOpsを採用するようアドバイスしました。これは、テクノロジーチームがクラウド展開に必要なすべてのソフトウェアの増分費用に目を向け、ビジネス目標と提携し、クラウドへの投資が利益をもたらすようにFinOpsが会計実務とビジネス戦略、およびITクラウド実務をまとめることができるからです。 「つまりFinOpsは、クラウドの正確なアーキテクチャと設計に焦点を当てる助けをしてくれるのです」とジェイン氏は述べています。 3.イノベーションチームの作成 IT部門は過去の共有サービスモデルの先を進み、現在は事業部と緊密に連携しています。従って、IT出費全体からみたIT運用の予算配分は少なくなり、ビジネス主導型のIT改革に向けた資金は増加しています。 この新しい環境においてITは2本柱の戦略が必要となり、それはコスト最適化へのフォーカスとデジタル改革であるとパラニアパン氏は述べています。 「組織は自動化によるコスト削減の機会を継続的に捜すことによって、IT運用を最適化するべきです。IT組織はサポートを求める顧客からの資金に頼ることはできません。それはいまサービスレベル合意書に代わり、サポート削減が目標になっているからです」と述べています。 2本目の柱に対し、パラニアパン氏は「特定の収入源をもたらすソリューションを構築して展開することが大変重要です」と語り、CIOがAIテクノロジーや自動化、データを採用する必要性を強調しています。 情報テクノロジー、コンサルティング、ビジネスプロセスサービスを提供するウィプロ社のアメリカ支社でCIOを務めるラジーヴ・ピッライ氏は、そのような措置を講じました。同氏は、組織のニーズを満たす新興テクノロジー使用というアイディアの推進を目指し、組織のベンダーやパートナー、および外部のリサーチアナリストと協力するインキュベーションチームを結成しました。 このチームにはリーダーが2人おり、テクノロジーの使用方法を探る際は必ずスポンサーとテックリードを組ませることでビジネス目標との整合性を保っていると同氏は述べています。 しかしここで氏は、改革のマンデートはこのチームのためだけに存在しているのではないと語り、通常のIT運用に従事するスタッフも含め、自身のスタッフ全員が新しいテクノロジーを学び、限界を押し広げてほしいと望んでいます。 氏はまた、ビジネスに連携したサービスデリバリーマネージャーというポジションを作り、現在40名ほど雇用されています。このポジションは「顧客が抱える問題に耳を傾け、テクノロジーを利用して問題の解決法を見つける」ことにフォーカスを当てています。「これは我々が顧客のスペースに入るための意図的な試みと言えます」 4.ITチームの自身に対する視点を変える モンタナ大学のCIOを務めるザック・ロスミラー氏は、継続的な変革を進めるには、ITチームが改革を単なるタスクとして捉えてはならないと信じています。ITチームはむしろ、企業を成功に導くためにテクノロジーを使用する改革者として自身を捉えなければならないと述べています。 彼は、自身のスタッフに対しても自身の捉え方を変えるよう強く求めています。 「私のスタッフにも、ITをデジタルの改革と成功を推進するソートパートナーとして受け入れるよう奨励しています。我々はバックエンドプロセスを知っているし、システムも知っています。我々は変化を推進することができるのです。ITでそれを達成するのは困難なこともあるのです」 以前チームメンバーから、学生の保持率向上とIT作業はどのような関係があるのか尋ねられた氏は、その挑戦を受けるために一歩踏み出しました。チームは自身をどのように捉えているのか、その見方を変えるために様々なアプローチを取り入れました。例えば、テクノロジーの性能が学生の経験にどう影響するかなどについてわかりやすく説明しました。つまり学生の保持率などの重要業績評価指標です。その結果ITリーダーは、IT業務が大学の目標に与える影響、およびその影響度を把握するために、年間目標を設定し、四半期おきに状況を確認し、毎月評価するようになりました。 「大学は毎年、優先事項を記した年間プレイブックをリリースします。我々はその優先事項を確認し、実行中のプロジェクトをリストアップし、それらのアライメントが取れているかをチェックします。アライメントが取れていない場合は再度考えます。取れている場合は、学生の成功やリサーチの卓越性を推進するものとしてこれを強調するのです」とロスミラー氏は述べています。「日々の仕事が大学の任務推進に役立っていることに気づけば、そこから成功が生まれるのです」 最近ITスタッフの一人がID管理の問題を表面化させました。大学のID管理システムが古いために関係者全員にとって問題になっており、古いアーキテクチャのサポートにユーザーからITスタッフまでイライラしていると指摘したのです。 氏は、問題を指摘したスタッフの能力を評価し、さらなる向上を提唱しています。そのどちらも数年前に比べて現在のITチームでは頻繁に行われるようになったことです。 「スタッフが自分たちがここにいる理由、そして自分たちはただ便利な存在だけではないと理解していることを示しているのです。我々は変化を推進するエージェントなのです」 5.スタートアップの精神力を育成 IT部門は、スタートアップ時に存在したような機敏な小チームに対しては、スタッフを総動員する大きな試みを断念する必要があります」 と、『Demystifying IT』の共同著者であり、ブティック型コンサルティング会社のCG […]
The only CIO resolution that matters
In many communities, December is a month set aside for reflection. To wit, across nearly every discipline, one finds magnum opuses entitled “Lessons Learned” or “The Year in Review” as the year draws to a close. Such exercises are valuable but anachronistic. Perhaps in an age when our forebears huddled around campfires waiting for warmer […]
8 big IT failures of 2023
IT provides the plumbing for just about every company in existence today. Most of the time, that plumbing works fine — but when something goes wrong, it can be more embarrassing (and more expensive) than the most extravagantly overflowing toilet. We’ve gathered eight instances of big tech failures that struck companies and other organizations in […]
I 7 trend del 2024 secondo i CIO: dall’IA al quantum, l’innovazione continua
C’è tanta intelligenza artificiale, inclusa quella generativa, nel nuovo anno della trasformazione digitale e delle strategie dei CIO. Per tutti l’IA è la parola d’ordine del momento, il trend numero uno a cui guardare nel 2024 e oltre. I Chief Information Officer italiani sanno che le opportunità e le sfide del 2024 saranno anche altre. […]
ドイツヘルスケア大手ゲーレスハイムのIT改革
2023年半ばまでに、ドイツのヘルスケア大手のゲーレスハイムはIT戦略を見直しました。その中心的な要素がクラウドの導入で、CIOのザファー・ナルバントと彼のチームは、Microsoft Azureをベースにしたパブリッククラウド部分と、T-Systemsが完全に管理するデータセンターで稼働するプライベートクラウド部分で構成されるハイブリッド環境を構築しました。ナルバント氏によると、IT部門は、どのシステムやアプリケーションをどのクラウド環境で実行するかを自由に決定し、適応させることができます。 「今後3年間で、全54拠点が徐々にこのクラウド環境に移行していく予定です」と彼は言います。レイテンシーが許されない本番用ソフトウェアとマシンのみが拠点に残るのです。 同時に、ゲーレスハイムはIoTプラットフォームの構築も進めています。「将来的には、すべてのプロダクション・サーバーとアプリケーション・サーバーをこれに接続し、独自のデータレイクを構築する予定」とのこと。 すべてを見直し 技術的な再編成には、IT戦略の変更も必要です。「以前は、IT部門は主にチケットの解決と可用性の確保に取り組んでいました。しかし今日、ゲーレスハイムは、クラウドに依存し、マネージド・サービス・プロバイダーからIT管理サービスを購入することで、高い可用性を確保する傾向が強まっています。これにより、IT部門の時間とリソースをビジネス・オペレーションのサポートにより集中させるだけでなく、ビジネス・プロセスと企業の成功により大きな付加価値を生み出すことを目指しています。デジタル化とAIをビジネス分野とともに推進したいのです」とナルバント氏。 この目的のため、会社の重要なプロセスには部門横断的な中央チームが設置され、プロセスを把握し、どのように標準化、デジタル化、自動化、AIによるサポートが可能かを評価します。 目標は、2028年までに54拠点の専門部署におけるプロセスの約70%を最適化することです。 プラットフォームにすべてを載せる ゲーレスハイムは現在、このためのプラットフォームを探しています。「マイクロソフトのパワー・プラットフォームを使いたいのですが、パワー・プラットフォームではすべてのプロセスを自動化できないと思うので、ローコード/ノーコード・プラットフォームも考えています」とナルバント氏。 同社は3年ほど前から、ITサービス管理ツールおよびチケットシステムとしてServiceNowを使用しています。このプラットフォームは、構成管理データベース(CMDB)やソフトウェア資産管理などを含む、ゲーレスハイムのITフレームワークとなることを目指しています。 計画では、このフレームワークをセルフサービス・プラットフォームに拡大する予定です。ユーザーは、ダッシュボードを自動的に作成したり、ソフトウェアを注文したり、クラウドリソースが予約できるインストールを管理したりすることができます。「私たちは、これらのプロセスをほんの数分に短縮したいと考えています。それが現在取り組んでいることです」。 SAP S/4HANAへの断片的な移行 さらに、ゲーレスハイムはSAP S/4HANAへの移行戦略を進めています。ナルバント氏によると、これはかなり控えめに設定されています。「大々的に開始するのではなく、2024年にはまずは財務の変革から始めます」とのことで他の分野はその後対象となります。「多くの企業がここで失敗するのは、範囲を大きく設定しすぎるからです。それを避けたいのです」。 ゲーレスハイムがレガシーシステムのサポートを終了する2027年末までに、全世界のSAPシステムを完全に移行されているはずです。 社内へAIを導入 ナルバント氏によると、AIは従業員にとって多くの付加価値があり、最初のアプリケーションはすでに使用されており、間もなくグローバルに展開される予定です。専用のAIハブもMicrosoft Teamsに直接実装されました。「このハブには、翻訳、ChatGPT 4、ユーザーのスペルチェックや文法チェックなどが含まれています。私たちはまた、データが社内にとどまり、公共の学習データとして使用されないようにしています。このようなアプローチは従業員にも好評です。従業員は以前にもブラウザでこうしたツールを使ったことがあると思いますが、今はそれをコントロールできるようになりました。」AIの利用を妨げるのではなく、ユーザーの生産性を高めるために、明確に定義された範囲内でAIを利用することに重点を置いています。 これにより、チームはアプリケーションを洞察し、どのアプリケーションが最も使用されているかを知ることができます。「そして、最も人気のあるアプリを特別に拡張して、ビジネスをさらにうまくサポートすることができます」とナルバント氏。 セキュリティに関しても、ナルバント氏は同社のAIを利用しています。「私たちは24時間365日稼働するマネージド・セキュリティ・オペレーション・センターを持っており、データから学習するためにデータレイクを備えた独自のプラットフォームも構築したいと考えています。」 IT部門に人手不足はなし ナルバント氏によれば、AIへの取り組みにかかわらず、人材が不要になることはないとのこと。それどころか、ゲーレスハイムはこの戦略を実行するため、IT部門の増員を求めています。ナルバント氏によると、特にゲーレスハイムの労働環境と企業文化を考慮すれば、市場で高いスキルを持つ従業員を見つけるのは難しいことではないとのこと。例えば、コロナウイルスの大流行の際、同社は成長し、遠隔地でもビジネスがうまくいくことを学びました。「他の多くの企業のように、社員を3日以上オフィスに行かせるのではなく、より柔軟に対応することにしました。」 社員は週に2日オフィスに出社し、そのうちの1日はチームの交流のために確保しています。その後、チーム全員がオフィスで個人面談やランチをともにします。それ以外の週は、社員がいつどこで働くかを自分で決めることができ、労働時間は信頼関係に基づいて決められます。 ゲーレスハイムは、ワーケーションの機会も提供しています。「同僚は最長30日間、他のヨーロッパ諸国から勤務することができます」とナルバント氏。これは特に若い世代に好評です。 ナルバントは、ポートフォリオやタスクも一役買っていると言います。多くの従業員がゲーレスハイムの製品に共感していますし、再編以来、IT部門は戦略を推進するための技術に取り組み続けています。「これが、会社を面白くさせ、若い人材にとって魅力的なものとするのです。」 Business Operations
Chameleon Android Malware Can Bypass Biometric Security
A variant of the Chameleon Android banking trojan features new bypass capabilities and has expanded its targeting area. The post Chameleon Android Malware Can Bypass Biometric Security appeared first on SecurityWeek.
UK Teen Gets Indefinite Hospital Order For ‘Grand Theft Auto’ Hack
Arion Kurtaj was found responsible by a British court of carrying out one of the biggest breaches in the history of the video game industry The post UK Teen Gets Indefinite Hospital Order For ‘Grand Theft Auto’ Hack appeared first on SecurityWeek.
In Other News: Crypto Exchange Hack Guilty Plea, Rating AI Vulnerabilities, Intellexa Spyware
Noteworthy stories that might have slipped under the radar: Cryptocurrency exchange hacker pleads guilty, rating LLM vulnerabilities, Intellexa spyware analysis. The post In Other News: Crypto Exchange Hack Guilty Plea, Rating AI Vulnerabilities, Intellexa Spyware appeared first on SecurityWeek.
Iranian Hackers Targeting US Defense Industrial Base Entities With New Backdoor
Microsoft has observed Iranian state-sponsored hackers targeting employees at US DIB entities with the FalseFont backdoor. The post Iranian Hackers Targeting US Defense Industrial Base Entities With New Backdoor appeared first on SecurityWeek.
Inmate, Staff Information Stolen in Rhode Island Prison Data Breach
The Donald W. Wyatt Detention Facility says the data of 2,000 inmates, staff, and vendors was stolen in a cyberattack. The post Inmate, Staff Information Stolen in Rhode Island Prison Data Breach appeared first on SecurityWeek.
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild
CISA released ICS advisories for FXC router and QNAP NRV flaws and added them to its known exploited vulnerabilities catalog. The post CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild appeared first on SecurityWeek.
14 in-demand cloud roles companies are hiring for
After marked increase in cloud adoption through the pandemic, enterprises are facing new challenges, namely around the security, maintenance, and management of cloud infrastructure. To tackle that, businesses are turning their budgets toward the cloud, with two out of every three IT decision-makers planning to increase cloud budgets in 2024, and nearly a third (31%) […]
What enterprise software vendors are doing with generative AI
2023 was a break-out year for generative AI technology, as tools such as ChatGPT graduated from lab curiosity to household name. But CIOs are still cautiously evaluating how to safely deploy generative AI in the enterprise, and what guard-rails to put around it. Sometimes, though, it sneaks in through the back door as a result […]
Trust Bank’s commitment to CX as a digital disruptor
Singapore’s Trust Bank (also known simply as Trust) is a new financial institution that’s enjoyed a strong first year of operations, capturing 12% market share in Singapore since launch and setting new benchmarks in customer experience and innovation. How this digital-first bank developed a differentiated user experience for its customers provides insight into what it […]
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher
A researcher has shown how malicious actors can create custom GPTs that can phish for credentials and exfiltrate them to external servers. The post Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher appeared first on SecurityWeek.
Involta: On a mission to transform the world through technology
Ken Kremer, chief technical officer at Involta, points out that the company’s inaugural Environmental, Social, and Governance (ESG) report reflects its commitment to set an example for the IT industry. It also emphasizes Involta’s focus on the three pillars of its ESG strategy: environmental sustainability, employee well-being, and strong governance practices. “When Involta was founded […]
Cisco to Acquire Isovalent, Add eBPF Tech to Cloud Portfolio
Isovalent raised about 70 million in funding from prominent investors including Microsoft’s venture fund, Google, and Andreessen Horowitz. The post Cisco to Acquire Isovalent, Add eBPF Tech to Cloud Portfolio appeared first on SecurityWeek.
Gaining an AI advantage: Not all AIs are created equal
We have seen a lot of companies promising AI solutions for Cybersecurity in the Cloud, but let’s be clear: when it comes to AI in Cybersecurity, it is important to understand that not all AIs are created equal. Quality and volume of data, scalability of solution, and ability to process inference effectively are key aspects […]
Radically simplify and expand Zero Trust to cloud workload
The public cloud imperative For many organizations, regardless of size or industry, the public cloud has become an essential resource for critical operations. One reason is that public cloud has proven to be 40x more cost-effective. 1 Moreover, the public cloud is easy to use and is extremely scalable. However, securing the cloud traffic from […]
Explainer: Building a high-performing last-mile delivery software
Last-mile troubles and unforeseen complications can crop up at times and cause unexpected delays. This has put immense pressure on IT leaders to deploy the best last-mile delivery software to safely and accurately transfer packages. This is the most crucial aspect in the entire delivery process as it directly influences the end user. The staff monitoring the logistics […]
Averting turbulence in the air
The diversification of payment methods and gradual increase in the volume of online transactions have cast a spotlight on the need for payment security compliance within the airline industry. With the new, recently onboarded Payment Card Industry Data Security Standard (PCI DSS) v4.0, it’s important to explore the intricacies of PCI DSS compliance and uncover […]
Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records
Real Estate Wealth Network database containing real estate ownership data, including for celebrities and politicians, was found unprotected. The post Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records appeared first on SecurityWeek.
ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature
ESET has patched CVE-2023-5594, a high-severity vulnerability that can cause a browser to trust websites that should not be trusted. The post ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature appeared first on SecurityWeek.
ESO Solutions Data Breach Impacts 2.7 Million Individuals
ESO Solutions is informing 2.7 million individuals of a data breach impacting their personal and health information. The post ESO Solutions Data Breach Impacts 2.7 Million Individuals appeared first on SecurityWeek.
Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product
Ivanti has patched 20 vulnerabilities in its Avalanche MDM product, including a dozen remote code execution flaws rated critical. The post Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product appeared first on SecurityWeek.
FTC Proposes Strengthening Children’s Online Privacy Rules to Address Tracking, Push Notifications
The FTC has proposed strengthening children’s online privacy rules to address tracking and push notifications. The post FTC Proposes Strengthening Children’s Online Privacy Rules to Address Tracking, Push Notifications appeared first on SecurityWeek.
Google Rushes to Patch Eighth Chrome Zero-Day This Year
Google warns of in-the-wild exploitation of CVE-2023-7024, a new Chrome vulnerability, the eighth documented this year. The post Google Rushes to Patch Eighth Chrome Zero-Day This Year appeared first on SecurityWeek.
Fed CIO Ghada Ijam on the balancing act of leadership
Ghada Ijam is the CIO for the Federal Reserve System, where she leads the Fed’s technology and cybersecurity professionals to move at the speed of business, driving collaboration and innovation to shape the Fed’s digital future. Overseeing IT within a federated organization, Ijam partners with leaders across the Reserve Banks and centralized service providers to […]
3 priorità fondamentali per la trasformazione digitale nel 2024
L’IA generativa non è l’unica iniziativa che può trasformare la vostra azienda nel prossimo anno. Anche affrontare le lacune operative e formare nuovi leader digitali può essere un moltiplicatore di forze. I rapporti degli analisti indicano ai CIO che l’IA generativa dovrebbe occupare il primo posto tra le priorità della trasformazione digitale per il prossimo […]
Zen and the art of platform engineering
Achieving and maintaining any sense of Zen requires a commitment to keeping everything in balance. Too much of any one thing inevitably creates levels of friction that, over time, become unsustainable. Within a DevOps context, the current manifestation of Zen is organizations embracing platform engineering methodologies that enable them to standardize around a common set […]
Generative AI: the Shortcut to Digital Modernisation
THE BOOM OF GENERATIVE AI Digital transformation is the bleeding edge of business resilience. For years, it was underpinned by the adoption of cloud and the modernisation of the IT platform. As transformation is an ongoing process, enterprises look to innovations and cutting-edge technologies to fuel further growth and open more opportunities. Notably, organisations are […]
クラウドアプリ移行の頭痛を避けるための4つの対策
企業は、ビジネスクリティカルなアプリケーションをクラウドで稼働させることを一旦決めたら、他のプロバイダーに移行することはほとんどない。その大きな理由の1つは、多くの場合、選択したプロバイダーのエコシステムにロックインされているからだ。移行コストは単純に高すぎると、ガートナーのクラウドサービス・テクノロジー担当副社長シド・ナグは言う。「しかし、きちんと計画を立てれば、アプリケーションを移行する必要はないはずです」と彼は言う。 プロフェッショナル・サービス企業Globantのクラウドオペレーションおよびサイバーセキュリティ・スタジオ・パートナーであるパブロ・デル・ジュディチェは、組織を正しく配置すれば移行は可能だと付け加える。そして、彼と彼のチームはそれを成功させている。「重要なのは、オープンなプラットフォームとフレームワークを戦略的に採用し、クラウド・プロバイダーをインフラレイヤーの役割に追いやることだ。このアプローチは、学習曲線が急な反面、中長期的にはより有利な結果をもたらす」と彼は付け加える。「重要なのは、プラットフォーム・ニュートラルなソフトウェア・アーキテクトを導入することだ。」 米国特許商標庁のCIOであるジェイミー・ホルコムは、もう少しニュアンスの異なる見方をしている。同は、クラウド・サービス・プロバイダー間でアプリケーションを移行させる選択肢をオープンにしておきたいと考えており、主要なプロバイダーすべてについて市場調査を行っている。しかし、そのためには、アプリケーションを初めてクラウドに移行する前に、早めに計画を立てる必要がある。 ロックインのリスクを最小限に抑える 各ベンダーのクラウドネイティブサービスを利用する際には、トレードオフを慎重に検討する必要がある。「アグノスティック(不可知論的)であることを維持するために、クラウド・プロバイダーのネイティブ・サービスを利用しないという選択をすると、『より良い、より安い、より速い』というビジネス・ケースの指標の多くを失うことになる」とホルコムは言う。「ベンダーロックインにコストがかかるように、不可知論的であることにもコストがかかる。」 デル・ジュディスは、クラウド・ベンダーのロックインを3つの形態に分類している。プラットフォーム・ロックインとは、クラウドの基盤構成(リソース・グルーピング、ポリシー、RBAC、ハイブリッド接続、モニタリング、コンプライアンスなど)が完成している場合に発生するもので、そのすべてを新しいプラットフォームで再作成するのは複雑なため、別のプラットフォームへの移行が困難になる。 アーキテクチャー・ロックインは、アプリケーションがクラウド・プロバイダーの複数のマネージド・サービスに依存している場合だ。この場合、移行する前にアプリケーションを再設計する必要がある。 そして、法的なロックインもある。あらかじめ決められた期間、エンタープライズ・サービス契約にコミットしている場合だ。「このようなコミットメントは解約が難しく、マイグレーションの実行を困難にする」と彼は言う。 ベンダーの囲い込みは、CIOが回避しようと最善を尽くしても避けられないことがある。CIOは通常、統合を望むが、コストが高すぎて正当化できないことが多い。CIOは通常、統合を望むが、コストが高すぎて正当化できないことが多い。ほとんどの場合、CIOはマルチクラウド・モデルを維持するとナグは言う。 しかし組織には、障害にもかかわらずIaaSプロバイダー間を移行する正当な理由があるかもしれない、とデル・ジューディスは言う。最も一般的なのは、競合するクラウドサービス・プロバイダーの積極的な割引を利用するために、価値とOPEXの間のコスト比率を改善すること、そして組織が信頼性を向上させたい場合にマルチクラウド・アーキテクチャを活用することである。 将来的な移行を見据えた計画を立てる しかし、ガートナーが「クラウド・リパトリエーション」と呼ぶように、主要なアプリケーションをクラウドプロバイダー間で移行させたいと考えるのは、たいていの場合、誤った計画の結果であるとナグは言う。ナグは、クラウドへのリフト・アンド・シフトのデプロイメントだけでなく、手頃な価格のクラウドネイティブ・ミドルウェアや開発ツールの使用を決定し、完了したらアプリケーションをオンプレミスのプライベート・クラウドに戻すことを意図している場合にも、この傾向が見られるという。 同氏は、MSPやシステムインテグレーターのサービスを利用して計画を立て、クラウドに移行するアプリケーションを正しく選択することを勧めている。「一旦クラウドに移行してしまうと、そのプラットフォームに縛られることになるからだ。」 金融サービス企業のUSAAは、4つのクラウドサービスプロバイダーの中から、各ワークロードと通常のビジネスアプリケーションをホストするプロバイダーを慎重に選んだとSVP兼CTOのジェフ・カルシンスキーは言う。「我々は、クラウドプロバイダーを、彼らが最も得意とするビジネスや技術サービスに合わせました。」 この機関のマルチクラウド戦略は、同が「オープン・バイ・デザイン」と呼ぶ原則に基づいている。「オープンな標準が存在する場合はそれを使用することで、ベンダーロックインの可能性を減らしています」と彼は言うが、ロックインの可能性と天秤にかけなければならない魅力的な価値提案を提供するネイティブサービスもあることを認めている。 また、オープンな設計原則は、ロックインの可能性という点では限界があるとナグは言う。最新のサービスを利用していても、プラットフォームごとに実装は異なるからだ。例えば、アマゾンのEC2基盤はグーグルのGCPと同じことをするが、EC2上で動くアプリケーションは、高価な手直しをしなければGCP上では動かない。また、Kubernetesは業界標準だが、Azure Communication ServicesやGoogle Kubernetes Engineなどの実装は、同じようには動作しない。 「しかし、クラウドプロバイダーとアプリケーションの間には、いくつかの抽象化レイヤーが出現している。」とデル・ジュディチェは言う。これらのサービスは、ネイティブのクラウド・プロバイダー・サービスを使用している場合でも、移行を簡素化することができる。「pub/sub、サービス呼び出し、シークレット管理、ステート管理などのこれらのサービスは、クラウド・プロバイダーに関係なくアプリケーションのコンポーネントを抽象化する。要するに、選択肢は開かれているが、あるクラウド・プロバイダーから別のクラウド・プロバイダーへ移行するためには、いくつかの作業を行う必要があるということだ。」 データ要件もまた、慎重な計画が必要な分野だ。「クラウド間でアプリを移行させるには、関連するデータも移行させる必要があるためコストがかかる。」とナグは言う。 そのため、事前に計画を立てる必要がある、とホルコムは付け加える。「契約書を交わさない限り、プロバイダーと契約してはならない。そうすることで、データを取り出す方法や、ソフトウェア・サービスを別の場所に複製する方法を知ることができる。」 しかし、適切なETL戦略を持つことで、プロバイダー間でデータを構造化された方法で、利用可能なフォーマットで移行できることが保証されるとしても、そのような計画は存在しないことが多いとデル・ジューディスは言う。「クラウド・サービス・プロバイダーは、理論的には使いやすいオープン・プラットフォームやデータ・アクセス・プロトコルの利用を強調しているが、これらのサービスにアクセスするためのネットワークの制限やセキュリティは見落とされがちだ」 どのクラウド・ネイティブ・サービスを使うかを決めるとき、組織には選択の余地がないこともある。セキュリティが良い例だ。「セキュリティのニーズが高い場合、一般的なサイバーセキュリティでは不十分かもしれません」とホルコムは言う。ニーズが具体的であればあるほど、ベンダーロックインという点で、サービスは厳しくなる。また、データ集約型の業務を行う企業は、ストレージと帯域幅の両方の問題に直面しており、PaaSとIaaSのプロバイダーはその両方を競争上の差別化要因として利用している、と同氏は言う。「両方を使って高いパフォーマンスを活用しようとすれば、それは難しいことです」 ホルコムは、ネイティブ・サービスを活用したカスタマイズに対して、同が「ブラック・スプルース」と呼ぶアプローチに従っている。黒いトウヒが枝を幹に密着させるように、USPTOもカスタマイズを可能な限り「細く」しているという。そうすることで、ロックインを減らすだけでなく、同が「過剰でコストのかかるバージョニング・パス」と呼ぶような作業に悩まされることもなくなる。 カルシンスキーも同様のアプローチをとっている。「ほとんどのPaaSには、コア機能と付随機能がある。我々は、補助的な機能の数を制限し、コアに集中する。」 SaaSベースのアプリケーションも同様で、RemedyからServiceNowとSalesforceに移行した後、彼のチームはこれに従った。「多くをカスタマイズせず、必要なときに変更できるようにすることだ。我々はSalesforceに縛られることなく、ServiceNowは構造的に良いプラットフォームだった。しかし、最適化が過剰に施されていると、行き詰まってしまう」 しかし今回、カルシンスキーは違ったアプローチをしている。「SaaSプラットフォームでは、ビジネスとしてベンダーの能力に十分な差別化が見られず、変更の可能性が低いため、可能な限りプラットフォームを採用する。」 潜在的な移行の痛みを回避する クラウドプロバイダー間の移行には無数の課題があることは明らかだ。互換性の問題、セキュリティ上の懸念、アプリケーションの大規模な再構成の必要性、新しい環境にシームレスに統合できない古いオペレーティングシステムや時代遅れの技術スタックに基づくイメージへの対応などだ。大量のデータを移行することは、ダウンタイムやデータ損失の可能性にもつながりかねず、移行中の一貫したパフォーマンスとスケーラビリティを確保することは極めて重要である。「これらの課題を管理するには、綿密な計画、徹底的なテスト、明確に定義されたロールバック戦略が必要」とデル・ジューディスは言う。 また、PaaS移行の主な失敗ポイントとしては、コストやビジネス上の期待に応えられていないこと、リソースのスキルが十分でないこと、標準化やセキュリティ基盤が不足していること、クラウドネイティブな機能を活用できていないこと、セキュリティやコンプライアンスに関する懸念があること、クラウド運用モデルを採用していないことなどが挙げられる。 デル・ジュディチェは、クラウドプロバイダー間の移行を検討している組織に対して、6つのステップからなるアプローチを推奨している。まず、サブスクリプション・モデルを評価し、それがROIの目標に合致していることを確認する。ハイブリッド・クラウドのアプローチを採用する。可能な限りクラウドにとらわれないソリューションを使用し、将来の移行オプションの幅を広げる。ネイティブ・クラウド・サービスを利用する場合は、抽象化レイヤーを用いてアプリケーションを設計する。データ移行の計画、テスト、バックアップ戦略に投資し、リスクを軽減する。必要に応じてライセンス契約を見直し、調整する。 選択肢を慎重に検討する クラウドプロバイダーの移行を検討する際には、移行コストとデータの所有権を常に考慮する必要がある、とカルシンスキーは言う。 また、ロックインを高めるネイティブ・クラウド・サービスを利用するのか、それともアグノスティック(不可知論的)な立場を維持するのかのバランスを取る場合、組織とそのミッションにとって最適なものを選ぶだけで、正解はないとホルコムは言う。問題なのは、クラウドベースのアプリケーションが組織のミッションに合致し、長期的にそれを達成するために最高の価値を提供するかどうかだという。「複雑すぎるコスト・インフラを導入してしまうと、ビジネスモデルが変わったときに変更することができません」と同は言い、USPTOが設計上マルチクラウド・アーキテクチャを採用しているように、選択肢を広げておくべきだ」と付け加えた。「私の一番の理由は、サービス・プロバイダー間の競争をさせるためです」と彼は言う。 クラウド移行の戦略を練る際には、価格設定モデルに留意することが重要だとデル・ジュディチェは言う。「コスト削減の可能性のあるプランを検討し、データ転送コストを考慮に入れてください」と彼は言う。「このアプローチは、予期せぬクラウド運用費の高騰を防ぎ、予算制約との整合性を確保するために不可欠である。移行戦略を実行する際には、他に2つの要素を考慮する必要がある。第一に、マイクロサービスやサーバーレスなど、移行を促進するためにクラウドサービスプロバイダーが提供するサービスは何か。カスタマイズされたソリューションを使うか、クラウドプロバイダーのマネージドサービスを使うかを決める必要があるが、これはベンダーロックインのリスクを生む。第二に、クラウド・プロバイダーは、アプリケーションの移行に対してインセンティブ・プログラムを提供している場合があり、大規模な移行にはかなりの割引が適用される。」 その性質上、クラウド移行にはリスクが伴う。しかし、事前に計画を立て、このプロセスに粘り強く取り組むCIOは、より費用対効果の高いクラウドサービスと価格モデル、スケーラビリティとリソース割り当ての改善、パフォーマンスと応答性の向上を実感できるだろう。「ベンダーの囲い込みが減ることで、俊敏性とイノベーションが促進される」とデル・ジュディチェは言う。「最終的に、クラウドへの移行は競争力、革新性、効率性の向上につながる。」 Cloud Architecture
SimSpace Scores $45 Million Investment to Expand Cyber Range Tech Markets
The new round of financing was led by L2 Point Management and brings the total raised by Boston-based SimSpace to $70 million. The post SimSpace Scores $45 Million Investment to Expand Cyber Range Tech Markets appeared first on SecurityWeek.
Paving the way for generative AI proficiency in the workplace
I was recently at a dinner party where another guest asked me to explain what I do for work. When I mentioned that part of my job involves thought leadership around digital trends like generative AI, the first comment was, “Wow, you must be busy this year.” It’s a natural conclusion to come to: Even […]
Achieving sustainable PCI security excellence
Organizations face persistent challenges in achieving, and more importantly, sustaining Payment Card Industry Data Security Standard (PCI DSS) compliance. Due to the burgeoning number of competing regulatory requirements, organizations often find themselves overwhelmed with PCI security complexity and repeat failures in sustaining compliance, resulting in compliance fatigue. Two influential thought leaders of our time offer […]
Okta to Acquire Israeli startup Spera Security
Okta agreed to acquire Spera Security in a move broaden Okta’s Identity threat detection and security posture management capabilities. The post Okta to Acquire Israeli startup Spera Security appeared first on SecurityWeek.
Righting the vessel
In 2019, advanced aquatic engine technology provider YANMAR Marine International was all at sea, or in a state of confusion. The company had outgrown its enterprise resource planning (ERP) system, with its legacy processes outdated and no longer supported. The tech structure was largely manual, requiring employees to enter data in multiple places. As a result, inputs were […]
Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape
Firefox and Thunderbird security updates released this week address multiple memory safety bugs in both products. The post Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape appeared first on SecurityWeek.
NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains
The National Security Agency has published a new yearly report detailing its cybersecurity efforts throughout 2023. The post NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains appeared first on SecurityWeek.
BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows no Limits on Targets
The BlackCat/Alphv ransomware group is dealing with the government operation that resulted in website seizures and a decryption tool. The post BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows no Limits on Targets appeared first on SecurityWeek.
Xfinity Data Breach Impacts 36 Million Individuals
The recently disclosed Xfinity data breach, which involved exploitation of the CitrixBleed vulnerability, impacts 36 million individuals The post Xfinity Data Breach Impacts 36 Million Individuals appeared first on SecurityWeek.
3,500 Arrested, $300 Million Seized in International Crackdown on Online Fraud
Authorities in 34 countries have cooperated to dismantle cyber-enabled scams as part of a six-month operation. The post 3,500 Arrested, $300 Million Seized in International Crackdown on Online Fraud appeared first on SecurityWeek.
Is it worth measuring software developer productivity? CIOs weigh in
Most enterprises are committed to a digital strategy and looking for ways to improve the productivity of their workforce. At the same time, developers are scarce, and the demand for new software is high. This has spurred interest around understanding and measuring developer productivity, says Keith Mann, senior director, analyst, at Gartner. “Organizations need to […]
Rackspace’s Brian Lillie on the importance of leadership principles
Brian Lillie is president of Private Cloud at Rackspace and had previous technology leadership roles at Equinix, Verisign, SGI, and the United States Air Force, so he’s worked hard to define his leadership style. The first step was to define his purpose. After leaving Equinix in 2019, he hiked the Camino de Santiago in Spain, […]
How IT nurtures a work-life balance at Baptcare
With about 3,800 staff and operations across Victoria, South Australia, and Tasmania, Baptcare is a purpose-driven non-profit providing residential and community aged care, as well as support to children, families, and people seeking asylum. How all those demands dovetail into IT is testament to the work fulfilled by CIO Suzanne Hall and her team. “Being […]
How new public transportation technology is prioritizing passenger safety
Each year, Americans take billions of trips on buses, light rail, subways, trains and other public transit modalities. So it’s not surprising the recent Bipartisan Infrastructure Law earmarked $91 billion in guaranteed funding for public transportation, with priority areas of public safety, climate, transport equity and investing in new public transportation technology. Though traveling by public transportation is […]
Empowering at-risk youth and adults with devices, connectivity and dignity
Portland Opportunities Industrial Center and Rosemary Anderson High School (POIC + RAHS) has a long name, but a simple, powerful mission: helping at-risk youth and adults be safe and successful. This thriving non-profit organization based in Portland, Oregon provides a diverse range of much-needed services, including alternative education, public safety and violence intervention, and job […]
How to enhance and secure cloud communications between government agencies
The May 2021 release of Executive Order 14028, Improving the Nation’s Cybersecurity, the growing attack surface due to cloud adoption, and the January 2022 Federal Zero Trust memorandum have all added urgency to the federal government’s move to implement better network security through solutions based in Zero Trust architecture. With initiatives such as the Cloud Smart strategy and agencies like […]
How Zero Trust is supposed to look
Over the last few years, it has become more and more apparent that the status quo for networking and security is no longer viable. Endlessly extending hub-and-spoke networks to more remote users, branch offices, and cloud apps increases risk, harms the user experience, and is prohibitively complex and expensive. The same is true when relying […]
Huawei Cloud named leader in emerging Asia-Pacific hybrid cloud market
Frost & Sullivan, a global research and consulting firm, recently released the Emerging Asia-Pacific Hybrid Cloud Market Report 2022 report. The report provides a comprehensive assessment of how the emerging hybrid cloud market developed and how market share was distributed in Hong Kong (China), Singapore, Thailand, and other countries or regions. In this report, Huawei […]
Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE
Akamai researchers document more vulnerabilities and patch bypasses leading to zero-click remote code execution in Microsoft Outlook. The post Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE appeared first on SecurityWeek.
Fixed wireless access (FWA) is a secure networking option
When making decisions about network access, businesses need to be aware of and assess the security implications associated with network technology to help keep their digital assets protected. Cyber hygiene best practices include device security, cyber security education, and secure networking strategies. Businesses considering adopting fixed wireless access (FWA) solutions—whether over 4G LTE or 5G networks—should understand […]
Secure cloud fabric: Enhancing data management and AI development for the federal government
In recent years, government agencies have increasingly turned to cloud computing to manage vast amounts of data and streamline operations. While cloud technology has many benefits, it also poses security risks, especially when it comes to protecting sensitive information. To address these challenges, agencies are turning to a secure cloud fabric that can ensure the […]
US Gov Disrupts BlackCat Ransomware Operation; FBI Releases Decryption Tool
The US government announced the disruption of the notorious BlackCat ransomware-as-a-service operation and released a decryption tool to help organizations recover hijacked data. The post US Gov Disrupts BlackCat Ransomware Operation; FBI Releases Decryption Tool appeared first on SecurityWeek.
The critical role of the network in sustainability, security and AI
The network is the foundation of the enterprise. In manufacturing plants, financial institutions, educational settings, smart cities and hybrid work setups – just about everywhere – it’s the glue that binds everything together. It ensures seamless operations, whether that’s optimizing production lines, facilitating stock trading in microseconds, or connecting citywide systems for efficient governance. It’s […]
Prioritizing cloud security: Allocating the majority of CIOs’ cyber budgets
CIO’s cybersecurity budget allocations are too spread out across a myriad of single solutions. Vendors convince CIOs they need the latest product to halt new attacks when in actuality the addition of yet another disparate cybersecurity tool leads to blind spots. Cyber budgets get stretched too thinly across single solutions when they should match the […]
Why driving a sustainable carbon reduction strategy requires a holistic approach
Enterprises are under increasing pressure from consumers, investors and regulators to demonstrate their sustainability credentials. The position is stark: data shows global temperatures may rise by 2.4-2.6 degrees Celsius by the end of the century[1], surpassing the 1.5 degree rise the world was trying to avert. Businesses certainly are working toward sustainability goals. Procurement Leaders […]
Gen AI is a game-changer in bond investment risk assessment
Bonds are a critical part of diversified investment portfolios. Their steady income stream and relatively low risk compared to equities make them an especially important component of pension and retirement planning. Bonds are issued by different entities such as governments, municipalities, and corporations. Each type of issuer presents a different level of risk and tax […]
Turngate Raises $5 Million to Shed Light on User Activity
Turngate has raised $5 million in seed funding to help organizations decipher users’ identities and track their activity. The post Turngate Raises $5 Million to Shed Light on User Activity appeared first on SecurityWeek.
Halcyon Raises $40 Million for Anti-Ransomware Platform
Halcyon has raised $40 million in an oversubscribed Series B funding round for its anti-ransomware and cyber resilience platform. The post Halcyon Raises $40 Million for Anti-Ransomware Platform appeared first on SecurityWeek.
EU AI Act, c’è l’accordo. Ecco che cosa cambia adesso per i CIO
Manca ancora il testo definitivo dell’AI Act, ma l’accordo provvisorio c’è: la presidenza del Consiglio dell’Ue e i negoziatori del Parlamento europeo hanno trovato un’intesa sulla legge europea che regola l’intelligenza artificiale. E adesso è il momento per le imprese e i loro CIO di mettersi al passo. L’accordo è arrivato dopo negoziati contrastati, all’interno […]
Every “Thing” Everywhere All at Once
Every asset in an organization’s inventory that is not accounted for and protected is a potential attack vector that an attacker can use to gain access or move undetected. The post Every “Thing” Everywhere All at Once appeared first on SecurityWeek.
2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS
Hackers, including from Russia and China, launched cyberattacks and collected information, but it did not impact the integrity and security of the 2022 US election. The post 2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS appeared first on SecurityWeek.
Xfinity Customer Data Compromised in Attack Exploiting CitrixBleed Vulnerability
Comcast’s Xfinity says customer data, including credentials, were compromised in an attack exploiting the CitrixBleed vulnerability The post Xfinity Customer Data Compromised in Attack Exploiting CitrixBleed Vulnerability appeared first on SecurityWeek.
Mr. Cooper Data Breach Impacts 14.7 Million Individuals
Mr. Cooper has confirmed that personal and bank account information was compromised in a recent cyberattack. The post Mr. Cooper Data Breach Impacts 14.7 Million Individuals appeared first on SecurityWeek.
Governments Issue Warning After Play Ransomware Hits Hundreds of Organizations
US and Australian government agencies warn organizations of the Play ransomware group’s double-extortion tactics. The post Governments Issue Warning After Play Ransomware Hits Hundreds of Organizations appeared first on SecurityWeek.
9 tips for achieving IT service delivery excellence
Service delivery excellence is an attribute that far too many IT leaders fail to prioritize. That’s unfortunate given how much of smooth business operations depends on the efficient delivery of IT services today. IT service delivery enables an organization to give end users access to essential IT services by designing, developing, and deploying key technology […]
3 key digital transformation priorities for 2024
The analyst reports tell CIOs that generative AI should occupy the top slot on their digital transformation priorities in the coming year. Moreover, the CEOs and boards that CIOs report to don’t want to be left behind by generative AI, and many employees want to experiment with the latest generative AI capabilities in their workflows. […]
e& and Huawei Launch Middle East’s First Net-zero 5G Massive MIMO Site
At the recent UN Climate Change Conference (COP28), Huawei and e& announced the inauguration of the region’s ground-breaking net-zero 5G massive MIMO site, setting new benchmarks in sustainability and technological innovation. This site is powered entirely by renewable energy and represents the convergence of sustainability and cutting-edge wireless technology. Massive MIMO technology, the cornerstone of […]
4 ways CISOs can manage AI use in the enterprise
Over the summer, I wrote a column about how CIOs are worried about the informal rise of generative AI in the enterprise. That column may have been the understatement of the year. Since then, many CIOs I’ve spoken with have grappled with enterprise data security and privacy issues around AI usage in their companies. A […]
IBM to buy StreamSets and webMethods from Software AG for $2.3B
IBM is bolstering its portfolio in artificial intelligence and hybrid cloud services, announcing a move to acquire Software AG’s enterprise integration platforms. The tech giant will shell out € 2.13 billion ($2.33 billion) to bring the StreamSets and webMethods platforms into its fold. In October, Software AG launched Streamsets and webMethods as its Super Ipaas […]
ダーレーン・テイラーCIOの成功の方程式:Listen, Drive, Care
優秀な人材は、成功を推進する資質を備えたリーダーの下で働きたいと思っている。そして、そのようなリーダーにとって、信頼性は王様なのだ。 世界最大級のアルミホイールサプライヤーであるスペリオール・インダストリーズのCIO、ダーレーン・テイラー氏は、彼女の「ストリート・クレジット」を、最初は自動車設計と製造のエンジニアとして、次に「モーター・シティ」の巨大企業数社でITリーダーとして、責任ある役割を担ってきた過去の経験によるものだとしている。 「私の血管にはモーターオイルが流れている」とテイラーは言う。デトロイト出身のテイラーは、ミシガン大学で機械工学を専攻し、自動車業界に入ってからは、社内のチームを率いて複雑なテクノロジー・イニシアチブを推進してきた。ミシガン州女性技術者協議会(MCWT)の最高使命責任者として、またT200のメンバーとして、地域社会の変革を推進してきた。そして彼女は、CIOの誰々の間で人気者となっている。 つまり、彼女は基本的な経営哲学に基づき、Listen, Drive, Careという信頼性を確立し、維持する方法を心得ているのだ。 Listen フォロワーシップの構築は共感から始まり、共感はまず傾聴によって達成される、とテイラーは言う。「CEOと話しているときでも、工場のメンテナンス作業員と話しているときでも、私は彼らがエコシステムのどこに当てはまるのか、そして彼らの仕事を助けるためにテクノロジーをどのように活用できるのかを理解するために、熱心に耳を傾けています」と彼女は言う。 最近製造現場を訪問した際、あるオペレーターを観察していたテイラーは、彼がアプリケーションへのデータ入力に苦労していることに気づいた。「彼の手袋はユーザー・インターフェースに対応していなかったのです」と彼女は説明する。その後すぐに、彼女はチームと協力していくつかの解決策を試行し、そのオペレーターだけでなく、工場フロアの他の作業員の体験を改善する解決策にたどり着いた。 これは、単に話を聴くことでインスピレーションを得ることができるタイプの革新のほんの一例に過ぎず、テイラーは交流を職場に関する問題に限定しないよう注意を促している。「LinkedInや履歴書からは得られない、(チームについて)学ぶべきこと、彼らから引き出せるインスピレーションがたくさんある」。 テイラーにとって、そのチームとは組織図に載っている人たちだけにとどまらない。「何年もの間、何百人ものチームメンバー、パートナー、顧客と関係を築く機会があった。 また、グループチャットも積極的に利用している。「グループチャットは、互いの業績を応援し、祝福し、新しいテクノロジーについての洞察を共有したり、仲間に助言を求めたりするのに最適な場所です」と彼女は言う。 最後に、彼女はリーダーに、戦略的、技術的、自己啓発、友人や家族、個人的な生活について明らかにするような出来事の話題に焦点を当てながら、チームと豊かにコミュニケーションをとるよう勧めている。共感が重要なのだから、質問し、耳を傾けなければならない。共感は重要だから。なぜなら、共感は重要だからだ。 Drive テイラーの運転は速い。遅い車を運転するには人生は短すぎる」と彼女は言う。彼女は冗談めかしてそう言うが、この考え方は彼女を何度も成功に導いてきたものであり、彼女の経営哲学の2つ目の柱である推進力である。 ほとんどの業界では、プロジェクトは開始日から計画される。プロジェクトの終了を意味する最後のマイルストーンが見えてくるまで、慎重にマイルストーンが並べられる。「大型自動運転はまったく逆だ」とテイラーは説明する。新車の発売や新規顧客へのEDI(Electronic Data Interchange:電子データ交換)のロールアウトなど、動かしがたい終了日がある場合、マイルストーンを逆算して配置する。 テイラーは、行動とそれを可能にするすべてのツール、特に分析麻痺を緩和するツールを好む。アジャイルでは、テストして学ぶという考え方をチームに植え付けようとしている。 「アジャイルは素晴らしいが、正しいマインドセットがなければ台無しになる。アジャイルは素晴らしいが、正しい考え方がなければ台無しになる」と彼女は説明する。 これは、無謀であるべきだと言っているのではない。テイラーはそう強調する。彼女のチームは精力的にリスクを管理している。しかし、それは勢いと前向きな精神を奨励するためである。彼女が言うように、「一日の終わりに、もし私たちが何かを壊したとしても、私たちは互いに支え合っている。一緒に解決する。直線的に考える余裕はないのだから。時間はあっという間に過ぎるから、速く走らなければならないんだ」 Care テイラーにとってケアとは、多くのリーダーにとってそうであるように、気遣いや余計なお世話ではなく、必要なものであり、ギブ・アンド・テイクの長期戦であり、彼女の哲学全体の要であり、顧客、同僚、地域社会、株主、そして業界全体といったすべてのオーディエンスに適用できるものである。それはどのようなものだろうか? 最近では、MCWTでのサイバー・チャレンジのように見えた。テイラーは、若い女の子たちがサイバーセキュリティのスキルを磨き、その分野でのキャリアを追求することを奨励する機会として、このチャレンジを推進した。「参加者の多くは、事後的にLinkedInで私とつながり、私は彼女たちを指導し、彼女たちの勉強を助けることに大きな誇りを感じています」と彼女は言う。そして、その過程で自分のサイバー・スキルを高める機会にも恵まれた」と彼女は言う。 たとえ小さなことでも、気遣いの行為は特に大きな効果をもたらすとテイラーは言う。チームメイトを例に、彼女はこう説明する。「もちろん私たちには仕事があるけれど、病気の子どもや親の状態を確認するのは、ほんの少しの努力でできる。私たちはみんな人間だ。仕事以外のこともある。」 そして、タイミングはしばしば重要である。積極的なネットワーカーであるテイラーは、同僚が役割の合間を縫っている時期ほど、気遣いを示すチャンスはないと説明する。「私はできる限り、同僚を紹介し、慈善活動に参加させるように努めています」とテイラーは言う。偶然にも、そのような努力の結果、キャリアの初期に仕事を得ることができたのだ。 「ケアがなければ、哲学は崩壊します」と彼女は言う。「その人について知っていることをすべて知っているとしたらどうだろう?では、もし彼らが話を聞き、速く運転したらどうだろう?もし彼らが実際に気にかけていなかったら、あなたは彼らを信頼するだろうか?」 IT Leadership
A Suspected Cyberattack Paralyzes the Majority of Gas Stations Across Iran
Nearly 70% of Iran’s nearly 33,000 gas stations went out of service on Monday following possible cyberattacks, Iranian state TV reported. The post A Suspected Cyberattack Paralyzes the Majority of Gas Stations Across Iran appeared first on SecurityWeek.
VF Corp Disrupted by Cyberattack, Online Operations Impacted
VF Corporation (NYSE: VFC), which owns and operates some of the biggest apparel and footwear brands, has been hit by a ransomware attack that included the theft of sensitive corporate and personal data. The post VF Corp Disrupted by Cyberattack, Online Operations Impacted appeared first on SecurityWeek.
CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks
CISA is advising device makers to stop relying on customers to change default passwords following attacks targeting water sector ICS. The post CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks appeared first on SecurityWeek.
CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance
The US cybersecurity agency CISA issues cybersecurity recommendations for the healthcare and public health sector. The post CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance appeared first on SecurityWeek.
SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols
A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. The post SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols appeared first on SecurityWeek.
NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity
NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks. The post NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity appeared first on SecurityWeek.
A look into the lifecycle of software-defined infrastructure with NTT DATA’s Technology Solutions
Clients are becoming more outcomes-focused, judging the purchasing value of our solutions and services against the value of the outcomes they seek. Technology Solutions’ dominant model revolved around hardware products. Providers sell solutions that clients incorporate into their own operations. While this model is not diminishing, new cloud-based software technologies are changing business needs and […]
“Cloud adoption momentum in the GCC will gain further impetus in 2024”
This year, GenAI and Large Language Models, such as ChatGPT, are positioned as vectors of change. Developing generative AI implementation strategies will be imperative for technology leaders, prioritizing key areas such as business model building, internal operational improvements, risk mitigation, and overall organizational efficiency. As we approach the year 2024, Jyoti Lalchandani, Group Vice President […]
Salvador Technologies Raises $6 Million for ICS/OT Attack Recovery Solution
Salvador Technologies has raised $6 million for its operational continuity and cyberattack recovery platform for ICS and OT. The post Salvador Technologies Raises $6 Million for ICS/OT Attack Recovery Solution appeared first on SecurityWeek.
Delta Dental of California Discloses Data Breach Impacting 6.9 Million People
Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack. The post Delta Dental of California Discloses Data Breach Impacting 6.9 Million People appeared first on SecurityWeek.
SEC Shares Important Clarifications as New Cyber Incident Disclosure Rules Come Into Effect
The SEC has provided some important clarifications on its new cyber incident disclosure requirements, which come into effect on December 18. The post SEC Shares Important Clarifications as New Cyber Incident Disclosure Rules Come Into Effect appeared first on SecurityWeek.
3CX Urges Customers to Disable Integration Due to Potential Vulnerability
3CX tells customers to temporarily disable SQL Database integration to mitigate a potential vulnerability. The post 3CX Urges Customers to Disable Integration Due to Potential Vulnerability appeared first on SecurityWeek.
A perfect match: How tech promoted a small soccer team to the top
The story of TSG Hoffenheim, the football club from Sinsheim, Germany, has it all: a small German town, a seventh division team dreaming big, the return of an old acquaintance who comes to save the club of his youth, and the exciting advancement of the team from the lowest ranks to the highest division of professional […]
IT leaders’ top 9 takeaways from 2023
CIOs confronted a host of issues over the past year, with economic, political, and technology events creating both uncertainties and opportunities for organizations across all sectors. Curious about what it all meant, we asked IT leaders to look back on the somewhat tumultuous year and reflect on what they learned. Here are the key takeaways […]
COP28: Why AI is the best ally to combat climate change
Artificial Intelligence has emerged as a powerful tool to address the challenges of climate change. From climate modelling to energy management, optimizing renewable energy and adapting to extreme weather events, AI is deploying its power to improve our fight against climate change. AI methods based on machine learning allow us to model climate and weather, […]
Managing the holiday haze: How AI helps your Contact Center go the distance
Contact centers are foundational to customer experience, but a lot of businesses get stuck during the haze of the holiday season. Customers call in droves (it’s not uncommon to see call volumes increase by as much as 41% between Thanksgiving and Cyber Monday alone), all expecting smooth and satisfying service regardless of how many others are […]
MongoDB Confirms Hack, Says Customer Data Stolen
MongoDB CISO Lena Smart said the company was not aware of any exposure to the data that customers store in the MongoDB Atlas product. The post MongoDB Confirms Hack, Says Customer Data Stolen appeared first on SecurityWeek.
Kansas Courts’ Computer Systems Are Starting to Come Back Online, 2 Months After Cyberattack
The court system in Kansas was hit by a cyberattack that caused outages and affected the courts in 104 counties. The post Kansas Courts’ Computer Systems Are Starting to Come Back Online, 2 Months After Cyberattack appeared first on SecurityWeek.
Powering digital cities
Cities of all sizes are looking for ways to deliver next-generation services that improve quality of life, increase efficiency, support sustainability, and prepare for the future — all while making the most of limited resources. That’s why municipal governments all around the world are making strategic investments in technology toward becoming a digital city. Digital cities use […]
Zendesk report: IT leaders to prioritize these 3 areas in 2024 and beyond
It hardly needs saying: The world has changed significantly since 2020. Remote work, the introduction of ChatGPT, ever-increasing security threats — it’s all had a profound impact on IT. To understand exactly how IT priorities have changed, Zendesk conducted a global survey of 1,200 IT leaders and found that half of those surveyed said their […]
In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs
Noteworthy stories that might have slipped under the radar: Ukraine hacks Russia’s federal tax agency, CVE assigned to PLC exploit, security in new Intel CPU. The post In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs appeared first on SecurityWeek.
Zoom Unveils Open Source Vulnerability Impact Scoring System
Zoom launches an open source Vulnerability Impact Scoring System (VISS) tested within its bug bounty program. The post Zoom Unveils Open Source Vulnerability Impact Scoring System appeared first on SecurityWeek.
Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach
Hacktivists stole and leaked online the personal information of 45,000 Idaho National Laboratory employees. The post Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach appeared first on SecurityWeek.
Recent Apache Struts 2 Vulnerability in Attacker Crosshairs
Attackers are attempting to exploit a critical RCE flaw in Apache Struts 2 after researchers publish PoC code. The post Recent Apache Struts 2 Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
Food Giant Kraft Heinz Targeted by Ransomware Group
A ransomware group claims to have breached the systems of Kraft Heinz, but the food giant says it’s unable to verify the claims. The post Food Giant Kraft Heinz Targeted by Ransomware Group appeared first on SecurityWeek.
Cushman & Wakefield builds a foundation for enterprise-wide AI
Cushman & Wakefield has cashed in on several key IT trends over the past few years, positioning the Chicago-based firm well to weather ongoing headwinds in the commercial real estate market stirred by the COVID-19 pandemic. First there was the company’s full embrace of cloud computing, and then a pivot from project management to a […]
Microsoft’s role to help sow AI success in Africa
Global spend on AI, including software, hardware, and services for AI-centric systems, is predicted to more than double between 2023 and 2026, according to the latest forecasts from IDC. This increase will see AI spend reach $154 billion in 2023 and increase to well over $300 billion by 2026. So with this monumental trend in mind, […]
セブン銀行、アジャイル開発で新たな役割果たすATMを展開
セブン銀行、ATMを活用した新サービス進める 全国で2万7000台のATMをセブンイレブンの店舗や空港、商業施設、観光地などで展開するセブン銀行がATMの概念を超えた新しいサービス「+Connect(プラスコネクト)」を始めている。 消費者のライフスタイルや企業の在り方が大きく変わっている中でセブン銀行は、提携している640の金融機関の業務効率化と利用者との接点強化を図っていく一方で、自治体の業務を代替できるような仕組みをATMで実現していく。 9月26日からは金融機関向けにキャッシュカードを使って出金する利用者に対してATM画面上で、届け出情報の変更有無を確認したり、商品・サービスを紹介したりする「ATMお知らせ」と「口座開設の申し込み」や「住所・電話番号等の変更受付」を行う「ATM窓口」を正式に開始。24年春からは高精度カメラによる顔認証機能を活用したキャッシュカード・スマホ不要の入出金取引を開始する。 セブン銀行はスマホアプリで入出金ができる「スマホATM」サービスを提供しているが、アプリ操作に不慣れな利用者もおり、「顔認証で入出金できるサービス」は金融機関にとっても利用者にとっても新しい選択枝になる。災害時にキャッシュカード、通帳、印鑑を持って避難できなくても口座からの引き出しが可能となることから、利用者はもとより金融機関にとってはBCP(業務継続計画)対応としても活用できるというメリットがある。 24年度以降は「口座振替登録」「マイナンバー届出」「口座解約」などの機能を追加することが検討されている。 こうしたサービスを可能にしたのが第4世代の新型ATM「ATM⁺」だ。セブン銀行は2019年9月から新型ATMへの置き換えを進めているが、2023年9月からはこれを活用した新しいサービスを展開している。 新型ATMは2画面一体型で、大型ディスプレイによって、見やすく使いやすいインターフェースとなっているほか、セキュリティー機能や金融犯罪対策も強化。高機能カメラによる顔認証機能やICリーダーやスキャナー機能を使い、さまざまな本人確認ができる。 セブン銀行常務執行役員の深澤孝治氏は次のように語る。「最新技術を導入してセキュリティー対策や金融犯罪対策を強化しており、より安心してお使いいただけます。また消費電力やCO2排出量の削減により環境負荷軽減にも取り組みました。さらにAIやIOTを活用した故障予兆保守に取り組み、これまで以上に『止まらないATM』を実現しました」 第4世代は金融サービス以外の付加価値で勝負 新型ATMの最大の特徴は従来のアプリケーションに加え、新サービス、新デバイスを追加しやすい拡張性ある構造となっていることだ。これは新しい時代を見据えた取り組みだった。 第1世代から第3世代までの進化は現金の入出金をメインにした金融系サービスを進化させるという直線上の進化。「スピードをアップする」「故障を削減する」「消費電力を減らす」といった既存機能を磨き上げていくような進化だった。コンセプトも一貫しており、方向性も伝わりやすかったという。 しかし第4世代は違う。第3世代までの開発で一定の限界が見えてきていた。例えば新しいATMを開発するたびに力を入れてきた紙幣の処理スピードもすでに限界に達し、第3世代を上回る技術は世界中を見渡してもない。 ATMは一世代あたりの使用期間が長いため、数年先の未来を見据えた設計が必要となる。「ATMを地域のプラットフォームに進化させ、その役割を変えていこう」(深澤氏)という発想で進められたのが新型ATMだ。 しかしいきなり新しい発想が生まれたわけではない。 当時のセブン銀行もキャッシュレス化が普及することまでは予測していた。しかしいったいどこまでキャッシュレス化が進んでいくのか、ガラケーからスマホへの移行が進む中で、どのような取引形態が主流を占めるのか、不確定要素があまりにも多く、社内では「このタイミングで大規模投資をして新しいATM開発をしてもいいのだろうか」という声まで上がっていた。 新型ATMのコンセプトワークがスタートしたのは2015年からだ。第4世代のコンセプトの検討はこれまで以上に時間を要した。 セブン銀行のATMの開発にかかわるATMソリューション部は総勢50人(センターシステム開発40人、ATM端末の開発10人)。どのような人たちがどのような時間帯で使っているのかをメインのベンダーであるNECとともに動向調査し、AIなどの先端技術の研究会まで行った。このときの研究会には関連部署や有志メンバーを募り、経営幹部から一担当者が集まって機能やデザインの検討が進められた。「ATMというのは、24時間稼働していればいいというものではない。現金の補充や機器のメンテナンスといったオペレーションも発生する。設備環境やセキュリティー面などさまざまな要素が整って初めて運営できる。システム部門だけで開発してもうまくはいかない。関係している人間が上から下まで一堂に会して情報共有することで、スピード感ある開発をすることができる」(深澤氏) そのような中で出てきたコンセプトがコンビニ端末にとっての普遍的な価値である「タイム・コンビニエンス(=利用者の時間と手間を省く)」の提供を追求しながらも、キャッシュレスを含めた世の中の激しい変化に対応したサービスを提供していける存在を目指すというもの。そこで新型ATMの名称は「ATM⁺」となった。 新型ATMの開発がスタートしたのが2017年のことだ。設置がスタートする2019年までの2年間はこれまでのATMの開発では行われないような試みも数多く行われた。セブン銀行とNECが合同チームを作り、新型ATMをデザインするためのワークグループを結成したのもそのひとつだ。通常はクライアントと開発陣営による混成チームをつくって活動することは、あまり例がないことだという。 それでもセブン銀行は自社だけで検討するのではなく、セブン銀行の事業をよく知るNECを事業パートナーとして一緒にやっていくことでゴールが見えてくると考えた。結果として開発スピードを上げることができた。こうした協力ができたのは20年以上の付き合いがあったからだ。 Author アジャイル的手法で「非連続的開発」を実現 開発手法にも検討が加えられた。ATMを新規導入する場合に銀行は一般的にカタログ品を購入するが、セブン銀行はNECにオーダーメードで発注し、NECとともに、要件定義から設計、開発、テストへと上流から下流へ水が滝のように流れるウォーターフォールとうい開発手法でプロジェクトを進めた。「ソフト開発のNECとパートナーシップをとり開発を進めている。当社はより上流工程に注力し新しい付加価値創造に努めている」(深澤氏) しかしウォーターフォールだけでは世の中の激しい変化に対応した「非連続的な」開発を進めていくことは難しい。 ウォーターフォールは大型の安定したシステムを開発するには適しているが、顧客側の仕様変更が簡単にできないというディメリットがある。 そこでセブン銀行は、センターシステムの開発など基幹システムの開発ではこれまでのウォーターフォールを使いながらも、必要に応じてアジャイルという開発手法を導入し、ハイブリッドで開発を進めることにした。アジャイルとは「イテレーション(反復)」と呼ばれる短い開発サイクルを繰り返しながら進めていく開発手法で、顧客のニーズや技術進化などに臨機応変に対応できる開発手法だ。「センターシステムをはじめ銀行のシステムすべてをアジャイルに変更するのはまだ難しいので、変更が柔軟にできる、すべき箇所をアジャイルに変えていき、最初はスマホアプリ、これを徐々にオープンAPIやATMのUI(User Interface)やUX(User Experience)などに拡大していきたいと思っています」(深澤氏) こうした開発手法は利用者との直接的な接点となる新型ATMの端末の外観、デザインにも大きな影響を与えている。 新型ATM機の開発ではそれまでモックアップ(実物大模型)を製作して店舗に持ち込み、サイズ感や見え方などをチェックしていた。しかしこのやり方だと問題があった場合には再び持ち帰って作り直すという作業をしなければならず、手間がかかった。 そこで今回はVR(バーチャルリアリティー)を活用して仮想のATMを設置、チェックしたという。VRならその場で修正が利く。まさにアジャイル的なモノ作りだ。開発スピードを加速させた。 新型ATMのデザインでは女性の力も活用した。これまでのATMはごつごつとしたいかにも機械というイメージだった。NECも当初案ではそうしたコンセプトを提案してきた。しかし機械的なごつごつとしたフォルムは女性には不評。そこで女性チームを結成。ATMのデザインを抜本的に見直し、曲線をうまく使いながらスリム化を徹底した。コクーン(繭)をコンセプトとした包み込むような形状を採用し、セキュリティーを強化するため外からのぞき込めないようなプライバシー性を強化。「個室感」のある空間づくりに配慮した。「個室感を確保するためにはかなり苦労しました。中には斬新すぎてボツになるようなアイデアもかなりありました」(深澤氏) ユニバーサルデザインにもこだわり、車いすの人でも違和感なく使えるよう機器の位置を調整、ドリンクホルダーや杖置き、荷物掛けなども整備した。 さらに大きな問題に直面した。きっかけは一通の手紙だった。手紙を出したのは視覚障がい者。障害を抱えながらも自分のお金を自分で直接引き出したいと訴えてきた。「私たちが視覚障がい者用に音声サービスを提供する上で、利用者の方が安心して使えるサービス作りに努力しました。例えば、健常者ではなかなか理解できない音声の間など、音声の言葉と言葉の間があまり長くなってしまうと視覚障がい者は少し不安になってしまうという意見を頂き、いろいろとブラッシュアップしながら機能を完成しました。リリース後には視覚障がい者の方からも喜んでいただきました」(深澤氏) UIやUXを重視するセブン銀行は、一般人によるモニター評価にかなりの時間を割いている。2017年から2年間の開発期間の間にも開発中の新型ATMを3回にわけて延べ100人近い人たちに評価してもらった。 AI導入で広がる新型ATMの可能性 新型ATMの大きな目玉のひとつとなっているのが2024年からスタートする本人確認システムだ。 簡単に仕組みを説明すると、顔認証機能付きカメラで撮影した利用者の画像と、ICリーダーやスキャナーで読み取った本人確認資料(運転免許証、マイナンバーカード、在留期限カード等)を、精度の高い認証エンジンで照会、犯罪収益移転防止法で定められた厳格な本人確認業務を24時間365日行えるという仕組みになっている。手続きが完了すれば入出金は顔認証のみ(厳密には別途もう一段階認証用のコードの入力が必要)で行える。 こうした仕組みを支えているのが新型ATMで初めて導入されたAI技術だ。利用されているのは「NEC the WISE」。NECが誇る最先端のAI技術だ。中でも「Neo Face」として製品化された顔認証技術は世界トップクラスの実力。2009年から2022年の間に開催された米NIST(National Institute of Standards and Technology、米国国立標準技術研究所)のコンテストなどで7回、No. 1を獲得。顔認証の精度と高速度アルゴリズムには高い評価がある。現在では成田空港の顔認証システムでも活用されている。 新型ATMは顔認証以外にもNECの最新技術が数多く搭載されている。「⁺(plus)エリア」と呼ばれる操作エリア(手元にある小さなモニター)もその一つだ。 例えば本人確認する際には、「⁺(plus)エリア」で免許証やマイナンバーカードを読み取って口座開設や住所変更時に必要な本人確認を行う。 AIの導入は顔認証だけでなくさまざまな可能性が生まれている。ATMの稼働率、99.8%を実現した現金需要やATMの故障の予測にAIを活用。金融犯罪行為を自動検知するとともに、コールセンターでモニタリングを行うことで徹底的な防犯対策をとっている。 システム開発に詳しいAIコンサルタントでConvergence Lab.の代表取締役CEOの木村優志氏は次のように分析する。「今回の新型ATMは顔認証によるキャッシュカードレスというのが最大のポイントだと思います。少子高齢化の中でカードも必要なくお金の出し入れができれば、ユーザー体験は大きく変わり、特に高齢者には大きなメリットがあると思います」 果たしてセブン銀行の新型ATMはどのような発展を遂げるのか、その成り行きを注目したい。 Financial Services Industry
HUAWEI eKit: Empower SMEs to accelerate digital transformation
According to the World Bank, small and medium-sized enterprises (SMEs) are the backbone of many economies, especially in developing countries. SMEs account for most global businesses and represent about 90% of businesses and more than 50% of employment worldwide. Due to the unstable economy in the post-pandemic era, SMEs are searching for new revenue sources […]
HUAWEI eKit: Empower SMEs to accelerate digital transformation
According to the World Bank, small and medium-sized enterprises (SMEs) are the backbone of many economies, especially in developing countries. SMEs account for most global businesses and represent about 90% of businesses and more than 50% of employment worldwide. Due to the unstable economy in the post-pandemic era, SMEs are searching for new revenue sources […]
AI and generative AI are revolutionizing manufacturing…here’s how
Manufacturing has been a longstanding pillar of progress for humankind. From the Industrial Revolution over 200 years ago to today, manufacturing has had a profound impact on our lives, made possible by its unrelenting innovation. Now, manufacturing is facing one of the most exciting, unmatched, and daunting transformations in its history due to artificial intelligence […]
Salesforce Data Cloud updates aim to ease data analysis, AI app development
Salesforce is updating its Data Cloud with vector database and Einstein Copilot Search capabilities in an effort to help enterprises use unstructured data for analysis. The customer relationship management (CRM) software provider’s Data Cloud, which is a part of the company’s Einstein 1 platform, is targeted at helping enterprises consolidate and align customer data. The […]
New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies
GambleForce uses SQL injections to hack gambling, government, retail, and travel websites to steal sensitive information. The post New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies appeared first on SecurityWeek.
Beyond the Noise: Appreciating the Quiet Work of Effective Doers
More often than not, we are grateful for and celebrate the wrong people. It is incumbent on all of us to take the time to appreciate and acknowledge the doers in our lives. The post Beyond the Noise: Appreciating the Quiet Work of Effective Doers appeared first on SecurityWeek.
Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products
Dell is informing PowerProtect DD product customers about 8 vulnerabilities, including many rated ‘high severity’, and urging them to install patches. The post Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products appeared first on SecurityWeek.
Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts
Microsoft disrupts Storm-1152, a cybercrime-as-a-service business facilitating phishing, identity theft, and DDoS attacks. The post Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts appeared first on SecurityWeek.
COP28: Unlocking the potential of AI
Artificial intelligence can become a powerful tool to meet the goal of the Paris Agreement of limiting the increase in global average temperature to less than 2°C above pre-industrial levels, for which it is essential to immediately reduce emissions, fast and deep in all productive sectors. Thanks to the special ability of AI to collect, […]
Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies
US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability. The post Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies appeared first on SecurityWeek.
ConocoPhillips enlists 3D printing for supply efficiencies on Alaska’s North Slope
The harsh, remote landscape of Alaska’s North Slope does not evoke thoughts of digital transformation. At yet when it is home to many of your company’s assets, as is the case for ConocoPhillips, sometimes the best IT strategy is to bring technologies closer to the edge. “Aside from being extremely cold, working on the Slope […]
CIOs weigh the new economics and risks of cloud lock-in
As CIOs seek to achieve economies of scale in the cloud, a risk inherent in many of their strategies is taking on greater importance of late: consolidating on too few if not just a single major cloud vendor. And while vendor lock-in has long been a key issue in the cloud, especially for organizations that […]
Upskilling ramps up as gen AI forces enterprises to transform
Thomson Reuters is in the information business, and has been for a long time. Thomson Corporation was founded in 1934 as a newspaper company, and Reuters was founded even earlier, in 1851, to transmit stock prices. The emergence of the Internet could have been a death blow, but the company survived — and thrived. Over […]
11 modi per ridurre – subito – i costi dell’IT
I leader del settore tech hanno sempre avuto una responsabilità sul fronte economico-finanziario e, allo stesso tempo, anche su quello della soddisfazione delle richieste di tecnologia da parte dell’azienda. Ma, negli ultimi anni, con l’intensificarsi degli sforzi di trasformazione digitale, i CIO hanno avuto meno occasioni per fermarsi e rivalutare la situazione finanziaria dell’IT. “Alcune […]
Generative AI is pushing unstructured data to center stage
When I think about unstructured data, I see my colleague Rob Gerbrandt (an information governance genius) walking into a customer’s conference room where tubes of core samples line three walls. Each contains carefully extracted and preserved layers of planet Earth that differ in color and texture. While most of us would see dirt and rock, […]
New AI Safety Initiative Aims to Set Responsible Standards for Artificial Intelligence
Major software vendors sign on to a new security initiative to create trusted best practices for artificial intelligence deployments. The post New AI Safety Initiative Aims to Set Responsible Standards for Artificial Intelligence appeared first on SecurityWeek.
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet
Malware hunters have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers and connects it to a Chinese APT targeting US critical infrastructure. The post Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet appeared first on SecurityWeek.
Apple Testing New Stolen Device Protection Feature for iPhones
Apple is testing a new security feature that should limit what iPhone thieves can do with a stolen phone, even if they have the passcode. The post Apple Testing New Stolen Device Protection Feature for iPhones appeared first on SecurityWeek.
MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure
MITRE and partners unveil EMB3D, a new threat model designed for critical infrastructure embedded devices. The post MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure appeared first on SecurityWeek.
Zero Networks Raises $20 Million to Secure Access to Enterprise Assets
Cybersecurity startup Zero Networks has raised $20 million in a Series B funding round led by US Venture Partners. The post Zero Networks Raises $20 Million to Secure Access to Enterprise Assets appeared first on SecurityWeek.
Certinia uses AI to accelerate finance functions for service companies
Certinia, a developer of software for service businesses, is using AI and automation to extend the capabilities of its tools for report-building or planning and analysis beyond the financial sphere and into operations, too. The company offers a suite of enterprise SaaS applications for services companies, including ERP, professional services automation, customer success, and configure-price-quote […]
CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines
CISA is asking for public opinion on SCuBA secure configuration baselines for nine Google Workspace services. The post CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines appeared first on SecurityWeek.
Chrome 120 Update Patches High-Severity Vulnerabilities
A Chrome 120 security update resolves nine vulnerabilities, including five high-severity flaws reported externally. The post Chrome 120 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Harry Coker Confirmed as National Cyber Director
US Senate confirms former CIA and NSA senior executive Harry Coker as next National Cyber Director in the White House ONCD. The post Harry Coker Confirmed as National Cyber Director appeared first on SecurityWeek.
How Axel Johnson International’s IT division handles constant acquisition
Axel Johnson International is an industrial group within Axel Johnson, which also owns Swedish food retailer Axfood and Dustin, the online IT partner in the Nordics and Benelux, among others. The group develops and acquires industrial companies in selected niche markets, including just over 200 companies in six different business areas with a focus on, among […]
Sophos Patches EOL Firewalls Against Exploited Vulnerability
Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit. The post Sophos Patches EOL Firewalls Against Exploited Vulnerability appeared first on SecurityWeek.
サプライチェーン管理においてAIがすでに得意としていること
サプライチェーンは、製品設計から始まり、調達、製造、流通、デリバリー、そして顧客サービスと一連の業務をこなしています。CiscoのAI/MLデータ製品を担当するデヴァラット・バパト氏は、「そのすべてのポイントが、AIと機械学習にとって大きなチャンスとなります」と述べています。なぜなら、現世代のAIは、サプライチェーン管理に必要な2つの点ですでに優れた能力を発揮しているからです。1つ目は予測です。AIを利用して、下流の需要や上流の不足を予測しています。さらに、アルゴリズムは故障の前兆と認識する1つ以上の事象を検出し、製品品質に影響を与える前に組み立てラインのオペレーターに警告できます。 2つ目は点検です。AIは製造過程の問題発見に使用されています。また材料やコンポーネントを認証し、サプライチェーン全体でトラッキングもできます。 最終的には、AIはサプライチェーンを最適化し、あらゆる状況における顧客の特定ニーズを満たすことができるようになります。それを可能にするテクノロジーは存在しますが、現在のサプライチェーンにはないレベルでのデータ共有が必要だという課題が残っています。その一方、多くの企業は優れた予測と点検がもたらす恩恵にあずかっています。 予測 世界最大のパッケージング会社であるAmcorの例を取ってみましょう。同社は売上高150億ドル、従業員数4万1,000人、世界各地に200以上の工場を擁しています。市場のほとんどは食品とヘルスケア製品のパッケージングです。 「当社は今ご自宅の冷蔵庫に入っているパッケージングのおよそ3分の1を製造しています」同社のグローバルCIOであるジョエル・ランチン氏は述べています。Amcorが製造面で直面している課題のいくつかは、正確な予測と需要の変化への対応に関係しています。食品のサプライチェーンでは、ニーズの変化に応じて注文が頻繁に修正されます。暑い季節にはゲータレードがよく飲まれ、需要が急激に増加し、ボトルの需要が10%から15%急増します。他の製品でも同様です。海の魚が急に増えたら、それに必要なパッケージングの需要が増加します。「常に予測を試みていますが非常に難しいのです。必ずしも顧客のニーズを前もって把握できるわけではないからです」と氏は述べています。 サプライチェーンの対岸でも似たような課題があります。Amcorが不足分を予測できないとしたら、事前に原材料を仕入れることはできません。さらに重要なのは、価格変動を予測する必要があるということです。価格が急上昇する前に低価格で購入できるし、価格が低下する兆しが見えれば購入を控えることができます。 一年ほど前、AmcorはEazyMLを試験的に使用し始めました。顧客の需要と供給側の両方の予測を最適化するプラットフォームです。ERPからの3年分のデータを使ってツールをトレーニングし、変動パターンを捜しました。システムは変化のカテゴリーや、イベントと変化タイプの相互関係を見つけようとしました。例えば、季節的変動について、また複数タイプの変動が同時に起こるか、それらが相互排他的であるかなどをチェックします。 「初期の結果は期待していたものよりはるかに有望でした。変動を予測できれば、必要な原材料の予測もでき、必要な場合は事前に補足できます」とランチン氏は言います。 AIが大きく改善したのは予測領域だと述べるバパト氏にとってこれは驚くことではありません。「これまで多くの企業は、様々な専門家からの情報に重み付けをして平均予測を出すコンセンサス予測に頼っていました。統計的手法を使って過去のデータから推定する統計的予測の方が、コンセンサス予測法より一貫して優れていることが研究で明らかになっています。また、機械知能は、統計的予測よりもさらに優れています。しかし、必ず正確なデータを使用することが重要です」 検査 AIがどのように活用されているかのもう一つの例は、Intelです。リソグラフィを使って複数のチップを1枚のウェーハ上にプリントしています。ウェーハの中心に最も近いチップは電力プロファイルが最も優れている傾向があり、外周に近いチップは、信頼性は高いものの、性能が低下する傾向があります。Intelには、品質基準値があり、それに照らして測定してチップを保存するか破棄するかを判断します。人がウェーハを検査すると時間がかかり、トラブルが多くなります。 IntelのSVP兼CTOであるグレッグ・ラベンダー氏は、次のようにと述べています。「当社はAIを使って適切な高品質のチップを選択しており、そのおかげでチップの製造時間や高品質のチップを市場に出す時間が短縮できるのです。もちろんそれだけにAIを利用しているのではありません。当社には数百人のAIエンジニアがいます。彼らが取り組んだものの一部を当社の製造工場で検査・試験に使用しますが、時には、彼らは誰にも知られることなく、当社の製品内で提供されるAIを開発することもあります」 その一例として、Intelがマルウェアをテストするソフトウェアツールを提供してOEM顧客をサポートしていることが挙げられます。そのツールの1つがIntelラップトップで使用されているスレット・ディテクション・テクノロジーです。Windowsでコードが実行された際、IntelのコードはCPU内の命令ストリームを試験し、適合学習シグネチャアルゴリズムを使って、マルウェアのシグネチャと一致するコードの異常をで探します。一致するものが見つかると、マルウェアを遮断またはブロックし、デバイスが感染したことをWindows Defenderに警告します。 「当社のクライアントのCPUすべてに、スレット・ディテクション・テクノロジーが搭載されます。このような感染はサプライチェーンから忍び込んできます。最終製品が完成する頃には、このツールを使ってしか見つけられないのです。ここ数年はこのツールやAIツールを提供していますが、大規模言語モデルの需要が高まる中、このようなツールが話題に上るようになってきています」とラベンダー氏は語っています。 Ciscoのバパト氏によると、検査はサプライチェーン管理の大きな部分を占めており、製品設計の段階で正しいステップが取られれば検査はかなり容易になると言います。氏は、「製品設計の段階で流れを監視できるデータを生成する器具類を装置に埋め込むことができれば、コストがかなり削減できます。どの製品の部品表を見ても、人件費がかなり負担になっていることがわかります。ここでの負担とは、基本的に製品品質と監督者にかかる間接費なのです。AIは、もうすでにコスト削減に役立っています」と述べています。 最適化 予測と検査は両方とも重要ですが、サプライチェーンが顧客の特定ニーズに合わせられるようになった時に最大の影響をもたらします。バパト氏は、自身が最高のAIアルゴリズムの1つを設計した際に重要な教訓を得たことから話しています。その開発と展開には9か月かかり、それを実際に使用できるまでにはさらに大変な時間がかかったのです。氏は何が問題だったのかを考えてみました。テクノロジーがどんなに優れていても、まず最終顧客が誰であるか、また彼らがアプリケーションをどのように使用する予定であるかを理解しなければ、望ましい結果を達成できないということに気づいたのです。また上級管理職は概して発言力は大きいですが、最終顧客ではないことも指摘しました。 「それ以降は、セールスであってもサプライチェーン管理であっても、まず基本となるビジネスをきちんと理解することから始めました。要件をしっかり理解したあとに、データとAIに眼を向けたのです」と氏は述べています。 バパト氏は、この理念をサプライチェーン管理に適用すべきだと考えています。「最終顧客について慎重に検討することで、AIは消費者と彼らの環境をセグメント化し、それを対象とすることでサポートできます。そこからサプライチェーンに再度目を向け、人件費や製造費、税金、在庫などの様々なコストを検証し、共に最適化していくのです」 サプライチェーンの流れが最適化されれば、次に予測のクオリティとメンテナンスの採用および実行を開始できると氏はさらに述べています。そこから、供給管理のための調達へと再度目を向けることができます。 「これは、サプライヤーは敵ではなくパートナーであるという概念を支持しているのです」 サプライチェーンはその本質上、様々な企業で構成されており、データを共有すべきでないという長年の課題がここにあります。その理由は少なくとも3つあります。1つ目は、サプライヤーが提携企業と競合する事業部門を持っている可能性があること。2つ目は、サプライヤーが競合するサプライチェーンに入っている可能性があること。3つ目は、サプライヤーは交渉の場において有利になるために他と情報を共有しないということです。 現世代のAIはサプライチェーンを最適化でき、正確な製品を適切な価格で適切な顧客に供給するよう調整することもできます。しかし、それを実現するには、現状ではほとんどの企業が及び腰になっているほどのレベルでのデータ共有が必要になります。 「いま必要なのは、企業がデータの一部を提供しすぎていないとしっかり確信したうえで、共有できる技術なのです。その実現にはまだ5年か10年はかかるでしょう」とバパト氏は述べています。 Artificial Intelligence, Supply Chain
7 tech trends that have changed the tech landscape in 2023
Technology never stops evolving or constantly experiencing changes and improvements. Technology is becoming more and more relevant in our daily tasks and every year new technologies promise to change the paradigm of our reality. Shumon Zaman, Chief Digital and Information Officer at Ali&Sons explains to CIO Middle East what are the top 7 technologies that […]
Data governance: il nuovo compito del CIO nell’era dell’IT “democratico”
Nell’era della data economy e della democratizzazione dell’Information Technology c’è un cambiamento epocale che si prospetta per il CIO: occuparsi specificamente di data governance e fornire agli utenti aziendali gli strumenti tecnologici per gestire e analizzare i dati in autonomia. Come afferma Luca Seravalli, CIO di Duferco Energia (commercio di energia elettrica e gas nel […]
Cyberattack Cripples Ukraine’s Largest Telcom Operator
Kyivstar, the largest mobile network operator in Ukraine, was hit by a massive cyberattack on Tuesday, disrupting mobile and internet communications for millions of citizens. The post Cyberattack Cripples Ukraine’s Largest Telcom Operator appeared first on SecurityWeek.
Oracle expands cloud footprint with a second region in Chile
Oracle on Wednesday said it is opening a second cloud region in Chile as part of ongoing efforts to expand its global cloud footprint to compete with the larger rivals including AWS, Microsoft, and Google. The second region will be based in the Valparaíso Region alongside the existing region in Santiago, the company said, adding […]
Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws
Microsoft warns of critical spoofing and remote code execution bugs in the Windows MSHTML Platform and Microsoft Power Platform Connector. The post Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws appeared first on SecurityWeek.
CIOs need a universal storage layer to manage multicloud complexities…here’s why.
CIOs know that the right technology can unlock innovation, and continuous innovation is the pathway for organizations to become standout leaders. To keep up with evolving customer needs and the emerging technologies required to meet them, organizations must constantly adapt and innovate. Increasingly, innovation relies on the key tenets of agility and speed. But CIOs […]
Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle
Adobe warned users on both Windows and macOS systems about exposure to code execution, memory leaks and denial-of-service security issues. The post Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle appeared first on SecurityWeek.
SAP Patches Critical Vulnerability in Business Technology Platform
SAP patches multiple vulnerabilities in the Business Technology Platform, including a critical elevation of privilege bug. The post SAP Patches Critical Vulnerability in Business Technology Platform appeared first on SecurityWeek.
Apple Sets Trap to Catch iMessage Impersonators
New iMessage Contact Key Verification feature in Apple’s iOS and macOS platforms help catch impersonators on its iMessage service. The post Apple Sets Trap to Catch iMessage Impersonators appeared first on SecurityWeek.
GenAI-enabled developers are the architects of the future
Artificial intelligence, particularly generative AI, continues to reinvent how we run our businesses and shape the ways people work. With Gartner finding more than 80 percent of enterprises using generative AI application programming interfaces (APIs) or models, and/or deploying generative AI-enabled applications in production environments by 2026, we know there is vast opportunity ahead of […]
Technology and AI
Austria’s technology and AI landscape is located in much smaller places than the typical international hubs. The capital of Upper Austria, Linz, is the perfect example. At the core of the Linz AI ecosystem is the Artificial Intelligence Lab at the Linz Institute of Technology (LIT), where Austrian AI pioneer Sepp Hochreiter and his team […]
Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution
Critical remote code execution flaws in Backup Migration and Elementor plugins expose WordPress sites to attacks. The post Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution appeared first on SecurityWeek.
ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
ICS Patch Tuesday: Siemens and Schneider Electric address dozens of vulnerabilities affecting their industrial products. The post ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability appeared first on SecurityWeek.
Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak
Air Force disciplines 15 personnel as the inspector general finds that security failures led to massive classified documents leak. The post Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak appeared first on SecurityWeek.
Sandman Cyberespionage Group Linked to China
A recent emergence on the threat landscape, the Sandman APT appears linked to a Chinese hacking group. The post Sandman Cyberespionage Group Linked to China appeared first on SecurityWeek.
Toyota Germany Says Customer Data Stolen in Ransomware Attack
Toyota Germany is informing customers that their personal data has been stolen in a ransomware attack last month. The post Toyota Germany Says Customer Data Stolen in Ransomware Attack appeared first on SecurityWeek.
FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure
The FBI has issued guidance for SEC data breach reporting requirements and how disclosures can be delayed. The post FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure appeared first on SecurityWeek.
The skills and traits of elite CTOs
Chief technology officers are key players in the enterprise C-suite, oftentimes working in collaboration with CIOs at the forefront of new and innovative technologies. These executives can help lead their organizations toward increased efficiencies and improved performance through strategic implementation of the right products and services. They are among the most important hires organizations are […]
The art of selling: IT budget approval made easier
I first heard the phrase, “Find a need and fill it,” some years ago at an “art of selling” presentation by a super salesman. Why was I at this presentation, you ask? Because as a young CIO, I was struggling with obtaining budget approvals for a range of IT initiatives. Sitting in this selling seminar, […]
JLR revs up AI and intelligent automation initiatives
Anthony Battle is leaning heavily on AI and IA — artificial intelligence and intelligent automation — to deliver digital transformation at luxury auto maker Jaguar Land Rover. Battle joined JLR as group chief digital and information officer in February 2022, after a long career managing IT for a succession of oil companies. The auto maker, […]
A Gigantic New ICBM Will Take US Nuclear Missiles Out of the Cold War-Era but Add 21st-Century Risks
New “Sentinel” nuclear missiles will need to be well protected from cyberattacks, while its technology will have to cope with frigid winter temperatures where the silos are located. The post A Gigantic New ICBM Will Take US Nuclear Missiles Out of the Cold War-Era but Add 21st-Century Risks appeared first on SecurityWeek.
Apple Ships iOS 17.2 With Urgent Security Patches
Cupertino’s flagship mobile OS vulnerable to arbitrary code execution and data exposure security vulnerabilities. The post Apple Ships iOS 17.2 With Urgent Security Patches appeared first on SecurityWeek.
‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems
Researchers call attention to 14 security defects taht can be exploited to drop and freeze 5G connections on smartphones and routers. The post ‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems appeared first on SecurityWeek.
Innovative integration drives automotive group to SAP awards
I’m sure you’ve heard this before: “Solve one problem, and you keep a hundred others away.” Well, when it comes to a nationwide automotive group in the world’s largest automotive market, that proverb about a hundred could be hundreds of thousands. Founded in 2006 and based in Shanghai, China Grand Automotive Services Group Co., Ltd. (CGA) is China’s leading […]
The new CFO: How AI has changed the game for chief financial officers
Artificial intelligence has already unlocked opportunities that most organizations never thought possible. Now, it’s time to pay for it, and that’s putting a spotlight squarely on the chief financial officer (CFO), who has increasingly become the gatekeeper deciding which projects get funded and how significantly AI will play a role in enterprise strategy. For the […]
Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen
Compromised data includes names, dates of birth, Social Security numbers, health and insurance information, and driver’s license numbers. The post Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen appeared first on SecurityWeek.
North Korean Hackers Developing Malware in Dlang Programming Language
North Korean hackers have used Dlang-based malware in attacks against manufacturing, agriculture, and physical security organizations. The post North Korean Hackers Developing Malware in Dlang Programming Language appeared first on SecurityWeek.
Google Patches Chromecast Vulnerabilities Exploited at Hacking Contest
Google has patched several high and moderate-severity Chromecast vulnerabilities demonstrated earlier this year at a hacking competition. The post Google Patches Chromecast Vulnerabilities Exploited at Hacking Contest appeared first on SecurityWeek.
Concerns remain even as the EU reaches a landmark deal to govern AI
The EU has emerged as the first major power to introduce a comprehensive set of laws to govern the use of AI after it agreed on a landmark deal for the EU AI bill. The bill will turn into an EU law once it is approved by the European Parliament at a vote scheduled for […]
When your AI chatbots mess up
Barely a year after the release of ChatGPT and other generative AI tools, 75% of surveyed companies have already put them to work, according to a VentureBeat report. But as the numbers of new gen AI-powered chatbots grow, so do the risks of their occasional glitches—nonsensical or inaccurate outputs or answers that are not easily […]
Outside the Comfort Zone: Why a Change in Mindset is Crucial for Better Network Security
Stepping outside the confines of our comfort zone and embracing a mindset that prioritizes adaptability, shared responsibility, risk-awareness, and preparednessis indispensable in fortifying defenses in the modern distributed network. The post Outside the Comfort Zone: Why a Change in Mindset is Crucial for Better Network Security appeared first on SecurityWeek.
Apache Patches Critical RCE Vulnerability in Struts 2
Apache has addressed a critical-severity Struts 2 file upload vulnerability that could lead to remote code execution. The post Apache Patches Critical RCE Vulnerability in Struts 2 appeared first on SecurityWeek.
Flaws in Delta OT Monitoring Product Can Allow Hackers to Hide Destructive Activities
Critical vulnerabilities in a Delta OT monitoring product can allow hackers to hide their destructive activities from the victim. The post Flaws in Delta OT Monitoring Product Can Allow Hackers to Hide Destructive Activities appeared first on SecurityWeek.
Top White House Cyber Aide Says Recent Iran Hack on Water System Is Call to Tighten Cybersecurity
A top White House national security official said recent cyber attacks by Iranian hackers on US water authorities should be seen as a call to action by utilities and industry to tighten cybersecurity. The post Top White House Cyber Aide Says Recent Iran Hack on Water System Is Call to Tighten Cybersecurity appeared first on […]
CIOs grapple with the ethics of implementing AI
AI has whet the appetites of organizations across nearly every sector. As AI pilots move toward production, discussions about the need for ethical AI are growing, along with terms like “fairness,” “privacy,” “transparency,” “accountability,” and the big one —”bias.” But ensuring those and other measures are taken into consideration is a weighty task that CIOs […]
Reed Smith turns to AI for lawyer staffing solution
AI is increasingly being embraced for workplace enhancements across every industry — and that includes the legal world. Pittsburgh-based global law firm Reed Smith has enlisted AI to facilitate resource management, improve employee engagement, and reduce imbalanced workloads among lawyers across the firm. The resulting Smart Resourcing earned Reed Smith a 2023 CIO 100 Award […]
Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website
The leak website of the notorious BlackCat/Alphv ransomware group has been offline for days and law enforcement is reportedly behind the takedown. The post Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website appeared first on SecurityWeek.
Europe Reaches a Deal on the World’s First Comprehensive AI Rules
Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons. The post Europe Reaches a Deal on the World’s First Comprehensive AI Rules appeared first on SecurityWeek.
Opal Security Scores $22M Investment for IAM Technology
San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space. The post Opal Security Scores $22M Investment for IAM Technology appeared first on SecurityWeek.
In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked
Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked. The post In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked appeared first on SecurityWeek.
WordPress 6.4.2 Patches Remote Code Execution Vulnerability
WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code. The post WordPress 6.4.2 Patches Remote Code Execution Vulnerability appeared first on SecurityWeek.
ProvenRun Banks €15 Million for Secure Connected Vehicle Software
French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices. The post ProvenRun Banks €15 Million for Secure Connected Vehicle Software appeared first on SecurityWeek.
New research: How IT leaders drive business benefits by accelerating device refresh strategies
Increased security, productivity gains and enhancing innovation are among the reasons IT leaders are modernising their device fleets more frequently, new research reveals. Most organisations typically refresh both desktops and laptops on a three to four-year refresh cycle. Yet nearly a third of the 416 IT leaders who responded to a recent survey by Forrester […]
Russian APT Used Zero-Click Outlook Exploit Against Targets in 11 NATO Countries
Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries. The post Russian APT Used Zero-Click Outlook Exploit Against Targets in 11 NATO Countries appeared first on SecurityWeek.
US, UK Announce Charges and Sanctions Against Two Russian Hackers
The US and UK announce charges and sanctions against two hackers working with Russia’s FSB security service. The post US, UK Announce Charges and Sanctions Against Two Russian Hackers appeared first on SecurityWeek.
Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks
A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes. The post Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks appeared first on SecurityWeek.
Toyota transforms IT service desk with gen AI
“One of my bold bets is I want to eliminate our traditional service desk by 2025,” says Jason Ballard, IT executive and general manager for infrastructure and operations services at Toyota Motor North America. Ballard is also the technology executive responsible for both the company’s battery electric vehicle (BEV) platform as it shifts to electrification, […]
CSM certification: Costs, requirements, and all you need to know
CSM certification Agile practices are being rapidly adopted in project and product management across many industries, and the ScrumMaster is an important leadership role in agile development to not only improve workflow but increase your value as your career evolves. The Certified ScrumMaster (CSM) certification, available through the Scrum Alliance, is an entry-level certification aimed at providing professionals with […]
Cyberattack on Irish Utility Cuts Off Water Supply for Two Days
Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. The post Cyberattack on Irish Utility Cuts Off Water Supply for Two Days appeared first on SecurityWeek.
Meta Makes End-to-End Encryption a Default on Facebook Messenger
End-to-End encryption in Facebook Messenger means that no one other than the sender and the recipient — not even Meta — can decipher people’s messages. The post Meta Makes End-to-End Encryption a Default on Facebook Messenger appeared first on SecurityWeek.
Cybersecurity for enterprise: 10 essential PAM considerations for modern hybrid enterprises
Supporting enterprise security during a cloud migration can be rife with pitfalls that can derail the initiative and ruin the customer experience. It’s no joke—I know a finance director who suffered this fate. She joined the company in the middle of a corporate cloud transformation initiative and inherited a new Privileged Access Management (PAM) solution […]
CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation
The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks. The post CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation appeared first on SecurityWeek.
Generative AI will be the key to achieving patient-centric care
The adoption of generative AI in the U.S. healthcare ecosystem has only just begun. Both healthcare payers and providers remain cautious about how to use this latest version of artificial intelligence, and rightfully so. You have to balance the potential benefits of generative AI with significant, important operational issues, such as ensuring patient data privacy […]
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption
A study commissioned by Apple shows that 2.6 billion personal data records were compromised in breaches in the past two years. The post Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption appeared first on SecurityWeek.
When natural disasters strike Japan, Ōita University’s EDiSON is ready to act
Over the centuries, Japan has endured more than its fair share of natural disasters – such as the Great Kanto earthquake of 1923 that resulted in close to 40,000 lives lost in downtown Tokyo alone and, more recently, the 2011 Tohoku quake and tsunami that devastated the northeast coast of Japan, killing 18,000 residents with […]
BMC on BMC: How the company enables IT observability with BMC Helix and AIOps
As a global company with more than 6,000 employees, BMC faces many of the same data challenges that other large enterprises face. The organization has 500 applications for business services, 80,000 VMs, 3,000 hosts, and more than 100,000 containers. BMC needed a solution to transform this large volume of data and enable observability to understand […]
Why CIOs should prioritize AIOps in 2024
Digital services are the lifeblood of any modern enterprise, acting both as the face of the business to customers and the backend muscles that keep the organization moving. But the complexity of these services is greater than ever and continues to grow. Even as organizations modernize some technology components, IT must continue to maintain their […]
The data deluge: The need for IT Operations observability and strategies for achieving it
To understand service health, IT needs to examine availability, security, performance, and log data from all layers of the ecosystem. Accomplishing this task requires observability driven by artificial intelligence (AI). Simply put, observability is the ability to look at data from all of an organization’s tools to understand the state of an application or service. […]
Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs
Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps. The post Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs appeared first on SecurityWeek.
Nissan Restoring Systems After Cyberattack
Nissan Oceania says it has been working on restoring its systems after falling victim to a cyberattack. The post Nissan Restoring Systems After Cyberattack appeared first on SecurityWeek.
Future Intel, AMD and Arm CPUs Vulnerable to New ‘SLAM’ Attack: Researchers
Security features that major CPU vendors plan on integrating into their future products can increase the surface for certain types of attacks. The post Future Intel, AMD and Arm CPUs Vulnerable to New ‘SLAM’ Attack: Researchers appeared first on SecurityWeek.
New ‘Pool Party’ Process Injection Techniques Undetected by EDR Solutions
Pool Party is a new set of eight Windows process injection techniques that evade endpoint detection and response solutions. The post New ‘Pool Party’ Process Injection Techniques Undetected by EDR Solutions appeared first on SecurityWeek.
FBI Chief Makes Fresh Pitch for Spy Program Renewal and Says It’d Be ‘Devastating’ If It Lapsed
FBI Director Christopher Wray calls for the reauthorization of a U.S. government surveillance tool set to expire at the end of the year. The post FBI Chief Makes Fresh Pitch for Spy Program Renewal and Says It’d Be ‘Devastating’ If It Lapsed appeared first on SecurityWeek.
Burn and Churn: CISOs and the Role of Cybersecurity Automation
Organizations need to listen to their CISOs and start turning to cybersecurity automation for the qualitative benefits of employee satisfaction and well-being. The post Burn and Churn: CISOs and the Role of Cybersecurity Automation appeared first on SecurityWeek.
Ransomware Attacks on Industrial Orgs Increasingly Impact OT Systems: Survey
Ransomware attacks aimed at industrial organizations are increasingly impacting OT systems, according to a Claroty report. The post Ransomware Attacks on Industrial Orgs Increasingly Impact OT Systems: Survey appeared first on SecurityWeek.
WestRock CIDO Amir Kazmi on building resiliency
Amir Kazmi is a savvy business leader whose leadership playbook has been shaped by the fact that he’s spent one third of his career in P&L roles. In his current role as chief information and digital officer at WestRock, he’s responsible for developing and executing global information systems, technology, and cybersecurity strategy in addition to […]
How to create an effective business continuity plan
The tumultuous events of the past several years have impacted practically every business. And with the number of extreme weather events, cyberattacks, and geopolitical conflicts continuing to rise, business leaders are bracing for the possibility of increasingly more frequent impactful incidents their organizations will need to respond to. According to PwC’s 2023 Global Crisis and […]
Atlassian Patches Critical Remote Code Execution Vulnerabilities
Atlassian has released patches for critical-severity remote code execution flaws in Confluence and other products. The post Atlassian Patches Critical Remote Code Execution Vulnerabilities appeared first on SecurityWeek.
Time for New Partnership Paradigms to Be Future-fit
As the digital era paves the way for new economic platforms and opportunities, it also leverages the role of cross-industry collaboration, especially in technology. Historically, the technology partner relationship used to be a body count per dollar efficiency ratio, which focuses on getting work done while best optimising the budget. However, this partnership model cannot […]
DS Smith sets a single-cloud agenda for sustainability
British multinational packaging giant DS Smith has committed itself to ambitious sustainability goals, and its IT strategy to standardize on a single cloud will be a key enabler. The London-based industrial manufacturer, which currently runs multiple cloud platforms due to early experimentation and several acquisitions, has opted to consolidate its cloud and data operations onto […]
Generative AI in enterprises: LLM orchestration holds the key to success
This article was co-authored by Shail Khiyara, President & COO, Turbotic, and Rodrigo Madanes, EY Global Innovation AI Leader. The views reflected in this article are the views of the authors and do not necessarily reflect the views of the global EY organization or its member firms. Many enterprises are accelerating their artificial intelligence (AI) […]
How gen AI is joining the holiday shopping season
Retailers are pushing their customer service and supply chain systems to new limits in anticipation of record spending this holiday season. Increasingly, they’re relying on generative AI to help them deliver on rising demand. Just a year after the release of ChatGPT, gen AI is generating value in many different industries, including retail. Salesforce predicts gen AI will account […]
Bank of England Will Review the Risks That AI Poses to UK Financial Stability
The Bank of England will make an assessment next year about the risks posed by artificial intelligence and machine learning. The post Bank of England Will Review the Risks That AI Poses to UK Financial Stability appeared first on SecurityWeek.
Microsoft Hires New CISO in Major Security Shakeup
Microsoft announced a major shakeup of its security hierarchy, removing the CISO and Deputy CISO and handing the reins to a recent hire who previously served as CTO and President at Bridgewater. The post Microsoft Hires New CISO in Major Security Shakeup appeared first on SecurityWeek.
Transform your technology and accelerate business outcomes with NTT DATA’s Technology Solutions
Digital transformation is revolutionizing the way organizations operate. Intelligent new services and infrastructure can optimize cost and performance, but the rapidly evolving technology environment also introduces complexity. Without access to the expertise and insights you need to manage fast-evolving hardware and software infrastructure as efficiently as possible, it can be an uphill battle to keep […]
Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat
iVerify, a seed-stage startup spun out of Trail of Bits, ships a mobile threat hunting platform to neutralize iOS and Android zero-days. The post Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat appeared first on SecurityWeek.
How the cloud and AI will help more companies become future proof
When speaking with IT leaders from the world’s largest companies about their greatest business challenges, there’s one thing I hear often. They all want to be future proof, where their operations become more flexible and resilient so they can bounce back faster to unforeseen challenges. It’s easy to see why. In a world where macroeconomic […]
Dragos Offering Free OT Cybersecurity Technology to Small US Utilities
The Dragos Community Defense Program is offering free OT cybersecurity software to small electric, water, and natural gas utilities in the US. The post Dragos Offering Free OT Cybersecurity Technology to Small US Utilities appeared first on SecurityWeek.
Chrome 120 Patches 10 Vulnerabilities
Chrome 120 was released in the stable channel with patches for 10 vulnerabilities, including five externally reported flaws. The post Chrome 120 Patches 10 Vulnerabilities appeared first on SecurityWeek.
Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes
The Shadowserver Foundation warns of an increase in the number of devices hacked via recent Cisco IOS XE vulnerabilities. The post Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes appeared first on SecurityWeek.
Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images
LogoFAIL is an UEFI image parser attack allowing hackers to compromise consumer and enterprise devices using malicious logo images. The post Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images appeared first on SecurityWeek.
Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency
US government agency was targeted in attacks that involved exploitation of an Adobe ColdFusion vulnerability tracked as CVE-2023-26360. The post Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency appeared first on SecurityWeek.
GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities
A new GAO report reveals that 20 out of 23 US federal agencies have not fully implemented incident response plans. The post GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities appeared first on SecurityWeek.
CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities
CISA has added to its Known Exploited Vulnerabilities Catalog four Qualcomm bugs, including three exploited as zero-days. The post CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities appeared first on SecurityWeek.
SAP faces breakdown in trust over innovation plans
Ever since SAP CEO Christian Klein (pictured) told financial analysts in July that the company would only offer its latest AI and “green ledger” innovations to customers running its flagship S/4HANA ERP platform through its subscription-only, cloud-based Rise with SAP offering, the company has been on the back foot. The move may have played well […]
Virtual Event Today: Cyber AI & Automation Summit
Virtual conference on December 6th will explore cybersecurity use-cases for artificial intelligence (AI) technology and the race to protect LLM algorithms from adversarial use. The post Virtual Event Today: Cyber AI & Automation Summit appeared first on SecurityWeek.
5 Critical Steps to Prepare for AI-Powered Malware in Your Connected Asset Ecosystem
AI-powered attacks will become progressively more common, and a well-rounded security approach involves more than simply managing incidents effectively. The post 5 Critical Steps to Prepare for AI-Powered Malware in Your Connected Asset Ecosystem appeared first on SecurityWeek.
Delivering value through IT at Village Roadshow
More is expected of a CIO these days, and it’s debatable whether that’s a change for the better or not. But according to Michael Fagan, chief transformation officer of Australian cinema and theme park company Village Roadshow, the positive change of the role is about being less focused on cost and more around value-added delivery. […]
6 generative AI hazards IT leaders should avoid
OpenAI’s recent announcement of custom ChatGPT versions make it easier for every organization to use generative AI in more ways, but sometimes it’s better not to. Two AI safety summits in as many weeks on both sides of the Atlantic raised questions about the potential dangers of AI, but neither the science fictional threats of […]
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks
Forescout has found 21 vulnerabilities in Sierra Wireless OT/IoT routers that could expose critical infrastructure organizations to remote attacks. The post 21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks appeared first on SecurityWeek.
23andMe Says Hackers Saw Data From Millions of Users
Personal genetics firm 23andMe said hackers accessed the personal information about 6.9 million of its members. The post 23andMe Says Hackers Saw Data From Millions of Users appeared first on SecurityWeek.
AI’s Future Could be Open-Source or Closed. Tech Giants Are Divided as They Lobby Regulators
Facebook parent Meta and IBM launched a new group called the AI Alliance that’s advocating for an “open science” approach to AI development. The post AI’s Future Could be Open-Source or Closed. Tech Giants Are Divided as They Lobby Regulators appeared first on SecurityWeek.
Operational technology systems require a robust Zero Trust strategy in 2024
Cyberattacks on operational technology (OT) systems are rapidly rising. In fact, manufacturing was one of the sectors most impacted by extortion attacks last year, according to Palo Alto Networks Unit 42, as reported in the 2023 Unit 42 Extortion and Ransomware Report. Attacks against OT systems can have a significant impact, including physical consequences such […]
Major Organizations Using ‘Hugging Face’ AI Tools Put at Risk by Leaked API Tokens
Lasso warns of more than 1,600 leaked Hugging Face API tokens belonging to hundreds of organizations. The post Major Organizations Using ‘Hugging Face’ AI Tools Put at Risk by Leaked API Tokens appeared first on SecurityWeek.
Application Security Startup ArmorCode Raises $40 Million
ArmorCode raises $40 million in a Series B funding round to help organizations ship secure applications. The post Application Security Startup ArmorCode Raises $40 Million appeared first on SecurityWeek.
Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery
The details of 10 unpatched Loytec building automation product vulnerabilities have been disclosed two years after their discovery. The post Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery appeared first on SecurityWeek.
New Threat Actor ‘AeroBlade’ Targeted US Aerospace Firm in Espionage Campaign
BlackBerry attributes cyberattack against an aerospace organization in the US to a new threat actor named AeroBlade. The post New Threat Actor ‘AeroBlade’ Targeted US Aerospace Firm in Espionage Campaign appeared first on SecurityWeek.
Mine Lands $30M Series B for Data Privacy Tech
Israeli early-stage startup snags financing from Battery Ventures, PayPal Ventures and Nationwide Ventures. The post Mine Lands $30M Series B for Data Privacy Tech appeared first on SecurityWeek.
94 Vulnerabilities Patched in Android With December 2023 Security Updates
Android’s December 2023 security updates resolve 94 vulnerabilities, including several critical-severity bugs. The post 94 Vulnerabilities Patched in Android With December 2023 Security Updates appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 34 Deals Announced in November 2023
Thirty-four cybersecurity-related merger and acquisition (M&A) deals were announced in November 2023. The post Cybersecurity M&A Roundup: 34 Deals Announced in November 2023 appeared first on SecurityWeek.
CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector
SecurityWeek discusses the role of security leadership with three CISOs in one of the world’s most attacked sectors: healthcare. The post CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector appeared first on SecurityWeek.
Huawei Cloud: Accelerating intelligence in Europe, for Europe
The Digital Future in Europe The future of European organisations and industries is looking increasingly digital and cloud-centric. According to Foundry’s Digital Business Study 2023, 91% of EMEA organisations have adopted or plan to adopt a digital-first business strategy. At the same time, Foundry’s Cloud Computing Study 2023 found that 71% of EMEA organisations are […]
Workplace griping: The key release valve your culture lacks
Collaboration suites have an annoying blind spot: They don’t help employees bump into each other. Once upon a time we had “telecommuting” and it was controversial. Most managers and executives figured letting employees work from home was doing them a favor. But, filled with optimism bias, the IT industry busily crafted collaboration suites whose purpose […]
11 ways to reduce your IT costs now
IT leaders have always needed to exercise fiscal responsibility while meeting business demands for technology. But as digital transformation efforts have intensified in recent years, CIOs have had fewer opportunities to pause and reevaluate IT’s financial situation. “Some organizations have been innovating, transforming, and growing so fast that they haven’t had time to clear up […]
Bringing the data processing unit (DPU) revolution to your data center
The data processing unit, or DPU, is a new class of programmable processor that enables servers to more efficiently move data, freeing up valuable CPU cycles and allowing services to be statefully embedded in the data center network. As the data center continues to evolve, the combination of CPU, GPU and DPU will be the pillars […]
LexisNexis rises to the generative AI challenge
IT leaders looking for a blueprint for staving off the disruptive threat of generative AI might benefit from a tip from LexisNexis EVP and CTO Jeff Reihl: Be a fast mover in adopting the technology to get ahead of potential disruptors. Since its origins in the early 1970s, LexisNexis and its portfolio of legal and […]
The CIO’s new role: Orchestrator-in-chief
CIOs today find themselves in a unique position to survey everything taking place across their organization, find opportunities, resolve conflicts, set priorities, and help shape strategy. In other words, they are uniquely situated to function as their companies’ de facto orchestrators-in-chief. “It’s really only the CIO and the CEO who have this perspective,” says Irving […]
What goes well with Viña Concha y Toro wines? Meat, fish, poultry, and SAP
How do you improve efficiency without compromising quality? Achieving that goal has become even more essential and challenging for the wine industry in the face of climate change, increased competition on a world level, labor shortages, and other issues. Yet, one of the world’s largest wine producers is succeeding, paired with SAP. Founded in Chile more […]
Top Guns: Defending Corporate Clouds from Malicious Mavericks
While applications and cloud infrastructure present different risk profiles and require different security assessments, they must not be viewed separately with regards to enterprise defense. The post Top Guns: Defending Corporate Clouds from Malicious Mavericks appeared first on SecurityWeek.
How to maximize ROI by choosing the right Java partner for your organization
By: Scott Sellers, Co-Founder and CEO, Azul After almost 30 years, Java remains the programming language of choice for large-scale enterprise applications in the cloud, on-prem, or hybrid. Its versatility, reliability, stability, and open-source and third-party libraries and frameworks make developing and running applications very efficient. In January 2023, Oracle changed its licensing and/or pricing […]
North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report
Recorded Future calculates that North Korean state-sponsored threat actors are believed to have stolen more than $3 billion in cryptocurrency. The post North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report appeared first on SecurityWeek.
Russian Pleads Guilty to Role in Developing TrickBot Malware
A Russian national has admitted to his role in developing and using the notorious TrickBot malware. Vladimir Dunaev, 40, pleaded guilty to his involvement in the development and deployment of the TrickBot malware, which was used in cyberattacks against organizations worldwide, including hospitals and schools, causing tens of millions of dollars in losses. Around since […]
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government
Security agencies say the Cyber Av3ngers group targeting ICS at multiple water facilities is affiliated with the Iranian government. The post ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government appeared first on SecurityWeek.
New Relic Says Hackers Accessed Internal Environment Using Stolen Credentials
New Relic said hackers gained access to an environment using social engineering and stolen credentials for an employee account. The post New Relic Says Hackers Accessed Internal Environment Using Stolen Credentials appeared first on SecurityWeek.
Fortifying the bridge between tech and business in the C-suite
Historically, the relationship between technology and business leader has tended to be transactional: a business leader has an objective they want to meet, and they’ll ask their technology leaders to figure out how to achieve their goals. Need to embed a tool on your website to collect emails for lead generation? Check. Seeing reports of […]
Beyond gigabit: the need for 10 Gbps in business networks
Where a 1 Gbps corporate network was once the gold standard, the dominance of real-time video now demands higher bandwidth. 10 Gbps solutions are now emerging to provide super-responsive connectivity, right across campuses. Liu Jianning, Vice President of Huawei’s Data Communication Marketing & Solutions Sales Dept, discusses the need for 10 Gbps in business networks […]
Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say
The Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked “Cyber Av3ngers” hackers The post Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say appeared first on SecurityWeek.
Website spoofing: risks, threats, and mitigation strategies for CIOs
In our rapidly advancing digital era, where our lives seamlessly merge with the vast online realm, the trust we place on websites to safeguard our sensitive data and personal information becomes increasingly critical with every click. As we navigate the continuous flow of information and effortlessly access many online services, the omnipresent challenge of cybersecurity […]
Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere
Members of Congress asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting CISA to warn other water and sewage-treatment utilities that they may be vulnerable. The post Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere appeared first on SecurityWeek.
Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring)
CIOs have a lot on their plates. Their responsibilities include leading digital transformation efforts at the organization, delivering ROI on technology investments, and providing a secure platform for mission critical business processes. The last thing a CIO needs is an internet outage that could disrupt ecommerce activities, prevent remote workers from connecting to cloud-based applications, […]
Staples Confirms ‘Cybersecurity Risk’ Disrupting Online Stores
Office supply retail giant confirms security incident disrupted online orders, communications channels and customer service lines. The post Staples Confirms ‘Cybersecurity Risk’ Disrupting Online Stores appeared first on SecurityWeek.
How customers can save money during periods of economic uncertainty
Saving money is a top priority for many organizations, particularly during periods of economic uncertainty. Today, security, networking, and IT teams are faced with reduced headcount, shrinking budgets, and the very real need to do more with less. Yesterday’s hub-and-spoke networks and castle-and-moat security models were adequate when users, applications, and data all resided onsite […]
In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked
Noteworthy stories that might have slipped under the radar: Utilities in US and Europe targeted in attacks, aerospace hacks, and Killnet leader unmasked. The post In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked appeared first on SecurityWeek.
New ‘Turtle’ macOS Ransomware Analyzed
New Turtle macOS ransomware is not sophisticated but shows that cybercriminals continue to target Apple devices. The post New ‘Turtle’ macOS Ransomware Analyzed appeared first on SecurityWeek.
US Sanctions North Korean Cyberespionage Group Kimsuky
The US has announced sanctions against North Korean cyberespionage group Kimsuky over its intelligence gathering activities. The post US Sanctions North Korean Cyberespionage Group Kimsuky appeared first on SecurityWeek.
10 business intelligence certifications and certificates to advance your BI career
As data becomes increasingly vital to business success, business intelligence (BI) continues to grow in importance. And with a strong BI strategy and team, organizations can perform the kinds of analysis necessary to help users make better data-driven business decisions. BI encompasses numerous roles. BI analysts, with an average salary of $73,705 according to PayScale, […]
Simple Attack Allowed Extraction of ChatGPT Training Data
Researchers found that a ‘silly’ attack method could have been used to trick ChatGPT into handing over training data. The post Simple Attack Allowed Extraction of ChatGPT Training Data appeared first on SecurityWeek.
Generative AI’s ‘show me the money’ moment
In a key scene from the 1996 movie “Jerry Maguire,” a pro football player is in the midst of contract negotiations with the Arizona Cardinals. He gets tired of his agent Jerry’s slick sales pitch and shouts at him in exasperation: “Show me the money!” This is the very spot the world finds itself with generative […]
Apple Patches WebKit Flaws Exploited on Older iPhones
Apple’s security response team warns that flaws CVE-2023-42916 and CVE-2023-42917 were already exploited against versions of iOS before iOS 16.7.1. The post Apple Patches WebKit Flaws Exploited on Older iPhones appeared first on SecurityWeek.
How customers capture real economic value with zero trust
Hub-and-spoke networks and castle-and-moat security architectures were designed for days gone by when users, apps, and data all resided on premises. But in today’s world, endlessly extending the network to more branch offices, remote users, and cloud apps, and defending network access through ever-growing stacks of point product hardware appliances breeds significant costs. The Zscaler […]
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices
Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks. The post Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices appeared first on SecurityWeek.
Thinking of hibernating through the metaverse winter?
If you’re skeptical about dipping your enterprise’s virtual toes into a metaverse, rightfully so. While the roots of the metaverse date back more than 70 years, the concept gained instant credibility when it landed on Gartner’s 2022 Hype Cycle for Emerging Technologies with a “Plateau of Productivity’ timeframe of “more than 10 years.” Around the […]
A cloud-based solution to rescue millions from energy poverty
British-based Savannah Energy operates on a simple principle: Financial poverty and energy poverty are intertwined. Therefore, the company reasons, by generating clean, competitively priced electricity for millions of households in Africa, hardship can be replaced with socio-economic prosperity. Given the realities on the ground, though, this objective is not as simple as it sounds. For […]
Meta Takes Action Against Multiple Foreign Influence Campaigns
Meta removed three foreign influence operations from the Facebook platform during Q3, 2023. Two were Chinese in origin, and one was Russian, the company says. The post Meta Takes Action Against Multiple Foreign Influence Campaigns appeared first on SecurityWeek.
US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers
US Treasury sanctions Sinbad, saying the cryptocurrency mixer is laundering funds for North Korean hacking group Lazarus. The post US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers appeared first on SecurityWeek.
Black Basta Ransomware Group Received Over $100 Million From 90 Victims
The Black Basta ransomware group has infected over 300 victims and received more than $100 million in ransom payments. The post Black Basta Ransomware Group Received Over $100 Million From 90 Victims appeared first on SecurityWeek.
Qlik Sense Vulnerabilities Exploited in Ransomware Attacks
Qlik Sense vulnerabilities CVE-2023-41266, CVE-2023-41265 and CVE-2023-48365 exploited for initial access in Cactus ransomware attacks. The post Qlik Sense Vulnerabilities Exploited in Ransomware Attacks appeared first on SecurityWeek.
Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals
ZeroedIn says personal information of 2 million individuals was compromised in an August 2023 data breach that impacts customers such as Dollar Tree. The post Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals appeared first on SecurityWeek.
Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments
Palo Alto Networks has launched a new rugged firewall for industrial environments and announced several OT security improvements. The post Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments appeared first on SecurityWeek.
CISA Debuts ‘Secure by Design’ Alert Series
New CISA alerts shed light on the harm occurring when software vendors fail to implement secure by design principles. The post CISA Debuts ‘Secure by Design’ Alert Series appeared first on SecurityWeek.
Google’s RETVec Open Source Text Vectorizer Bolsters Malicious Email Detection
Google shows how RETVec, a new and open source text vectorizer, can improve the detection of phishing attacks, spam and other harmful content. The post Google’s RETVec Open Source Text Vectorizer Bolsters Malicious Email Detection appeared first on SecurityWeek.
400G: Building bandwidth for the next lap
Anticipating an Explosion of Bandwidth Demand Global bandwidth demand is on an unprecedented rise. In 2022 alone, the International Telecommunications Union (ITU) recorded 25% growth in international bandwidth usage, adding to a 33% compounded average growth rate that’s been steadily rising since 2017. For individual consumers, 1Gbps connectivity is now a norm while high-definition video has become […]
CIO Darlene Taylor’s formula for success: Listen, drive, care
It’s no secret: The best talent wants to work for leaders with the attributes to drive success. And for those leaders, credibility is king. Darlene Taylor, CIO of Superior Industries, one of the world’s largest suppliers of aluminum wheels, attributes her “street cred” to her past experience, first as an engineer of automotive design and […]
8 change management questions every IT leader must answer
Early in the pandemic CIO Ken Grady pinpointed a key challenge that has vexed IT organizations for the better part of a decade. “We saw a tremendous acceleration and adoption in the use of new platforms to stay connected and keep our organizations moving forward,” Grady recalls of those early days navigating lockdowns. “A few […]
Hundreds of Malicious Android Apps Target Iranian Mobile Banking Users
Zimperium has identified over 200 information-stealing Android applications targeting mobile banking users in Iran. The post Hundreds of Malicious Android Apps Target Iranian Mobile Banking Users appeared first on SecurityWeek.
Keyless Goes Independent, Raises $6M for Biometric Authentication
British startup building biometric authentication technology has snagged $6 million in a new round of funding led by Rialto Ventures. The post Keyless Goes Independent, Raises $6M for Biometric Authentication appeared first on SecurityWeek.
Okta Broadens Scope of Data Breach: All Customer Support Users Affected
Okta expands scope of October breach, saying hackers stole names and email addresses of all its customer support system users. The post Okta Broadens Scope of Data Breach: All Customer Support Users Affected appeared first on SecurityWeek.
New BLUFFS Bluetooth Attack Methods Can Have Large-Scale Impact: Researcher
An academic researcher demonstrates BLUFFS, six novel attacks targeting Bluetooth sessions’ forward and future secrecy. The post New BLUFFS Bluetooth Attack Methods Can Have Large-Scale Impact: Researcher appeared first on SecurityWeek.
Google Patches Seventh Chrome Zero-Day of 2023
The latest Chrome security update addresses the seventh exploited zero-day vulnerability documented in the browser in 2023. The post Google Patches Seventh Chrome Zero-Day of 2023 appeared first on SecurityWeek.
CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack
After hackers compromised ICS at a US water utility, CISA issued a warning over the exploitation of the targeted Unitronics PLC. The post CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack appeared first on SecurityWeek.
Five Cybersecurity Predictions for 2024
Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape. The post Five Cybersecurity Predictions for 2024 appeared first on SecurityWeek.
Google Will Start Deleting ‘Inactive’ Accounts in December. Here’s What You Need to Know
The easiest way to keep your Google account active (and thus prevent it from being deleted) is to sign in at least once every two years. The post Google Will Start Deleting ‘Inactive’ Accounts in December. Here’s What You Need to Know appeared first on SecurityWeek.
Per Scholas redefines IT hiring by diversifying the IT talent pipeline
Per Scholas was founded in 1995 in the Bronx as a computer reclamation company with the goal of bridging the digital divide. To do so, the organization collected retired computers and laptops from companies, fixed them up, and redistributed them back into the community through schools and nonprofits. When CEO Plinio Ayala joined Per Scholas […]
4 remedies to avoid cloud app migration headaches
Once enterprises commit to running business-critical applications in the cloud, they rarely move to another provider. One big reason: they’re often locked into their chosen provider’s ecosystem. The cost of migrating is simply too high, says Sid Nag, VP of cloud services and technology at Gartner. “But if you do your planning exercise properly, you […]
Steps Gerresheimer takes to transform its IT
By mid-2023, Walldorf-based Gerresheimer had its IT strategy revised, and a central component of this was its cloud journey, for which CIO Zafer Nalbant and his team built a hybrid environment consisting of a public cloud part based on Microsoft Azure, and a private cloud part that runs in a data center completely managed by T-Systems. And according […]
The Importance of Identity Management in Security
It’s ever more challenging in today’s work-from-anywhere world to prevent cybersecurity breaches. And while all organizations work hard to prevent attacks through traditional security measures such as multi-factor authentication, patching, training, and more, the bad guys increasingly find their way in through poorly thought-out, scattered access and identity management practices. The solution, we’ve seen in […]
The hybrid approach: Get the best of both mainframe and cloud
As more businesses push forward with digital transformation projects, cloud computing has stood out as a powerful tool capable of fueling the analytics that drive new technologies like artificial intelligence (AI) and machine learning (ML)—two capabilities that are quickly becoming a must-have in nearly every organization. But getting to that point presents some unique challenges. […]
Why data virtualization is critical for business success
Businesses today are sitting on vast amounts of data, which has the potential to unlock new opportunities and avenues to stay one step ahead of the competition. But data doesn’t always come in a neatly packaged format, ready to be sorted, analyzed, and used in decision-making or analysis. Enterprises are highly complex operations that often […]
How to evolve IT systems into innovation engines
When vendor-driven and customer-driven technology roadmaps are in close alignment, the results can be almost magical. Unfortunately, for most organizations that’s rarely the reality as they’re often left struggling to achieve the innovation that their vendors are supposed to enable. IT leaders are all too familiar with this cycle: Up-and-coming vendors mature or get acquired […]
Dear Oracle Cloud…I need my own space
Dear Oracle Cloud Infrastructure, Look, it’s not you, it’s me. And right now, you need to give me some space. No, not the space in your data center, I’m not quite ready to commit on a deeper level. I need my own space, on my own terms because I need to keep my options open. Let me explain. I’m not ready […]
Exploitation of Critical ownCloud Vulnerability Begins
Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure. The post Exploitation of Critical ownCloud Vulnerability Begins appeared first on SecurityWeek.
Police Dismantle Major Ukrainian Ransomware Operation
Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader. The post Police Dismantle Major Ukrainian Ransomware Operation appeared first on SecurityWeek.
Los Angeles SIM Swapper Sentenced to 8 Years in Prison
Amir Golshan of Los Angeles was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes. The post Los Angeles SIM Swapper Sentenced to 8 Years in Prison appeared first on SecurityWeek.
Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets
AWS announces Amazon One Enterprise, a palm-based identity service that enables users to easily access physical locations and digital assets. The post Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets appeared first on SecurityWeek.
Critical Vulnerability Found in Ray AI Framework
A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes. The post Critical Vulnerability Found in Ray AI Framework appeared first on SecurityWeek.
Making sense of zero trust – why a managed SASE solution is the ideal option for enterprises
Remote working and cloud computing are among the most significant trends in the global business landscape, unlocking innovation but also increasing attack surfaces and creating opportunities for cyber attackers. To mitigate these threats, businesses are turning to a new generation of cybersecurity solutions – with research showing Secure Access Service Edge (SASE) at the forefront. […]
What you don’t know about data management could kill your business
IT leaders take note: At your likely current trajectory, your organization is the Titanic and its data is the iceberg. To avoid the inevitable, CIOs must get serious about data management. Data, of course, has been all the rage the past decade, having been declared the “new oil” of the digital economy. And yes, data […]
8 tips for unleashing the power of unstructured data
Making the most of enterprise data is a top concern for IT leaders today. With organizations seeking to become more data-driven with business decisions, IT leaders must devise data strategies gear toward creating value from data no matter where — or in what form — it resides. For many enterprises, unstructured data, in the form of […]
Ardent Hospitals Diverting Patients Following Ransomware Attack
Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations. The post Ardent Hospitals Diverting Patients Following Ransomware Attack appeared first on SecurityWeek.
Gen AI without the risks
ChatGPT, Stable Diffusion, and DreamStudio–Generative AI are grabbing all the headlines, and rightly so. The results are impressive and improving at a geometric rate. Intelligent assistants are already changing how we search, analyze information, and do everything from creating code to securing networks and writing articles. Gen AI will become a fundamental part of how […]
Old age isn’t what is used to be: a versatile solution for a more independent breed of seniors
Today’s seniors aren’t what they used to be. Writer Stephen King recently turned 76. Rock legends Paul McCartney and Ringo Starr just released the final Beatles song at the age of 81 and 83 respectively. Captain James T. Kirk himself, the venerable William Shatner, is 92. And none of them are resting on their laurels. Imagine, […]
Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass
Three critical vulnerabilities in ownCloud could lead to sensitive information disclosure and authentication and validation bypass. The post Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass appeared first on SecurityWeek.
Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption
Healthcare solutions giant Henry Schein is once again restoring systems after ransomware group claims it re-encrypted files. The post Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption appeared first on SecurityWeek.
US, UK Cybersecurity Agencies Publish AI Development Guidance
New guidance from US and UK cybersecurity agencies provides recommendations for secure AI system development. The post US, UK Cybersecurity Agencies Publish AI Development Guidance appeared first on SecurityWeek.
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks. The post UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws appeared first on SecurityWeek.
Fidelity National Financial Takes Down Systems Following Cyberattack
Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack. The post Fidelity National Financial Takes Down Systems Following Cyberattack appeared first on SecurityWeek.
Hacktivism: What’s in a Name… It May be More Than You Expect
Hacktivism is evolving. It is important for both the law and cyber defenders to understand the current and potential activity of hacktivism to better understand how it should be treated. The post Hacktivism: What’s in a Name… It May be More Than You Expect appeared first on SecurityWeek.
Hackers Hijack Industrial Control System at US Water Utility
Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or water supply. The post Hackers Hijack Industrial Control System at US Water Utility appeared first on SecurityWeek.
Turning the tide in STEM career roadblocks at Synchrony
Despite public and internal corporate support programs, and increased awareness of male/female disparities in the workplace in terms of positions and salaries, women still come up short of equity in tech job placements. Roughly 26% of tech jobs in the US are held by women, a decrease from about 33% in 2019, according to CompTIA’s […]
10 things keeping IT leaders up at night
CIOs are hardly Luddites, but even some technologists fret about artificial intelligence, the rapid pace of tech evolution, and their ability to keep up. That’s not to say they’re looking to ditch their roles or smash machines, as the real Luddites had. Yet CIOs do admit that they’re worried about multiple issues these days. Here […]
Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons
The U.S. military is increasing use of AI technology that will fundamentally alter the nature of war. The post Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons appeared first on SecurityWeek.
Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OK
Broadcom has cleared all regulatory hurdles and plans to complete its $69 billion acquisition of cloud technology company VMware. The post Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OK appeared first on SecurityWeek.
North Korean Software Supply Chain Attack Hits North America, Asia
North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack. The post North Korean Software Supply Chain Attack Hits North America, Asia appeared first on SecurityWeek.
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Noteworthy stories that might have slipped under the radar: Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking. The post In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking appeared first on SecurityWeek.
The 15 most valuable IT certifications today
Certifications have long been a great means for IT career advancement. The right credentials can boost your salary, set you apart from the competition, and help you land promotions in your current role. In fact, IT leaders report that certified staff add a value of $30,000 per year to the organization, with a noticeable increase in […]
Germany’s ITZBund is moving federal IT into the cloud
In order to avoid falling into the trap of legacy applications, Germany’s federal center for Information Technology, the ITZBund, recognized early to execute a future-oriented cloud landscape, says Christine Serrette, the federal administration’s CIO and deputy technical director. The ITZBund acts as a central IT service provider for the federal administration and operates a wide range of critical […]
A forensic look to modernize tech at South Africa’s SIU
Established in 1996, South Africa’s Special Investigating Unit (SIU) has acted as a trusted anti-corruption, forensic investigation, and litigation agency to recover financial losses and correct wrongdoing. But with a long history comes legacy tech and inefficiencies. Something an entity like the SIU can’t afford. CIO Tumelo Zwane understands how new and emerging technologies can […]
What CIOs can learn from the massive Optus outage
The week’s high-profile resignation of Optus CEO Kelly Bayer Rosmarin in the wake of the Australian telco’s massive outage that left 10 million Australians and 400,000 businesses without phone or internet for up to 12 hours earlier this month underscores the stakes involved when it comes to setting an IT strategy for business resilience. At […]
Thrive with Digital, Accelerating Intelligence for Electric Power
From October 20 to 23, the 24th Conference on the Electric Power Supply Industry (CEPSI 2023) was held in the eastern Chinese coastal city of Xiamen. The event was co-sponsored by the Association of the Electricity Supply Industry of East Asia and the Western Pacific (AESIEAP) and the China Electricity Council. Huawei was deeply involved […]
How machines learned to chat
Chatbots have blazed an evolutionary path similar to that of self-driving cars. Using the benchmarking approach for driverless vehicles, they’ve advanced from what we might call Level 0—simple call-and-response programs designed a half-century ago—to Level 5—sophisticated AI-driven engines that can increasingly perform human-like tasks. That’s like going from rotary phones to the iPhone, notes Robb […]
Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets
Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.” The post Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets appeared first on SecurityWeek.
185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone
Car parts giant AutoZone says nearly 185,000 individuals were impacted by a data breach caused by the MOVEit hack. The post 185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone appeared first on SecurityWeek.
Windows Hello Fingerprint Authentication Bypassed on Popular Laptops
Researchers have tested the fingerprint sensors used for Windows Hello on three popular laptops and managed to bypass them. The post Windows Hello Fingerprint Authentication Bypassed on Popular Laptops appeared first on SecurityWeek.
Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board
San Francisco-based OpenAI has reached an agreement in principle for Sam Altman to return to OpenAI as CEO with a new initial board. The post Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board appeared first on SecurityWeek.
Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products
Microsoft invites researchers to new bug bounty program focused on vulnerabilities in its Defender products. The post Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products appeared first on SecurityWeek.
Humans Are Notoriously Bad at Assessing Risk
When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality. The post Humans Are Notoriously Bad at Assessing Risk appeared first on SecurityWeek.
Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’
Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that has hobbled access to records. The post Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’ appeared first on SecurityWeek.
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability
Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it. The post Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability appeared first on SecurityWeek.
Keeping the customer journey and experience as a North Star
As a connected car data company focusing on the motor insurance sector, UK-based ThingCo is dedicated to developing next gen telematics built with the latest technology. But ensuring the best possible end user experience is the primary consideration to choose the right way forward. “I think of myself as a techie, but I’m probably more […]
5 pillars of a cloud-conscious culture
Most CIOs recognize the advantages of cloud, the global reach it provides, and the ease with which services can be scaled up and back down again. “Cloud is scalable IT infrastructure that enables organizations to respond quickly to market changes, support business growth, and minimize disruptions,” says Swati Shah, SVP and CIO of US markets […]
LLM Security Startup Lasso Emerges From Stealth Mode
Lasso Security raises $6 million in seed funding to tackle cyber threats to secure generative AI and large language model algorithms. The post LLM Security Startup Lasso Emerges From Stealth Mode appeared first on SecurityWeek.
CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities
New CISA pilot program brings cutting-edge cybersecurity services to critical infrastructure entities that need support. The post CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities appeared first on SecurityWeek.
Canadian Military, Police Impacted by Data Breach at Moving Companies
Data breach at moving companies impacts Canadian government employees, and military and police personnel. The post Canadian Military, Police Impacted by Data Breach at Moving Companies appeared first on SecurityWeek.
Tor Network Removes Risky Relays Associated With Cryptocurrency Scheme
The Tor network has removed many relays associated with a cryptocurrency scheme, citing risk to integrity and users. The post Tor Network Removes Risky Relays Associated With Cryptocurrency Scheme appeared first on SecurityWeek.
Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges
Interview with Craig Martell, Chief Digital and AI Officer (CDAO) for the U.S. Department of Defense, about AI use in the military. The post Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges appeared first on SecurityWeek.
Sumo Logic Completes Investigation Into Recent Security Breach
Sumo Logic has completed its investigation into the recent security breach and found no evidence of impact to customer data. The post Sumo Logic Completes Investigation Into Recent Security Breach appeared first on SecurityWeek.
Microsoft Paid Out $63 Million Since Launch of First Bug Bounty Program 10 Years Ago
Over the past ten years, Microsoft has handed out $63 million in rewards as part of its bug bounty programs. The post Microsoft Paid Out $63 Million Since Launch of First Bug Bounty Program 10 Years Ago appeared first on SecurityWeek.
Air Force CDAIO Eileen Vidrine on leading top-flight AI operations
Artificial intelligence is transforming the ways in which we do virtually everything. That includes how the United States fights wars, monitors threats, and safeguards the national defense. The role of AI has become so critical to military strategy and capability that the US Air and Space Forces appointed its first chief artificial intelligence officer this […]
7 steps for turning shadow IT into a competitive edge
Ask IT leaders about their challenges with shadow IT, and most will cite the kinds of security, operational, and integration risks that give shadow IT its bad rep. But for a select few, the deeper challenges of departmental technologies being funded, procured, and managed without IT involvement are the missed opportunities to better engage and […]
Generative AI’s most noble mission: Improving and saving lives
Michael J. Fox says it perfectly: “Family is not an important thing. It’s everything.” That’s exactly how I feel. As a technology professional, seeing how artificial intelligence (AI) and generative AI/large language models can improve and save lives makes me think about the significant difference this can have on families and communities worldwide–including mine. It’s one of technology’s most profound and […]
Gen AI: Should you build or buy?
With organizations racing to put more generative AI tools in users’ hands—and software vendors rapidly integrating those tools into their products—CIOs face a familiar choice: develop their own solutions in house, or invest and adapt tools already available in a fast-growing AI marketplace. Yet it’s not a simple build-vs.-buy question, says Prakash Ramamurthy, chief product […]
5 ways AI is showing promise as a decision-maker
CIOs and others in the C-suite are already seeing payoffs from using AI to automate myriad types of business tasks and workflows. Now they’re eyeing a next-phase opportunity—relying on machine intelligence to handle complex decisions. “If you look at the advances we have seen in AI, with the large amounts of data that large language […]
Frucor Suntory amplifies sales and service with a unified mobile app
Early in my career, I stayed in an authentic ryokan inn in Kyoto. It was right out of an 1800s Hiroshige woodblock print with a Japanese garden, hanging lanterns, sliding rice paper doors, and a glowing view of Mt Fuji at sunrise. After work, my colleague and I discovered the local dishes and Suntory scotch—a first. […]
The $400 billion opportunity for AI in customer service
Not all AI-powered customer service chatbots are created equal—or created well. Take AVA, the AI-infused customer support bot that AirAsia introduced in 2019. AVA racked up nearly as many customer complaints as case resolutions, forcing AirAsia CEO Tony Fernandes to admit earlier this year that AVA was Southeast Asia’s “most hated AI chatbot.” AVA, of […]
Morgan Stanley Fined $6.5 Million for Exposing Customer Information
Morgan Stanley agrees to pay $6.5 million for exposing personal information through negligent data-security practices. The post Morgan Stanley Fined $6.5 Million for Exposing Customer Information appeared first on SecurityWeek.
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations. The post CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations appeared first on SecurityWeek.
Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products
Johnson Controls has patched a critical vulnerability that can be exploited to take complete control of Frick industrial refrigeration products. The post Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products appeared first on SecurityWeek.
Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing
Microsoft hired Sam Altman and another architect of OpenAI for a new venture after their sudden departures shocked the artificial intelligence world. The post Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing appeared first on SecurityWeek.
Yamaha Motor Confirms Data Breach Following Ransomware Attack
Yamaha Motor discloses ransomware attack impacting the personal information of its Philippines subsidiary’s employees. The post Yamaha Motor Confirms Data Breach Following Ransomware Attack appeared first on SecurityWeek.
Russia’s LitterDrifter USB Worm Spreads Beyond Ukraine
Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries. The post Russia’s LitterDrifter USB Worm Spreads Beyond Ukraine appeared first on SecurityWeek.
5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms
It’s crucial to thoroughly assess the risk profiles of various SSE platforms and weigh their suitability against their organization’s risk tolerance before adopting SSE. The post 5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms appeared first on SecurityWeek.
US Announces $70 Million Cybersecurity Boost for Rural, Municipal Utilities
The US Department of Energy is offering $70 million in funding to improve the cybersecurity of rural and municipal utilities. The post US Announces $70 Million Cybersecurity Boost for Rural, Municipal Utilities appeared first on SecurityWeek.
250 Organizations Take Part in Electrical Grid Security Exercise
Over 250 organizations take part in GridEx VII, the largest North American exercise focusing on the security of the electrical grid. The post 250 Organizations Take Part in Electrical Grid Security Exercise appeared first on SecurityWeek.
6 most underhyped technologies in IT — plus one that’s not dead yet
Generative AI and, more specifically, ChatGPT captivated the corporate world in 2023, with board directors, CEOs, and other executives fawning (and sometimes fearing) the technology. Their enthusiasm is justified, with multiple studies finding that AI is delivering strong value and returns on investment. IBM, for one, found that the average ROI on enterprise-wide AI initiatives […]
Can developer productivity be measured? Better than you think
Measuring developer productivity has long been a Holy Grail of business. And like the Holy Grail, it has been elusive. But based on our work with companies from a range of industries, we think we may have figured out a way to do it that could work. In 2020, McKinsey surveyed 440 large companies about […]
K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs
Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations. The post K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs appeared first on SecurityWeek.
ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company
Open AI pushed out its co-founder and CEO Sam Altman after a review found he was “not consistently candid in his communications” with the board of directors. The post ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company appeared first on SecurityWeek.
2 Environmentalists Who Were Targeted by a Hacking Network Say the Public Is the Real Victim
Two environmentalists told a judge that the public was the real victim of a global computer hacking campaign that targeted those fighting big oil companies to get the truth out about global warming. The post 2 Environmentalists Who Were Targeted by a Hacking Network Say the Public Is the Real Victim appeared first on SecurityWeek.
FCC Tightens Telco Rules to Combat SIM-Swapping
Under the new rules, wireless carriers are required to notify customers of any SIM transfer requests, a measure designed to thwart fraudulent attempts by cybercriminals. The post FCC Tightens Telco Rules to Combat SIM-Swapping appeared first on SecurityWeek.
In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit
Noteworthy stories that might have slipped under the radar: top law firm hacked, Chinese bank pays ransom, and PyPI conducts first security audit. The post In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit appeared first on SecurityWeek.
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website
Wisconsin teenager Joseph Garrison has admitted in court to launching a credential stuffing attack on a betting website. The post US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website appeared first on SecurityWeek.
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools
Bug hunters uncover over a dozen exploitable vulnerabilities in tools used to build chatbots and other types of AI/ML models. The post Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools appeared first on SecurityWeek.
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks. The post Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability
CISA adds Sophos, Oracle and Microsoft product security holes to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability appeared first on SecurityWeek.
Key GOP Lawmaker Calls for Renewal of Surveillance Tool as He Proposes Changes to Protect Privacy
The Republican chairman of the House Intelligence Committee has called for the renewal of a key US government surveillance tool as he proposed a series of changes aimed at safeguarding privacy. The post Key GOP Lawmaker Calls for Renewal of Surveillance Tool as He Proposes Changes to Protect Privacy appeared first on SecurityWeek.
Israeli Man Who Made $5M From Hacking Scheme Sentenced to Prison in US
Aviram Azari, an Israeli man who made nearly $5 million from a hacking scheme, has been sentenced to 80 months in prison in the US. The post Israeli Man Who Made $5M From Hacking Scheme Sentenced to Prison in US appeared first on SecurityWeek.
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack
Toyota Financial Services has been hit by a ransomware attack that may have involved exploitation of the CitrixBleed vulnerability. The post CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack appeared first on SecurityWeek.
IHG maximizes hospitality with multicloud
For IHG Hotels and Resorts, the cloud provides just the right accommodation for business success. “First and foremost we see our journey to the cloud as the most extremely important part of both our technology and commercial strategies,” says George Turner, chief commercial and technology officer of the British multinational, which relies heavily on its […]
Google Adds Passkey Support to New Titan Security Key
Google launches new Titan security key with passkey support, allowing users to store up to 250 unique passkeys. The post Google Adds Passkey Support to New Titan Security Key appeared first on SecurityWeek.
Biden Campaign Looking for CISO
The Biden for President campaign is looking for a cybersecurity chief to “define the organization’s risk appetite” and manage its cybersecurity and IT initiatives. The post Biden Campaign Looking for CISO appeared first on SecurityWeek.
State-Sponsored Online Spies Likely to Target Australian Submarine Program, Spy Agency Says
Australia’s cooperation with the U.S. and Britain to develop an Australian fleet of submarines powered by U.S. nuclear technology is a likely target of state-sponsored cyberespionage, the nation’s digital spy agency said. The post State-Sponsored Online Spies Likely to Target Australian Submarine Program, Spy Agency Says appeared first on SecurityWeek.
Zimbra Zero-Day Exploited to Hack Government Emails
Google says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails. The post Zimbra Zero-Day Exploited to Hack Government Emails appeared first on SecurityWeek.
Survey: Are you digitally ready for AI-enhanced ERP?
Many businesses are eyeing the potential of artificial intelligence (AI) and machine learning (ML) to transform ERP. Your ability to reap the rewards of that potential may depend on how far along you are with digital transformation. A recent IDC report sponsored by Rimini Street, AI, and ERP: Intelligently Automating the Enterprise and Creating Differentiating Value, […]
Bad Bots Account for 73% of Internet Traffic: Analysis
The top five categories of Bad Bot attacks are fake account creation, account takeovers, scraping, account management, and in-product abuse. The post Bad Bots Account for 73% of Internet Traffic: Analysis appeared first on SecurityWeek.
ServiceNow adds gen AI to more workflows, including chatbot creation
ServiceNow is rolling out another wave of generative AI additions to facilitate workflow management on its Now Platform. The update adds gen AI capabilities for field service workers, chatbot creators, and developers, among others. In September the Vancouver release of Now Platform added Now Assist for ITSM, Customer Service Management, and HR Service Delivery — […]
Administrator of Darkode Hacking Forum Sentenced to Prison
Thomas McCormick, aka fubar, an administrator of the Darkode hacking forum, has been sentenced to 18 months in prison. The post Administrator of Darkode Hacking Forum Sentenced to Prison appeared first on SecurityWeek.
Threat Intel: To Share or Not to Share is Not the Question
To share or not to share threat intelligence isn’t the question. It’s how to share, what to share, where and with whom. The post Threat Intel: To Share or Not to Share is Not the Question appeared first on SecurityWeek.
Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach
Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers. The post Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach appeared first on SecurityWeek.
The Hartford CIO Deepa Soni on transforming at scale
Deepa Soni’s CIO story is one of sacrifice, breaking through comfort zones, and building confidence in redefining the art of the possible. In a career spanning such companies as IBM, KeyCorp, M&T Bank, and BMO, she has “answered the call” many times, most recently as CIO of The Hartford, where she is responsible for the […]
5 ways to deploy your own large language model
It’s the fastest-moving new technology in history. Generative AI is transforming the world, changing the way we create images and videos, audio, text, and code. According to a September survey of IT decision makers by Dell, 76% say gen AI will have a “significant if not transformative” impact on their organizations, and most expect to […]
Illuminating the black box: why CIOs should consider publishing an annual IT report
This article was co-authored by Ishan Prakash, a Manager at Metis Strategy. The black box For decades IT has been a black box—an obscurity of inner workings mostly just accepted by the firm. But that paradigm is changing and not least because IT itself has changed. Once relegated to a role of support, the function […]
Microsoft Ignite 2023: 11 takeaways for CIOs
This year’s Microsoft Ignite developer conference might as well be called AIgnite, with over half of the almost 600 sessions featuring artificial intelligence in some shape or form. Generative AI, in particular, is at the heart of many of the new product announcements Microsoft is making at the event, including new AI capabilities for wrangling […]
Malicious innovation, building resilience, and the importance of chocolate
I recently had the privilege of talking with Keren Elazari, Joanne Friedman, and Isaac Sacolick. They are just three of the smart, compassionate, and forward-thinking speakers you can hear from at CSO’s Future of Cybersecurity Summit on December 7, 2023. This is a virtual event so take part from wherever you are, but don’t miss […]
A new and stronger entity: Versuni transforms its company – and technology
In September 2021, Philips Domestic Appliances became a stand-alone company called Versuni. As part of the carve-out, Versuni made the decision to transform its entire technology landscape. It would be a formidable undertaking, given the siloed nature of the systems in place at the time. For example, there were segregated applications for the various finance […]
Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI
Microsoft provided guidance on an Azure CLI bug leading to the exposure of sensitive information through GitHub Actions logs. The post Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI appeared first on SecurityWeek.
Data Security Firm ALTR Banks $25M Series C
Florida late-state startup ALTR gets another cash infusion to expand markets for data security technologies. The post Data Security Firm ALTR Banks $25M Series C appeared first on SecurityWeek.
Application Security Startup Aikido Security Raises €5 Million
Aikido Security has raised €5 million (~$5.4 million) in seed funding for an all-in-one application security platform. The post Application Security Startup Aikido Security Raises €5 Million appeared first on SecurityWeek.
US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea
US government announces the takedown of the IPStorm proxy service botnet and the guilty plea of its creator, a Russian/Moldovan national. The post US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea appeared first on SecurityWeek.
CISA Outlines AI-Related Cybersecurity Efforts
CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI. The post CISA Outlines AI-Related Cybersecurity Efforts appeared first on SecurityWeek.
SAP Patches Critical Vulnerability in Business One Product
SAP released a hotfix for a critical-severity improper access control vulnerability in Business One product installation. The post SAP Patches Critical Vulnerability in Business One Product appeared first on SecurityWeek.
RADICL Adds $9 Million in Funding to Fortify Cyber Defenses of SMBs in Defense Industrial Base
RADICL, a cybersecurity startup specializing in providing threat protection to SMBs, secured an additional $9 million in early-stage funding, adding to $3 million that the company had raised previously. The post RADICL Adds $9 Million in Funding to Fortify Cyber Defenses of SMBs in Defense Industrial Base appeared first on SecurityWeek.
State-Backed Hackers a Threat to Australia, Agency Warns
The AUKUS partnership, with its focus on nuclear submarines and other advanced military capabilities, is likely a target for state actors looking to steal intellectual property. The post State-Backed Hackers a Threat to Australia, Agency Warns appeared first on SecurityWeek.
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
By embracing a strategy that combines technological advancements with critical thinking skills, collaboration, and a culture of continuous learning, organizations can safeguard against AI’s disruptive effects. The post Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation appeared first on SecurityWeek.
How ServiceNow gets the most out of generative AI
Competition among software vendors to be “the” platform on which enterprises build their IT infrastructure is intensifying, with the focus of late on how much noise they can make about their implementation of generative AI features. ServiceNow wasn’t the first to announce its generative AI capabilities, but it was among the first of the major […]
CIO as enabler: Building an ecosystem of innovation partners
There’s significant debate about the future of the CIO role, but one thing is clear: Digital leaders who want to be successful must look beyond the firewall and link up with an ecosystem of vendor partners, startups, and other organizations to ensure the enterprise thrives. The reason for this shift is simple: While CIOs can often call on talented teams of […]
We’re all becoming software CIOs — a role Red Hat CIO Jim Palermo knows well
Whether you sell cars, candy, consulting, or construction, software is moving to the center of your business. Your products and services rely on software and data for nearly everything from product development to aftermarket support. So congratulations! You’ve become (or will become) what is, essentially, a software company CIO. I’ve been writing about how life […]
New Intel CPU Vulnerability ‘Reptar’ Can Allow DoS Attacks, Privilege Escalation
A new Intel CPU vulnerability tracked as Reptar and CVE-2023-23583 can be exploited for DoS attacks and possibly privilege escalation. The post New Intel CPU Vulnerability ‘Reptar’ Can Allow DoS Attacks, Privilege Escalation appeared first on SecurityWeek.
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities
Intel and AMD have informed their customers about a total of more than 130 vulnerabilities found in their products. The post Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities appeared first on SecurityWeek.
More connected, less secure: Addressing IoT and OT threats to the enterprise
The Internet of Things (IoT) is a permanent fixture for consumers and enterprises as the world becomes more and more interconnected. By 2027, the global number of connected IoT devices is projected to exceed 29 billion, a significant increase from the 16.7 billion devices reported in 2023. While the connected device landscape continues to expand […]
Critical Authentication Bypass Flaw in VMware Cloud Director Appliance
VMware flaw carries a CVSS severity-score of 9.8/10 and can be exploited to bypass login restrictions when authenticating on certain ports. The post Critical Authentication Bypass Flaw in VMware Cloud Director Appliance appeared first on SecurityWeek.
How state and local governments can close the digital divide in education with fast, affordable connectivity
Education has long served as the key to unlocking economic progress and social mobility. However, unequal access to digital tools has created a large gap between children who have access to fast, reliable internet connectivity in school and at home and those who don’t. The internet has become an important channel for delivering learning, with many […]
The future of IT: what we can learn from the mainframe
In the continuously evolving landscape of information technology, change is the only constant. Mainframes have now been around for decades and have etched their mark as the systems that laid the foundation for many technological advances. And then came the cloud, a transformative revolution that took the IT world by storm. But cloud isn’t the […]
How leadership can empower developers in the AI era
Imposter syndrome—doubting your abilities to the point that you feel like a fraud—is an evergreen topic of conversation among software developers. For many devs, the explosion of GenAI and AI-powered coding tools makes feeling like an imposter more inevitable than ever. Plenty of people who code for a living are scrambling to add AI prompt engineering and […]
Microsoft Warns of Critical Bugs Being Exploited in the Wild
Patch Tuesday: Redmond’s security response team flags two vulnerabilities — CVE-2023-36033 and CVE-2023-36036 — already being exploited in the wild. The post Microsoft Warns of Critical Bugs Being Exploited in the Wild appeared first on SecurityWeek.
How transportation agencies can maximize infrastructure investments with network modernization
Across roads, highways, rails, and airports, federal, state and local transit authorities are rolling out new digital infrastructure to enhance safety and make transportation more efficient. The deployment of Internet of Things (IoT) devices, smart cameras, lidar systems and other sensors is designed to increase awareness of traffic and surface conditions, so officials can more […]
How 5G is driving big innovations in healthcare for veterans
The nation’s largest healthcare system, the Veterans Health Administration (VHA) strives to deliver the same high-quality standard of care for the 9 million veterans it serves each year, regardless of health status or location. Fulfilling that goal is tough for an organization with over 1,300 facilities, but the VHA has learned that using the right technology can […]
The network is your office intelligence center
You can’t manage what you can’t measure, and your network is more than a data conduit—it’s your office intelligence center. As an IT decision maker, it’s up to you to transform your network for the future so it can anticipate worker needs, reduce energy usage, reinforce security, and deliver real-time data for a faster path […]
Protected Virtual Machines Exposed to New ‘CacheWarp’ AMD CPU Attack
CacheWarp is a new attack method affecting a security feature present in AMD processors that can pose a risk to virtual machines. The post Protected Virtual Machines Exposed to New ‘CacheWarp’ AMD CPU Attack appeared first on SecurityWeek.
Zip Raises $7.7 Million to Expand SMB Cybersecurity Business
New York City and Washington DC-based startup Zip Security raised $7.7 million seed financing led by General Catalyst, co-led by Human Capital, and with participation from Box Group. The post Zip Raises $7.7 Million to Expand SMB Cybersecurity Business appeared first on SecurityWeek.
UK Cybersecurity Center Says ‘Deepfakes’ and Other AI Tools Pose a Threat to the Next Election
Britain’s cybersecurity agency said that artificial intelligence poses a threat to the country’s next election, and cyberattacks by hostile countries and their proxies are getting harder to track. The post UK Cybersecurity Center Says ‘Deepfakes’ and Other AI Tools Pose a Threat to the Next Election appeared first on SecurityWeek.
Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion
Adobe patches 72 security bugs and calls special attention to code-execution defects in the widely deployed Acrobat and Reader software. The post Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion appeared first on SecurityWeek.
9 cloud strategy questions every IT leader must answer
It’s no longer a question of whether organizations are moving to the cloud but rather how well it’s going. Cloud isn’t that shiny new object in the distance, full of possibility. It’s come down to earth — sometimes with an unexpected thud onto the wrong side of a company’s balance sheet. “There are so many […]
What is code-to-cloud security intelligence?
In the last decade, the technology industry experienced a massive shift toward the cloud where every company no matter the industry developed and deployed cloud-native applications. This pace shows no sign of stopping; we have an app economy – now bolstered by AI-led developments. Data reflects this momentum, with worldwide public cloud spending expected to […]
MySQL Servers, Docker Hosts Infected With DDoS Malware
Researchers warn attackers are targeting MySQL servers and Docker hosts to plant malware capable of launching distributed DDoS attacks. The post MySQL Servers, Docker Hosts Infected With DDoS Malware appeared first on SecurityWeek.
Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide
CISA says Royal ransomware has targeted 350 organizations to date, demanding over $275 million in ransoms. The post Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide appeared first on SecurityWeek.
Radiant Snags $15 Million for AI-Powered SOC Technology
Radiant Security gets $15 million in new financing as investors double down on early stage companies experimenting with AI technology. The post Radiant Snags $15 Million for AI-Powered SOC Technology appeared first on SecurityWeek.
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric
Siemens and Schneider Electric’s Patch Tuesday advisories for November 2023 address 90 vulnerabilities affecting their products. The post ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric appeared first on SecurityWeek.
Google Suing Cybercriminals Who Delivered Malware via Fake Bard Downloads
Google files a lawsuit against cybercriminals who delivered account-hijacking malware by offering fake Bard AI downloads. The post Google Suing Cybercriminals Who Delivered Malware via Fake Bard Downloads appeared first on SecurityWeek.
Webinar Today: Using Governance and Privilege to Gain Control Over Third-Party Access
Learn how to create more trust in your third party relationships by adding sustainable processes and tools that enable you to control access. The post Webinar Today: Using Governance and Privilege to Gain Control Over Third-Party Access appeared first on SecurityWeek.
Top 10 API Security Threats for Q3 2023
New report provides a detailed look into the ever-changing threats targeting APIs. The post Top 10 API Security Threats for Q3 2023 appeared first on SecurityWeek.
Hacker Conversations: Chris Wysopal, AKA Weld Pond
Chris Wysopal is the founder and CTO of Veracode. Two decades ago, he was better known as Weld Pond, a member of the hacker collective L0pht Heavy Industries. The post Hacker Conversations: Chris Wysopal, AKA Weld Pond appeared first on SecurityWeek.
PyPI Packages Found to Expose Thousands of Secrets
GitGuardian discovered roughly 4,000 secrets in nearly 3,000 PyPI packages, including Azure, AWS, and GitHub keys. The post PyPI Packages Found to Expose Thousands of Secrets appeared first on SecurityWeek.
22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure
Denmark’s cybersecurity center for critical sectors shares details on a coordinated attack against the country’s energy sector. The post 22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure appeared first on SecurityWeek.
Relationship management: The unsung art of optimizing IT teams
Success for an IT leader requires mastering a wide range of skills. One must have technical acumen and business savvy, be a great communicator and problem-solver, and know how to secure funding and capitalize on it. But getting the most out of IT staff and unleashing synergies among IT teams is among the more underappreciated […]
Bringing together DevOps and mainframe security
The DevOps ecosystem of today is becoming increasingly more complex. No matter the industry, organizations are increasingly looking for ways to optimize mission-critical software development processes. Businesses are under constant pressure to adopt new processes and platforms to achieve the goals set out by business leaders. As development teams grapple with the challenge of modernizing […]
4 steps to connect change management and DevOps
It’s no secret that companies are committing to DevOps. In fact, according to a recent survey, three-quarters of leaders have adopted DevOps into their operations. DevOps delivers speed and agility to the development process. By cross-training operations and engineering, development teams can move faster through better collaboration, making continuous integration and continuous delivery (CI/CD) a reality for […]
Getting the most out of open source without sacrificing security
Open source has seen a great deal of momentum among mainframers, making collaboration easier and providing greater transparency. But for all of its benefits, open source is not without risks. By its very nature, open-source code is accessible to whoever wants to see it—including potential attackers. That means an attacker looking to crack into an […]
Where do IT leaders stand on securing the mainframe?
Mainframes are a critical piece of the technology infrastructure for countless enterprises. They are leveraged by 71% of Fortune 500 companies, which emphasizes just how pivotal they are in large-scale business operations. Whether it’s buying groceries, making a bank transfer, or booking a flight, the mainframe is powering how consumers interact with organizations and is […]
12 strategic tips CIOs can learn from tech vendor CTOs
The changing landscape of IT, driven by rapid advances in technology and digital transformation, has seen a shift in CIOs’ responsibilities and challenges. CIOs are increasingly doing more software development and technology-focused work as part of their digital transformations, making the adage “every company is a software company” more of a truism with each digital […]
The retail edge: Where data powers game-changing customer experiences
The future of retail is omnichannel The last three or four years have changed retail forever. The growth rate for online purchases spiked to 32% in 2020 and has continued to grow by double digits since then.1 But despite some of the benefits of online sales, this isn’t all good news for retailers. Online shopping […]
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party
Dragos finds no evidence of a data breach after the BlackCat ransomware group claimed to have hacked the security firm via a third party. The post Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party appeared first on SecurityWeek.
Ransomware Group RansomedVC Closes Shop
The ransomware and data extortion group RansomedVC announced plans to shut down the project and sell parts of its infrastructure. The post Ransomware Group RansomedVC Closes Shop appeared first on SecurityWeek.
2.2 Million Impacted by Data Breach at McLaren Health Care
McLaren Health Care is informing roughly 2.2 million individuals of a data breach impacting their personal information. The post 2.2 Million Impacted by Data Breach at McLaren Health Care appeared first on SecurityWeek.
Ransomware Group Leaks Files Allegedly Stolen From Boeing
The LockBit ransomware group has leaked gigabytes of files allegedly stolen from the systems of aerospace giant Boeing. The post Ransomware Group Leaks Files Allegedly Stolen From Boeing appeared first on SecurityWeek.
Operations at Major Australian Ports Significantly Disrupted by Cyberattack
A cyberattack on Australian shipping giant DP World, which may have been a ransomware attack, has resulted in serious disruptions at major ports. The post Operations at Major Australian Ports Significantly Disrupted by Cyberattack appeared first on SecurityWeek.
Mr. Cooper Says Customer Data Compromised in Cyberattack
US mortgage giant Mr. Cooper announced that customer data was compromised in an October 31 cyberattack. The post Mr. Cooper Says Customer Data Compromised in Cyberattack appeared first on SecurityWeek.
10 digital transformation roadblocks — and 5 tips for overcoming them
In today’s fast-paced business world, companies are striving to harness the power of digital technologies to reinvent their operations, enhance customer experiences, drive innovation, and thereby create value for stakeholders. But the hard truth is that many digital initiatives fail to deliver results. Transformation efforts can be derailed for any number of reasons, but there […]
Yellen Says Ransomware Attack on China’s Biggest Bank Minimally Disrupted Treasury Market Trades
A ransomware attack that forced China’s biggest bank to take some systems offline only minimally disrupted the U.S. Treasury market. The post Yellen Says Ransomware Attack on China’s Biggest Bank Minimally Disrupted Treasury Market Trades appeared first on SecurityWeek.
Huawei’s Vision for Intelligent Networking Unveiled at GITEX Global 2023
GITEX Global 2023 witnessed Huawei’s impactful presence, as the tech giant delved into the future of intelligent networking. Under the theme of “Intelligent Cloud-Network, Accelerating Industry Intelligence,” Huawei’s data communication session showcased their vision for the future of networking, addressing the need for high-quality, ultra-fast connections and intelligent solutions. Huawei Datacom Booth Huawei As digital-first […]
Cavelo Raises CA$5 Million for Attack Surface Management Platform
Cavelo has raised CA$5 million (~US$3.6 million USD) to help organizations comply with data protection regulations. The post Cavelo Raises CA$5 Million for Attack Surface Management Platform appeared first on SecurityWeek.
In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying
Noteworthy stories that might have slipped under the radar: EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying. The post In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying appeared first on SecurityWeek.
Intel Sued Over ‘Downfall’ CPU Vulnerability
A class action lawsuit has been filed against Intel over its handling of CPU speculative execution vulnerabilities, with a focus on Downfall. The post Intel Sued Over ‘Downfall’ CPU Vulnerability appeared first on SecurityWeek.
France, UK Seek Greater Regulation of Commercial Spyware
France and the UK are calling for greater regulation of commercial surveillance software in the wake of recent Pegasus and Predator spyware scandals. The post France, UK Seek Greater Regulation of Commercial Spyware appeared first on SecurityWeek.
US Government Issues Guidance on SBOM Consumption
CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security. The post US Government Issues Guidance on SBOM Consumption appeared first on SecurityWeek.
1.3 Million Maine Residents Impacted by MOVEit Hack
The State of Maine says the personal information of 1.3 million individuals was compromised in the MOVEit attack. The post 1.3 Million Maine Residents Impacted by MOVEit Hack appeared first on SecurityWeek.
Ransomware Attack on China’s Biggest Bank Disrupts Treasury Market Trades, Reports Say
A ransomware attack on China’s biggest bank, the Industrial and Commercial Bank of China Financial Services, disrupts Treasury market trades. The post Ransomware Attack on China’s Biggest Bank Disrupts Treasury Market Trades, Reports Say appeared first on SecurityWeek.
How Synchrony helps veterans become IT leaders
Many veterans transitioning from military to civilian life have all the fundamentals necessary to make their mark in IT. Transferable skills gained from technology and operations roles in service and strong leadership skills from their military background make veterans a valuable talent pool for IT organizations looking for future IT leaders and dependable, skilled IT […]
4 ways ICA rebuilds and cleans up IT
During the pandemic, e-commerce quickly became the focus of large food chains. ICA, with about 1,300 stores and a 36% market share, was no exception, and in Q2 of 2020, while stay-at-home mandates were enacted, its e-commerce increased by 165%. Now e-commerce has slowed down and in-person purchasing patterns are recovering. In addition, ICA has […]
How the new AI executive order stacks up: B-
The White House’s new executive order, “Safe, Secure, and Trustworthy Artificial Intelligence,” is poised to usher in a new era of national AI regulation, focusing on safety and responsibility across the sector. But will it? The executive order represents the U.S. government’s opening salvo in creating a comprehensive regulatory framework for AI, applicable both in […]
Tidal Cyber Raises $5 Million for Threat-Informed Defense Platform
The Washington, DC startup is building a threat-informed defense platform that helps organizations automate detection and response work. The post Tidal Cyber Raises $5 Million for Threat-Informed Defense Platform appeared first on SecurityWeek.
Medical Company Fined $450,000 by New York AG Over Data Breach
A medical company has been fined $450,000 by the New York AG over a data breach that may have involved exploitation of a SonicWall vulnerability. The post Medical Company Fined $450,000 by New York AG Over Data Breach appeared first on SecurityWeek.
Securing your AI-powered network transformation: A guide for C-suite leaders
Complexity is the bane of all network security teams, and they will attest that the more dashboards, screens, and manual integration they must juggle, the slower their response time. It need not be complex, it need not be disjointed, nor does it need to require adroitness in the art of juggling. Your network makes engagement […]
Generative AI: now is the time to ‘learn by doing’
By Bryan Kirschner, Vice President, Strategy at DataStax Today, we’re all living in a world in which “humans with machines will replace humans without machines”—for the second time. The first time around, smartphone apps became ubiquitous and indispensable machines that just about everyone uses to get things done. This time, generative AI applications will become […]
Major ChatGPT Outage Caused by DDoS Attack
ChatGPT and its API have experienced a major outage due to a DDoS attack apparently launched by Anonymous Sudan. The post Major ChatGPT Outage Caused by DDoS Attack appeared first on SecurityWeek.
‘BlazeStealer’ Malware Delivered to Python Developers Looking for Obfuscation Tools
Checkmarx uncovers a malicious campaign targeting Python developers with malware that takes over their systems. The post ‘BlazeStealer’ Malware Delivered to Python Developers Looking for Obfuscation Tools appeared first on SecurityWeek.
Japan Aviation Electronics Targeted in Ransomware Attack
Japan Aviation Electronics confirms cyberattack as Alphv/BlackCat ransomware group publishes allegedly stolen data. The post Japan Aviation Electronics Targeted in Ransomware Attack appeared first on SecurityWeek.
Risk Ledger Raises £6.25 Million for Supply Chain Security Solution
UK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks. The post Risk Ledger Raises £6.25 Million for Supply Chain Security Solution appeared first on SecurityWeek.
In transition: How Kyndryl’s CIO weaned the company off IBM’s systems
For Kyndryl CIO Michael Bradshaw, the clock started ticking in November 2021 when the former managed infrastructure services division of IBM was spun out as a separate entity and given two years to disentangle its IT systems from IBM’s. “We had a 24-month transition services agreement,” he says. With that deadline came a dilemma: “Do […]
Chief AI officer: What it takes to land the C-suite’s hottest new job
As countless organizations race to investigate or adopt artificial intelligence technologies, many are building out an AI skilled workforce. That includes the decision to appoint or hire a chief artificial intelligence officer (CAIO). Indeed, new research from Foundry finds that 11% of midsize to large organizations have already designated such an individual in the role, […]
SysAid Zero-Day Vulnerability Exploited by Ransomware Group
CVE-2023-47246 zero-day vulnerability in SysAid IT service management software has been exploited by Cl0p ransomware affiliates. The post SysAid Zero-Day Vulnerability Exploited by Ransomware Group appeared first on SecurityWeek.
CISA Says SLP Vulnerability Allowing Amplified DoS Attacks Exploited in the Wild
CISA says an SLP vulnerability allowing for a DoS amplification factor of 2,000 is being exploited in attacks. The post CISA Says SLP Vulnerability Allowing Amplified DoS Attacks Exploited in the Wild appeared first on SecurityWeek.
Russian Hackers Used Novel OT Attack to Disrupt Ukrainian Power Amid Mass Missile Strikes
Mandiant says Russia’s Sandworm hackers used a novel OT attack to cause power outages that coincided with mass missile strikes on critical infrastructure across Ukraine. The post Russian Hackers Used Novel OT Attack to Disrupt Ukrainian Power Amid Mass Missile Strikes appeared first on SecurityWeek.
Why you must extend Zero Trust to public cloud workloads
Today, many organizations are embracing the power of the public cloud by shifting their workloads to them. A recent study shows that 98% of IT leaders 1 have adopted a public cloud infrastructure. Additionally, 58% of these organizations use between two and three public clouds, indicating a growing trend toward multi-cloud environments. It is estimated […]
Protecto Joins Cadre of Startups in AI Data Protection Space
Silicon Valley startup is pitching APIs to help organizations protect data and ensure compliance throughout the AI deployment lifecycle. The post Protecto Joins Cadre of Startups in AI Data Protection Space appeared first on SecurityWeek.
GitHub Enhances Security Capabilities With AI
GitHub adds AI-powered security features to help developers identify and address code vulnerabilities faster. The post GitHub Enhances Security Capabilities With AI appeared first on SecurityWeek.
DHS Launches New Critical Infrastructure Security and Resilience Campaign
DHS launches Shields Ready, a new campaign promoting security and resilience for critical infrastructure organizations. The post DHS Launches New Critical Infrastructure Security and Resilience Campaign appeared first on SecurityWeek.
Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point
Offensive Security does not focus on discreet attacks, singular actors, or Indicators of compromise, but understands the entirety of both sides of the battlefield. The post Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point appeared first on SecurityWeek.
Long and winding railroad – heading for the cloud
On a recent bicycle ride with friends, I was stopped at a railroad crossing waiting for a long freight train. It was an iconic American experience to witness. It allowed me to catch my breath as I counted the 148 railcars, winding their way across the county connecting their freight to the next step on […]
Sumo Logic Urges Users to Change Credentials Due to Security Breach
Cloud monitoring and SIEM firm Sumo Logic is urging users to rotate credentials following the discovery of a security breach. The post Sumo Logic Urges Users to Change Credentials Due to Security Breach appeared first on SecurityWeek.
FBI Highlights Emerging Initial Access Methods Used by Ransomware Groups
FBI warns that ransomware operators continue to abuse third-party vendors and services as an attack vector. The post FBI Highlights Emerging Initial Access Methods Used by Ransomware Groups appeared first on SecurityWeek.
Marina Bay Sands Discloses Data Breach Impacting 665k Customers
Singapore’s Marina Bay Sands luxury resort has disclosed a data breach impacting the information of 665,000 customers. The post Marina Bay Sands Discloses Data Breach Impacting 665k Customers appeared first on SecurityWeek.
How a tech model at Univeris fosters team building with empathy
Founded in 1991 and headquartered in Toronto, Univeris has over $450 billion in assets under administration in 12 countries. And with tech as a central enabler, Manas Khanna, the company’s associate VP of global technology operations, has a complex, dynamic, and ever evolving portfolio to manage, including all aspects of infrastructure and its operations, SaaS […]
Principal Financial unifies IT to lay foundation for growth
For companies whose business units have traditionally operated independently, centralizing IT operations under one strategy can reap significant benefits — especially when it comes to offering a holistic customer experience and establishing a unified data foundation for leveraging the latest emerging technologies. That’s where EVP and CIO Kathy Kay found herself in coming to Principal […]
Many CIOs are better equipped to combat rising IT costs. Are you?
Inflation may have dropped from its high in 2022, but the price pressures on IT budgets have continued unabated. Rising prices have imposed tough challenges on IT budgets, operations and staffing, especially for global organizations with operations in countries where inflation has been running high, such as Poland (10%), India (8%) or Turkey (50%). While […]
Dropper Service Bypassing Android Security Restrictions to Install Malware
ThreatFabric warns of a dropper service bypassing recent Android security restrictions to install spyware and banking trojans. The post Dropper Service Bypassing Android Security Restrictions to Install Malware appeared first on SecurityWeek.
Guarding the gates: a look at critical infrastructure security in 2023
With 2022 now in our rearview mirror, we still reflect on a time marked by global upheavals, like the Russia – Ukraine war, to the skyrocketing energy prices and global inflation. The impact of these disruptions reverberated worldwide, reaching beyond just our economy. These global events have also underscored the crucial significance of safeguarding our […]
10 essential tips for bolstering cloud security in your business
The business world is rapidly continuing its digital transformation and relying on cloud-based solutions. This makes it more critical than ever to adopt strong security measures to protect sensitive information and infrastructure. However, while cloud computing offers benefits like improved efficiency, scalability, and accessibility, it poses new security challenges. Organizations must adopt proactive security strategies […]
Generative AI hallucinations: What can IT do?
Generative AI adoption is growing in the workplace—and for good reason. Studies indicate the potential for significant productivity gains: workers saw some writing projects speed up by 40% in a study released by Science and developers were able to complete certain tasks up to 30% faster according to McKinsey research. But the double-edged sword to […]
Critical Vulnerabilities Expose Veeam ONE Software to Code Execution
Veeam Software has rolled out patches to cover code execution vulnerabilities in its Veeam ONE IT monitoring product. The post Critical Vulnerabilities Expose Veeam ONE Software to Code Execution appeared first on SecurityWeek.
Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study
Foreign threat actors can easily obtain sensitive information on US military members from data brokers, a Duke University study shows. The post Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study appeared first on SecurityWeek.
Salesforce Automotive Cloud adds Einstein Studio, Fleet Management
Salesforce is adding AI, telematics and a host of other capabilities to beef up Salesforce Automotive Cloud, built on the company’s Customer 360 cloud-based CRM platform and released last year as a dedicated system to help automakers better connect with dealers and end consumers. Features that are generally available now include Einstein Studio and Fleet […]
Free Tool Helps Industrial Organizations Find OPC UA Vulnerabilities
A new free tool named OpalOPC helps industrial organizations find OPC UA misconfigurations and vulnerabilities. The post Free Tool Helps Industrial Organizations Find OPC UA Vulnerabilities appeared first on SecurityWeek.
New MacOS Malware Linked to North Korean Hackers
New macOS malware, tracked by Jamf as ObjCShellz, is likely being used by North Korean hackers to target crypto exchanges The post New MacOS Malware Linked to North Korean Hackers appeared first on SecurityWeek.
Myrror Security Emerges From Stealth Mode With $6 Million in Funding
Myrror Security emerges from stealth mode to disrupt supply chain attacks with binary-to-source code analysis. The post Myrror Security Emerges From Stealth Mode With $6 Million in Funding appeared first on SecurityWeek.
37 Vulnerabilities Patched in Android With November 2023 Security Updates
The Android security updates released this week resolve 37 vulnerabilities, including a critical information disclosure bug. The post 37 Vulnerabilities Patched in Android With November 2023 Security Updates appeared first on SecurityWeek.
Federal Push for Secure-by-Design: What It Means for Developers
Secure-by-design is clearly important to the federal government, and there is a strong possibility that it will become a regulatory requirement for the critical industries enforced through an Executive Order. The post Federal Push for Secure-by-Design: What It Means for Developers appeared first on SecurityWeek.
Narrowing the Focus of AI in Security
AI can truly disrupt all elements of the SOC and provide an analyst with 10x more data and save 10x more time than what currently exists. The post Narrowing the Focus of AI in Security appeared first on SecurityWeek.
Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals
Five Canadian hospitals have confirmed a ransomware attack as data allegedly stolen from them was posted online. The post Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals appeared first on SecurityWeek.
What is Kyndryl? IBM’s managed infrastructure services spin-off explained
Kyndryl separated from IBM in November 2021 to become a standalone business focused on managed infrastructure services. Over time, it’s taken advantage of its freedom to introduce new services and work with new partners. What does Kyndryl do? Essentially, Kyndryl does exactly what the managed infrastructure services unit of IBM’s Global Technology Services segment did: […]
Breaking down data silos for digital success
For years, IT and business leaders have been talking about breaking down the data silos that exist within their organizations. Given the importance of sharing information among diverse disciplines in the era of digital transformation, this concept is arguably as important as ever. In fact, as companies undertake digital transformations, usually the data transformation comes […]
The CIO’s fatal flaw: Too much leadership, not enough management
“He’s a manager, not a leader,” my source explained to me, referring to the CIO in a disparaging tone of voice. I followed up with a few dozen more 360-degree interviews — translation: I talked with a lot of different people — and confirmed the diagnosis. Except for one thing: The CIO’s focus on management […]
Cybersecurity M&A Roundup: 31 Deals Announced in October 2023
Thirty-one cybersecurity-related merger and acquisition (M&A) deals were announced in October 2023. The post Cybersecurity M&A Roundup: 31 Deals Announced in October 2023 appeared first on SecurityWeek.
Travelers to Acquire Cyberinsurance Firm Corvus for $435 Million
Property and casualty insurance giant Travelers has entered into an agreement to acquire Corvus Insurance Holdings for approximately $435 million. The post Travelers to Acquire Cyberinsurance Firm Corvus for $435 Million appeared first on SecurityWeek.
Palo Alto to Acquire Talon, Intensifying Competition in Cloud Data Security
Technology powerhouse Palo Alto Networks is officially on a billion-dollar shopping spree in the cloud data security space. The post Palo Alto to Acquire Talon, Intensifying Competition in Cloud Data Security appeared first on SecurityWeek.
American Airlines Pilot Union Recovering After Ransomware Attack
The Allied Pilots Association is restoring its systems after a file-encrypting ransomware attack. The post American Airlines Pilot Union Recovering After Ransomware Attack appeared first on SecurityWeek.
US Sanctions Russian National for Helping Ransomware Groups Launder Money
The US Treasury has sanctioned Ekaterina Zhdanova for laundering money on behalf of cybercriminals and Russian elites. The post US Sanctions Russian National for Helping Ransomware Groups Launder Money appeared first on SecurityWeek.
‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks
Glibc vulnerability affecting major Linux distributions and tracked as Looney Tunables exploited in cloud attacks by Kinsing group. The post ‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks appeared first on SecurityWeek.
Iranian APT Targets Israeli Education, Tech Sectors With New Wipers
The Iran-linked APT Agrius has been targeting higher education and technology organizations in Israel with new wipers. The post Iranian APT Targets Israeli Education, Tech Sectors With New Wipers appeared first on SecurityWeek.
Exploitation of Critical Confluence Vulnerability Begins
Threat actors have started exploiting a recent critical vulnerability in Confluence Data Center and Confluence Server. The post Exploitation of Critical Confluence Vulnerability Begins appeared first on SecurityWeek.
Employee engagement: 10 best practices for improving your culture
When employees disengage from work — often called quiet quitting — it starts a ripple effect that can damage everything from their career trajectory to your team, company, and the global economy. Gallup estimates that this phenomenon cost the economy $7.8 trillion in 2022. What is employee engagement? Employee engagement is the feeling of connection, […]
The RACI matrix: Your blueprint for project success
Having managed and rescued dozens of projects, and helped others do so, I’ve noted that there is always one critical success factor (CSF) that has either been effectively addressed or missed/messed up: clarity around the roles and responsibilities for each project participant and key stakeholder. No matter how detailed and complete a project plan may be […]
IT leader’s survival guide: 8 tips to thrive in the years ahead
Managers looking toward 2024 and beyond certainly have a full plate. Decisions around game-changing current and future technology require decisive action and possible investment to remain competitive. In addition to the usual technology considerations, economic, geopolitical, and supply-chain issues all compete for attention as IT leaders look to keep their organizations growing amid turbulent times. […]
A Cyber Breach Delays Poll Worker Training in Mississippi’s Largest County Before the Statewide Vote
Election officials in Mississippi’s most populous county had to scramble to complete required poll worker training after an early September breach involving county computers. The post A Cyber Breach Delays Poll Worker Training in Mississippi’s Largest County Before the Statewide Vote appeared first on SecurityWeek.
Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent
Microsoft says four Exchange ‘zero-days’ disclosed by ZDI have either already been patched or they don’t require immediate attention. The post Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent appeared first on SecurityWeek.
Low-code: An Accelerator for Digital Transformation
Digital transformation is expected to be the top strategic priority for businesses of all sizes and industries, yet organisations find the transformation journey challenging due to digital skill gap, tight budget, or technology resource shortages. Amidst these challenges, organisations turn to low-code to remain competitive and agile. Taking the programmer out of software development, low-code […]
How AI can drive efficiencies in your supply chain
Companies are leveraging artificial intelligence to drive up supply chain resilience, as issues such as materials shortages and natural disasters threaten business stability. Enterprises across industries will increasingly use AI for tasks such as answering complex procurement questions, which will in turn improve supply chain efficiency. “Supply relationship management will enter an entirely new phase […]
Mortgage Giant Mr. Cooper Shuts Down Systems Following Cyberattack
Mr. Cooper suspends operations, including payments, after a cyberattack forced it to take systems offline. The post Mortgage Giant Mr. Cooper Shuts Down Systems Following Cyberattack appeared first on SecurityWeek.
Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop
Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop. The post Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop appeared first on SecurityWeek.
In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach
Noteworthy stories that might have slipped under the radar: US airport taxi hacking by Russians, Stanford ransomware attack, and post-quantum crypto guidance. The post In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach appeared first on SecurityWeek.
North Korean Hackers Use New ‘KandyKorn’ macOS Malware in Attacks
Security researchers uncover new macOS and Windows malware associated with the North Korea-linked Lazarus Group. The post North Korean Hackers Use New ‘KandyKorn’ macOS Malware in Attacks appeared first on SecurityWeek.
Apache ActiveMQ Vulnerability Exploited as Zero-Day
The recently patched Apache ActiveMQ vulnerability tracked as CVE-2023-46604 has been exploited as a zero-day since at least October 10. The post Apache ActiveMQ Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Cyberattack Disrupts Ace Hardware’s Operations
Cyberattack cripples Ace Hardware’s internal systems, resulting in shipment delays, suspended online orders. The post Cyberattack Disrupts Ace Hardware’s Operations appeared first on SecurityWeek.
Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday
SEC charges SolarWinds and its CISO over cybersecurity and risk handling practices before the massive hack that came to light in late 2020. The post Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday appeared first on SecurityWeek.
Atlassian Issues Second Warning on Potential Exploitation of Critical Confluence Flaw
Atlassian warns that ‘critical information’ released on the Confluence bug CVE-2023-22518 increases the risk of exploitation. The post Atlassian Issues Second Warning on Potential Exploitation of Critical Confluence Flaw appeared first on SecurityWeek.
What Duxbury Networking’s CIO does to balance head with heart
What keeps IT leaders up at night covers a broad range of issues including improving overall IT performance, data security, process risk and compliance, and meeting needs to improve business agility. For Shamiel Kimmie, Duxbury Networking’s CIO, a few of these make his list, as well as addressing talent shortages, managing relationships with his C-level peers, and […]
Burnout: An IT epidemic in the making
Burnout is quickly becoming a widespread problem for IT organizations. The wake of the COVID-19 pandemic, mass tech industry layoffs, and the demand to keep pace with constantly evolving technology are all prominent factors contributing to a state of exhaustion among IT pros, according to industry surveys. For IT leaders aware of the impact burnout […]
CIOs sharpen cloud cost strategies — just as gen AI spikes loom
Cloud costs remain a key concern for IT leaders, who find themselves nearing a crossroads where expenditures for core workloads will need containment to free up spend for innovation. To be sure, enterprise cloud budgets continue to increase, with IT decision-makers reporting that 31% of their overall technology budget will go toward cloud computing and […]
When least privilege is the most important thing
In the ever-evolving realm of information security, the principle of Least Privilege stands out as the cornerstone of safeguarding sensitive data. However, this fundamental concept, emphasizing limited access to resources and information, has been progressively overlooked, placing our digital ecosystems at greater risk. First, let’s define our terms. The principle of least privilege (PoLP) is […]
After Major Cloud Hacks, Microsoft Unveils ‘Secure Future Initiative’
In response to a spate of embarrassing hacks, Redmond pushes ‘Secure Future Initiative’ promising faster cloud patches, better management of identity signing keys and products with a higher default security bar. The post After Major Cloud Hacks, Microsoft Unveils ‘Secure Future Initiative’ appeared first on SecurityWeek.
Your biggest barriers to digital transformation aren’t technical…they’re cultural
As an infrastructure and security practitioner with nearly 30 years of experience, I’ve witnessed periods of rapid change in the technology landscape. However, I have seen a lot of things stay practically the same. Historically, our jobs as infrastructure and security professionals have involved installing the “plumbing” that ensures organizations remain connected through traditional networking […]
Xage Targets New Markets with $20 Million Investment
Silicon Valley startup snags $20 million in new capital and announced plans to expand beyond traditional IT environments. The post Xage Targets New Markets with $20 Million Investment appeared first on SecurityWeek.
FusionAuth Snags $65 Million Investment for Customer Identity Tech
Colorado startup raises new capital from Updata Partners to build out its customer authentication and authorization technology. The post FusionAuth Snags $65 Million Investment for Customer Identity Tech appeared first on SecurityWeek.
Former SpaceX Engineers Get $8 Million in Funding for AI Security Firm Wraithwatch
Former SpaceX cybersecurity engineers launch Wraithwatch, an AI-based security firm that received $8 million in seed funding. The post Former SpaceX Engineers Get $8 Million in Funding for AI Security Firm Wraithwatch appeared first on SecurityWeek.
SASE success: Avoid confusion and embrace a single-vendor solution
In the recent Gartner® Hype CycleTM for Zero Trust Networking, 2023 report, which evaluates the current status of 19 of “the most relevant and hyped” zero-trust technologies, the cybersecurity industry analysts made a somewhat startling pronouncement about secure access service edge (SASE). They wrote that “SASE is in the Trough of Disillusionment, due to exaggerated marketing by many […]
Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware
A recently patched Apache ActiveMQ vulnerability tracked as CVE-2023-46604 is being exploited to deliver ransomware. The post Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware appeared first on SecurityWeek.
Is your data strategy ready for gen AI? LOB leaders may disagree
Rapid advancements in artificial intelligence (AI), particularly generative AI are putting more pressure on analytics and IT leaders to get their houses in order when it comes to data strategy and data management. Line-of-business leaders are feeling the need to move on generative AI now and are asking their technical counterparts to step on the […]
European Privacy Officials Widen Ban on Meta’s Behavioral Advertising to Most of Europe
European privacy officials have widened a ban on Meta’s “behavioral advertising” practices to most of Europe. The post European Privacy Officials Widen Ban on Meta’s Behavioral Advertising to Most of Europe appeared first on SecurityWeek.
Microsoft Temporarily Disables SketchUp Support After Discovery of 117 Vulnerabilities
Zscaler identified 117 vulnerabilities in Microsoft 365’s support for SketchUp files and bypassed initial patches. The post Microsoft Temporarily Disables SketchUp Support After Discovery of 117 Vulnerabilities appeared first on SecurityWeek.
AP News Site Hit by Apparent Denial-of-Service Attack
The Associated Press news website experienced an outage that appeared to be consistent with a denial-of-service attack. The post AP News Site Hit by Apparent Denial-of-Service Attack appeared first on SecurityWeek.
Boeing Confirms Distribution Business Hit by Cyberattack
Boeing has confirmed that parts of its distribution business were hit by a cyberattack after a ransomware group claimed to have breached the company’s systems. The post Boeing Confirms Distribution Business Hit by Cyberattack appeared first on SecurityWeek.
Rajeev Ronanki on making the leap to CEO
CEOs increasingly depend on technology as a central means of staking competitive positions, and that shift has made CIOs increasingly well-suited for the job. To be sure, a small but growing group of CIOs have already made this jump. Consider Tim Buckley, at Vanguard; Tim Spence, at Fifth Third Bank; or Jason Buechel, at WholeFoods. […]
What is data analytics? Transforming data into better decisions
What is data analytics? Data analytics is a discipline focused on extracting insights from data. It comprises the processes, tools, and techniques of data analysis and management, including the collection, organization, and storage of data. The chief aim of data analytics is to apply statistical analysis and technologies on data to find trends and solve […]
Cisco Patches 27 Vulnerabilities in Network Security Products
Cisco has released software updates to address 27 vulnerabilities in Cisco ASA, FMC, and FTD software. The post Cisco Patches 27 Vulnerabilities in Network Security Products appeared first on SecurityWeek.
SAP unveils tools to help enterprises build their own gen AI apps
SAP has unveiled new tools to build AI into business applications across its software platform, including new development tools, database functionality, AI services, and enhancements to its Business Technology Platform, BTP. The news came at SAP TechEd, its annual conference for developers and enterprise architects, this year held in Bangalore, the unofficial capital of India’s […]
A simplified view of the enterprise tech market
I hate the way enterprise IT industry analysts see the world. That’s hard for me to say as I am one of those analysts. But it’s something that I not only feel myself, but that I hear (in various forms) from tech vendors and enterprise IT execs alike — all the time. The reason the […]
FIRST Releases CVSS 4.0 Vuln Scoring Standard
The CVSS vulnerability scoring standard is refreshed to provide more data and remove ambiguities in rating the severity of downstream issues. The post FIRST Releases CVSS 4.0 Vuln Scoring Standard appeared first on SecurityWeek.
Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks
Delegates from 28 nations agreed to work together to contain the potentially “catastrophic” risks posed by galloping advances in artificial intelligence. The post Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks appeared first on SecurityWeek.
8 ways IT can help supercharge your sales team
Without revenue from sales of products or services, a business becomes little more than a hobby or a charitable organization. Building sales requires a well-equipped sales team, and in today’s digital world, that means IT must become a strong support partner. But aligning with sales leaders on transformative technology initiatives takes more than just rolling […]
Mozi Botnet Likely Killed by Its Creators
The recent shutdown of the Mozi botnet is believed to have been carried out by its creators, possibly forced by Chinese authorities. The post Mozi Botnet Likely Killed by Its Creators appeared first on SecurityWeek.
Fighting fire with…data
There is evidence to support that 2023 may be the worst wildfire season ever recorded. Earlier this year, there were over 1,140 active fires in Canada. And in August, the Hawaiian island of Maui suffered the deadliest U.S. wildfire in a century with more than 110 fatalities thus far. The first line of defense against fire […]
Supply Chain Startup Chainguard Scores $61 Million Series B
Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies. The post Supply Chain Startup Chainguard Scores $61 Million Series B appeared first on SecurityWeek.
Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges
VMware’s Threat Analysis Unit finds 34 new vulnerable kernel drivers that can be exploited to alter or erase firmware and escalate privileges. The post Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges appeared first on SecurityWeek.
Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway
Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway. The post Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway appeared first on SecurityWeek.
Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks
Check Point reports that an Iranian APT has been observed using a new malware framework in targeted attacks in the Middle East. The post Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks appeared first on SecurityWeek.
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
MITRE announces the release of ATT&CK v14, which brings enhancements related to detections, ICS, and mobile. The post MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile appeared first on SecurityWeek.
Chrome 119 Patches 15 Vulnerabilities
Chrome 119 is rolling out to Linux, macOS, and Windows users with patches for 15 vulnerabilities. The post Chrome 119 Patches 15 Vulnerabilities appeared first on SecurityWeek.
Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution
Threat actors are constantly publishing malicious NuGet packages to automatically execute code on developers’ machines. The post Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution appeared first on SecurityWeek.
DPI: Still Effective for the Modern SOC?
There has been an ongoing debate in the security industry over the last decade or so about whether or not deep packet inspection (DPI) is dead. The post DPI: Still Effective for the Modern SOC? appeared first on SecurityWeek.
SIEM and Log Management Provider Graylog Raises $39 Million
Graylog secured $39 million in funding to accelerate product development and scale its go-to-market operations. The post SIEM and Log Management Provider Graylog Raises $39 Million appeared first on SecurityWeek.
Cutting-Edge AI Raises Fears About Risks to Humanity. Are Tech and Political Leaders Doing Enough?
Many people are raising the alarm about AI’s as-yet-unknown dangers and calling for safeguards to protect people from its existential threats. The post Cutting-Edge AI Raises Fears About Risks to Humanity. Are Tech and Political Leaders Doing Enough? appeared first on SecurityWeek.
CIOs still grapple with what gen AI can do for the enterprise
Most CIOs have begun exploring generative AI to make sure they stay relevant. But many are finding that the technology on the market doesn’t yet live up to the hype. “After experimenting with both GitHub copilot and ChatGPT for over six months, I’m amazed by the pace at which generative AI is evolving,” says Yves […]
Digital pragmatism at Volvo means more control and less agile
The automotive industry keeps accelerating into the technological switch to electric engines, and all efforts at Volvo Cars point to a clear ambition to be a clear frontrunner. Such a seismic shift also creates a different dynamic in the market, with a fundamentally simpler technical platform compared to internal combustion engines. As a result, many […]
Former British Cyberespionage Agency Employee Gets Life in Prison for Stabbing an American Spy
Former British cyberespionage agency employee was sentenced in a London court for attempted murder, will have to serve at least 13 years in prison. The post Former British Cyberespionage Agency Employee Gets Life in Prison for Stabbing an American Spy appeared first on SecurityWeek.
Navigating Cloud Cost Complexity and Security
In the ever-evolving landscape of cloud computing, today’s leading enterprises are seeking ways to optimize their operations and enhance their security measures. Cloud costs and security are two critical aspects that every organization must carefully manage, and they are more closely intertwined than you might think. Recent VMware research reveals that 95% of organizations believe […]
Beyond DevSecOps: Why fintech companies need to consider DevSecRegOps
It’s no secret that banks and fintech companies must meet compliance and regulatory standards that are much stricter than what traditional tech companies are forced to comply with. The question becomes: How do you meet strict regulatory and compliance standards while keeping up with the rapid pace of innovation in technology? As the vice president […]
Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO
The SEC’s lawsuit against the CISO of SolarWinds is leaving CISOs across the industry spooked and reevaluating their roles. The post Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO appeared first on SecurityWeek.
Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability
Atlassian warns that a critical vulnerability in Confluence Data Center and Server could lead to significant data loss if exploited. The post Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability appeared first on SecurityWeek.
Palo Alto Networks to Acquire Cloud Security Start-Up Dig Security
Palo Alto Networks has entered into a definitive agreement to acquire Dig Security, a provider of Data Security Posture Management (DSPM) technology. The post Palo Alto Networks to Acquire Cloud Security Start-Up Dig Security appeared first on SecurityWeek.
IAM Credentials in Public GitHub Repositories Harvested in Minutes
A threat actor is reportedly harvesting IAM credentials from public GitHub repositories within five minutes of exposure. The post IAM Credentials in Public GitHub Repositories Harvested in Minutes appeared first on SecurityWeek.
Scaling security: How to build security into the entire development pipeline
When an application is finally ready for deployment, the last thing the development team wants to hear is: “Stop! There’s a security issue.” And then, after months of painstaking work, their application launch is delayed even further. That’s why Discover® Financial Service’s product security and application development teams worked together to shift security left by […]
Attackers Exploiting Critical F5 BIG-IP Vulnerability
Exploitation of a critical vulnerability (CVE-2023-46747) in F5’s BIG-IP product started less than five days after public disclosure and PoC exploit code was published. The post Attackers Exploiting Critical F5 BIG-IP Vulnerability appeared first on SecurityWeek.
Welcome to the trusted edge
The edge is where the action happens, where your employees and equipment do their work, and where customers and clients interact with your brand. It is where data is created, collected, and acted on to create a better customer experience and constituents generate immediate, essential value for your business. Edge computing can be used to […]
Extending ZTNA to Protect Against Insider Threats
One of the main reasons why ZTNA fails is that most ZTNA implementations tend to focus entirely on securing remote access. The post Extending ZTNA to Protect Against Insider Threats appeared first on SecurityWeek.
Ethics in IT: The CIO’s new business imperative
This year’s spotlight on generative AI has been one of several factors increasingly placing corporate ethics in the crosshairs. Important today, ethics will soon become foundational and existential for business. Five years from now an organization’s ability to recruit and retain top talent and design and sell profitable goods and services will depend on how […]
SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures
The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks. The post SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures appeared first on SecurityWeek.
Canada Bans WeChat and Kaspersky on Government Phones
The Chief Information Officer of Canada determined that WeChat and Kaspersky applications present an unacceptable level of risk to privacy and security. The post Canada Bans WeChat and Kaspersky on Government Phones appeared first on SecurityWeek.
Want AI? Here’s how to get your data and infrastructure AI-ready
Artificial intelligence (AI) is reshaping our world. In business, this puts CIOs in one of the most pivotal organizational roles today. CIOs are responsible for much more than IT infrastructure; they must drive the adoption of innovative technology and partner closely with their data scientists and engineers to make AI a reality–all while keeping costs […]
How Value Stream Management is fueling success at Boeing, Tyson, and Verizon
In today’s digitally transforming world, time is of the essence. Whether you’re looking to deliver a new product release, fix an issue, or enhance a service, the longer you make customers wait, the worse for your business. As you seek to boost agility and speed your organization’s digital transformation, there are some proven principles you […]
Boeing Investigating Ransomware Attack Claims
The LockBit ransomware gang claims to have stolen large amounts of data from aerospace giant Boeing. The post Boeing Investigating Ransomware Attack Claims appeared first on SecurityWeek.
Proofpoint to Acquire Tessian for AI-Powered Email Security Tech
Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails. The post Proofpoint to Acquire Tessian for AI-Powered Email Security Tech appeared first on SecurityWeek.
Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft
A 20-year-old Floridian was sentenced to prison for his role in a hacking scheme that led to the theft of $1 million in cryptocurrency. The post Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft appeared first on SecurityWeek.
Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack
Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack. The post Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack appeared first on SecurityWeek.
Apple Improves iMessage Security With Contact Key Verification
New capability detects attacks on iMessage servers and allows users to verify a conversation partner’s identity. The post Apple Improves iMessage Security With Contact Key Verification appeared first on SecurityWeek.
Hackers Earn Over $1 Million at Pwn2Own Toronto 2023
Hackers have demonstrated 58 zero-days and earned more than $1 million in rewards at Pwn2Own Toronto 2023. The post Hackers Earn Over $1 Million at Pwn2Own Toronto 2023 appeared first on SecurityWeek.
AI Safety Summit: What to expect as global leaders eye AI regulation
The AI Safety Summit, convened by the UK government, is the latest in a series of regional and global political initiatives to shape the role AI will play in society. Prime Minister Rishi Sunak sees the summit as an opportunity for the UK, sidelined since its departure from the European Union, to create a role […]
Biden Wants to Move Fast on AI Safeguards and Will Sign an Executive Order to Address His Concerns
President Joe Biden on Monday will sign a sweeping executive order to guide the development of artificial intelligence — requiring industry to develop safety and security standards, and introducing new consumer protections. The post Biden Wants to Move Fast on AI Safeguards and Will Sign an Executive Order to Address His Concerns appeared first on […]
Whistleblowers: Should CISOs Consider Them a Friend or Foe?
Are whistleblowers traitors to the company, a danger to corporate brand image, and a form of insider threat? Or are they an early warning safety valve that can be used to strengthen cybersecurity and compliance? The post Whistleblowers: Should CISOs Consider Them a Friend or Foe? appeared first on SecurityWeek.
Why adaptability is the new digital transformation
The past decade in IT has been all about digital transformation. Under the aegis of digital transformation, IT initiatives have become more customer-centric, with a greater emphasis on people, not technology — all in an effort to redefine how the organization operates and to ensure it can keep up with the pace of change, capable […]
The rise of the chief transformation officer
Like so many IT leaders, Richard Wiedenbeck wears multiple hats. Yet unlike his peers, Wiedenbeck’s dual roles — the top technology executive as well as the transformation lead at Ameritas — are often at odds. As chief technology officer, Wiedenbeck is driving automation and IT modernization to reduce complexity and technical debt. In his chief […]
Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner. The post Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools appeared first on SecurityWeek.
In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Noteworthy stories that might have slipped under the radar: Ex-NSA employee spying for Russia, EU threat landscape report, cyber education funding The post In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding appeared first on SecurityWeek.
F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP
A critical-severity vulnerability in F5 BIG-IP CVE-2023-46747 allows unauthenticated attackers to execute code remotely. The post F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP appeared first on SecurityWeek.
UN Chief Appoints 39-Member Panel to Advise on International Governance of Artificial Intelligence
U.N. Secretary-General António Guterres assembled a global advisory panel to report on international governance of artificial intelligence and its risks, challenges and key opportunities. The post UN Chief Appoints 39-Member Panel to Advise on International Governance of Artificial Intelligence appeared first on SecurityWeek.
16 best entry-level IT certifications to launch your career
Certifications give your resume more credibility and can make you more marketable to recruiters and hiring managers. And at the entry-level, they’re a great way to stand out from other candidates — and even boost your pay. As you grow in your career, you’ll want to consider more advanced certifications to continue your professional development. By […]
Lufthansa’s digital future takes flight with ‘Digital Hangar’
In June, the Lufthansa Group’s Digital Hangar touched down in Barcelona. A new business unit, which also has hubs in Brussels, Frankfurt, Gdansk, Vienna, and Zurich, Digital Hangar was founded in September 2022 with the aim to create the world’s best-connected travel experience, incorporating both in-person and digital services. Each Hangar houses agile coaches, business […]
AWS revenue growth stabilizes with a boost from generative AI-led services
AWS posted a stable 12% revenue growth in the third quarter of 2023 buoyed by demand for generative AI-led services, despite customers trying to optimize their cloud spending. For the last few sequential quarters, revenue growth for AWS has been on a constant decline. The 12% growth in the September quarter is a sign of […]
With generative AI, IT must deliver knowledge…not just technology
You don’t have to look further than recent headlines to know generative AI has garnered outsized attention in 2023. And for good reason. GenAI has been estimated to increase skilled worker performance by up to 40% with the potential to add trillions of dollars in value to the global economy. This is because GenAI brings […]
What IT executives are saying about vendor consolidation
As the tech economy has adjusted to the current economic environment, there has been a great deal of debate in both the vendor and investor communities about vendor consolidation. While there is little doubt that companies have been cutting back on expenses generally in response to economic uncertainty, startups in particular have been feeling the […]
Why IT needs to be in the driver’s seat with generative AI
It wasn’t that long ago that the cloud transformed the IT world. For some, this transformation played to their strengths. Others took it as a wake-up call. After all, the swipe-your-credit-card-and-go era demonstrated that developers could leap-frog procurement cycles to gain access to what they desired: abundant access to cloud resources. Either way, IT ultimately […]
Run Generative AI on-premises, with a cloud experience
IT leaders are grappling with a critical question as they seek to deploy generative AI workloads today: Is it better for my business to run GenAI applications in the public cloud or on-premises? The question inspires spirited debate from both sides of the hosting aisle. Most IT leaders say, “It depends.” True, but it also […]
Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data
Mirth Connect versions prior to 4.4.1 are vulnerable to CVE-2023-43208, a bypass for an RCE vulnerability. The post Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data appeared first on SecurityWeek.
AI Security Firm Cranium Raises $25 Million
AI cybersecurity firm Cranium has raised $25 million in Series A funding, which brings the total investment in the company to $32 million. The post AI Security Firm Cranium Raises $25 Million appeared first on SecurityWeek.
Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023
Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023. The post Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023 appeared first on SecurityWeek.
CISA, HHS Release Cybersecurity Healthcare Toolkit
CISA and the HHS have released resources for healthcare and public health organizations to improve their security. The post CISA, HHS Release Cybersecurity Healthcare Toolkit appeared first on SecurityWeek.
iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones
New iLeakage side-channel speculative execution attack exploits Safari to steal sensitive information from Macs and iPhones. The post iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones appeared first on SecurityWeek.
Kansas Court System Down Nearly 2 Weeks in ‘Security Incident’ That Has Hallmarks of Ransomware
Kansas is calling a massive computer outage that’s kept most of the state’s courts offline for 2 weeks a “security incident” and experts say it’s likely ransomware. The post Kansas Court System Down Nearly 2 Weeks in ‘Security Incident’ That Has Hallmarks of Ransomware appeared first on SecurityWeek.
Key Learnings from “Big Game” Ransomware Campaigns
There are key steps every organization should take to leverage threat and event data across the lifecycle of a cyber incident. The post Key Learnings from “Big Game” Ransomware Campaigns appeared first on SecurityWeek.
Weapons Systems Provide Valuable Lessons for ICS/OT Security
Cybersecurity techniques and penetration testing used in the field of weapons systems can provide valuable lessons for ICS/OT security. The post Weapons Systems Provide Valuable Lessons for ICS/OT Security appeared first on SecurityWeek.
Google Announces Bug Bounty Program and Other Initiatives to Secure AI
Google announces a bug bounty program and other initiatives for increasing the safety and security of AI. The post Google Announces Bug Bounty Program and Other Initiatives to Secure AI appeared first on SecurityWeek.
Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack
Japanese watchmaking giant Seiko has confirmed that personal information was stolen in a recent ransomware attack. The post Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Day 3 of SecurityWeek’s 2023 ICS Cybersecurity Conference — Challenges and Solutions
SecurityWeek’s 2023 ICS Cybersecurity Conference continues in Atlanta, with challenges and solutions the focus of Day 3. The post Day 3 of SecurityWeek’s 2023 ICS Cybersecurity Conference — Challenges and Solutions appeared first on SecurityWeek.
Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards
Amazon is rolling out an independent cloud for Europe as it looks to address strict regulations that companies and those in the public sector face in the European Union. The post Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards appeared first on SecurityWeek.
IBM bets on generative AI to escape economic headwinds
IBM is betting big on generative AI to escape macroeconomic headwinds and finish the fiscal year at a high. “Overall, we believe the tailwinds outweigh the headwinds, and technology spend will continue to outpace GDP. In this past quarter, we saw good revenue growth in software and consulting,” IBM CEO Arvind Krishna said during an […]
COO Marina Bellini on leading IT talent for growth
Marina Bellini’s career journey has shaped her unique perspective and leadership playbook. She started out in Big 4 consulting and then spent several decades working across three global, big-brand CPG companies. Most recently, she made the shift from CI&DO to COO at Latin America’s largest bank, Banco Itaú, where she is leading a major operating model […]
5 key leadership skills an executive coach can help you master
When a civil engineering company went through layoffs during tough economic times, its 28-year-old project manager suddenly found himself promoted to the company’s top IT role. Just a few years after doing desktop support at the same firm, he was thrust into the position of IT manager, meeting with the CEO and running the show […]
What is a business intelligence analyst? A key role for data-driven decisions
Business intelligence (BI) analysts transform data into insights that drive business value. Through use of data analytics, data visualization, and data modeling techniques and technologies, BI analysts can identify trends that can help other departments, managers, and executives make business decisions to modernize and improve processes in the organization. What does a business intelligence analyst […]
Multicloud by design simplifies your cloud experience
Challenges in APAC’s Multicloud Adoption Journey Organisations in Asia Pacific (APAC) are looking at multicloud solutions to help them navigate IT management complexity, digital skills gaps, and limited data and application visibility. After all, an effective multicloud framework offers greater platform and service flexibility by leveraging the strengths of multiple cloud environments to drive business […]
‘YoroTrooper’ Espionage Group Linked to Kazakhstan
Cisco links the espionage-focused ‘YoroTrooper’ threat actor to Kazakhstan. The post ‘YoroTrooper’ Espionage Group Linked to Kazakhstan appeared first on SecurityWeek.
Apple Ships Major iOS, macOS Security Updates
Apple patches dozens of serious security flaws in its macOS and iOS platforms, warning that hackers could launch code execution exploits. The post Apple Ships Major iOS, macOS Security Updates appeared first on SecurityWeek.
Generative AI: 5 enterprise predictions for AI and security — for 2023, 2024, and beyond
Trends/Predictions: Enterprise use of AI tools will only grow, with industries like manufacturing leading the charge Enterprises will secure AI/ML applications to stay ahead of risk Enterprises will seek visibility and intelligent access controls around AI and ML applications AI will become a key component of enterprise data protection AI will transform how enterprises understand […]
What you need to know about Okta’s security breach
On October 20, 2023, Okta Security identified adversarial activity that used a stolen credential to gain access to the company’s support case management system. Once inside the system, the hacker gained access to files uploaded by Okta customers using valid session tokens from recent support cases. As a result of using the extracted tokens from […]
How medical technology helps us live the best version of ourselves
It’s almost commonplace. Get people chatting and you will find that several of them have had, or know someone that’s having, a joint replacement. It’s all about mobility. Modern medical technology is restoring agility with artificial joints and minimally invasive procedures so we can all heal faster and live our best lives. I recently had […]
Firefox, Chrome Updates Patch High-Severity Vulnerabilities
Firefox and Chrome updates released this week resolve multiple high-severity memory safety vulnerabilities. The post Firefox, Chrome Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Hackers Earn $400k on First Day at Pwn2Own Toronto 2023
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023. The post Hackers Earn $400k on First Day at Pwn2Own Toronto 2023 appeared first on SecurityWeek.
Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day
Russian APT Winter Vivern exploits a zero-day in the Roundcube webmail server in attacks targeting European governments. The post Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day appeared first on SecurityWeek.
Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure
Mandiant’s Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in a series of eyebrow-raising attacks against targets in Guam and the United States. The post Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure appeared first […]
Part 1: Guarding against sophisticated threats: Strategies for your best defense
In the second episode of Threat Vector, Kristopher Russo, senior threat researcher at Unit 42, and David Moulton, discuss the threat landscape and take a deeper dive into the intricate workings of Muddled Libra (related to Scattered Spider and Scatter Swine). This formidable threat group poses significant challenges to telecommunications, technology and software automation industries. […]
Part 2: Guarding against sophisticated threats: Strategies for your best defense
In the second part of our deep dive into Muddled Libra’s tactics, Threat Vector welcomes Stephanie Regan, a senior consultant with Unit 42 with a law enforcement background. Regan and David Moulton, discuss the challenges Muddled Libra and other threat groups pose. Threat actors are often highly persistent and can rapidly pivot when encountering roadblocks. […]
New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding
A new project aims to make it easier for PLC programmers to implement secure coding practices by cataloging useful files and functions from each vendor. The post New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding appeared first on SecurityWeek.
What is AI’s current impact on cybersecurity?
In our inaugural episode, Michael “Siko” Sikorski, CTO and VP of Engineering and Threat Intelligence at Unit 42 answers that question and speaks to the profound influence of artificial intelligence in an interview with David Moulton, Director of thought leadership for Unit 42. What’s Sikorski’s critical concern? The pervasive integration of AI, particularly ChatGPT and […]
Censys Banks $75M for Attack Surface Management Technology
Michigan startup raises $75 million in new funding as venture capital investors bet big on attack surface management technologies. The post Censys Banks $75M for Attack Surface Management Technology appeared first on SecurityWeek.
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products
VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10. The post VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products appeared first on SecurityWeek.
Critical Infrastructure Stakeholders Gather for Day 2 of SecurityWeek’s 2023 ICS Cybersecurity Conference
SecurityWeek’s 2023 ICS Cybersecurity Conference continues in Atlanta, as hundreds of industrial cybersecurity stakeholders gather for Day 2 of the annual industrial cybersecurity conference. The post Critical Infrastructure Stakeholders Gather for Day 2 of SecurityWeek’s 2023 ICS Cybersecurity Conference appeared first on SecurityWeek.
The Cybersecurity Resilience Quotient: Measuring Security Effectiveness
The Cybersecurity Resilience Quotient empowers organizations to assess their security posture comprehensively, considering asset exposure, vulnerabilities, and criticality alongside process and network architecture and disaster recovery plans. The post The Cybersecurity Resilience Quotient: Measuring Security Effectiveness appeared first on SecurityWeek.
How Whirlpool’s CIO makes digital business models run end to end
As a household name in household goods, with annual sales of $22 billion, Whirlpool has 54 manufacturing and tech research centers worldwide, and bursts with a portfolio that includes several familiar brands including KitchenAid, Maytag, Amana, Yummly, among others. The company employs 69,000 globally as well, and Danielle Brown, the company’s SVP and CIO, has […]
3 commandments that should drive every API strategy
In the early 2000s, companies like Amazon, eBay, and Salesforce drove a trend toward standardizing interfaces among web applications. The result was a complete overhaul of how applications were developed and integrated, thanks to a growing network of open web APIs that anyone could consume. During this period, Amazon founder Jeff Bezos wrote a memo […]
Author E. Freya Williams has a Message for Tech Leaders
In May of 2021 VMware unveiled VMware Zero Carbon Committed, an initiative to encourage partners to power their data centers with renewable energy sources by 2030. To date, more than 70 of the world’s leading cloud services and solutions providers made the commitment and are working to combat climate change by radically reducing their carbon […]
Personal Information Stolen in City of Philadelphia Email Hack
The City of Philadelphia says personal, health, and financial information was stolen in a cyberattack on its email environment. The post Personal Information Stolen in City of Philadelphia Email Hack appeared first on SecurityWeek.
Top overlooked GenAI security risks for businesses
As GenAI continues to evolve, organizations of all sizes are wondering if, how, and to what extent to integrate it into their operations. Many are under pressure to show that they are adopting these new technologies and not falling behind the competition. But adding these new capabilities to your tech stack comes with a host […]
Fortifying your engineering ecosystem: The three pillars of application security
The engineering ecosystem has undergone a massive paradigm shift – more languages, more frameworks, and minimal technical or procedural barriers to adopt new technologies or implement third-party tools and frameworks. This comes as organizations are racing to ship software as quickly as possible to deliver new features and cloud applications to remain competitive. To speed […]
Empowering cyber resilience in education: Three strategies for the future
Those of us with the privilege to work in education have an opportunity to shape the next generation to be more cyberaware and make our digital world a safer place. It’s an obligation we must all take seriously. The threat environment is becoming more perilous, particularly with the growing use of artificial intelligence by hackers. […]
What do Security Operations Centers really need—today…and tomorrow
We are at a crossroads where well-funded threat actors are leveraging innovative tools, such as machine learning and artificial intelligence, while Security Operations Centers (SOCs), built around legacy technologies like security information and event management (SIEM) solutions, are failing to rise to the occasion. Organizations of all sizes need a scalable solution that keeps pace […]
Utilizing AI to defend the Black Hat NOC
This year’s Black Hat USA conference saw more than 907M threat events detected in real time, according to data collected by Palo Alto Networks. This is a staggering number that shows just how attractive the event is to threat actors – and artificial intelligence (AI) was a key driver in protecting against these attempts. With […]
Exploring the pros and cons of cloud-based large language models
The paradigm shift towards the cloud has dominated the technology landscape, providing organizations with stronger connectivity, efficiency, and scalability. As a result of ongoing cloud adoption, developers face increased pressures to rapidly create and deploy applications in support of their organization’s cloud transformation goals. Cloud applications, in essence, have become organizations’ crown jewels and developers […]
Unveiling the risks of OT systems and how to secure them
When we consider what security means for an organization, most think of needing to secure systems and devices like cloud computing instances, servers, employee workstations, and other tech commonly seen in the workplace. While these are certainly important, there are many other devices requiring protection that are hiding in plain sight. Operational technology (OT) is […]
Four things that matter in the AI hype cycle
It’s been almost one year since a new breed of artificial intelligence took the world by storm. The capabilities of these new generative AI tools, most of which are powered by large language models (LLM), forced every company and employee to rethink how they work. Was this new technology a threat to their job or […]
Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected
Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks. The post Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected appeared first on SecurityWeek.
Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches
Rockwell Automation has warned customers about the impact of the actively exploited Cisco IOS XE zero-day on its Stratix industrial switches. The post Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches appeared first on SecurityWeek.
The $64k Question: How Does AI Phishing Stack Up Against Human Social Engineers?
The Rise of AI in Phishing: Will future phishing attacks that leverage artificial intelligence be more dangerous? The post The $64k Question: How Does AI Phishing Stack Up Against Human Social Engineers? appeared first on SecurityWeek.
Generative AI and the Transformation of Everything
Generative AI is an innovation that is transforming everything. How much and in what ways is the subject of much discussion and controversy. But like many new technologies, the anxieties it creates may have more to do with fear for the future rather than how that future will be. ChatGPT and the emergence of generative […]
Adlumin Snags $70M to Boost Security for Mid-Market Firms
Adlumin, a startup working on technology to boost security for mid-market firms, has banked $70 million in new funding led by SYN Ventures. The post Adlumin Snags $70M to Boost Security for Mid-Market Firms appeared first on SecurityWeek.
University of Michigan Says Personal Information Stolen in August Data Breach
The personal information of students, applicants, alumni, and employees compromised in University of Michigan data breach. The post University of Michigan Says Personal Information Stolen in August Data Breach appeared first on SecurityWeek.
Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant
The number of Cisco devices hacked via recent zero-days remains high, but the attackers have updated their implant. The post Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant appeared first on SecurityWeek.
Canada: Lawmakers Targeted by China-Linked ‘Spamouflage’ Disinformation
Canada on warned of a “Spamouflage” disinformation campaign linked to China that used waves of online posts and deepfake videos. The post Canada: Lawmakers Targeted by China-Linked ‘Spamouflage’ Disinformation appeared first on SecurityWeek.
SecurityWeek’s 2023 ICS Cybersecurity Conference Kicks Off in Atlanta
SecurityWeek’s 2023 ICS Cybersecurity Conference kicks off in Atlanta with presentations on a wide range of topics. The post SecurityWeek’s 2023 ICS Cybersecurity Conference Kicks Off in Atlanta appeared first on SecurityWeek.
7 sins of digital transformation
As CIOs prepare for the next wave of digital transformation, they must demonstrate shorter-term business impacts from technology investments and achieve larger innovation goals that evolve the organization’s business model. But perhaps more importantly, they must learn from their previous big digital wins — and avoid repeating all-too-frequent mistakes that cause transformations to fail or […]
7 ways diversity and inclusion help teams perform better
Diversity, equity, and inclusion have become important social issues. In the wake of the George Floyd and Breonna Taylor murders of 2020, companies made massive, highly publicized efforts to correct for systemic bias and improve the mix of race, gender, and lived experiences in the workplace. According to a recent study from Pew Research, most […]
Before generative AI there was… just AI
Generative AI has been a boon for businesses, helping employees discover new ways to generate content for a range of uses. The buzz has been loud enough that you’d be forgiven for thinking that GenAI was the be all, end all of AI. Except IT leaders know better than most people that before GenAI tools […]
China Crackdown on Cyber Scams in Southeast Asia Nets Thousands but Leaves Networks Intact
Chinese authorities have netted thousands of people in a crackdown on cyber scams, but the criminal networks remain intact. The post China Crackdown on Cyber Scams in Southeast Asia Nets Thousands but Leaves Networks Intact appeared first on SecurityWeek.
Blockaid Emerges From Stealth With $33 Million Investment
Blockaid raises a Series A funding round to build technology to secure blockchain applications from hacks and scams. The post Blockaid Emerges From Stealth With $33 Million Investment appeared first on SecurityWeek.
Casio Says Personal Information Accessed in Web Application Server Hack
Hackers access the personal information of Casio customers after compromising the server for an education web application. The post Casio Says Personal Information Accessed in Web Application Server Hack appeared first on SecurityWeek.
DEAC and DLC: Delivering sustainable cloud services to the Baltics and beyond
Andris Gailitis, the CEO of European Data Center Operator DEAC and Data Logistics Center (DLC), is quick to point out that the companies’ commitment to sustainability is heartfelt and genuine. Part of Baltic Rezo, both companies provide enterprises in the Baltics, Northern Europe, and beyond with high-performance data centers and a robust suite of cloud […]
Rockwell Automation to Acquire ICS/OT Security Firm Verve Industrial
Rockwell Automation agreed to acquire ICS/OT cybersecurity firm Verve Industrial Protection to expand its offerings. The post Rockwell Automation to Acquire ICS/OT Security Firm Verve Industrial appeared first on SecurityWeek.
SolarWinds Patches High-Severity Flaws in Access Rights Manager
SolarWinds patches high-severity flaws in its Access Rights Manager product, including three unauthenticated remote code execution issues. The post SolarWinds Patches High-Severity Flaws in Access Rights Manager appeared first on SecurityWeek.
Enterprise Browser Startup Island Banks $100M in Funding
Since 2020, Island has raised a total of $325 million to help protect corporate data flowing through SaaS and internal web applications. The post Enterprise Browser Startup Island Banks $100M in Funding appeared first on SecurityWeek.
DC Board of Elections Says Full Voter Roll Compromised in Data Breach
The District of Columbia Board of Elections says full voter roll compromised in a recent data breach at hosting provider DataNet. The post DC Board of Elections Says Full Voter Roll Compromised in Data Breach appeared first on SecurityWeek.
Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
Cisco has found a second zero-day vulnerability that has been exploited in recent attacks as the number of hacked devices has started dropping. The post Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops appeared first on SecurityWeek.
Unlock sustainability and efficiency with Dell APEX
In today’s uncertain economic landscape, it is no surprise that organizations are driven to optimize business costs. IT professionals can play a pivotal role by strategically leveraging as-a-service models as a key part of their organizations, enabling them to contribute not only to cost efficiencies but also to their organizations’ sustainability goals. In an industry […]
How we’re driving sustainable impact for business and society
Considering the broader impact — across business, people, and the planet — of how we run our business isn’t new for Dell Technologies. For decades, we’ve been investing in innovation, partnerships, and programs that apply our technology, scale, and talented workforce to drive human progress – all intending to have a measurable influence on some […]
Embracing sustainable IT unlocks environmental, business, and financial benefits
Norway is a leader in sustainability. Its use of renewable energy, sustainable technologies, and recycling is common in homes and businesses throughout the country, as well as the neighboring Nordic region, making Norway a role model of environmental stewardship. Cegal, a Norwegian global IT services business, is a great example of this leadership. Recently, Cegal […]
Data-driven sustainability: Dell’s commitment to industry standards
Industry dynamics around sustainability are constantly evolving, which makes them tough to navigate, with few guidelines, little oversight, and conflicting opinions on the “right approach” to climate action. As a global technology company with decades of sustainability leadership, Dell Technologies has a strong point of view informed by data and science, and we’re working with […]
ESG in Action: The Dell Technologies FY23 ESG Report
At Dell Technologies, we put sustainability at the core of everything we do, setting strong commitments and taking the right actions to address climate change, minimize negative environmental impact, and drive positive outcomes for business and society. From how we make our innovative products to what our customers, partners, and communities can do with them, […]
Future First: Sustainability at Equinix
At Equinix, sustainability means Future First. It encompasses everything from the environment to social governance, to green technological innovation. Future First is about action, acting with social responsibility, and actively empowering people in communities to be their very best. Equinix believes when people and technology come together to protect our climate and preserve our resources, […]
Accelerating digital transformation with sustainable solutions
Environmental sustainability Dell Technologies and Equinix have developed joint solutions to support our customers in this critical area by enabling businesses to deploy their infrastructure on Dell architecture within Equinix’s low-carbon colocation infrastructure covered by 96% renewables globally1. From there, we can dynamically connect to industry-leading cloud and network providers around the world via software-defined […]
Elevate your digital transformation with impactful sustainability
Today, IT leaders are tasked with finding solutions that meet at the intersection of business growth and environmental responsibility. Customer sentiment, evolving corporate values, and government regulation have converged to make sustainability a strategic priority for nearly every business. And the importance of energy efficiency for enterprise IT cannot be overstated. The Equinix Global Tech […]
Becoming the sustainability partner our customers need
At Equinix, we recognize that meeting key sustainability targets is one of our customers’ top concerns—now and into the future. This means doing what’s right for the planet, making a positive impact on people and communities, and acting with integrity. Our customers are pursuing these goals because they want to future-proof their operations, setting themselves […]
Accelerating sustainability to build stronger businesses
Environmental sustainability has emerged as a significant concern and a business imperative for organizations today. A poll of public and private sector leaders in the latest World Economic Forum’s Global Risk Report 2022 found that environment-related threats, including climate action failure and extreme weather events, topped the lists of short and long-term global risks. According […]
5 steps for making tech ethics work for your company
Generative AI breakthroughs over the past year have crystalized a significant issue that IT leaders have long been aware of but few have addressed programmatically: tech ethics. And the stakes are beginning to mount. Of 119 CEOs polled at the Yale CEO Summit this summer, 42% said they believe AI has the potential to destroy […]
Transforming IT for digital success
CIOs and their IT teams have enjoyed a bump in power and prestige in recent years, as the C-suite has embraced continuous transformation, digital everything, and a host of emerging technologies — all enabled by IT. As a result, most IT functions have seen budget increases, support for more staff, and higher involvement in shaping […]
The strategy behind becoming a manufacturing superpower
The world of manufacturing is undergoing a quiet revolution: the integration of Operational Technology (OT) and Information Technology (IT). These two domains have traditionally been separate – IT has provided computing and communications, while OT operated the physical manufacturing machinery and associated monitoring systems on the production line. For decades, businesses have focused on IT development, while […]
Allstate’s cloud-first approach to digital transformation pays off
Most companies’ digital journeys begin by migrating legacy applications to the cloud — the theory being that lifting and shifting workloads can provide a fast onramp to making good on services and capabilities unique to the cloud. But home and automobile insurance company Allstate is taking a different approach. Zulfi Jeevanjee, EVP and CIO, believes […]
How to manage data integration during an acquisition
Innovation is crucial for business growth. IT teams hold a lot of innovation power, as effective use of emerging technologies is crucial for informed decision-making and is key to staying a beat ahead of the competition. But adopting modern-day, cutting-edge technology is only as good as the data that feeds it. Cloud-based analytics, generative AI, […]
Mainframe data: hybrid cloud object store vs. tape
Five years ago, many predicted that the mainframe would soon disappear. But that hasn’t happened. In fact, the number of mainframe workloads is growing, especially now that manufacturers have engineered blades that are ideal for running generative AI. In 2019, half of enterprises surveyed said their number of mainframe workloads had grown; in 2023, 62% […]
Okta Support System Hacked, Sensitive Customer Data Stolen
Okta warns that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users. The post Okta Support System Hacked, Sensitive Customer Data Stolen appeared first on SecurityWeek.
Bud Financial helps banks and their customers make more informed decisions using AI with DataStax and Google Cloud
By Jude Sheeran, EMEA managing director at DataStax When making financial decisions, businesses and consumers benefit from access to accurate, timely, and complete information. With the power of real-time data and artificial intelligence (AI), new online tools accelerate, simplify, and enrich insights for better decision-making. For banks, data-driven decisions based on rich customer insight can […]
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023. The post In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack appeared first on SecurityWeek.
Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks
The Philippine defense chief ordered the 163,000-member military to stop using applications that harness AI to generate personal portraits, saying they could pose security risks. The post Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks appeared first on SecurityWeek.
Authorities Seize Control of RagnarLocker Ransomware Dark Web Site
The RagnarLocker ransomware group’s dark web leak site has been seized in a coordinated law enforcement operation. The post Authorities Seize Control of RagnarLocker Ransomware Dark Web Site appeared first on SecurityWeek.
Fraud Detection Firm Spec Raises $15 Million
Silicon Valley fraud detection startup attracts $15 million in new financing from SignalFire, Legion Capital and Rally Ventures. The post Fraud Detection Firm Spec Raises $15 Million appeared first on SecurityWeek.
Three burning questions before FutureIT New York
When IT leaders gather next month at FutureIT New York, the conversation will center around AI and other emerging technologies, data strategies, and practical use cases – all with an eye toward using IT to create business value. Here are three questions we’re excited to explore at FutureIT New York: 1. How will the CIO […]
Managing and fulfilling complex, high-volume B2B orders
B2B commerce has changed tremendously in just the past couple of years. While macro disruptions have played a role — the pandemic, upheaval in the supply chain, multiple global conflicts — customer attitudes are arguably the largest factor. As McKinsey puts it in their 2023 B2B Pulse Report, “After years of wanting a seamless B2B […]
Iranian Hackers Lurked for 8 Months in Government Network
Iran-linked hacking group Crambus spent eight months inside a compromised network of a Middle Eastern government, Broadcom’s Symantec cybersecurity unit reports. The post Iranian Hackers Lurked for 8 Months in Government Network appeared first on SecurityWeek.
Top 8 IT certifications in demand today
Certifications can validate your IT skills and experience to show employers you have the expertise to get the job done. When it comes to certifications, you can typically choose to get certified in skills that you already have, or you can use certification as an opportunity to grow your skill set and develop skills you’d […]
What is a Scrum master? A key role for project success
Scrum is a powerful framework for implementing agile processes in software development and other projects. This highly adopted framework utilizes short iterations of work, called sprints, and daily meetings, called scrums, to tackle discrete portions of a project in succession until the project is complete. There are three key roles within Scrum: Scrum master, product owner […]
HUAWEI eKit makes digital business easy for distributors
Small and Medium Enterprises (SMEs) aren’t just businesses; they’re the pillars that uphold the global economy, accounting for 50% of global GDP and 70% of jobs. Their influence is undeniable – which is why Huawei has created a new digital platform to support them. Despite their vast numbers, a significant portion of SMEs are only now […]
5 modern challenges in data integration and how CIOs can overcome them
By the time you finish reading this post, an additional 27.3 million terabytes of data will be generated by humans over the web and across devices. That’s just one of the many ways to define the uncontrollable volume of data and the challenge it poses for enterprises if they don’t adhere to advanced integration tech. […]
CIOs press ahead for gen AI edge — despite misgivings
OpenAI’s November 2022 announcement of ChatGPT and its subsequent $10 billion in funding from Microsoft were the “shots heard ’round the world” when it comes to the promise of generative AI. If anything, 2023 has proved to be a year of reckoning for businesses, and IT leaders in particular, as they attempt to come to […]
Harmonic Lands $7M Funding to Secure Generative AI Deployments
British startup is working on software to mitigate against the ‘wild west’ of unregulated AI apps harvesting company data at scale. The post Harmonic Lands $7M Funding to Secure Generative AI Deployments appeared first on SecurityWeek.
Unleashing the power of integration to scale industrial equipment sales, manufacturing, and service global channels
Spoiler alert! Get ready for an exhilarating adventure as we unravel the incredible story of GEA Group, a global leader in industrial engineering systems for the food, beverage, and pharmaceutical sectors. Prepare to be amazed as we dive into how GEA transformed their sales, manufacturing, and service channels by harnessing the power of integration and innovation! The […]
FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program
Thousands of IT workers contracting with U.S. firms have secretly sent millions of dollars to North Korea to fund its missile program. The post FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program appeared first on SecurityWeek.
CipherStash Raises $3 Million for Encryption-in-Use Technology
Australian startup ChipherStash raises $3 million in seed funding for technology that keeps data encrypted in use. The post CipherStash Raises $3 Million for Encryption-in-Use Technology appeared first on SecurityWeek.
Google Play Protect Gets Real-Time Code Scanning
Google improves Android devices’ proactive protections against malware with real-time scanning at code level. The post Google Play Protect Gets Real-Time Code Scanning appeared first on SecurityWeek.
US Government Releases Anti-Phishing Guidance
CISA, NSA, FBI, and MS-ISAC have released guidance and prevention recommendations on common phishing techniques. The post US Government Releases Anti-Phishing Guidance appeared first on SecurityWeek.
Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyberattack
Healthcare solutions giant Henry Schein has disclosed a cybersecurity incident that disrupted operations and possibly led to a data breach. The post Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyberattack appeared first on SecurityWeek.
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000
The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US. The post Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 appeared first on SecurityWeek.
13 power tips for Microsoft Power BI
Power BI is Microsoft’s interactive data visualization and analytics tool for business intelligence (BI). With Power BI, you can pull data from almost any data source and create dashboards that track the metrics you care about the most. You can drill into data, create a variety of visualizations, and (literally) ask questions about it using […]
Inside Walmart’s generative AI journey
“Our people make the difference” — a common catchphrase of Walmart founder Sam Walton — still guides the company’s path forward as it ventures into the future with generative AI. The multinational retail company positions itself as a “people-led, tech-powered” one, and sitting squarely at that intersection is generative AI, the power of which most […]
North Korean Hackers Exploiting Recent TeamCity Vulnerability
Multiple North Korean hacking groups have exploited a recent TeamCity vulnerability and Microsoft warns of potential supply chain attacks. The post North Korean Hackers Exploiting Recent TeamCity Vulnerability appeared first on SecurityWeek.
Finland Charges Psychotherapy Hacker With Extortion
Finland charged a hacker, accused of the theft of tens of thousands of records from psychotherapy patients, with over 21,000 counts of extortion. The post Finland Charges Psychotherapy Hacker With Extortion appeared first on SecurityWeek.
Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw
Google says it is still catching government-backed groups linked to China and Russia launching WinRAR exploits in targeted attacks. The post Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw appeared first on SecurityWeek.
Predictive analytics helps Fresenius Medical Care anticipate dialysis complications
Hemodialysis is a life-saving treatment for those suffering from kidney failure. The procedure, often called kidney dialysis, cleansing a patient’s blood, substituting for the function of the kidneys, and is not without risk, however. German healthcare company Fresenius Medical Care, which specializes in providing kidney dialysis services, is using a combination of near real-time IoT […]
Survey: Why CIOs and CTOs want a new model for IT support and services
In April of 2023, Censuswide conducted a survey of 608 US respondents from companies with $250m+ revenue. That study focused on CIO and CTO satisfaction with their existing IT support and services models for enterprise software. The results spoke for themselves. Respondents voiced broad dissatisfaction with their support services and models, including issues with support […]
Former Navy IT Manager Sentenced to Prison for Hacking, Selling PII
Former Navy IT manager Marquis Hooper was sentenced to prison for stealing PII and selling it on the dark web. The post Former Navy IT Manager Sentenced to Prison for Hacking, Selling PII appeared first on SecurityWeek.
Darwinium Raises $18 Million for Edge-based Fraud Prevention Tech
Since launching in 2021, Darwinium has raised $26 million to build a bot and fraud prevention platform running on the perimeter edge. The post Darwinium Raises $18 Million for Edge-based Fraud Prevention Tech appeared first on SecurityWeek.
D-Link Says Hacker Exaggerated Data Breach Claims
Hacker claims to have breached D-Link’s network in Taiwan and is offering to sell stolen data, but the company says the claims are exaggerated. The post D-Link Says Hacker Exaggerated Data Breach Claims appeared first on SecurityWeek.
Fraud Prevention Firm Fingerprint Raises $33 Million
Fingerprint has raised $33 million in a Series C funding round to expand presence into the enterprise market. The post Fraud Prevention Firm Fingerprint Raises $33 Million appeared first on SecurityWeek.
Cybersecurity M&A Roundup for First Half of October 2023
More than a dozen cybersecurity-related M&A deals were announced in the first half of October 2023. The post Cybersecurity M&A Roundup for First Half of October 2023 appeared first on SecurityWeek.
Lost and Stolen Devices: A Gateway to Data Breaches and Leaks
By implementing strong security practices,, organizations can significantly reduce the risks associated with lost and stolen computers and safeguard their sensitive information. The post Lost and Stolen Devices: A Gateway to Data Breaches and Leaks appeared first on SecurityWeek.
Oracle Patches 185 Vulnerabilities With October 2023 CPU
Oracle on Tuesday released 387 new security patches that address 185 vulnerabilities in its code and third-party components. The post Oracle Patches 185 Vulnerabilities With October 2023 CPU appeared first on SecurityWeek.
How digital turned Nationale-Nederlanden into an omnichannel company
Dutch insurance and asset management company Nationale-Nederlanden, part of the NN Group, has a presence in 19 countries and serves several million retail and corporate customers. And for the past eight years, in an environment that’s increasingly changing and demanding, it’s been on a digital transformation journey to refine its customer service and generate proposals […]
Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability
Tens of thousands of Cisco devices have reportedly been hacked via the exploitation of the zero-day vulnerability CVE-2023-20198. The post Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability appeared first on SecurityWeek.
Recent NetScaler Vulnerability Exploited as Zero-Day Since August
Mandiant says the recently patched Citrix NetScaler vulnerability CVE-2023-4966 had been exploited as zero-day since August. The post Recent NetScaler Vulnerability Exploited as Zero-Day Since August appeared first on SecurityWeek.
Dawn of a new day for Africa: building a modern digital economy
Africa is undergoing a remarkable transformation, rebuilding the foundations of its economy with new value-creating digital infrastructure. The World Bank has been coordinating a “Digital Economy Initiative for Africa” which aims to ensure that every individual, business, and government in Africa is digitally enabled by 2030. These efforts are clearly working. Africa’s digital economy and […]
The 4 pillars of the Zscaler Zero Trust Exchange: Customers share their successes
We’ve all heard this mantra: “Secure digital transformation requires a true zero trust architecture.” But what exactly does that mean? Zero trust has come a long way. No longer a nebulous, aspirational term equated with the concept “never trust, already verify,” zero trust has evolved into a solid technology framework that enables proactive defense and […]
Don’t make the biggest mistake in application modernization projects
Application modernization isn’t simply a trend; it’s the mandate for every IT organization. The cost of running old applications and the infrastructure that supports them is problematic. They also lack new features and capabilities, making them a competitive liability. Simply lifting and shifting current code to the cloud doesn’t help and can cost much more. […]
CIOs must safeguard organizations with a validated Zero Trust solution
Cyber vulnerabilities are among a CIO’s greatest fears. And with good reason. No industry or organization is immune to the growing frequency, sophistication and success of cyberattacks and the steep, often devastating, organizational costs they incur. Yet, after collectively investing an estimated $219B1 worldwide in cybersecurity, only four in 10 organizational leaders feel confident that security is embedded in […]
NetSuite adds generative AI to its entire ERP suite
NetSuite is adding generative AI and a host of new features and applications to its cloud-based ERP suite in an effort to compete better with midmarket rivals including Epicor, IFS, Infor, and Zoho in multiple domains such as HR, supply chain, banking, finance, and sales. The new capabilities were announced on Tuesday at the company’s […]
Prove Identity Snags $40M Funding for ID Verification Tech
Startup with roots in the ecommerce mobile payments space raises $40 million for digital identity verification and authentication technology. The post Prove Identity Snags $40M Funding for ID Verification Tech appeared first on SecurityWeek.
Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption
The feared ‘cryptopocalypse’ (the death of current encryption) might be sooner than expected – caused by in-memory computing ASICs rather than quantum computers. The post Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption appeared first on SecurityWeek.
Critical Vulnerabilities Expose Weintek HMIs to Attacks
Weintek has patched critical and high-severity vulnerabilities found in its cMT series HMIs by industrial cybersecurity firm TXOne. The post Critical Vulnerabilities Expose Weintek HMIs to Attacks appeared first on SecurityWeek.
Anonybit Raises $3 Million for Biometric Authentication Platform
Anonybit has raised $3 million in seed funding extension for its biometric authentication and data protection solutions. The post Anonybit Raises $3 Million for Biometric Authentication Platform appeared first on SecurityWeek.
US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability
CISA, FBI, and MS-ISAC warn of potential widespread exploitation of CVE-2023-22515, a critical vulnerability in Atlassian Confluence. The post US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability appeared first on SecurityWeek.
NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics
NSA has released Elitewolf, a repository of intrusion detection signatures and analytics for OT environments. The post NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics appeared first on SecurityWeek.
How to get internal employee poaching right
Market competition for IT talent remains so stiff that IT leaders are increasingly looking to poach employees from other departments to fill IT openings. But snagging a potentially new IT “shining star” from another business function, even when the employee has already expressed an interest in shifting to an IT career, can get complicated. Take, […]
7 cloud market trends and how they will impact IT
The cloud market has been a picture of maturity of late. The pecking order for cloud infrastructure has been relatively stable, with AWS at around 33% market share, Microsoft Azure second at 22%, and Google Cloud a distant third at 11%. (IBM, Oracle, and Salesforce are in the 2-3% range.) Revenue growth remains solid across […]
WordPress Websites Hacked via Royal Elementor Plugin Zero-Day
A critical vulnerability in the Royal Elementor WordPress plugin has been exploited as a zero-day since August 30. The post WordPress Websites Hacked via Royal Elementor Plugin Zero-Day appeared first on SecurityWeek.
Cisco Devices Hacked via IOS XE Zero-Day Vulnerability
Cisco is warning customers that a new IOS XE zero-day vulnerability tracked as CVE-2023-20198 is being exploited to hack devices. The post Cisco Devices Hacked via IOS XE Zero-Day Vulnerability appeared first on SecurityWeek.
Don’t gamble with your identity verification practices
Déjà vu can suck sometimes. Earlier this year, I wrote about the importance of organizations reviewing their password management strategies. I also emphasized that companies need to urgently review their employee access protocol, writing that companies must “make it a point to do continuous employee training to help your teams avoid being duped by phishing […]
How to capitalize on ‘Trustworthy AI’
When a new wave of technology innovation seems to be breaking over the horizon, the fear of missing out — FOMO — can drive hasty decisions on new IT investments. Recent, rapid advances in artificial intelligence (AI) may represent one of the biggest FOMO moments ever, so, it’s critical that decision-makers get out in front […]
The case for predictive AI
AI is taking the world by storm. All forward-thinking businesses are toying with or have already invested in AI — from boutique startups to enterprise conglomerates. According to Accenture, nearly 75% of companies have already integrated AI into their business strategies, and 42% said that the return on their AI initiatives exceeded their expectations (only […]
FinOps is the discipline enterprises need to optimize cloud spending
Signing up for cloud services is easy. But getting control of cloud spending can be a persistent challenge for an enterprise focused on making the most of its technology investment. Gartner predicted worldwide end-user spending on public cloud services would grow 20.7% in 2023, to $591.8 billion. A survey for Foundry’s Cloud Computing Study 2023 […]
Exploring crucial terminal emulation capabilities
As organizations rely on terminal emulation to access and interact with legacy systems, the capabilities offered by terminal emulation solutions become crucial factors in the selection process. Terminal emulation users have specific requirements to ensure a seamless and efficient user experience. When considering a new terminal emulation solution, organizations tend to be concerned about the […]
How to get started with AI to speed software delivery
Artificial intelligence has so dominated headlines and conversations that it seems like every company is announcing their own AI-related feature, solution, or initiative for their business. And you wouldn’t be wrong: the latest McKinsey Global survey shows that organizations are most commonly using generative AI (gen AI). In fact, 40% of those reporting AI adoption […]
Are enterprise architects the new platform team leaders?
With platform engineering seemingly the latest buzzword, it might surprise you to learn that it’s not new. It has existed for a long time, particularly in software as a service (SaaS) companies where the platform itself is in fact the core product or service delivered to customers. However, platform engineering is new for enterprise IT […]
PCI DSS version 4.0: Is your payment card data security program ready?
The numerous new attack vectors being used by threat actors to obtain payment card data underscores the increasing necessity of compliance with the Payment Card Industry Data Security Standard (PCI DSS). According to the 2023 edition of Verizon’s Data Breach Investigations Report (DBIR), payment card data was compromised in 37% of breaches in 2022. It is also […]
Is it time to install a Chief AI Officer?
Pick any tech trend that takes business by storm—the Internet, smartphones, mobile applications—and what initially started as hype, which we now recognize is vastly understated. Today, you could add generative AI to that list. As organizations scramble to incorporate GenAI into their portfolios, industry experts are calling for corporate boards to appoint a leader who […]
PCI compliance: The best defense is a great defense
Sophisticated criminal syndicates, rogue nation states and a global community of nefarious attackers are all eager to pilfer valuable data, including payment card information. Not surprisingly, Payment Card Industry Data Security Standard (PCI DSS) compliance is crucially important. Updating the PCI DSS is likewise critical. Slated to go into effect after the current PCI DSS […]
IT services company Atos runs into headwinds with plan for IBM-style split
IT services company Atos has lost its chairman over a dispute about plans to sell its legacy managed infrastructure services business as it prepares for an IBM-style split between faster- and slower-growing activities. Atos says the deal is still on — but after its chairman Bertrand Meunier resigned last week following a legal challenge from […]
PCI compliance: Is your qualified security assessor up to the task?
In a volatile payments landscape, enterprises are preparing for the Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1 to expire on March 31, 2024. Taking its place will be the more robust PCI DSS version 4.0, a substantial update to the Standard designed to address the continually evolving threat landscape and changing payments […]
Signal Pours Cold Water on Zero-Day Exploit Rumors
Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app. The post Signal Pours Cold Water on Zero-Day Exploit Rumors appeared first on SecurityWeek.
Academics Devise Cyber Intrusion Detection System for Unmanned Robots
Australian AI researchers teach an unmanned military robot’s operating system to identify MitM cyberattacks. The post Academics Devise Cyber Intrusion Detection System for Unmanned Robots appeared first on SecurityWeek.
Milesight Industrial Router Vulnerability Possibly Exploited in Attacks
A vulnerability affecting Milesight industrial routers, tracked as CVE-2023-4326, may have been exploited in attacks. The post Milesight Industrial Router Vulnerability Possibly Exploited in Attacks appeared first on SecurityWeek.
Equifax Fined $13.5 Million Over 2017 Data Breach
UK’s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach. The post Equifax Fined $13.5 Million Over 2017 Data Breach appeared first on SecurityWeek.
Microsoft Improving Windows Authentication, Disabling NTLM
Microsoft is adding new features to the Kerberos protocol, to eliminate the use of NTLM for Windows authentication. The post Microsoft Improving Windows Authentication, Disabling NTLM appeared first on SecurityWeek.
Cedar Fair’s digital strategy based on ‘frictionless fun’
Most companies will not hesitate to promote their organizations as a fun place to work, especially when trying to attract new hires. In fact, the search term ‘fun’ returns hundreds of thousands of postings at one of the more popular job websites — more than 16,000 in Massachusetts alone. But far fewer companies highlight fun […]
Why IT projects still fail
IT organizations have worked hard to get away from the problems that had plagued their past project delivery processes. They have replaced expansive scopes, the waterfall methodology, and long timelines with iterative development, the agile approach, and multiweek sprints, hoping to avert the big failures that have littered IT’s history. Those changes have indeed helped, […]
Hybrid meetings: 5 best practices for better outcomes
Offering a work-from-home option is no longer negotiable if you want to keep your teams staffed with talented employees. When asked what they would do if they had to return to the office full-time, a recent study from PromoLeaf found that more than half (52%) of remote workers would quit. That’s a jump from a […]
EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits
Environmental Protection Agency (EPA) withdraws recent water sector cybersecurity rules due to lawsuits by states and water associations. The post EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits appeared first on SecurityWeek.
Spyware Caught Masquerading as Israeli Rocket Alert Applications
A threat actor targets Israelis with spyware masquerading as an Android application for receiving rocket alerts. The post Spyware Caught Masquerading as Israeli Rocket Alert Applications appeared first on SecurityWeek.
Business AI will change the way businesses are run
Less than a year after most CIOs and business leaders even heard the expression “generative artificial intelligence,” for the first time, this technology has set off a wave of innovation that will dramatically change how businesses are run. However, we at SAP are not entering this race as newcomers. In fact, we have been at […]
CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware
CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks. The post CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware appeared first on SecurityWeek.
Juniper Networks Patches Over 30 Vulnerabilities in Junos OS
Juniper Networks patches over 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity bugs. The post Juniper Networks Patches Over 30 Vulnerabilities in Junos OS appeared first on SecurityWeek.
In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty
In Other The post In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty appeared first on SecurityWeek.
11 most in-demand gen AI jobs companies are hiring for
Generative AI is quickly changing the landscape of the business world, with rapid adoption rates across nearly every industry. Businesses are turning to gen AI to streamline business processes, develop proprietary AI technology, and reduce manual efforts in order to free up employees to take on more intensive tasks. A recent survey of senior IT […]
What is a data architect? Skills, salaries, and how to become a data framework master
Data architect role Data architects are senior visionaries who translate business requirements into technology requirements and define data standards and principles, often in support of data or digital transformations. The data architect is responsible for visualizing and designing an organization’s enterprise data management framework. This framework describes the processes used to plan, specify, enable, create, […]
Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure
Dozens of Squid caching proxy vulnerabilities remain unpatched two years after a researcher reported them to developers. The post Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure appeared first on SecurityWeek.
Microsoft Offers Up to $15,000 in New AI Bug Bounty Program
Microsoft is offering rewards of up to $15,000 in a new bug bounty program dedicated to its new AI-powered Bing. The post Microsoft Offers Up to $15,000 in New AI Bug Bounty Program appeared first on SecurityWeek.
Microsoft receives $29B IRS tax notices for decade-old transactions
Microsoft is planning to appeal a claim of $28.9 billion in back taxes that it has received from the US Internal Revenue Service (IRS), the company said on Wednesday. The Notices of Proposed Adjustment were received on September 26, related to intercompany pricing or transfer pricing, Microsoft said in a regulatory filing. The IRS is […]
Your Generative AI strategy could use a startup’s touch
You’re an IT leader at an organization whose employees are rampantly adopting generative AI. Now what? You require a strategy for efficient, productive, and responsible corporate use. Although it’s early days, as many as 75% of organizations reported quantified outcomes from GenAI projects, with 26% expecting productivity gains, according to a Dell Technologies survey of […]
SAP’s new generative AI pricing: Neither transparent nor explainable yet
Enterprises subscribing to Rise with SAP, a bundle of services wrapped around the core S/4HANA Cloud ERP application, can now pay extra for Premium Plus, a package of some of SAP’s newest innovations. Premium Plus includes access to sustainability insights derived from business processes’ carbon footprints and financial costs (SAP’s “green ledger”), new generative AI […]
Proving your worth: Strategies to validate and elevate your IT service department
In the business world, service desks are commonly designated as cost centers, a label that can sometimes limit their access to essential resources and support. This categorization tends to encourage a more reactive approach, as they often find themselves responding to incidents rather than proactively shaping outcomes. Such views of service desks can diminish their […]
SEC Investigating Progress Software Over MOVEit Hack
Progress Software confirms the SEC has launched its own investigation into costly ransomware zero-days in the MOVEit file transfer software. The post SEC Investigating Progress Software Over MOVEit Hack appeared first on SecurityWeek.
The heat is on for a sustainable future at Siemens Gamesa
Surely, you can feel it. It’s hot out there. July 3, 2023, set a record for the highest mean global temperature ever recorded. Then July 4 came along and was even hotter. All-in-all, July 3-6 were the hottest four days ever recorded on planet Earth — but probably not for long. There’s a climate crisis. We’re all […]
Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin
A backdoor deployed on a compromised WordPress website poses as a legitimate plugin to hide its presence. The post Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin appeared first on SecurityWeek.
Apple Releases iOS 16 Update to Patch Exploited Vulnerability
Apple has released iOS 16.7.1 and iPadOS 16.7.1 to patch CVE-2023-42824, a kernel vulnerability that has been exploited in attacks. The post Apple Releases iOS 16 Update to Patch Exploited Vulnerability appeared first on SecurityWeek.
LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts
A recently observed phishing campaign targeting Microsoft accounts is using LinkedIn smart links to bypass defenses. The post LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts appeared first on SecurityWeek.
Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks
Industrial routers made by Chinese company Yifan are affected by several critical vulnerabilities that can expose organizations to attacks. The post Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks appeared first on SecurityWeek.
CISO Pay Increases Are Slowing – a Look Behind the Figures
How much do CISOs make? Survey provides compensation trends for Chief Information Security Officers, but don’t take surveys at full face value. The post CISO Pay Increases Are Slowing – a Look Behind the Figures appeared first on SecurityWeek.
Simpson Manufacturing Takes Systems Offline Following Cyberattack
Simpson Manufacturing is experiencing disruptions after taking IT systems offline following a cyberattack. The post Simpson Manufacturing Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
SAP offers faster updates, longer maintenance for S/4HANA in private clouds
SAP is doubling the time between major releases of S/4HANA Cloud private edition from one year to two — at the same time promising to release new feature packs every six months or so to keep up the pace of innovation. It is also extending maintenance to seven years, from five today. The changes will […]
20 traits of highly effective project managers
To thrive, project managers need to have and hone a complex combination of technical, business, and interpersonal skills. Leading project management organization the Project Management Institute attempts to decode what it takes to be a successful project manager with its PMI Talent Triangle, comprising Ways of Working (formerly Technical Project Management), Power Skills (formerly Leadership), […]
Generac’s Tim Dickson on the evolving CIO role
Generac Power Systems’ Tim Dickson is an award-winning CIO who drives transformative change through technology and talent. He’s known as a digital game changer who operates at the intersection of advanced technology and business strategy. And he does it by fulfilling four “CEO” roles: chief enablement officer, chief elevation officer, chief enrichment officer, and chief […]
SYN Ventures Announces $75 Million Seed Fund for US Cybersecurity Firms
Venture capital firm SYN Ventures announces first closing of $75 million cybersecurity seed fund for US cybersecurity companies. The post SYN Ventures Announces $75 Million Seed Fund for US Cybersecurity Firms appeared first on SecurityWeek.
Powering the future: How Gen AI and AI illuminate utility companies
According to market researchers at Gartner1, “Utilities are faced with unprecedented challenges.” While international conflict, economic uncertainty and climate change are affecting businesses of all kinds, energy companies and utilities are also dealing with aging infrastructure, constant cyberattacks, increased regulation and rising customer expectations. To overcome these challenges, energy companies are increasingly turning to artificial intelligence (AI), particularly […]
Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk
Flaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations. The post Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk appeared first on SecurityWeek.
Payment Card Data Stolen in Air Europa Hack
Spanish airline Air Europa is informing customers that their payment card information has been stolen as a result of a hacker attack. The post Payment Card Data Stolen in Air Europa Hack appeared first on SecurityWeek.
Citrix Patches Critical NetScaler ADC, Gateway Vulnerability
Citrix has released patches for a critical information disclosure vulnerability in NetScaler ADC and NetScaler Gateway. The post Citrix Patches Critical NetScaler ADC, Gateway Vulnerability appeared first on SecurityWeek.
US Government Releases Security Guidance for Open Source Software in OT, ICS
CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS. The post US Government Releases Security Guidance for Open Source Software in OT, ICS appeared first on SecurityWeek.
Chrome 118 Patches 20 Vulnerabilities
Google has released Chrome 118 to the stable channel with patches for 20 vulnerabilities, including one rated ‘critical severity’. The post Chrome 118 Patches 20 Vulnerabilities appeared first on SecurityWeek.
Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks
Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date. The post Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks appeared first on SecurityWeek.
Applying AI to API Security
While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs. The post Applying AI to API Security appeared first on SecurityWeek.
The CIO at a crossroads: Evolve or become a dead-end job
These are testing times for CIOs. A complex mix of macroeconomic instability, technological advancements, and digital disruption has businesses in search of IT leaders who can rise to the occasion and turn what could be intractable challenges into business opportunities. The bad news from early 2023 Forrester research suggests that many CIOs aren’t ready to […]
Building elite teams to map out the business and customer journey
With a career that spans decades across some of the most recognized brands and companies, Raji Subramanian has been making her mark at San Fransisco-based Opendoor for nearly three years. The prominent digital platform for residential real estate, founded in 2014, has faced testing challenges over the past few years including transactions taking a hit […]
Chief AI officers in demand as IT leaders expect gen AI productivity boost, survey finds
Enterprises are looking to AI to boost productivity and innovation, and one-third of organizations with an interest in the technology have hired or are looking for a chief AI officer, according to new research from Foundry, publisher of CIO.com. For its AI Priorities Study 2023, Foundry surveyed IT decision-makers who have either implemented AI and […]
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
CISA has added five bugs to its Known Exploited Vulnerabilities catalog, including the recent WordPad, Skype, and HTTP/2 zero-days. The post CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws
ICS Patch Tuesday: Siemens and Schneider Electric release over a dozen advisories addressing more than 40 vulnerabilities. The post ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws appeared first on SecurityWeek.
Implications of generative AI for enterprise security
Generative AI has quickly changed what the world thought was possible with artificial intelligence, and its mainstream adoption may seem shocking to many who don’t work in tech. It inspires awe and unease — and often both at the same time. So, what are its implications for the enterprise and cybersecurity? A technology inflection point […]
Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks
Microsoft says an APT group tracked as Storm-0062 has been hacking Confluence installations since mid-September, three weeks before Atlassian’s disclosure. The post Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks appeared first on SecurityWeek.
Salesforce IT injects generative AI to ease its massive datacenter migration
When you’re tasked with migrating 200,000 servers to a new operating system, a helping hand is very welcome indeed. That’s why SaaS giant Salesforce, in migrating its entire data center from CentOS to Red Hat Enterprise Linux, has turned to generative AI — not only to help with the migration but to drive the real-time […]
Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warned that three are already being exploited in the wild. The post Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business appeared first on SecurityWeek.
Beyond the Front Lines: How the Israel-Hamas War Impacts the Cybersecurity Industry
The war with Hamas will inevitably absorb manpower and focus from the cybersecurity sector. The post Beyond the Front Lines: How the Israel-Hamas War Impacts the Cybersecurity Industry appeared first on SecurityWeek.
Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop
Adobe Commerce customers exposed to code execution, privilege escalation, arbitrary file system read, and security feature bypass attacks. The post Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop appeared first on SecurityWeek.
Unlocking productivity: 3 key priorities for tech leaders in the age of AI
By Chet Kapoor, Chairman and CEO of DataStax In tech, success means embracing change and moving fast. With the rise of AI, leaders are re-thinking how they drive productivity and execution within their teams. Here, I’ll share perspectives from industry experts on winning in today’s constantly evolving landscape. 1. Leverage the power of asynchronous communication […]
Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal
A Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices. The post Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal appeared first on SecurityWeek.
An AI leadership haiku
An AI Leadership Haiku Generative’s gift, Innovation takes a lift, But vigilance, persist. To effectively use AI tools, you need to take a fresh look at your business goals and processes and ensure that you are using the right tools to solve particular problems. The AI Leadership Summit on October 11, 2023 is a different […]
SecurityWeek to Host 2023 ICS Cybersecurity Conference October 23-26 in Atlanta
SecurityWeek will host its 2023 Industrial Control Systems (ICS) Cybersecurity Conference from October 23 – 26, 2023 at the InterContinental Atlanta Buckhead. The post SecurityWeek to Host 2023 ICS Cybersecurity Conference October 23-26 in Atlanta appeared first on SecurityWeek.
‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History
A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history. The post ‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History appeared first on SecurityWeek.
SAP Releases 7 New Notes on October 2023 Patch Day
SAP has released seven new notes as part of its October 2023 Security Patch Day, all rated ‘medium severity’. The post SAP Releases 7 New Notes on October 2023 Patch Day appeared first on SecurityWeek.
Twistlock Founders Score Whopping $51M Seed Funding for Gutsy
Serial entrepreneurs bank an unusually large seed round to apply process mining techniques to solve security governance problems. The post Twistlock Founders Score Whopping $51M Seed Funding for Gutsy appeared first on SecurityWeek.
New ‘Grayling’ APT Targeting Organizations in Taiwan, US
A previously unknown APT group is targeting organizations in biomedical, IT, and manufacturing sectors in Taiwan. The post New ‘Grayling’ APT Targeting Organizations in Taiwan, US appeared first on SecurityWeek.
One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems
A one-click exploit targeting the Libcue component of the GNOME desktop environment could pose a serious threat to Linux systems. The post One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems appeared first on SecurityWeek.
Magecart Web Skimmer Hides in 404 Error Pages
A newly identified Magecart web skimming campaign is tampering with ‘404’ error pages to hide malicious code. The post Magecart Web Skimmer Hides in 404 Error Pages appeared first on SecurityWeek.
Cable Giant Volex Targeted in Cyberattack
UK-based cable manufacturing giant Volex has been targeted in a cyberattack that involved unauthorized access to IT systems and data. The post Cable Giant Volex Targeted in Cyberattack appeared first on SecurityWeek.
Researcher Conversations: Natalie Silvanovich From Google’s Project Zero
SecurityWeek continues its Hacker Conversations series in a discussion with Natalie Silvanovich, a member of of Google’s Project Zero. The post Researcher Conversations: Natalie Silvanovich From Google’s Project Zero appeared first on SecurityWeek.
8 tips for cultivating a winning IT culture
Winning IT organizations aren’t built in a day. Long-term success is generally the result of leaders who make a committed effort to connect directly with their teams, rather than simply issuing memos, edicts, and other top-down commands. Employees want to work for leaders who inspire them, engage them, challenge them, and give them opportunities to […]
The CIO’s primary job: Developing future IT leaders
Great IT organizations must establish dual career paths providing opportunities for technologists to advance their craft and careers without having to involve themselves with management and personnel issues. But it is equally vital to identify those people who can develop into managers and create a path forward for them as well. Many professions are faced […]
College of Southern Nevada deploys AI avatar to better engage students
Even in IT, chance encounters can have an outsize impact. For Mugunth Vaithylingam, CIO at the College of Southern Nevada, sitting next to AI Foundation COO Russ Logan on a flight from New York to Las Vegas last October provided just that: a chance meeting that led to a whole new way for the college […]
Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites
Recently patched TagDiv Composer plugin vulnerability exploited to hack thousands of WordPress sites as part of the Balada Injector campaign. The post Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites appeared first on SecurityWeek.
Credential Harvesting Campaign Targets Unpatched NetScaler Instances
Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials. The post Credential Harvesting Campaign Targets Unpatched NetScaler Instances appeared first on SecurityWeek.
Patches Prepared for ‘Probably Worst’ cURL Vulnerability
A high-severity vulnerability in the data transfer project cURL will be addressed with libcurl and curl updates this week. The post Patches Prepared for ‘Probably Worst’ cURL Vulnerability appeared first on SecurityWeek.
DC Board of Elections Discloses Data Breach
The District of Columbia Board of Elections says voter records were compromised in a data breach at hosting provider DataNet. The post DC Board of Elections Discloses Data Breach appeared first on SecurityWeek.
Google Expands Bug Bounty Program With Chrome, Cloud CTF Events
Google is hosting capture the flag (CTF) events focused on Chrome’s V8 engine and on Kernel-based Virtual Machine (KVM). The post Google Expands Bug Bounty Program With Chrome, Cloud CTF Events appeared first on SecurityWeek.
CIOs set their agendas to achieve IT’s ultimate balancing act
Achieving operational excellence while deploying innovative technologies is not an either/or proposition as far as Christian Mate is concerned. Both are critical for meeting the responsibilities of the job of CIO, which requires the staid mantra of “keep the lights on” while concentrating on the more exciting innovating for growth, he says. “To some extent, […]
Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks
Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack. The post Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks appeared first on SecurityWeek.
Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions
Taiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities. The post Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions appeared first on SecurityWeek.
Take control of your Oracle unlimited licensing agreement
Have you ever met an Oracle customer who happily pays the company’s fees for software support? Neither have we. But too few really understand how beneficial—and painless—breaking up with Oracle Database support can be. Databases require a great deal of care and feeding and if not properly maintained, small problems can eventually grow into major […]
MGM Resorts Says Ransomware Hack Cost $110 Million
MGM Resorts said costs from a disruptive ransomware hack has exceeded $110 million, including $10 million in one-time consulting cleanup fees. The post MGM Resorts Says Ransomware Hack Cost $110 Million appeared first on SecurityWeek.
Android Devices With Backdoored Firmware Found in US Schools
A global cybercriminal operation called BadBox has infected the firmware of more than 70,000 Android smartphones, CTV boxes, and tablets with the Triada malware. The post Android Devices With Backdoored Firmware Found in US Schools appeared first on SecurityWeek.
Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations
US, Ukraine, and Israel remain the most heavily attacked by cyberespionage and cybercrime threat actors, Microsoft says. The post Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations appeared first on SecurityWeek.
In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters
Noteworthy stories that might have slipped under the radar: cybersecurity funding increases, new laws, and government’s illegal use of smartphone location data. The post In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters appeared first on SecurityWeek.
Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA
CISA and the NSA are urging network defenders and software developers to address the top ten cybersecurity misconfigurations. The post Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA appeared first on SecurityWeek.
Nonprofit Service Provider Blackbaud Settles Data Breach Case for $49.5M With States
The fundraising software company Blackbaud has agreed to pay $49.5 million to settle claims brought by the attorneys general of 49 states and Washington, D.C., related to a 2020 data breach. The post Nonprofit Service Provider Blackbaud Settles Data Breach Case for $49.5M With States appeared first on SecurityWeek.
What is a business analyst? A key role for business-IT efficiency
What is a business analyst? Business analysts (BAs) are responsible for bridging the gap between IT and the business using data analytics to assess processes, determine requirements, and deliver data-driven recommendations and reports to executives and stakeholders. BAs engage with business leaders and users to understand how data-driven changes to process, products, services, software, and hardware can […]
CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws
CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range. The post CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws appeared first on SecurityWeek.
ST Engineering showcases applications of new technologies to stay ahead of disruption
The advent of new technologies has accelerated the rate of innovation and disrupted the business landscape as we know it. As the pace of innovation speeds up, tomorrow’s front runners are those who readily embrace disruptive technologies to spearhead new business models and capture new avenues of growth. The good news is that many organisations […]
A CIO’s guide to the developer platform: What it is and why you need it
As today’s digital-centric landscape continues to evolve at an unprecedented pace, software agility, and speed-to-market are critical to long-term success and revenue growth for any business. Modern applications and multi-cloud strategies drive digital transformations that make this success possible, and businesses are under pressure to get better and faster at delivering applications and services to […]
Cisco Plugs Gaping Hole in Emergency Responder Software
Cisco warns that unauthenticated, remote attackers can log into devices using root account, which has default, static credentials that cannot be changed or deleted. The post Cisco Plugs Gaping Hole in Emergency Responder Software appeared first on SecurityWeek.
GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks
GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services. The post GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks appeared first on SecurityWeek.
BlackBerry to Split Cybersecurity, IoT Business Units
BlackBerry plans to split its cybersecurity and IOT (Internet of Things) businesses and pursue an IPO for the IOT unit early next year. The post BlackBerry to Split Cybersecurity, IoT Business Units appeared first on SecurityWeek.
Red Cross Publishes Rules of Engagement for Hacktivists During War
ICRC is telling hacktivists involved in conflict during war to avoid targeting civilian objectives and hospitals, or making threats of violence. The post Red Cross Publishes Rules of Engagement for Hacktivists During War appeared first on SecurityWeek.
CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors
New US government guidance details the challenges that application developers and vendors face in identity and access management (IAM). The post CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors appeared first on SecurityWeek.
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security. The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek.
Addressing the People Problem in Cybersecurity
Addressing the people problem with effective approaches and tools for users and security practitioners will enable us to work smarter, and force attackers into a position where they must work harder. The post Addressing the People Problem in Cybersecurity appeared first on SecurityWeek.
Qakbot Hackers Continue to Push Malware After Takedown Attempt
Qakbot cybercriminals continue to push malware, which shows they are still operational after the recent takedown attempt. The post Qakbot Hackers Continue to Push Malware After Takedown Attempt appeared first on SecurityWeek.
Hundreds Download Malicious NPM Package Capable of Delivering Rootkit
Threat actor uses typosquatting to trick hundreds of users into downloading a malicious NPM package that delivers the r77 rootkit. The post Hundreds Download Malicious NPM Package Capable of Delivering Rootkit appeared first on SecurityWeek.
7 sins of software development
Software development is a challenging discipline built on millions of parameters, variables, libraries, and more that all must be exactly right. If one character is out of place, the entire stack can fall. And that’s just the technical part. Opinionated programmers, demanding stakeholders, miserly accountants, and meeting-happy managers mix in a political layer that makes […]
CBRE’s Sandeep Davé on accelerating your AI ambitions
Sandeep Davé knows the value of experimentation as well as anyone. As chief digital and technology officer at CBRE, Davé recognized early that the commercial real estate industry was ripe for AI and machine learning enhancements, and he and his team have tested countless use cases across the enterprise ever since. And those experiments have […]
Sony Confirms Data Stolen in Two Recent Hacker Attacks
Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. The post Sony Confirms Data Stolen in Two Recent Hacker Attacks appeared first on SecurityWeek.
Document Security is More than Just Password-Protection
Thirty years ago, Adobe created the Portable Document Format (PDF) to facilitate sharing documents across different software applications while maintaining text and image formatting. Today, PDF is considered the de facto industry standard for documents that contain critical and sensitive business information. In fact, it is estimated that more than three (3) trillion PDFs – […]
3 hard truths about GenAI’s large language models
I love technology. During the last year, I’ve been fascinated to see new developments emerge in generative AI large language models (LLMs). Beyond the hype, generative AI is truly a watershed moment for technology and its role in our world. Generative AI LLMs are revolutionizing what’s possible for individuals and enterprises around the world. However, […]
Building sustainability at the edge of the enterprise
The enterprise edge has become a growing area of innovation as organizations increasingly understand that not every workload — particularly new edge workloads — can move to the cloud. Reasons for this limitation include data sovereignty and residency requirements, the need to support ultra-low latency workloads, and concerns about losing control over mission-critical use cases, […]
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down. The post Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day appeared first on SecurityWeek.
Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day
Atlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products. The post Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day appeared first on SecurityWeek.
New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks
Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models. The post New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks appeared first on SecurityWeek.
Lyca Mobile Services Significantly Disrupted by Cyberattack
International mobile network operator Lyca Mobile says a cyberattack has significantly disrupted its services in many countries. The post Lyca Mobile Services Significantly Disrupted by Cyberattack appeared first on SecurityWeek.
Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions
A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges. The post Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions appeared first on SecurityWeek.
Google, Yahoo Boosting Email Spam Protections
Google and Yahoo are introducing new requirements for bulk senders, to improve phishing and spam protections. The post Google, Yahoo Boosting Email Spam Protections appeared first on SecurityWeek.
Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware
Mozilla issues warning over fake Thunderbird downloads after a ransomware group was caught using this technique to deliver malware. The post Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware appeared first on SecurityWeek.
4 reasons why gen AI projects fail
In June, New Zealand supermarket chain Pak’nSave released the Savey Meal-Bot, a gen AI tool that lets users upload a list of ingredients they have, and then the bot would come up with recipes they could try. It was billed as a way for shoppers to save money because New Zealanders throw out around NZ$1,500 […]
What a quarter century of digital transformation at PayPal looks like
If there’s a company that can boast being 100% digital native, it’s PayPal, the platform that allows companies and consumers to send and receive digital payments in a secure, comfortable and profitable way. Since 1998, the brand has evolved and grown in step with technology, and today, the size of its network and consumer use has […]
Skilled IT pay defined by volatility, security, and AI
Last quarter was one of the most volatile for cash pay premiums for IT skills and certifications in the last three years, according to Foote Partners. Almost one-third of the 682 non-certified IT skills and 614 IT certifications they track changed in value — and for certifications, those changes, more often than not, were downward. […]
Qualcomm Patches 3 Zero-Days Reported by Google
Qualcomm has patched more than two dozen vulnerabilities, including three zero-days that may have been exploited by spyware vendors. The post Qualcomm Patches 3 Zero-Days Reported by Google appeared first on SecurityWeek.
Future-Proofing Your Business with Hyperautomation
Robotic process automation (RPA) is a well-established means of automating repetitive business processes implemented in software. It’s been around since the early 2000s. However since then great strides have been made in machine learning and artificial intelligence. Combined with RPA tools they enable much greater levels of automation of many business processes. This is hyperautomation. […]
ZDI Discusses First Automotive Pwn2Own
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024. The post ZDI Discusses First Automotive Pwn2Own appeared first on SecurityWeek.
Synqly Joins Race to Fix Security, Infrastructure Product Integrations
Silicon Valley startup lands $4 million in seed funding from SYN Ventures, Okta Ventures and Secure Octane. The post Synqly Joins Race to Fix Security, Infrastructure Product Integrations appeared first on SecurityWeek.
A new solution offers fresh air—not as a dream, but a service
“Air is our most important food.” That’s the operating philosophy of German heating, ventilation, and air conditioning (HVAC) company ActoVent, an enterprise built around the simple philosophy that the air we breathe and release into the environment should be clean. During the pandemic, air quality became an obsession to many people. Adding to the concern was […]
Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
ShellTorch attack chains critical TorchServe vulnerabilities and could completely compromise the AI infrastructure of major companies. The post Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies appeared first on SecurityWeek.
US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
An open redirection vulnerability in the popular job search platform Indeed has been exploited in a series of phishing attacks. The post US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform appeared first on SecurityWeek.
Actor Tom Hanks Warns of Ad With AI Imposter
Actor Tom Hanks and talk show co-host Gayle King were warning fans about ads featuring imposters generated by artificial intelligence. The post Actor Tom Hanks Warns of Ad With AI Imposter appeared first on SecurityWeek.
Network, Meet Cloud; Cloud, Meet Network
The widely believed notion that the network and the cloud are two different and distinct entities is not true. The post Network, Meet Cloud; Cloud, Meet Network appeared first on SecurityWeek.
Dozens of Malicious NPM Packages Steal User, System Data
Fortinet warns of multiple malicious NPM packages that include install scripts designed to steal sensitive information. The post Dozens of Malicious NPM Packages Steal User, System Data appeared first on SecurityWeek.
Why all IT talent should be irreplaceable
“The graveyards,” General De Gaulle once ironically observed, “are full of indispensable men.” Maybe so, but the same may not be so easily said about organizations whose success did depend on irreplaceable managers and staff. Take, for example, Apple. Under Steve Jobs it created the iPod, iPhone, App Store, and iPad — products and services […]
ConocoPhillips goes global with digital twins
With demand for low-cost energy ever increasing, along with competition from renewable sources of energy, ConocoPhillips is leveraging digital twins to optimize the safety and efficiency of its assets. The Houston-based company, with origins dating back to 1875, is on a path to adopt portfolio-wide digital twin technology following successes across its major fields. Dubbed […]
Motel One Discloses Ransomware Attack Impacting Customer Data
Motel One says customer addresses and credit card information were compromised in a recent ransomware attack. The post Motel One Discloses Ransomware Attack Impacting Customer Data appeared first on SecurityWeek.
Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities
The October 2023 security update for Android patches two vulnerabilities exploited in attacks, both likely linked to spyware vendors. The post Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 28 Deals Announced in September 2023
Twenty-eight cybersecurity-related merger and acquisition (M&A) deals were announced in September 2023. The post Cybersecurity M&A Roundup: 28 Deals Announced in September 2023 appeared first on SecurityWeek.
Companies Address Impact of Exploited Libwebp Vulnerability
Companies have addressed the impact of the exploited Libwebp vulnerability CVE-2023-4863 on their products. The post Companies Address Impact of Exploited Libwebp Vulnerability appeared first on SecurityWeek.
Unlocking value: Oracle enterprise license models for optimal ROI
With tight IT budgets getting tighter, many Oracle licensees with Unlimited Licensing Agreements (ULAs) are tempted to consider an exit plan to avoid the pinch of rising support costs. But, often too late, they may discover that their Oracle contract could prevent them from making the jump as seamlessly as they’d like. Most enterprises want […]
Lessons from the field: Why you need a platform engineering practice (…and how to build it)
Platform engineering is a sociotechnical discipline that has gained tremendous attention in the last year in response to the need for organizations to accelerate cloud native app development and management. Platform engineering focuses on the internal application of development and the creation of so-called ‘Golden Pathways’ in engineering and development, saving time and creating more […]
Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw
Rapid7 says attackers are targeting a critical pre-authentication flaw in Progress Software’s WS_FTP server just days after disclosure. The post Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw appeared first on SecurityWeek.
European Telecommunications Standards Institute Discloses Data Breach
Hackers stole a database containing the list of the European Telecommunications Standards Institute’s online users. The post European Telecommunications Standards Institute Discloses Data Breach appeared first on SecurityWeek.
Number of Internet-Exposed ICS Drops Below 100,000: Report
The number of internet-exposed ICS has dropped below 100,000, a significant decrease from the 140,000 in 2019. The post Number of Internet-Exposed ICS Drops Below 100,000: Report appeared first on SecurityWeek.
Johnson Controls Ransomware Attack Could Impact DHS
DHS is reportedly investigating the impact of the recent Johnson Controls ransomware attack on its systems and facilities. The post Johnson Controls Ransomware Attack Could Impact DHS appeared first on SecurityWeek.
Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
Patches are being developed for serious Exim vulnerabilities that could expose many mail servers to attacks. The post Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks appeared first on SecurityWeek.
The dark arts of digital transformation — and how to master them
Resistance to digital transformation comes in many forms. And sometimes it takes a wizard — or a CIO with a satchel of magic tricks — to overcome them. You’ll need to persuade employees and middle management to leave their comfort zones and change how they operate. You may find yourself stuck in bureaucratic quagmires or […]
What is a project management office (PMO)? The key to standardizing project success
Project management office (PMO) definition A project management office (PMO) is a group, or functional unit, that sets, maintains, and enforces the practices, policies, and standards for structuring and executing projects within an organization. According to the Project Management Institute (PMI), a PMO is essential for enterprises seeking to centralize and coordinate the management of […]
CISA Kicks Off Cybersecurity Awareness Month With New Program
CISA has announced the Secure Our World cybersecurity awareness program, targeting both businesses and end users. The post CISA Kicks Off Cybersecurity Awareness Month With New Program appeared first on SecurityWeek.
Recently Patched TeamCity Vulnerability Exploited to Hack Servers
In-the-wild exploitation of a critical vulnerability in the TeamCity CI/CD server started shortly after a patch was released by developers. The post Recently Patched TeamCity Vulnerability Exploited to Hack Servers appeared first on SecurityWeek.
Silverfort Open Sources Lateral Movement Detection Tool
Silverfort has released the source code for its lateral movement detection tool LATMA, to help identify and analyze intrusions. The post Silverfort Open Sources Lateral Movement Detection Tool appeared first on SecurityWeek.
The changing face of cybersecurity threats in 2023
Over the last eighteen months or so, a motley group of teenagers under the banner of Lapsus$ managed to hack into “unbreachable” fortresses at tech giants such as Okta, T-Mobile, Nvidia, Microsoft, and Globant using unsophisticated but creative and persistent techniques. While the group’s goals were unclear and differing – fluctuating between amusement, monetary gain, […]
Bankrupt IronNet Shuts Down Operations
Bankrupt and out of financing options, IronNet has terminated all employees and plan to file for Chapter 7 protection. The post Bankrupt IronNet Shuts Down Operations appeared first on SecurityWeek.
Should finance organizations bank on Generative AI?
As I work with financial services and banking organizations around the world, one thing is clear: AI and generative AI are hot topics of conversation. These conversations are so weighty, they are happening at the boardroom level. I get it. Financial organizations want to capture generative AI’s tremendous potential while mitigating its risks. In the […]
AWS Using MadPot Decoy System to Disrupt APTs, Botnets
AWS says an internal threat intel decoy system called MadPot has successfully trapped nation state-backed APTs like Volt Typhoon and Sandworm. The post AWS Using MadPot Decoy System to Disrupt APTs, Botnets appeared first on SecurityWeek.
Generative AI Startup Nexusflow Raises $10.6 Million
Nexusflow scores funding to build an open-source LLM that can deliver high accuracy when retrieving data from multiple security sources. The post Generative AI Startup Nexusflow Raises $10.6 Million appeared first on SecurityWeek.
In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
Noteworthy stories that might have slipped under the radar: new RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea. The post In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea appeared first on SecurityWeek.
Researchers Extract Sounds From Still Images on Smartphone Cameras
A group of academic researchers devised a technique to extract sounds from still images captured using smartphone cameras with rolling shutter and movable lens structures. The post Researchers Extract Sounds From Still Images on Smartphone Cameras appeared first on SecurityWeek.
Embrace the Generative AI revolution: a guide to integrating Generative AI into your operations
Generative AI (GenAI) is not just the topic of the hour – it may well be the topic of the decade and beyond. Until a year ago, when people suggested that AI was already mainstream and asked what the next big thing would be, I replied that we had not reached the end state of […]
National Security Agency is Starting an Artificial Intelligence Security Center
The NSA is starting an artificial intelligence security center — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems. The post National Security Agency is Starting an Artificial Intelligence Security Center appeared first on SecurityWeek.
CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
CISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog. The post CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks appeared first on SecurityWeek.
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations. The post Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks appeared first on SecurityWeek.
A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says
A sharply divided privacy oversight board is recommending that the FBI and other agencies be required to get court approval before reviewing the communications of U.S. citizens collected through a secretive foreign surveillance program. The post A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says appeared first on […]
NIST Publishes Final Version of 800-82r3 OT Security Guide
NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security. The post NIST Publishes Final Version of 800-82r3 OT Security Guide appeared first on SecurityWeek.
Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
Gaps in Cloudflare’s security controls allow users to bypass protections and target others from the platform itself. The post Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers appeared first on SecurityWeek.
10 most in-demand generative AI skills
If any technology has captured the collective imagination in 2023, it’s generative AI — and businesses are beginning to ramp up hiring for what in some cases are very nascent gen AI skills, turning at times to contract workers to fill gaps, pursue pilots, and round out in-house AI project teams. Analyzing the hiring behaviors of […]
Top 17 cloud cost management tools — and how to choose
It feels like just yesterday that we were promised that cloud servers cost just pennies. You could rent a rack with the spare change behind the sofa cushions and have money left for ice cream. Those days are long gone. When the monthly cloud bill arrives, CFOs are hitting the roof. Developer teams are learning […]
FBI Warns Organizations of Dual Ransomware, Wiper Attacks
The FBI warns organizations of cyberattacks that employ multiple ransomware families or deploy dormant data wipers. The post FBI Warns Organizations of Dual Ransomware, Wiper Attacks appeared first on SecurityWeek.
Johnson Controls Hit by Ransomware
Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company. The post Johnson Controls Hit by Ransomware appeared first on SecurityWeek.
US State Department Says 60,000 Emails Taken in Alleged Chinese Hack
The US State Department said that hackers took around 60,000 emails in an attack which Microsoft has blamed on China. The post US State Department Says 60,000 Emails Taken in Alleged Chinese Hack appeared first on SecurityWeek.
Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
Progress Software ships patches for critical-severity flaws in its WS_FTP file transfer software and warns that a pre-authenticated attacker could wreak havoc on the underlying operating system. The post Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product appeared first on SecurityWeek.
Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
Verisoul, a company that has developed a SaaS platform for detecting and blocking fake users, has raised $3.25 million in seed funding. The post Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users appeared first on SecurityWeek.
Lumu Raises $30 Million for Threat Detection and Response Platform
Intrusion detection company Lumu has raised $30 million in a Series B funding round led by Forgepoint Capital. The post Lumu Raises $30 Million for Threat Detection and Response Platform appeared first on SecurityWeek.
Government Shutdown Could Bench 80% of CISA Staff
Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown. The post Government Shutdown Could Bench 80% of CISA Staff appeared first on SecurityWeek.
Moving From Qualitative to Quantitative Cyber Risk Modeling
Migrating to a quantitative cyber risk model of analysis allows for more accurate data, which leads to more informed decision-making. The post Moving From Qualitative to Quantitative Cyber Risk Modeling appeared first on SecurityWeek.
Cisco Warns of IOS Software Zero-Day Exploitation Attempts
Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks. The post Cisco Warns of IOS Software Zero-Day Exploitation Attempts appeared first on SecurityWeek.
Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains. The post Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits appeared first on SecurityWeek.
Sysdig Launches Realtime Attack Graph for Cloud Environments
Sysdig enhanced its existing CNAPP offering with a cloud attack graph, risk prioritization, attack path analysis, a searchable inventory, and complete agentless scanning. The post Sysdig Launches Realtime Attack Graph for Cloud Environments appeared first on SecurityWeek.
12 ‘best practices’ IT should avoid at all costs
What makes IT organizations fail? Often, it’s the adoption of what’s described as “industry best practices” by people who ought to know better but don’t, probably because they’ve never had to do the job. From establishing internal customers to instituting charge-backs to insisting on ROI, a lot of this advice looks plausible when viewed from […]
Qualcomm’s Cisco Sanchez on structuring IT for business growth
As senior vice president and CIO at Qualcomm, Cisco Sanchez leads a global IT organization laser focused on setting the company up to achieve scale and speed in a world of complexity. Sanchez’s organization was honored with a CIO 100 Award at this year’s CIO100 Symposium Awards and Event, recognizing the innovative work his team […]
Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor. The post Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor appeared first on SecurityWeek.
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies. The post Chinese Gov Hackers Caught Hiding in Cisco Router Firmware appeared first on SecurityWeek.
CISA Unveils New HBOM Framework to Track Hardware Components
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products. The post CISA Unveils New HBOM Framework to Track Hardware Components appeared first on SecurityWeek.
Gem Security Lands $23 Million Series A Funding
Israeli security startup Gem Security has raised a total of $34 million to tackle cloud threat detection and incident response. The post Gem Security Lands $23 Million Series A Funding appeared first on SecurityWeek.
Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk
Attackers can find tons of information on Tesla cars and their drivers by searching for misconfigured TeslaMate instances online. The post Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk appeared first on SecurityWeek.
Firefox 118 Patches High-Severity Vulnerabilities
Firefox 118 patches six high-severity vulnerabilities, including a memory leak potentially leading to sandbox escape. The post Firefox 118 Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Stolen GitHub Credentials Used to Push Fake Dependabot Commits
Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions. The post Stolen GitHub Credentials Used to Push Fake Dependabot Commits appeared first on SecurityWeek.
Google Open Sources Binary File Comparison Tool BinDiff
Google has released the source code of BinDiff, a binary file comparison tool popular within the security research community, on GitHub. The post Google Open Sources Binary File Comparison Tool BinDiff appeared first on SecurityWeek.
macOS 14 Sonoma Patches 60 Vulnerabilities
macOS 14 Sonoma has been officially released by Apple and the latest version of the operating system patches over 60 vulnerabilities. The post macOS 14 Sonoma Patches 60 Vulnerabilities appeared first on SecurityWeek.
Gen AI success starts with an effective pilot strategy
Generative artificial intelligence is all the rage, but how can enterprises actually harness the technology’s promise and implement it for value? What benefits can be expected and what challenges might arise? Gen AI is a relatively new tool for organizations and individual users. And while many CIOs might have a fairly solid understanding of the […]
A fluency in business and tech yields success at NATO
With the intricacies of the CIO role multiplying, there’s increased talk about having deft knowledge and understanding of both the business and technology in order to contemplate and process next moves as a leader. In Manfred Boudreaux-Dehmer’s case as the first CIO of NATO, he has a unique perspective of soon to be 32 nations […]
New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
GPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip. The post New GPU Side-Channel Attack Allows Malicious Websites to Steal Data appeared first on SecurityWeek.
Oracle bolsters distributed cloud, AI strategy with new Mexico cloud region
Oracle has partnered with telecommunications service provider Telmex-Triara to open a second region in Mexico in an effort to keep expanding its data center footprint as it eyes more revenue from AI and generative AI-based workloads. Earlier this month, the company said it expects cloud revenue to grow 29% to 31% in the second quarter […]
Zero Trust: Understanding the US government’s requirements for enhanced cybersecurity
The concept of Zero Trust has gained significant traction in recent years, as organizations look to enhance their cybersecurity defenses and safeguard their digital assets. The US government has been at the forefront of promoting this approach, with a series of guidelines and requirements that companies must adhere to. In this blog, I will explore some of […]
How to ignite innovation and empower more sustainable solutions
Some moments in life are indelibly etched in our memory. I will never forget one evening several years ago. In fact, I can point to the chair where I sat when it happened. My wife, three children, and I were eating dinner together. Suddenly, an idea sparked in my brain. I grabbed a pencil and […]
Microsoft Adding New Security Features to Windows 11
Microsoft announced that the latest Windows 11 update (23H2) will bring more support for passkeys and several new security features. The post Microsoft Adding New Security Features to Windows 11 appeared first on SecurityWeek.
SAP prepares to add Joule generative AI copilot across its apps
By year-end, users of a couple of SAP applications should have the option to ask generative AI copilot, Joule, to help with their work — and the company plans to roll the feature out across all its applications one by one in the years to come. Clicking on a dedicated button in compatible SAP applications […]
Mitigating mayhem in a complex hybrid IT world
We’ve all seen the insurance commercials: Mayhem is everywhere. When it strikes in the consumer world of insurance, you want the right people on your side and the right plan to navigate a way forward. The same can be said about IT. When a system begins to break down, the most important thing is ending […]
Swiss energy services company uses machine learning to see the future
If you want to look into the future, sometimes you have to be able to predict it. Swiss energy services company IWB has a vision of a world with a fully renewable, climate-friendly energy supply. Not long ago, though, that goal seemed difficult to conceptualize. For many years, IWB’s distribution grid supplied customers with electricity exclusively […]
How AI can deliver eye-opening insights for IT
No matter what your newsfeed may be, it’s likely peppered with articles about the wonders of artificial intelligence. And rightly so. But even as we remember 2023 as the year when generative AI went ballistic, AI and its ML (machine learning) sidekick have been quietly evolving over several years to yield eye-opening insights and problem-solving […]
5 steps we can take to address the cyber skills shortage
Depending upon which research report you read, we have a shortage of somewhere around 3.4 million or 3.5 million individuals worldwide2. But we are not the only industry with a talent gap. The medical industry, for example, is facing a shortage of more than 10 million physicians worldwide3. The skills shortage creates challenges, of course. […]
UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor
UAE-linked APT group Stealth Falcon has used the new Deadglyph backdoor in an attack targeting a governmental entity in the Middle East. The post UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor appeared first on SecurityWeek.
Sony Investigating After Hackers Offer to Sell Stolen Data
Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data. The post Sony Investigating After Hackers Offer to Sell Stolen Data appeared first on SecurityWeek.
The CISO Carousel and its Effect on Enterprise Cybersecurity
CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security. The post The CISO Carousel and its Effect on Enterprise Cybersecurity appeared first on SecurityWeek.
Xenomorph Android Banking Trojan Targeting Users in US, Canada
The Xenomorph Android banking trojan can now mimic financial institutions in the US and Canada and is also targeting crypto wallets. The post Xenomorph Android Banking Trojan Targeting Users in US, Canada appeared first on SecurityWeek.
$200 Million in Cryptocurrency Stolen in Mixin Network Hack
Mixin Network suspends deposits and withdrawals after hackers steal $200 million in digital assets from its centralized database. The post $200 Million in Cryptocurrency Stolen in Mixin Network Hack appeared first on SecurityWeek.
6 IT rules worth breaking — and how to get away with it
There comes a time in every IT leader’s life when a key decision must be made: whether to follow an established rule or, as a matter of necessity, break precedent and embark on an alternate course. Management rules typically exist to enable faultless decision-making, set a foundation for consistent operation, and provide protection from risk, […]
8 questions CIOs should ask to prime their business for gen AI
Companies are now recognizing the work ahead of them to get their data, people, and processes ready to capitalize on gen AI’s potential. In fact, insights from a recent Accenture survey found that nearly all (99%) executives said they plan to amplify their investments in the technology. So leaders will need to radically re-think how work gets […]
Rediscovering the value of information
In his dissertation at Stanford in 1976, smartphone pioneer and founder and CEO of General Magic Marc Porat correctly prophesied that the future would be defined by “information machines, information workers, and information companies.” Today, there is general consensus that we live in an “Information Society” and work in an “Information Economy.” What is surprising […]
Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
A stealthy APT known as Gelsemium has been observed targeting a government entity in Southeast Asia for persistence and intelligence collection. The post Stealthy APT Gelsemium Seen Targeting Southeast Asian Government appeared first on SecurityWeek.
Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
Kosi Goodness Simon-Ebo, a Nigerian national, pleaded guilty in a US court to his involvement in a million-dollar BEC fraud scheme. The post Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role appeared first on SecurityWeek.
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
Nearly 900 US schools are impacted by the MOVEit hack at the educational nonprofit National Student Clearinghouse. The post 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse appeared first on SecurityWeek.
City of Dallas Details Ransomware Attack Impact, Costs
City of Dallas has approved an $8.5 million budget to restore systems following a Royal ransomware attack in May 2023. The post City of Dallas Details Ransomware Attack Impact, Costs appeared first on SecurityWeek.
10 digital transformation questions every CIO must answer
Digital transformation has become an essential part of business success. Yet, organizations still struggle with getting it right. According to TEKsystems’ 2023 State of Digital Transformation, 41% of organizations’ digital transformation (DX) initiatives have failed to achieve their desired outcomes. Another study, the 2023 State of the Intelligent Information Management Industry, turned up similar numbers, […]
Rockwell Automation makes shift to ‘as-a-service’ model
In the digital era, few companies are safe from disruption — even highly innovative organizations like industrial automation giant Rockwell Automation. That’s why, in the summer of 2021, Chris Nardecchia, SVP and chief digital and information officer, set about enabling a transformation that would change Rockwell’s business before it lost ground to a new class […]
In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
A critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers. The post In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover appeared first on SecurityWeek.
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks. The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek.
Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
Egyptian opposition politician Ahmed Altantawy was targeted with spyware after announcing a presidential bid, security researchers reported The post Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware appeared first on SecurityWeek.
In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event. The post In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking appeared first on SecurityWeek.
China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
Chinese state-sponsored threat groups have targeted telecoms, financial and government organizations in Africa as part of soft power efforts. The post China’s Offensive Cyber Operations in Africa Support Soft Power Efforts appeared first on SecurityWeek.
Air Canada Says Employee Information Accessed in Cyberattack
Canada’s largest airline says the personal information of some employees was accessed in a recent cyberattack. The post Air Canada Says Employee Information Accessed in Cyberattack appeared first on SecurityWeek.
BIND Updates Patch Two High-Severity DoS Vulnerabilities
The latest BIND security updates include patches for two high-severity DoS vulnerabilities that can be exploited remotely. The post BIND Updates Patch Two High-Severity DoS Vulnerabilities appeared first on SecurityWeek.
Faster Patching Pace Validates CISA’s KEV Catalog Initiative
CISA says Known Exploited Vulnerabilities Catalog has helped federal agencies significantly accelerate their vulnerability remediation pace. The post Faster Patching Pace Validates CISA’s KEV Catalog Initiative appeared first on SecurityWeek.
Mastercard preps for the post-quantum cybersecurity threat
The ecosystem of digital payments is a sitting duck. The billions of transactions we conduct online today are protected by what are called public-key encryption technologies. But as quantum computers become more powerful, they will be able to break these cryptographic algorithms. Such a cryptographically relevant quantum computer (CRQC) could deliver a devastating impact to […]
Top 15 data management platforms available today
Data management platform definition A data management platform (DMP) is a suite of tools that helps organizations to collect and manage data from a wide array of first-, second-, and third-party sources and to create reports and build customer profiles as part of targeted personalization campaigns. Deploying a DMP can be a great way for […]
SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
ICS/OT security budgets have decreased in 2023 compared to last year, according to a survey conducted by SANS. The post SANS Survey Shows Drop in 2023 ICS/OT Security Budgets appeared first on SecurityWeek.
Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
Apple has patched 3 zero-day vulnerabilities that have likely been exploited by a spyware vendor to hack iPhones. The post Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones appeared first on SecurityWeek.
Four questions for a casino InfoSec director
Recent cyberattacks at MGM Resorts and Caesars Entertainment have put the spotlight on cybersecurity practices at casinos – and the importance of educating employees on social engineering tactics. With the CSO50 Conference + Awards coming to the We-Ko-Pa Casino Resort in Fort McDowell, Arizona, October 2-4, we asked Bill Tsoukatos, Information Technology Director at Fort […]
New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
New and mysterious APT Sandman spotted targeting telcos in Europe and Asia as part of a cyberespionage campaign. The post New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware appeared first on SecurityWeek.
Four Leadership Motions make leading transformative work easier
Have you ever been tasked to lead a cross-functional project at work? You may have encountered multiple stakeholders–all believing that their viewpoint is the most valuable–competing to have their own needs met instead of collaborating to make progress. My business partner and wife, Janice Fraser, and I have seen this play out countless times in […]
Every Network Is Now an OT Network. Can Your Security Keep Up?
Many previously isolated OT networks, like manufacturing, processing, distribution, and inventory management, have now been woven into larger IT networks. The post Every Network Is Now an OT Network. Can Your Security Keep Up? appeared first on SecurityWeek.
Navigating the Digital Frontier in Cybersecurity Awareness Month 2023
ZTNA stands out as a solution that enables organizations to minimize their attack surface while ensuring the productivity and security of their remote workforce. The post Navigating the Digital Frontier in Cybersecurity Awareness Month 2023 appeared first on SecurityWeek.
TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
TransUnion denies suffering a breach after a hacker publishes 3GB of data allegedly stolen from the credit reporting firm. The post TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data appeared first on SecurityWeek.
Legit Security Raises $40 Million in Series B Financing
Legit Security raises $40 million in a Series B funding round led by CRV to help organizations protect the software supply chain from attacks The post Legit Security Raises $40 Million in Series B Financing appeared first on SecurityWeek.
Cisco Boosting Cybersecurity Capabilities With $28 Billion Splunk Acquisition
Cisco has entered into a definitive agreement to acquire data analysis and security company Splunk in a deal valued at $28 billion. The post Cisco Boosting Cybersecurity Capabilities With $28 Billion Splunk Acquisition appeared first on SecurityWeek.
Atlassian Security Updates Patch High-Severity Vulnerabilities
Atlassian has released patches for multiple high-severity vulnerabilities in Jira, Confluence, Bitbucket, and Bamboo products. The post Atlassian Security Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
An automotive cybersecurity study shows that critical-risk vulnerabilities have decreased in the past decade. The post Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade appeared first on SecurityWeek.
UK’s New Online Safety Law Adds to Crackdown on Big Tech Companies
British lawmakers approved an ambitious but controversial new internet safety law with wide-ranging powers to crack down on digital and social media companies. The post UK’s New Online Safety Law Adds to Crackdown on Big Tech Companies appeared first on SecurityWeek.
Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks
The FBI and CISA are warning critical infrastructure organizations of ongoing Snatch ransomware attacks, which also involve data exfiltration. The post Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks appeared first on SecurityWeek.
6 deadly sins of enterprise architecture
Keeping the enterprise running has never been an easy task. The rise of software tools have made many parts of the workflow faster, smoother, and more consistent for everyone but those who have to keep the software running. It’s like the old line about a duck gliding along a pond: Everything above the water looks […]
The year’s top 10 enterprise AI trends — so far
The advent of gen AI changed everything, and the pace of that change is like nothing we’ve seen before. The potential impacts are reminiscent of the dawn of the Internet, and are likely to be just as transformative for businesses. According to McKinsey, gen AI is poised to add up to an annual $4.4 billion […]
Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
Omron has patched PLC and engineering software vulnerabilities discovered by Dragos during the analysis of ICS malware. The post Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis appeared first on SecurityWeek.
MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks
MGM Resorts brought its computer systems back online on September 20th after ransomware disrupted operations for 10 days. The post MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks appeared first on SecurityWeek.
CIOs worry about Gen AI – for all the right reasons
Many CIOs are wringing their hands over generative AI. No, the apocalyptic visions of the groundbreaking new technology replacing us – even destroying us – aren’t keeping them up at night. Rather, they’re worried about how best to arm their employees as quickly and safely as possible with what could turn out to be the […]
How Zero Trust can help align the CIO and CISO
The role of the CIO (Chief Information Officer) and CISO (Chief Information Security Officer) have become increasingly important in recent years as organizations place more emphasis on digital transformation and information security. While both positions are crucial in their own way, the top priorities for CIO and CISO can often differ. In this article, we […]
So, you’re ready to invest in Universal ZTNA. Here’s what you should know
If you’ve recently attended an industry event or read the daily news digest from your go-to trade publication, there’s no way you haven’t heard about Universal Zero Trust Network Access (ZTNA). There’s a lot of hype around this offering, so much so that Gartner® included Universal ZTNA in its recent Hype CycleTM for Zero Trust Networking, 2023 report, which profiles […]
NVIDIA and VMware make AI accessible to enterprises with full-stack accelerated computing
Enterprises are increasingly realizing the impact and value AI has on their overall digital transformation strategies. For NVIDIA, AI is at the core of digital transformation and business growth. With new technology, collaboration, and accelerated computing, AI is poised to enable businesses to make better decisions faster than ever. “NVIDIA is all-in on AI, whether […]
Intel Launches New Attestation Service as Part of Trust Authority Portfolio
Intel announces general availability of attestation service that is part of Trust Authority, a new portfolio of security software and services. The post Intel Launches New Attestation Service as Part of Trust Authority Portfolio appeared first on SecurityWeek.
Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement
Finnish authorities have seized the drugs marketplace Piilopuoti, which has been operating on the Tor network since May 2022. The post Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement appeared first on SecurityWeek.
Staying on Topic in an Off Topic World
Learning how to keep discussions on-topic is an important skill for security professionals to learn, and it can allow them to continue to improve their security programs. The post Staying on Topic in an Off Topic World appeared first on SecurityWeek.
ServiceNow boasts industry-first gen AI general availability with Vancouver release of Now
With the addition of Now Assist to the Vancouver release of its software platform, ServiceNow is embedding gen AI across the three major workflows it supports. Now Assist for IT Service Management, Customer Service Management, and HR Service Delivery add new text creation and summarization features and an interactive chatbot interface to help workers get […]
Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
Atos Unify product vulnerabilities could be exploited to cause disruption and reconfigure or backdoor the targeted system. The post Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems appeared first on SecurityWeek.
Discern Security Emerges From Stealth Mode With $3 Million in Funding
Policy management cybersecurity startup Discern Security on Tuesday emerged from stealth mode with $3 million in funding. The post Discern Security Emerges From Stealth Mode With $3 Million in Funding appeared first on SecurityWeek.
DHS Publishes New Recommendations on Cyber Incident Reporting
DHS has published a new set of recommendations to help federal agencies better report cyber incidents and protect critical infrastructure. The post DHS Publishes New Recommendations on Cyber Incident Reporting appeared first on SecurityWeek.
GitLab Patches Critical Pipeline Execution Vulnerability
GitLab has released security updates to address a critical-severity vulnerability allowing an attacker to run pipelines as another user. The post GitLab Patches Critical Pipeline Execution Vulnerability appeared first on SecurityWeek.
California Law Restricting Companies’ Use of Information From Kids Online Is Halted by Federal Judge
A federal judge has halted implementation of a California data collection law intended to protect the privacy of minors The post California Law Restricting Companies’ Use of Information From Kids Online Is Halted by Federal Judge appeared first on SecurityWeek.
5 signs your agile practices will lead to digital disaster
CIOs are under increasing pressure to deliver more digital innovations faster and more efficiently. Business leaders expect IT to develop new products, improve customer experiences, automate workflows, and deliver new artificial intelligence capabilities. To do so, CIOs must continuously improve their product management, program management, and delivery capabilities to wow customers and deliver competitive advantages, […]
Analyzing the business-case approach Perdue Farms takes to derive value from data
Martha Heller: What is the transformation currently underway at Perdue Farms? Mark Booth: We have a growth strategy to improve our business, and to support that, we’re driving a transformation in technology and business processes. We’ve been replacing our old systems, some of which are more than 20 years old, and this has been going […]
How Mapfre gets cloud to coexist with its tech model ambitions
With 90 years of history, Mapfre is one of the giants of the Spanish insurance sector. The multinational is present in around 40 countries, and closed its last financial year with more than €640 million in profit. And in charge of the group’s technological strategy and digitalization processes is global CIO Vanessa Escrivá. “The personalization of services and […]
SASE Firm Cato Networks Raises $238 Million at $3 Billion Valuation
SASE company Cato Networks has raised $238 million in equity investment, bringing total funding to $773 million. The post SASE Firm Cato Networks Raises $238 Million at $3 Billion Valuation appeared first on SecurityWeek.
Oracle’s Fusion Cloud CX, ERP, and SCM get generative AI features
Just months after partnering with large language model provider Cohere and unveiling its strategic plan for infusing generative AI features into its products, Oracle is making good on its promise at its annual CloudWorld conference this week in Las Vegas. Nearly all of Oracle’s Fusion Cloud suites — including Cloud Customer Experience (CX), Human Capital […]
UK Minister Warns Meta Over End-to-End Encryption
Britain’s interior minister warned Meta that out end-to-end encryption on its platforms must “not to come at a cost to our children’s safety”. The post UK Minister Warns Meta Over End-to-End Encryption appeared first on SecurityWeek.
CrowdStrike to Acquire Application Intelligence Startup Bionic
The cash-and-stock transaction provides capabilities for CrowdStrike to beef up its enterprise cloud security portfolio. The post CrowdStrike to Acquire Application Intelligence Startup Bionic appeared first on SecurityWeek.
HiddenLayer Raises Hefty $50M Round for AI Security Tech
Texas startup attracts major investor interest to build an MLMDR (machine learning detection and response) technology. The post HiddenLayer Raises Hefty $50M Round for AI Security Tech appeared first on SecurityWeek.
Venafi Leverages Generative AI to Manage Machine Identities
Venafi launched a proprietary generative AI model to help with the mammoth, complex, and expanding problem of managing machine identities. The post Venafi Leverages Generative AI to Manage Machine Identities appeared first on SecurityWeek.
‘Cybersecurity Incident’ Hits ICC
The International Criminal Court was hit by what it called “anomalous activity” regarding its IT systems and that it was currently responding to this “cybersecurity incident.” The post ‘Cybersecurity Incident’ Hits ICC appeared first on SecurityWeek.
The future of ERP: With composable ERP, interoperability and integration are not optional
Analysis There are many facets to interoperability and integration, and any of them can derail your success with composable ERP. Interoperability embodies the ability of solution components to exchange and use data. Not only must the ability to integrate (pass data back and forth) exist, but data must be usable by the various components — […]
Clorox Blames Damaging Cyberattack for Product Shortage
Clorox says the recent cyberattack has been contained, but production is still not fully restored and there is a short supply of products. The post Clorox Blames Damaging Cyberattack for Product Shortage appeared first on SecurityWeek.
Alcion Raises $21 Million for Backup-as-a-Service Platform
Data management startup Alcion has raised $21 million in a Series A funding round led by Veeam to expand its market presence. The post Alcion Raises $21 Million for Backup-as-a-Service Platform appeared first on SecurityWeek.
Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices
New versions of Pakistan-linked APT Transparent Tribe’s CapraRAT Android trojan mimic the appearance of YouTube. The post Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices appeared first on SecurityWeek.
Thousands of Juniper Appliances Vulnerable to New Exploit
VulnCheck details a new fileless exploit targeting a recent Junos OS vulnerability that thousands of devices have not been patched against. The post Thousands of Juniper Appliances Vulnerable to New Exploit appeared first on SecurityWeek.
Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products
Trend Micro has patched CVE-2023-41179, an Apex One zero-day code execution vulnerability that has been exploited in attacks. The post Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products appeared first on SecurityWeek.
Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd
SecurityWeek interviews Casey Ellis, founder, chairman and CTO at Bugcrowd, best known for operating bug bounty programs for organizations. The post Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd appeared first on SecurityWeek.
Chinese Hackers Target North American, APAC Firms in Web Skimmer Campaign
A Chinese threat actor has been observed targeting organizations in multiple industries to deploy web skimmers on online payment pages. The post Chinese Hackers Target North American, APAC Firms in Web Skimmer Campaign appeared first on SecurityWeek.
12 most popular AI use cases in the enterprise today
Organizations all around the globe are implementing AI in a variety of ways to streamline processes, optimize costs, prevent human error, assist customers, manage IT systems, and alleviate repetitive tasks, among other uses. And with the rise of generative AI, artificial intelligence use cases in the enterprise will only expand. To gain a better understanding […]
The DX roadmap: David Rogers on driving digital transformation success
Although enterprises acknowledge the importance of digital transformation in the current environment of flux, few succeed in their digital initiatives. A major reason so many digital transformation programs fail is that enterprises view them as technology problems rather than the organizational challenges they truly are. Columbia University professor David Rogers, author of Digital Transformation Playbook […]
CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks
CISA says Owl Labs video conferencing device vulnerabilities that require the attacker to be in close range exploited in attacks The post CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks appeared first on SecurityWeek.
Cybersecurity M&A Roundup for First Half of September 2023
A dozen cybersecurity-related M&A deals were announced in the first half of September 2023. The post Cybersecurity M&A Roundup for First Half of September 2023 appeared first on SecurityWeek.
Inside Intermax’s ambitious journey to be a sustainable cloud leader
A fleet of green data centers and a well-advanced plan to stop using fossil-fuel powered vehicles are among the key steps driving Intermax’s mission to be the most sustainable cloud services provider in the Netherlands. Ludo Baauw – founder, corporate social responsibility lead and CEO of Intermax Group, sees firsthand the direct impact that sustainability […]
The ‘Great Retraining’: IT upskills for the future
Maggie Chavarin is no stranger to reinventing her career. She joined Synchrony more than a decade ago in a Merchants Services role that allowed her to be a work-from-home mom. When the timing was right, Chavarin honed her skills to do training and coaching work and eventually got her first taste of technology as a […]
Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages
Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The post Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages appeared first on SecurityWeek.
Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates
Google Chromebooks released from 2021 and onwards will receive automatic updates, including security patches, for 10 years. The post Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates appeared first on SecurityWeek.
OT/IoT and OpenTitan, an Open Source Silicon Root of Trust
A silicon root of trust (S-RoT) is designed to provide security to those parts of a device that can be attacked by a third party. The question remains, however: can the S-RoT itself be attacked? The post OT/IoT and OpenTitan, an Open Source Silicon Root of Trust appeared first on SecurityWeek.
Canadian Government Targeted With DDoS Attacks by Pro-Russia Group
The pro-Russian cybercrime group tracked as NoName057(16) is launching DDoS attacks against Canadian organizations. The post Canadian Government Targeted With DDoS Attacks by Pro-Russia Group appeared first on SecurityWeek.
Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
Fortinet has released patches for a high-severity cross-site scripting vulnerability impacting its enterprise firewalls and switches. The post Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products appeared first on SecurityWeek.
Oracle updates Fusion Cloud suites to aid healthcare firms
Oracle has updated several applications within its various Fusion Cloud suites in order to align them toward supporting use cases for its healthcare enterprise customers. These updates, which include changes to multiple applications within its Enterprise Resource Planning (ERP), Human Capital Management (HCM), Enterprise Performance Management (EPM), and Supply Chain and manufacturing (SCM) Fusion Clouds, […]
Two Vegas Casinos Fell Victim to Cyberattacks, Shattering the Image of Impenetrable Casino Security
MGM Resorts and Caesars Entertainment hit by cyberattacks, shattering the image of impenetrable casino security. The post Two Vegas Casinos Fell Victim to Cyberattacks, Shattering the Image of Impenetrable Casino Security appeared first on SecurityWeek.
CISA Releases New Identity and Access Management Guidance
CISA has released new guidance on how federal agencies can integrate identity and access management into their ICAM architecture. The post CISA Releases New Identity and Access Management Guidance appeared first on SecurityWeek.
TikTok Is Hit With $368 Million Fine Under Europe’s Strict Data Privacy Rules
European regulators slapped TikTok with a $368 million fine for failing to protect children’s privacy, the first time that the popular short video-sharing app has been punished for breaching Europe’s strict data privacy rules. The post TikTok Is Hit With $368 Million Fine Under Europe’s Strict Data Privacy Rules appeared first on SecurityWeek.
Verizon accelerates 5G rollouts with automation platform
For consumers and enterprises alike, 5G offers the tantalizing promise of faster speeds, lower latency, and greater possibilities for unlocking the power of edge computing — but only if your devices can connect. To that end, New York-based telecom giant Verizon has developed a platform for migrating millions of customers to its next-generation networks such […]
ICS Security Firm Dragos Raises $74 Million in Series D Extension
ICS/OT security firm Dragos has raised $74 million in a Series D extension funding round that brings the total to $440 million. The post ICS Security Firm Dragos Raises $74 Million in Series D Extension appeared first on SecurityWeek.
Imagine Making Shadowy Data Brokers Erase Your Personal Info. Californians May Soon Live the Dream
California state Legislature has passed the Delete Act to allow individuals to order data brokers to delete their personal data — and to cease acquiring and selling it in the future. The post Imagine Making Shadowy Data Brokers Erase Your Personal Info. Californians May Soon Live the Dream appeared first on SecurityWeek.
VMware Cross-Cloud Managed Services unleash partner capabilities to help customers become cloud smart
In a rapidly evolving business landscape, where innovation and cost efficiency are paramount, the launch of VMware Cross-Cloud managed services at VMware Explore 2023 Las Vegas is a pivotal moment. Announced in April at VMware’s Partner Leadership Summit, VMware Cross-Cloud managed services redefine the way organizations address the complexities of multi-cloud, offering unparalleled flexibility, scalability […]
Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty
Russian hacker Dariy Pankov has pleaded guilty to computer fraud and now faces a maximum penalty of five years in federal prison. The post Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty appeared first on SecurityWeek.
Pentagon’s 2023 Cyber Strategy Focuses on Helping Allies
The Pentagon has published an unclassified summary of its 2023 Cyber Strategy, outlining both offensive and defensive plans. The post Pentagon’s 2023 Cyber Strategy Focuses on Helping Allies appeared first on SecurityWeek.
California Settles With Google Over Location Privacy Practices for $93 Million
Search giant Google has agreed to a $93 million settlement with the state of California over its location-privacy practices. The post California Settles With Google Over Location Privacy Practices for $93 Million appeared first on SecurityWeek.
In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off
Noteworthy stories that might have slipped under the radar: China blames NSA for a cyberattack, AI jailbreaks, and Netography spin-off. The post In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off appeared first on SecurityWeek.
MGM Hackers Broadening Targets, Monetization Strategies
The financially motivated UNC3944 group that hacked MGM has hit at least 100 organizations, mainly in the US and Canada. The post MGM Hackers Broadening Targets, Monetization Strategies appeared first on SecurityWeek.
Deduce Raises $9 Million to Fight AI-Generated Identity Fraud
Deduce has raised $9 million in a new funding round led by Freestyle Capital, to launch its AI-generated identity fraud prevention platform. The post Deduce Raises $9 Million to Fight AI-Generated Identity Fraud appeared first on SecurityWeek.
Transforming the leadership trajectory for women in tech
Women leaders are switching jobs at rates far higher than their male counterparts as they demand more from their employers and show they’re willing to go elsewhere to get it. That trend is substantiated by recent research from McKinsey. Given this reality – and the business world’s drive to create more diverse and inclusive leadership […]
4 key steps for optimizing your IT services portfolio
From the CEO’s perspective, an optimized IT services portfolio maximizes cost efficiency, flexibility, and scalability. It enables the organization to focus on its core business while managing risks and accelerating time-to-market for new products and services. From the CIO’s perspective, an optimized IT services portfolio ensures strategic alignment with business goals, enabling the organization to […]
Salesforce to hire 3,300 staffers as it eyes generative AI opportunity
After laying off 8,000 staffers in January, Salesforce is now planning to hire at least 3,300 employees. The plan includes rehiring some of the former employees. Salesforce is looking at a large recruitment drive as it plans to invest in new areas such as generative AI and push some of its popular products, such […]
Google Feature Blamed for Retool Breach That Led to Cryptocurrency Firm Hacks
A recently introduced Google account sync feature has been blamed after sophisticated hackers attacked 27 cryptocurrency firms via Retool. The post Google Feature Blamed for Retool Breach That Led to Cryptocurrency Firm Hacks appeared first on SecurityWeek.
Inside Nasdaq’s AI-fueled pivot to SaaS provider
No doubt, Nasdaq is bullish on generative AI. Brad Peterson, the company’s CIO and CTO, has been implementing AI for more than a decade and is all in on the promised innovation afforded by generative AI. “We are committed to enhancing the liquidity, transparency, and integrity of the world’s economy and AI will continue to […]
Microsoft, Oracle deliver direct access to Oracle database services on Azure
Looking ahead to a future in which customers will move their entire data center workloads to the cloud, Microsoft and Oracle on Thursday expanded their partnership. Oracle is collocating its Oracle database hardware (including Oracle Exadata) and software in Microsoft Azure data centers, giving customers direct access to Oracle database services running on Oracle Cloud […]
A Second Major British Police Force Suffers a Cyberattack in Less Than a Month
Personal details of thousands of police officers and staff from Greater Manchester Police have been hacked from a company that makes identity cards. The post A Second Major British Police Force Suffers a Cyberattack in Less Than a Month appeared first on SecurityWeek.
Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database
The hijacked data includes driver’s license numbers and/or social security numbers from a Caesars Entertainment loyalty database. The post Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database appeared first on SecurityWeek.
The big speed bump on the road to GenAI
It seems that every event I moderate, regardless of the topic, will devolve into a discussion of generative AI and the excitement of intelligent systems. The enthusiasm for this innovative technology is irrepressible. Ideas fly around, grandiose plans are discussed, and everyone can’t wait to get going. However, as the discussion moves back to more […]
A One-Two Punch for Security ROI
Cost avoidance is a powerful way to kick-off ROI discussions. However, to quickly move beyond objections, shifting to a more tangible approach to calculate ROI can help. The post A One-Two Punch for Security ROI appeared first on SecurityWeek.
ICS Computers in Western Countries See Increasing Attacks: Report
ICS computers in the Western world have been increasingly attacked, but the percentages are still small compared to other parts of the globe. The post ICS Computers in Western Countries See Increasing Attacks: Report appeared first on SecurityWeek.
Kubernetes Vulnerability Leads to Remote Code Execution
A high-severity vulnerability can be exploited to execute code remotely on any Windows endpoint within a Kubernetes cluster. The post Kubernetes Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery
Orca Security details eight XSS vulnerabilities in Azure HDInsight that could lead to information leaks, session hijacking, and payload delivery. The post Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery appeared first on SecurityWeek.
LockBit Affiliate Deploys New 3AM Ransomware in Recent Attack
A LockBit affiliate has deployed the new 3AM ransomware family on a victim’s network, after LockBit’s execution was blocked. The post LockBit Affiliate Deploys New 3AM Ransomware in Recent Attack appeared first on SecurityWeek.
North Korean Hackers Steal $53 Million in Cryptocurrency From CoinEx
North Korean hackers stole $53 million in cryptocurrency from crypto exchange CoinEx after the hot wallet private key was leaked. The post North Korean Hackers Steal $53 Million in Cryptocurrency From CoinEx appeared first on SecurityWeek.
Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack
A known ransomware gang has taken credit for the highly disruptive cyberattack on MGM Resorts, and the company has yet to restore impacted systems. The post Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack appeared first on SecurityWeek.
What is a data engineer? An analytics role in high demand
What is a data engineer? Data engineers design, build, and optimize systems for data collection, storage, access, and analytics at scale. They create data pipelines that convert raw data into formats usable by data scientists, data-centric applications, and other data consumers. Their primary responsibility is to make data available, accessible, and secure to stakeholders. This […]
CIO Brett Lansing’s five-point approach to building followership
Your strategy’s only as strong as it is implemented well. And you can implement it well only to the extent that your followership is strong. Your followership is the most potent circle of your professional network, and it, perhaps more than anything else, empowers you to influence and implement, with or without authority. Brett Lansing, […]
Tech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in Washington
Tech executives discussed the idea of government regulations for artificial intelligence (AI) at an unusual closed-door meeting in the U.S. Senate on September 13th. The post Tech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in Washington appeared first on SecurityWeek.
DORA and its impact on data sovereignty
According to the European Commission, no less, ‘data is immensely valuable to all organisations, a significant resource for the digital economy and the ‘cornerstone of our EU industrial competitiveness’. Hardly surprising when you consider the data economy is projected to deliver more than €829b and nearly 11m jobs to the region by 2025. Capitalising on […]
AuthMind Scores $8.5M Seed Funding for ITDR Tech
Maryland startup scores $8.5 million in seed-stage funding to compete in the Identity Threat Detection and Response (ITDR) category. The post AuthMind Scores $8.5M Seed Funding for ITDR Tech appeared first on SecurityWeek.
Distributed Energy Resources Get Cybersecurity Boost with $39M DOE Funding
The US Department of Energy gives $39 million in funding for nine projects to advance the cybersecurity of distributed energy resources. The post Distributed Energy Resources Get Cybersecurity Boost with $39M DOE Funding appeared first on SecurityWeek.
CISOs and Board Reporting – an Ongoing Problem
Boards often complain they receive overly-technical reports from management teams that fail to put governance in business and financial terms. The post CISOs and Board Reporting – an Ongoing Problem appeared first on SecurityWeek.
Why your CEO needs to watch a coding video
By Bryan Kirschner, Vice President, Strategy at DataStax As a software developer and coding instructor, Ania Kubow is always informative and engaging. But watching her 30-minute video on “Vector Embeddings for Beginners” will be time well-spent for many people who have no intention of ever doing hands-on- coding. Specifically, it’s a must-watch for anyone who […]
US Agencies Publish Cybersecurity Report on Deepfake Threats
CISA, FBI and NSA have published a cybersecurity report on deepfakes and recommendations for identifying and responding to such threats. The post US Agencies Publish Cybersecurity Report on Deepfake Threats appeared first on SecurityWeek.
How Next-Gen Threats Are Taking a Page From APTs
Cybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime. The post How Next-Gen Threats Are Taking a Page From APTs appeared first on SecurityWeek.
CISA Releases Open Source Software Security Roadmap
CISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government. The post CISA Releases Open Source Software Security Roadmap appeared first on SecurityWeek.
China Says No Law Banning iPhone Use in Govt Agencies
China said it was following media reports about suspected security issues with iPhones but insisted there was no ban on its officials using the devices The post China Says No Law Banning iPhone Use in Govt Agencies appeared first on SecurityWeek.
macOS Info-Stealer Malware ‘MetaStealer’ Targeting Businesses
The MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information. The post macOS Info-Stealer Malware ‘MetaStealer’ Targeting Businesses appeared first on SecurityWeek.
Airbus Launches Investigation After Hacker Leaks Data
Airbus has launched an investigation after a hacker claimed to have breached the company’s systems and leaked some business documents. The post Airbus Launches Investigation After Hacker Leaks Data appeared first on SecurityWeek.
Salesforce plans generative AI boost for ESG reporting with Net Zero Cloud
Generative AI will soon be everywhere — including in Salesforce’s Net Zero Cloud environmental, social, and governance (ESG) reporting tool. Salesforce will add new features to Net Zero Cloud to automate some aspects of preparing ESG reports — something investors and regulators are increasingly paying attention to — and later upgrading them with new generative […]
SecurityWeek to Host Cyber AI & Automation Summit
Virtual conference will explore cybersecurity use-cases for AI technology and the race to protect LLM algorithms from adversarial use. The post SecurityWeek to Host Cyber AI & Automation Summit appeared first on SecurityWeek.
CISA Offering Free Vulnerability Scanning Service to Water Utilities
CISA is offering a free vulnerability scanning service to water utilities to help them protect drinking water and wastewater systems against cyberattacks. The post CISA Offering Free Vulnerability Scanning Service to Water Utilities appeared first on SecurityWeek.
SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA
SAP has released patches for a critical vulnerability impacting multiple enterprise applications, including NetWeaver and S/4HANA. The post SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA appeared first on SecurityWeek.
10 mistakes that can tank IT innovation
Years into digital transformation, and decades into the IT function itself, many CIOs still fall short when it comes to innovation. Tech debt, budget constraints, and overloaded staff schedules are among the top reasons IT leaders cite for scuttled innovation attempts. Indeed, 50% of C-suite execs surveyed for a 2023 report on digital transformation from […]
New US CIO appointments, September 2023
Rite Aid promotes Christine Rose to CIO Christine Rose, Rite Aid Rite Aid Rite Aid, a full-service pharmacy, employs more than 6,300 pharmacists and operates over 2,300 retail pharmacy locations across 17 states. Rose joined Rite Aid in 2020 as the company’s SVP for enterprise technology solutions. She held previous roles at Align Technology, Kendra […]
Eliminate roles, not people: fine-tuning the talent search during times of change
Having joined Campbell’s in January 2022, Julia Anderson’s enterprise-wide responsibilities run from digital workplace services, IT platforms, and architecture, to cybersecurity oversight, business analytics, and transformation projects and programs. When she arrived, a business transformation was already underway. “There were two divisions structured and a central supply chain—very clear areas to partner with, but […]
After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery
After Apple and Google, Mozilla has also patched an image processing-related zero-day vulnerability exploited by spyware. The post After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery appeared first on SecurityWeek.
The extraordinary synergy of wi-fi and 5G in enterprise networks
It’s Wednesday afternoon. A severe thunderstorm is forecasted to roll through your suburb in the next hour. As it nears, your electricity goes out. Fortunately, your cell phone still works. That’s because the 5G technology powering your phone remains intact, giving you a reassuring sense of security and an open line of communication with weather updates, friends and family during […]
The CTO’s newest hat is green
Can a company embrace digital innovation and become more sustainable at the same time? In the past, business leaders sometimes accepted the idea that being on the leading edge of technology came at a price to the environment. And those who made “going green” a top goal resigned themselves to thinking that they would need […]
Zero Day Summer: Microsoft Warns of Fresh New Software Exploits
Microsoft’s struggles with zero-day exploits rolled into a new month with a fresh Patch Tuesday warning about malware attacks in the wild. The post Zero Day Summer: Microsoft Warns of Fresh New Software Exploits appeared first on SecurityWeek.
Intel Capital Bets on Zenity for Low-Code/No-Code Security
Israeli security startup Zenity banks $16.5 million in new venture capital funding to work on ‘low-code/no-code’ security technology. The post Intel Capital Bets on Zenity for Low-Code/No-Code Security appeared first on SecurityWeek.
Artificial Intelligence in Cybersecurity: Good or Evil?
As I reflect on the biggest technology innovations during my career―the Internet, smartphones, social media―a new breakthrough deserves a spot on that list. Generative AI has taken the world seemingly by storm, impacting everything from software development, to marketing, to conversations with my kids at the dinner table. At the recent Six Five Summit, I […]
Salesforce readies Einstein Copilot to unleash generative AI across its offerings
The hype around generative AI since ChatGPT’s launch in November 2022 has driven some software vendors to rush to incorporate the technology into their applications. Despite being an early adopter of AI in general, Salesforce has taken a more measured approach to generative AI. Following its announcement of Einstein GPT in March, the company has […]
Beyond.pl: Addressing sovereign cloud needs in Poland and beyond
Wojciech Stramski, CEO of Beyond.pl a data center, cloud, and Managed Services provider, is quick to point out that enterprises’ data sovereignty requirements are growing in scope. As cloud computing becomes increasingly ubiquitous with business success, ensuring that data not only resides within sovereign jurisdiction, but that it is also subject to applicable laws, is […]
Adobe Says Critical PDF Reader Zero-Day Being Exploited
Adobe raises an alarm for new in-the-wild zero-day attacks hitting users of its widely deployed Adobe Acrobat and Reader product. The post Adobe Says Critical PDF Reader Zero-Day Being Exploited appeared first on SecurityWeek.
Zero Trust Security for NIS2 compliance: What you need to know
Over 100,00 organizations are expected to be impacted by Network and Information Security Directive (NIS2) cybersecurity standards that European Union (EU) member states must implement by October 2024. [i] NIS2 was adopted in early 2023 as a response to increasing digitalization and rising cybersecurity threats stemming from the COVID-19 pandemic and the Russia-Ukraine War. NIS2 regulations […]
Thousands of Code Packages Vulnerable to Repojacking Attacks
Despite GitHub’s efforts to prevent repository hijacking, researchers continue finding new attack methods, and thousands of code packages. The post Thousands of Code Packages Vulnerable to Repojacking Attacks appeared first on SecurityWeek.
Vector Embeddings – Antidote to Psychotic LLMs and a Cure for Alert Fatigue?
Vector embeddings – data stored in a vector database – can be used to minimize hallucinations from a GPT-style large language model AI system (such as ChatGPT) and perform automated triaging on anomaly alerts. The post Vector Embeddings – Antidote to Psychotic LLMs and a Cure for Alert Fatigue? appeared first on SecurityWeek.
Iranian Cyberspies Deployed New Backdoor to 34 Organizations
Iran-linked cyberespionage group Charming Kitten has infected at least 34 victims in Brazil, Israel, and UAE with a new backdoor. The post Iranian Cyberspies Deployed New Backdoor to 34 Organizations appeared first on SecurityWeek.
ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products
ICS Patch Tuesday: Siemens has released 7 new advisories and Schneider Electric has released 1 new advisory. The post ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products appeared first on SecurityWeek.
China-Linked ‘Redfly’ Group Targeted Power Grid
Symantec warns that the Redfly APT appears to be focusing exclusively on targeting critical national infrastructure organizations. The post China-Linked ‘Redfly’ Group Targeted Power Grid appeared first on SecurityWeek.
Oracle expects data-hungry generative AI to drive revenue growth
Oracle is betting on high demand for data, driven by generative AI-related workloads, to boost revenue in upcoming quarters as enterprises look to adopt generative AI for productivity and efficiency. “Generative AI is changing everything. As of today, AI development companies have signed contracts to purchase more than $4 billion of AI training capacity in […]
Finding Your Way in Cloud Security
The next time you see CNAPP, CASB, WAAS, CSPM or many of the other phrases, it will be helpful to take a deep breath and realize enterprise security has never been a binary one or zero. The post Finding Your Way in Cloud Security appeared first on SecurityWeek.
Cleafy Raises €10 Million for Online Banking Fraud Prevention Platform
Real-time online banking fraud prevention firm Cleafy has raised €10 million ($10.7 million) in a funding round led by United Ventures. The post Cleafy Raises €10 Million for Online Banking Fraud Prevention Platform appeared first on SecurityWeek.
Court Convicts Portuguese Hacker in Football Leaks Trial and Gives Him a 4-Year Suspended Sentence
Portuguese hacker behind “Football Leaks” convicted by a Lisbon court of nine crimes and given a suspended prison sentence of four years. The post Court Convicts Portuguese Hacker in Football Leaks Trial and Gives Him a 4-Year Suspended Sentence appeared first on SecurityWeek.
7 dark secrets of generative AI
The stock prices are soaring. Everyone is still amazed by the way the generative AI algorithms can whip off some amazing artwork in any style and then turn on a dime to write long essays with great grammar. Every CIO and CEO has a slide or three in their deck ready to discuss how generative […]
Schneider Electric leverages AI to help develop employees’ careers
AI is coming into its own as a practical technology for helping companies with a range of initiatives, from improving customer experience to streamlining business processes. And, while the technology’s long-term impact on the workforce remains unclear, some companies, such as France-based Schneider Electric, are putting AI to work to aid employees in advancing their […]
DFIR Company Binalyze Raises $19 Million in Series A Funding
Estonian DFIR company Binalyze has raised $19 million in a Series A funding round to grow and improve its product. The post DFIR Company Binalyze Raises $19 Million in Series A Funding appeared first on SecurityWeek.
Google Patches Chrome Zero-Day Reported by Apple, Spyware Hunters
Google has released a Chrome 116 security update to patch CVE-2023-4863, the fourth Chrome zero-day vulnerability documented in 2023. The post Google Patches Chrome Zero-Day Reported by Apple, Spyware Hunters appeared first on SecurityWeek.
Managed services projections increase through 2023
In this report, the news about technology investments was surprisingly upbeat. Despite national news about increased costs, economic uncertainty, and more reports of technology firm layoffs, respondents indicated that they were planning to spend more IT budget in 2023, not less. A notable 51% of respondents said that their IT budgets would increase, compared with […]
MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down Systems
MGM Resorts confirms “cybersecurity incident” led to the shutdown of web sites and IT systems of hotels throughout the United States. The post MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down Systems appeared first on SecurityWeek.
US Marks 22 Years Since 9/11 Terrorist Attacks
One organization is hoping to transform the anniversary of 9/11 into a day of doing good. The post US Marks 22 Years Since 9/11 Terrorist Attacks appeared first on SecurityWeek.
Building digital fluency in the C-suite and beyond
When it comes to fostering digital literacy in the C-suite, Michael Seals literally wrote the book. At his company, anyway. In tandem with his job as chief digital officer and senior vice president of strategy at Hussman, Seals got a Ph.D. in business administration and wrote his dissertation on digital acuity and intelligence in “incumbent […]
The digital transformation of an island nation: how Bahrain rose to lead cloud adoption in the GCC Region
Bahrain EDB As cloud adoption grows, its impact on economies and businesses is starting to show that digital transformation can make good on the utopian promises of innovation and improved public services. Those who demand to see hard facts that prove the power of cloud should examine Bahrain. A new IDC study details the Kingdom’s […]
After Microsoft and X, Hackers Launch DDoS Attack on Telegram
Anonymous Sudan launches a DDoS attack against Telegram in retaliation for the suspension of their primary account on the platform. The post After Microsoft and X, Hackers Launch DDoS Attack on Telegram appeared first on SecurityWeek.
Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers
The personal information of more than 800,000 individuals was stolen from bookstore chain Dymocks in a cyberattack last week. The post Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers appeared first on SecurityWeek.
Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach
Cybercriminals breached an AP Stylebook website and obtained information on customers who were then targeted in phishing attacks. The post Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach appeared first on SecurityWeek.
FBI Blames North Korean Hackers for $41 Million Stake.com Heist
FBI says North Korean hacking group Lazarus has stolen $41 million in cryptocurrency from online betting platform Stake.com. The post FBI Blames North Korean Hackers for $41 Million Stake.com Heist appeared first on SecurityWeek.
Spies, Hackers, Informants: How China Snoops on the West
Some of the ways China has worked to spy on the West in recent years. The post Spies, Hackers, Informants: How China Snoops on the West appeared first on SecurityWeek.
What is SAFe? A framework for scaling business agility
Scaled Agile Framework (SAFe) explained The Scaled Agile Framework encompasses a set of principles, processes, and best practices that helps larger organizations adopt agile methodologies, such as Lean, Kanban, and Scrum, to deliver high-quality products and services faster. SAFe is particularly well-suited to complex projects that involve multiple large teams at the project, program, and […]
Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices
A researcher has found 7 vulnerabilities in Socomec UPS products that can be exploited to hijack and disrupt devices. The post Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices appeared first on SecurityWeek.
Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cybercrime
One of Myanmar’s biggest and most powerful ethnic minority militias arrested and repatriated more than 1,200 Chinese nationals allegedly involved in criminal online scam operations. The post Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cybercrime appeared first on SecurityWeek.
Governance for responsible AI: The easy things and the hard ones
By Charna Parkey and Steven Tiell, DataStax. Companies developing and deploying AI solutions need robust governance to ensure they’re used responsibly. But what exactly should they focus on? Based on a recent DataStax panel discussion, “Enterprise Governance in a Responsible AI World,” there are a few hard and easy things organizations should pay attention to […]
Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks
Cisco is warning of a zero-day vulnerability in Cisco ASA and FTD that can be exploited remotely, without authentication, in brute force attacks. The post Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks appeared first on SecurityWeek.
New Phishing Campaign Launched via Google Looker Studio
Check Point has observed a wave of phishing attacks launched via Google Looker Studio to steal credentials and funds from intended victims. The post New Phishing Campaign Launched via Google Looker Studio appeared first on SecurityWeek.
In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach
Noteworthy stories that might have slipped under the radar: LastPass vault hacking, Russia targets energy facility in Ukraine, NXP data breach. The post In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach appeared first on SecurityWeek.
Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap
Emsisoft urges its users to update anti-malware and other security products after signing them with an improperly issued digital certificate. The post Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap appeared first on SecurityWeek.
Is AI in the enterprise ready for primetime? Not yet.
Although bullish on the prospects for AI to automate many work activities, McKinsey acknowledges it’ll take several decades for this to happen at any scale. CIOs and other executive leaders should keep this in mind amid the hype and wild claims made by many vendors and consultants. There are a number of reasons why meaningful […]
J&J enlists AI to streamline joint replacement surgery
Operating rooms are a significant source of revenue for healthcare organizations — and a main contributor to costs. As such, any cost savings in operating rooms can have broad financial impact on a healthcare facility’s bottom line. One of the main reasons for the lower efficiency of operating rooms is the excessive amount of time taken […]
US, UK Sanction More Members of Trickbot Russian Cybercrime Group
The US and UK have announced sanctions against 11 more alleged members of the Russian cybercrime group Trickbot. The post US, UK Sanction More Members of Trickbot Russian Cybercrime Group appeared first on SecurityWeek.
US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities
APTs exploited vulnerabilities in Zoho ManageEngine and Fortinet VPNs to hack an aerospace organization in early January 2023. The post US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities appeared first on SecurityWeek.
Apple Patches Actively Exploited iOS, macOS Zero-Days
Apple pushes out an urgent point-update to its flagship iOS and macOS platforms to fix a pair of security defects being exploited in the wild. The post Apple Patches Actively Exploited iOS, macOS Zero-Days appeared first on SecurityWeek.
SAP to buy LeanIX to advance process optimization with AI
SAP has agreed to buy German enterprise architecture management specialist LeanIX, hoping its early adoption of AI will help with the massive task of migrating customers still using SAP’s legacy software on premises to the more modern S/4HANA in the cloud. LeanIX has around 1,000 customers for its EAM SaaS offering, its CEO André Christ […]
Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers
Google again catches a North Korean APT actor targeting security researchers with zero-days and rigged software tools. The post Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers appeared first on SecurityWeek.
How product-centric engineering has revolutionized Discover
A company’s journey to digital transformation heavily depends on the processes put in place to support the effort. You need the right people. You need the right technology. But without proper attention paid to the processes that support these — call it the third leg of the proverbial stool — the effort to modernize breaks […]
7 ways to ensure the success of product-centric reliability
As a fintech company, the reliability of our products and services is critical to ensuring that Discover® Financial Services customers can access their money, credit, and accounts when they need to. Like many other companies, Discover has adopted a product-centric approach where the responsibility for reliability sits with the product teams. My team at Discover […]
Generative AI: Balancing security with innovation
The speed at which artificial intelligence (AI)—and particularly generative AI (GenAI)—is upending everyday life and entire industries is staggering. Slowing the progression of AI may be impossible, but approaching AI in a thoughtful, intentional, and security-focused manner is imperative for fintech companies to nullify potential threats and maintain customer trust while still taking advantage of […]
3 keys to boosting your engineering culture
Companies large and small are focused on attracting and retaining top talent. Achieving this goal is an evergreen priority for any business, but taking this idea from vision to action and execution is what separates good companies from great ones. Bridging the gap between vision and execution in the effort to create a robust, engaged […]
Fostering Innovation at Discover Financial Services
Innovation has a different meaning for every organization. At Discover® Financial Services, it lies at the heart of the company’s business goals and growth. And it boils down to one core concept: a relentless commitment to improving the way people work and enhancing the careers of engineers. “Innovation is about modernization, it’s about optimization,” said […]
The multi-cloud era – a faster path forward for enterprises and Managed Services Providers
The era of the multi-cloud landscape is here. CIOs are taking deliberate action by proactively matching workloads and applications with the ideal cloud, and companies are also seeing a proliferation of multi-cloud architectures created by mergers and acquisitions, data sovereignty needs, support for remote work, and shadow IT. This is leading to a multi-cloud approach […]
Wealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme
Vladislav Klyushin was sentenced to nine years in prison for his role in a nearly $100M stock market cheating scheme that relied on information stolen by hacking. The post Wealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme appeared first on SecurityWeek.
Generative AI’s potential as a force multiplier in defense
When it comes to safeguarding people and nations, innovation can never rest. That’s why, around the world, governments and the defense industry as a whole are now investing and exploring generative artificial intelligence (AI), or large language models (LLMs), to better understand what’s possible. At first blush, it seems that generative AI and LLM tools […]
The Team8 Foundry Method for Selecting Investable Startups
Team8, a VC organization with added sauce, queried more than 130 CISOs from its own ‘CISO Village’ to discover the concerns of existing cybersecurity practitioners, and the technologies they are seeking for the future. The post The Team8 Foundry Method for Selecting Investable Startups appeared first on SecurityWeek.
See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack
See Tickets is informing 300,000 individuals that their payment card information was stolen in a new web skimmer attack. The post See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack appeared first on SecurityWeek.
CISA Releases Guidance on Adopting DDoS Mitigations
CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact. The post CISA Releases Guidance on Adopting DDoS Mitigations appeared first on SecurityWeek.
‘Atomic macOS Stealer’ Malware Delivered via Malvertising Campaign
A malware named Atomic macOS Stealer (AMOS) has been delivered to users via a malvertising campaign. The post ‘Atomic macOS Stealer’ Malware Delivered via Malvertising Campaign appeared first on SecurityWeek.
Cisco Patches Critical Vulnerability in BroadWorks Platform
Cisco has released patches for CVE-2023-20238, a critical authentication bypass vulnerability in the BroadWorks Application Delivery Platform. The post Cisco Patches Critical Vulnerability in BroadWorks Platform appeared first on SecurityWeek.
Tenable to Acquire Cloud Security Firm Ermetic for $240 Million
Tenable is set to acquire cloud security firm Ermetic for $240 million as it looks to expand the capabilities of its exposure management platform. The post Tenable to Acquire Cloud Security Firm Ermetic for $240 Million appeared first on SecurityWeek.
Make SASE your cybersecurity armor – but don’t go it alone
Production lines, networks, call centers: every aspect of your organization is being revolutionized in different ways by technology such as AI, automation, edge computing and the many flavors of cloud. Additionally, many employees now work from home part- or full-time, using a range of corporate-issued or personal devices outside the traditional network perimeter. All these […]
Cisco Finds 8 Vulnerabilities in OAS Industrial IoT Data Platform
Vulnerabilities identified in the OAS Platform could be exploited to bypass authentication, leak sensitive information, and overwrite files. The post Cisco Finds 8 Vulnerabilities in OAS Industrial IoT Data Platform appeared first on SecurityWeek.
What AI already does well in supply chain management
Supply chains perform a series of actions starting with product design and proceeding to procurement, manufacturing, distribution, delivery, and customer service. “At each of these points lie big opportunities for AI and ML,” says Devavrat Bapat, Head of AI/ML data products at Cisco. That’s because the current generation of AI is already very good at […]
Briefing the board on AI: Educate to tee up investment
This year’s escalating hype around artificial intelligence finds CIOs once again in the spotlight. With leaders from every department bandying about possibilities and concerns, CIOs are uniquely positioned to provide real talk and leadership on the company’s AI agenda. One place where those conversations must occur but perhaps have not to date is the boardroom. […]
IBM Discloses Data Breach Impacting Janssen Healthcare Platform
IBM has disclosed a data breach involving a Janssen healthcare platform that last year helped more than 1 million patients. The post IBM Discloses Data Breach Impacting Janssen Healthcare Platform appeared first on SecurityWeek.
Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Errors
Microsoft reveals how a crash dump from 2021 inadvertently exposed a key that Chinese cyberspies later leveraged to hack US government emails. The post Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Errors appeared first on SecurityWeek.
Cash-Strapped IronNet Faces Bankruptcy Options
It appears to be the end of the road for IronNet, the once-promising network security play founded by former NSA director General Keith Alexander. The post Cash-Strapped IronNet Faces Bankruptcy Options appeared first on SecurityWeek.
Price shock: IBM to increase cloud costs by up to 26% in 2024
IBM is all set to increase its cloud services costs by up to 26% from January 2024. The new price rise will affect infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings, the company said in a GitHub post. International customers will witness a steeper price hike compared to their US peers. IBM PaaS services — slated for […]
Lessons from the field: How Generative AI is shaping software development in 2023
Since ChatGPT’s release in November of 2022, there have been countless conversations on the impact of similar large language models. Generative AI has forced organizations to rethink how they work and what can and should be adjusted. Specifically, organizations are contemplating Generative AI’s impact on software development. While the potential of Generative AI in software […]
Investors Betting Big on Upwind for CNAPP Tech
Upwind raises a total of $80 million in just 10 months as investors pour cash into startups in the cloud and data security categories. The post Investors Betting Big on Upwind for CNAPP Tech appeared first on SecurityWeek.
Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F)
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain. The post Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) appeared first on SecurityWeek.
Thousands of Popular Websites Leaking Secrets
Truffle Security has discovered thousands of popular websites leaking their secrets, including .git directories and AWS and GitHub keys. The post Thousands of Popular Websites Leaking Secrets appeared first on SecurityWeek.
Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio
Dozens of vulnerabilities have been found in widely used security cameras made by defunct Chinese company Zavio. The post Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio appeared first on SecurityWeek.
Is an integrated ERP suite or a composable ERP strategy right for you?
Today’s business climate is rife with economic uncertainty that is causing IT leaders to do more with less while still innovating to support the business. It’s a seemingly impossible dilemma: How to use innovation to drive business outcomes while being restrained by a reduced budget? Fortunately, IT leaders can do both by adopting a composable […]
Password-Stealing Chrome Extension Demonstrates New Vulnerabilities
Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore. The post Password-Stealing Chrome Extension Demonstrates New Vulnerabilities appeared first on SecurityWeek.
25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy
Mozilla has analyzed the privacy and security of 25 major car brands and found that they collect a lot of data and can share it or sell it to third parties. The post 25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy appeared first on SecurityWeek.
Android Zero-Day Patched With September 2023 Security Updates
Android’s September 2023 security update resolves a high-severity elevation of privilege vulnerability exploited in malicious attacks. The post Android Zero-Day Patched With September 2023 Security Updates appeared first on SecurityWeek.
Hacker Conversations: Alex Ionescu
SecurityWeek talks to Alex Ionescu, a world-renowned cybersecurity expert who has combined a career as a business executive with that of a security researcher. The post Hacker Conversations: Alex Ionescu appeared first on SecurityWeek.
Chrome 116 Update Patches High-Severity Vulnerabilities
Google has released another weekly Chrome update, to address four high-severity vulnerabilities reported by external researchers. The post Chrome 116 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
7 tough IT security discussions every IT leader must have
Talk may be cheap, but when it comes to IT security, strategic conversations with colleagues, business partners, and other relevant parties can be priceless. The value of addressing cybersecurity issues through ongoing discussions is getting corporate alignment on effective and robust strategies, says Roger Albrecht, co-lead of the cybersecurity unit at technology research and advisory […]
AI is the boost Mercedes-Benz needs to digitally transform
Mercedes-Benz has long relied on machine learning and classic AI. But now you’re also using generative AI, for example in the MO360 production environment. What exactly is it about and to what extent does it change the profiles of employees? With digitization and the increasing use of powerful AI systems, job profiles are changing in production and administration. AI is […]
AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure
AtlasVPN developers are working on a patch for an IP leak vulnerability after a researcher publicly disclosed the flaw due to being ignored. The post AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure appeared first on SecurityWeek.
United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue
United Airlines flights were halted nationwide on Sept. 5, because of an “equipment outage,” according to the FAA. The post United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue appeared first on SecurityWeek.
3 hard truths about the multi‑cloud journey
Businesses are getting smarter, faster and more resilient in the cloud. But it doesn’t come easy. On the Futurum Tech Webcast, Chief Analyst Daniel Newman for Futurum Research (an analyst firm focused on technology, digital innovation and market disruption) talks with VMware leaders about the surprising challenges of multi-cloud. Here are three takeaways from their […]
Orro: Delivering a sustainable future enabled by the cloud
In Australia, Orro is synonymous with ironclad software-defined infrastructure and sovereign cloud services that enable new ways of working, from fully managed cloud-native applications that accelerate the pace of business, to advanced collaboration tools that deliver on the promise of remote work. It is a pedigree that aligns well with the company’s ambitious call to […]
How Hackergal is building the talent pipeline of the future
The technology industry is made up of just 26% women, compared to a nearly equal split at 49% across the total workforce. Most notably, that number hasn’t done much besides decrease over the past 30 years, hovering around the same percentage and dipping slightly in recent years. But the lack of women in tech is […]
How to get the most out of this transformative moment for business technology
We are living through a unique moment where two transformative technologies for business are converging. On one side, there is the awesome power of the cloud, which allows businesses to break down silos so their teams can access the data they need to innovate faster and in a more secure environment. On the other side […]
CISA Hires ‘Mudge’ to Work on Security-by-Design Principles
Peiter ‘Mudge’ Zatko joins the US government’s cybersecurity agency to preach the gospel of security-by-design and secure-by-default development principles. The post CISA Hires ‘Mudge’ to Work on Security-by-Design Principles appeared first on SecurityWeek.
Controlling cloud chaos: How to realign IT with the business
The cloud is undoubtedly transformative for both IT and businesses, but the business has often been left out of the process when it comes to cloud technology decisions. In a traditional environment, everyone must collaborate on building servers, storage, and networking equipment. For instance, if IT requires more processing or storage, the team needs to […]
MITRE and CISA Release Open Source Tool for OT Attack Emulation
MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems. The post MITRE and CISA Release Open Source Tool for OT Attack Emulation appeared first on SecurityWeek.
9 Vulnerabilities Patched in SEL Power System Management Products
Nine vulnerabilities patched in SEL electric power management products, adding to the 19 other flaws fixed earlier this year. The post 9 Vulnerabilities Patched in SEL Power System Management Products appeared first on SecurityWeek.
7 Million Users Possibly Impacted by Freecycle Data Breach
Freecycle.org is prompting millions of users to reset their passwords after their credentials were compromised in a data breach. The post 7 Million Users Possibly Impacted by Freecycle Data Breach appeared first on SecurityWeek.
Norfolk Southern Says a Software Defect — Not a Hacker — Forced It to Park Its Trains This Week
Norfolk Southern believes a software defect — not a hacker — was the cause of the widespread computer outage that forced the railroad to park all of its trains. The post Norfolk Southern Says a Software Defect — Not a Hacker — Forced It to Park Its Trains This Week appeared first on SecurityWeek.
Okta Says US Customers Targeted in Sophisticated Attacks
Okta says some of its US-based customers have been targeted in social engineering attacks whose goal was to disable MFA and obtain high privileges. The post Okta Says US Customers Targeted in Sophisticated Attacks appeared first on SecurityWeek.
6 signs an IT manager is struggling — and how to help
IT managers increasingly find themselves oversubscribed, challenged, and in many cases floundering, and it’s little wonder why. Pressured to do more with less, faster, in flatter organizational structures, IT middle managers serve as a company catchall, with too much time spent on lower-value tasks such as administrative work and planning rather than high-value work such […]
Estée Lauder applies AI, AR for cosmetics accessibility
How can we help visually impaired individuals use our products and feel more self-reliant and confident? That’s the question The Estée Lauder Companies (ELC) set out to answer in 2022 with the help of AI and augmented reality (AR). The result is the Voice-enabled Makeup Assistant (VMA), now fully launched in the UK and US, […]
The ‘IT Business Office’: Doing IT’s admin work right
Among the unenlightened, running IT “like a business” is supposed to be best practice, delivering goods and services to internal customers who IT must fully satisfy, and who then pay for what IT delivers to them through the auspices of a charge-back system. As has been pointed out in this space numerous times (for example, […]
Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs
Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware. The post Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 40 Deals Announced in August 2023
Forty cybersecurity-related merger and acquisition (M&A) deals were announced in August 2023. The post Cybersecurity M&A Roundup: 40 Deals Announced in August 2023 appeared first on SecurityWeek.
Ransomware Attack on Fencing Systems Maker Zaun Impacts UK Military Data
British mesh fencing systems maker Zaun discloses LockBit ransomware attack potentially impacting data related to UK military and intelligence sites. The post Ransomware Attack on Fencing Systems Maker Zaun Impacts UK Military Data appeared first on SecurityWeek.
Exploit Code Published for Critical-Severity VMware Security Defect
Exploit code and root-cause analysis released by SinSinology documents the problem as a case where VMWare “forgot to regenerate” SSH keys. The post Exploit Code Published for Critical-Severity VMware Security Defect appeared first on SecurityWeek.
How Accenture’s solution erases the blind spots of services spend management
Facing the possibility of an economic recession, one of the world’s leading professional services companies felt the urgency to improve its grasp on spend management – the practice of fully understanding and managing supplier relations and company purchasing. With 738,000 employees and $3.8 billion in services contracts, it was crucial for Accenture to not only identify every […]
How to make your developer organization more efficient
Developers are hired for their coding skills, but often spend too much time on information-finding, setup tasks, and manual processes. To combat wasted time and effort, Discover® Financial Services championed a few initiatives to help developers get back to what they do best: developing. The result? More than 100,000 hours of developer toil have been […]
SAP poaches Microsoft exec as its new global head of AI
SAP has appointed a new global head of artificial intelligence, Walter Sun, after the previous post-holder quit to found her own AI startup. For the past 18 years, Sun worked at Microsoft, most recently as VP of AI for its business and applications platform group. Sun has a PhD from MIT and continued to publish […]
In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs
Weekly cybersecurity news roundup providing a summary of noteworthy stories that might have slipped under the radar. The post In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs appeared first on SecurityWeek.
Free Decryptor Available for ‘Key Group’ Ransomware
EclecticIQ has released a free decryption tool to help victims of the Key Group ransomware recover their data without paying a ransom. The post Free Decryptor Available for ‘Key Group’ Ransomware appeared first on SecurityWeek.
Elon Musk Says X, Formerly Twitter, Will Have Voice and Video Calls, Updates Privacy Policy
Twitter has updated its privacy policies, which will allow for the collection of biometric data and employment history, among other information. The post Elon Musk Says X, Formerly Twitter, Will Have Voice and Video Calls, Updates Privacy Policy appeared first on SecurityWeek.
Intel embraces SDN to modernize its chip factories
Until recently, software-defined networking (SDN) technologies have been limited to use in data centers — not manufacturing floors. But as part of Intel’s expansive plans to upgrade and build a new generation of chip factories in line with its Integrated Device Manufacturing (IDM) 2.0 blueprint, unveiled in 2021, the Santa Clara, Calif.-based semiconductor giant opted […]
How Nvidia became a trillion-dollar company
Nvidia’s transformation from an accelerator of video games to an enabler of artificial intelligence (AI) and the industrial metaverse didn’t happen overnight — but the leap in its stock market value to over a trillion dollars did. It was when Nvidia reported strong results for the three months to April 30, 2023, and forecast its […]
Continuous learning gives U.S. Bank a technology talent edge
Many companies today are rapidly adopting new technologies and tools to improve overall efficiencies, improve customer and client experiences, and support key initiatives that are related to business transformation. However, these efforts, while necessary, bring with them growing pains for the workforce. As our global technologies transform, so must our teams. What we have discovered […]
Industry Reactions to Qakbot Botnet Disruption: Feedback Friday
Industry professionals comment on the law enforcement operation targeting the Qakbot botnet and its implications. The post Industry Reactions to Qakbot Botnet Disruption: Feedback Friday appeared first on SecurityWeek.
Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer
Cisco has observed multiple threat actors adopting the SapphireStealer information stealer after its source code was released on GitHub. The post Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer appeared first on SecurityWeek.
Sourcegraph Discloses Data Breach Following Access Token Leak
Sourcegraph says customer information was breached after an engineer accidentally leaked an admin access token. The post Sourcegraph Discloses Data Breach Following Access Token Leak appeared first on SecurityWeek.
Over $1 Million Offered at New Pwn2Own Automotive Hacking Contest
ZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo. The post Over $1 Million Offered at New Pwn2Own Automotive Hacking Contest appeared first on SecurityWeek.
How prioritizing training and mentorship retains talent
Attracting and retaining top tech talent is a challenge for most companies. It takes more than good benefits and pay to retain talent: A LinkedIn study found that companies have a nearly 7% higher retention rate at the 3-year mark with employees who have learned skills on the job. At Discover®, on-the-job training and mentorship […]
IFS acquires Falkonry to offer AI-based enterprise asset management services
Enterprise resource planning (ERP) software vendor IFS has agreed to acquire Falkonry, the developer of an AI-based time-series data analytics tool, to boost its enterprise asset management (EAM) services portfolio. IFS has an eye on the growing number of connected machines in factories, and will add Falkonry’s self-learning Time Series AI Suite, which can help […]
Busting 4 common SD-WAN misconceptions
When organizations began to fully embrace both the work-from-anywhere (WFA) user model and multi-cloud strategies, IT leadership quickly realized that traditional networks lack the flexibility needed to support modern digital transformation initiatives. Legacy network shortcomings led to the rapid growth of software-defined wide area networking (SD-WAN). This next-generation technology enables a more agile network and provides high-performance access to […]
Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities
Small electric utilities in the US offered $9 million as part of a competition whose goal is to help them boost their cybersecurity posture. The post Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities appeared first on SecurityWeek.
Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks
A vulnerability in the All-in-One WP Migration plugin’s extensions exposes WordPress websites to attacks leading to sensitive information disclosure. The post Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks appeared first on SecurityWeek.
Apple Preparing iPhone 14 Pro Phones for 2024 Security Research Device Program
Apple is inviting security researchers to apply for the 2024 iPhone Security Research Device Program (SRDP) to receive hackable iPhones. The post Apple Preparing iPhone 14 Pro Phones for 2024 Security Research Device Program appeared first on SecurityWeek.
Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices
Five Eyes report details ‘Infamous Chisel’ malware used by Russian state-sponsored hackers to target the Ukrainian military’s Android devices. The post Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices appeared first on SecurityWeek.
PenFed to bank on gen AI for hyper-personalization
Pentagon Credit Union (PenFed), the second-largest credit union in the US, is looking to generative AI to transform how it interacts with its customers. Its vision? To create a new, cost-effective channel that helps meet members needs — and learns as it does so, to the benefit of members and the credit union itself. “What’s […]
Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence
Splunk has released patches for multiple high-severity vulnerabilities impacting Splunk Enterprise and IT Service Intelligence. The post Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence appeared first on SecurityWeek.
Boeing CIO Susan Doniz leads with curiosity and empathy
Susan Doniz always knew she wanted to be in a “very people-oriented” career. Initially drawn to medicine, Doniz found that in IT, starting with a 17-year stint working her way up the technology ranks at Procter & Gamble before becoming group CIO of Qantas Airways and later joining Boeing, where she currently serves as CIO, […]
Giant Eagle CIO Kirk Ball’s recipe for digital transformation success
CIO Kirk Ball is known for being a strategic executive capable of driving innovative thinking across the organization. Over the course of his career, the Giant Eagle EVP and CIO has held senior technology roles across a range of industries, including C-level positions at The Christ Hospital Health Network and The Kroger Co. Ball embodies […]
Lawsuit Accuses University of Minnesota of Not Doing Enough to Prevent Data Breach
A lawsuit filed on behalf of a former student and former employee at the University of Minnesota accuses the university of not doing enough to protect personal information from a recent data breach. The post Lawsuit Accuses University of Minnesota of Not Doing Enough to Prevent Data Breach appeared first on SecurityWeek.
500k Impacted by Data Breach at Fashion Retailer Forever 21
Fashion retailer Forever 21 says that the personal information of more than 500,000 individuals was compromised in a data breach. The post 500k Impacted by Data Breach at Fashion Retailer Forever 21 appeared first on SecurityWeek.
Dangling DNS Used to Hijack Subdomains of Major Organizations
Dangling DNS records were abused by researchers to hijack subdomains belonging to major organizations, warning that thousands of entities are impacted. The post Dangling DNS Used to Hijack Subdomains of Major Organizations appeared first on SecurityWeek.
CIOs are worried about the informal rise of generative AI in the enterprise
In my previous column in May, when I wrote about generative AI uses and the cybersecurity risks they could pose, CISOs noted that their organizations hadn’t deployed many (if any) generative AI-based solutions at scale. What a difference a few months makes. Now, generative AI use has infiltrated the enterprise with tools and platforms like […]
What motivated Ericsson’s big push into the cloud
When Mats Hultin, pictured, took over as group CIO at Ericsson four years ago, the company decided to review its large outsourcing contract. At the same time, the cloud team, led by cloud service VP Johan Sporre Lennberg, stressed for modernization and a clear cloud strategy going forward. “We chose to combine the selection of new […]
‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors
Earth Estries, a cyberspy group possibly linked to China, has targeted governments and tech firms in the US, Germany, South Africa and Asia. The post ‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors appeared first on SecurityWeek.
Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs
Roughly 78% of the healthcare organizations in North America, South America, the APAC region, and Europe experienced a cyberattack over the past year, according to a new report. The post Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs appeared first on SecurityWeek.
Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication
Four recent vulnerabilities in the J-Web component of Junos OS have started being chained in malicious attacks after PoC exploit code was published. The post Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication appeared first on SecurityWeek.
GitHub Enterprise Server Gets New Security Capabilities
GitHub Enterprise Server 3.10 released with additional security capabilities, including support for custom deployment rules. The post GitHub Enterprise Server Gets New Security Capabilities appeared first on SecurityWeek.
BGP Flaw Can Be Exploited for Prolonged Internet Outages
Serious flaw affecting major BGP implementations can be exploited to cause prolonged internet outages, but several vendors have not patched it. The post BGP Flaw Can Be Exploited for Prolonged Internet Outages appeared first on SecurityWeek.
How Quantum Computing Will Impact Cybersecurity
While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works. The post How Quantum Computing Will Impact Cybersecurity appeared first on SecurityWeek.
DreamBus Botnet Exploiting RocketMQ Vulnerability to Delivery Cryptocurrency Miner
The DreamBus botnet has resurfaced and it has been exploiting a recently patched Apache RocketMQ vulnerability to deliver a Monero miner. The post DreamBus Botnet Exploiting RocketMQ Vulnerability to Delivery Cryptocurrency Miner appeared first on SecurityWeek.
The portfolio approach to digital transformation: 4 keys to success
Corporate projects are classically evaluated on standard matrices such as return on investment (ROI), break-even period, and capital invested. But as organizations look to quickly leverage the power of emerging digital technologies for business growth, such an approach is falling short on expectations. “Digital initiatives are innovative and although it’s fair to have an anticipation […]
High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome
Mozilla and Google have released stable updates for the Firefox and Chrome browsers to address several memory corruption vulnerabilities. The post High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome appeared first on SecurityWeek.
Fianu Labs Emerges From Stealth With $2 Million in Seed Funding
Fianu Labs has emerged from stealth mode with a software governance automation solution and $2 million in seed funding. The post Fianu Labs Emerges From Stealth With $2 Million in Seed Funding appeared first on SecurityWeek.
Operation ‘Duck Hunt’: Qakbot Malware Disrupted, $8.6 Million in Cryptocurrency Seized
U.S. law enforcement announce the disruption of the notorious Qakbot cybercrime operation and the release of an auto-disinfection tool to 700,000 infected machines. The post Operation ‘Duck Hunt’: Qakbot Malware Disrupted, $8.6 Million in Cryptocurrency Seized appeared first on SecurityWeek.
If you’re still focusing on capacity planning, maybe you’re doing VSM wrong
In recent years, Value Stream Management has gained significant popularity among large organizations who are looking for a better way to align business and delivery, and for ways to optimize the end-to-end flow of value. As these organizations embark on their Value Stream Management transformation, they inevitably face a range of challenges, from organizational to […]
VMware Patches Major Security Flaws in Network Monitoring Product
VWware patches critical flaws that allow hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The post VMware Patches Major Security Flaws in Network Monitoring Product appeared first on SecurityWeek.
New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia
The newly identified MMRat Android trojan has been targeting users in Southeast Asia to remotely control devices and perform bank fraud. The post New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia appeared first on SecurityWeek.
TeraSky—Providing award-winning infrastructure modernization solutions with VMware
TeraSky’s customer dedication earns them 7th VMware Award in 5 years in the 2023 VMware Partner Achievement Awards Many businesses continue to face challenges as they look to digitally transform how they operate and serve customers. With on-premises systems and private clouds often relying on outdated—or soon-to-be-outdated tools—companies need more agile, future-proof solutions. For TeraSky, helping […]
OpenAI Turns to Security to Sell ChatGPT Enterprise
A corporate edition of ChatGPT promises “enterprise-grade security” and a commitment not to use prompts and company data to train AI models. The post OpenAI Turns to Security to Sell ChatGPT Enterprise appeared first on SecurityWeek.
Accelerate change with Value Stream Management
Interest in Value Stream Management (VSM) has never been higher – and for good reason. VSM is very much driven by digital transformation. Whether it’s a very strategic, top-down transformation initiative, a bottom-up effort to scale a successful pilot, or something in between – every organization is recognizing the need to change the way they […]
IBM – Putting technology to work in the real world
IBM is an iconic American technology brand. Since the earliest days of the computer industry—from the development of mainframes through the advent of disk drives—into the 21st century and the emergence of the metaverse, IBM has been at the forefront of innovation. Hear from IBM on the unique solutions that allow customers to take advantage of the […]
The Reality of Cyberinsurance in 2023
If an organization decides to include cyberinsurance within its total cyber risk management posture, that cyberinsurance must be fully integrated with the organization’s cybersecurity posture. The post The Reality of Cyberinsurance in 2023 appeared first on SecurityWeek.
Did Microsoft Just Upend the Enterprise Browser Market?
NEWS ANALYSIS: Redmond plants its feet firmly in the enterprise browser space, sending major ripples through Silicon Valley’s bustling venture-backed startup ecosystem. The post Did Microsoft Just Upend the Enterprise Browser Market? appeared first on SecurityWeek.
BMC Helix: Leading the charge in Generative AI-driven enterprise service management
Generative AI is likely the most heavily hyped technology innovation since the World Wide Web during the dot-com boom of the late 1990s. And while many companies oversold the internet’s capabilities—at least, at the time—it has undoubtedly transformed enterprise technology and modern life over the past two decades. Generative AI seems to be following the […]
UN Warns Hundreds of Thousands in Southeast Asia Roped Into Online Scams
A new report sheds light on cybercrime scams that have become a major issue in Asia, with many workers trapped in virtual slavery. The post UN Warns Hundreds of Thousands in Southeast Asia Roped Into Online Scams appeared first on SecurityWeek.
Chinese APT Was Prepared for Remediation Efforts in Barracuda ESG Zero-Day Attack
Chinese threat actor exploiting Barracuda ESG appliances deployed persistence mechanisms in preparation for remediation efforts. The post Chinese APT Was Prepared for Remediation Efforts in Barracuda ESG Zero-Day Attack appeared first on SecurityWeek.
Meta Fights Sprawling Chinese ‘Spamouflage’ Operation
Meta has purged thousands of Facebook accounts that were part of a widespread online Chinese spam operation trying to covertly boost China and criticize the West. The post Meta Fights Sprawling Chinese ‘Spamouflage’ Operation appeared first on SecurityWeek.
Personal, Health Information of 1.2 Million Stolen in PurFoods Ransomware Attack
PurFoods says the personal and protected health information of over 1.2 million individuals was stolen in a February 2023 ransomware attack. The post Personal, Health Information of 1.2 Million Stolen in PurFoods Ransomware Attack appeared first on SecurityWeek.
Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win
Just as a professional football team needs coordination, strategy and adaptability to secure a win on the field, a well-rounded cybersecurity strategy must address specific challenges and threats. The post Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win appeared first on SecurityWeek.
6 trends fueling the rise of self-service IT
Self-service IT solutions have cemented their place in the enterprise as a means for enabling employees to resolve IT issues on their own rather than contacting an IT representative. Yet as self-service technology advances and matures, many IT leaders are discovering that the concept is capable of evolving into something far more flexible and powerful […]
Your AI journey: Destined for the ditch?
Every organization is on an AI journey. Some don’t know they are. Others don’t want to leave home. Very few have a map or a mutually agreed upon destination. And only a tiny fraction have the appropriate shoes. That’s the current state of AI at Global 2000 enterprises, whose behavior set thus far in the […]
Telefonica is working to help enterprises decarbonize their operations
Telefonica is setting ambitious targets in areas like renewable electricity usage to hit objectives which will both help the planet and increase efficiency. In doing so, the company is enabling its customers to reduce their emissions as the world steps up its efforts to combat climate change. Daniel Ribaya González, director of cloud products and […]
Discovery Holdings explores the opportunities of multi-cloud without the complexity
Developing new products and services that will “wow” customers is a full-time commitment—especially in a fast-paced digital world. Companies providing financial services are under constant pressure from the threat of agile fintechs and ever-changing customer expectations. To stay ahead, they need to offer value, self-service and apps that engage and inspire customers. Building best-in-class cloud […]
Digital mining for sustainability in a low-carbon economy
Since the Paris Agreement was signed in 2015, businesses have been taking part to contribute in pursuing net zero and achieve emission reduction targets. For Petrosea — a multi-disciplinary mining, infrastructure, and oil and gas services company in Indonesia — attention shifted to pursuing more sustainable operations with lower carbon emissions. A complex undertaking for mining concerns […]
Equinix goes partner prospecting with AI
Multinational data infrastructure company Equinix has been capitalizing on machine learning (ML) since 2018, thanks to an initiative that uses ML probabilistic modeling to predict prospective customers’ likelihood of buying Equinix offerings — a program that has contributed millions of dollars in revenue since its inception. But as the company evolved since the launch of […]
How a unified approach to support and services can improve IT outcomes
Enterprise applications are changing at a more rapid pace than ever. The result is that many enterprises have hybrid-driven, multivendor IT environments. This creates a challenge for the IT organization — how to effectively operate, manage, and support an increasingly complex technology portfolio. CIOs need a technology support model that is agile and responsive, yet […]
P&G enlists IoT, predictive analytics to perfect Pampers diapers
If there are everyday items you want to be failsafe, diapers are surely among them. That’s why The Procter & Gamble Co. goes to great lengths to ensure the fidelity of its Pampers products. But when tossing away thousands of diapers damaged during the manufacturing process becomes an everyday occurrence, something has to be done […]
Acquisition Chatter Swirls Around SentinelOne, BlackBerry
Cybersecurity vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter with a surprise suitor emerging. The post Acquisition Chatter Swirls Around SentinelOne, BlackBerry appeared first on SecurityWeek.
10 Million Likely Impacted by Data Breach at French Unemployment Agency
The personal information of roughly 10 million individuals might have been compromised in a data breach at French unemployment agency Pole Emploi. The post 10 Million Likely Impacted by Data Breach at French Unemployment Agency appeared first on SecurityWeek.
Signs of Malware Attack Targeting Rust Developers Found on Crates.io
The Crates.io Rust package registry was targeted in preparation of a malware attack aimed at developers, according to Phylum. The post Signs of Malware Attack Targeting Rust Developers Found on Crates.io appeared first on SecurityWeek.
3 Malware Loaders Detected in 80% of Attacks: Security Firm
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incidents. The post 3 Malware Loaders Detected in 80% of Attacks: Security Firm appeared first on SecurityWeek.
Two Men Arrested Following Poland Railway Hacking
Polish police have arrested two men suspected of illegally hacking into the national railway’s communications network, causing disruption to 20 trains. The post Two Men Arrested Following Poland Railway Hacking appeared first on SecurityWeek.
Leaseweb Reports Cloud Disruptions Due to Cyberattack
Dutch cloud company Leaseweb shut down some critical systems last week due to a cyberattack. The post Leaseweb Reports Cloud Disruptions Due to Cyberattack appeared first on SecurityWeek.
2023 CIO Hall of Fame inductees on building a successful IT leadership career
Each executive has a unique career path that brought him or her to the C-suite. That’s as true for CIOs as any other enterprise leader. Yet the leading tech execs who make up CIO’s 2023 CIO Hall of Fame share many of the same attributes, attitudes, and ambitions. Moreover, they agree that those characteristics as […]
Agile project management: Principles, benefits, tools, tips, and when to make the switch
Agile project management definition Agile project management is a methodology used primarily in software development that favors flexibility and collaboration, incorporating customer feedback throughout the project life cycle. The methodology takes an iterative approach to development, breaking down work into small, manageable cycles called “sprints” to focus on continuous improvement in the development of a […]
Ohio History Organization Says Personal Information Stolen in Ransomware Attack
Personal information stolen in ransomware attack at Ohio History Connection posted online after organization refuses to pay ransom. The post Ohio History Organization Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack
Three bankrupt cryptocurrency companies — FTX, BlockFi and Genesis — suffered data breaches following a SIM swapping attack at Kroll. The post 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack appeared first on SecurityWeek.
The four Es of AI: Keeping up with the trend that never sleeps
AI never sleeps. With every new claim that AI will be the biggest technological breakthrough since the internet, CIOs feel the pressure mount. For every new headline, they face a dozen new questions. Some are basic: What is generative AI? Others are more consequential: How do we diffuse AI through every dimension of our business? […]
Dear SAP Support – We’ve Grown Apart
Dear SAP Support, I don’t think we should see each other anymore. It’s not you; it’s me. No … wait … it’s mostly you. Our relationship started as expected, but we’ve grown apart. We now want different things. You aren’t who you were You’ve changed. It used to be that my annual maintenance fee got […]
In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 21, 2023. The post In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures appeared first on SecurityWeek.
Health check on Tech: CK Birla Hospitals CIO Mitali Biswas on moving the needle towards innovation
A robust healthcare sector is testament to a nation’s commitment to the well-being of its citizens. Over the past few years, the industry grappled with formidable challenges as the COVID-19 pandemic wreaked havoc on both human lives and the healthcare system. However, some leaders embraced the challenge, skillfully navigating the tribulations of healthcare. They emerged […]
North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw
North Korea-linked Lazarus Group exploited a ManageEngine vulnerability to compromise an internet backbone infrastructure provider. The post North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw appeared first on SecurityWeek.
Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies
Congresswoman Nancy Mace has introduced a bill that would require federal contractors to have a Vulnerability Disclosure Policy (VDP). The post Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies appeared first on SecurityWeek.
Europe is Cracking Down on Big Tech. This Is What Will Change When You Sign On
The Digital Services Act aims to protect European users when it comes to privacy, transparency and removal of harmful or illegal content. The post Europe is Cracking Down on Big Tech. This Is What Will Change When You Sign On appeared first on SecurityWeek.
Cypago Raises $13 Million for GRC Automation Platform
Israeli startup Cypago raises $13 million in funding and launches a governance, risk management and compliance (GRC) automation platform. The post Cypago Raises $13 Million for GRC Automation Platform appeared first on SecurityWeek.
Google Workspace Introduces New AI-Powered Security Controls
Google has announced new AI-powered zero trust, digital sovereignty, and threat defense controls for Workspace customers. The post Google Workspace Introduces New AI-Powered Security Controls appeared first on SecurityWeek.
Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack
Nearly 1,000 organizations and 60 million individuals are impacted by the MOVEit hack, and the Cl0p ransomware gang is leaking stolen data. The post Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack appeared first on SecurityWeek.
Chinese-backed APT ‘Flax Typhoon’ Hacks Taiwan with Minimal Malware Footprint
Microsoft warns that Chinese spies are hacking into Taiwanese organizations with minimal use of malware and by abusing legitimate software. The post Chinese-backed APT ‘Flax Typhoon’ Hacks Taiwan with Minimal Malware Footprint appeared first on SecurityWeek.
Regulatory uncertainty overshadows gen AI despite pace of adoption
While AI has steadily worked its way into the enterprise and business vernacular over many years, gen AI has not only become an abrupt and immediate force unto itself, but also an overarching AI accelerant. Not without warning signs, however. Gen AI has the potential to magnify existing risks around data privacy laws that govern […]
University of Minnesota Confirms Data Breach, Says Ransomware Not Involved
University of Minnesota confirms data was stolen from its systems, says no malware infection or file encryption has been identified. The post University of Minnesota Confirms Data Breach, Says Ransomware Not Involved appeared first on SecurityWeek.
Financial IT leaders prep for a quantum-fueled future
If there’s an industry steeped in computations, it’s the financial services sector. Optimization problems, for which a whole chorus of variables must be fine-tuned and modulated, routinely plague financial firms, especially when it comes to highly engineered financial products such as those developed through quantitative analysis. That need for complex mathematical modeling at scale makes […]
Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks
Cisco has released patches for three high-severity vulnerabilities in NX-OS and FXOS software that could lead to denial-of-service (DoS) conditions. The post Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks appeared first on SecurityWeek.
Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device
Mysterious Whiffy Recon malware scans for nearby Wi-Fi access points to obtain the location of the infected device. The post Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device appeared first on SecurityWeek.
FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective
The FBI says that the patches Barracuda released in May for an exploited ESG zero-day vulnerability (CVE-2023-2868) were not effective. The post FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective appeared first on SecurityWeek.
Generative AI is electrifying. Charge ahead or get shocked.
By Chet Kapoor, Chairman & CEO of DataStax The energy around AI is nothing short of electrifying. It’s not just a buzzword or part of a science fiction storyline. It’s our new reality and will be the most important and disruptive innovation of our lifetime. The market and opportunity ahead are massive. A large majority […]
Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks
Rockwell Automation ThinManager ThinServer vulnerabilities could allow remote attackers to take control of servers and hack HMIs. The post Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks appeared first on SecurityWeek.
Digital Identity Protection Firm SpyCloud Raises $110 Million
Account takeover and fraud protection firm SpyCloud has raised $110 million in a growth funding round led by Riverwood Capital. The post Digital Identity Protection Firm SpyCloud Raises $110 Million appeared first on SecurityWeek.
Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day
A financially motivated cybercrime group has exploited a WinRAR zero-day to deliver malware to traders and steal their money. The post Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day appeared first on SecurityWeek.
Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack
Danish cloud hosting provider CloudNordic says most customers lost all data after ransomware shut down all its systems and servers. The post Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack appeared first on SecurityWeek.
UK Court Concludes Teenager Behind Huge Hacking Campaign
A UK court has found a teenager responsible for a hacking campaign that included one of the biggest breaches in the history of the video game industry. The post UK Court Concludes Teenager Behind Huge Hacking Campaign appeared first on SecurityWeek.
CIO Anurag Gupta on taking the private equity plunge
Of all the trade-off decisions you may have to make as an IT executive, few stand to alter the course of your career as dramatically as that of whether to serve a firm owned by private equity (or “PE”). On the one hand, such firms (often referred to as portfolio companies, or “PortCos”), can excite […]
AIOps for successful IoT projects
It’s interesting how the number of projected IoT devices being connected in 2023 can differ by 26 billion from article to article. What it tells me is that no one really knows because new devices are being introduced on a daily basis and it’s hard to keep track. I can’t imagine being an IT administrator […]
Data soup and the art of finding relevance: Why AIOps isn’t enough for modern network monitoring
“Plastic soup” is one term that’s been used to describe the pollution that’s plaguing our oceans. The phrase was coined by Captain Charles Moore in 1997. Moore came across massive amounts of plastic floating in the middle of the ocean and his accounts of this experience helped raise awareness of the scope and severity of […]
Thoma Bravo Merges ForgeRock with Ping Identity
The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market. The post Thoma Bravo Merges ForgeRock with Ping Identity appeared first on SecurityWeek.
Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick?
As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically. The post Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick? appeared first on SecurityWeek.
FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers
The FBI has published information on six crypto wallets in which North Korean hackers moved roughly 1,580 Bitcoin from various heists. The post FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers appeared first on SecurityWeek.
Cybersecurity Companies Report Surge in Ransomware Attacks
Cybersecurity companies have released a dozen ransomware reports in recent weeks and most of them show a surge in attacks. The post Cybersecurity Companies Report Surge in Ransomware Attacks appeared first on SecurityWeek.
The End of “Groundhog Day” for the Security in the Boardroom Discussion?
As the SEC cyber incident disclosure rules come into effect, organizations will be forced to seriously consider giving security leaders a seat at the table. The post The End of “Groundhog Day” for the Security in the Boardroom Discussion? appeared first on SecurityWeek.
3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability
More than 3,000 Openfire servers are not patched against a recent vulnerability and are exposed to attacks employing a new exploit. The post 3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability appeared first on SecurityWeek.
US Government Publishes Guidance on Migrating to Post-Quantum Cryptography
CISA, NSA, and NIST urge organizations to create quantum-readiness roadmaps and prepare for post-quantum cryptography migration. The post US Government Publishes Guidance on Migrating to Post-Quantum Cryptography appeared first on SecurityWeek.
How Huber spurs innovation in a historically decentralized business
For the last 140 years, specialty manufacturing business Huber has been run as a portfolio company, with four decentralized businesses comprising some $3b in annual revenue. The portfolio model, and a healthy appetite for acquisitions, has served the company well with profitable businesses that manufacture everything from engineered wood to specialty food ingredients. Today, however, […]
Examining Cargill’s push to nurture growth through digital and data strategies
For 158 years, Minneapolis-based Cargill is the largest privately held company in the US and employs 155,000 people across 70 countries, earning an estimated $165 billion in annual revenue. Having joined its executive team 18 months ago, CDIO Jennifer Hartsock oversees its global technology portfolio, and digital and data strategies, so she has to keep […]
Google opens second cloud region in Germany
Google has opened a second cloud region in Germany as part of its plan to invest $1.85 billion in German digital infrastructure by 2030. Dubbed the Berlin-Brandenburg region, the new data center will be operational alongside the Frankfurt region and will offer services such as the Google Compute Engine, Google Kubernetes Engine, Cloud Storage, Persistent […]
First Weekly Chrome Security Update Patches High-Severity Vulnerabilities
Google has released the first weekly Chrome security update, which patches five memory safety vulnerabilities, including four rated ‘high severity’. The post First Weekly Chrome Security Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Exploitation of Ivanti Sentry Zero-Day Confirmed
While initially it was unclear if the Ivanti Sentry vulnerability CVE-2023-38035 has been exploited, the vendor and CISA have now confirmed it. The post Exploitation of Ivanti Sentry Zero-Day Confirmed appeared first on SecurityWeek.
7 project priority checks for overloaded IT agendas
Today’s IT leaders are much more than technology experts — they’re business leaders charged with driving timely results. And that requires knowing not only how to prioritize IT initiatives, but when, and how, to say no to projects that won’t advance business goals. “While saying ‘yes’ to a project can seem like the easiest way […]
Atos—Powering Digital Transformation Across the Customer Lifecycle
Atos earns the 2023 VMware Partner Worldwide Lifecycle Services Award for enabling end-to-end digital transformations True transformation is often a team effort. No matter what type of transformation, working with a trusted partner can make all the difference. For Atos, realizing its goal of engineering the digital world of the future means being a trusted […]
Safeguarding your digital ecosystem: effective strategies to detect and mitigate API abuse
In today’s interconnected digital landscape, Application Programming Interfaces (APIs) are instrumental in ensuring seamless communication between software systems. As APIs gain significance, cybercriminals are also drawn to exploit vulnerabilities and abuse them. Gartner studies indicate that by 2025, half of all data theft will be attributed to unsecured APIs. Detecting and mitigating API abuse is […]
How Vodafone automated sales and operations management
Today’s market for telecommunications services is fast-moving and extremely competitive. To differentiate themselves, communication service providers (CSPs) are focusing on two areas: providing innovative digital services and delivering the best possible customer experience (CX). To this end, CSPs have invested enormously in enabling technologies like 5G and multi-access edge computing (MEC). Unfortunately, CSP infrastructures are […]
TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks
Vulnerabilities in the TP-Link Tapo L530E smart bulb and accompanying mobile application can be exploited to obtain the local Wi-Fi password. The post TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks appeared first on SecurityWeek.
Hacker Conversations: Cris Thomas (AKA Space Rogue) From Lopht Heavy Industries
Cris Thomas, also known as Space Rogue, was a founding member of the Lopht Heavy Industries hacker collective. The post Hacker Conversations: Cris Thomas (AKA Space Rogue) From Lopht Heavy Industries appeared first on SecurityWeek.
US Military Targeted in Recent HiatusRAT Attack
The threat actor behind HiatusRAT was seen performing reconnaissance against a US military procurement system in June 2023. The post US Military Targeted in Recent HiatusRAT Attack appeared first on SecurityWeek.
Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko
The BlackCat/ALPHV ransomware group has started publishing data allegedly stolen from Japanese watchmaking giant Seiko. The post Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko appeared first on SecurityWeek.
Australian Energy Software Firm Energy One Hit by Cyberattack
Energy One, an Australian company that provides software products and services to the energy sector, has been hit by a cyberattack. The post Australian Energy Software Firm Energy One Hit by Cyberattack appeared first on SecurityWeek.
New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack
A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong. The post New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack appeared first on SecurityWeek.
Grip Security Lands $41 Million Series B Financing
Israeli startup Grip Security has banked $41 million in new financing from a group of investors led by Third Point Ventures. The post Grip Security Lands $41 Million Series B Financing appeared first on SecurityWeek.
3 key roles for driving digital success
If digital transformation is a journey, when does it end? This is a question I am asked often by IT leaders who prefer slowing down the pace of transformation and technology innovation. Others who believe the term digital transformation is watered down take a more cynical tack, viewing it as a phrase leaders use to […]
Lenovo’s Arthur Hu on the CIO’s customer-centric imperative
Arthur Hu ranks among the few IT leaders who wear the hats of both CIO and CTO. As the CIO of Lenovo and the chief technology and delivery officer of the company’s solutions and services group, Hu says the dual role lends him “the unique advantage of guiding our teams in developing cutting-edge technology solutions […]
Cerby Raises $17 Million for Access Management Platform for Nonstandard Applications
Cerby has raised $17 million in Series A funding for its access management platform for applications not supported by identity providers. The post Cerby Raises $17 Million for Access Management Platform for Nonstandard Applications appeared first on SecurityWeek.
CISA Warns of Another Exploited Adobe ColdFusion Vulnerability
CISA warns that CVE-2023-26359, an Adobe ColdFusion vulnerability patched in March, has been exploited in the wild. The post CISA Warns of Another Exploited Adobe ColdFusion Vulnerability appeared first on SecurityWeek.
Fujitsu – Transforming business and society in the digital age
Fujitsu is focused on digitizing enterprises around the world by bringing together a broad portfolio of advanced technologies and services, working with a select group of trusted partners. For more than 20 years, one of those key partners has been VMware. Paul Kember, Fujitsu’s head of global strategic alliances in Europe, says, “VMware is one of our […]
Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability
A critical-severity vulnerability in the Ivanti Sentry (formerly MobileIron Sentry) product exposes sensitive API data and configurations. The post Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability appeared first on SecurityWeek.
One company’s innovation reduces carbon footprint – while expanding digital impression
The slogan for Mexican information technology (IT) services specialist Global HITSS is “developing a digital society.” The company, a subsidiary of the leading telecommunications provider in Latin America, lists its goals as integrating IT technologies with other digital amenities and general communications. Its mission: creating a culture of energy conservation. But before this could occur, […]
How to build a next-gen workforce
Of course we’re going to talk about generative AI at CIO’s Future of Work Summit, a virtual event taking place September 20. With the promise of generative AI, we’re living through what many believe to be a seismic change in how we work – and who works with and for us. But that’s not all […]
Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer
Cyfirma security researchers uncover the real identity of the CypherRAT and CraxsRAT malware developer and MaaS operator. The post Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer appeared first on SecurityWeek.
Australian Lender Latitude Financial Reports AU$76 Million Cyberattack Costs
Australian lender Latitude Financial said the recent ransomware attack has cost it AU$76 million (roughly US$50 million). The post Australian Lender Latitude Financial Reports AU$76 Million Cyberattack Costs appeared first on SecurityWeek.
US Gov Warns of Foreign Intelligence Cyberattacks Against US Space Industry
The FBI, NCSC, and AFOSI warn US space industry organizations of foreign intelligence targeting and exploitation, including cyberattacks. The post US Gov Warns of Foreign Intelligence Cyberattacks Against US Space Industry appeared first on SecurityWeek.
Webinar Tomorrow: ZTNA Superpowers CISOs Should Know
Join Cloudflare and SecurityWeek for a webinar to discuss “VPN Replacement: Other ZTNA Superpowers CISOs Should Know” The post Webinar Tomorrow: ZTNA Superpowers CISOs Should Know appeared first on SecurityWeek.
Brazilian Hacker Claims Bolsonaro Asked Him to Hack Into the Voting System Ahead of 2022 Vote
A Brazilian hacker claims former president Bolsonaro asked him to hack into the voting system ahead of the 2022 election. The post Brazilian Hacker Claims Bolsonaro Asked Him to Hack Into the Voting System Ahead of 2022 Vote appeared first on SecurityWeek.
Flaws in Juniper Switches and Firewalls Can Be Chained for Remote Code Execution
Juniper Networks has released Junos OS updates to address J-Web vulnerabilities that can be combined to achieve unauthenticated, remote code execution. The post Flaws in Juniper Switches and Firewalls Can Be Chained for Remote Code Execution appeared first on SecurityWeek.
The 4 most overhyped technologies in IT
Most CIOs and IT staffers remain, at heart, technologists, with many proclaiming their interest in shiny new tech toys. They may publicly preach “No technology for technology’s sake,” but they still frequently share their fascination with the latest tech gadgets. They’re not the only ones enthralled by tech. With technology and tech news now both […]
J&J’s Jim Swanson brings mission-driven leadership to the CIO role
Jim Swanson’s career path to CIO of Johnson & Johnson didn’t begin in technology, or even healthcare. He started out as a scientist, working his way up the research and development ranks in the pharmaceutical industry, an experience steeped in curiosity that has helped shape his emphasis on continuous learning to this day. That early […]
Tesla Discloses Data Breach Related to Whistleblower Leak
Tesla has disclosed a data breach impacting 75,000 people, but it’s a result of a whistleblower leak, not a malicious cyberattack. The post Tesla Discloses Data Breach Related to Whistleblower Leak appeared first on SecurityWeek.
Suspected N. Korean Hackers Target S. Korea-US Drills
North Korea-linked “Kimsuky” hackers carried out “continuous malicious email attacks” on contractors working at the war simulation centre. The post Suspected N. Korean Hackers Target S. Korea-US Drills appeared first on SecurityWeek.
How plusserver strengthens cloud capabilities and helps enterprises reduce their carbon footprint
With four high-performance data centers, including facilities in Cologne, Dusseldorf and two in Hamburg, plusserver is well known for its ability to address the most demanding data sovereignty needs in Germany and throughout Europe – a fact underscored earlier this year when it earned the VMware Sovereign Cloud distinction. The company is also a distinguished […]
Three technology pain points to address for your employees
Technology leaders and CIOs have a lot on their shoulders. The still-evolving world of hybrid work has technology at its core to help cope with fast-changing business demands. As a result, all business leaders are finding that their roles are expanding with opportunities to drive progressive digital-first programs. For some companies, the transformation was so […]
In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 14, 2023. The post In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets appeared first on SecurityWeek.
Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins
Jenkins has announced patches for high and medium-severity vulnerabilities impacting several of the open source automation tool’s plugins. The post Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins appeared first on SecurityWeek.
Lilly revolutionizes clinical trials with intelligent sensor cloud
Digital biomarkers are increasingly playing an important role in improving our understanding of disease and health. Defined as quantifiable and objective behavioral and physiological data collected and measured by digital devices such as implantables, wearables, ingestibles, or portables, digital biomarkers enable pharmaceutical companies to conduct studies remotely without the need for a physical site. This […]
Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure
The ‘LabRat’ cryptomining and proxyjacking operation relies on signature-based tools and stealthy cross-platform malware, and abuses TryCloudflare to hide its C&Cs. The post Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure appeared first on SecurityWeek.
Money Matters: Director – IT and CISO Pushkal Tenjerla of CMS on digital revolution in cash management systems
With a deeply penetrated network of ATMs and cash distribution services across India at over 150,000 business commerce points, CMS Info Systems runs India’s omnipresent ATMs across nearly 97% districts. Committed to increasing the velocity of cash in the economy, they also offer other cash management services such as banking automation, card personalization, IoT monitoring […]
Companies Respond to ‘Downfall’ Intel CPU Vulnerability
Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs. The post Companies Respond to ‘Downfall’ Intel CPU Vulnerability appeared first on SecurityWeek.
Israel, US to Invest $4 Million in Critical Infrastructure Security Projects
Israel and US government agencies have announced plans to invest close to $4 million in projects to improve the security of critical infrastructure systems. The post Israel, US to Invest $4 Million in Critical Infrastructure Security Projects appeared first on SecurityWeek.
Federally Insured Credit Unions Required to Report Cyber Incidents Within 3 Days
The National Credit Union Administration is requiring all federally insured credit unions to report cyber incidents within 72 hours of discovery. The post Federally Insured Credit Unions Required to Report Cyber Incidents Within 3 Days appeared first on SecurityWeek.
5 rules that transform outsourcing outcomes
For organizations seeking a collaborative win-win approach to outsourcing, the Vested sourcing business model is worth consideration. It is the product of nearly 20 years of research at the University of Tennessee, beginning with a deep-dive funded by the United States Air Force on outcome-based outsourcing in 2003. UT’s ongoing research into the world’s most […]
ProjectDiscovery Lands $25M Investment for Cloud Security Tech
San Francisco startup ProjectDiscovery has banked $25 million in early-stage financing as investors continue bet on cloud security vendors. The post ProjectDiscovery Lands $25M Investment for Cloud Security Tech appeared first on SecurityWeek.
The CIO’s call to action on gen AI
Generative AI has taken the world by storm and is being discussed in C-suites and boardrooms daily. Its power and potential are so significant that governments across the globe are trying to figure out how to regulate it. While this “overnight success” has been decades in the making, we’re just now getting a glimpse of […]
Google Brings AI Magic to Fuzz Testing With Eye-Opening Results
Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage. The post Google Brings AI Magic to Fuzz Testing With Eye-Opening Results appeared first on SecurityWeek.
Industrial modernization: Becoming future-ready in uncertain times
The industrial sector has shown incredible resiliency and has been building back fast despite significant headwinds. The COVID-19 global pandemic exposed the fragility of manufacturing supply chains, causing substantial shortages of essential products such as medical supplies, critical minerals, and semiconductors. Dynamics of current geopolitical forces are keeping supply chain risks in focus, resulting in […]
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands
A new report from Rapid7 says a ransomware gang like Cl0p would easily be able to afford a bevy of zero-day exploits for vulnerable enterprise software. The post Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands appeared first on SecurityWeek.
Malicious QR Codes Used in Phishing Attack Targeting US Energy Company
A widespread phishing campaign utilizing malicious QR codes has hit organizations in various industries, including a major energy company in the US. The post Malicious QR Codes Used in Phishing Attack Targeting US Energy Company appeared first on SecurityWeek.
Cisco Patches High-Severity Vulnerabilities in Enterprise Applications
Cisco has patched high-severity vulnerabilities in enterprise applications that could lead to privilege escalation, SQL injection, and denial-of-service. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Applications appeared first on SecurityWeek.
Thousands of Systems Turned Into Proxy Exit Nodes via Malware
Threat actors have been observed deploying a proxy application on Windows and macOS systems that were infected with malware. The post Thousands of Systems Turned Into Proxy Exit Nodes via Malware appeared first on SecurityWeek.
CISA Releases Cyber Defense Plan to Reduce RMM Software Risks
CISA has published a cyber defense plan outlining strategies to help critical infrastructure organizations reduce the risks associated with RMM software. The post CISA Releases Cyber Defense Plan to Reduce RMM Software Risks appeared first on SecurityWeek.
What The Clover Group does to address legacy-related challenges
CIOs have a lot on their plates right now with expanding roles, but in recent years, they’ve also been asked to move beyond managing IT and become a strategic business leader to leverage technology in order to create real value for the business. For Tsholofelo Moeca, CIO at The Clover Group, South Africa’s largest dairy […]
Tech leaders weigh in on the upside and flipside of generative AI
Generative AI is widely regarded as one of the great technology breakthroughs of our time. On the back of thousands of headlines provoked by OpenAI’s ChatGPT, it’s provoked urgent responses from many tech giants and is the theme of, and main topic of discussion at, tech conferences worldwide. But, as with any big new wave, […]
Cybersecurity M&A Roundup for August 1-15, 2023
Twenty-five cybersecurity-related M&A deals were announced in the first half of August 2023. The post Cybersecurity M&A Roundup for August 1-15, 2023 appeared first on SecurityWeek.
Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning
Exploitation of a Citrix ShareFile vulnerability tracked as CVE-2023-24489 has spiked as CISA added it to its ‘must patch’ catalog. The post Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning appeared first on SecurityWeek.
Google Releases Security Key Implementation Resilient to Quantum Attacks
Google has released the first quantum-resilient FIDO2 security key implementation as part of its OpenSK project. The post Google Releases Security Key Implementation Resilient to Quantum Attacks appeared first on SecurityWeek.
Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution
Ivanti has patched critical- and high-severity vulnerabilities with the latest release of Avalanche, its enterprise mobile device management solution. The post Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution appeared first on SecurityWeek.
Cleaning Products Giant Clorox Takes Systems Offline Following Cyberattack
Cleaning products manufacturer and marketer Clorox Company has taken certain systems offline after falling victim to a cyberattack. The post Cleaning Products Giant Clorox Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
GitHub Paid Out $1.5 Million in Bug Bounties in 2022
GitHub says it paid out more than $1.5 million in bug bounties for 364 vulnerabilities in 2022, reaching a total of nearly $4 million since 2016. The post GitHub Paid Out $1.5 Million in Bug Bounties in 2022 appeared first on SecurityWeek.
Chrome 116 Patches 26 Vulnerabilities
Google has released Chrome 116 with patches for 26 vulnerabilities and plans to ship weekly security updates for the popular web browser. The post Chrome 116 Patches 26 Vulnerabilities appeared first on SecurityWeek.
Introducing the GenAI models you haven’t heard of yet
Ever since OpenAI’s ChatGPT set adoption records last winter, companies of all sizes have been trying to figure out how to put some of that sweet generative AI magic to use. In fact, according to Lucidworks’ global generative AI benchmark study released August 10, 96% of executives and managers involved in AI decision processes are […]
How Svevia connects roads, risk, and refuse through the cloud
Nearly 15 years ago, the then Vägverket Produktion was incorporated so road maintenance on Sweden’s national road network could be put on the competitive open market. Today, state-owned Svevia is the country’s largest company in the operation and maintenance of roads and bridges, and manages over 50% of the road network yet, just like in the […]
CIO 100 Award winners prove the transformative value of IT
We’re past the point of inflection: Information technology no longer merely supports or even drives an organization’s strategy; it has the power to transform and expand organizational missions and open up new strategic possibilities. That’s the message at the core of this year’s CIO 100 Awards for IT innovation and leadership, which recognize standout technology […]
Silicon powers democratized networking
From home Wi-Fi, to hyperscaler, the ability to access information instantly and to interact immediately with people on the other side of the world is remarkable. Life as we know it today would be very different without high-speed network connectivity. Across the many nodes and links of the connectivity fabric, there’s a good chance a […]
2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability
A threat actor has exploited a recent Citrix vulnerability (CVE-2023-3519) to infect roughly 2,000 NetScaler instances with a backdoor. The post 2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability appeared first on SecurityWeek.
ESM: Delight employees with personalized, accessible digital experiences
When organizations think about deploying enterprise service management (ESM), they often focus on gaining efficiencies and increasing productivity. But ESM doesn’t just benefit lines-of-business organizations through process automation — it also improves the quality of digital employee experiences so teams can find the information they need faster (even on their own through self-service), anytime and […]
CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership
SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework. The post CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership appeared first on SecurityWeek.
Hacker Forum Credentials Found on 120,000 PCs Infected With Info-Stealer Malware
Hudson Rock security researchers have identified credentials for hacker forums on roughly 120,000 computers infected with information stealers. The post Hacker Forum Credentials Found on 120,000 PCs Infected With Info-Stealer Malware appeared first on SecurityWeek.
1.5 Million Impacted by Ransomware Attack at Canadian Dental Service
The personal information of 1.5 million individuals was compromised in a ransomware attack at Alberta Dental Service Corporation (ADSC). The post 1.5 Million Impacted by Ransomware Attack at Canadian Dental Service appeared first on SecurityWeek.
SecureWorks Laying Off 15% of Employees
Threat detection and response firm SecureWorks is laying off 15% of its staff (roughly 300 people) in the second round of firings this year. The post SecureWorks Laying Off 15% of Employees appeared first on SecurityWeek.
Los Angeles IT secures the vote with open source and the cloud
Vital for democracy, voting system integrity has come under increasing scrutiny of late, placing pressure on government IT leaders to ensure election systems are robust and uncompromised. Aman Bhullar, CIO of Los Angeles County Registrar-Recorder/County Clerk, has heeded the call, having led a widespread overhaul of antiquated voting infrastructure just in time for the contentious […]
Digi-Key: Creating magic with multi-cloud
Digi-Key Electronics was digital before digital was even a buzzword. The company launched in 1972 to provide electronic components and automation products to design engineers. Instead of putting salespeople on the ground, we pioneered a business model built around mail-order catalog sales. Before long, we expanded into online sales and, today, Digi-Key offers the world’s largest […]
Colorado Health Agency Says 4 Million Impacted by MOVEit Hack
Colorado’s health programs administrator says the personal information of 4 million individuals was compromised in the recent MOVEit hack. The post Colorado Health Agency Says 4 Million Impacted by MOVEit Hack appeared first on SecurityWeek.
Rackspace technology—Award-winning, multi-cloud modernization powered by VMware
Innovation and agility are key indicators of business success. For many enterprises, the focus is on modernizing and transforming their operations to innovate and stay agile – all with an eye on growth and embracing new opportunities. “Every company today is a technology company. The question is, how do we provide the right technology and […]
comdivision – Cloud expertise from design to deployment and management
comdivision and VMware show how leading-edge cloud solutions help customers gain a competitive lead in their industries For more than 25 years, comdivision has drawn from its deep well of infrastructure knowledge to help organizations gain business value from leading-edge technologies. And for the majority of that time, the company has done it in partnership with VMware. […]
Huabao sniffs out the ultimate efficiency formula
This is the story of how one aromatics leader found a way to make a digital bouquet in the cloud. With 128 international companies under its corporate umbrella, China’s largest aromatics enterprise, the Huabao Group, has struggled with updating its technology to meet the challenges and opportunities that come with rapid growth. Up until 2021, it often fell […]
Email – The System Running Since 71’
Working remotely is here to stay and businesses should continue to make sure their basic forms of communication are properly configured and secured. The post Email – The System Running Since 71’ appeared first on SecurityWeek.
US Cyber Safety Board to Review Cloud Attacks
The US government’s CSRB will conduct a review of cloud security to provide recommendations on improving identity management and authentication. The post US Cyber Safety Board to Review Cloud Attacks appeared first on SecurityWeek.
Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying
Vulnerabilities in CyberPower and Dataprobe power management products could be exploited in data center attacks, including to cause damage and for spying. The post Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying appeared first on SecurityWeek.
US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator
US authorities have announced charges against a Polish national who allegedly operated the LolekHosted.net bulletproof hosting service. The post US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator appeared first on SecurityWeek.
Micro transformation: Driving big business benefit through quick IT wins
When it comes to IT projects, Daragh Mahon likes to think small. The CIO of transportation and logistics company Werner Enterprises has spent the bulk of his career doing full-blown transformation projects that often took two or three years to complete and ended up being a “massive, monolithic platform.” But by then, the business requirements […]
Cherokee Nation empowers its citizens with IT
The Cherokee Nation of Oklahoma is the largest tribe in the US, with more than 460,000 citizens living across a 7,000-square-mile reservation in Oklahoma and around the world. As a widespread community, when COVID-19 struck, Cherokee Nation’s IT services department knew it needed a way to connect citizens digitally with government services, emergency relief, COVID-19 […]
Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles
Ford says a critical vulnerability in the TI Wi-Fi driver of the SYNC 3 infotainment system on certain vehicle models does not pose a safety risk. The post Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles appeared first on SecurityWeek.
Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking
Several vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs. The post Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking appeared first on SecurityWeek.
Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought
Security in current AI models was an afterthought in their training as data scientists amassed breathtakingly complex collections of images and text. The post Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought appeared first on SecurityWeek.
The best of the best: Inside this year’s CSO50 Awards
Providing safe and secure elections is a critical function of local governments – and has been part of a fraught national conversation. What could be more important to a democracy? Taking a proactive approach to security, the Los Angeles County Registrar-Recorder/County Clerk developed the Elections Cybersecurity Operations Center to monitor its elections infrastructure and business […]
Enhancing healthcare data privacy & access: the power of tokenization
When I became a parent, I wanted to live the longest, healthiest life possible. The good news is that we have the potential to live longer than ever. On average, the global life expectancy since 1950 has increased by 61.7% to over 73 years. Several factors are helping, such as healthcare advances, improved living conditions, […]
In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 7, 2023. The post In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities appeared first on SecurityWeek.
Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying
Over a dozen Codesys vulnerabilities discovered by Microsoft researchers can be exploited to shut down industrial processes or deploy backdoors. The post Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying appeared first on SecurityWeek.
Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach
Northern Ireland’s top police officer apologized for what he described as an “industrial scale” data breach in which the personal information of more than 10,000 officers and staff was released to the public. The post Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach appeared first on SecurityWeek.
Black Hat USA 2023 – Announcements Summary
Hundreds of companies and organizations showcased their products and services this week at the 2023 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2023 – Announcements Summary appeared first on SecurityWeek.
Rethinking data analytics as a digital-first driver at Dow
In today’s digital world, the ability to make data-driven decisions and develop strategies that are based on data analytics is critical to success in every industry. Beyond decision-making, accurate and relevant data analytics can provide greater insights into target markets, help improve operational efficiencies, and identify new products and service opportunities. When I assumed the […]
What is NLP? Natural language processing explained
Natural language processing definition Natural language processing (NLP) is the branch of artificial intelligence (AI) that deals with training computers to understand, process, and generate language. Search engines, machine translation services, and voice assistants are all powered by the technology. While the term originally referred to a system’s ability to read, it’s since become a […]
India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation
Indian lawmakers approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights. The post India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation appeared first on SecurityWeek.
MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs
MoustachedBouncer is a cyberespionage group that targets foreign diplomats in Belarus via ISP adversary-in-the-middle attacks. The post MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs appeared first on SecurityWeek.
Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million
Check Point will acquire SASE and ZTNA cybersecurity firm Perimeter 81 for $490 million, a big discount to its $1 billion valuation in 2022. The post Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million appeared first on SecurityWeek.
How IT does business at Eastman
When Aldo Noseda became CIO at chemical manufacturer Eastman five years ago, he immediately began working with other leaders in the company to bring a new category of services to the market that complemented its physical products. “Before Eastman, I worked for Monsanto, where I had a similar journey,” he says. “Monsanto sold agriculture products […]
Turkcell Cloud: Bringing sovereign cloud to Turkey’s regulated industries
To serve the 3,500 customers using its cloud services, Turkcell recently made significant investments in four massive, high-performance data centers – facilities that enable the telecommunications and IT services leader to provide a robust portfolio to complement its significant Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service solutions. Now Turkey’s largest cloud services and data center provider is working […]
Managing and Securing Distributed Cloud Environments
The complexity and challenge of distributed cloud environments often necessitate managing multiple infrastructure, technology, and security stacks, multiple policy engines, multiple sets of controls, and multiple asset inventories. The post Managing and Securing Distributed Cloud Environments appeared first on SecurityWeek.
Symmetry Systems Raises $17.7M for Data Security Posture Management Platform
Symmetry Systems has raised $17.7 million for its AI-powered Data Security Posture Management (DSPM) platform. The post Symmetry Systems Raises $17.7M for Data Security Posture Management Platform appeared first on SecurityWeek.
European Startup Pistachio Raises €3.25 Million for Cybersecurity Training Platform
Norway-based startup Pistachio has raised €3.25 million ($3.5 million) for its AI-based cybersecurity training platform. The post European Startup Pistachio Raises €3.25 Million for Cybersecurity Training Platform appeared first on SecurityWeek.
6 legal ‘gotchas’ that could sink your CIO career
CIOs’ employers and their legal teams provide CIOs with much legal protection when it comes to performing their jobs. Still, CIOs can be left to fend for themselves if their actions are perceived to cross a legal threshold or when risks inherent to the job are viewed as inadequately addressed. CIOs have been sued for […]
CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio
CISA has added CVE-2023-38180, a zero-day vulnerability affecting .NET and Visual Studio, to its Known Exploited Vulnerabilities Catalog. The post CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio appeared first on SecurityWeek.
White House Offers Prize Money for Hacker-Thwarting AI
The White House launched an Artificial Intelligence Cyber Challenge competition for creating new AI systems that can defend critical software from hackers. The post White House Offers Prize Money for Hacker-Thwarting AI appeared first on SecurityWeek.
Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files
Critical vulnerabilities discovered in WD and Synology NAS devices could have exposed the files of millions of users. The post Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files appeared first on SecurityWeek.
What executives should know about CNAPP
What does CNAPP (really) mean? First termed in the Gartner Hype Cycle for Cloud Security, 2021, a cloud-native application protection platform (CNAPP) is, as the name implies, a platform approach for securing applications that are cloud-native across the span of the software development lifecycle (SDLC) of the applications. The need for CNAPP originates from the […]
Oracle adds compute services to its Cloud@Customer offering
Oracle is adding a new managed offering to its Cloud@Customer platform that will allow enterprises to run applications on proprietary optimized infrastructure in their own data centers to address data residency and security regulations and solve low-latency requirements. Dubbed Oracle Compute Cloud@Customer, the new offering runs on the same optimized hardware as the company’s Exadata […]
PepsiCo IT redefines direct-to-store business model success
For leading snack manufacturer Frito-Lay, direct-to-store delivery is essential business. The PepsiCo Foods North America (PFNA) subsidiary generates more than 95% of its annual revenue of $19.6 billion through this model, which enhances efficiency and slashes labor costs by reducing the number of touchpoints. But with 25,000 frontline employees performing 500,000 store visits a week, […]
Accelerating generative AI requires the right storage
Formula 1 (F1) drivers are some of the most elite athletes in the world. In other sports, such as basketball or soccer, there may be hundreds or thousands of players at the topmost levels. In F1 racing, drivers must excel to earn one of only 20 F1 seats. Further elevating this status, F1 reigns as the world’s […]
Sweet Security Emerges From Stealth With $12 Million Seed Funding and a Cloud Runtime Solution
Israeli startup emerged from stealth with $12 million in Seed funding and launched a Cloud Runtime Security Suite. The post Sweet Security Emerges From Stealth With $12 Million Seed Funding and a Cloud Runtime Solution appeared first on SecurityWeek.
Microsoft Paid Out $13 Million via Bug Bounty Programs for Fourth Consecutive Year
For the fourth consecutive year, Microsoft has paid out more than $13 million through its bug bounty programs. The post Microsoft Paid Out $13 Million via Bug Bounty Programs for Fourth Consecutive Year appeared first on SecurityWeek.
Cloud Security Firm Kivera Raises $3.5 Million in Seed Funding
Australian cybersecurity startup Kivera raised $3.5 million in seed funding from General Advance, Round 13 Capital and angel investors. The post Cloud Security Firm Kivera Raises $3.5 Million in Seed Funding appeared first on SecurityWeek.
Intel Addresses 80 Firmware, Software Vulnerabilities
Intel has addressed 80 vulnerabilities affecting its products, including 18 high-severity privilege escalation and DoS flaws. The post Intel Addresses 80 Firmware, Software Vulnerabilities appeared first on SecurityWeek.
Automated Security Control Assessment: When Self-Awareness Matters
Automated Security Control Assessment enhances security posture by verifying proper, consistent configurations of security controls, rather than merely confirming their existence. The post Automated Security Control Assessment: When Self-Awareness Matters appeared first on SecurityWeek.
What is digital transformation? A necessary disruption
Once a vanguard business strategy, digital transformation has become a perennial objective for business survival. Most CEOs (72%) continue to prioritize digital investments, according to the 2022 CEO Outlook report from KPMG, in part due to concerns about emerging and disruptive technology, a top three risk to organizational growth. Executives know that if their businesses […]
Examining the National Bank of Canada CIO’s approach to tech and teams
Being accountable for the execution of the technology strategy for National Bank of Canada, delivery of all projects and initiatives, and running daily operations and back offices functions, Julie Levesque has a lot on her plate as EVP of technology and operations, and CIO. In the role now for three years, she’s applied the skills […]
SAP Patches Critical Vulnerability in PowerDesigner Product
SAP has fixed over a dozen new vulnerabilities with its Patch Tuesday updates, including a critical flaw in its PowerDesigner product. The post SAP Patches Critical Vulnerability in PowerDesigner Product appeared first on SecurityWeek.
New ‘Inception’ Side-Channel Attack Targets AMD Processors
Researchers have disclosed the details of a new side-channel attack targeting AMD CPUs named Inception. The post New ‘Inception’ Side-Channel Attack Targets AMD Processors appeared first on SecurityWeek.
40 Vulnerabilities Patched in Android With August 2023 Security Updates
40 vulnerabilities have been patched by Google in the Android operating system with the release of the August 2023 security updates. The post 40 Vulnerabilities Patched in Android With August 2023 Security Updates appeared first on SecurityWeek.
Full Steam Ahead: CIO Kopal Raj of WABTEC India on staying ‘on-track’ with AI, IoT and sustainability goals
With a mission to revolutionize the future of global mobility, WABTEC delivers transformative transportation systems that quite literally propel the world forward. Initiated in 1869, with an expansive legacy built on the shoulders of giants such as Westinghouse (which gives it the name Westinghouse Airbrakes technology), Edison and Faiveley, WABTEC has been pioneering force in […]
Downfall: New Intel CPU Attack Exposing Sensitive Information
Google researcher discloses the details of an Intel CPU attack method named Downfall that may be remotely exploitable. The post Downfall: New Intel CPU Attack Exposing Sensitive Information appeared first on SecurityWeek.
Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan
Restructuring plan will result in an 18% reduction in employee headcount and closing of some Rapid7 office locations. The post Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan appeared first on SecurityWeek.
Edge Computing: a powerful enabler for industrial frontline workers
For industrial sector organizations, frontline workers play a crucial role in achieving productivity, efficiency, and safety targets. To empower these workers and increase their influence, edge computing has become a critical enabler. By bringing compute power closer to the point of action, edge computing allows real-time data processing, analytics, and decision-making, thereby improving the well-being and efficiency […]
Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days
Patch Tuesday: A month after confirming active exploitation of Office code execution flaws, Microsoft has shipped patches for multiple affected products. The post Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days appeared first on SecurityWeek.
Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns
Adobe rolls out a big batch of security updates to fix at least 30 Acrobat and Reader vulnerabilities affecting Windows and macOS users. The post Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns appeared first on SecurityWeek.
White House Holds First-Ever Summit on the Ransomware Crisis Plaguing the Nation’s Public Schools
CISA will step up training for the K-12 sector and technology providers, including Amazon Web Services and Cloudflare, will offer grants and free software. The post White House Holds First-Ever Summit on the Ransomware Crisis Plaguing the Nation’s Public Schools appeared first on SecurityWeek.
Nvidia unveils Workbench for managing AI workloads, updates Omniverse
Nvidia has recently focused more on its support for AI applications, but it still had plenty of news from CEO Jensen Huang in a keynote address during the annual computer graphics conference, SIGGRAPH. Huang had a few AI announcements to make, including the release of AI Workbench, a new PC application enterprises can use to […]
Horizon3 AI Raises $40 Million to Expand Automated Pentesting Platform
Horizon3.ai, a provider of autonomous security testing solutions, raised $40 million through a Series C funding round. The post Horizon3 AI Raises $40 Million to Expand Automated Pentesting Platform appeared first on SecurityWeek.
Protection is No Longer Straightforward – Why More Cybersecurity Solutions Must Incorporate Context
Context helps complete the picture and results in actionable intelligence that security teams can use to make informed decisions more quickly. The post Protection is No Longer Straightforward – Why More Cybersecurity Solutions Must Incorporate Context appeared first on SecurityWeek.
Identity-Based Attacks Soared in Past Year: Report
Identity-based attacks have soared in the past year, according to CrowdStrike’s 2023 Threat Hunting Report. The post Identity-Based Attacks Soared in Past Year: Report appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens Fixes 7 Vulnerabilities in Ruggedcom Products
ICS Patch Tuesday: Siemens releases a dozen advisories covering over 30 vulnerabilities, but Schneider Electric has only published one advisory. The post ICS Patch Tuesday: Siemens Fixes 7 Vulnerabilities in Ruggedcom Products appeared first on SecurityWeek.
UK Think Tank Proposes Greater Ransomware Reporting From Cyberinsurance to Government
The Royal United Services Institute (RUSI) examined the relationship between cyberinsurance and ransomware, and proposes greater reporting from victims to government, enforced through insurance policies. The post UK Think Tank Proposes Greater Ransomware Reporting From Cyberinsurance to Government appeared first on SecurityWeek.
Black Hat Preview: The Business of Cyber Takes Center Stage
The cybersecurity industry heads to Las Vegas this week for Black Hat in a state of economic contraction, confusion and excitement. Can the promise of AI overcome the hype cycle to truly solve security problems? The post Black Hat Preview: The Business of Cyber Takes Center Stage appeared first on SecurityWeek.
6 ways CIOs sabotage their IT consultant’s success
Once upon a time my consulting company offered a “Take the Blame” service. Our pricing varied with what we were to take the blame for, from a few thousand dollars for small project failures to several million when an enterprise software implementation was going south. Understand, this service wasn’t for situations where we were at […]
Microsoft Shares Guidance and Resources for AI Red Teams
Microsoft has shared guidance and resources from its AI Red Team program to help organizations and individuals with AI security. The post Microsoft Shares Guidance and Resources for AI Red Teams appeared first on SecurityWeek.
The July 2023 Multi-Cloud Briefing: Generative AI for the Enterprise
Watch our newest Multi-Cloud Briefing, The Frontiers of Generative AI for the Enterprise, which explores how the convergence of generative AI and multi-cloud technologies is driving the next wave of business innovation. The most profound impact of generative AI will be in the enterprise. Almost every core function, in every industry—from financial services to healthcare and […]
The great reconciliation: Mitigating technical debt
The COVID-19 pandemic led to the widespread adoption of various technologies as businesses rushed to digitize their processes to cope with the crisis. However, this adoption came with a natural debt accrual, including operational debt, cultural debt, technical debt, security debt, lock-in debt, and more. With a looming economic downturn, businesses need to look for […]
IT leaders know they need to manage IT risk—but need help in execution
Organizations big and small, across every industry, need to manage IT risk. According to PurpleSec, cybercrimes worldwide will cost $10.5 trillion annually by 2025. The financial implications of a cyber breach are clear, but when a breach occurs, organizations also face a damaged reputation, customer loss, and distrust among their stakeholders. Rocket Software recently surveyed […]
Efficiency is the name of the game for IT leaders
The current economic landscape has been a cause for concern across many industries and, as a result, businesses are looking for any and all ways to be more efficient and optimized. Rocket Software recently conducted a survey of U.S.-based IT directors and vice presidents in companies with more than 1,000 employees and found that due […]
Unlocking the hidden value of data
With data, an organization can do super powerful things with AI and machine learning, like building models that do everything from enhancing fraud detection capabilities to identifying gaps in the market for the organization to separate from the pack. But getting to that data, and using it effectively and securely, is often easier said than […]
4 questions CIOs are asking about cloud computing
Ever since Basecamp announced late last year that they were (mostly) pulling out of the cloud, there’s been a spirited debate about the failure of cloud computing to deliver on hyped-up promises of miraculous cost savings. Like a low-calorie cheesecake, cloud computing was supposed to give us everything we desired with minimal effort, all while […]
Wipro — Innovating modern multi-cloud environments for digital transformation
Business today runs on data. And for many enterprises, Wipro, a valued VMware partner, is the company of choice to deliver and maintain their data centers. With over 75 years of experience helping businesses, Wipro maintains a continued focus on innovation that delivers growth for the VMware partner – and its clients. It’s this drive to help customers […]
Softchoice—delivering award-winning, end-to-end multi-cloud strategies
Moving workloads to the cloud is a big undertaking that can include unexpected challenges, delays, and increased costs for many organizations. That’s why the right technology partner is essential. Softchoice, an award-winning VMware partner and this year’s winner of the Cloud Consumption Award for the Americas in the 2023 VMware Partner Achievement Awards, has deep expertise […]
HPE—Taking an award-winning approach to overcome customer modernization challenges
HPE has a long history of helping its customers overcome even the toughest business challenges. “HPE’s mission is to help people grow and evolve,” says Joseph George, HPE’s global vice president of HPE strategic alliance marketing. “Our mantra has always been ‘Do what’s right for the customer,’” George explains. For HPE, this means looking at every […]
Cyberinsurance Firm Resilience Raises $100 Million to Expand Its Cyber Risk Platform
Resilience Cyber Insurance Solutions has raised $100 million through a Series D funding round to support global expansion of its cyber risk platform that was launched earlier this year. The post Cyberinsurance Firm Resilience Raises $100 Million to Expand Its Cyber Risk Platform appeared first on SecurityWeek.
Groundbreaking HR solution earns BT Group unique SAP Innovation Award honor
BT Group has never forgotten its beginnings as a company ensuring that everyone in the UK could have access to a new invention called the telegraph. Finally, a farmer in the Midlands could communicate with his cousin in Brighton, and a dock worker in Sunderland was able to receive the latest news from Westminster. In […]
North Korean Hackers Targeted Russian Missile Developer
A sanctioned Russian missile maker appears to have been targeted by two important North Korean hacking groups. The post North Korean Hackers Targeted Russian Missile Developer appeared first on SecurityWeek.
New PaperCut Vulnerability Allows Remote Code Execution
A new vulnerability in the PaperCut MF/NG print management software can be exploited for unauthenticated, remote code execution. The post New PaperCut Vulnerability Allows Remote Code Execution appeared first on SecurityWeek.
CISA Unveils Cybersecurity Strategic Plan for Next 3 Years
CISA has unveiled its Cybersecurity Strategic Plan for the next 3 years, focusing on addressing immediate threats, hardening the terrain, and driving security. The post CISA Unveils Cybersecurity Strategic Plan for Next 3 Years appeared first on SecurityWeek.
IT leaders embrace the role of business change maker
As CIO of E&J Gallo Winery, Robert Barrios has made it a priority to lead transformation projects not with directives, but by cultivating the right blend of shared experiences and immersion in the business. Barrios rides shotgun on sales calls, spends time observing winemakers, and drops into meetings with sales and operations planning and the […]
IDC: Pace of enterprise applications sales will increase next year
IDC forecasts the growth rate of enterprise applications software sales will pick up in 2024, and remain steady through 2027, despite a dip this year as a result of CIOs continuing to pull back on spending due to economic headwinds. Software sales grew 9.8% last year to $306 million, according to a new IDC study, […]
Generative AI is a make-or-break moment for CIOs
Hardly a day goes by without some new business-busting development on generative AI surfacing in the media. And, in fact, McKinsey research argues the future could indeed be dazzling, with gen AI improving productivity in customer support by up to 40%, in software engineering by 20% to 30%, and in marketing by 10%. Still, it’s worth remembering […]
Colorado Department of Higher Education Discloses Ransomware Attack, Data Breach
Colorado Department of Higher Education targeted in a ransomware attack that resulted in a data breach impacting many students and teachers. The post Colorado Department of Higher Education Discloses Ransomware Attack, Data Breach appeared first on SecurityWeek.
A Cyberattack Has Disrupted Hospitals and Health Care in Five States
A cyberattack has disrupted hospital computer systems in several states, forcing some emergency rooms to close and ambulances to be diverted. The post A Cyberattack Has Disrupted Hospitals and Health Care in Five States appeared first on SecurityWeek.
In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 31, 2023. The post In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability appeared first on SecurityWeek.
Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft
Threat actors have been observed abusing the open source Cloudflare Tunnel tool Cloudflared to maintain stealthy, persistent access to compromised systems. The post Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft appeared first on SecurityWeek.
Microsoft Criticized Over Handling of Critical Power Platform Vulnerability
A critical Microsoft Power Platform vulnerability exposed authentication data and other secrets, but the tech giant has been accused of handling it poorly. The post Microsoft Criticized Over Handling of Critical Power Platform Vulnerability appeared first on SecurityWeek.
Points.com Vulnerabilities Allowed Customer Data Theft, Rewards Program Hacking
Multiple vulnerabilities in the airline and hotel rewards platform points.com could have led to personal information theft and unauthorized administrative access. The post Points.com Vulnerabilities Allowed Customer Data Theft, Rewards Program Hacking appeared first on SecurityWeek.
AWS hopes for a savior in AI as revenue growth continues to slow
Revenue growth at Amazon’s cloud computing division, Amazon Web Services, continued to slow in the second quarter of fiscal year 2023 as enterprises pressed on with their cost-cutting measures. Revenue for AWS increased 12% year-on-year in the second quarter to $21.4 billion. However, Amazon CEO Andy Jassy said enterprises subscribing to AWS services have “needed assistance cost […]
New York Couple Plead Guilty to Bitcoin Laundering
A married couple from New York dubbed “Bitcoin Bonnie and Crypto Clyde” pleaded guilty to laundering billions of dollars in stolen bitcoin. The post New York Couple Plead Guilty to Bitcoin Laundering appeared first on SecurityWeek.
4 ways to ask hard questions about emerging tech risks
As CIOs and technology leaders, we’re almost always in the role of the technology evangelist, bringing both mainstream and emerging technology into the organization for business benefit. In collaboration with our peers, we have a solid business sense that carefully weighs innovation and risk in order to gain valuable ROI while protecting the organization from […]
A 4-pronged strategy to cut SaaS sprawl
Software-as-a-service (SaaS) has witnessed explosive growth over the past few years, as vendors, thought leaders, and CIOs have hailed the enhanced efficiency, lower costs, and reduced time to benefit the model can deliver. However, in their zeal to make good on the promise of SaaS, IT leaders often lose full visibility into the technology stack […]
What is an automation engineer? A growing role to address IT automation
Automation has been a hot topic in the job market for several years now, with plenty of pros and cons surrounding both the idea of job creation and job loss. A study from Zippia found that automation has the potential to eliminate 73 million jobs by 2030, with 35% of Americans worried about automation displacing […]
Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed
Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed. The post Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed appeared first on SecurityWeek.
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022. The post Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities appeared first on SecurityWeek.
CISA Calls Urgent Attention to UEFI Attack Surfaces
The US government’s cybersecurity agency describes UEFI as “critical attack surface” that requires urgent security attention. The post CISA Calls Urgent Attention to UEFI Attack Surfaces appeared first on SecurityWeek.
Jericho Security Raises $3 Million for Awareness Training Powered by Generative AI
Jericho Security raises $3 million in a pre-seed funding round to help organizations defend against emerging generative AI-powered phishing attacks. The post Jericho Security Raises $3 Million for Awareness Training Powered by Generative AI appeared first on SecurityWeek.
670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis
CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor. The post 670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis appeared first on SecurityWeek.
Dozens of RCE Vulnerabilities Impact Milesight Industrial Router
Cisco Talos researchers warn of dozens of critical- and high-severity vulnerabilities in the Milesight UR32L industrial router leading to code execution. The post Dozens of RCE Vulnerabilities Impact Milesight Industrial Router appeared first on SecurityWeek.
These Are the Top Five Cloud Security Risks, Qualys Says
Cloud security specialist Qualys has provided its view of the top five cloud security risks, drawing insights and data from its own platform and third parties. The post These Are the Top Five Cloud Security Risks, Qualys Says appeared first on SecurityWeek.
Decommissioned Medical Infusion Pumps Expose Wi-Fi Configuration Data
Medical infusion pumps available via secondary market sources contain Wi-Fi configuration settings from the original organization. The post Decommissioned Medical Infusion Pumps Expose Wi-Fi Configuration Data appeared first on SecurityWeek.
Lay the groundwork now for advanced analytics and AI
When global technology company Lenovo started utilizing data analytics, they helped identify a new market niche for its gaming laptops, and powered remote diagnostics so their customers got the most from their servers and other devices. Comcast is using data analytics to reduce the cost, and improve the efficacy of, its 10P byte of […]
CIO legend Chris Hjelm on developing future-ready IT leaders
Chris Hjelm is a CIO legend with a career spanning Fortune 50 behemoths like Kroger and FedEx, innovative tech companies like Orbitz and eBay, and other high-growth e-commerce and startup businesses. The 2023 recipient of the Ohio CIO of the Year ORBIE Leadership Award is known for his track record of building and heading global […]
NASA, IBM team up to build LLM that can help fight climate change
IBM on Thursday said it has partnered with the US space agency NASA to co-develop a foundation large language model based on geospatial data that it claims will help scientists and their organizations fight climate change. The open source model, which will be available on Hugging Face, was developed on IBM’s watsonx.ai platform and trained […]
Cybersecurity M&A Roundup: 42 Deals Announced in July 2023
Forty-two cybersecurity-related merger and acquisition (M&A) deals were announced in July 2023. The post Cybersecurity M&A Roundup: 42 Deals Announced in July 2023 appeared first on SecurityWeek.
Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update
Google has paid out over $60,000 for three high-severity type confusion vulnerabilities in Chrome’s V8 engine. The post Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update appeared first on SecurityWeek.
Salesforce Email Service Zero-Day Exploited in Phishing Campaign
Threat actors have exploited a Salesforce email service zero-day vulnerability and abused Meta features in a sophisticated phishing campaign. The post Salesforce Email Service Zero-Day Exploited in Phishing Campaign appeared first on SecurityWeek.
Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round
Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform. The post Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round appeared first on SecurityWeek.
Beyond compliance: How to pick winning ESG strategies that make a splash
Gone are the days when ESG was advanced from within by a band of social advocates braving the current of traditional business thinking. ESG has penetrated our collective psyche and entered the business bloodstream. In many organizations, it informs every strategy, every activity, and many executives are now expected to craft plans as to how […]
Adapt to Changing Regulations with Data Independence and Mobility
“The era of open borders for data is ending,” declared The New York Times in May 2022.1 Meeting security, privacy, and compliance (https://bit.ly/42lK275) regulations and protecting data access and integrity (https://bit.ly/42DwOlA) aren’t the end of the data sovereignty journey. Future-proof your cloud infrastructure with data independence and mobility so that data can be shared and migrated as […]
Microsoft Catches Russian Government Hackers Phishing with Teams Chat App
Microsoft says a Russian government-linked hacking group is using its Microsoft Teams chat app to phish for credentials at targeted organizations. The post Microsoft Catches Russian Government Hackers Phishing with Teams Chat App appeared first on SecurityWeek.
Improving visibility and security in hybrid cloud environments
When it comes to keeping our digital world secure, there’s a saying that really hits home: “You can’t protect what you can’t see.” It’s a reminder that without a clear view of our data and systems, we’re leaving ourselves vulnerable to all sorts of risks. That’s where centralized visibility comes in. By bringing together information […]
Answer these 4 questions to maximize the ROI of your security toolset
Over the past decade, organizations realized they need to arm their teams with the right security toolset in order to mitigate the cyber threats they’re facing. The continuous investment and adoption of security tools has created a challenge: Organizations are now leveraging tens, and sometimes hundreds, of security tools from various vendors that often don’t […]
Shield and Visibility Solutions Target Phishing From Inside the Browser
Menlo Security introduced anti-phishing solutions that analyze what users see on a landing page rather than just analyzing the content of an email. The post Shield and Visibility Solutions Target Phishing From Inside the Browser appeared first on SecurityWeek.
Revolutionize your site for growth, innovation, and customer satisfaction with composable architecture
If your business can’t adapt, your business can’t compete. In the fast-paced world of business, adaptability is the key to success. Unfortunately, most turn-key website platforms have a hidden flaw – they are inherently limited in their potential. As your business grows, your unique needs may diverge from what your vendor’s monolithic platform can offer, […]
New hVNC macOS Malware Advertised on Hacker Forum
A new macOS-targeting hVNC malware family is being advertised on a prominent cybercrime forum. The post New hVNC macOS Malware Advertised on Hacker Forum appeared first on SecurityWeek.
Cyble Raises $24 Million for AI-Powered Threat Intelligence Platform
Threat intelligence firm Cyble has raised $24 million in a Series B funding round co-led by Blackbird Ventures and King River Capital. The post Cyble Raises $24 Million for AI-Powered Threat Intelligence Platform appeared first on SecurityWeek.
Salesforce launches Starter to ward off competition in the SMB segment
Salesforce has made its customer relationship management (CRM) suite, dubbed Starter, generally available in an effort to garner more market share in the small and medium businesses (SMBs) segment as it faces stiff competition from rivals such as Zoho. Starter made its first appearance in June when the company launched it specifically in India, targeting […]
Firefox 116 Patches High-Severity Vulnerabilities
Firefox 116 was released with patches for 14 CVEs, including nine high-severity vulnerabilities, some of which can lead to remote code execution or sandbox escapes. The post Firefox 116 Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Google AMP Abused in Phishing Attacks Aimed at Enterprise Users
Threat actors are using Google AMP URLs in phishing campaigns as a new detection evasion tactic. The post Google AMP Abused in Phishing Attacks Aimed at Enterprise Users appeared first on SecurityWeek.
10 tips for modernizing legacy apps for the cloud
To fully capitalize on the cloud’s scalability and flexibility, most enterprises go beyond a simple lift-and-shift approach, instead injecting them with cloud-native capabilities — a strategy that sounds simple but can quickly prove complex. After all, as with many seemingly easy tasks, the devil is in the details. Fortunately, modernizing a legacy app for the […]
CIO Ryan Snyder on the benefits of interpreting data as a layer cake
A data and analytics capability cannot emerge from an IT or business strategy alone. With both technology and business organization deeply involved in the what, why, and how of data, companies need to create cross-functional data teams to get the most out of it. So Thermo Fisher Scientific CIO Ryan Snyder and his colleagues have […]
Enterprises enthusiastic about generative AI, Foundry survey shows
Generative AI is already making deep inroads into the enterprise, but not always under IT department control, according to a recent survey of business and IT leaders by Foundry, publisher of CIO.com. The survey found tension between business leaders seeking competitive advantage, and IT leaders wanting to limit risks. Some 62% of respondents said their […]
Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack
The recently patched Ivanti EPMM zero-day CVE-2023-35078 has been exploited to hack the Norwegian government since at least April 2023. The post Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack appeared first on SecurityWeek.
Broadcom’s Approach Towards Delivering Customer Value
At Broadcom, we make business decisions driven by what will bring customers the most value. The idea is simple: We tailor our innovations and solutions to their needs over the long term and equip them with the tools they need to drive outcomes. So, how do we make that happen? We listen to our customers. […]
How innovative modular UPSs support digital transformation at edge computing sites
In this era of digital transformation, as we witness the runaway growth of edge computing, the uninterruptible power supply (UPS) is doing its part to help organizations achieve scalability, redundancy, and resiliency goals. With traditional UPSs, if you need to expand, you typically must purchase another unit that will sit next to the existing UPS or replace it […]
Forgepoint Capital Places $20M Series A Bet on Converge Insurance
Forgepoint Capital makes another investment in the cyber-insurance sector with a $15 million Series A investment in Converge Insurance. The post Forgepoint Capital Places $20M Series A Bet on Converge Insurance appeared first on SecurityWeek.
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack
A new power side-channel attack named Collide+Power can allow an attacker to obtain sensitive information and it works against nearly any modern CPU. The post Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack appeared first on SecurityWeek.
Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups
Researchers unmask an Iranian-run company providing command-and-control services to hacking groups, including state-sponsored APT actors. The post Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups appeared first on SecurityWeek.
Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups
San Francisco startup Socket raises $20 million as investors continue to bet on companies in the open source software security category. The post Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups appeared first on SecurityWeek.
This is the easiest AI strategy decision you’ll ever make
By Bryan Kirschner, Vice President, Strategy at DataStax Years before the meteoric adoption of ChatGPT made AI top of mind for just about everyone, the authors of Competing in the Age of AI had already pointed out something every business leader should ignore at their peril: In traditional operating models, scale inevitably reaches a point […]
Nile Raises $175 Million for Secure NaaS Solutions
Network-as-a-service (NaaS) solutions provider Nile has raised $175 million in a Series C funding round that brings the total raised by the firm to $300 million. The post Nile Raises $175 Million for Secure NaaS Solutions appeared first on SecurityWeek.
Silk Security Emerges from Stealth With $12.5 Million Seed Funding
Silk Security raised $12.5 million in seed funding and is on a mission to break down the silos between security and development with an integrated ‘find and fix’ platform. The post Silk Security Emerges from Stealth With $12.5 Million Seed Funding appeared first on SecurityWeek.
SpecterOps Updates BloodHound Active Directory Mapping Tool
SpecterOps announces version 5.0 of BloodHound Active Directory mapping tool with enterprise-grade deployment, usability, and UI. The post SpecterOps Updates BloodHound Active Directory Mapping Tool appeared first on SecurityWeek.
Hacker Conversations: Youssef Sammouda, Bug Bounty Hunter
SecurityWeek speaks to Youssef Sammouda about using cybersecurity research and bug bounties as a way of life and source of income. The post Hacker Conversations: Youssef Sammouda, Bug Bounty Hunter appeared first on SecurityWeek.
How generative AI impacts your digital transformation priorities
Digital transformation must be a core organizational competency. That’s my key advice to CIOs and IT leaders. During keynotes and discussions with CIOs, I remind everyone how strategic priorities evolve significantly every two years or less, from growth in 2018, to pandemic and remote work in 2020, to hybrid work and financial constraints in 2022. […]
Hyperscalers in crosshairs for anti-competitive pricing and lock-in
Ofcom, the UK’s communications regulator, is concerned the market for public cloud infrastructure services is concentrated in the hands of just three providers, limiting competition and making it difficult for enterprises to switch or use multiple suppliers. Those three providers—AWS, Microsoft, and Google—argue the contrary. The two sides, and their supporters, are currently battling it […]
Invoking IT to help revitalize Indigenous languages at risk of extinction
The Miami-Illinois language of the Miami Tribe of Oklahoma (Myaamiaki tribe) fell dormant during the 19th and 20th centuries, at a time when Indigenous populations faced forced relocations and abusive boarding schools, where children were forced to assimilate and were punished for using their own language. It wasn’t until the 1990s that Indigenous rights were […]
Generative AI usage gains traction among enterprises: McKinsey
The usage of generative AI across enterprises is already widespread, although it is still early days for the new technology, according to a report from McKinsey’s AI consulting service, Quantum Black. The report is based on an online survey conducted in April, which received responses from 1,684 participants globally across multiple industry sectors, company sizes, […]
Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report
The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to Dragos. The post Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report appeared first on SecurityWeek.
Bedding Giant Tempur Sealy Takes Systems Offline Following Cyberattack
Bedding products provider Tempur Sealy says it has shut down certain systems following a cyberattack. The post Bedding Giant Tempur Sealy Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
Possible Chinese Malware in US Systems a ‘Ticking Time Bomb’: Report
China has implanted malware in key US power and communications networks in a “ticking time bomb” that could disrupt the military in event of a conflict The post Possible Chinese Malware in US Systems a ‘Ticking Time Bomb’: Report appeared first on SecurityWeek.
200 Canon Printer Models May Expose Wi-Fi Connection Data
Canon says more than 200 inkjet printer models fail to properly erase Wi-Fi configuration settings. The post 200 Canon Printer Models May Expose Wi-Fi Connection Data appeared first on SecurityWeek.
US Gov Rolls Out National Cyber Workforce, Education Strategy
The Biden administration on Monday announced a series of “generational investments” to address immediate and long-term cyber workforce needs. The post US Gov Rolls Out National Cyber Workforce, Education Strategy appeared first on SecurityWeek.
Simplifying IT strategy: How to avoid the annual planning panic
For those companies operating on a calendar year, the end of summer signals the start of annual planning and the mad dash to prepare their IT strategies. Annual or not, like running with the bulls in Pamplona, this exercise never fails to test your mettle and often leaves you staring frantically at the page and […]
Why Zain Kuwait partnered with BMC Software: An ongoing commitment to service management excellence
Zain Kuwait became the country’s first mobile operator in 1983 and has since grown into the largest mobile operator in the Middle East, providing voice and data services to more than 53 million customers. Worth more than $2.4 billion, Zain employs 7,100 people in seven countries—and is growing largely because of the high level of […]
Stack Overflow announces OverflowAI
Today marks the beginning of a new and exciting era for Stack Overflow. We are announcing our roadmap for the integration of generative AI into our public platform, Stack Overflow for Teams, and brand new product areas, like an IDE integration that brings the vast knowledge of 58 million questions and answers from our community […]
How Bloomberg’s engineers built a culture of knowledge sharing
Bloomberg is a company synonymous with finance, technology, and media. It has offices across the globe and more than 8,000 engineers working to support everything from real-time data feeds about moves in the financial markets and the company’s journalists to mobile apps and AI models that can analyze financial data and sentiment. To help its […]
Paper-to-Digital Can Drive Sustainability at Scale
Adobe created the Portable Document Format, the PDF, in 1993 to provide an easy and reliable way to create, present, and exchange visually rich and composed documents independent of the device being used. The invention was one of the biggest steps toward the “paperless office,” perhaps second to computers. A workplace built on digital technologies […]
The hardest part of building software is not coding, it’s requirements
With all the articles about all the amazing AI developments, there’s plenty of hand-wringing around the possibility that we, as software developers, could soon be out of a job, replaced by artificial intelligence. They imagine all the business execs and product researchers will bypass most or all of their software developers and ask AI directly […]
Why knowledge management is foundational to AI success
Amid all the conversations about how AI is revolutionizing work—making everyday tasks more efficient and repeatable and multiplying the efforts of individuals—it’s easy to get a bit carried away: What can’t AI do? Despite its name, generative AI—AI capable of creating images, code, text, music, whatever—can’t make something from nothing. AI models are trained on […]
BIT’s Agrobit named a ‘Hero of Sustainability’ at SAP Innovation Awards
The days of farmers pouring over a Farmer’s Almanac for answers about what and when to plant are gone – like dust in the wind. As the market has expanded worldwide and become more sophisticated, so have the challenges facing farmers and their questions about how to move forward. They want information and advice. BIT S.A., […]
Building a Beautiful Data Lakehouse
Applying artificial intelligence (AI) to data analytics for deeper, better insights and automation is a growing enterprise IT priority. But the data repository options that have been around for a while tend to fall short in their ability to serve as the foundation for big data analytics powered by AI. Traditional data warehouses, for example, support […]
Atea – Enabling organizations to tame complexity, manage growth
Atea is focused on helping organizations maximize the value of their IT investments—from initial deployment, throughout their lifecycle, and into the next generation of technology solutions. With almost 8,000 employees located in 85 offices across seven countries in the Nordic and Baltic regions of Europe, the company offers a complete range of hardware, software and services […]
Apple Lists APIs That Developers Can Only Use for Good Reason
To boost user privacy, Apple is requiring app developers to declare a reason to use specific APIs. The post Apple Lists APIs That Developers Can Only Use for Good Reason appeared first on SecurityWeek.
Reddit Taps Fredrick ‘Flee’ Lee for CISO Job
Reddit hires a 20-year cybersecurity veteran to manage its privacy and security functions as it prepares for an IPO. The post Reddit Taps Fredrick ‘Flee’ Lee for CISO Job appeared first on SecurityWeek.
Huawei Unleashes the Power of Technology for a Sustainable, Digital Europe
Digital transformation is key in building Europe’s resilience and sustainability Huawei As a committed partner of digital Europe, Huawei builds innovative ICT infrastructure and works with customers and partners to accelerate the digital transformation of enterprises, aiming to drive economic prosperity and build a sustainable, digital Europe. — Ernest Zhang, President, Huawei Enterprise Business Group […]
20 issues shaping generative AI strategies today
Organizations are rushing to figure out how to extract business value from generative AI — without falling prey to the myriad pitfalls arising. The adoption curve here is by no means gradual, with most enterprise leaders quickly working to harness the technology’s potential mere months after the November 2022 launch of gen AI tool ChatGPT […]
Swiss Re streamlines insurers’ natural disaster response with AI
Natural disasters have been increasing in frequency, severity, and diversity in recent years, pressuring insurers to be more efficient and to anticipate event and claim fallout. The same goes for reinsurance firms, which provide insurance for insurers, reducing their likelihood of large payouts—a significant factor in the insurance industry’s response to natural disasters. According […]
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks
Ivanti EPMM customers have been warned of CVE-2023-35081, a second zero-day vulnerability that has been exploited in targeted attacks. The post Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks appeared first on SecurityWeek.
CISA Analyzes Malware Used in Barracuda ESG Attacks
CISA has shared analysis reports on three malware families obtained from an organization hacked via a recent Barracuda ESG vulnerability. The post CISA Analyzes Malware Used in Barracuda ESG Attacks appeared first on SecurityWeek.
Building a successful platform engineering practice
As companies continue to shift towards the cloud, platform engineering has emerged as a practice for organizations to efficiently and effectively deploy modern workloads, while maintaining a repeatable secure deployment pattern. Organizations looking to remain competitive and relevant in today’s fast-paced world need to focus on setting up processes that enable development teams to build […]
5 steps to drive and foster innovation in IT
Tight budgets and labor shortages have remained an ongoing challenge for IT leaders in 2023. As a result, CIOs are looking at ways of doing more with less, while continuing to digitally transform their organizations. How can we free up funds in one area to invest or innovate in another area of the business? This […]
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications
US and Australian government agencies provide guidance on addressing access control vulnerabilities in web applications. The post US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications appeared first on SecurityWeek.
In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 24, 2023. The post In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android appeared first on SecurityWeek.
How much advantage does edge offer? And how are organizations using it?
Organizations are fast discovering the business benefits of edge solutions, such as edge computing. Real-time data processing is enabling them to make faster decisions, secure their assets (both physical and virtual), and gain better control over their operations. It all sounds attractive, but you may wonder to what extent edge computing actually provides an advantage […]
Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins
The first attempts to exploit CVE-2023-24489, a recent critical Citrix ShareFile remote code execution vulnerability, have been observed. The post Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins appeared first on SecurityWeek.
Industry Reactions to New SEC Cyber Incident Disclosure Rules: Feedback Friday
Several industry professionals comment on the SEC’s new cybersecurity incident disclosure rules and their implications. The post Industry Reactions to New SEC Cyber Incident Disclosure Rules: Feedback Friday appeared first on SecurityWeek.
Zimbra Patches Exploited Zero-Day Vulnerability
Zimbra has released patches for a cross-site scripting (XSS) vulnerability that has been exploited in malicious attacks. The post Zimbra Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek.
JLL reinvents itself for the AI era
City skyscrapers and office parks may remain scarcely occupied in the post-pandemic work era, but commercial real estate player JLL’s business is not slowing down, thanks to the company’s embrace of technology and high-growth opportunities to adapt and prosper. The Chicago-based commercial real estate company, one of the largest in the world, has invested heavily […]
Embracing neurodiversity in IT for competitive advantage
The term neurodiversity covers a range of conditions, as well as the various spectrums within each. So each neurodiverse professional’s experience is unique, but speaking for myself, being neurodiverse has been a huge competitive advantage in my technology career. The ability to pivot fast and hyperfocus are strengths, not weaknesses, and a leader that can […]
CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist
CoinsPaid says North Korean hacking group Lazarus is likely responsible for the recent theft of $37 million in cryptocurrency. The post CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist appeared first on SecurityWeek.
Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices
Several vulnerabilities found in Weintek Weincloud could have allowed hackers to manipulate and damage ICS, including PLCs and field devices. The post Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices appeared first on SecurityWeek.
Ignoring data lifecycle management is putting your business at risk
Enterprises are dealing with increasing amounts of data, and managing it has become imperative to optimize its value and keep it secure. Data lifecycle management is essential to ensure it is managed effectively from creation, storage, use, sharing, and archive to the end of life when it is deleted. Data lifecycle management covers the processes, […]
Get the best value from your data by reducing risk and building trust
Users are increasingly concerned about how their data is harvested and used. Data privacy is an essential ingredient of trust in a business and is thus inextricably linked to growth. Data privacy is the control of data harvested, stored, utilized, and shared in compliance with data protection regulations and privacy best practices. Data privacy encompasses […]
You can’t grow trust on a rocky infrastructure
There is an explosion of personal data about what we buy, where we go, and what we watch. We trust the custodians of our data to ensure it is not breached or used irresponsibly. But not all organizations that store and process sensitive customer data are fully aware that a chink in infrastructure can break […]
You cannot develop a high-quality customer engagement strategy without trust
Engaged customers are vital to the success of any business. Analytics is central to understanding what works for your customers. But how do you get them to share actionable data? Of course, customers are willing to share data in return for better services and products. But, they want to be safe in knowing that their […]
IT leaders grapple with shadow AI
Max Chan knew he had to do something. Soon after ChatGPT burst on the scene in November 2022, Chan realized generative AI would amount to far more than the just the latest technology flash-in-the-pan. With the ability to instantaneously ingest reams of data using large language models (LLMs), generative AI technologies such as OpenAI’s ChatGPT […]
The central role of a multi-cloud approach when future-proofing today’s dynamic enterprises
As we closed out 2022 and began 2023, VMware’s Research and Insights organization interviewed more than 450 technology executives to get their candid views on the topics that present enterprises with the greatest opportunities and challenges. The resulting report revealed a technology landscape marked by excessive pressure to deliver IT value in uncertain times. The […]
The advantages of being cloud smart
Last year VMware commissioned an eye-opening survey of IT leaders, including nearly 6,000 CIOs, CISOs, CTOs, application developers, cloud architects, and DevOps professionals across the globe. The resulting report, “The Multi-Cloud Maturity Index,” garnered important intelligence on the state of multi-cloud deployments across industries. As a multi-cloud approach becomes increasingly ubiquitous with efforts to future-proof […]
US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’
Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government. The post US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’ appeared first on SecurityWeek.
SAP raises on-prem support costs again to drive cloud adoption
First came the carrot of lower costs in the cloud with the bundled Rise with SAP offering. Now here comes the stick. SAP said Thursday it will raise the cost of support for users of its on-premises software for the second year in a row, just days after announcing plans to withhold future innovations in […]
European Threat Intelligence Firm QuoIntelligence Raises $5.5 Million in Seed Funding
Threat intelligence services provider QuoIntelligence has raised €5 million ($5.5 million) in seed funding. The post European Threat Intelligence Firm QuoIntelligence Raises $5.5 Million in Seed Funding appeared first on SecurityWeek.
Head of US Cybersecurity Agency Sees Progress on Election Security, With More Work Needed for 2024
CISA Director Jen Easterly says more is needed to defend the integrity and resiliency of the election process ahead of the 2024 election. The post Head of US Cybersecurity Agency Sees Progress on Election Security, With More Work Needed for 2024 appeared first on SecurityWeek.
TSA Updates Pipeline Cybersecurity Requirements
The TSA has released updated cybersecurity requirements for pipeline owners and operators, instructing them to test assessment and incident response plans. The post TSA Updates Pipeline Cybersecurity Requirements appeared first on SecurityWeek.
Multiple Security Issues Identified in Peloton Fitness Equipment
Internet-connected Peloton workout equipment is impacted by multiple security risks, such as having USB debugging enabled. The post Multiple Security Issues Identified in Peloton Fitness Equipment appeared first on SecurityWeek.
The Good, the Bad and the Ugly of Generative AI
Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive one to thrive.” The post The Good, the Bad and the Ugly of Generative AI appeared first on SecurityWeek.
Protect AI Raises $35 Million to Protect Machine Learning and AI Assets
Machine Learning and Artificial Intelligence security firm Protect AI raised $35 million in Series A funding led by Evolution Equity Partners. The post Protect AI Raises $35 Million to Protect Machine Learning and AI Assets appeared first on SecurityWeek.
Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads
Researchers discovered two vulnerabilities in the Ubuntu OverlayFS module: CVE-2023-2640 and CVE-2023-32629 (together dubbed ‘GameOver(lay)’). The post Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads appeared first on SecurityWeek.
CardioComm Takes Systems Offline Following Cyberattack
Canadian medical software provider CardioComm has taken systems offline to contain a cyberattack. The post CardioComm Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats
An Axis network door controller vulnerability can be exploited to target facilities, exposing them to both physical and cyber threats. The post Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats appeared first on SecurityWeek.
CIO Diane Schwarz on the power of professional ecosystems
Diane Schwarz knows it as well as anyone: You can’t climb to the C-suite alone. It takes an ecosystem of colleagues, clients, and partners — all of whom help you navigate what is often a nonlinear path. Such has been the case in Diane’s own storied career, from her education at Notre Dame and Chicago […]
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus
Maximus Inc says that the personal information of 8 to 11 million individuals was stolen in the MOVEit cyberattack. The post Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus appeared first on SecurityWeek.
Companies Required by SEC to Disclose Cybersecurity Incidents in 4 Days
The SEC has adopted new rules requiring public companies to disclose cybersecurity breaches that have a material impact within four days. The post Companies Required by SEC to Disclose Cybersecurity Incidents in 4 Days appeared first on SecurityWeek.
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation
Researchers say a whopping 62 percent of AWS environments may be exposed to the newly documented AMD ‘Zenbleed’ information leak flaw. The post Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation appeared first on SecurityWeek.
Adapt to business changes with flexible licensing
When it comes to technology, the one thing you can count on is change. Requirements evolve over time as organizations adapt their environments and deployments to meet new demands and challenges. But in the past few years, this rate of change has skyrocketed. What an organization needs one quarter may be drastically different than what […]
Low-Tech Collaboration Emerges as The Key to Protecting Complex Enterprise Infrastructure Environments
The complexity of today’s enterprise infrastructure environment has created demand for a great variety of dedicated point security solutions, triggering a disconcerting array of alarms and alerts that most organizations struggle to address with current access to talent and staff. While implementing effective strategies that harness automation and security technology remain critical, the most successful […]
ServiceNow adds new features to its Now Assist generative AI assistant
ServiceNow is adding new features to its Now Assist generative AI assistant that comes bundled with the company’s Now platform, designed to help organizations automate workflows. The new capabilities of Now Assist, which include case summarization and text-to-code, are compatible with all workflows and are designed to drive productivity and efficiency for organizations, the company […]
Best practices for building a single-vendor SASE solution
Over the past three or four years, the industry has been abuzz with the concept of delivering converged security and networking features via the cloud. Secure Access Service Edge combines networking solutions like SD-WAN with cloud-delivered security like firewall as a service (FWaaS), cloud access security broker(CASB), and secure web gateway (SWG). But even with all the hype, most considered SASE as something […]
Deloitte and SAP team to create the perfect ware for trade classification
Suppose you have an international apparel company that manufactures and sells shirts. But let’s focus on just one shirt to start. Following common industry practice, you have the shirt manufactured in one country. The raw materials for manufacturing come from another country. And when the shirt is completed, it’s distributed to a third country to […]
Ex-NSA Official Harry Coker Tapped for National Cyber Director Job
The Biden administration has nominated former Navy commander Harry Coker to replace the retired Chris Inglis. The post Ex-NSA Official Harry Coker Tapped for National Cyber Director Job appeared first on SecurityWeek.
How digital humans can make healthcare technology more patient-centric
One of the biggest issues in healthcare is staffing shortages—and it impacts us all. While healthcare staffing challenges are not new, they are forecasted to reach crisis levels in the coming years. For nursing staff alone, the International Centre on Nurse Migration projects a 13 million shortage by 2030, an increase from 6 million pre-pandemic. And the World Health Organization […]
CDI — Accelerated, award-winning digital transformation with VMware Technologies
Digitally transforming a business is never a “one size fits all” strategy. Every company has its unique challenges and must solve problems in ways that make sense for their business. CDI, a VMware partner and VMware Cross-Cloud Managed Services Provider, understands the difficulties facing businesses trying to digitally transform. “Organizations often want a digital transformation. […]
Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI
Cyclops emerges from stealth mode with $6.4 million in seed funding and a generative AI-powered cybersecurity search platform. The post Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI appeared first on SecurityWeek.
Microsoft Message Queuing Vulnerabilities Allow Remote Code Execution, DoS Attacks
Fortinet has published details on a series of critical- and high-severity vulnerabilities in the Microsoft Message Queuing service. The post Microsoft Message Queuing Vulnerabilities Allow Remote Code Execution, DoS Attacks appeared first on SecurityWeek.
Dozens of Organizations Targeted by Akira Ransomware
The Akira ransomware operators claim to have compromised 63 organizations since March 2023, mostly SMBs. The post Dozens of Organizations Targeted by Akira Ransomware appeared first on SecurityWeek.
Russian Cybersecurity Firm Founder Jailed for 14 Years
Russia has sentenced Ilya Sachkov, co-founder of the Group-IB cybersecurity firm, to 14 years in prison on treason charges. The post Russian Cybersecurity Firm Founder Jailed for 14 Years appeared first on SecurityWeek.
Code Execution Vulnerability Impacts 900k MikroTik Devices
Over 900,000 devices are impacted by an arbitrary code execution vulnerability in MikroTik RouterOS. The post Code Execution Vulnerability Impacts 900k MikroTik Devices appeared first on SecurityWeek.
CISO Conversations: Field CISOs From VMware Carbon Black and NetSPI
SecurityWeek talks to Field CISOs, Fawaz Rasheed (VMware Carbon Black) and Nabil Hannan (NetSPI), about this emerging role. The post CISO Conversations: Field CISOs From VMware Carbon Black and NetSPI appeared first on SecurityWeek.
Real estate CIOs drive deals with data
The residential real estate industry may not be perceived to be as digitally aggressive as Wall Street titans and multinational manufacturing conglomerates. But in reality, some of the largest, most established realty franchises, such as Re/Max and Keller Williams, have made all the right moves, pursuing digital transformations built on the cloud and primed to […]
Dr. Pankaj Setia on the challenges that will redefine CIOs’ careers
Dr Setia, also the chairperson of the centre for digital transformation at the business school, teaches graduate-level courses on the leadership of digital organizations, strategic management of digital innovations, and digital transformation. He has previously taught for many years at Michigan State University and the University of Arkansas in the US. According to Dr Setia, […]
A forensic look into cloud success with Broadcom’s Andy Nallappan
Companies moving to the cloud often find themselves at a crossroads near the midpoint of their migrations, spending more than they intended and getting less than they hoped. Often that’s because their IT organization isn’t equipped with the culture, mindset, and skills necessary to capitalize on the cloud. Andy Nallappan has had a long career in […]
Alphabet bets on generative AI as cloud boosts Q2 revenue
Alphabet on Tuesday reported a 7% increase in revenue for the quarter ended June driven by the growth in its cloud computing division, Google Cloud. The company posted revenue of $74.6 billion compared to $69.7 billion in the corresponding period last year. Net income for the company rose to $18.36 billion from $16 billion during […]
How IT leaders are driving new revenue
Sandwich-focused restaurant franchise Subway has some 37,000 locations worldwide, each of which faces a unique combination of factors, such as local competition and customer demographics, that impact sales and profitability. But Donagh Herlihy, the company’s chief digital and information officer, has a corporate-level solution to help each individual store determine “the sweet spot of pricing” […]
Physical experience, digital convenience: The future of retail
The future of retail is “phygital,” as every retail and ecommerce publication on the internet is screaming right now. If you’ve never heard the term before, it’s a portmanteau of “physical” and “digital” – and represents the merging of the two forms of retail and shopping. Physical retail and ecommerce are increasingly blending together – […]
Why entrepreneurs claim there’s no better place to do business than Puerto Rico
After graduating from Universidad Politécnica de Puerto Rico with a degree in computer engineering, Alberto Lugo knew he wanted to be an entrepreneur, and he knew that he wanted to build his company on the island. A college internship in Puerto Rico with Microsoft gave him the spark of an idea, and after working for […]
Webinar Tomorrow: Exposing Common Myths of OT Cybersecurity
Join SecurityWeek and TXOne Networks for this webinar as we expose common misconceptions surrounding the security of Operational Technology (OT) and dive into the evolving threat landscape. The post Webinar Tomorrow: Exposing Common Myths of OT Cybersecurity appeared first on SecurityWeek.
Maritime Cyberattack Database Launched by Dutch University
The NHL Stenden University of Applied Sciences in the Netherlands has launched MCAD, the Maritime Cyber Attack Database. The post Maritime Cyberattack Database Launched by Dutch University appeared first on SecurityWeek.
TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems
TETRA:BURST – vulnerabilities in widely used radio standard could threaten military and law enforcement communications, as well as ICS. The post TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems appeared first on SecurityWeek.
Thales Acquiring Imperva From Thoma Bravo for $3.6 Billion
French aerospace, defense, and security giant Thales is acquiring cybersecurity firm Imperva from Thoma Bravo in a $3.6 billion deal. The post Thales Acquiring Imperva From Thoma Bravo for $3.6 Billion appeared first on SecurityWeek.
Salesforce updates its Commerce Cloud with digital commerce capabilities
Salesforce is adding new features to its Commerce Cloud that will help organizations embed digital commerce capabilities into sales, service, or marketing processes to drive more revenue, the company said on Tuesday. The Commerce Cloud is a product suite aimed at helping organizations create unified buying experiences for their customers across channels, including mobile, social, […]
AMD CPU Vulnerability ‘Zenbleed’ Can Expose Sensitive Information
AMD has released microcode patches to address Zenbleed, a vulnerability in its Zen 2 CPUs that can allow an attacker to access sensitive information. The post AMD CPU Vulnerability ‘Zenbleed’ Can Expose Sensitive Information appeared first on SecurityWeek.
7 IT delegation mistakes to avoid
CIOs are burdened with far too many responsibilities for a single individual to competently or productively handle on their own. That’s why it’s important to know how to efficiently delegate tasks to carefully selected team members. Unfortunately, many CIOs are reluctant to assign any important task to a subordinate, believing that the job may not […]
The unsung skill too many IT leaders shortchange
When it comes to harvesting full value from the rich set of technologies available to every organization, communications skills are probably not on every IT leader’s short list of essential capabilities. Technical skills, for sure. Integration? No doubt. But full spectrum communication skills — that is, oral, written, and digital/social — are almost as essential, […]
Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government
An Ivanti EPMM product zero-day vulnerability tracked as CVE-2023-35078 has been exploited in an attack aimed at the Norwegian government. The post Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government appeared first on SecurityWeek.
Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks
Apple patches another zero-day flaw used in the ‘Operation Triangulation’ exploit chain. iOS and macOS-powered devices are affected. The post Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks appeared first on SecurityWeek.
Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab
100% key capture rate and successful ransomware decryption shows progress in ransomware defense capabilities. The post Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab appeared first on SecurityWeek.
OneTrust Raises $150 Million at $4.5 Billion Valuation
Privacy management solutions provider OneTrust raises $150 million at a $4.5 billion valuation. The post OneTrust Raises $150 Million at $4.5 Billion Valuation appeared first on SecurityWeek.
Cybersecurity Public-Private Partnership: Where Do We Go Next?
Sharing threat information and cooperating with other threat intelligence groups helps to strengthen customer safeguards and boosts the effectiveness of the cybersecurity sector overall. The post Cybersecurity Public-Private Partnership: Where Do We Go Next? appeared first on SecurityWeek.
MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows
Experts believe the Cl0p ransomware gang could earn as much as $100 million from the MOVEit hack, with the number of confirmed victims approaching 400. The post MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows appeared first on SecurityWeek.
Los Angeles SIM Swapper Pleads Guilty to Cybercrime Charges
Amir Golshan, of Los Angeles, pleaded guilty to perpetrating multiple cybercrime schemes using SIM swapping. The post Los Angeles SIM Swapper Pleads Guilty to Cybercrime Charges appeared first on SecurityWeek.
Over 20,000 Citrix Appliances Vulnerable to New Exploit
Over 20,000 appliances are vulnerable to a new exploit technique targeting a recent Citrix ADC zero-day vulnerability CVE-2023-3519. The post Over 20,000 Citrix Appliances Vulnerable to New Exploit appeared first on SecurityWeek.
Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo
Atlassian patches high-severity remote code execution vulnerabilities in Confluence and Bamboo products. The post Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo appeared first on SecurityWeek.
Perimeter81 Vulnerability Disclosed After Botched Disclosure Process
Cybersecurity firm Perimeter81 appears to have botched the responsible disclosure process for a privilege escalation vulnerability found in its macOS application. The post Perimeter81 Vulnerability Disclosed After Botched Disclosure Process appeared first on SecurityWeek.
LaLiga transforms fan experience with AI
IT is playing a key role in how the world’s most popular sport is played and experienced in Spain. The country’s premier football division, LaLiga, is leveraging artificial intelligence and machine learning (ML) to deliver new insights to players and coaches, and to transform how fans enjoy and understand the game. The transformation, which started […]
Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies
The China-linked cyberspy group APT31 is believed to be behind a data-theft campaign targeting industrial organizations in Eastern Europe. The post Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies appeared first on SecurityWeek.
How automation enables better data governance
According to IBM, every day people create an estimated 2.5 quintillion bytes of new data (that’s 2.5 followed by 18 zeros!). More than 60% of corporate data is unstructured, according to AIIM, and a significant amount of this unstructured data is in the form of non-traditional “records,” like text and social media messages, audio files, […]
Taking a page from the B2C book to improve B2B product user experience
When you think of B2B products, chances are you don’t picture the seamless, intuitive user experience that comes alongside the best of B2C products. Most enterprise products have a reputation for being complex and versatile, but not simple and universal. While B2B user experience focuses on providing in-depth content and adaptability, the B2C user experience […]
Optimizing IT resources through infrastructure, people, and processes
According to McKinsey, the goal of digital transformation is to build a competitive advantage by continuously deploying tech at scale to improve customer experience and lower costs. Amid today’s uncertain economy, digital transformation is arguably more important than ever to remain afloat, not just competitive. EY recently found that in current economic and financial uncertainty, […]
3 benefits of engaging hyperscalers when evaluating SAP RISE
Since SAP RISE came to the market, it seems that SAP’s goal is to force organizations into a relatively unproven and inflexible RISE model. To do so, they are obfuscating reality, limiting transparency, and changing their historic business practices to make RISE appear financially superior to the traditional perpetual license models. Because of the way […]
Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails
Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online. The post Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails appeared first on SecurityWeek.
Google Creates Red Team to Test Attacks Against AI Systems
Google has created a dedicated AI Red Team tasked with carrying out complex technical attacks on artificial intelligence systems. The post Google Creates Red Team to Test Attacks Against AI Systems appeared first on SecurityWeek.
In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 17, 2023. The post In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware appeared first on SecurityWeek.
Russia Seeks 18 Years in Jail for Founder of Cybersecurity Firm
A Russian prosecutor requested an 18-year prison sentence for Ilya Sachkov, founder of cybersecurity firm Group-IB. The post Russia Seeks 18 Years in Jail for Founder of Cybersecurity Firm appeared first on SecurityWeek.
OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers
Three vulnerabilities in Apache OpenMeetings could be exploited by attackers to take over an administrator account and execute arbitrary code remotely. The post OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers appeared first on SecurityWeek.
VirusTotal Provides Clarifications on Data Leak Affecting Premium Accounts
VirusTotal has provided clarifications on the recent data leak that resulted in the exposure of information on 5,600 of the threat analysis service’s customers. The post VirusTotal Provides Clarifications on Data Leak Affecting Premium Accounts appeared first on SecurityWeek.
Tech Titans Promise Watermarks to Expose AI Creations
Amazon, Google, Meta, Microsoft, OpenAI and other tech firms have voluntary agreed to AI safeguards set by the White House. The post Tech Titans Promise Watermarks to Expose AI Creations appeared first on SecurityWeek.
GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees
North Korean hackers are targeting employees at technology firms with repository invitations and malicious NPM packages. The post GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees appeared first on SecurityWeek.
How real-time operational insights drive superior tech platform development
Software-as-a-Service (SaaS) and SaaS-based service solutions have emerged as powerful tools. They address increasingly complex business processes, tackling anything from specific single functions to entire client-vendor relationship networks. SaaS is quickly evolving, and specialization has led to sophisticated, industry-specific or process-specific solutions, which can come to represent industry best practices. So as organizations face evolving […]
Tampa General Hospital Says Patient Information Stolen in Ransomware Attack
Tampa General Hospital has started informing patients that their personal information was stolen in a ransomware attack. The post Tampa General Hospital Says Patient Information Stolen in Ransomware Attack appeared first on SecurityWeek.
Citrix Zero-Day Exploited Against Critical Infrastructure Organization
CISA says the new Citrix zero day vulnerability tracked as CVE-2023-3519 has been exploited against a critical infrastructure organization. The post Citrix Zero-Day Exploited Against Critical Infrastructure Organization appeared first on SecurityWeek.
4 CIOs on marketing IT’s value to the business
Perception matters, particularly for internal IT organizations. While CIOs may be acutely aware of the essential value their teams create, that value isn’t always evident to stakeholders and clients. We may hope that the work speaks for itself, but the reality is, IT leaders must communicate IT’s accomplishments in a way that people can understand […]
New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices
Two new serious vulnerabilities in AMI BMC, which is used by millions of devices, can allow attackers to take control of systems and cause physical damage. The post New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices appeared first on SecurityWeek.
Cracking the code: solving for 3 key challenges in generative AI
By Chet Kapoor, Chairman and CEO, DataStax Generative AI is on everyone’s mind. It will revolutionize how we work, share knowledge, and function as a society. Simply put, it will be the biggest innovation we will see in our lifetime. One of the biggest areas of opportunity is productivity. Think about where we’re at right […]
JumpCloud Cyberattack Linked to North Korean Hackers
SentinelOne has linked the recent JumpCloud cyberattack to North Korean hackers, based on the published IoCs. The post JumpCloud Cyberattack Linked to North Korean Hackers appeared first on SecurityWeek.
Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups
Estée Lauder has confirmed suffering a data breach just as two ransomware groups claimed to have targeted the company, both allegedly stealing vast amounts of information. The post Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups appeared first on SecurityWeek.
Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis
While traditional security awareness teaches users how to recognize social engineering, new behavior changing trains the brain on the correct recognition and response to phishing. The post Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis appeared first on SecurityWeek.
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability
Multiple DDoS botnets have been observed targeting CVE-2023-28771, a Zyxel firewall vulnerability patched in April. The post Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability appeared first on SecurityWeek.
P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers
The Rust-based peer-to-peer worm ‘P2PInfect’ is targeting a Lua sandbox escape vulnerability in internet-accessible Redis servers. The post P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers appeared first on SecurityWeek.
10 Steps to Help Secure Your APIs
Securing APIs is a noble, though complex journey. Security teams can leverage these 10 steps to help secure their APIs. The post 10 Steps to Help Secure Your APIs appeared first on SecurityWeek.
New Ransomware With RAT Capabilities Impersonating Sophos
The recently discovered SophosEncrypt ransomware is impersonating the cybersecurity firm Sophos. The post New Ransomware With RAT Capabilities Impersonating Sophos appeared first on SecurityWeek.
3 technology trends set to revolutionize retail
Few verticals have undergone as massive a change as retail in the last couple of years. Driven by cutthroat competition and significant shifts in customer expectations, retail companies are striving to align themselves with the changing landscape, with IT playing a crucial role in their ability to achieve this. To offer customers a shopping experience […]
5 ways CIOs can help eliminate a culture of busyness
At the turn of the 20th century, economists predicted that living a life of leisure would be the ultimate aspiration for the elite. These same economists suggested that those who were able to take more time off from work would be considered the most successful. Now the inverse seems to be the case. Today, those […]
Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities
Adobe releases a second round of patches for recent ColdFusion vulnerabilities, including flaws that have been exploited in attacks. The post Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities appeared first on SecurityWeek.
Famed Hacker Kevin Mitnick Dead at 59
Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer. At the time of his death, he was KnowBe4 Chief Hacking Officer. The post Famed Hacker Kevin Mitnick Dead at 59 appeared first on SecurityWeek.
Bulletproofing your threat surface with the Microsoft security ecosystem
Since Satya Nadella took the helm in 2014, Microsoft has doubled down on its support for non-Microsoft technologies. Its commitment to Linux turned what might have been a Windows Server-based cloud computing backwater into the Microsoft Azure powerhouse, the only public cloud to give the AWS juggernaut a serious run for its money. This “plays […]
Lexmark International’s Vishal Gupta on next gen tech leadership
As software and data move to the center of a company’s products and services, the background and skills of the executive leadership team must evolve. When IoT becomes the driver of a new solutions P&L, the general manager of that business will need more technology acumen than general managers of the past. And when software […]
Microsoft Bows to Pressure to Free Up Cloud Security Logs
Facing intense pressure after Chinese APT hack, Microsoft plans to expand logging defaults for lower-tier M365 customers. The post Microsoft Bows to Pressure to Free Up Cloud Security Logs appeared first on SecurityWeek.
BMC Helix: Huisman Equipment’s secret to a drastically improved HR experience
Nearly a century old, Huisman Equipment B.V. designs, manufactures, and services heavy construction equipment for a wide range of industries, including petroleum, renewable energy, naval fleets, and entertainment. The company has a global reputation for providing high-quality service, cost efficiency, and rapid time to value—all while ensuring compliance with relevant regulations as it delivers its […]
Recycling Giant Tomra Takes Systems Offline Following Cyberattack
Norwegian recycling giant Tomra says internal systems have been taken offline to contain an extensive cyberattack. The post Recycling Giant Tomra Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
Two Jira Plugin Vulnerabilities in Attacker Crosshairs
Attackers are exploiting two path traversal vulnerabilities in the Stagil navigation for Jira – Menus & Themes plugin. The post Two Jira Plugin Vulnerabilities in Attacker Crosshairs appeared first on SecurityWeek.
Virtual Event Today: 2023 Cloud & Data Security Summit
Register for the Cloud & Data Security Summit to learn how to utilize tools, controls, and design models needed to properly secure cloud environments. The post Virtual Event Today: 2023 Cloud & Data Security Summit appeared first on SecurityWeek.
Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks
Over a dozen vulnerabilities patched by GE in its Cimplicity HMI/SCADA product are reminiscent of ICS attacks conducted by the Russian Sandworm group. The post Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks appeared first on SecurityWeek.
Security Awareness Training Isn’t Working – How Can We Improve It?
Security awareness training isn’t working to the level it needs to. Social engineering, however, is getting better. Why doesn’t awareness training work, and how can we improve it? The post Security Awareness Training Isn’t Working – How Can We Improve It? appeared first on SecurityWeek.
Oracle Releases 508 New Security Patches With July 2023 CPU
Oracle has released 508 new security patches as part of the July 2023 CPU, including more than 70 that address critical vulnerabilities The post Oracle Releases 508 New Security Patches With July 2023 CPU appeared first on SecurityWeek.
Empowering citizen developers for real business impact
Given the important role of software applications in powering business processes and the shortage of experienced programmers, it should not be surprising that citizen development is on the rise. Citizen developers are business users who build new applications or modify existing ones without needing help from the IT or development functions. While it’s one thing to have […]
Dissecting Alstom’s three-part IT strategy
Alstom builds high-speed trains, subways, monorails, and trams, but also develops turnkey systems, services, infrastructure, signaling, and digital mobility. And with a presence in 70 countries and around 74,000 employees, 3,100 of which are in Spain, the French multinational has important weight in the country, where it introduced a high-speed train, the first automatic metro, […]
Exploitation of New Citrix Zero-Day Likely to Increase, Organizations Warned
Citrix has patched several vulnerabilities, including CVE-2023-3519, a critical remote code execution zero-day that has been exploited in attacks. The post Exploitation of New Citrix Zero-Day Likely to Increase, Organizations Warned appeared first on SecurityWeek.
Chrome 115 Patches 20 Vulnerabilities
Chrome 115 released with patches for 20 vulnerabilities, including 11 reported by external researchers, who earned thousands of dollars in bug bounties. The post Chrome 115 Patches 20 Vulnerabilities appeared first on SecurityWeek.
US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa
The two foreign companies are being sanctioned for “for trafficking in cyber exploits used to gain access to information systems.” The post US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa appeared first on SecurityWeek.
CIOs are bullish on the possibilities for generative AI: report
CIOs are increasing their overall uptake of generative AI, pushing AI from its current role in isolated pockets of the enterprise into more organization-wide uptake and speeding the adoption of the technology across new industries, a new survey found. The survey, published today by MIT Technology Review Insights and sponsored by enterprise data management company […]
Is PC-as-a-Service part of your hybrid work strategy?
If someone told you a decade ago that deploying IT services would be more like streaming video content than the traditional procurement and provisioning process, you probably wouldn’t have believed them. Right? Enterprises have been evolving toward as-a-Service models for years, but most of this transition has been executed in software, via SaaS and other […]
Microsoft offers Dynamics users fresh incentives to move to the cloud
Microsoft unveiled a new incentive program on Tuesday to help enterprises still running its Dynamics ERP and CRM software on premises to move to the cloud. The Accelerate, Innovate, and Move program (AIM) covers a broad range of on-premises business applications, including Dynamics AX, Dynamics CRM, Dynamics GP, Dynamics NAV, Dynamics SL, and Dynamics 365 […]
NSA, CISA Issue Guidance on 5G Network Slicing Security
The NSA and CISA have published guidance on hardening 5G standalone network slices against potential threats. The post NSA, CISA Issue Guidance on 5G Network Slicing Security appeared first on SecurityWeek.
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme
Olalekan Jacob Ponle, a Nigerian national living in the UAE, was sentenced to 8 years in a US prison for his role in an $8 million BEC scheme. The post Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme appeared first on SecurityWeek.
Data center investments simplify IT and cloud modernization
HPE Aruba Networking is coming off a very strong Q2 2023 with our Intelligent Edge revenue reaching $1.3 billion, up 50% from the prior-year period. We have invested in the areas of security and private 5G with two recent acquisitions that expand our edge-to-cloud portfolio to meet the needs of organizations as they increasingly migrate from […]
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware
A threat actor’s real identity was uncovered after they infected their own computer with an information stealer. The post Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware appeared first on SecurityWeek.
WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin
Attackers have started exploiting CVE-2023-28121, a recent critical vulnerability in the WooCommerce Payments WordPress plugin. The post WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin appeared first on SecurityWeek.
White House Unveils Cybersecurity Labeling Program for Smart Devices
New US cyber program will label smart devices that are considered safer and less vulnerable to attacks. The post White House Unveils Cybersecurity Labeling Program for Smart Devices appeared first on SecurityWeek.
Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat
Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of UK telecoms firm TalkTalk. In 2019 he was convicted and sentenced to four years in prison. The post Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat appeared first on SecurityWeek.
Netcraft Raises $100M, Hires New CEO for Global Expansion
The British company secures $100 million in funding and announced the hiring of a new chief executive to pursue global expansion plans. The post Netcraft Raises $100M, Hires New CEO for Global Expansion appeared first on SecurityWeek.
10 most difficult-to-fill IT roles — and how to address the gap
The CIO’s biggest hiring challenge is clear: “There is simply not enough talent to go around,” says Scott duFour, global CIO of business payments company Fleetcor, for whom positions in areas such as AI, cloud architecture, and data science remain the toughest to fill. This enduring talent gap has been a pressing concern for years, says Max Chan, CIO […]
Hard-earned advice for nurturing high-performing IT teams
We talk a lot in the IT press about maximizing the benefits of software, hardware, and emerging technologies to create business value. What we don’t spend enough time on is discussing how we can maximize the value of our most precious resource: our people. The care and retention of IT staff should be viewed as […]
Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks
At least two new Adobe ColdFusion vulnerabilities have been exploited in the wild, including one that has not been completely patched by the software giant. The post Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks appeared first on SecurityWeek.
A Disturbing Trend in Ransomware Attacks: Legitimate Software Abuse
When discussing ransomware groups, too often the focus is on their names, such as Noberus, Royal or AvosLocker, rather than the tactics, techniques, and procedures (TTPs) used in an attack before ransomware is deployed. For example, the particularly heavy use of legitimate software tools in ransomware attack chains has been notable in recent times. In […]
Norway Threatens $100,000 Daily Fine on Meta Over Data
Norway’s data protection agency wants to ban Facebook and Instagram owner Meta from using the personal information of users for targeted advertising, threatening a $100,000 daily fine if the company continues. The post Norway Threatens $100,000 Daily Fine on Meta Over Data appeared first on SecurityWeek.
How SAP changed Carl Zeiss AG’s view of optical product manufacturing
It’s 1857 in Jena, Germany, and you want a microscope—but not just any. You’ve set your sights on owning the finest instrument anywhere. And you know where to go. A retail shop has just opened at Johannisplatz square 10 in Jena—home to Carl Zeiss. When Carl Zeiss produced his microscope prototype years earlier, he created a […]
Generac powers business transformation with data, AI
Being a company’s first CIO provides room to make your mark, and Generac Power Systems’ Tom Dickson has done just that, moving swiftly to help transform the backup generator manufacturer into an energy technology company. Dickson, who joined the Wisconsin-based company in 2020, has launched PowerInsights, a homegrown digital platform that employs IoT and […]
Embracing Consolidation and Squashing Silos
While silos pose significant dangers to an enterprise’s cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency, incident response capabilities, and risk management. The post Embracing Consolidation and Squashing Silos appeared first on SecurityWeek.
How to manage cloud exploitation at the edge
Small- and medium-sized businesses and enterprises have accelerated their move into the cloud since the global pandemic. The Infrastructure-as-a-Service (IaaS) cloud computing model enables remote working, supports digital transformation, provides scale, increases resilience, and can reduce costs. However, this shift requires a thorough understanding of the security implications and how a business can protect its […]
Owner of Cybercrime Website BreachForums Pleads Guilty
Conor Brian Fitzpatrick, the owner of the infamous cybercrime website BreachForums, has pleaded guilty in a US court. The post Owner of Cybercrime Website BreachForums Pleads Guilty appeared first on SecurityWeek.
Leverage Avaya’s Expertise in AI-driven CX Innovation
In the realm of dynamic enterprise architecture, the potential of AI to drive innovation is increasingly recognized, though still a considerable undertaking for many large enterprises, especially those with intricate on-premises environments. Ericsson IndustryLab’s recent study notes that over half of such organizations are still struggling to fully integrate and exploit AI, with projects initiated as many as 5-7 years […]
CIO playbook: Rebalancing your portfolio in a multicloud world
Financial investors perform a fascinating, yet delicate dance. Consider assets such as stocks. To weather volatile stock markets, investors rebalance their portfolios often, dumping some stocks while picking up others based on trends. Professional investors factor in certain financial targets and risk tolerance as they pursue maximum ROI. IT leaders can relate to this dance. […]
JumpCloud Says Sophisticated Nation-State Hackers Targeted Specific Customers
JumpCloud says a sophisticated nation-state threat actor breached its systems, targeting specific customers. The post JumpCloud Says Sophisticated Nation-State Hackers Targeted Specific Customers appeared first on SecurityWeek.
MOVEit Hack: Number of Impacted Organizations Exceeds 340
The number of entities impacted by the MOVEit hack — either directly or indirectly — reportedly exceeds 340 organizations and 18 million individuals. The post MOVEit Hack: Number of Impacted Organizations Exceeds 340 appeared first on SecurityWeek.
Havmor’s VP IT Dhaval Mankad on ‘melting’ hurdles with a scoop of digital innovation
Selling sweet treats to millions of Indians since 1944, India’s beloved ice-cream brand, Havmor (now part of Korean conglomerate LOTTE), has grown beyond its humble beginnings to stupefying heights. While several factors have contributed to its success, it is apparent that without a secure technological backbone, this business would not reach the magnitude that it […]
SecurityWeek Analysis: Over 210 Cybersecurity M&A Deals Announced in First Half of 2023
An analysis conducted by SecurityWeek shows that more than 210 cybersecurity-related mergers and acquisitions were announced in the first half of 2022. The post SecurityWeek Analysis: Over 210 Cybersecurity M&A Deals Announced in First Half of 2023 appeared first on SecurityWeek.
What the CIO role will look like in 2026
Despite characterizations of the modern CIO as a straight-up business leader and strategist, many CIOs still spend the bulk of their time on technical issues. Many IT leaders today are focused more on security management as well as improving IT operations and systems performance than they are on top-line and strategic activities such as driving […]
Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw
Adobe patches critical code execution vulnerability in ColdFusion for which a proof-of-concept (PoC) blog exists. The post Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw appeared first on SecurityWeek.
Top 5 Features your ITSM Solution Should Have
Efficiently managing IT services is crucial for businesses of all sizes to remain competitive and meet user expectations. To guide technology leaders in making informed decisions about IT service management (ITSM) solutions, this article reveals the top five functionalities you need to deliver exceptional service to end-users. Throughout our time matching organizations with IT software […]
In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 10, 2023. The post In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks appeared first on SecurityWeek.
Zluri Raises $20 Million for SaaS Management Platform
SaaS management platform Zluri has raised $20 million in a Series B funding round led by Lightspeed. The post Zluri Raises $20 Million for SaaS Management Platform appeared first on SecurityWeek.
Industry Reactions to EU-US Data Privacy Framework: Feedback Friday
Feedback Friday: industry professionals comment on the implications of the recently approved EU-US Data Privacy Framework. The post Industry Reactions to EU-US Data Privacy Framework: Feedback Friday appeared first on SecurityWeek.
Critical Cisco SD-WAN Vulnerability Leads to Information Leaks
A critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances. The post Critical Cisco SD-WAN Vulnerability Leads to Information Leaks appeared first on SecurityWeek.
Secure Code Warrior Raises $50 Million to Help Developers Write Secure Code
Secure Code Warrior has raised $50 million in Series C funding to further empower developers to address code vulnerabilities. The post Secure Code Warrior Raises $50 Million to Help Developers Write Secure Code appeared first on SecurityWeek.
Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability
Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had exploited a zero-day vulnerability. The post Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability appeared first on SecurityWeek.
What is change management? A guide to organizational transformation
What is the main purpose of change management? In modern IT, change management has many different guises. Project managers view change management as the process used to obtain approval for changes to the scope, timeline, or budget of a project. Infrastructure professionals consider change management to be the process for approving, testing, and installing a […]
How Avnet accelerates its product design process
As a 2023 CIO100 winner, Avnet Inc., the Arizona-based electronic component distributor, has distinguished itself with groundbreaking projects that leverage established and emerging tech to up productivity and efficiency, and to generally do things differently. Avnet’s Design Hub is one example. According to Max Chan, the company’s CIO, the supply chain and supply chain management […]
Should you build or buy generative AI?
Whether it’s text, images, video or, more likely, a combination of multiple models and services, taking advantage of generative AI is a ‘when, not if’ question for organizations. Since the release of ChatGPT last November, interest in generative AI has skyrocketed. It’s already showing up in the top 20 shadow IT SaaS apps tracked by […]
US Publishes Implementation Plan for National Cybersecurity Strategy
The Biden-Harris administration has laid out the plan for implementing the National Cybersecurity Strategy. The post US Publishes Implementation Plan for National Cybersecurity Strategy appeared first on SecurityWeek.
Google Researchers Discover In-the-Wild Exploitation of Zimbra Zero-Day
Google researchers have discovered that a Zimbra zero-day vulnerability has been exploited in the wild, with users being advised to manually patch their installations. The post Google Researchers Discover In-the-Wild Exploitation of Zimbra Zero-Day appeared first on SecurityWeek.
Sustainable IT: A crisis needing leadership and change
As demand for computing power continues to rise, the environmental impact of technology cannot be ignored. We recently held our annual corporate conference addressing many subjects top of mind with IT leaders and it came as no surprise that a session on sustainability was one of the most attended. As technology innovators, we all must […]
Why is Salesforce hiking prices, and how does it affect customers?
Salesforce’s decision to raise the price of its software products starting in August can be attributed to a combination of factors, including inflation and pressure to fuel revenue after a pause in price hikes during the pandemic period — issues that are affecting other major technology suppliers, analysts said. “We have seen a general rise […]
API Flaw in QuickBlox Framework Exposed PII of Millions of Users
QuickBlox SDK and API vulnerabilities impact chat and video applications used by industries including telemedicine, smart IoT, and finance. The post API Flaw in QuickBlox Framework Exposed PII of Millions of Users appeared first on SecurityWeek.
Cisco Shopping Spree Adds Oort ID Threat Detection Tech
The planned Oort purchase is Cisco’s fourth acquisition of a cybersecurity company in the first half of 2023. The post Cisco Shopping Spree Adds Oort ID Threat Detection Tech appeared first on SecurityWeek.
BlackLotus UEFI Bootkit Source Code Leaked on GitHub
The source code for the BlackLotus UEFI bootkit has been leaked on GitHub and an expert has issued a warning over the risks. The post BlackLotus UEFI Bootkit Source Code Leaked on GitHub appeared first on SecurityWeek.
Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations
Cybersecurity company Armis has identified several vulnerabilities in Honeywell ICS products that could expose industrial organizations to attacks. The post Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations appeared first on SecurityWeek.
3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say
A group of congressional Democrats reported that three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at least two years. The post 3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say appeared first on SecurityWeek.
Popular WordPress Security Plugin Caught Logging Plaintext Passwords
The All-In-One Security (AIOS) WordPress plugin was found to be writing plaintext passwords to log files. The post Popular WordPress Security Plugin Caught Logging Plaintext Passwords appeared first on SecurityWeek.
Juniper Networks Patches High-Severity Vulnerabilities in Junos OS
Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space. The post Juniper Networks Patches High-Severity Vulnerabilities in Junos OS appeared first on SecurityWeek.
Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue
Apple has re-released its Rapid Security Response updates for iOS and macOS after fixing a website access issue caused by the original patches. The post Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue appeared first on SecurityWeek.
SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products
SonicWall patches four critical-severity vulnerabilities in its Global Management System (GMS) and Analytics products. The post SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products appeared first on SecurityWeek.
9 tips for recruiting high-end IT talent
Recruiting and hiring high-end IT talent is among the most challenging tasks IT leaders face today. Even amid headlines announcing massive layoffs at tech companies, persuading change-making tech professionals to take up residence at your firm can feel nearly impossible. “The IT skills shortage is critical, with CIOs losing talented employees faster than they […]
What legacy tech teaches IT leaders about projects that last
Modernization and transformation are the IT imperatives of the day. Rationalizing applications, reinventing business processes, capitalizing on the cloud — all point to legacy systems as the dead weight and sunk costs modern day IT organizations must move beyond to reach their digital potential. As an IT professional, I too have at times thought about […]
APT Exploit Targeting Rockwell Automation Flaws Could Threaten Critical Infrastructure
Two Rockwell Automation product vulnerabilities have been used for a new exploit by an APT group that could use it to target critical infrastructure. The post APT Exploit Targeting Rockwell Automation Flaws Could Threaten Critical Infrastructure appeared first on SecurityWeek.
Orca Sues Wiz Over Alleged Cloud Security Patent Violations
Orca Security sues its main rival, claiming patent infringements, intellectual property theft and even marketing copycat behavior. The post Orca Sues Wiz Over Alleged Cloud Security Patent Violations appeared first on SecurityWeek.
China-based hackers accessed US federal executive branch emails
Microsoft has disclosed that that a cyberattack by a China-based “nation state actor” managed to access email hosted on Exchange Online and Outlook.com belonging to about 25 organizations, including government agencies. Mitigation of the attack is complete, according to a statement from Microsoft, which blamed a threat actor tracked by the company as Storm-0558. That actor, […]
5 Zero Trust and SASE trends for CISOs to watch
Last week, I attended the annual Gartner® Security and Risk Management Summit. The event gave Chief Information Security Officers (CISOs) and other security professionals the opportunity to share concerns and insights about today’s most pressing issues in cybersecurity and risk management. While every situation is unique, there are two topics our conversations always seemed to […]
When will AI usher in a new era of manufacturing?
Manufacturing processes are industry dependent, and even within a sector, they often differ from one company to another. However, some things are common to virtually all types of manufacturing: expensive equipment and trained human operators are always required, and both the machinery and the people need to be deployed in an optimal manner to keep […]
Hardcoded Accounts Allow Full Takeover of Technicolor Routers
Multiple hardcoded accounts on the Technicolor TG670 DSL gateway router can be used to completely take over the impacted devices. The post Hardcoded Accounts Allow Full Takeover of Technicolor Routers appeared first on SecurityWeek.
Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies
Bugcrowd’s Inside the Mind of the Hacker report shows the speed and efficiency of hackers adopting new technologies to assist their hunting The post Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies appeared first on SecurityWeek.
Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails
Microsoft says a Chinese cyberespionage group tracked as Storm-0558 has used forged authentication tokens to access government emails. The post Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails appeared first on SecurityWeek.
CISO Conversations: CISOs of Identity Giants IDEMIA and Ping
CISO Conversations talks to Dennis Kallelis (CSO at Idemia) and Jason Kees (CISO at Ping), two of industry’s identity giants. The idea, as always, is to discuss the role of the modern CISO. The post CISO Conversations: CISOs of Identity Giants IDEMIA and Ping appeared first on SecurityWeek.
Citrix Patches Critical Vulnerability in Secure Access Client for Ubuntu
Citrix has patched a critical-severity vulnerability in Secure Access client for Ubuntu that could lead to remote code execution (RCE). The post Citrix Patches Critical Vulnerability in Secure Access Client for Ubuntu appeared first on SecurityWeek.
Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution
Fortinet patches a critical-severity vulnerability in FortiOS and FortiProxy that could lead to remote code execution. The post Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution appeared first on SecurityWeek.
Microsoft Revokes Many Signed Drivers Used by Chinese Cybercriminals
Microsoft has revoked signed drivers used for post-exploitation activity, in many cases by Chinese cybercriminals. The post Microsoft Revokes Many Signed Drivers Used by Chinese Cybercriminals appeared first on SecurityWeek.
MOVEit: Testing the Limits of Supply Chain Security
The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise. The post MOVEit: Testing the Limits of Supply Chain Security appeared first on SecurityWeek.
TIAA’s Sastry Durvasula on advancing AI horizons
The Teachers Insurance and Annuity Association of America (TIAA) has grown over the course of a century into a $40 billion organization with $1.2 trillion in assets under management serving the financial needs of people at more than 15,000 institutions across academia, government, medicine, cultural, and other non-profit organizations. But all that didn’t phase Sastry […]
SAP Patches Critical Vulnerability in ECC and S/4HANA Products
SAP on July 2023 Security Patch Day released 16 new security notes, including one addressing a critical vulnerability in ECC and S/4HANA (IS-OIL). The post SAP Patches Critical Vulnerability in ECC and S/4HANA Products appeared first on SecurityWeek.
3 principles for regulatory-grade large language model application
In recent years, we have witnessed a tidal wave of progress and excitement around large language models (LLMs) such as ChatGPT and GPT-4. These cutting-edge models can potentially transform industries, especially in regulated sectors like healthcare and life sciences, where they could be used for drug discovery, clinical trial analysis, improved diagnostics, personalized patient care, […]
Former Security Engineer Arrested for $9 Million Crypto Exchange Hack
Former security engineer Shakeeb Ahmed has been arrested on charges related to the defrauding of decentralized crypto exchange Crema Finance. The post Former Security Engineer Arrested for $9 Million Crypto Exchange Hack appeared first on SecurityWeek.
Microsoft Warns of Office Zero-Day Attacks, No Patch Available
Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite. The post Microsoft Warns of Office Zero-Day Attacks, No Patch Available appeared first on SecurityWeek.
Apple’s Rapid Security Response Patches Are Breaking Websites
Apple has pulled its latest Rapid Security Response updates for iOS and macOS after users complained that they can no longer access websites. The post Apple’s Rapid Security Response Patches Are Breaking Websites appeared first on SecurityWeek.
3 tough decisions for IT leaders to achieve a successful digital transformation
The digital transformation journey for any enterprise is protracted and complex. Technology leaders often underestimate the complications associated with it. For such initiatives to conclude successfully, enterprise technology decision makers must overcome inertia, build momentum, and bring about changes across their large organizations. To bring about enterprise-wide changes, CIOs at times need to take tough […]
SaaS Application Security Firm Savvy Exits Stealth Mode With $30 Million in Funding
Savvy emerges from stealth mode with $30 million in funding, on path to secure the use of software-as-a-service (SaaS) applications. The post SaaS Application Security Firm Savvy Exits Stealth Mode With $30 Million in Funding appeared first on SecurityWeek.
Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion
Software maker calls special attention to CVE-2023-29300, a deserialization of untrusted data bug with a CVSS severity score of 9.8/10. The post Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion appeared first on SecurityWeek.
New world, new CIO: How emerging realities are shaping the CIO’s job
In a relatively brief time span, technologies like cloud, edge computing, artificial intelligence, and IoT have taken center stage, and new innovative technologies keep emerging. We’re now navigating a technological landscape that’s growing exponentially more complex and rapidly changing, one that increasingly exceeds the ability of human intelligence to keep pace. This landscape is characterized […]
One weird trick to accelerate your organization’s generative AI strategy
Bryan Kirschner, Vice President, Strategy at DataStax Ignoring the potential of generative AI to increase productivity is a surefire way to fall behind as an individual, a team, and an organization. You should put it to work as an “eager intern” or “autonomous agent” (or both) ASAP. But positioning yourself, your team, and your organization […]
ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities
ICS Patch Tuesday: Siemens and Schneider Electric release nine new security advisories and fix 50 vulnerabilities in their industrial products. The post ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities appeared first on SecurityWeek.
The power of collaboration: SAP celebrates its innovation award winners
Better together In a time when organizations can seamlessly access the cloud to unearth tools like analytics and artificial intelligence (AI), “collaboration with customers and partners around the globe can drive sustainable, impactful innovation,” Timo Elliott, SAP’s global head of partner digital selling and marketing director, told the audience. Let’s think about the recent past – companies […]
Verifying Software Integrity With Sigstore
Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development. The post Verifying Software Integrity With Sigstore appeared first on SecurityWeek.
Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare
HCA Healthcare says the personal information of roughly 11 million patients was stolen in a data breach. The post Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare appeared first on SecurityWeek.
Russia-Linked RomCom Hackers Targeting NATO Summit Guests
A recent RomCom cyber operation has been targeting NATO Summit guests and other entities supporting Ukraine. The post Russia-Linked RomCom Hackers Targeting NATO Summit Guests appeared first on SecurityWeek.
7 IT consultant tricks CIOs should never fall for
Consultants aren’t always held in the highest regard. The 90% who are bad, the old joke goes, ruin it for the rest of us. Knowing the 90%’s tricks of the trade is the canny CIO’s first line of defense. Here are seven of the most pernicious consulting misdeeds you will encounter as an IT leader. […]
How Investec marries foundational and pioneering tech forces
As CIO of Anglo-South African international banking and wealth management group, Investec, Shabhana Thaver has a multi-purpose approach to tech trends. On the one hand, there are foundational forces, which protect the existing business and include talent, information security and modernization. Then, on the other, there are pioneering forces, which drive business growth and include […]
Apple Ships Urgent iOS Patch for WebKit Zero-Day
Apple rolls out urgent iOS and iPadOS software updates and warned that zero-day exploitation has already been detected. The post Apple Ships Urgent iOS Patch for WebKit Zero-Day appeared first on SecurityWeek.
3 examples of organizations improving CX with self-composed AI
Most business leaders don’t need convincing about the power of AI: nearly 60% surveyed last year by Zendesk said they plan to increase their investment by at least 25% this year. The most powerful applications of AI help organizations do more with less without compromising – rather in many cases enhancing – their customer experience, from AI-powered bots that accelerate problem […]
Exploit Code Published for Remote Root Flaw in VMware Logging Software
VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. The post Exploit Code Published for Remote Root Flaw in VMware Logging Software appeared first on SecurityWeek.
With greater personalisation comes greater security
It can often feel as though trust and authenticity are in short supply these days. As we all know, content is becoming easier to create, manipulate and disseminate. Technology, such as Generative AI, has given marketers the power to create more engaging and uniquely personal offerings. This has reinforced concerns around data privacy and security. […]
Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US
The EU signed off on a new agreement over the privacy of people’s personal information that gets pinged across the Atlantic, aiming to ease European concerns about electronic spying by American intelligence agencies. The post Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US appeared first on […]
TPG to Acquire Forcepoint’s Government Cybersecurity Business Unit
Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion. The post TPG to Acquire Forcepoint’s Government Cybersecurity Business Unit appeared first on SecurityWeek.
Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack
Critical infrastructure services provider Ventia has taken some systems offline following a cyberattack. The post Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack appeared first on SecurityWeek.
A Cybersecurity Wish List Ahead of NATO Summit
Assuming NATO can play a greater part in the cybersecurity of its members, possibly through a more formal NATO Cyber Command, the question then becomes ‘what should we hope for?’ The post A Cybersecurity Wish List Ahead of NATO Summit appeared first on SecurityWeek.
Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence
Industrial giant Honeywell wants to extend its OT cybersecurity portfolio with the acquisition of Israel-based OT/IoT security firm SCADAfence. The post Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence appeared first on SecurityWeek.
PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability
PoC exploit has been published for a recently patched Ubiquiti EdgeRouter vulnerability leading to arbitrary code execution. The post PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability appeared first on SecurityWeek.
6 business execs you’ll meet in hell — and how to deal with them
Everyone, at some point in their career, has endured a bad boss or bad business colleague. Someone further up the chain or a lateral colleague who lacks basic interpersonal skills, demands the impossible, flies off the handle at the slightest provocation, or throws you under the bus the moment a project goes south. Aside from […]
Edmunds sets stage for AI with data infrastructure consolidation
For a decade, Edmunds, an online resource for automotive inventory and information, has been struggling to consolidate its data infrastructure. Now, with the infrastructure side of its data house in order, the California-based company is envisioning a bold new future with AI and machine learning (ML) at its core. “We’ve solved most of the consolidation […]
Critical Vulnerability Can Allow Takeover of Mastodon Servers
A critical vulnerability in the Mastodon social networking platform may allow attackers to take over target servers. The post Critical Vulnerability Can Allow Takeover of Mastodon Servers appeared first on SecurityWeek.
US Signal: Sustainability isn’t just a buzzword
Headquartered in Grand Rapids, Michigan, US Signal is the largest privately-held data center services provider in the Midwest. With 8 high-performance data centers strategically located across Illinois, Indiana, Michigan, and Wisconsin, the company offers maximum redundancy and isolation from natural disasters with a full portfolio of cloud services that meet enterprises’ most demanding compute, storage, […]
Key skills tech leaders need to secure a board seat
Rona Bunn is CIO for the National Association of Corporate Directors (NACD), where she facilitates digital orchestration and leads information technology, data, and digital experience. A two-time Technology All-Star award recipient from Women of Color in STEM, Bunn previously served as CIO at the US Department of Commerce, International Trade Administration. She currently serves on […]
4 tips to improve employee experiences while maintaining security and governance
Improving employee productivity and collaboration is a top business objective, according to the 2023 Foundry Digital Business Study. But delivering these productive employee experiences can be challenging, especially with an increasingly distributed workforce. As more individuals use browser-based apps to get their work done, IT leaders need to provide seamless access to corporate apps and […]
After Zero-Day Attacks, MOVEit Turns to Security Service Packs
Facing ransomware zero-days, Progress Software will release regular service packs to help customers mitigate critical security flaws. The post After Zero-Day Attacks, MOVEit Turns to Security Service Packs appeared first on SecurityWeek.
Private 5G networks are sparking innovation at the edge
For the enterprise, planning edge strategies and reaping their rewards is often a complex and challenging process, with myriad applications to deploy, a proliferation of hardware devices to manage, multiple data types and sources to integrate, and significant security risks to avoid. A crucial component to simplifying the edge experience is the network itself. In a recent post, […]
In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 3, 2023. The post In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques appeared first on SecurityWeek.
Former Contractor Employee Charged for Hacking California Water Treatment Facility
Former contractor employee charged with hacking for accessing the systems of a water treatment facility in California to delete critical software. The post Former Contractor Employee Charged for Hacking California Water Treatment Facility appeared first on SecurityWeek.
Need for Speed Drives Security-as-a-Service
Organizations face new challenges associated with protecting distributed assets against cyberattack in the hybrid IT model that most companies will deploy for the foreseeable future. Threats are emerging at a speed that makes it difficult for internal security practitioners to keep pace. There are zero-day attacks that exploit vulnerabilities before security teams are even aware […]
Iranian Cyberspies Target US-Based Think Tank With New macOS Malware
In May 2023, Iran-linked cyberespionage group Charming Kitten targeted a US-based think tank with new macOS malware. The post Iranian Cyberspies Target US-Based Think Tank With New macOS Malware appeared first on SecurityWeek.
Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks
Potentially serious vulnerabilities discovered by researchers in a PiiGAB product could expose industrial organizations to remote hacker attacks. The post Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks appeared first on SecurityWeek.
OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain
SwSec 5D framework aims to provide a roadmap for secure software development, and its use would help improve security in the software supply chain. The post OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain appeared first on SecurityWeek.
Security Firm Finds Over 130k Internet-Exposed Photovoltaic Diagnostics Systems
Cyble has discovered more than 130,000 Photovoltaic monitoring and diagnostic solutions exposed to the internet. The post Security Firm Finds Over 130k Internet-Exposed Photovoltaic Diagnostics Systems appeared first on SecurityWeek.
Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers
Two applications hosted on Google Play, with over 1.5 million combined downloads, were caught sending user data to servers in China. The post Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers appeared first on SecurityWeek.
ITIL certification guide: Costs, requirements, levels, and paths
The IT Infrastructure Library (ITIL) offers best practices for delivering IT services using a systematic approach to IT service management (ITSM). ITIL certification is near the top of almost every list of must-have IT certifications, and for good reason. As an IT management framework, ITIL can help businesses manage risk, strengthen customer relations, establish cost-effective practices, and […]
13 go-to podcasts that inspire IT industry leaders today
In today’s ever-changing technology landscape, it’s important for IT leaders of every stripe to not only keep abreast of current events and trends affecting the industry, but also know about focus areas and challenges of their upper management peers since the tech function is increasingly viewed as a strategic business partner to the C-suite. One […]
What is Oracle’s generative AI strategy?
While Microsoft, AWS, Google Cloud, and IBM have already released their generative AI offerings, rival Oracle has so far been largely quiet about its own strategy. Instead of launching a competing offering in a rush, the company is quietly preparing a three-tier approach. “Our tier strategy resembles a three-layer cake and each of these layers […]
CISA, FBI Warning: Truebot Hackers Exploiting Netwrix Auditor Flaw
Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada. The post CISA, FBI Warning: Truebot Hackers Exploiting Netwrix Auditor Flaw appeared first on SecurityWeek.
Now’s the Time for a Pragmatic Approach to New Technology Adoption
What a cloud migration strategy did for cloud adoption, an automation implementation strategy does for security automation adoption. The post Now’s the Time for a Pragmatic Approach to New Technology Adoption appeared first on SecurityWeek.
Cost and Complexity Drive Multicloud Networking
Traditional networking is boring. But multicloud networking is hot, according to the more than 1,000 global IT leaders surveyed for F5’s 2023 State of Application Strategy report. When asked to identify the most exciting technologies of 2023, multicloud networking was cited by 42% of survey respondents. That’s higher than trendy topics like AIOps and edge […]
Digital Transformation Delivers Business Benefits
Virtually every organization worth its salt is involved in digital transformation, and those efforts are starting to pay dividends, according to F5’s 2023 State of Application Strategy Report. When respondents to F5’s survey of more than 1,000 IT leaders were asked to list the benefits of digital transformation, IT operational efficiency topped the list (cited […]
Hybrid IT is Here to Stay
The hybrid IT architecture is here to stay, according to F5’s 2023 State of Application Strategy Report, and that has profound implications for how enterprises should be thinking about modernizing, deploying, and securing applications. Data collected from more than 1,000 survey respondents indicates that IT leaders have come to realize there is simply no one […]
How PwC and SAP are doing right by helping clients unlock ESG value
Achieving environmental, social, and governance (ESG) targets can increase a company’s worth beyond the feel-good. When it’s done right, it can increase company valuation with investors, open windows to subsidies, gain favorable supplier ratings with customers, and make companies attract and retain talent. There is always a complex balance when implementing ESG goals between incentives […]
JumpCloud Says All API Keys Invalidated to Protect Customers
JumpCloud is responding to an incident that has triggered a reset of all API keys in order to protect customers and their operations. The post JumpCloud Says All API Keys Invalidated to Protect Customers appeared first on SecurityWeek.
Android Security Updates Patch 3 Exploited Vulnerabilities
Google’s July 2023 security updates for Android patches 43 vulnerabilities, including three exploited in the wild. The post Android Security Updates Patch 3 Exploited Vulnerabilities appeared first on SecurityWeek.
How traditional and generative AI are transforming Enterprise Service Management
Generative AI is potentially the most transformative new technology since the introduction of the public internet, and it already has many exciting applications within enterprise service management (ESM). AI is known for enabling intelligent chatbots, predictive capabilities in ticket management, and the ability to identify emerging service issues long before they become problems. Generative AI […]
Breaking the Mold: Subhamoy Chakraborti Leads the Digital Transformation of News Media
Scarcely is an institution as important to a nation as a competent and impartial media house. ABP Private Limited, headquartered out of Kolkata, India, stands out as an organization that delivers news to millions of Indian citizens through its various platforms. The media conglomerate completed a hundred years in 2022. Subhamoy Chakraborti, Chief Technology Officer […]
Making intelligent automation work at scale
Organizations can reap a range of benefits from deploying automation tools such as robotic process automation (RPA). But adding artificial intelligence (AI) to the mix is where an even bigger payoff can come. “Organizations have been combining automation and AI technologies for a few years now to improve their business processes,” says Maureen Fleming, program […]
How AI is enabling powerful, secure browsing experiences
Artificial intelligence and machine learning are the No. 1 technologies being researched and piloted by IT leaders, according to the 2023 CIO Tech Priorities study. Generative AI is raising the interest level even further as organizations begin testing different use cases for deep-learning models. Many individuals want to use generative AI solutions at and for […]
A powerful enterprise browser can power employee experiences — and productivity
Improving employee productivity and collaboration is this year’s top digital objective among IT leaders, according to Foundry’s 2023 Digital Business study. Given today’s highly distributed workforces and their familiarity with getting work done on the web, it makes sense to personalize browsing experiences to help them more easily accomplish their tasks. A recent study conducted […]
How an enterprise browser can help streamline IT management
IT teams are tasked with providing technology solutions that enhance employee experiences, while also increasing efficiencies in how they deliver and manage those products and services. Hybrid work models have complicated ongoing efforts to achieve these objectives. . Following the hectic sprint to ensure effective remote work and the acceleration of transformation projects, now is […]
Taking the risk out of the semiconductor supply chain
Over the past few years, the tech industry has been feeling the impact of unprecedented disruptions along the semiconductor supply chain. This supply chain—which spans from research and development to manufacturing, to the end use of the tiny chips that enable devices from cars to cell phones—has historically been volatile, easily swinging from surpluses to […]
Repsol doubles down on digital transformation
Within the framework of Repsol’s strategic plan for the 2021-2025 period, the company recently released a second wave of its Digitization Program, which consolidates and expands the use of generative AI across the business through a new competence center, and allows innovative and disruptive technologies to simplify daily processes by making more agile decisions based on data. […]
Steps tech leaders are taking to meet new accessibility mandates
Leading CIOs are empowering their teams to make the digital estate as accessible as the physical buildings of the business, and they’re right to do so. Major legislation is about to reshape the digital landscape in the US and across Europe, which will mean CIOs must focus their sights on digital accessibility. “We’ve seen great […]
Rackspace’s CTO takes a broad view of sustainability
Srini Koushik has been passionate about the environment for 35 years and now, as a board member of the nonprofit SustainableIT.org and CTO of cloud services provider Rackspace Technology, he wants to help enterprises achieve sustainability in the cloud. Two decades ago, as CIO and CTO at Nationwide Insurance, he inspired colleagues to implement what […]
28,000 Impacted by Data Breach at Pepsi Bottling Ventures
The personal, financial, and health information of over 28,000 individuals stolen in data breach at Pepsi Bottling Ventures. The post 28,000 Impacted by Data Breach at Pepsi Bottling Ventures appeared first on SecurityWeek.
Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data
Shell confirms that employee personal information has been stolen after the Cl0p ransomware group leaked data allegedly stolen from the energy giant. The post Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data appeared first on SecurityWeek.
StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs
A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs. The post StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs appeared first on SecurityWeek.
Interpol: Key Member of Major Cybercrime Group Arrested in Africa
Law enforcement authorities have arrested a suspected senior member of the French-speaking Opera1er cybercrime group. The post Interpol: Key Member of Major Cybercrime Group Arrested in Africa appeared first on SecurityWeek.
Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic
Cisco says a high-severity vulnerability in Nexus 9000 series switches could allow attackers to intercept and modify encrypted traffic. The post Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic appeared first on SecurityWeek.
Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech
Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space. The post Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech appeared first on SecurityWeek.
Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack
Japan’s Port of Nagoya this week suspended cargo loading and unloading operations following a ransomware attack. The post Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack appeared first on SecurityWeek.
Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks
An actively exploited vulnerability in the Contec SolarView solar power monitoring product can expose hundreds of energy organizations to attacks. The post Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks appeared first on SecurityWeek.
Sweden Orders Four Companies to Stop Using Google Tool
Sweden has ordered four companies to stop using a Google tool that measures and analyses web traffic as doing so transfers personal data to the United States, fining one company the equivalent of more than $1.1 million. The post Sweden Orders Four Companies to Stop Using Google Tool appeared first on SecurityWeek.
Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks
Ransomware gangs are targeting schools, stealing confidential documents and then dumping them online. The post Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks appeared first on SecurityWeek.
Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities
Mozilla has released Firefox 115 to the stable channel with patches for two high-severity use-after-free vulnerabilities. The post Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 23 Deals Announced in June 2023
Twenty-three cybersecurity-related merger and acquisition (M&A) deals were announced in June 2023. The post Cybersecurity M&A Roundup: 23 Deals Announced in June 2023 appeared first on SecurityWeek.
EU Court Deals Blow to Meta in German Data Case
Facebook, Instagram and WhatsApp may need to overhaul how they collect the data of users in Europe after the top EU court ruled against Meta. The post EU Court Deals Blow to Meta in German Data Case appeared first on SecurityWeek.
11 tips for crafting highly effective job descriptions
Writing job descriptions for open positions might feel like a chore to pass off to someone with less on their plate, or something to shortcut by dusting off copy from the last time you hired for this role, but an on-target job description is a vital step in landing talent — especially in tight markets. […]
5 key mistakes IT leaders make at board meetings
It’s not uncommon for CIOs, CISOs, and sometimes their direct reports to be called on to participate in board meetings or to present IT strategies and plans to their boards of directors. If you don’t join board meetings often, preparation is paramount, starting with learning about the directors’ backgrounds and reviewing minutes from previous meetings. […]
Sitecore enhances Experience Manager (XM) Cloud Platform with generative AI, component capabilities
In just a matter of months, generative AI (GAI) has upended many job roles. And perhaps no role has been more immediately affected than that of the marketer. ChatGPT, arguably the best-known GAI platform, was introduced in November 2022. By March, a survey had found that three-quarters (74%) of U.S. marketers were already investing in […]
VMware, Other Tech Giants Announce Push for Confidential Computing Standards
VMware partners with tech giants to accelerate the development of confidential computing applications. The post VMware, Other Tech Giants Announce Push for Confidential Computing Standards appeared first on SecurityWeek.
Apple, Civil Liberty Groups Condemn UK Online Safety Bill
Fears mount that UK Online Safety Bill may include a requirement for an encrypted message scanning capability. The post Apple, Civil Liberty Groups Condemn UK Online Safety Bill appeared first on SecurityWeek.
4 key roles that define transformational IT leaders today
In a world where nothing stays the same, the CIO role has evolved and changed — mainly for the better — as CIOs have gained greater visibility and importance. They are increasingly included in board-level discussions on cybersecurity and tech investments for organizational initiatives and are influencing decisions related to planning, strategy, implementation, and operations. […]
It’s a new dawn of AI-powered knowledge management
For the last 30 years, the dream of being able to collect, manage and make use of the collected knowledge assets of an organization has never been truly realized. Systems for sharing information assets across the enterprise have evolved in their sophistication but haven’t been able to take it to the next level by effectively […]
How CareSource IT is addressing data interoperability challenges in healthcare
One key challenge facing the healthcare industry today is the inability to easily access and share electronic medical information between healthcare providers, clinicians, and patients. This is a significant problem because sharing data between clinical systems and providing patients with easy access to their information enables them to make better-informed decisions and, subsequently, supports improving […]
Data analytics in the cloud: understand the hidden costs
Luke Roquet recently spoke to a customer who recounted the shock of getting a $700,000 bill for a single data science workload running in the cloud. When Roquet, who is senior vice president of product marketing at Cloudera, related the story to another customer, he learned that that company had received a $400,000 tab for […]
How data teams move from offense to defense in 2023
It’s well acknowledged that data, when used correctly, has the potential to be a strategic growth asset driving innovation – and with the recent developments in large language models (LLM) for AI, data is really having its day in the sun. To win the game, you need a modern, future-proof business plan. And we’ll let […]
What is OKR? A goal-setting framework for thinking big
OKR is a goal-setting framework that helps organizations define objectives and then track outcomes in days instead of months. OKR has been around since the 1970s, and the concept was created by Andy Grove, but popularized by John Doerr, one of the earliest investors in Google. OKR quickly became an important focus for Google, and companies […]
3 things that make a CIO-CFO dream team
“There are plenty of good CIOs and plenty of good CFOs,” says Jim McGittigan, Research VP in the CIO Research group of Gartner. “Part of what makes them good is they understand one another. When they work well together, it has a huge impact on the effectiveness of the organization.” CIOs and CFOs who have […]
Back to basics: Keys to taking a pragmatic approach to observability
In the world of IT operations, “observability” is a concept that’s been around for some time. Having been in IT operations for more than 30 years, I can say that, even before anyone called it “observability,” we were in effect examining ways to achieve the same ends. While definitions can vary, in essence, observability is […]
8 problematic IT team members — and how to deal with them
Problematic employees appear in every industry, but managing employees in the IT field comes with a specific set of challenges. Lack of engagement in IT work environments translates to employees who miss deadlines, put off coworkers, or otherwise cause friction with their colleagues. A recent Gallup report showed that unengaged employees lead to a range […]
Taking IT outsourcing to the next level
With businesses increasingly dependent on service providers to reduce costs, improve quality, and drive innovation, traditional contracts don’t work. In fact, they often undermine the partner-like relationships and trust needed to cope with external uncertainty. A better approach is to use what leading academics call a “formal relational contract.” Why transactional contracts are a thing […]
7 best practices for building a single-vendor SASE solution
Over the past three or four years, the industry has been abuzz with the concept of delivering converged security and networking features via the cloud. Secure Access Service Edge combines networking solutions like SD-WAN with cloud-delivered security like firewall as a service (FWaaS), cloud access security broker(CASB), and secure web gateway (SWG). But even with all the hype, most considered SASE as something […]
What’s the state of Zero Trust security?
Zero Trust adoption is accelerating, with over half of organizations reporting they have adopted Zero Trust Security, according to research independently conducted by leading security research firm Ponemon Institute, sponsored by Hewlett Packard Enterprise. In the report, The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, 51% of organizations […]
Democratizing data to fuel data-driven business decisions
To compete—and win—in today’s fast-paced, digital-first world, organizations must be able to collect, understand, and leverage data. Organizations that have higher confidence in their data based on a full picture of the organization’s data landscape can make decisions that will ultimately drive better business outcomes. But for too long, the ability to read, interpret, and […]
Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials
Cait Conley will coordinate with federal, state and local officials responsible for ensuring elections are secure ahead of the 2024 presidential election. The post Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials appeared first on SecurityWeek.
In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 26, 2023. The post In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools appeared first on SecurityWeek.
200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin
Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites. The post 200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin appeared first on SecurityWeek.
Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor
CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor. The post Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor appeared first on SecurityWeek.
MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses
Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. The post MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses appeared first on SecurityWeek.
Proton Launches Open Source Password Manager
Proton makes its open source Proton Pass password manager globally available for major browsers and mobile devices. The post Proton Launches Open Source Password Manager appeared first on SecurityWeek.
TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant
LockBit ransomware group claims to have hacked TSMC and is asking for a $70 million ransom, but the chip giant says only a supplier was breached. The post TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant appeared first on SecurityWeek.
Cyware Snags $30M for Threat Intel Infrastructure Tech
New York startup $30 million in new financing to fuel plans to take advantage of the demand for AI-powered threat-intel security tools. The post Cyware Snags $30M for Threat Intel Infrastructure Tech appeared first on SecurityWeek.
Rapid7: Japan Threat Landscape Takes on Global Significance
Rapid7 analyzes the Japan threat landscape and warns that attacks against the third-largest economy in the world have global consequences. The post Rapid7: Japan Threat Landscape Takes on Global Significance appeared first on SecurityWeek.
IP Fabric Raises $25 Million in Series B Funding
IP Fabric raises $25 million in new financing to build technology in the enterprise network assurance space. The post IP Fabric Raises $25 Million in Series B Funding appeared first on SecurityWeek.
Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain
Details have been disclosed for critical SAP vulnerabilities, including a wormable exploit chain, that can expose organizations to attacks. The post Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain appeared first on SecurityWeek.
Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution
Researchers publish PoC for a high-severity authentication bypass vulnerability in the Arcserve UDP data backup solution. The post Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution appeared first on SecurityWeek.
DOE CIO Talks to SecurityWeek About Cybersecurity, Digital Transformation
Ann Dunkin, CIO at the Department of Energy, is more concerned about cyberattack speed than attack type or source. The post DOE CIO Talks to SecurityWeek About Cybersecurity, Digital Transformation appeared first on SecurityWeek.
Nokod Snags $8M to Secure Low Code/No-Code Custom Apps
Tel Aviv startup scores investment to build technology to secure in-house low-code/no-code custom applications. The post Nokod Snags $8M to Secure Low Code/No-Code Custom Apps appeared first on SecurityWeek.
New MIT Framework Evaluates Side-Channel Attack Mitigations
The framework helps evaluate the effectiveness of obfuscation side-channel mitigation schemes against data leaks. The post New MIT Framework Evaluates Side-Channel Attack Mitigations appeared first on SecurityWeek.
White House Outlines Cybersecurity Budget Priorities for Fiscal 2025
The White House has released a memorandum outlining the cybersecurity investment priorities for government departments and agencies for fiscal year 2025. The post White House Outlines Cybersecurity Budget Priorities for Fiscal 2025 appeared first on SecurityWeek.
CISA, NSA Share Guidance on Securing CI/CD Environments
New guidance from CISA and the NSA provides recommendations on securing CI/CD pipelines against malicious attacks. The post CISA, NSA Share Guidance on Securing CI/CD Environments appeared first on SecurityWeek.
Over 130 Organizations, Millions of Individuals Believed to Be Impacted by MOVEit Hack
More victims of the MOVEit hack have come to light, with a total of over 130 organizations and 15 million people believed to be affected. The post Over 130 Organizations, Millions of Individuals Believed to Be Impacted by MOVEit Hack appeared first on SecurityWeek.
Venn Software Snags $29M to build MDM for Laptops Technology
New York startup scores early stage financing to build new technology to replace virtual desktop infrastructure. The post Venn Software Snags $29M to build MDM for Laptops Technology appeared first on SecurityWeek.
Dozens of Businesses Hit Recently by ‘8Base’ Ransomware Gang
The 8Base ransomware gang has hit roughly 30 small businesses over the past month, reaching a total of approximately 80 victims since March 2022. The post Dozens of Businesses Hit Recently by ‘8Base’ Ransomware Gang appeared first on SecurityWeek.
What is Cyberwar?
Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this becomes more than an academic question. The post What is Cyberwar? appeared first on SecurityWeek.
Invary Raises $1.85 Million in Pre-Seed Funding for Runtime Integrity Solution
Invary has raised $1.85 million in a pre-seed funding round led by Flyover Capital to launch its runtime integrity solution. The post Invary Raises $1.85 Million in Pre-Seed Funding for Runtime Integrity Solution appeared first on SecurityWeek.
Astrix Raises $25 Million to Help Enterprises Secure App-to-App Connections
Astrix Security raises $25 million in Series A funding for its solution designed to help enterprises secure non-human identities. The post Astrix Raises $25 Million to Help Enterprises Secure App-to-App Connections appeared first on SecurityWeek.
Submarine Cables at Risk of Nation-State Sabotage, Spying: Report
Recorded Future underlines threats to submarine telecommunication cables, such as the risk of intentional sabotage and spying by nation-state threat actors. The post Submarine Cables at Risk of Nation-State Sabotage, Spying: Report appeared first on SecurityWeek.
Reminder: CFP for ICS Cybersecurity Conference Closes June 30th
The official Call for Presentations for SecurityWeek’s 2023 ICS Cybersecurity Conference, being held October 23-26, 2023 at the InterContinental Atlanta is open through Friday, June 30, 2023. The post Reminder: CFP for ICS Cybersecurity Conference Closes June 30th appeared first on SecurityWeek.
Sensitive Information Stolen in LetMeSpy Stalkerware Hack
Emails, phone numbers, calls logs, and collected messages stolen in data breach at Android stalkware LetMeSpy. The post Sensitive Information Stolen in LetMeSpy Stalkerware Hack appeared first on SecurityWeek.
2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in Philippines
Philippine police backed by commandos staged a massive raid and rescued more than 2,700 workers who were allegedly swindled into working for cybercrime groups. The post 2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in Philippines appeared first on SecurityWeek.
How diverse teams lead to better data
As companies strive to become data-driven, and with the recent explosion of AI technology demanding ever-increasing amounts of training data, the quality of that data is becoming more important. And there’s a great deal of time and money invested in data pipelines and other technical aspects of data quality such as data consistency, validity, timeliness, […]
The CAA CIO’s 5 building blocks to support teams
Founded in 1913, Ottawa-based Canadian Automobile Association (CAA) is made up of eight autonomous regional clubs, each of which provides a range of services, from roadside assistance and leisure travel services, to insurance services, and member discount programs. And at the center of its tech component is Kin Lee-Yow, CIO, CAA Club Group of companies. The […]
Belcorp reimagines R&D with AI
Over the past three years, multinational beauty company, Belcorp, has grappled with numerous challenges stemming from the pandemic, shifts in consumer behavior, disruptions in supply chains, the war in Ukraine, and inflation. To address the challenges, the company has leveraged a combination of computer vision, neural networks, NLP, and fuzzy logic. “These circumstances have induced […]
Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack
Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day. The post Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack appeared first on SecurityWeek.
Anatsa Banking Trojan Delivered via Google Play Targets Android Users in US, Europe
Malicious applications with over 30,000 installs in Google Play have infected Android devices with the Anatsa banking trojan. The post Anatsa Banking Trojan Delivered via Google Play Targets Android Users in US, Europe appeared first on SecurityWeek.
AWS launches no-code service AppFabric with generative AI assistance
Amazon Web Services (AWS) on Tuesday unveiled a new no-code offering, dubbed AppFabric, designed to simplify SaaS integration for enterprises by increasing application observability and reducing operational costs associated with building point-to-point solutions. The fully managed AppFabric offering, which has been made generally available, is designed to help enterprises maintain SaaS application interoperability without having […]
Generative AI headlines are outpacing enterprise adoption
If you’re a parent, surely, you’ve experienced the feeling that your child grew even after a short trip. Well, if that child were generative AI, you’d think, judging by the headlines, that the kid grew from three years old to twenty after a day trip to Austin. With every new headline, CIOs wonder: am I […]
SEC notice to SolarWinds CISO and CFO roils cybersecurity industry
The US Securities and Exchange Commission has roiled the cybersecurity industry by putting executives of SolarWind on notice that it may pursue legal action for violations of federal law in connection with their response to the 2020 attack on the company’s infrastructure that affected thousands of customers in government agencies and companies globally. Current and […]
The Milkman always delivers via efficient and green last-mile operations
You probably don’t remember when the milkman from the local dairy delivered bottles of fresh cold milk to your front porch at dawn. Snug in bed, you could hear the glass bottles clinking in those old wire milk baskets as he replaced your empties with full ones. You could count on it like birdsong. Since […]
HashiCorp Buys BluBracket for Secrets Scanning Tech
HashiCorp acquires BluBracket secrets-scanning technology to help businesses block accidental leaks and fight secret sprawl. The post HashiCorp Buys BluBracket for Secrets Scanning Tech appeared first on SecurityWeek.
Tata Communications: Empowering India and its highly regulated industries with a sovereign cloud
Rajesh Awasthi, global head of cloud and managed hosting services at Tata Communications, sees its sovereign cloud initiatives as an important element in the company’s longstanding work to transform India. Although designed to support the evolving needs of highly regulated industries like banking and financial services, government, healthcare and insurance, he notes that they benefit […]
Data Security Firm Cyera Attracts $100M Investment
Cyera closes a massive $100 million round as investors continue to pour cash into the data security posture management (DSPM) space. The post Data Security Firm Cyera Attracts $100M Investment appeared first on SecurityWeek.
BeeKeeperAI Platform for AI Development on Sensitive Data Receives $12M in Funding
BeeKeeperAI has raised $12.1 million in Series A funding for a secure collaboration platform designed for AI development on healthcare and other sensitive data. The post BeeKeeperAI Platform for AI Development on Sensitive Data Receives $12M in Funding appeared first on SecurityWeek.
Bionic integrations offer context-based vulnerability management
Application security posture management (ASPM) company Bionic has added two new capabilities — Bionic Signals and Bionic Business Risk Scoring — to its namesake cybersecurity platform to help its customers detect, prioritize and remediate vulnerabilities and threats in their applications. The idea is to collate signals from multiple threat intelligence platforms and add business context […]
Fortanix adds confidential data search for encrypted enterprise data
Cloud data security company Fortanix has announced Fortanix Confidential Data Search, a search offering for encrypted databases within enterprise cloud workflows. “Confidential Data Search allows data analysts to use off-the-shelf, unmodified databases in a standard, unrestricted SQL environment,” said Richard Searle, vice president of Confidential Computing, Fortanix. “Users do not need to convert their datasets […]
New Android banking trojan targets US, UK, and Germany
An ongoing malware campaign has been pushing the Android banking trojan, Anatsa, to online banking customers in the US, the UK, Germany, Austria, and Switzerland, according to research by cybersecurity firm ThreatFabric. The threat actors are distributing their malware via the Play Store, and already had over 30,000 installations as of March. The focus of […]
Patented.ai Raises $4 Million for AI Data Privacy Solution
Patented.ai has raised $4 million in pre-seed funding to help organizations protect sensitive information from artificial intelligence. The post Patented.ai Raises $4 Million for AI Data Privacy Solution appeared first on SecurityWeek.
3-Year Probe Into Encrypted Phones Led to Seizure of Hundreds of Tons of Drugs, Prosecutors Say
Investigations triggered by the cracking of encrypted phones three years ago have led to more than 6,500 arrests worldwide and the seizure of hundreds of tons of drugs. The post 3-Year Probe Into Encrypted Phones Led to Seizure of Hundreds of Tons of Drugs, Prosecutors Say appeared first on SecurityWeek.
Socure Acquires ID Verification Company Berbix for $70 Million
Identity verification solutions provider Socure has acquired automated ID verification firm Berbix for roughly $70 million in cash and stock. The post Socure Acquires ID Verification Company Berbix for $70 Million appeared first on SecurityWeek.
Hundreds of Devices With Internet-Exposed Management Interface Found in US Agencies
Censys identified hundreds of devices within US federal agencies’ networks that expose their management interface to the internet. The post Hundreds of Devices With Internet-Exposed Management Interface Found in US Agencies appeared first on SecurityWeek.
Fileless attacks surge as cybercriminals evade cloud security defenses
The number of fileless or memory-based attacks that exploit existing software, applications, and protocols have surged 1,400% in the last year. That’s according to Aqua Security’s 2023 Cloud Native Threat Report, which summarizes research and observations of threat actors’ changing tactics, techniques, and procedures (TTPs), along with outlining strategies for protecting cloud environments. Based on […]
Survey reveals mass concern over generative AI security risks
A new Malwarebytes survey has revealed that 81% of people are concerned about the security risks posed by ChatGPT and generative AI. The cybersecurity vendor collected a total of 1,449 responses from a survey in late May, with 51% of those polled questioning whether AI tools can improve internet safety and 63% distrusting ChatGPT information. […]
Reliable and efficient data storage infrastructure is key to overcoming the challenges of the Yottabyte Age
Data volumes continue to grow, making it increasingly difficult to deal with the explosive growth. Huawei predicts that by 2030, the total data generated worldwide will exceed one YB, equivalent to 280 bytes or a quadrillion gigabytes. Whichever way you look at it, such numbers are beyond imagination. And that’s just on the volume side. […]
CalypsoAI Raises $23 Million for AI Security Tech
CalypsoAI is building tools to help “accelerate trust and governance” in enterprise adoption of AI and machine learning technologies. The post CalypsoAI Raises $23 Million for AI Security Tech appeared first on SecurityWeek.
Chrome 114 Update Patches High-Severity Vulnerabilities
Google says it handed out $35,000 in bug bounty rewards for three high-severity vulnerabilities in Chrome 114. The post Chrome 114 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Gas Stations Impacted by Cyberattack on Canadian Energy Giant Suncor
Some services at Petro-Canada gas stations have been disrupted following a cyberattack on parent company Suncor, one of North America’s largest energy companies. The post Gas Stations Impacted by Cyberattack on Canadian Energy Giant Suncor appeared first on SecurityWeek.
What makes a CIO truly great?
Whenever one talks about high-performance or leadership there is a tendency to break out a list. For example, Major League Baseball scouts are in constant search for rare “5 tool” players who can hit for power, hit for average, field, throw, and run. Is there such a list for high-performance CIOs? If so, how long might […]
12 business concepts IT leaders should master
Today’s CIOs see themselves as business leaders as much — if not more so — than as technologists. That’s not surprising, considering how essential technology has become for running organizations and serving stakeholders — whether customers, employees, or investors. CIOs spoke to the criticality of their role in CIO.com’s 2023 State of the CIO survey, […]
Critical flaw in VMware Aria Operations for Networks sees mass exploitation
Researchers warn that a vulnerability patched this month in VMware Aria Operations for Networks, formerly known as vRealize Network Insight, is now seeing exploitation en masse. The flaw allows for remote code execution through command injection and is rated with critical severity. “New data from Akamai shows the scale of active scanning for sites vulnerable […]
Financial services firms turn to automated, data-driven processes for new products and services
Between the host of regulations introduced in the wake of the 2009 subprime mortgage crisis, the emergence of thousands of fintech startups, and shifting consumer preferences for digital payments banking, financial services companies have had plenty of change to contend with over the past decade. Transitioning to automated, data-driven processes is the best way for […]
Latest MOVEit exploit hits thousands of NYC school students and staff
Personal data of over 45,000 public school students was compromised in a breach involving the file-transfer software MOVEit, according to a community letter sent to families and staff by the New York City Department of Education. “DOE used MOVEit to transfer documents and data internally as well as to and from vendors, including third party […]
American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider
The personal information of American Airlines and Southwest Airlines pilots was exposed in a data breach at a third-party services provider. The post American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider appeared first on SecurityWeek.
IBM to buy Apptio for $4.6B to help companies optimize IT spend
IBM is acquiring software provider Apptio for $4.6 billion to help enterprises optimize their IT expenditure, particularly cloud costs, as they try to navigate uncertain macroeconomic conditions. Apptio specializes in what has been called technology business management (TBM), or more recently, financial operations (also known as finops) software, designed to allow diverse teams in a business […]
Fortinet Patches Critical RCE Vulnerability in FortiNAC
Fortinet releases patches for a critical FortiNAC vulnerability leading to remote code execution without authentication. The post Fortinet Patches Critical RCE Vulnerability in FortiNAC appeared first on SecurityWeek.
British Twitter Hacker Sentenced to Prison in US
UK national Joseph James O’Connor was sentenced to five years in a US prison for hacking into Twitter accounts and stealing cryptocurrency. The post British Twitter Hacker Sentenced to Prison in US appeared first on SecurityWeek.
CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks
CISA has warned users of Zyxel NAS products that the recently patched critical vulnerability CVE-2023-27992 has been exploited in attacks. The post CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Pilot data of American Airlines and Southwest stolen in data breach
A cybersecurity incident at a third-party vendor has impacted the personal information of pilots of at least two US airlines, including American Airlines and Southwest Airlines. Personal information, including name and social security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers were compromised, according to breach […]
Remotely Exploitable DoS Vulnerabilities Patched in BIND
The latest BIND updates address three high-severity, remotely exploitable vulnerabilities leading to denial-of-service (DoS). The post Remotely Exploitable DoS Vulnerabilities Patched in BIND appeared first on SecurityWeek.
The CISO’s toolkit must include political capital within the C-suite
Over the past 18 months, there has been a bit of a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is the individual who is responsible for the protection of an entity’s information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cybersecurity risk management, […]
How CISOs can balance the risks and benefits of AI
The rapid pace of change in AI makes it difficult to weigh the technology’s risks and benefits and CISOs should not wait to take charge of the situation. Risks range from prompt injection attacks, data leakage, and governance and compliance. All AI projects have these issues to some extent, but the rapid growth and deployment […]
From CIO to CEO: IT leaders rise to the top
Ross Meyercord never set out to make the leap from technology leader to CEO, but a set of intentional and opportunistic career choices delivered the breadth of business experience and leadership skills required to land the job. Meyercord parlayed an engineering degree into a two-decade consulting track at Accenture, where a focus on large-scale transformation […]
What is a project manager? The lead role for project success
What is a project manager? Project managers play the lead role in planning, executing, monitoring, controlling, and closing out projects. They are accountable for the entire project scope, the project team and resources, the project budget, and the success or failure of the project. To succeed in their role, project managers must be adept at […]
Hate being more productive? Ignore AI agents
By Bryan Kirschner, Vice President, Strategy at DataStax Bill Gates has seen (or, for that matter, caused) some profound advances in technology, so I don’t take a contrarian position lightly, but I think the way he describes his epiphany about the importance of AI is only half right. After being “awed” by OpenAI’s GPT model […]
Public exploit is now available for Cisco AnyConnect VPN client
An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it. Cisco Secure Client for Windows, previously known […]
Scaling AI? First—get your data storage right
I’ve always rooted for the underdog. Maybe it’s the satisfaction of winning against all odds. Or it’s just mad respect for the struggle, passion, and tenacity that underdogs often exhibit in the face of significant obstacles. Like the real-life story of Billy Beane in the movie Moneyball. As the general manager of the Oakland Athletics, Beane used data and analytics […]
NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections
The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections. The post NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections appeared first on SecurityWeek.
In Other News: Microsoft Win32 App Isolation,Tsunami Hits Linux Servers, ChatGPT Credentials Exposed on Dark Web
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 19, 2023. The post In Other News: Microsoft Win32 App Isolation,Tsunami Hits Linux Servers, ChatGPT Credentials Exposed on Dark Web appeared first on SecurityWeek.
CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws
The US government’s cybersecurity agency adds VMware and Roundcube server flaws to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws appeared first on SecurityWeek.
Millions of GitHub repositories vulnerable to RepoJacking: Report
Millions of GitHub repositories are potentially vulnerable to RepoJacking, which allows an attacker to carry out code execution on organizations’ internal environments or on their customers’ environments, according to research by AquaSec. AquaSec analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% were vulnerable to RepoJacking, including repositories belonging to companies […]
What keeps IT leaders up at night?
IT leaders are under enormous pressure to modernize their IT organizations to keep pace with innovation and their competition. Determining the right mix of technologies and methodologies to support an entire organization can be overwhelming – and can keep IT leaders up at night. To gain a better understanding of what IT leaders are focused […]
Realizing the promise of low-code/no-code
Businesses that adopt a low-code/no-code-enabled platform find they’re freed from heavily depending on dedicated IT when non-technical users can more easily pursue application development. But low-code/no-code’s value far exceeds this key benefit. In today’s world, as technology changes at lightning speed, a low-code/no-code platform provides the critical foundation enterprises need to quickly adapt to modern […]
VMware Patches Code Execution Vulnerabilities in vCenter Server
VMware published software updates to address multiple memory corruption vulnerabilities in vCenter Server that could lead to remote code execution. The post VMware Patches Code Execution Vulnerabilities in vCenter Server appeared first on SecurityWeek.
2.5M Genworth Policyholders and 769K Retired California Workers and Beneficiaries Affected by Hack
MOVEit hack: Personal information of about 769,000 retired California employees and 2.5 million Genworth Financial policyholders were exposed. The post 2.5M Genworth Policyholders and 769K Retired California Workers and Beneficiaries Affected by Hack appeared first on SecurityWeek.
Volkswagen drives the automotive industry cloud forward
Industry clouds are increasingly becoming go-to solutions for IT leaders seeking services tailored to their verticals. For most enterprises, this involves deploying existing industry-specific offerings from SaaS providers or hypervisors. For the innovative few, co-creating custom industry solutions in conjunction with cloud providers can not only fulfill an internal need but also provide the opportunity […]
6 strategic imperatives for your next data strategy
According to the MIT Technology Review Insights Survey, an enterprise data strategy supports vital business objectives including expanding sales, improving operational efficiency, and reducing time to market. It can also help organizations enter new product or service markets, as well as improve innovation, maintenance of physical assets, and ESG. The problem is today, just 13% […]
Piyush Chowhan, CIO, Panda Retail: Leadership positions demand tough decisions
With more than two decades of experience working in global consumer and retail companies, Piyush Chowhan is passionate for transforming businesses by leveraging technology. Currently the CIO of Saudi Arabia-based Panda Retail Company, he’s focused on building innovative digital strategies to maximize today’s opportunities and prepare the organization for future disruptions. In a free-wheeling discussion […]
China-sponsored APT group targets government ministries in the Americas
An advanced persistent threat (APT) group named Flea has been carrying out attacks against foreign affairs ministries in North and South America using a new backdoor called Graphican, according to a report by the Symantec Threat Hunter Team. The campaign ran from late 2022 into early 2023. It also targeted a government finance department in […]
Google Backs Creation of Cybersecurity Clinics With $20 Million Donation
Google CEO pledged $20 million in donations to support and expand the Consortium of Cybersecurity Clinics to introduce thousands of students to potential careers in cybersecurity The post Google Backs Creation of Cybersecurity Clinics With $20 Million Donation appeared first on SecurityWeek.
AWS invests $100 million in new Generative AI Innovation Center
Amazon Web Services (AWS) on Thursday said that it was investing $100 million to start a new program, dubbed the Generative AI Innovation Center, in an effort to help enterprises accelerate the development of generative AI-based applications. The new program will connect AWS AI and machine learning (ML) experts with enterprises to help them envision, design, and […]
How AI is reshaping demand for IT skills and talent
AI is quickly becoming an essential part of daily work. It’s already being used to help improve operational processes, strengthen customer service, measure employee experience, and bolster cybersecurity efforts, among other applications. And with AI deepening its presence in daily life, as more people turn to AI bot services, such as ChatGPT, to answer questions […]
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches
The US army says soldiers says unsolicited, suspicious smartwatches are being sent to soldiers, exposing them to malware attacks. The post US Military Personnel Receiving Unsolicited, Suspicious Smartwatches appeared first on SecurityWeek.
Converged endpoint management: reduce cost, complexity, and risk
Prevention is always better than cure. In cybersecurity, it’s also usually cheaper and less likely to expose the organization to reputational, financial, and compliance risk. That’s why prevention-first security is a best practice for delivering cyber-hygiene across enterprise endpoints. The challenge is that endpoint security and management teams often work in silos, using separate point […]
From details to big picture: how to improve security effectiveness
Benjamin Franklin once wrote: “For the want of a nail, the shoe was lost; for the want of a shoe the horse was lost; and for the want of a horse the rider was lost, being overtaken and slain by the enemy, all for the want of care about a horseshoe nail.” It’s a saying […]
Generative AI won’t automate your way to business model innovation
Generative AI is changing the world of work, with AI-powered workflows now slated to streamline customer service, employee experience, IT, and other fields. If we just slap the letters “GPT” to our efforts, everything will be right on track, right? Nope. Integrating artificial intelligence into business has spawned enterprise-wide automation. One report estimates that 4,000 […]
How to Craft a Cloud Experience Without Busting the IT Budget
Today’s technology leaders grapple with a paradox. They must do more with less while facilitating the work required to transform the business. That requires investing in digital capabilities that lead to desired business outcomes. Data suggests IT leaders will spend despite a challenging macroeconomic environment that includes inflation, snarls in the supply chain and other […]
7 key questions CIOs need to answer before committing to generative AI
Some companies use generative AI to write code and some use it to create marketing text or fuel chatbots. And then there are others like SmileDirectClub, that create images in order to answer the question of how to better serve their customers. SmileDirectClub, the Nashville-based teledentistry company, uses generative AI to create teeth. Or, more […]
Apple patches exploits used in spy campaign ‘Operation Triangulation’
Apple has shipped patches for the remote code execution (RCE) vulnerabilities in iOS that have already been exploited in the wild under the digital spy campaign, dubbed Operation Triangulation. The campaign used two zero-click iMessage exploits and compromises without any user interactions based on a pair of bugs respectively in the kernel and Webkit. Apple […]
China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor
A Chinese hacking group flagged as APT15 is targeting foreign affairs ministries in the Americas with a new backdoor named Graphican. The post China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor appeared first on SecurityWeek.
North Korean Hackers Caught Using Malware With Microphone Wiretapping Capabilities
A hacking group linked to the North Korean government has been caught using new malware with microphone wiretapping capabilities. The post North Korean Hackers Caught Using Malware With Microphone Wiretapping Capabilities appeared first on SecurityWeek.
Opaque Systems releases new data security, privacy-preserving features for LLMs
Opaque Systems has announced new features in its confidential computing platform to protect the confidentiality of organizational data during large language model (LLM) use. Through new privacy-preserving generative AI and zero-trust data clean rooms (DCRs) optimized for Microsoft Azure confidential computing, Opaque said it also now enables organizations to securely analyze their combined confidential data […]
RangeForce launches Defense Readiness Index to measure businesses’ cybersecurity capabilities
Cyber defense upskilling company RangeForce has announced the release of the Defense Readiness Index (DRI) to enable companies to measure and improve their cybersecurity capabilities. Integrated into RangeForce’s Threat Centric platform and mapped to both the MITRE ATT&CK and D3FEND frameworks, the DRI scores an organization’s readiness to respond to cyberattacks, the firm said in […]
PoC Exploit Published for Cisco AnyConnect Secure Vulnerability
A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure. The post PoC Exploit Published for Cisco AnyConnect Secure Vulnerability appeared first on SecurityWeek.
The Benefits of Red Zone Threat Intelligence
Incorporating Red Zone threat intelligence into your security strategy will help you stay on top of the latest threats and better protect your organization. The post The Benefits of Red Zone Threat Intelligence appeared first on SecurityWeek.
Silobreaker unveils new geopolitical cyber threat intelligence capabilities
Security and threat intelligence company Silobreaker has announced new geopolitical threat intelligence capabilities with RANE (Risk Assistance Network + Exchange). The tie-up will see Silobreaker integrate global risk intelligence company RANE’s enterprise geopolitical intelligence into its own platform, providing cyber threat intelligence teams with real-time information about world events that could heighten the risk of […]
Hybrid Microsoft network/cloud legacy settings may impact your future security posture
Once upon a time, the boundary that I worried about and considered that I was responsible for stopped at my Active Directory domain and at the firewall that protected it. Then the boundary of my network moved from the computers under my control to the internet and the connected devices and cloud applications that I […]
Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems
A new bill proposes to increase cybersecurity funding for rural water systems by $7.5 million dollars per year. The post Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems appeared first on SecurityWeek.
IT execs’ doctorate research helps drive digital success
According to Statista, $1.5T was spent on digital transformation initiatives globally in 2021, and that number is only continuing to grow. Yet research from BCG shows that 70% of digital initiatives fail, which translates to more than a trillion dollars in failure. Why are digital transformation initiatives failing at such a high rate, and how […]
Why you should review the security of your MSSQL servers
Brute-force credential guessing attacks against database servers are ramping up with MSSQL being at the top of the target list. That’s because attackers can leverage the many extensibility features that Microsoft’s database server provides to integrate with other Windows components and features to elevate their privileges and gain full control of the underlying servers. Last […]
Ransomware attacks pose communications dilemmas for local governments
In the early morning of May 3, the City of Dallas, Texas, was hit by a ransomware attack, for which the Royal ransomware gang later took credit. The city’s police, fire rescue, water service payment, and development systems, among others, were significantly hampered by the incident, forcing many departments to revert to handwritten and radio-related […]
Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’
Apple ships major iOS security updates to cover code execution vulnerabilities already exploited in the wild. The post Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’ appeared first on SecurityWeek.
CISOs’ New Stressors Brought on by Digitalization: Report
Digitalization brings new security challenges, new concerns, and new threats, and CISOs should not think that it’s just business as usual. The post CISOs’ New Stressors Brought on by Digitalization: Report appeared first on SecurityWeek.
Cooperation or Competition? China’s Security Industry Sees the US, Not AI, as the Bigger Threat
China’s security and surveillance industry is focused on shoring up its vulnerabilities to the US and other outside actors, worried about risks posed by hackers, advances in AI and pressure from rival governments. The post Cooperation or Competition? China’s Security Industry Sees the US, Not AI, as the Bigger Threat appeared first on SecurityWeek.
Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites
Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations. The post Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites appeared first on SecurityWeek.
ChatGPT is not your AI strategy
Since its launch in December 2022, ChatGPT, together with Google Bard and other large language models (LLMs), has been the subject of articles in the most prestigious publications and on broadcast television, accumulated millions of posts and discussions worldwide, and sparked an overnight pivot in sales and investment strategy for many of the world’s largest […]
Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws
Enphase Energy has ignored CISA requests to fix remotely exploitable vulnerabilities in Enphase products. The post Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws appeared first on SecurityWeek.
Baffle launches new user interface to simplify application data security
Data security software provider Baffle has released Baffle Manager 2.0, an interface upgrade to automate enterprise-level data protection for applications, analytics, and AI. The user interface upgrade is aimed at simplifying application-level encryptions, which were difficult and time-consuming with legacy systems, the company said in a press statement. “Baffle Manager 2.0 is a single platform […]
Kaspersky Dissects Spyware Used in iOS Zero-Click Attacks
Russian anti-malware vendor shares technical details on spyware implant deployed as part of recent zero-click iMessage attacks. The post Kaspersky Dissects Spyware Used in iOS Zero-Click Attacks appeared first on SecurityWeek.
Using business technology to help Ukrainians in need
War has come to your home. You’re forced to leave all you know and travel to a foreign land. You need food, water, clothing, and other life essentials right now. But you’re not sure where to turn in the new land. And even if you’ve heard about distribution centers, there could be challenges ahead, including […]
How Data is Changing the Media & Entertainment Industry
In the media and entertainment business, success is engaging viewers and creating “stickiness.” That happens when you understand viewer preferences and understand how audiences interact or consume content. It’s key to make informed decisions from what can be massive amounts of data you manage effectively. Nearly every business in this industry collects massive amounts […]
CISO Conversations: Three Leading CISOs From the Payment Industry
SecurityWeek talks to Chief Information Security Officers from Bill.com, FreedomPay, and Tassat about their role and experience as CISOs. The post CISO Conversations: Three Leading CISOs From the Payment Industry appeared first on SecurityWeek.
DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors
New National Security Cyber Section will help the US disrupt and prosecute nation-state threat actors and state-sponsored cybercriminals. The post DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors appeared first on SecurityWeek.
Why CISOs should be concerned about space-based attacks
Russia didn’t just attack Ukraine on the ground when it invaded that country on February 24, 2022, it also raided Ukraine’s data connections in space. On that date, “a multifaceted and deliberate cyber-attack against Viasat’s KA-SAT network resulted in a partial interruption of KA-SAT’s consumer-oriented satellite broadband service,” Viasat reported on March 30, 2022. According […]
Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?
Why are there so many vulnerabilities in Chrome? Is it realistically safe to use? Can Google do anything to make the web browser safer? The post Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use? appeared first on SecurityWeek.
Sysco’s recipe for growth centers on IT
When Tom Peck joined Sysco during the peak of the COVID-19 pandemic, his major goal was ensuring the survival of the world’s largest food service delivery company and helping its thousands of customers stay afloat. The Houston-based multinational was still delivering food supplies to sparsely populated buildings, cafeterias, airports, and nursing homes across the US—and […]
Biden Discusses Risks and Promises of Artificial Intelligence With Tech Leaders in San Francisco
The Biden administration wants to figure out how to regulate AI, looking for ways to nurture its potential for economic growth and national security and protect against its potential dangers. The post Biden Discusses Risks and Promises of Artificial Intelligence With Tech Leaders in San Francisco appeared first on SecurityWeek.
VMware Confirms Live Exploits Hitting Just-Patched Security Flaw
VMware updates a critical-level bulletin: “VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild.” The post VMware Confirms Live Exploits Hitting Just-Patched Security Flaw appeared first on SecurityWeek.
iomart: Making the cloud straightforward
Founded in 1998, iomart began providing cloud services as the new millennium arrived. In the quarter of a century since, the company has grown into one of the U.K.’s most successful and trusted providers of cloud services and solutions. Today, the Glasgow-based firm has customers in both the public and private sectors, including businesses in […]
Enabling a sovereign cloud using a multicloud foundation: Technology executive considerations
The adoption of multiple clouds by European business and public agencies continues to increase due to the need for competitive differentiation and growth through speed, quality, and the delivery of great customer experiences. To achieve these goals, IT and business executives must manage challenges across data governance, security, and compliance to protect sensitive customer, citizen, […]
Minimizing the negative impact of IT through design and circularity
In a previous blog, I described the three areas of product development and operation that HPE Aruba Networking focuses on when designing our products for IT efficiency and sustainable operations—like how products are made, how they work, and how they are being used. But what about the product lifecycle itself? With sustainability now a growing business […]
Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps
Businesses using ‘Log in with Microsoft’ could be exposed to privilege escalation and full account takeover exploits. The post Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps appeared first on SecurityWeek.
3 ways to advance sustainability in high performance computing
Finding the answer to the world’s most pressing issues rests on one crucial capability: high performance computing (HPC). With HPC, complex questions that have puzzled humankind for centuries are being unraveled at record speeds–such as unlocking mysteries of the universe, finding cures for diseases, sequencing DNA, and mitigating the impacts of climate change. The supercomputers […]
Russian APT Group Caught Hacking Roundcube Email Servers
A Russian hacking group has been caught hacking into Roundcube servers to spy on government institutions and military entities in Ukraine. The post Russian APT Group Caught Hacking Roundcube Email Servers appeared first on SecurityWeek.
Western Digital blocks unpatched My Cloud devices
Western Digital has blocked devices running vulnerable firmware versions from accessing its cloud services, the company said in an advisory. The move comes about a month after the company released firmware updates for its My Cloud product line to address a critical path traversal bug that leads to remote code execution (RCE). “Devices running unpatched […]
Start with digital documents to make your workplace more accessible
In today’s rapidly evolving work and customer landscape, accessibility is a crucial consideration in ensuring employees and customers can fully participate in the experiences brands provide – and generally part of being a responsible corporate citizen. However, a recent Adobe survey found that only about half of brands are investing in making experiences more […]
Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack
Gen Digital, which owns Avast, Avira, AVG, Norton, and LifeLock, said employee data was compromised in the MOVEit ransomware attack. The post Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack appeared first on SecurityWeek.
OT:Icefall: Vulnerabilities Identified in Wago Controllers
Forescout Technologies has disclosed the details of vulnerabilities impacting operational technology (OT) products from Wago and Schneider Electric. The post OT:Icefall: Vulnerabilities Identified in Wago Controllers appeared first on SecurityWeek.
New ‘RDStealer’ Malware Targets RDP Connections
Bitdefender finds new malware capable of monitoring incoming RDP connections and infect the connecting clients that have client drive mapping enabled. The post New ‘RDStealer’ Malware Targets RDP Connections appeared first on SecurityWeek.
Getting ahead of cyberattacks with a DevSecOps approach to web application security
Web applications are foundational to a company’s business and brand identity yet are highly vulnerable to digital attacks and cybercriminals. As such, it’s vital to have a robust and forward-leaning approach to web application security. With an estimated market size of USD $30B by 2030, the term “application security” takes on numerous forms, but one […]
Simply the best: Celebrating IT innovation at CIO 100 Symposium & Awards August 14-16 in Southern California
Tina Turner was known as the Queen of Rock ‘n’ Roll for a reason. She inspired generations of performers and fans, made valuable contributions to the music industry, and won more awards than I can mention here. Tina died on May 24, but her legacy as a rock icon and role model for women will […]
Security budget hikes are missing the mark, CISOs say
Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. That’s according to new research from risk and cybersecurity solutions provider BSS, which surveyed 150 security leaders. It found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being […]
Fulfilling Expected SEC Requirements for Cybersecurity Expertise at Board Level
Nobody doubts the need to increase board level cyber expertise, but there is no single preferred route. The post Fulfilling Expected SEC Requirements for Cybersecurity Expertise at Board Level appeared first on SecurityWeek.
Bajaj Allianz’s KV Dipu reveals the power of customer experience
One of India’s leading insurance companies, Bajaj Allianz General Insurance, which offers insurance services to over 1100 towns and cities in India and serves close to 11 crore customers, has been making technological strides in the industry., driving industry leadership, digital transformation, and innovation. In an interview with CIO.com, KV Dipu, head of operations and […]
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack
The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth. The post Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack appeared first on SecurityWeek.
Why assessing third parties for security risk is still an unsolved problem
A Forbes article is making the rounds right now about America’s most cyber-secure companies, and I can already see the cybersecurity outrage machine up in arms. Full confession: I haven’t yet read the article, but I’m about to. I’m writing this in two parts: before I read the article, and after I read the article. […]
8 ways to detect (and reject) terrible IT consulting advice
Welcome to the golden age of experts. It’s hard to go anywhere in IT these days, physically or virtually, without bumping into someone offering IT advice. The problem, of course, is that many experts — even those affiliated with major organizations — are sometimes wrong. Or, more commonly, they might be right about some things […]
Ending the ‘forever war’ against shadow IT
One of the most important accountabilities of the modern CIO is data integrity. The corporation must be confident that the data it uses to make strategic business decisions is safe, accurate, and private. There is no question that the IT department and its CIO is ultimately responsible for assuring this is true. But ensuring data […]
Oracle’s new EU Sovereign Cloud regions to help enterprises meet data regulations
Oracle on Tuesday said it is opening its EU Sovereign Cloud for enterprises and government bodies to help them meet evolving data residency and privacy regulations — such as the General Data Protection Regulation (GDPR) — while moving to the cloud. The new EU Sovereign Cloud will comprise two data regions or data centers […]
Huawei unveils four strategic directions for the future of finance
Finance is poised to undergo a transformation, as Artificial Intelligence (AI) steps in to make real-time decisions using vast data sets. This vision was outlined by Jason Cao, CEO of Global Digital Finance at Huawei, during Huawei Intelligent Finance Summit 2023. Mr. Cao highlighted that globally, there will soon be 100 billion connections, and with […]
Huawei unveils four strategic directions for the future of finance
Finance is poised to undergo a transformation, as Artificial Intelligence (AI) steps in to make real-time decisions using vast data sets. This vision was outlined by Jason Cao, CEO of Global Digital Finance at Huawei, during Huawei Intelligent Finance Summit 2023. Mr. Cao highlighted that globally, there will soon be 100 billion connections, and with […]
Romanian cybercrime gang Diicot builds DDoS botnet with Mirai variant
A cybercriminal group calling itself Diicot is performing mass SSH brute-force scanning and deploying a variant of the Mirai IoT botnet on compromised devices, according to researchers. The group also deploys a cryptocurrency mining payload on servers with CPUs that have more than four cores. “Although Diicot have traditionally been associated with cryptojacking campaigns, Cado […]
Asus Patches Highly Critical WiFi Router Flaws
Asus patches nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks. The post Asus Patches Highly Critical WiFi Router Flaws appeared first on SecurityWeek.
Trend Micro adds generative AI to Vision One for enhanced XDR
Trend Micro has announced the integration of generative AI into its flagship Vision One platform with the new AI tool, Companion. Companion uses advanced AI/machine learning analytics and correlated detection models to enhance extended detection and response (XDR) capabilities, according to the cybersecurity vendor. It has been designed to amplify security operations, improve accessibility and […]
Team Cymru launches threat-hunting tool aims to fast-forward analysis
Team Cymru has launched Pure Signal Scout, an external threat-hunting and malicious infrastructure analysis tool to “level up” security operations centers (SOCs). Under the promise of being the “fastest” tool available for threat insights, Pure Signal Scout is expected to save analysts’ time by providing fast answers to complex queries. “We are now achieving in […]
US feds stress urgent MOVEit platform patching after attacks hit agencies
In the latest cyber incident affecting the US federal government, two arms of the US Department of Energy (DOE) and, according to press reports, the US Department of Agriculture and the Office of Personnel Management, have been swept up in a sprawling spree of attacks by the Russia-based Clop ransomware gang. To read this article […]
New Information Stealer ‘Mystic Stealer’ Rising to Fame
A new information stealer malware named Mystic Stealer is gaining traction among cybercriminals on prominent underground forums. The post New Information Stealer ‘Mystic Stealer’ Rising to Fame appeared first on SecurityWeek.
Western Digital Blocks Unpatched Devices From Cloud Services
Western Digital is blocking access to its cloud services for devices running firmware versions impacted by a critical security vulnerability. The post Western Digital Blocks Unpatched Devices From Cloud Services appeared first on SecurityWeek.
Akeyless Launches SaaS-based External Secrets Manager
New SaaS-based secrets manager from Akeyless requires no new infrastructure, and no specialist staff nor secrets management team. The post Akeyless Launches SaaS-based External Secrets Manager appeared first on SecurityWeek.
Ransomware Gang Takes Credit for February Reddit Hack
The Alphv/BlackCat ransomware gang has taken responsibility for the February cyberattack that hit social media site Reddit. The post Ransomware Gang Takes Credit for February Reddit Hack appeared first on SecurityWeek.
Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation
Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less. The post Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation appeared first on SecurityWeek.
8 notable entry-level cybersecurity career and skills initiatives in 2023
The cybersecurity sector has been battling a workforce shortage for years with cybersecurity training and certifications provider (ISC)2 estimating that the global skills gap currently sits at 3.4 million. There are over 600,000 current cyber-related job openings in the US alone, and the supply-to-demand ratio stands at 69%, the lowest it has been since 2010, […]
Finding the Nirvana of information access control or something like it
The recent arrest of US Air Force airman Jack Teixeira following his illegal sharing of classified information just to show off to his buddies shone a spotlight on the conversation surrounding access control. In Teixeira’s case, all the ingredients necessary to protect the classified information were in place, but sadly they appear to have been […]
Watch on Demand: 2023 CISO Forum Sessions
All panel discussions and technical presentations from SecurityWeek’s 2023 CISO Forum are available to watch free on demand. The post Watch on Demand: 2023 CISO Forum Sessions appeared first on SecurityWeek.
MOVEit Customers Urged to Patch Third Critical Vulnerability
A critical vulnerability (CVE-2023-35708) in MOVEit software could allow unauthenticated attackers to access database content. The post MOVEit Customers Urged to Patch Third Critical Vulnerability appeared first on SecurityWeek.
A Russian Ransomware Gang Breaches the Energy Department and Other Federal Agencies
The cybersecurity firm SecurityScorecard says it detected 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies. The post A Russian Ransomware Gang Breaches the Energy Department and Other Federal Agencies appeared first on SecurityWeek.
IT leaders expand high-value talent search across globe
In terms of what the pandemic hath wrought for IT teams, the rapid uptake of remote work lands near the top of the list of positive impacts. For some IT leaders, the increased comfort managing a digital tech workforce has opened the door to hiring professionals in far-flung locations. “There is no question that the […]
Atlantic Health streamlines insurance authorization with intelligent automation
When the COVID-19 pandemic started, Atlantic Health System, like other healthcare providers, found itself under enormous stress. In addition to dealing with patients suffering the effects of a new virus, healthcare providers had to contend with new care protocols, staffing issues, and supplies shortages spurred by the pandemic, all of which placed additional pressure on […]
Microsoft Says Early June Disruptions to Outlook, Cloud Platform, Were Cyberattacks
Early June 2023 disruptions to Microsoft’s flagship office suite were Layer 7 DDoS attacks by a shadowy new hacktivist group dubbed Storm-1359 by Microsoft. The post Microsoft Says Early June Disruptions to Outlook, Cloud Platform, Were Cyberattacks appeared first on SecurityWeek.
In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act
Cybersecurity news that you may have missed this week: Bug bounties for Linux kernel exploits, Cybersecurity Awareness Act, FBI data on BEC losses. The post In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act appeared first on SecurityWeek.
Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks
The US charges Russian national Ruslan Magomedovich Astamirov over his alleged role in LockBit ransomware attacks. The post Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks appeared first on SecurityWeek.
Russian Hackers Using USB-Spreading Malware in Attacks on Ukrainian Government, Military
Russia-linked hacking group Gamaredon is infecting USB drives for lateral movement within compromised Ukrainian networks. The post Russian Hackers Using USB-Spreading Malware in Attacks on Ukrainian Government, Military appeared first on SecurityWeek.
MoneyGram profits from mainframe move to multicloud
For MoneyGram International, migrating workloads from the mainframe to the cloud has been a boon for the bottom line — and a lifeline against increasing market disruption from digital money-transfer upstarts. As expected, operating in the cloud has enabled the 80-year-old company to significantly reduce the cost of running its data center in Minneapolis. It […]
Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks
The Cl0p ransomware gang has listed more than two dozen victims of the MOVEit zero-day attack on its leak website. The post Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks appeared first on SecurityWeek.
CISA, NSA Share Guidance on Hardening Baseboard Management Controllers
CISA and the NSA have published new guidance to help organizations harden baseboard management controllers (BMCs). The post CISA, NSA Share Guidance on Hardening Baseboard Management Controllers appeared first on SecurityWeek.
Content Moderation Tech Startup Trust Lab Snags $15M Investment
Investors pour $15 million into Silicon Valley startup building AI-powered technology to detect and monitor harmful content on the internet. The post Content Moderation Tech Startup Trust Lab Snags $15M Investment appeared first on SecurityWeek.
OT Security Firm Shift5 Adds $33 Million in Funding
Shift5 has now raised $108 million in funding to bring cybersecurity to OT within fleet vehicles: planes and boats and trains – and military vehicles and weapon systems. The post OT Security Firm Shift5 Adds $33 Million in Funding appeared first on SecurityWeek.
XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions
Microsoft addressed two cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry (ACR) leading to unauthorized access to user sessions. The post XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions appeared first on SecurityWeek.
4 steps for building a new DEX strategy
Hybrid work is here to stay, and it’s put the digital work experience (DEX) at the heart of every business operation. Yet many organizations are struggling to adapt their existing digital work experiences for today’s digital-first realities. This piece briefly walks through the problems organizations might experience if they don’t build a new DEX strategy, the four […]
Barracuda Zero-Day Attacks Attributed to Chinese Cyberespionage Group
Attacks exploiting the Barracuda zero-day CVE-2023-2868 have been linked to a Chinese cyberespionage group that has targeted government and other organizations. The post Barracuda Zero-Day Attacks Attributed to Chinese Cyberespionage Group appeared first on SecurityWeek.
SquareX Launches Bug Bounty Program for Browser Security Product
Cybersecurity startup SquareX launches a temporary bug bounty program for its cloud-based browser security solution. The post SquareX Launches Bug Bounty Program for Browser Security Product appeared first on SecurityWeek.
Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits
Fake security researcher accounts seen distributing malware disguised as Chrome, Signal, WhatsApp, Discord and Exchange zero-day exploits. The post Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits appeared first on SecurityWeek.
Four Things to Consider as You Mature Your Threat Intel Program
If you want to begin, or improve, sharing customized intelligence with key users, consider these four aspects as you develop your process. The post Four Things to Consider as You Mature Your Threat Intel Program appeared first on SecurityWeek.
US Organizations Paid $91 Million to LockBit Ransomware Gang
LockBit ransomware operators launched 1,700 attacks in the US and received roughly $91 million in ransom payments. The post US Organizations Paid $91 Million to LockBit Ransomware Gang appeared first on SecurityWeek.
5 best practices to ensure the security of third-party APIs
When organizations consider application programming interface (API) security, they typically focus on securing APIs that are written in-house. However, not all the APIs that companies use are developed internally, rather some are designed and developed by other organizations. The problem is that many companies don’t realize that using third-party APIs can expose their applications to […]
Security culture improving in businesses despite factors holding teams back
The vast majority of CISOs have observed positive security culture gains in their organizations in the last year despite a perceived dip in the quality of overall security posture, according to the 10th annual Information Security Maturity Report published by ClubCISO and Telstra Purple. The research surveyed 182 members of ClubCISO, a global community of […]
The top 10 IT outsourcing service providers
Everest Group’s annual ranking of the top IT service providers saw significant shuffling again this year, but one thing that remained unchanged was Accenture’s position at the top of the list. For the seventh year in a row, the $61.6 billion firm was recognized as the leading service provider of the year, a testament to […]
Examining Mr Price Group’s search to modernize
For modern CIOs, it’s essential to have a healthy balance between innovation and mainstream tech, says Kim Sim, Mr Price Group CIO. So she needs to keep tabs on the spectacular rise of artificial intelligence (AI) and its use cases, while also monitoring developments across topics that have been around for years, like big data, […]
Generative AI’s change management challenge
Despite headlines warning that artificial intelligence poses a profound risk to society, workers are curious, optimistic, and confident about the arrival of AI in the enterprise, and becoming more so with time, according to a recent survey by Boston Consulting Group (BCG). For many, their feelings are based on sound experience. Although ChatGPT, the poster […]
How Europe is Leading the World in the Push to Regulate AI
Authorities worldwide are racing to rein in artificial intelligence, including in the European Union, where groundbreaking legislation is set to pass a key hurdle. The post How Europe is Leading the World in the Push to Regulate AI appeared first on SecurityWeek.
Talking Zero Trust and SASE with CISOs at the Summit
There aren’t many events where a critical mass of Chief Information Security Officers gathers to exchange ideas about the current threat environment, key initiatives, etc. The annual Gartner Security and Risk Management Summit is one of them, and I’m looking forward to attending it this year. I’m particularly interested in the experiences and best practices […]
Attackers set up rogue GitHub repos with malware posing as zero-day exploits
In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware. The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms. “The attacker has […]
Huawei Cloud Stack Takes No. 1 in China’s Software-Defined Compute Software Market 3 Years in a Row
According to the latest reports released by IDC (a world-leading provider of IT market research and consulting services), China Software-Defined Compute Software Market Tracker, 2022 H2/2022 and China Cloud System and Service Management Software Market Tracker, 2022 H2, Huawei Cloud Stack was ranked No. 1 in China’s software-defined compute (SDC) software market in the second […]
Microsoft Outs New Russian APT Linked to Wiper Attacks in Ukraine
Microsoft is publicly exposing a Russian hacking group that worked on destructive wiper malware attacks that hit organizations in Ukraine. The post Microsoft Outs New Russian APT Linked to Wiper Attacks in Ukraine appeared first on SecurityWeek.
Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign
Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. “In the past few years, Sygnia’s IR teams have engaged in numerous incidents in which world-wide organizations […]
The new challenges of scale: What it takes to go from PB to EB data scale
Big data exploded onto the scene in the mid-2000s and has continued to grow ever since. Today, the data is even bigger, and managing these massive volumes of data presents a new challenge for many organizations. Even if you live and breathe tech every day, it’s difficult to conceptualize how big “big” really is. Going […]
Informatica acquires Privitar to boost data access management
Enterprise data management vendor Informatica on Wednesday said that it has acquired London-based startup Privitar for an undisclosed sum in order to boost the data access management capabilities of its Intelligent Data Management Cloud (IDMC). IDMC, which was launched in May 2021, is a suite that sits on top of enterprise databases and manages […]
Cybersixgill automates threat intelligence with IQ generative AI application
Cybersixgill’s new IQ cybersecurity threat intelligence application promises to offer quicker and more digestible intelligence on potential threats on the dark web, by leveraging generative AI to provide automated reporting and dissemination of information. The idea is to simplify access to threat intelligence data, which ordinarily is done manually by analysts. According to the company’s […]
CISA Instructs Federal Agencies to Secure Internet-Exposed Devices
CISA’s Binding Operational Directive 23-02 requires federal agencies to secure the network management interfaces of certain classes of devices. The post CISA Instructs Federal Agencies to Secure Internet-Exposed Devices appeared first on SecurityWeek.
Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability
Hundreds of thousands of ecommerce sites are impacted by a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin. The post Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability appeared first on SecurityWeek.
Threat Intelligence Firm Silent Push Launches With $10 Million in Seed Funding
Detection-focused threat intelligence firm Silent Push, which maps out the entire internet every day, has launched with $10 million in seed funding. The post Threat Intelligence Firm Silent Push Launches With $10 Million in Seed Funding appeared first on SecurityWeek.
Rezilion releases agentless runtime software vulnerability management solution
Software supply chain security vendor Rezilion has announced the release of a new agentless solution for vulnerability management. It enables security teams to monitor exploitable software attack surfaces in runtime without using an agent, reducing the time and overhead required for traditional runtime-based software vulnerability analysis, according to the firm. Rezilion’s new solution covers all […]
Cyber liability insurance vs. data breach insurance: What's the difference?
With an ever-increasing number of cybersecurity threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation, which is no surprise given that the average cost of a data breach in the US has risen […]
Chrome 114 Update Patches Critical Vulnerability
Google has released a Chrome 114 security update to address five vulnerabilities, including a critical-severity bug in Autofill payments. The post Chrome 114 Update Patches Critical Vulnerability appeared first on SecurityWeek.
NetSuite ERP gets account reconciliation feature from Oracle Fusion Cloud EPM
Oracle NetSuite on Wednesday said it is adding a new account reconciliation feature to its enterprise resource planning (ERP) suite, dubbed NetSuite ERP. The new feature, which is expected to automate the reconciliation process for accounts payable, accounts receivable, bank and credit card transactions, prepaid accounts, accruals and fixed assets accounts, intercompany transactions, and other […]
Why a digital operating model is key to real-time AI
By George Trujillo, Principal Data and AI Strategist, DataStax Over the past couple months, I’ve met with 60+ executives in closed-room discussions and presented to over 400 attendees in virtual presentations. From these interactions, I’ve narrowed down five challenges that repeatedly come up. Do any of these look familiar in your organization? A lack of […]
ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities
ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities. The post ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities appeared first on SecurityWeek.
SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates
SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities. The post SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates appeared first on SecurityWeek.
What digital business acceleration means for Gulfstream Aerospace’s CIO
Gulfstream Aerospace, an integral business unit of General Dynamics, is a household name in technologically advanced business aircraft. It all began with The Grumman Gulfstream I in 1958, and today has about 3,000 business jets in service worldwide. With company headquarters in Savannah, Georgia, Sheryl Bunton joined in 2015 to lead its Business Technology Unit, […]
How the modern CIO grapples with legacy IT
For Jo Abernathy, CIO at Blue Cross Blue Shield of North Carolina (BCBSNC), it was time to just walk away from the healthcare company’s aging IBM Db2 databases running on AIX. “We decided to prioritize the elimination of some pervasive technologies that have become too expensive relative to comparable products, and where support was lacking,” […]
The top 15 big data and data analytics certifications
Data and big data analytics are the lifeblood of any successful business. Getting the technology right can be challenging but building the right team with the right skills to undertake data initiatives can be even harder — a challenge reflected in the rising demand for big data and analytics skills and certifications. If you’re looking […]
Why NTT followed its own advice to accelerate technology modernization
The future is in the cloud, driven by software and with a limited need for physical hardware. This shouldn’t come as a surprise to anyone, and it’s what we tell our clients at NTT daily as we help them make the transition from hardware to software-defined infrastructure (SDI). We know that organizations that are migrating […]
Spotify Fined $5 Million for Breaching EU Data Rules
Music streaming giant Spotify was fined 58 million kronor ($5.4 million) for not properly informing users on how data it collected on them was being used, Swedish authorities said. The post Spotify Fined $5 Million for Breaching EU Data Rules appeared first on SecurityWeek.
Fuel Innovation with Increased Data Access and Integrity with Sovereign Cloud
“Data is the new oil,” said British mathematician and data scientist Clive Humby in 2006. It’s certainly a valuable and coveted resource, but you need to be able to access and use it for it to be valuable. Now that we’ve covered the importance of data sovereignty, as well as security, privacy, and compliance, let’s […]
ServiceNow offers virtual agent to assist with generative AI
ServiceNow is making generative AI accessible from more areas of its low-code development platform, putting it front and center in the chatbots enterprises are starting to use to interact with their ServiceNow applications. But as software vendors like ServiceNow, Salesforce, or SAP offer new ways to take advantage of generative AI capabilities, such as summarizing […]
Accenture to invest $3 billion in AI
IT consulting and services giant Accenture announced today that it would spend $3 billion on assets, startups, talent and partnerships aimed at staking out a leading position in the fields of generative and predictive AI. Beyond the raw investment of money, Accenture said that its data and AI practice will double in size, from 40,000 […]
MOVEit Transfer developer patches more critical flaws after security audit
The developer of the recently exploited MOVEit Transfer application issued new updates after a third-party security audit identified additional SQL injection vulnerabilities. Customers are advised to deploy the new patches as soon as possible since attackers are clearly interested in exploiting this and other enterprise secure file transfer solutions. “In addition to the ongoing investigation […]
Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks
Patch Tuesday: Microsoft ships updates to over at least 70 documented vulnerabilities affecting the Windows ecosystem. The post Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks appeared first on SecurityWeek.
Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day
Mandiant has observed a Chinese cyberespionage group exploiting a VMware ESXi zero-day vulnerability for privilege escalation. The post Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day appeared first on SecurityWeek.
Global information management survey compares a decade of digital transformation efforts
Information is at the core of every business’s digital transformation. Managing it has gotten more and more challenging due to growing volumes of content, and the disparate and complex tools and systems. Intelligent information management is critical to the success of digital transformation initiatives like online ordering, omnichannel customer experience, remote work, and compliance mandates. […]
Intelligent Document Processing market grows as important subset of digital transformation
A recent MarketsandMarkets study expects the global Intelligent Document Processing (IDP) market to grow at a compound annual gross increased rate (CAGR) of 37.5% from 2022 to 2027. This growth is being driven by the pressing need for organizations to process large volumes of semi-structured and unstructured documents, store them and access them securely, and […]
Okta aims to unify IAM for Windows, macOS devices in hybrid work environments
Okta said Tuesday that it’s set to launch a new offering, Okta Device Access, designed to extend the capabilities of its cloud-based identity and access management (IAM) service to enterprise desktops and other devices in hybrid work environments. The application, according to the company, aims to simplify logins while also offering stronger authentification features and […]
AI and tech innovation, economic pressures increase identity attack surface
Tension between difficult economic conditions and the pace of technological innovation, including the evolution of artificial intelligence (AI), is fueling the growth of the identity attack surface and identity-led cybersecurity exposure. That’s according to the CyberArk 2023 Identity Security Threat Landscape Report, which details how these issues have the potential to compound “cyber debt” where […]
Patch Tuesday: Critical Flaws in Adobe Commerce Software
Adobe ships urgent fixes for at least a dozen flaws that expose Adobe Commerce users to code execution attacks. The post Patch Tuesday: Critical Flaws in Adobe Commerce Software appeared first on SecurityWeek.
CosmicEnergy ICS Malware Poses No Immediate Threat, but Should Not Be Ignored
The Russia-linked ICS malware named CosmicEnergy does not pose a direct threat to OT systems as it contains errors and lacks maturity. The post CosmicEnergy ICS Malware Poses No Immediate Threat, but Should Not Be Ignored appeared first on SecurityWeek.
What is Salesforce AI Cloud: Should you subscribe?
Salesforce’s new AI Cloud has left many baffled over what it’s all about — how it is different from the competition, what’s new in the offering, and whether one should consider subscribing. Analysts predict there could only be a few takers for the pricey new offering. The Salesforce AI Cloud combines the company’s previously announced […]
Virtual Event Today: CISO Forum 2023 – Register to Join
SecurityWeek’s 2023 CISO Forum Virtual Summit is taking place June 13-14 as a fully immersive online experience. The post Virtual Event Today: CISO Forum 2023 – Register to Join appeared first on SecurityWeek.
Romanian Operator of Bulletproof Hosting Service Sentenced to Prison in US
A Romanian national who operated a bulletproof hosting service used by malware operators was sentenced to prison in the US. The post Romanian Operator of Bulletproof Hosting Service Sentenced to Prison in US appeared first on SecurityWeek.
New Research Shows Potential of Electromagnetic Fault Injection Attacks Against Drones
New research conducted by IOActive shows the potential of electromagnetic fault injection (EMFI) attacks against drones. The post New Research Shows Potential of Electromagnetic Fault Injection Attacks Against Drones appeared first on SecurityWeek.
Ransomware Attack Played Major Role in Shutdown of Illinois Hospital
St. Margaret’s Health in Illinois is shutting down hospitals partly due to a 2021 ransomware attack that caused serious payment system disruptions. The post Ransomware Attack Played Major Role in Shutdown of Illinois Hospital appeared first on SecurityWeek.
Data of 8.8 Million Zacks Users Emerges Online
A database containing the personal information of roughly 9 million Zacks users has emerged online. The post Data of 8.8 Million Zacks Users Emerges Online appeared first on SecurityWeek.
Artificial intelligence is coming to Windows: Are your security policy settings ready?
What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, […]
10 emerging innovations that could redefine IT
The pace of innovation is relentless. CIOs must watch for the next generation of emerging technologies because new software can go from the dreams of some clever coder to an essential part of every IT shop in the blink of an eye. Once wild and seemingly impossible notions such as large language models, machine learning, […]
The surefire way to waste money on IT consultants
Bringing in consultants to understand organizational dysfunction and make plans to remedy it can be a smart CIO move. But sometimes the consultants end up choosing sides. When that happens your consulting investments end up compounding the felony. To understand how it happens and how to prevent it, see if you can find the common […]
CDO Deepak Sharma on banking IT success
As chief digital officer of Kotak Mahindra Bank, Deepak Sharma has been instrumental in driving the bank’s digital transformation, future-ready initiatives, and business model innovation strategies. Leading from the front, Sharma has implemented various innovative technology projects such as WhatsApp Banking, 811, conversational banking bot, and open and connected banking. In a wide-ranging interview with […]
Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks
Fortinet has warned customers that the critical CVE-2023-27997 vulnerability that was patched recently could be a zero-day exploited in limited attacks. The post Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks appeared first on SecurityWeek.
Cloud: qual è il momento giusto per passare all’IaaS?
L’evoluzione delle aziende italiane impegnate nella migrazione verso il cloud si chiama IaaS o Infrastructure-as-a-Service. Se, in passato, gli investimenti dell’IT in SaaS, o Software as-a-Service, hanno dominato il panorama nel quale si staglia “la nuvola”, dallo scorso anno anche le “Infrastrutture come servizio” hanno assunto una dimensione rilevante. A registrare questo trend sono i […]
Business email compromise scams take new dimension with multi-stage attacks
In a campaign that exploits the relationships between different organizations, attackers managed to chain business email compromise (BEC) against four or more organizations jumping from one breached organization to the next by leveraging the relationships between them. The attack, which Microsoft researchers call multi-stage adversary-in-the-middle (AiTM) phishing, started with a compromise at a trusted vendor […]
University of Auckland gears up for Esports opportunities
The University of Auckland is eyeing up new academic research opportunities and strengthening student engagement with its newly launched Esports arena. The launch comes at an opportune time for the rapidly growing local gaming sector, with the New Zealand government announcing $160 million in last month’s budget to establish a 20% rebate for game developers. […]
How Tyson Foods gained visibility and alignment that fueled digital transformation
For years now, digital transformation has been a vital strategic initiative for many enterprises. In recent years, many organizations have made significant strides in their transformation efforts. However, persistent barriers have held many teams back. In fact, a report from Bain & Company found that over 90% of organizations have struggled with digital transformation—and only […]
How manufacturers can unlock new value from existing data
In an industry buffeted by constant pressure on margins, shifting trade patterns, and supply chain uncertainty, manufacturing companies are looking for any edge they can get. The good news? It can often be found in innovative uses of data. Here’s how manufacturers can harness data analytics to improve performance across three critical areas of their […]
The steep cost of a poor data management strategy
It’s a time-tested truth: Getting a head start improves outcomes. In sprint races, it’s not always the fastest runner that wins, but the one with the best start. And marathoners know that how they run their first few miles often determines how they finish. And before runners even enter a race—whether a sprint or a marathon—they have prepared with […]
The four-way test: Find the answers to better IT leadership at FutureIT Chicago
The four-way test is a set of guiding principles that every member of Rotary, an international service organization, can recite. The test is an adaptive process that considers everyone’s point of view. The process is designed to build goodwill and earn trust so a particular result is mutually beneficial, sustainable, and has scalable outcomes. As […]
Celebrate innovation: Apply now for CIO Awards Canada!
I’ve got some super exciting news to share with you. Last year, we embarked on an incredible journey with the launch of the CIO Awards Canada program. It was an absolute blast celebrating the most innovative organizations and accomplished leaders in the tech world. Witnessing the outstanding projects and teams that emerged from all corners […]
To solve the cybersecurity worker gap, forget the job title and search for the skills you need
BlackBerry CISO Arvind Raman looks beyond job titles when he has open positions to fill and instead focuses on the key skills required to do the work. That mindset allows Raman to readily identify and recruit qualified professionals from outside the security field, instead of simply seeking candidates working their way up the typical chain […]
Innovation without disruption: virtual agents for hyper-personalized customer experience (CX)
Chatbots and IVRs are contact center staples, but most still provide automated service for basic, repeatable tasks. What about when a customer needs to be intelligently routed to a better resource or has a question that’s not so cut-and-dry cut. Virtual Agent, or VA, is the next natural step for significantly better customer and business […]
US Government Provides Guidance on Software Security Guarantee Requirements
OMB has published new guidance on federal agencies obtaining security guarantees from software vendors. The post US Government Provides Guidance on Software Security Guarantee Requirements appeared first on SecurityWeek.
Cycode’s free CI/CD monitoring tool offers new DevOps visibility
Cycode’s new Cimon monitoring tool for continuous integration and continuous delivery is designed to offer a new level of visibility into the CI/CD process, securing code against data exfiltration and other malicious activity. According to the company’s announcement, Cimon — short for CI Monitor — is a runtime security agent that uses the enhanced Berkeley […]
US Charges Russians With Hacking Cryptocurrency Exchange
Two Russian nationals are charged in the US with hacking a cryptocurrency exchange and conspiring to launder the proceeds. The post US Charges Russians With Hacking Cryptocurrency Exchange appeared first on SecurityWeek.
Software Supply Chain: The Golden Container Ship
By having a golden image you will put a process in place that allows you to quickly take action when a vulnerability is found within your organization. The post Software Supply Chain: The Golden Container Ship appeared first on SecurityWeek.
Intellihartx Informs 490k Patients of GoAnywhere-Related Data Breach
Intellihartx says the personal information of roughly 490,000 individuals was compromised in the GoAnywhere zero-day attack earlier this year. The post Intellihartx Informs 490k Patients of GoAnywhere-Related Data Breach appeared first on SecurityWeek.
New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward
Researchers discover new MOVEit vulnerabilities related to the zero-day, just as more organizations hit by the attack are coming forward. The post New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward appeared first on SecurityWeek.
Threat intelligence programs poised for growth
In my last CSO article, I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research, the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies. […]
The 12 biggest issues IT faces today
The list of expectations on CIOs continues to lengthen, as they face pressure to seize on new technologies and drive the organization forward while simultaneously improving efficiency, dealing with staffing challenges, and facing a tech skills gap. Granted, each CIO will have a unique list of priorities and challenges based on enterprise objectives and its […]
4 ways Swedish CIOs strengthen defenses against bombarding AI sales
The current interest in AI is massive, and companies, as well as the public sector, are exploring the new technology in all its capacities as much as possible. But it’s important to be vigilant and painstakingly sort through all products that have an AI label. “Many handle the word a bit carelessly,” says Charlotte Svensson, CIO […]
What is COBIT? A framework for alignment and governance
What is COBIT and why is it important? COBIT is an IT management framework developed by the ISACA to help businesses develop, organize, and implement strategies around information management and IT governance. The goal of the COBIT framework is to support “understanding, designing, and implementing the management and governance of enterprise IT (EGIT),” according to the […]
Swiss Fear Government Data Stolen in Cyberattack
Switzerland said government operational data might have been stolen in a ransomware attack on a technology firm that provides software for several departments. The post Swiss Fear Government Data Stolen in Cyberattack appeared first on SecurityWeek.
Fortinet Patches Critical FortiGate SSL VPN Vulnerability
Fortinet has patched CVE-2023-27997, a critical FortiGate SSL VPN vulnerability that can be exploited for unauthenticated remote code execution. The post Fortinet Patches Critical FortiGate SSL VPN Vulnerability appeared first on SecurityWeek.
La prima regola di un CIO sull’automazione: avere un chiaro piano di business
In virtù del loro ruolo, che li colloca tra l’IT e la strategia aziendale, i CIO godono di una posizione privilegiata nell’identificare i processi che le loro aziende devono modernizzare e automatizzare. Quando si tratta di aggiornare i sistemi principali per incrementare l’efficienza operativa, devono anche assicurarsi che esista un valido business case, cioè avere […]
Finalists for Australia’s Next CIO Award 2023 revealed
The finalists for the inaugural Next CIO Award in this year’s Australia CIO50 have been announced. This award recognises rising stars in ICT roles who are on the pathway to senior leadership. The Next CIO winner will be an individual who is exceeding expectations and helping drive innovation through their organisation. The finalists for the […]
自動化に対するCIOの第一のルール:ビジネスケースを明確にする
CIOは、ITと効果的なビジネス戦略の間における自社の立場に基づいて、組織の近代化と自動化のために必要なプロセスを特定することができます。Gartnerの副社長兼アナリストであるLaurie Shotton氏は、「業務効率化を推進する基幹システムをアップデートする場合、自動化するための安定したビジネスケースが存在することを確認する必要もあります」と述べています。CIOは通常、ITの自動化だけでなくビジネスの自動化推進の役割も担っているため、これは意外なことではありません。しかし、この2つは必ずしも相反する関係にあるとは限らないのです。 「この15年から20年において、企業は業務の効率化を図るために基幹システムのモダナイゼーションに取り組んできました」と同氏は説明します。「しかしそれと置き換えるためのビジネスケースが十分でないことが往々にしてあるのです」 自動化、ビジネス、およびCIO 自動化はKPIの改善やエンドユーザーエクスペリエンスの向上に役立つ新しいチャネルの構築を促進するため、事業を推進するCIOの主要なツールの一つであると、Rocket MortgageのCIOであるBrian Woodring氏は述べています。「最大の課題は、ビジネスの自動化によって、従来の非常に煩雑な手作業のプロセスを無くしてRPA化しているだけではないことを確認することです」と同氏は説明します。「これを怠った場合、短期的な勝利は得られるかもしれませんが、長期にわたる価値を提供することはできないでしょう。これまでに私が学んできたなかで最たるものの一つは、ビジネスに対して自動化を行うことはできないということです。自動化はビジネスに合わせて行わなければなりません。」 例えば、Cardinal Healthの医薬品部門の技術組織は、ビジネスリーダーと緊密に連携することで現在の弱点を特定し、これらのツールが顧客や従業員の体験をどのように改善するかに焦点を当てて、自動化すべき適切なプロセスを決定しているとCIOのGreg Boggs氏は述べています。 「当社のテクノロジー部門は、ビジネスリーダーと緊密に連携することで現在の弱点を特定し、これらのツールが、顧客や従業員の体験をどのように改善するかに焦点を当てて、自動化すべき適切なプロセスを決定します」と同氏は説明します。「一般的に、自動化構想がビジネスに与える影響を定量化するのは簡単でした。なぜなら、自動化構想には明確な事前・事後のビジネス指標があるからです。当社は、自動化における業務を成熟させ、ダイナミックでグローバルなヘルスケア環境において、軽快で革新的、かつ迅速に方向転換できるアーキテクチャを構築してきました」 しかし、金融機関におけるCIOの仕事の課題は、クライアントを満足させると同時にコンプライアンスを維持しながら、ビジネスのプロセス全体を再定義して無駄を省くことであるとWoodring氏は述べています。 さらに、自動化とAIを組み合わせた企業は、より迅速な意思決定、ビジネスプロセスの最適化、高い効率化を推進できるようになると、Capgemini社アプリケーション管理サービスデリバリー担当VPのSubramani Elumalai氏は語ります。 他のCIOも、ビジネスが自動化の取り組みの中心的な検討事項であることに同意しています。 たとえば、Northwestern Mutualでは、「アメリカ人を経済的不安から解放する」というミッションが、事業の優先順位を通知するすべての行動を後押ししていると、CIO兼EVPのJeff Sippel氏は述べています。 実用的なレベルでは、有意義な影響をもたらすエリアに自動化ソリューションを適用することを同社は常に考えています。こうした取り組みの成果を、自動化自体の成功ではなく、ビジネス上の成果として測定していると同氏は付け加えます。 イネーブラーとしての自動化 Adani Electricity Mumbai Ltdの商業管理責任者であるVaibhav Tandon氏にとっても、自動化とビジネス目標は密接な関係にあります。 自動化は、特定のプロセスを識別してビジネス要件を達成するためのイネーブラーとして機能すると同氏は述べています。また顧客中心主義は、電力会社の事業目標にとって極めて重要であり、自動化の取り組みにより、システムの生産性を高める効果が期待できます。「自動化は、顧客体験における重要な手段の一つとなり、その変化のライフサイクルを通じてさまざまな役割を果たすようになりました」とSippel氏は述べます。 そのためには、CIOがより広範で長期的な視点を持つと同時に、事業を継続し、最高の顧客体験を生み出すためのイノベーションを実現することが必要です。 「当社は基本的に街に暮らし続けながら街を再構築しており、CIOは、適切なツールは何か、そしてそのツールをどのようにして適切なタイミングで適切な場所に取り入れるかについて、常に戦略と戦術の両面から比較検討しています」と同氏は説明します。 Jamie Smith氏は、フェニックス大学のCIOとしての同氏の仕事は大学のあらゆる活動において自動化を適用する機会を伝達し、広めることだと述べています。Smith氏の視点は、自動化が人間の仕事を補強し、それによって大学が学生のためにより多くのことを実行できるようになることです。 現在同大学では、人間が行う繰り返し作業を自動化して効率化を図るRPA、学生の学習意欲の向上や出席を促すMLベースの自動ナッジ、社会人学生が支援を必要とする際のサポート窓口を広げる自動バーチャルアシスタント(Phoebe)など、さまざまな自動化を採用しています。 CIOの優先事項 複雑なワークフローの自動化は今後もCIOの優先事項であると、ロンドンに拠点を置くRossumのCTO兼チーフAIアーキテクトのPetr Baudis氏は述べています。重要なことは、このようなプロジェクトを部門間の垣根を越えてスケーリングすることです。これを実現するきっかけとなるのが、AIを活用したデータ取得の継続的な改善です。 高速かつ正確なデータ抽出は、取引や自動化機能を促進し、あらゆるビジネスインテリジェンスやデータ分析プラットフォーム内の基礎技術となり、優れたコラボレーションやB2Bコミュニケーションを可能にすると同氏は語ります。 「当社が重要と考える自動化技術には、RPAならびにプロセスマイニングやタスクマイニングなどがあります」とBaudis氏は述べます。「企業が自動化プロジェクトを試し、拡大するなかで、これらすべての技術間で収束していくのがわかります。 Adani Electricityは今年さらに、配電管理、カスタマーエクスペリエンス、メータリングエコシステム、消費者データ分析の分野で進化を続けているとTandon氏は述べています。 「当社はSASのAI/MLベースのエネルギー予測ソリューションを実装し、予測性能を向上させました」「これにより、約97%の予測精度を実現し、電力調達コストの最適化を図るとともに、250万人の消費者に安定した電力を供給することが可能になりました。流通管理、メータリングエコシステム、消費者データ分析においても進化を続けていきます」と同氏は説明します。 この電力会社の主要な自動化プロジェクトには、高度な配電管理システムを実装し、可視性とスケーラビリティを強化した自己修復型グリッドインフラストラクチャを構築し、カスタマーエクスペリエンスを向上させることが含まれています。また、同社はクラウドベースのデータレイクとアナリティクスソリューションの実装により、Tandon氏が言うところの「信頼できる唯一の情報源」を提供し、セルフサービス分析やデータに裏付けられた意思決定を促進し、より効率的な運用を実現しています。 3年前には2.2%あった当社のお客様の推定検針は、今では0.3%まで下がりました」と同氏は説明しています。「メカニズム全体が自動化されたため、人の手をかけずにすべての測定値を光学的にダウンロードできるようになりました。この取り組みにより、当社のシステム精度や株式資本利益率(RoE)によるインセンティブが確保されただけでなく、透明性が向上し、消費者からの苦情が減少しました」 Cardinal Healthの医薬品部門の主要目標は、顧客により良いサービスを提供するために、倉庫の自動化への取り組みを強化することだとBoggs氏は述べます。 「ITでは、Infrastructure as Code(IaC)、継続的なインテグレーションとデプロイ、およびAIオペレーションを優先していきます」と同氏は説明します。 フェニックス大学でも、いくつかの新しい自動化プロジェクトを進める準備ができています。現在同校では、学生や職員のさまざまな行程において、MLと自動化の利用拡大を可能にするエンタープライズ プラットフォームの開発を進めているとSmith氏は述べます。 「このエンジンは、データレイクに緊密に統合され、最適なチャネルを通じて、適切なタイミングで、真に個別化された学生サポートを可能にします」と同氏は付け加えます。 また同校は、入学手続き、成績処理、学資援助など、ますます複雑化する業務の自動化を継続することで、学生支援の充実を図る予定です。 「近年の進歩によって非構造化ドキュメントの利用や自然言語処理が可能になったことで、まったく新しい複雑なタスクが自動化の対象となりつつあります」とSmithは語ります。 同氏のチームは、自動化を効果的にスケールアップし、安全かつ確実に管理するためのプラットフォームとシステムを構築しています。結局のところ、存在しないはずのプロセスを自動化することほど非効率なことはないと同氏は述べています。AIと組み合わせた自動化は、企業がより迅速な意思決定を行い、ビジネス プロセスを最適化し、より高い効率化を推進する上で大きく役立つはずだとElumalai氏は述べます。「このような自動化は、自動検出、自動修復ソリューションによるビジネスKPIの向上、およびエンドユーザー エクスペリエンスを向上させる新たなチャネルの創出などの可能性を秘めています」 Data […]
Google launches Secure AI Framework to help secure AI technology
Google has announced the launch of the Secure AI Framework (SAIF), a conceptual framework for securing AI systems. Google, owner of the generative AI chatbot Bard and parent company of AI research lab DeepMind, said a framework across the public and private sectors is essential for making sure that responsible actors safeguard the technology that […]
In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
Cybersecurity news that you may have missed this week: AI regulation, layoffs, US aerospace malware attacks, and post-quantum encryption. The post In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption appeared first on SecurityWeek.
Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
Blackpoint Cyber raises $190 million in a growth funding round led by Bain Capital Tech Opportunities. The post Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats appeared first on SecurityWeek.
Google Introduces SAIF, a Framework for Secure AI Development and Use
The Google SAIF (Secure AI Framework) is designed to provide a security framework or ecosystem for the development, use and protection of AI systems. The post Google Introduces SAIF, a Framework for Secure AI Development and Use appeared first on SecurityWeek.
‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
ESET has linked several cybercrime and espionage campaigns to a threat actor tracked as Asylum Ambuscade. The post ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns appeared first on SecurityWeek.
Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
Evidence suggests that the Cl0p ransomware group has known about and conducted tests with the recently patched MOVEit zero-day since mid-2021. The post Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021 appeared first on SecurityWeek.
SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint. The post SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint appeared first on SecurityWeek.
Google Cloud Now Offering $1 Million Cryptomining Protection
Google Cloud is offering up to $1 million in financial protection to cover expenses associated with undetected cryptomining attacks. The post Google Cloud Now Offering $1 Million Cryptomining Protection appeared first on SecurityWeek.
Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
As it pushes to renew a cornerstone law that authorizes major surveillance programs, the Biden administration faces an American public that’s broadly skeptical of common intelligence practices and of the need to sacrifice civil liberties for security. The post Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds appeared first on […]
How Capital One delivers data governance at scale
The ever-increasing emphasis on data and analytics has organizations paying more attention to their data governance strategies these days, as a recent Gartner survey found that 63% of data and analytics leaders say their organizations are increasing investment in data governance. The reason? Data governance is no longer viewed as a vehicle for compliance but […]
Assessing the business risk of AI bias
AI doesn’t get better than the data it’s trained on. This means that biased selection and human preferences can propagate into the AI and cause the results that come out to be skewed. In the US, authorities are now using new laws to enforce instances of discrimination due to prejudicial AI, and the Consumer Financial Protection […]
ACT government falls victim to Barracuda’s ESG vulnerability
The Australian Capital Territory government is one of the victims of a vulnerability found in Barracuda’s email security gateway (ESG). In a press conference on 8 June, ACT government chief digital officer Bettina Konti said there is a likelihood that some personal information is involved but the harms assessment needs to completed for that to […]
Rebalancing through Recalibration: CIOs Operationalizing Pandemic-era Innovation
Kamal Nath, CEO, illustrates how Sify managed to operationalize pandemic era Innovation and how CIOs can follow suit in their journey. “We have to walk a new path with our clients,” says Kamal Nath, CEO of Sify, who shed light on the ways of working closely on the complexities pre-pandemic and how we are heading […]
North Korean APT group targets email credentials in social engineering campaign
Researchers warn of a social engineering campaign by the North Korean APT group known as Kimsuky that attempts to steal email credentials and plant malware. The campaign, focused on experts in North Korean affairs, is part of this group’s larger intelligence gathering operations that target research centers, think tanks, academic institutions, and news outlets globally. […]
Google Cloud launches Cryptomining Protection Program
Google Cloud has launched its Cryptomining Protection Program for Security Command Center (SCC) Premium customers with up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks. SCC Premium customers will have access to the new product for free. SCC Premium works with a pay-as-you-go pricing, and as one-year and […]
Salesforce’s Marketing GPT and Commerce GPT to help build personalized services
Customer relationship management (CRM) software provider Salesforce has launched two new generative AI based offerings, dubbed Marketing GPT and Commerce GPT, to help enterprises build personalized services for their customers. Salesforce’s proprietary Einstein GPT and Data Cloud underpin the two new generative AI offerings. “With Marketing GPT, marketers will be able to automatically generate personalized […]
Kyndryl unveils incident response and forensics service, AWS threat intelligence collaboration
IT infrastructure services provider Kyndryl has announced a new cybersecurity incident response and forensics (CSIRF) service as well as a new threat intelligence collaboration with AWS. The CSIRF will help customers proactively prepare for and respond to threats by applying the latest threat intelligence and experience from Kyndryl’s security experts, the firm said. Its partnership […]
Guardz releases AI-powered phishing protection solution for SMEs, MSPs
Cybersecurity vendor Guardz has announced the release of a new AI-powered phishing protection solution to help small- and medium-sized businesses (SMBs) and managed service providers (MSPs) prevent phishing attacks. It uses AI to provide small businesses and the MSPs that support them automatic phishing detection and remediation capabilities by combining email security, web browsing protection, […]
BastionZero releases SplitCert for password-free authentication and access
BastionZero has announced the release of SplitCert to provide password-free authentication access to databases. It uses Mutual TLS (mTLS) and cryptographic multi-party computation (MPC) to provide certificate-based authentication for popular, self-hosted Postgres and MongoDB databases, according to the vendor. Other new BastionZero platform features include passwordless access support for GCP cloud SQL and AWS RDS […]
Barracuda urges customers to replace vulnerable appliances immediately
Enterprise security company Barracuda has warned its customers against using email security gateway (ESG) appliances impacted by a recently disclosed zero-day exploit and to replace them immediately. A patch for the vulnerability, which has been exploited since October 2022, had been issued by Barracuda last month to stop the exploit from allowing ESG backdooring. To read […]
It’s time to evolve beyond marketing to create meaningful metaverse moments
VISION by Protiviti, Protiviti’s future-focused content initiative, has spent months exploring the metaverse future. Part of that exploration is a global survey we publish with the University of Oxford. I took a deep dive into the results and found some of what business leaders said in the Executive Outlook on the Metaverse, 2033 and Beyond […]
Consolidate Vendors and Products for Better Security
Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a platform. The post Consolidate Vendors and Products for Better Security appeared first on SecurityWeek.
Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
Japanese pharmaceutical company Eisai says it has taken systems offline after falling victim to a ransomware attack. The post Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack appeared first on SecurityWeek.
Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
Vulnerabilities found by a researcher in a Honda ecommerce platform used for equipment sales exposed customer and dealer information. The post Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data appeared first on SecurityWeek.
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
Researchers believe North Korea-linked Lazarus Group has stolen at least $35 million in cryptocurrency from Atomic Wallet. The post North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft appeared first on SecurityWeek.
Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
Cisco releases fixes for a critical-severity vulnerability in Expressway series and TelePresence Video Communication Server (VCS). The post Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions appeared first on SecurityWeek.
10 hottest IT jobs for salary growth in 2023
As companies vie for talented tech workers to meet skills gaps in their organizations, the demand for certain tech roles has increased. There’s a strong need for workers with expertise in helping companies make sense of data, launch cloud strategies, build applications, and improve the overall user experience. This demand has driven up salaries for […]
What LOB leaders really think about IT: IDC study
For IT leaders seeking to move beyond being order takers and instead meet business colleagues eye to eye, the time is now, as IT teams are at risk of being excluded when key business decisions are made, according to a new study by IDC. Over 20% of North American line-of-business (LOB) leaders said that IT […]
Oshkosh CIO Anu Khare on IT’s pursuit of value
In his role as Oshkosh Corp.’s senior vice president and CIO, Anu Khare leads the specialty truck maker’s intelligent enterprise agenda, which includes data science and artificial intelligence practice, digital manufacturing, cybersecurity, and technology shared services to drive technology-enabled business transformation. Khare, a Forbes CIO Next 50 Tech Leader and Chicago CIO of the Year […]
Salesforce CEO Benioff shakes up executive team with new hires
Salesforce CEO Marc Benioff has made a number of changes to the company’s management team, six months after the company’s co-CEO Bret Taylor announced he was leaving the organization. The roles of chief revenue officer, chief marketing officer, chief operating officer, and chief of staff are among the jobs that are undergoing a personnel or […]
Barracuda Urges Customers to Replace Hacked Email Security Appliances
Barracuda Networks is telling customers to immediately replace hacked ESG email security appliances regardless of the patches they installed. The post Barracuda Urges Customers to Replace Hacked Email Security Appliances appeared first on SecurityWeek.
Ecco come i CIO possono proteggere le informazioni di identificazione personale
Il mondo dell’industria è sempre più alle prese con la gestione dei dati e, ormai, non può più fare a meno di affidarsi all’intelligenza artificiale per migliorare i processi e il decision making. Tuttavia, a fronte di questa necessità, si presenta è una sfida significativa per garantire la privacy delle informazioni sensibili di identificazione personale, […]
Zero-trust: Why You Shouldn’t Ignore Your Print Environment
Being digital first may be the mandate for many CIOs, yet printers continue to hold a prominent presence in the workplace, especially in document-heavy sectors such as government, healthcare, legal, and logistics. In fact, the expanded scope of modern printers, which enable users not just to print but to also scan, copy, save, and share […]
BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
The Cl0p cyber-extortion gang’s hack of the MOVEit file-transfer program popular with enterprises could have widespread global impact. The post BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack appeared first on SecurityWeek.
Clop extortion gang gives MOVEit exploit victims one week to reach out
The threat group behind the Clop ransomware took credit for the recent attacks exploiting a zero-day SQL injection vulnerability in a popular web-based managed file transfer (MFT) tool called MOVEit Transfer. In a message posted on its data leak site, the gang instructs victims to contact them and negotiate a payment until June 14 or […]
Network Perception wants to give more visibility into IoT
The latest version of Network Perception’s NP-View platform, which is designed to provide deep insights into industrial and other operational technology networks, features new capabilities like improved parsing and more flexible lookup options. The Chicago-based vendor announced NP-View 4.2 today, saying that the new features include an improved algorithm for access rules and object groups […]
Expedia、生成AIでの飛躍を狙う
人工知能は旅行業界を破壊する態勢を整えており、1億6800万人のロイヤルティ会員と5万以上のビジネスパートナーを抱える巨大なオンライン旅行ネットワークを監督するExpediaのCTOであるラティ・マーシーは、自社が資本を投下するのに適した位置にいると考えています。 Travelocity、VRBO、Hotels.com、Orbitz、Trivago、Wotif、CarRentals.comといったトップブランド以外では、140億ドル規模のオンライン旅行サービスにとって最も貴重な財産はデータ、つまりAWSクラウドに保存された70ペタバイトの旅行者情報だからです。 「データは私たちの鼓動」と語るマーシーは、ベライゾン・メディアのCTOを務めた後、2年前にExpediaグループのCTO兼Expedia・プロダクト&テクノロジー担当プレジデントとして入社し、5Gの構築に携わっています。「私たちは非常に巨大なエコシステムを持っており、それによって私たちができたことは、旅行者のためのパーソナライズを全体で推進することです」 また、ChatGPTのような進化を続けるAIの拡大と消費者の間での普及に伴い、Expediaはアナリティクスと機械学習を幅広く活用してパーソナライズ戦略を推進し、顧客とパートナーが拡大し続けても旅行業界の進化を支援できるはずだとマーシーは述べています。 「AIは、私たちにとって大きな可能性を秘めたものです。Ai自体は新しいものではありませんが、ChatGPTはAIを民主化し、データとAIの2つを結びつけるという点で非常に強力です」とマーシーは言います。 2つの側面からの変革 Expediaグループは、シアトルに本部を置き、1996年にマイクロソフトの一部門として設立され、1999年に株式公開企業として分離されて以来、長い道のりを歩んできました。21以上のブランドと、300万以上のホテルやレンタル施設、500以上の航空会社やクルーズ会社、レンタカー会社とのつながりを持つ5万以上のB2Bパートナーを有します。 それでもまだ、オンライン旅行サービスには大きなポテンシャルがあるとマーシーは言います。現在、オンラインシステムで予約する旅行関係者や消費者は全体のわずか20%に過ぎないと推定しています。 6sense Revenue AIによると、Expediaのオンライン予約市場におけるシェアは約10%で、46%を占めるTripAdvisor、23%を占めるAirbnb、7%を占めるBooking.comなど、20以上のライバルと競争関係にあります。 マーシーは、Expediaがオンライン旅行予約の可能性を生かすために、競合他社を圧倒し、2022年に120億ドルを突破したExpediaの収益を拡大し続けるための2つのアプローチを考案しました。 彼女の核となる戦略は、異なりながらも相互に関連する2つのものから構成されています。一つはExpediaのインフラを統一的かつ統合的に構築する継続的な内部変革と、もう一つはオンライン旅行業界自体の変革をリードすることだと、CTOは言います。 「旅行業界は多くの(技術やプロセスの)レガシーを抱えており、誰もが私たちのような技術的な強みと能力を持っているわけではありません」と彼女は語り、Expediaが旅行業界のベースプラットフォームとして、旅行会社のデジタル化を支援し、彼らをオンラインの仲間に引き入れようとしていると述べます。 「私たち自身を変えるだけではありません。旅行業界を変革するのです」とのこと。「オンライン旅行会社は旅行市場の約20%を占め、80%は小規模プレーヤー、オフラインプレーヤー、航空会社、ホテルチェーン、ダイレクトブッキングが占めています。」 Expediaグループは、デジタルトランスフォーメーションのための多くの段階からなる計画を確実に策定し、マーシーが参画する前の2017年にワークロードのAWSクラウドへの移行を開始しました。 今では、同社のデータの90%以上がAWS上に保存されているとのことです。 AIの商業的利用可能性が爆発的に高まり、一般消費者をターゲットにしているという非常に好都合なタイミングにマーシーのミッションがやってきました。これまでAIプラットフォームは、データサイエンティストやソフトウェアエンジニア、IT専門家が機械学習モデルを構築するために企業内で使用することが主流でした。しかし、SaaSベンダーは、チャットボットなどの会話型AIツールや、OpenAIのChatGPTなどのプラットフォームが実現する生成型AIモデルを取り入れ、AIを消費者が誰でも使えるサービスとして民主化しつつあります。 このようなAIのコンシューマライゼーションは、旅行業界におけるパーソナライゼーションの機会をさらに促進するものであると考え、マーシーはその動向を注視しています。 機会を掴む そのため、Expediaは最近、ChatGPTとExpediaのサービス自体の中で旅行者のための会話機能を拡張するために2つのOpenAIプラグインを組み込みました。 一つはExpedia ChatGPTプラグインで、ChatGPTで旅行の計画を始めたユーザーがExpediaプラグインを選択すると、その旅行が現実となり、Expediaでのシームレスな予約体験が可能になるとマーシー氏は言います。もう一つのプラグインは、Expediaのアプリケーション内のもので、旅行者が旅行計画のあらゆる点について「会話機能」を利用でき、その会話で勧められたホテルを新しい「旅行」に保存し、簡単に旅行を組み立てることができるようにするものです。現在、英語版のiOS端末で利用可能です。 「(旅行者からの質問などの)ChatGPTデータと、旅行者の好み、予約パターン、価格設定の可否などのExpediaの旅行に特化したデータとの融合は、とても強力です。」とCTO。この技術の組み合わせで消費者は完全な旅程を作成できるとも言います。「多くのトラフィックを見てきましたが、旅行計画という観点ではとても素晴らしいものでした。」 Expediaのチームは、3~4週間でプラグインを導入することができました。「これは、私たちのAIに対するケーパビリティーと旅行プラットフォームのAPIが非常に成熟しているからです」とマーシーは言います。 他にも、多国籍消費財企業であるユニリーバやオムニチャネルの中古車販売会社カーマックスなど、ChatGPTやGPTのAPIを自社のサービスやアプリケーションにスピーディーに組み込んでいる企業はあります。 しかし、アナリストは、このような生成的AIの初期の実装は、意味のある影響を与えるまでに距離があると指摘しています。 「この初期段階では、Expediaのアプリ内のChatGPT機能は限定的です。リアルタイムの価格情報にはアクセスできず、ユーザーはこの機能を通じて予約することはできません。現在、Expediaアプリの旅行セクションにのみホテルのおすすめを保存することができます。」と、Gartner for Marketersのディレクターアナリストであるブラッド・ジャシンスキーは述べています。 ジャシンスキー氏はまた、消費者がオンライン予約システムと連携して旅行のためにチャット型AIシステムを使用するかどうかはわからないが、もし使用する場合は、「それがExpediaの体験を他のオンライン旅行代理店と差別化する可能性がある」と注意を払っています。 IDCのアナリストであるドロシー・クリーマーは、Expediaがパートナーと緊密に連携すれば、AI時代における良い位置にいると示唆します。 クリーマーは、「Expediaは、25年にわたる旅行と予約の行動に基づいてデータプラットフォームを構築しており、このレベルと深さのデータは、ポストパンデミック時代によりパーソナライズされた予約と旅の体験を推進するために不可欠です」と述べ、同社は「予約データから価値を抽出するためのデータサイエンティストによる精鋭のチームを構築しています。これらのデータポイントは、1ページの予約情報ごとに数千の組み合わせの評価を必要とします。」とも指摘しています。 また、クリーマーはExpediaのプロダクトはホテル、航空会社、レンタカー会社、およびその他のパートナーに、深い顧客の洞察を処理するための基盤を提供するように構築されていると指摘しています。「これには、AIやMLを駆使した機能やプラットフォームが提供できるデータの高度な分析が必要です。」と彼女は述べています。 一方で、Expediaのマーシーは、AIを取り巻く倫理的な懸念を十分に認識した上で、Expediaがすべてのユーザーにとって公正で自由な市場であることも確保したいと考えています。 マーシーは言います。「私たちは、AIのガバナンスと倫理を非常に注視しており、あらゆる情報共有の際にプライバシーへの配慮を確保しています。それは、私たち全員が気をつけなければならないことであり、AIを良い方向に利用するために具体的なコミュニティとして協力し、業界全体でベストプラクティスを利用できるようにすることでもあります。」 Artificial Intelligence
The NBA’s digital transformation is a game-changer
The NBA’s full-court press on digital technologies has revolutionized the fan, player, and team experience, thanks to accelerated deployment of cloud, analytics, AI, and computer vision technologies since the association launched its digital transformation in 2020. NBA EVP and CTO Krishna Bhagavathula, a former NBC News CTO who has been with the National Basketball Association […]
Cisco spotlights generative AI in security, collaboration
Cisco Security Cloud and Webex will sport new features supported by its home-grown generative AI.
Help wanted: IT tools and talent for building a multicloud estate
Anyone who works in the culinary arts, construction or other trades can vouch for the value of multipurpose tools and the wherewithal to use them. Give a seasoned chef professional-grade knives, cast iron and carbon steel cookware and there’s little that he or she cannot accomplish in the kitchen. Experienced construction workers handle many tasks […]
Sysdig Introduces CNAPP With Realtime CDR
Sysdig is launching what it claims to be the first CNAPP with end-to-end detection and response, consolidating CNAPP and CDR. The post Sysdig Introduces CNAPP With Realtime CDR appeared first on SecurityWeek.
Stay Focused on What’s Important
Staying the course and sticking to strategic goals allows security professionals to steadily and continually improve the security posture of their organization. The post Stay Focused on What’s Important appeared first on SecurityWeek.
Cisco debuts bold portfolio of network, security, and observability solutions and previews generative AI capabilities for Webex and Security Cloud
A tremendous number of enterprises and service providers view Cisco as the nexus of their network, security, and cloud operations. At the company’s Cisco Live customer and partner conference in June, Cisco boldly connected the dots of a network- and cloud-based ecosystem that ties together innovative technologies to drive productivity, resiliency, and growths, while also […]
VMware Plugs Critical Flaws in Network Monitoring Product
VMware ships urgent patches to cover security defects that expose businesses to remote code execution attacks. The post VMware Plugs Critical Flaws in Network Monitoring Product appeared first on SecurityWeek.
A guide to hybrid cloud deployment for innovation without disruption
Contact center platform vendors are bringing more cloud offerings to market, but not every organization is ready to transform with a move completely off-premises: Some prefer to keep certain workloads nearby (ex: 40% prefer to keep analytics and data deployment on-premises, according to new research from Ventana). Others – especially large enterprises that operate in […]
Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
The Clop ransomware gang issued “an ultimatum” companies targeted in a recent large-scale hack of payroll data The post Hackers Issue ‘Ultimatum’ Over Payroll Data Breach appeared first on SecurityWeek.
US, Israel Provide Guidance on Securing Remote Access Software
US and Israeli government agencies have published new guidance on preventing malicious exploitation of remote access software. The post US, Israel Provide Guidance on Securing Remote Access Software appeared first on SecurityWeek.
Sysdig adds “end-to-end” detection and response to CNAPP
Cloud security firm Sysdig has embedded cloud detection and response (CDR) into its cloud-native application protection platform (CNAPP). The company claims to be the first vendor to offer this consolidation, a move that enables its CNAPP to detect threats with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications. It leverages Falco, […]
New tool enables team collaboration on security case management
Security automation and orchestration platform Tines has added a new case management capability, dubbed Cases, to allow security teams to collaborate on security incidents. This collaboration feature is aimed at enabling the teams to efficiently handle anomalies, automation, and remediations. “With Cases, Tines users — which range from startups to Fortune 10 — can deploy […]
Over 60,000 Android apps infected with adware-pushing malware
Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue. “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans […]
From edge to cloud: The critical role of hardware in AI applications
In this new blog series, we explore artificial intelligence and automation in technology and the key role it plays in the Broadcom portfolio. This Easter, I tasked Midjourney, the AI tool that generates art from text, to create a futuristic egg basket that showcased the concept of being digitally connected. What I saw blew my […]
OWASP’s 2023 API Security Top 10 Refines View of API Risks
OWASP’s ranking for the major API security risks in 2023 has been published. The list includes many parallels with the 2019 list, some reorganizations/redefinitions, and some new concepts. The post OWASP’s 2023 API Security Top 10 Refines View of API Risks appeared first on SecurityWeek.
Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
Google’s June 2023 security update for Android patches more than 50 vulnerabilities, including an Arm Mali GPU flaw exploited by spyware vendors. The post Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability appeared first on SecurityWeek.
ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
Researchers show how ChatGPT/AI hallucinations can be exploited to distribute malicious code packages to unsuspecting software developers. The post ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages appeared first on SecurityWeek.
Bringing AI to your organization? Better bring the right database
By Patrick McFadin, DataStax developer relations and contributor to the Apache Cassandra project. Netflix tracks every user’s actions to instantly refine its recommendation engine, then uses this data to propose the content users will love. Uber gathers driver, rider, and partner data in the moment and then updates a prediction engine that informs customers about […]
Blumira Raises $15 Million for SMB-Tailored XDR Platform
Blumira raises $15 million in Series B funding and launches a new XDR platform for small and medium-sized businesses (SMBs). The post Blumira Raises $15 Million for SMB-Tailored XDR Platform appeared first on SecurityWeek.
Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
Microsoft will pay a fine of $20 million to settle FTC charges that it illegally collected the data of children who signed up for Xbox. The post Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data appeared first on SecurityWeek.
10 security tool categories needed to shore up software supply chain security
As security leaders progress in their establishment of software supply chain security programs, they face a good news-bad news situation with the tools available to them — literally: the technology is rapidly advancing for good and for bad. The good news of the rapidly advancing software supply chain security technology is that the brisk pace […]
7 ways to spot hidden IT talent within your ranks
Every IT organization has hidden experts. These individuals, possessing extraordinary talents, help their teams reach new levels of innovation, planning, productivity, and efficiency. Discovering these unique individuals, and then elevating them to positions where they can achieve maximum effectiveness, is a skill that every CIO should learn. Spotting promising talent requires keeping a close pulse […]
How Palladium targets tech to better serve the business
At the end of the 1960s, Spanish businessman Abel Matutes had an ambitious dream to bring paradise closer to travelers by offering incredible experiences. The result was what is now the Palladium Hotel Group, a hotel chain with 10 different brands spread across Spain, Italy, Mexico, Brazil, Jamaica, and the Dominican Republic. But the company’s history […]
Saudi Vision 2030: Why the Kingdom is becoming a hub in EdTech education
The Pandemic has pushed companies to accelerate their digital journey, large companies are already being encouraged to replace their traditional working methods with telematic ones. Proof of this is the KSA Cloud First Policy, announced in October 2020 by Saudi Arabia’s Ministry of Communications and InformationTechnologies, after the launch of a cloud data center in […]
Nasce in Lombardia la prima cloud region di Microsoft in Italia
Lo scorso lunedì, Microsoft ha annunciato di essere in procinto di lanciare la sua prima cloud region in Italia. La nuova realtà, che avrà tre data center [in inglese], sarà situata in Lombardia. Le imprese potranno iniziare a utilizzare la nuova region utilizzando Microsoft Azure [in inglese] o Microsoft 365 [in inglese] già nelle prossime […]
Ecco come dimostrare il valore degli analytics con l’edge computing
L’edge computing offre grandi vantaggi potenziali alle aziende, nei più disparati comparti merceologici. Questo modello di calcolo distribuito che avvicina l’archiviazione e l’analisi dei dati alle loro fonti, può offrire, infatti, alle aziende tempi di risposta migliori, una minore latenza di rete, una riduzione dei costi della larghezza di banda e persino una maggiore sicurezza. […]
Traditional malware increasingly takes advantage of ChatGPT for attacks
Traditional malware techniques are increasingly taking advantage of interest in ChatGPT and other generative AI programs, according to a Palo Alto Networks report on malware trends. “Between November 2022-April 2023, we noticed a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT,” according to the latest Network Threat Trends Research […]
ChatGPT creates mutating malware that evades detection by EDR
A global sensation since its initial release at the end of last year, ChatGPT‘s popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to […]
The new value calculator: Levers for business optimization
As we move further into the digital age, we continue to see a growing emphasis on data-driven decision-making. And as a result, there has been a surge in the development of new products, tools, and platforms competing to help businesses analyze and utilize more data, more effectively. Given the number of competing solutions along with […]
エッジにおけるアナリティクスの価値を証明する
エッジ コンピューティングは、さまざまな業界の企業にとって大きな潜在的メリットをもたらします。この分散コンピューティング モデルは、データ ストレージとアナリティクスをデータ ソースに近づけることで、応答時間の短縮、ネットワーク レイテンシの減少、帯域幅コストの削減、さらには組織のセキュリティを強化します。 エッジでのコンピューティングは、接続されたオブジェクトが収集するデータをリモートで処理できるため、IoT(モノのインターネット)などのイニシアチブをサポートします。このようなシステムがなければ、コネクテッド デバイスから生成される膨大な量のデータは、組織の中心データ インフラストラクチャを容易に圧迫し、分析のためにクラウド リポジトリにシャトルする場合は多額のコストがかかります。 [データ アナリティクスチームの大成功の秘密をご確認ください。| Beware the データ アナリティクスの12の俗説とデータ アナリティクスで組織が確実に失敗する方法にご注目ください。| データ アナリティクスの最新情報を入手するにはCIOニュースレターにご登録ください。] データの収集場所であるエッジにより多くのアナリティクス機能を導入することで、組織はより高い応答性と効率性を実現できます。ここでは、さまざまなユース ケースで企業がどのようにエッジにアナリティクスをデプロイしているのかをご紹介します。 道路の安全 Trimble Transportationは、経路の決定と最適化、トラッキングと可視化、安全性とコンプライアンス システムなどの技術を顧客に提供しています。クライアントは主に貨物運送業者で、車戴テレマティクス端末から毎日100億以上のデータポ イントを生成しています。データ ポイントには、エンジン温度、ターボ回転数、油圧、速度、クーラント レベルなど50以上の変数が含まれます。 車両センサーは増えつつあり、主要な性能指標をモニタリングし、タイヤの空気圧低下、車線逸脱、後方障害などの問題をドライバーに警告します。その結果、安全技術が大幅に進歩しましたが、その一方で膨大な量のデータが生成され、それを迅速に処理しなければリアルタイムに活用することができません。 Trimbleの場合、エッジ アナリティクスはより速く分析情報を得る方法を提供します。運輸・物流企業向けにハードウェアとソフトウェアを開発し、コネクテッド サプライチェーンを構築しているTrimbleは、トラック運送会社のバック オフィスを「ハブ」とするハブアンドスポークのネットワーク システムを構築していると、同社のデータ サイエンス担当副社長のChris Orban氏は説明します。 Orban氏によると、ハブには、輸送管理システム、注文受付、安全性とコンプライアンスなど、「スポーク」から提供されるデータ依存型運用システムのアプリケーションが含まれています。 同氏によると、「このモデルにおけるスポークは、運転席で車載コンピュータや電子ログ記録装置などの最先端技術を利用するトラック ドライバーです。」「これらの装置は4G LTEネットワークでクラウドに接続され、エッジで多くの計算が行われています。これらの計算には、ドライバーの勤務時間の追跡、安全イベントの報告、配達証明などの電子文書のスキャンが含まれます。」 Orban氏は、商用車の追跡が規制されるようになった頃から、何年にもわたってエッジ コンピューティングの反復処理を使ってきたと言います。Trimbleの初期の電子機器はトラックの運転席に設置され、トラックの位置や燃料レベルなどの簡単な情報を中継していました。「全員がポケットに携帯電話を持っていなかった時代に、バック オフィスとのコミュニケーションを提供していました」と同氏は述べます。 トラック運送会社が資産の所在を把握し、携帯電話の圏外にいる可能性のあるドライバーや機器と通信する機能があることが、この事業の主な推進要因でした。「衛星通信が唯一の接続オプションである可能性もあるため、これらの機器はドライバーと一緒にエッジで機能する必要がありました」とOrban氏は振り返ります。 安全性の観点から、Trimbleのすべてのモビリティ デバイスは、商用トラックのエンジン制御モジュール(ECM)と自社製およびサードパーティ製の安全ツールとの間をインターフェースで接続し、ハードブレーキ警告、後続車警告、ロール スタビリティ制御通知などの機能を提供します。 「運転席で、ドライバーは自分の運転行動について即座にフィードバックを受け、リアルタイムで効果的にその行動を修正することができますし、デバイスが代わりにやってくれることもあります」とOrban氏は言います。「たとえば、カーブを速く曲がりすぎているのがわかり、ロール スタビリティ制御が作動した場合、その装置は実際にブレーキを作動させてトラックを減速させ、そのロール スタビリティ制御が作動しなくなる状態にすることができます。」 Trimbleは、乗務時間からドライバーの疲労度を算出するエッジ アプリケーションも提供しています。 Trimbleがデータ アナリティクスとエッジ コンピューティング機能に投資しているもう一つの大きな分野は、ビデオです。「現在、多くの商用車には、ダッシュボード、サイドミラー、後部バックカメラ、あるいはこれらすべてに、外向きまたは内向きのカメラが設置されています」とOrban氏は言います。「これらの視覚化されたデータソースから得られる情報量は膨大です。」 TrimbleのVideo […]
The new wave of data observability
You’ve almost certainly heard the term observability used to describe the next generation of data monitoring. Observability has become increasingly important in recent years, as software systems have become more complex and distributed, allowing organizations to measure, monitor, and understand the behavior of their various systems. Analysts began to coin the term observability only 2-3 […]
Let Business Needs Guide Your Winning Data Team
The shortage of data science skills continues to frustrate organizations in their quest to become more data driven. CIO.com’s 2023 State of the CIO research found that data science/analytics is one of the top three tech-related skills CIOs are trying to hire – and 22% said it’s one of the three most difficult to fill. […]
Adapting to change on a dime: The absolute necessity of hybrid portability
These days, hybrid is a fact of life, and with it the need for hybrid portability. If you’ve ever traveled between continents for work, you’ve certainly had to bring along your corporate laptop containing all your work materials. To make it function in the other country you bring some physical components, like a power cable […]
Only one in 10 CISOs today are board-ready, study says
Even though there is a growing demand for cybersecurity expertise at the highest levels of business, a significant number of public companies lack even one qualified cybersecurity expert on their board of directors, according to a study by cybersecurity research and advisory firm IANS. In addition, the study found that just a little more than […]
Lacework’s new CIEM uses ML to fish out high-risk identities
Cloud security provider Lacework has released a new cloud infrastructure entitlement management (CIEM) offering to strengthen the observability of all cloud identities. The new capability is aimed at simplifying Lacework’s cloud security offering by merging with its existing cloud security posture management (CSPM), attack path analysis, and threat detection capabilities into a single platform. “CIEM […]
How to Manage Data as a Product
Distributed data ownership is a new idea that has recently captured the attention of IT executives and chief data officers. The concept: data should be curated by the people who know it best versus locked up in an IT ivory tower. Furthermore, owners should treat data as a product, ensuring that it is clean, current, […]
Top 10 reasons to modernize technology now
The big picture: Modernizing applications can help companies take advantage of the latest technologies, streamline their operations, and stay ahead of the competition. Why it matters: Outdated applications can limit productivity, hinder growth, and negatively impact customer experience. The bottom line: Application modernization is a wise investment for businesses seeking long-term success and a competitive […]
A Vision of Radical Networking Simplicity
In networking today, complexity reigns. Tapping an app on a mobile device at home relies on many connections. Count them: the home Wi-Fi, the ISP, the Internet, a Domain Name System (DNS) provider, a content delivery network (CDN), applications distributed among multiple providers in multiple clouds, credit authentication companies, a private customer information database. This […]
KeePass Update Patches Vulnerability Exposing Master Password
KeePass 2.54 patches a vulnerability allowing attackers to retrieve the cleartext master password from a memory dump. The post KeePass Update Patches Vulnerability Exposing Master Password appeared first on SecurityWeek.
AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
AntChain has teamed up with Intel for a Massive Data Privacy-Preserving Computing Platform (MAPPIC) for AI machine learning. The post AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training appeared first on SecurityWeek.
OWASP lists 10 most critical large language model vulnerabilities
The Open Worldwide Application Security Project (OWASP) has published the top 10 most critical vulnerabilities often seen in large language model (LLM) applications, highlighting their potential impact, ease of exploitation, and prevalence. Examples of vulnerabilities include prompt injections, data leakage, inadequate sandboxing, and unauthorized code execution. The list aims to educate developers, designers, architects, managers, […]
Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
Keep Aware scores seed investment to build a human-centric browser security platform that provides protection against browser-based attacks. The post Keep Aware Raises $2.4M to Eliminate Browser Blind Spots appeared first on SecurityWeek.
Google Workspace Gets Passkey Authentication
Google Workspace now offers support for passwordless authentication using passkeys, in beta. The post Google Workspace Gets Passkey Authentication appeared first on SecurityWeek.
Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
French cybersecurity startup Elba raises €2.5 million ($2.6 million) to help organizations identify their employees’ security issues. The post Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product appeared first on SecurityWeek.
Cloud misconfiguration causes massive data breach at Toyota Motor
Japanese automaker Toyota Motor said approximately 260,000 customers’ data was exposed online due to a misconfigured cloud environment. Along with customers in Japan, data of certain customers in Asia and Oceania was also exposed. Toyota Motor has implemented measures to block access to the data from the outside and is investigating the matter including all […]
Department of Defense AI principles have a place in the CISO’s playbook
Artificial intelligence has zoomed to the forefront of the public and professional discourse — as have expressions of fear that as AI advances, so does the likelihood that we will have created a variety of beasts that threaten our very existence. Within those fears also lay worries about the responsibilities of those who create the […]
Shadow IT is increasing and so are the associated security risks
Despite years of modernization initiatives, CISOs are still contending with an old-school problem: shadow IT, technology that operates within an enterprise but is not officially sanctioned — or on the radar of — the IT department. Unvetted software, services, and equipment can be nightmare fuel for a security team, potentially introducing a lurking host of […]
Zoom Expands Privacy Options for European Customers
New options allow paid Zoom customers to specify certain data for meetings, webinars, and team chat to be stored within the EEA. The post Zoom Expands Privacy Options for European Customers appeared first on SecurityWeek.
Several Major Organizations Confirm Being Impacted by MOVEit Attack
Major companies have confirmed being impacted by the recent MOVEit zero-day attack, including BBC, British Airways and Zellis. The post Several Major Organizations Confirm Being Impacted by MOVEit Attack appeared first on SecurityWeek.
Apple Unveils Upcoming Privacy and Security Features
Apple on Monday detailed new privacy and security features rolling out to both desktop and mobile users. The post Apple Unveils Upcoming Privacy and Security Features appeared first on SecurityWeek.
Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
Verizon’s 16th annual Data Breach Investigations Report (DBIR) provides data on ransomware costs, the frequency of human error in breaches, and BEC trends. The post Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges appeared first on SecurityWeek.
5G ready or 5G really? Industry CIOs face hard truths about private 5G
ArcelorMittal France conceived 5G Steel, a private cellular network serving its steel works in Dunkerque, to support its digitalization plans with high-speed, site-wide 5G connectivity. But when it turned the network on in October 2022, the devices connecting to it were only 4G. French public network operator Orange built the private network, which covers a […]
5 tips for startup partnership success
IT leaders looking to accelerate their innovation agendas have a partner-in-waiting in the startup ecosystem. By linking up with startups, CIOs can greatly expand their opportunities to experiment with emerging technologies and augment their in-house innovation programs. And the market for doing so remains robust for corporations looking to make the most of the model. […]
14 organizations that support LGBTQ+ tech workers
The lack of diversity in IT doesn’t just leave underrepresented workers feeling alienated; it can also make them feel unsafe. That’s certainly true for the LGBTQIA+ community, with only 76% of LGBTQ+ workers reporting they feel safe in their workplace and 64% of trans and gender nonconforming (GNC) individuals saying the same, according to a report […]
Google Patches Third Chrome Zero-Day of 2023
Google has released a Chrome 114 security update that patches CVE-2023-3079, the third zero-day vulnerability patched in the browser in 2023. The post Google Patches Third Chrome Zero-Day of 2023 appeared first on SecurityWeek.
ChatGPT and Your Organisation: How to Monitor Usage and Be More Aware of Security Risks
OpenAI’s ChatGPT has made waves across not only the tech industry but in consumer news the last few weeks. People are looking to the AI chatbot to provide all sorts of assistance, from writing code to translating text, grading assignments or even writing songs. While there is endless talk about the benefits of using ChatGPT, there is […]
Stress da cambiamento, che cosa fare se il tuo personale IT è in crisi
Nel picco della crisi pandemica e in piena digital transformation un’azienda italiana “della fabbricazione di poltrone e divani, con sede centrale in Puglia”, si è rivolta al Dipartimento di Scienze della Formazione, Psicologia, Comunicazione dell’Università degli Studi di Bari per una consulenza. L’obiettivo? Gestire lo stress da cambiamento monitorando la risposta dei dipendenti in termini […]
13 essential skills for accelerating digital transformation
Digital transformation is indeed a cornerstone of business strategy today, as 89% of enterprises see digital businessas core to their growth, according to Gartner’s Board of Directors 2023 Survey. Equally telling is another statistic from that research: Just 35% of these enterprises have achieved their digital goals or are on track to do so. “This […]
Clop ransomware gang exploits the MOVEit Transfer vulnerability to steal data
More information is coming to light after news last week that a critical vulnerability in a secure file transfer Web application called MOVEit Transfer was being exploited by hackers. Microsoft tied some of the attacks to a threat actor associated with the Clop ransomware gang. “Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer zero-day […]
Who’s paying your data integration tax?
We’ve just wrapped up tax season in the United States and much of Europe. We all know that dealing with taxes can be a complicated and frustrating process, especially for those who have their own businesses or generate investment income. Though we know who’s paying your income taxes this April (sorry to rub it in: […]
Atomic Wallet hack leads to at least $35M in stolen crypto assets
A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. The five most significant losses account for $17 million. “Think it could surpass $50m. […]
Dozens of Malicious Extensions Found in Chrome Web Store
Security researchers have identified over 30 malicious extensions with millions of installs in the Chrome web store. The post Dozens of Malicious Extensions Found in Chrome Web Store appeared first on SecurityWeek.
What if the Current AI Hype Is a Dead End?
If we should face a Dead-End AI future, the cybersecurity industry will continue to rely heavily on traditional approaches, especially human-driven ones. It won’t quite be business as usual though. The post What if the Current AI Hype Is a Dead End? appeared first on SecurityWeek.
Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
Microsoft is making SMB signing a default requirement in Windows 11 Enterprise editions, starting with insider preview build 25381. The post Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security appeared first on SecurityWeek.
Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
Zyxel urges customers to update ATP, USG Flex, VPN, and ZyWALL/USG firewalls to prevent exploitation of recent vulnerabilities. The post Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities appeared first on SecurityWeek.
Atomic Wallet hack leads to at least $35M in stolen crypto asset
A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT. The five most significant losses account for $17 million. “Think it could surpass $50m. Keep finding more and more victims sadly,” said Twitter user ZachXBT, who is an on-chain […]
SAFE Security claims to predict data breaches with new generative AI offering
AI-based cyber risk management SaaS vendor SAFE Security has announced the release Cyber Risk Cloud of Cloud – a new offering it claims uses generative AI to help businesses predict and prevent cyber breaches. It does so by answering questions about a customer’s cybersecurity posture and generating likelihoods for different risk scenarios. These include the […]
CISOs, IT lack confidence in executives’ cyber-defense knowledge
IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how […]
Governments worldwide grapple with regulation to rein in AI dangers
As generative AI revolutionizes tech, governments around the world are trying to come up with regulations that encourage its benefits while minimizing risks such as bias and disinformation.
Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards. The post Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards appeared first on SecurityWeek.
Security Recruiter Directory
Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among […]
10 notable critical infrastructure cybersecurity initiatives in 2023
The security of critical infrastructure has been high on the agenda in 2023, with cyberattacks and other risks posing a persistent threat to the technologies and systems relied upon for essential services such as energy, food, electricity, and healthcare. Research from cybersecurity services firm Bridewell assessed the current state of critical national infrastructure (CNI) threats […]
Federal cyber incidents reveal challenges of implementing US National Cybersecurity Strategy
Microsoft revealed on May 24 that the Chinese threat group Volt Typhoon attempted to gain access to communications systems in the United States, including Navy infrastructure on Guam. Secretary of the Navy Carlos Del Toro later confirmed the Navy “has been impacted” by the cyberattacks, although he provided no further details. To read this article […]
SBOMs – Software Supply Chain Security’s Future or Fantasy?
If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order. The post SBOMs – Software Supply Chain Security’s Future or Fantasy? appeared first on SecurityWeek.
Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
The recent MOVEit zero-day attack has been linked to a known ransomware group, which reportedly stole data from dozens of organizations. The post Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
Thirty-six cybersecurity-related merger and acquisition (M&A) deals were announced in May 2023. The post Cybersecurity M&A Roundup: 36 Deals Announced in May 2023 appeared first on SecurityWeek.
3 things CIOs must do now to accurately hit net-zero targets
Research from Accenture shows that 48% of companies say technology-enabled sustainability initiatives lead to more competitive products and enhanced customer service, and contribute to attracting top talent—all of which help drive increased revenues. However, the latest and largest UNGC-Accenture CEO study revealed that 91% of CEOs report insufficient technology solutions as a barrier to seizing […]
Merck Life Sciences banks on RPA to streamline regulatory compliance
The pharmaceutical industry is a highly regulated one, especially for multinationals doing business across the globe. The regulatory process for pharmaceutical firms involves complex activities linked to various value chains — collecting data, applying for the right license, generating supporting documents for submission, and supply chain operations — that aid in the timely tracking of […]
Ecco come l’automazione della CSPM può migliorare la sicurezza del cloud
Con la rapida diffusione e con la crescente complessità degli ambienti cloud, le aziende sono sempre più esposte ai rischi connessi alle varie tipologie di minacce alla sicurezza. La gestione del profilo di sicurezza nel cloud (Cloud security posture management, CSPM) è un processo che aiuta le organizzazioni a monitorare, identificare e correggere senza soluzione […]
優秀な社員が辞めてしまう12の理由と、それを防ぐ方法
IT人材に対する需要が伸び続け、技術系人材の労働市場が逼迫する中、CIOはIT人材、特にパフォーマンスの高い人材が退職してしまうのを見過ごすわけにはいかない。 しかし、それでも、彼らは出て行ってしまうかもしれない。 Diceが発表した2022年の技術者センチメントレポートによると、回答者の52%が今後1年間に転職する可能性があると答え、前年度の44%から上昇した。 経営コンサルティング会社のコーン・フェリーのテクノロジー・デジタル・データ・セキュリティ担当の北米マネージング・ディレクターであるクレイグ・スティーブンソンは、「市場は依然として人材獲得競争にあり、個人には選択肢がある」と言う。 組織の課題を前進させるためには、充実したIT部門が不可欠であり、CIOは優秀な人材の補充がいかに困難で、かつコストがかかるかを認識している。 しかし、優秀な人材を惹きつけ続けるには、その人材がなぜ退職してしまうのか理由を知る必要がある。ここでは、優秀な社員が離職する12の一般的な理由と、ITリーダーがそれらの要因に対しどんな対策を取れるか紹介する。 1. 競争力のない報酬 労働市場の逼迫は、給与の上昇を促す。特にIT部門の社員は、競争力のある報酬を提供していない雇用主に留まる必要がないことを知っている。 元CIOで人材派遣に関する専門家であるエレン・シェパードは、「トップパフォーマーは、リクルーターからの電話を受け続けていて、仕事から離れることを恐れない」と語り「トップパフォーマーを求める企業は、確実な採用のために、市場価格の120%までのオファーを出す」と付け加えた。 人材派遣・企画・紹介会社であるリソース・コラボレーションの創業者兼CEOであるシェパードは、IT人材に市場価格以下の給与を支払っているCIOに対して、IT人材確保が困難なことで遅れた取り組みが給与アップのコスト以上に負担になっていることを説明し、給与アップを人事や経営幹部に訴えるようにアドバイスしている。 2. エンゲージメントの欠如 開発機会、マネジメント、組織の価値観から切り離されていると感じている従業員は、退職する可能性が高い。そして、自社の従業員の多くがそのように感じている可能性が高い。 Gallupが発表した「2022年世界のワークプレイスの現状」によると、従業員のエンゲージメントは近年低下しており、2020年の36%から2021年には34%に、2022年には32%になっている。 一方「積極的に(会社に)関わらないようにしている」と回答する従業員の割合は、同期間で徐々に上昇しており、2022年には18%の従業員がそのように感じていると回答している。 Gallupの報告書は「積極的離職者は、単に職場に不満があるだけではない。 自分のニーズが満たされていないことに憤りを感じ、自分の不満を行動で示している。このような社員は、毎日、積極的な同僚が達成したことを台無しにしている可能性がある。」としている。 その結果、やる気のない社員は、働いている社員でさえも辞めたくなるような風土を作り出してしまうかもしれない。 従業員が会社から離れているかを知るには、微妙な兆候に注意を払う必要がある。専門家は、管理職が従業員を観察し、自問自答するようアドバイスする。社交的な活動から遠ざかっていないか?いつもより多く病欠していないか?必要最低限のことしかしていないのではないか? QuestionProのワークフォースエクスペリエンス担当プレジデント、サンヤ・リシナ博士は「同僚との比較や、仕事の生産性や質でエンゲージメントを判断するのではなく、個人単位で要素を評価する必要がある」と言う。「いつも外向的だった人が急に控えめになったり、社外のチームビルディングやアクティビティに参加していた人が急に参加しなくなったりしたら、それは確かな兆候だ。しかし、内向的な人の場合、その人と個人的な関係を築いていない限り、(離脱を見抜くのは)難しいかもしれない」 3. 期待値がない、または不明確である 採用担当者であり、元CIOであるシェパードは、IT従業員の定着のためには、期待を明確にし、目標を設定することが重要であることを理解している。 成功のために何を達成すべきかを知ることで、最も重要なことに時間と労力を集中することができ、あらゆる労働者にとって有益であると彼女は言う。IT部門の社員は、使える時間よりも要求されることの方が多いため、CIOやその管理職がITチームの優先順位や目標を適切に指導しなければ、このような事態に陥る可能性がある。 新入社員が最初の6ヶ月で達成すべきことをまとめたオンボーディングプログラムがあり、その後、管理職が社員と一緒になって新しい目標を設定する組織は、定着率が高い傾向にあるとシェパードは言う。 4. インパクトが感じられない 自分の仕事がもたらす効果を実感できない従業員も、退職する可能性が高い。ドイツ・ボンに本社を置く技術管理ソフトウェアメーカーLeanIXのピープル&イネーブルメント担当バイスプレジデント、アンナ・ガイダは、従業員が仕事を辞める理由の上位に挙げられているのがこの理由だと言う。 労働者は、自分が雇用主のミッションに貢献していること、自分の仕事が重要であることを知りたがっているとガイダ氏は言う。 「私のやっている仕事は、会社を動かしているのか?私の仕事は、製品をどのように改善するのか?自分の仕事が問題解決に役立っているのか、どの程度理解できているのか?そして、エンジニアとして問題を解決するための自由度はどのくらいあるのだろうか?」と彼女は技術者の持ちうる疑問を挙げた。 LeanIXは、自分の仕事が企業の目標達成にどのように役立っているかを知らせるシステムを使って、従業員がこれらの質問に答えられるように支援している。リーダーは目標を明確にし、エンジニアに四半期ごとに達成すべき重要な結果を作成するよう求め、目標に到達していることを確認できるようにしている。 また、月1回の全員ミーティングでは、成功事例を紹介し、隔週で反省会を行い、進捗状況、提供した新製品や機能、それらを実現した個人について議論し「エンジニアにふさわしい可視性を持たせている」と彼女は語る。 5. ITに対するトップレベルのサポートがほとんどない。 技術者は、ITとIT技術者がもたらす貢献を評価する組織で働きたいと考えている。彼らは、企業のリーダーが明確なテクノロジー戦略を持ち、ITを実現する機能として捉え、ITチームに変化をもたらす能力を与えてくれることを望んでいる。 「彼らは変革を推進できることを望んでいる」とスティーブンソンは言う。それが欠落している場合、従業員が定着する可能性は低くなる。 CIO、Cレベルの同僚、そして役員は、テクノロジーを全体的な企業戦略に組み込むために協力しなければならない。この動きは、IT従業員の維持だけでなく、企業の成功に不可欠である。 そして、それが実現したならば、CIOはそれをチームに伝える必要がある。「テクノロジー戦略を明確にする必要がある」とスティーブンソンは言う。 6. 柔軟性が足りない 技術者は、柔軟なスケジュールやリモートワークの選択肢を重視する。Dice Tech Sentimentの調査に回答した技術者の90%近くが、リモートワークの機会が、他の組織への転職を考える上で重要な要素であると答えている。 また、従業員はワークスケジュールを調整する自由を求め、「何をするか、いつするか、どうするか」を指示する組織には留まらない、とシェパード氏は言う。 シェパード氏によると、管理職はスタッフに、いつ、どこで、どのように働くかという選択肢を与え、いつ、なぜ、特定の時間帯やオフィスで働く必要があるのかを明確にするポリシーを持たなければならないという。自分にとって、チームにとって、そして達成すべきタスクにとって、最も理にかなった方法で仕事時間の一部を調整することを労働者に許容することは、労働者の確保に大きく貢献することになる。 7. マネジメントのミスマッチ 「社員が仕事を辞めるのではなく、上司から去るのだ」という古い表現がある。 リクルーターが転職希望理由を聞いてみると、それは今でも同じだという。 チームワークを育めず、スタッフを惹きつけず、フィードバックもしないマネジャーは、社員の離職を助長する。また、従業員との距離が近くなく、従業員の提案や懸念、課題を聞いて、それを解決する手助けをすることに前向きでないマネージャーも同様である。 人材派遣会社ラサール・ネットワークのCEO兼創業者であるトム・ギンベルは、あるIT社員が、彼が必要と知っていたセキュリティ・プロトコルを上司がアップグレードしなかったために退職したのを見たことがある。「彼は、自分が勧めたものに会社が投資しなかったという責任を負わされるのが嫌だったのだろう」。 組織は、マネジメントに長けたマネージャーの育成に力を入れるべきだ。当たり前のことのように聞こえるが、人事担当者やCIOによれば、IT業界では必ずしもそうなっていないという。 CIOは、管理職が労働者の悩みに耳を傾け、それに対処するための時間を作ることを奨励すべきである。それだけで、優秀な人材を確保することができる、と人事担当者たちは言う。 「技術系人材は、透明性が高く、説明責任を果たす経営を期待している。優秀な人材は、自分の仕事が本当にインパクトのあるものだと感じられる場所で働きたいと考えている。リーダーシップが結果を出していないと感じれば、彼らは退職する可能性が高くなる」とBain […]
Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
Shift5 founder Josh Lospinoso discusses AI and how software vulnerabilities in weapons systems are a major threat to the U.S. military. The post Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech appeared first on SecurityWeek.
In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
Cybersecurity news that you may have missed this week: the spyware used by various governments, new vulnerabilities, industrial security products, and Linux router attacks. The post In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack appeared first on SecurityWeek.
Russia points finger at US for iPhone exploit campaign that also hit Kaspersky Lab
The Russian federal security agency, the FSB, has put out a security alert claiming that US intelligence services are behind an attack campaign that exploits vulnerabilities in iOS and compromised thousands of iPhones devices in Russia, including those of foreign diplomats. In a separate report, Russian antivirus vendor Kaspersky Lab said that several dozen of […]
MOVEit Transfer vulnerability appears to be exploited widely
Progress Software has discovered a vulnerability in its file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory. “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized […]
Zendesk to lay off another 8% of its staff, cites macroeconomic issues
CRM software provider Zendesk is reducing its workforce by another 8%, citing macroeconomic uncertainty, just six months after the company laid off 300 staffers for the same reason. “All this is difficult news to share, but I’ve made the decision to reduce our workforce by 8% at Zendesk,” CEO Tom Eggemeier wrote in an email […]
OpenAI Unveils Million-Dollar Cybersecurity Grant Program
OpenAI plans to shell out $1 million in grants for projects that empower defensive use-cases for generative AI technology. The post OpenAI Unveils Million-Dollar Cybersecurity Grant Program appeared first on SecurityWeek.
Expedia poised to take flight with generative AI
Artificial intelligence is poised to disrupt the travel industry, and Expedia CTO Rathi Murthy, who oversees a massive online travel network with 168 million loyalty members and more than 50,000 business partners, believes her company is well positioned to capitalize. That’s because, outside of its top brands, which include Travelocity, VRBO, Hotels.com, Orbitz, Trivago, Wotif, […]
Attackers use Python compiled bytecode to evade detection
Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed as opposed […]
Galvanick Banks $10 Million for Industrial XDR Technology
Los Angeles startup Galvanick scores $10 million seed capital to build a modern industrial detection and response platform. The post Galvanick Banks $10 Million for Industrial XDR Technology appeared first on SecurityWeek.
MOVEit Transfer vulnerability is being exploited widely
Progress has discovered a vulnerability in file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory. “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to […]
Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
Point32Health says the personal and protected health information of 2.5 million Harvard Pilgrim Health Care subscribers was stolen in a recent ransomware attack. The post Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer appeared first on SecurityWeek.
US, South Korea Detail North Korea’s Social Engineering Techniques
The US and Korea are warning of North Korean social engineering attacks targeting employees of think tanks, academic and research institutions, and news media organizations. The post US, South Korea Detail North Korea’s Social Engineering Techniques appeared first on SecurityWeek.
High-Severity Vulnerabilities Patched in Splunk Enterprise
Splunk has resolved multiple high-severity vulnerabilities in Splunk Enterprise, including bugs in third-party packages used by the product. The post High-Severity Vulnerabilities Patched in Splunk Enterprise appeared first on SecurityWeek.
Idaho Hospitals Working to Resume Full Operations After Cyberattack
Two eastern Idaho hospitals and their clinics are working to resume full operations after a cyberattack on their computer systems. The post Idaho Hospitals Working to Resume Full Operations After Cyberattack appeared first on SecurityWeek.
Deoleo doubles down on sustainability through digital transformation
Olive oil is an integral ingredient in kitchens around the world thanks to its unique flavor and beneficial health properties. According to data from the International Olive Council (IOC) during a 2021-2022 campaign, global consumption stood at 3.2 million tons, 2.9% more than the previous period. And one company that’s certainly contributed to this is Deoleo, […]
Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
Enzo Biochem says the clinical test information of roughly 2.47 million individuals was exposed in a recent ransomware attack. The post Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals appeared first on SecurityWeek.
Apple Denies Helping US Government Hack Russian iPhones
Apple has denied working with any government to add backdoors to its products after Russia accused the company of helping the NSA hack iPhones. The post Apple Denies Helping US Government Hack Russian iPhones appeared first on SecurityWeek.
Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
A zero-day vulnerability in Progress Software’s MOVEit Transfer product has been exploited to hack organizations and steal their data. The post Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations appeared first on SecurityWeek.
Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
Google is offering a bug bounty reward of up to $180,000 for a full chain exploit leading to a sandbox escape in the Chrome browser. The post Google Temporarily Offering $180,000 for Full Chain Chrome Exploit appeared first on SecurityWeek.
Resilient data backup and recovery is critical to enterprise success
As businesses digitally transform and leverage technology such as artificial intelligence, the volume of data they rely on is increasing at an unprecedented pace. Analysts IDC[1] predict that the amount of global data will more than double between now and 2026. Meanwhile, Foundry’s Digital Business Research shows 38% of organizations surveyed are increasing spend on […]
Democratizing HPC with multicloud to accelerate engineering innovations
Today’s research is crucial because it fuels tomorrow’s innovations. Increasingly, the speed and magnitude of innovations rely on technology-powered research and engineering using high performance computing (HPC). That’s why democratizing HPC via the cloud—known as Cloud for HPC—can provide significant benefits to all of humankind. Cloud for HPC is helping to move HPC usage from […]
ISACA pledges to help grow cybersecurity workforce in Europe
Global professional association ISACA has announced a pledge to the European Commission to grow and empower the cybersecurity workforce in Europe. The pledge will see ISACA provide 20,000 free memberships to students across Europe to acquire crucial cybersecurity skills and support the identification of qualified cybersecurity candidates for organizations, supporting the European Union’s (EU) cybersecurity […]
BigID wants to let you tweak your data classifications manually
BigID is adding a feature that lets end users of its data intelligence platform manually adjust classification models, in an effort to make those more precise without the need for advanced coding knowledge. The company announced today that the new feature, called classifier tuning, would allow users to adjust machine learning models in real time, […]
Russia Blames US Intelligence for iOS Zero-Click Attacks
Kaspersky said its corporate network has been targeted with a zero-click iOS exploit, just as Russia’s FSB said iPhones have been targeted by US intelligence. The post Russia Blames US Intelligence for iOS Zero-Click Attacks appeared first on SecurityWeek.
Survey: Marketers embrace AI at expense of metaverse investments
The B2B marketing landscape is experiencing a seismic shift fueled by the ascent of ChatGPT and other generative AI (GAI) apps. In a testament to its growing importance, 80% of marketers have experimented with or deployed the burgeoning technology, in some cases redirecting budgets from last year’s forays into the metaverse. These moves reflect a […]
Toyota Discloses New Data Breach Involving Vehicle, Customer Information
Toyota says improper cloud configurations exposed vehicle and customer information in Japan and overseas for years. The post Toyota Discloses New Data Breach Involving Vehicle, Customer Information appeared first on SecurityWeek.
Cisco Acquiring Armorblox for Predictive and Generative AI Technology
Cisco is in the process of acquiring email security firm Armorblox for its predictive and generative artificial intelligence (AI) technology. The post Cisco Acquiring Armorblox for Predictive and Generative AI Technology appeared first on SecurityWeek.
Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
Critical authentication bypass and high-severity command injection vulnerabilities have been patched in Moxa’s MXsecurity product. The post Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks appeared first on SecurityWeek.
What is the Cybercrime Atlas? How it can help disrupt cybercrime
Announced in June 2022, the Cybercrime Atlas is an initiative from the World Economic Forum (WEF) to map activities of cybercriminals and create a database that can be used by law enforcement across the world to disrupt the cyber-criminal ecosystem. Cybercrime Atlas officially launched in February 2023 in a partnership between WEF and Banco Santander, […]
Amazon Settles Ring Customer Spying Complaint
The FTC charged Amazon-owned Ring with failing to implement basic protections to stop hackers or employees from accessing people’s devices or accounts. The post Amazon Settles Ring Customer Spying Complaint appeared first on SecurityWeek.
Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
Salesforce ghost sites — domains that are no longer maintained but still accessible — can expose personal information and business data. The post Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information appeared first on SecurityWeek.
5 CxOs on leading change
For years leaders have been hammering home the point that the only constant is change. But you need only look back to the “good old days” of 2019 to realize that change is no longer constant; it’s accelerating, accumulating, and becoming more complex all at the same time. With technology playing both an enabling and […]
Top 8 data engineer and data architect certifications
Data analytics is the lifeblood of any successful business. Getting the technology right can be challenging but building the right team with the right skills to undertake data initiatives can be even harder. Successfully deploying big data initiatives requires more than data scientists and data analysts. It requires data architects who design the “blueprint” for […]
Designing the campus of the future starts with high-quality 10 Gbps connectivity
According to Huawei’s research data, 90% of urban residents either live, work or study in a campus, generating over 80% of national GDP. However, campus infrastructure is often decades old and mismatched to people’s growing needs. Campus residents are increasingly reliant on high-performance wireless networks, high bandwidth/low latency connections to cloud applications and high-definition audio/video […]
Adobe Inviting Researchers to Private Bug Bounty Program
Adobe is inviting security researchers to join its private bug bounty program on the HackerOne platform. The post Adobe Inviting Researchers to Private Bug Bounty Program appeared first on SecurityWeek.
Critical Vulnerabilities Found in Faronics Education Software
Faronics patches critical-severity remote code execution (RCE) vulnerabilities in the Insight education software. The post Critical Vulnerabilities Found in Faronics Education Software appeared first on SecurityWeek.
L’IA nelle imprese italiane, a che punto siamo?
L’intelligenza artificiale è già tra noi, soprattutto se guardiamo il livello di implementazione da parte delle grandi imprese: dati alla mano, risulta che, nel 2022, il 61% del campione esaminato (174 organizzazioni) ha avviato almeno un progetto di IA, mentre il 34% si dichiara in possesso di capitali, competenze e strategie per integrare l’AI nei […]
Australia’s CIO50 Team of the Year Awards finalists revealed
The finalists in Australia’s 2023 CIO50 Team of the Year Awards have been announced. The team awards are new categories in the prestigious CIO50 awards progam, which is now in its eight year. Along with the unveiling of the annual CIO50 List and the team category winners, the 2023 CIO50 Awards will also recognise the […]
API security: key to interoperability or key to an organization?
Most applications built today leverage Application Programming Interfaces (APIs), code that makes it possible for digital devices, applications, and servers to communicate and share data. This code, or collection of communication protocols and subroutines, simplifies that communication, or data sharing. The use of APIs is growing exponentially, year over year, and with the growth of […]
Gigabyte firmware component can be abused as a backdoor
Researchers warn that the UEFI firmware in many motherboards made by PC hardware manufacturer Gigabyte injects executable code inside the Windows kernel in an unsafe way that can be abused by attackers to compromise systems. Sophisticated APT groups are abusing similar implementations in the wild. “While our ongoing investigation has not confirmed exploitation by a […]
How an Indian real-estate juggernaut keeps growing by harnessing the power of zero
If you’ve ever watched a James Bond film – from Dr. No to No Time to Die – you may have noticed “EON Productions” in the credits. “EON” stands for “Everything or Nothing” – a phrase that could just as well apply to the Prestige Group, one of India’s leading real estate developers. To get […]
Hybrid working: the new workplace normal
The new and still evolving world of hybrid work has created a fresh set of challenges for IT leaders who are tasked with ensuring that employees have the tools to get their work done productively and securely, regardless of their location. CIO recently gathered a group of IT executives from a broad range of enterprises […]
Can you spot the hidden theme of CSO’s Future of Cybersecurity summit?
With the rise of generative AI, it was inevitable that it would become an unofficial subtheme of CSO’s Future of Cybersecurity Summit. And yet it still very much fits in with the event’s official theme: smart choices in a fast-changing world. Few things are changing as much as GenAI as a tool for creating content, […]
Inactive, unmaintained Salesforce sites vulnerable to threat actors
Improperly deactivated and unmaintained Salesforce sites are vulnerable to threat actors who can gain access to sensitive business data and personally identifiable information (PII) by simply changing the host header. That’s according to new research from Varonis Threat Labs, which explores the threats posed by Salesforce “ghost sites” that are no longer needed, set aside, […]
Chrome 114 Released With 18 Security Fixes
Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers. The post Chrome 114 Released With 18 Security Fixes appeared first on SecurityWeek.
Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations. The post Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards appeared first on SecurityWeek.
Barracuda patches zero-day vulnerability exploited since October
Barracuda has patched a zero-day vulnerability that had been exploited since October to backdoor customers’ Email Security Gateway (ESG) appliances with custom malware and steal data, the company said on Tuesday. “On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability (CVE-2023-2868) present in the Barracuda Email Security Gateway (appliance form factor only) […]
Trellix, Netskope announce new Amazon Security Lake support to enhance threat detection, remediation
Cybersecurity vendors Trellix and Netskope have announced new support for Amazon Security Lake from AWS, which became generally available on May 30. Trellix customers can now integrate their security data lake into the Trellix XDR security operations platform to enhance detection and response capabilities for their AWS environments. Meanwhile, Netskope customers can export logs from […]
Breaking Enterprise Silos and Improving Protection
When teams have a way to break down enterprise silos and see and understand what is happening, they can improve protection across their increasingly dispersed and diverse environment. The post Breaking Enterprise Silos and Improving Protection appeared first on SecurityWeek.
Spyware Found in Google Play Apps With Over 420 Million Downloads
Security researchers have discovered spyware code in 101 Android applications that had over 421 million downloads in Google Play. The post Spyware Found in Google Play Apps With Over 420 Million Downloads appeared first on SecurityWeek.
What is federated Identity? How it works and its importance to enterprise security
At the very heart of enterprise security is the tension between convenience and safety. The business longs for the ease of users, in competition with the demands of security. Authentication is a main theater for this tension, directly impacting the onboarding and login experience. Federated identity is at the forefront in addressing this tension, affording […]
How CIOs distill the most sought-after data skills
Almost every CIO says the same thing: data is the key to creating a competitive advantage. As many as 88% of IT decision makers believe the collection and analysis of data has the potential to fundamentally change the way their company does business over the next three years, according to Foundry’s 2022 Data & Analytics study. However, collecting […]
Broadcom’s Andy Nallappan on what cloud success really looks like
Companies moving to the cloud often find themselves at a crossroads near the midpoint of their migrations, spending more than they intended and getting out less than they hoped. Often that’s because their IT organization isn’t equipped with the culture, mindset, and skills necessary to capitalize on the cloud. Andy Nallappan has had a long […]
How IT leaders use EV tech to fuel the transport revolution in Kenya
Uptake in EVs is quietly accelerating across Africa’s transport systems. During the last year alone, for instance, companies such as BasiGo and Roam in Kenya have launched in various cities. And a Brookings report titled, Accelerating adoption of electric vehicles for sustainable transport in Nairobi, called on local and national governments to promote investment in […]
Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
A decade-old critical vulnerability in Jetpack was force-patched on five million WordPress sites over the past few days. The post Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability appeared first on SecurityWeek.
Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022. The post Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery appeared first on SecurityWeek.
Phishing remained the top identity abuser in 2022: IDSA report
Phishing was the most common type of identity-related incident in 2022, according to a study by Identity Defined Security Alliance (IDSA), a non-profit, identity and security intelligence firm. The study, commissioned through Dimensional Research, also revealed that the top phishes among the incidents included email phishing, spear phishing, and vishing/smishing incidents. To read this article […]
I migliori 17 tool per gestire i costi del cloud
Sembra ieri che i server cloud costavano pochi euro e che si poteva affittare un rack con una manciata di spiccioli. Quei giorni sono ormai lontani e, quando arriva il conto mensile dell’abbonamento ai relativi servizi, i direttori finanziari vanno su tutte le furie. Anche i team di sviluppatori stanno imparando che le cifre crescono, […]
AI-automated malware campaigns coming soon, says Mikko Hyppönen
Cybersecurity pioneer Mikko Hyppönen began his cybersecurity career 32 years ago at Finnish cybersecurity company F-Secure, two years before Tim Berners-Lee released the world’s first web browser. Since then, he has defused global viruses, searched for the first virus authors in a Pakistani conflict zone, and traveled the globe advising law enforcement and governments on […]
Screen recording Android app found to be spying on users
A screen recorder app with over 50,000 downloads on Google Play Store was found to be discreetly recording audio using the device’s microphone and stealing files, suggesting it might be part of an espionage campaign, according to researchers at ESET. iRecorder was a legitimate app made available in September 2021 and a remote access trojan (RAT) […]
Frontegg launches entitlements engine to streamline access authorization
SaaS-based customer identity and access management (CIAM) provider Frontegg has launched entitlements engine, an authorization management capability aimed at helping app developers and revenue teams streamline access authorization. The new engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls, Frontegg said. “The old way of building SaaS apps […]
PyPI Enforcing 2FA for All Project Maintainers to Boost Security
PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023. The post PyPI Enforcing 2FA for All Project Maintainers to Boost Security appeared first on SecurityWeek.
Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
Dental benefits manager MCNA is informing roughly 9 million individuals that their personal data was compromised in a data breach. The post Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack appeared first on SecurityWeek.
Many Vulnerabilities Found in PrinterLogic Enterprise Software
Multiple vulnerabilities in PrinterLogic’s enterprise management printer solution could expose organizations to various types of attacks. The post Many Vulnerabilities Found in PrinterLogic Enterprise Software appeared first on SecurityWeek.
Managing IT right starts with rightsizing IT for value
If you want to hear a big number that sums up a key conundrum IT leaders face today, it’s this: The Consortium for Information and Software Quality estimates that the annual cost of poor software quality in the US has grown to at least $2.41 trillion, or 9.4% of total GDP. The big picture implication […]
Upskilling the non-technical: finding cyber certification and training for internal hires
Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of skilled cybersecurity workers in the job market. One creative alternative to frustratedly trolling job-search sites is to look inward, rather than outward — to find capable, […]
Key IT initiatives reshape the CIO agenda
When it came to cybersecurity projects, Daniel Uzupis could always count on executive and board support during his tenure as CIO at Jefferson County Health Center in Fairfield, Iowa. “Any cybersecurity initiative I wanted to do, they didn’t argue with it; they always did it,” Uzupis says. In fact, Uzupis says he has seen over […]
Stepping up to the challenge of a global conglomerate CIO role
For IT leaders, mergers and acquisitions inevitably lead to complex challenges. IT systems and resources must be rationalized and unified, and differing cultures must often be maneuvered toward alignment to ensure success going forward. But with these high-profile undertakings can also come opportunities for career growth. When Reliance Polyester — a subsidiary of global conglomerate […]
5 domande difficili alle quali ogni leader IT dovrebbe rispondere
La leadership non “accade” e basta: deve essere misurata, gestita e va fatta crescere con gli opportuni investimenti. D’altra parte, il modo in cui i leader IT vengono selezionati, formati, valutati e retribuiti ha un impatto concreto sulle prestazioni future dell’azienda. Occorre, quindi, riflettere. Per esempio: quando è stata l’ultima volta che vi siete confrontati […]
Hackers hold city of Augusta hostage in a ransomware attack
BlackByte group has claimed responsibility for a ransomware attack on the city of Augusta in Georgia. The ransomware group has posted 10GB of sample data for free and claimed they have much more data available. “We have lots of sensitive data. Many people would like to see that as well as the media. You were given […]
New phishing technique poses as a browser-based file archiver
A new phishing technique can leverage the “file archiver in browser” exploit to emulate an archiving software in the web browser when a victim visits a .zip domain, according to a security researcher identifying as mr.d0x. The attacker essentially simulates a file archiving software like WinRAR in the browser and masks it under the .zip […]
Insider risk management: Where your program resides shapes its focus
There’s no getting around it, I am long in the tooth and have been dealing with individuals who break trust within their work environment for more than 30 years, both in government (where we called it counterespionage or counterintelligence) and in the private sector. Today we call programs that help prevent or identify breaches of […]
Red Hat embraces hybrid cloud for internal IT
For some enterprises, the road to hybrid cloud has run through Red Hat’s OpenShift. For Red Hat itself, that same journey, fueled by its flagship container platform, has been a principled one. The company, which was acquired by IBM in 2017, prides itself on its origins — supporting open standards and fighting vendor lock-in. So […]
With the new financial year looming, now is a good time to review your Microsoft 365 licenses
Microsoft 365 is the productivity engine at the heart of many SMB businesses across Australia. Having the right licenses for the applications the business needs are critical. Licensing can sometimes be complex to understand, however, which is why SMBs should make sure they’re sourcing their licenses from the right places. Having a trustworthy and proven […]
Industrial Giant ABB Confirms Ransomware Attack, Data Theft
Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data. The post Industrial Giant ABB Confirms Ransomware Attack, Data Theft appeared first on SecurityWeek.
Researchers find new ICS malware toolkit designed to cause electric power outages
Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this arsenal is a malware toolkit that seems to have been developed for red-teaming exercises by a Russian cybersecurity company. Dubbed COSMICENERGY by researchers from Mandiant, the […]
移民のバックストーリーが、技術リーダーを育てる
新型コロナウイルスは世界を一時的に停滞させたが、着実に秩序が回復するにつれて、技術者としてのキャリアアップを目指す人たちのチャンスも増えている。そのような人材の一部にとって、移民は常に業界の鍵であり、多くの人にとってインスピレーションの源であった。しかし、キャリアパスは時にネットワークやコネクションに依存し、新天地への移住は、経済的、感情的、社会的に多くの犠牲や挫折を伴う新たな挑戦となる。 それぞれのストーリーは、キャリアを成功させるための土台を作るという点で、ユニークである。しかし、共通しているのは、自分自身とより大きな利益のために卓越しようとする共感と努力の基盤があることである。 アテフェ・リアジは、ハースト・メディア・グループのCIOであり、国連の元CIOでもあり、技術者としてのキャリアを通じて他の高位な役職を歴任してきた。しかし、彼女が生まれたイランでは、基本的な人権や自由を守るために、女性たちが今も戦っている。「中東で育った女性として、キャリアに関して選択肢が限られていると言われ続けてきた」と彼女は言う。「先生や看護師にはなれても、エンジニアにはなれない。」 リアジの両親は、当時16歳だった娘を米国に留学させ、すでにニューヨークに住んでいた姉と合流させた。イランに到着して間もなくイスラム革命が勃発し、経済的な影響から、リアジは若くして複数の仕事を掛け持ちして生活することになった。 「ウェイトレスや皿洗い、掃除機の訪問販売や修理もした。また、テレビやラジオを修理してお金を稼いだこともあった。6年以上、自分のラジオ番組も持っていた。この間、私を大いに助けてくれた、忘れられない素晴らしい人たちに出会った。みんな大変な状況だとわかってくれていた。もちろん、そのような苦労や不安、激動があるからこそ、臨機応変に対応できるようになり、たくましくなる。そして、感謝の気持ちと謙虚な気持ちを持ち、地域や社会に恩返しをしたいと思うようになる。」と彼女は語る。 MX TechnologiesのCIOであるフェリックス・クインタナは、メキシコのチワワで生まれ、2歳の時にバイク事故で実父を亡くした。10歳のとき、家族とともに米国に移住した。「より良い生活と機会を求めてのことだった」と語る彼は、その移住が過酷なものであったことを付け加えた。「新しい文化に適応し、新しい言語を学ばなければならなかった。最も困難な経験は、おそらく米国に溶け込むことであった。経済状況は標準以下、両親の雇用機会は限られており、外国語で学業を終えるのは困難で、差別も経験した。」 エレイン・モンティーラはピアソンのUS School AssessmentのCTOであり、以前はThe CUNY Graduate CenterのCIOだった。16歳でドミニカ共和国から米国に移住することは、困難がつきまとうものであった。「私の英語はとても初歩的なものだった」と彼女は言う。「私は、自分が他の人たちとは違って見えることに気づいた。自分の訛りを恥ずかしく思ったものだ。それをすごく気にして、話すのが嫌になった。」 現在、テックリーダーとして成功を収めている3人は、それぞれ異なる背景を持ちながらも、移民を経験したCIOは業界リーダーとしてユニークな資質を持っているという意見は同じだ。 「私は、過去の経験が自分自身を形成すると信じている」とクインタナは言う。「新しい文化に溶け込む難しさを考えると、こうしたリーダーは、他者に共感し、広い視野を持ち、多様性を受け入れる可能性が高いと思う」と述べた。 リアジも同意見だ。「私は多様性を大切にしている。多様なバックグラウンドを持つ人たちは、その人独自の文化や歴史からさまざまな意見を持ち、幅広い視野を持っている。それは、仕事のあらゆる場面、特にリーダーシップを発揮する場面で、非常に貴重なものとなる。現代のグローバルな職場には、多様な考え方が必要だ。多様な文化的・社会経済的背景の顧客がいて、社員は多様な歴史や文化を有している。彼らのユニークさを受け入れてこそ、よりホリスティックな組織となり、顧客のニーズにより合致することができる」 職場環境の変化 現代のテック系ワークプレイスで取り組むべきことのひとつに、採用があるとモンティーラは言う。「移民や女性などのマイノリティを技術者から締め出すような、非常に時代遅れの雇用慣行がある」。彼女は、女性よりも男性にアピールするような言い回しの求人広告などがあることを例に挙げる。「面接の段階でも、無意識のバイアスがある。人は自分と同じような容姿や声の持ち主を採用する。この慣習を変えていく必要がある」ともいう。外国人風の名前を理由にした意識的・潜在的な差別もあると彼女は付け加える。 リアジは、特にリーダー的役割やテックで女性が活躍する障壁は週5日9時から5時までのオフィスワークであったと指摘する。しかし、パンデミックの予想外の結果として、ほとんどの仕事がリモートでできることが認識され、ハイブリッドワークが多くの仕事の競争条件を公平化している。 「また、子供や高齢者の世話をする女性が、より長く労働に従事するようになった。このことは、すでに女性の獲得に苦労しており、さらにその維持に苦労している技術分野で最も重要なことである。また、リモートでの就労が容易になったために、障がいのある人が働く機会も増えている。」 現在でもテック分野の人材の偏りを考えると、この勢いをもっと広げる必要があるとリアジは付け加える。さまざまな経歴を持つマイノリティの声は欠かせない。彼らなしでは、業界のリーダーたちは、開発、革新、成功に必要な広い視野を得ることができない。 「ほとんどの女性が技術の消費者であるにもかかわらず、工学やコンピュータサイエンスを学び、技術の進歩に貢献しようとする女性を引きつけるのに苦労している。私たちの業界は本当に偏っている。多様性は、イノベーション、人間の成長、進化に不可欠であり、経済成長、優れた社会政策、健全な民主主義社会に不可欠である。」 恩返しをすることの良さ リアジ、キンタナ、モンティーラの3人は、それぞれ異なる国で育った経験を活かし、現在テック業界を目指す若いマイノリティーの指導にあたっている。 「人を助ける機会はたくさんある」とクインタナは言う。「地元の大学で講義をし、自分のキャリアパスについて学生に話す機会があったが、その学生の何人かは偶然にもマイノリティだった。ヒスパニック系の若者やその両親と会って、教育の重要性や奨学金について話したこともある。また奉仕活動を通じて、難民や移民にも会うことができた」 ロールモデルやメンターは、彼女のキャリアにとって不可欠だったと、モンティーラは「私はよく兄を見ていて、それが私の助けになった 」と言う。「兄は、私が技術者の道に進むきっかけを与えてくれた人だ。たいてい女性は一人か少人数で、まだ言葉を学んでいる途中で、頭の中ですべてを翻訳していたので、コンピュータの教室に入る時、怖かった。」 今では彼女は後輩たちに、この弱さが大きな財産にもなりうると話している。 「私は一生懸命働いたので、すぐに出世しました」と、彼女は付け加える。「もちろん、不安もあったし、インポスター症候群にも悩まされたけれど、時が経つにつれて、弱さを持つことは大きな能力になり得ると思えるようになった。完璧ではないことを認めることで、プレッシャーから解放され、物事に取り組むことができるようになった。私は、このことをすべての後輩に教えている。感情をそのままにし、それと戦わない。私にとって重要なのは、不快であることを心地よく感じられるようになることだった。それは簡単なことではないが、それを実践すればするほど、より大きな絵が見えてきた。私はいつも、頼まれた以上のものを提供する。移民として、有色人種の女性として、私は他の人の2倍も3倍も一生懸命働いている」。 困難を経験する人へのアドバイスとして、クインタナは「ただ落ち着くだけではダメだ」と言う。「常に学ぶために、あらゆる機会を利用することだ」と彼は言う。「常に挑戦し続けること。他人を尊重し、誰に対しても親切に接すること。あなたの評判は、あなたについてくる。自分の価値観と一致し、自分に投資してくれるメンターや組織を探すこと。何よりも、自分が何者で、どこから来たのかを恥じてはいけない。これはあなたの一部であり、あなたをユニークな存在にするものだ」 Careers, Diversity and Inclusion, IT Leadership
BNY Mellon、AIを活用してマスターデータを改善
誰が誰にいくら借りているかというデータは、どの銀行でもビジネスの核となる。BNY Mellonでは、そのデータへのこだわりが組織図にも表れている。チーフ・データ・オフィサーのエリック・ハーシュホーンは、同行のCIO兼エンジニアリング責任者のブリジット・エングルのすぐ下にいて、銀行の各ビジネスラインのCIOを統括している。 「データに関わる多くのビジネスチャンスには、テクノロジーとの緊密な連携が必要だからだ」とハーシュホーンは言う。「私は銀行の各部門のCIOと同業者であり、分離することができないため、手を取り合って仕事をしている。私は方針を決めることができるが、それだけでは仕事を成し遂げることはできない。 2020年末に入行したハーシュホーンは、30年以上にわたって金融サービスに携わってきたが、その間、金融業界のデータに対する懸念は大きく変化してきた。 「20年前は、システムが倒れないようにするのが精一杯だった。10年前は、システミックな重要性や伝染を心配していた。より構造的な懸念事項を解決すると、すべてデータに戻る。私たちは、データの観点から私たちを取り巻く世界の相互関係を理解するための高度な能力を構築することに、非常に強気である。」 その努力の一つの鍵は、個々の顧客に関連するすべてのデータを特定し、その顧客と他の顧客を結びつける関係を特定できることである。銀行は、マネーロンダリング防止やその他の義務を果たすために、取引相手を把握することが規制上求められており、しばしばKYC(Know Your Customer)と呼ばれることがある。 ハーシュホーン氏は「私たちが最初に解決しようとした問題は、金融業界や規制産業の大規模なデータセットにおける長年の課題であるエンティティ・レゾリューション(曖昧さ解消)でした」と話す。それは同じ顧客を指すレコードを識別して結びつけることである。 同一人物や同一企業に対して行われた多数の融資のうち、どの融資かを特定できることは、銀行のリスク・エクスポージャーを管理する上でも重要である。この問題は銀行に限ったことではなく、さまざまな企業が、個々のサプライヤーや顧客に対するエクスポージャーをよりよく理解することで利益を得ることができる。 データで顧客を定義する しかし、顧客を知るためには、まず何が顧客を構成するのかを正確に定義する必要がある。ハーシュホーン氏は「私たちは、非常に慎重な方法を取りました」と語る。「社内のあらゆる場所で『顧客とは何か』と尋ねました」 当初は、顧客を定義するために必要なフィールド数やデータの種類などについて部門間で違いがあったが、最終的には共通の方針で合意した。 また、各部門にはすでに優先すべき支出があることを踏まえ、銀行では、この顧客マスターを導入するためのリソースを確保するために、各部門が開発者を雇うための中央予算を確保した。「開発者を雇えば、その分の費用はこちらで負担しますよ」というメッセージだったとハーシュホーン氏は語る。 顧客の定義統一が済んだことで、銀行は重複の排除に集中できるようになった。例えば、ジョン・ドウという人物の記録が100件あった場合、納税者番号や住所などのデータから、どれが同一人物なのか、ジョン・ドウは本当は何人いるのかを把握する必要がある。 BNY Mellonは、スクラッチから始めたわけではない。「BNY Mellonでは、顧客データベースの曖昧さを解消するために、かなり高度なソフトウェアを自行で構築していました」とハーシュホーン氏。しかし、このソフトウェアでは、手作業が必要なケースが一部あったために銀行はより良いものを必要としていた。 社内ソリューションの改善には時間がかかると、同氏は言う。「これは中核的な機能ではなく、社外でより賢い人々を見つけた」 その中には、機械学習と複数の公的なデータソースを用いて、エンティティ・リゾリューション・プロセスを強化する英国のソフトウェア開発会社、Quantexaのチームも含まれていた。 このベンダーは、同氏が入社する直前にBNY Mellonに対し最初のPoCを提供したため、彼の最初のステップの1つは、1カ月にわたる価値実証に移行することだった。既存のデータセットをベンダーに提供し、社内ツールとの性能比較を行った。 その結果、同一人物に関連する可能性があると判断されたレコードの数が増え、高い割合で自動的な解決を実現した。 「このような相関関係があればある程度自信を持てます。私たちは特定の事柄の自動化を推進したいので、高い信頼度を求めていました」と彼は言う。 BNY Mellonは、本格導入のためのインフラ設定とデータワークフローの整理に時間をかけた後、ソフトウェア開発会社と銀行の3つのグループ(優秀なテクノロジーチーム、データ専門家、KYCセンター)のスタッフが参加して、完全な導入に踏み切った。「規制の観点を考慮してこのプロジェクトを確実に実行できるのが彼らなのです」と彼は言う。 Quantexaのソフトウェア・プラットフォームは、単にエンティティ・リゾリューションを行うだけではない。 誰が誰と取引しているか、誰が住所を共有しているかなど、データ内のつながりのネットワークをマッピングすることもできる。 今のところ、課題は「いつ止めるか」を知ることかもしれない。「顧客記録を外部のデータソースと関連付け、さらにそれを自社の活動と関連付け、取引監視や制裁を追加する。これらのデータセットを相関させることの価値を理解し始めると、より多くの成果を生み出すことができると考えるようになるため、私たちは今、より多くのデータセットを複合的に追加するPoCを行っている。あらゆるユースケースを投入したい。」と同氏は言う。 テクノロジーサプライヤーに投資する BNY MellonはQuantexaの顧客というだけでなく、投資家の一人でもある。同社と1年間協働した後、2021年9月に初めて株式を取得した。 「製品の開発方法について意見を出したかったし、諮問委員会にも参加したかった」とハーシュホーン氏は言う。 Quantexa社への投資は、同行にとって特別な決断ではない。同行が投資した技術サプライヤーには、他にもポートフォリオ管理の専門ツールであるOptimal Asset Management、BondIT、Conquest Planning、ローコードアプリケーション開発プラットフォームGenesis Globalがある。そして2023年4月にはIT資産管理プラットフォームEntrioにも投資した。 しかし、顧客と投資家という役割は、必ずしも一致しない。「この戦略は、私たちが利用するすべての新しいテクノロジー企業に適用できるとは考えていません」と彼は言う。 競合他社に利用されないように、重要なサプライヤーの株式を購入する企業もあるが、Quantexaのエンティティ・リゾリューション技術に投資した同行の目的はそうではないとハーシュホーン氏は言う。 「これは独占的な技術ではなく、誰もがこの技術に優れている必要がある。金融犯罪の手口はますます巧妙になっている。業界全体と歩調を合わせることは、金融市場の健全性を保つ上で非常に重要なことだ。」と同氏は語る。 BNYメロンは、2023年4月にQuantexaに再び出資。この時、ABNアムロとHSBCという他の2つの銀行も一緒に投資に加わった。 Artificial Intelligence, Data Management, Master Data Management
Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
The recently identified Buhti operation uses LockBit and Babuk ransomware variants to target Linux and Windows systems. The post Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation appeared first on SecurityWeek.
Google Cloud Users Can Now Automate TLS Certificate Lifecycle
Google makes ACME API available to all Google Cloud users to allow them to automatically acquire and renew TLS certificates for free. The post Google Cloud Users Can Now Automate TLS Certificate Lifecycle appeared first on SecurityWeek.
Zyxel Firewalls Hacked by Mirai Botnet
A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls. The post Zyxel Firewalls Hacked by Mirai Botnet appeared first on SecurityWeek.
NCC Group Releases Open Source Tools for Developers, Pentesters
NCC Group announces new open source tools for finding hardcoded credentials and for distributing cloud workloads. The post NCC Group Releases Open Source Tools for Developers, Pentesters appeared first on SecurityWeek.
10 most popular IT certifications for 2023
Certifications are a great way for IT pros to pave a path to a specific career in tech. Whether in cybersecurity, software development, networking, or any other IT specialty, certifications can raise your career profile and help employers identify your areas of expertise and confirm that you have the right skills for the job. The […]
State of the CIO, 2023: come costruire una strategia aziendale di successo
La prima testimonianza autorevole in questo senso è quella di David Reis, CIO dell’University of Miami Health System e della Miller School of Medicine. Quando non è immerso nella cybersecurity, nella strategia del cloud ibrido o nella modernizzazione delle app, Reis trascorre il suo tempo collaborando con il consiglio di amministrazione e con i vertici […]
Trasformare l’IT per avere successo con il cloud
Quando il CIO Neil Holden ha guidato verso il cloud la sua azienda, Halfords Group, ha cercato di fare qualcosa di più di una semplice migrazione delle operazioni IT. Piuttosto, negli intenti di Holden – come d’altra parte in quelli della maggior parte dei Chief Information Officer – c’era la volontà di far sì che […]
L’AI Act tra innovazione e tutela dei consumatori
Gli eurodeputati del Parlamento europeo hanno approvato una prima bozza del regolamento sull’uso dell’IA. Con questo passaggio, l’AI Act [in tedesco] compie un importante nuovo passo, prima di essere discussa ed elaborata dai singoli Stati membri. Alla fine del percorso, prenderanno forma diverse leggi applicabili in tutta l’UE destinate a regolamentare l’utilizzo delle tecnologie di […]
Ecco come i CIO devono evolvere per evitare le minacce esistenziali al loro ruolo
Via via che la tecnologia digitale diventa sempre più vitale per il business, il ruolo del Chief Information Officer sta rapidamente evolvendo, ritrovandosi sempre più minacciato dall’ascesa dei dirigenti aziendali che offrono una miscela di competenze commerciali e tecniche necessarie per guidare le strategie di trasformazione. Un recente rapporto della società di market intelligence IDC […]
Alteryx works in generative AI for speedy analytics results
Analytics and data science vendor Alteryx is rolling ChatGPT and home-grown AI expertise into some of its core modules, with the aim of generating targeted, detailed reports at high speed. Alteryx’s AiDIN engine will power three new features, according to a company announcement Wednesday. The first, dubbed Magic Documents, applies AI to Alteryx’s Auto Insights […]
Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
Website impersonation detection and prevention company Memcyco raises $10 million in seed funding. The post Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation appeared first on SecurityWeek.
How to check for new exploits in real time? VulnCheck has an answer
Cybersecurity professionals who need to track the latest vulnerability exploits now have a new tool designed to make their job easier, with the launch today of VulnCheck XDB, a database of exploits and proof of concepts hosted on Git repositories. The tool, from cyberthreat intelligence provider VulnCheck, is aimed at helping vulnerability researchers and security […]
Inactive accounts pose significant account takeover security risks
Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. That’s according to Okta’s first Customer Identity Trends Report which surveyed more than 20,000 consumers in 14 countries about their online experiences and attitudes towards digital […]
Microsoft links attacks on American critical infrastructure systems to China
Microsoft and a few American intelligence agencies have detected malware of Chinese origin deployed in critical infrastructure systems in Guam and elsewhere in the United States. The malicious activity, focused on post-compromise credential access and network security discovery, has been linked to Volt Typhoon, a state-sponsored threat actor in China. “Volt Typhoon has been active […]
New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grid
Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption. The post New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grid appeared first on SecurityWeek.
Security Pros: Before You Do Anything, Understand Your Threat Landscape
Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape. The post Security Pros: Before You Do Anything, Understand Your Threat Landscape appeared first on SecurityWeek.
Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
The second-largest health insurer in Massachusetts was the victim of a ransomware attack in which sensitive personal information as well as health information of current and past members may have been compromised. The post Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised appeared first on SecurityWeek.
Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
Apria Healthcare is informing 1.86 million individuals of personal information compromise in 2019 and 2021 data breaches. The post Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches appeared first on SecurityWeek.
European Cybersecurity Firm Sekoia.io Raises $37.5 Million
European XDR and threat intelligence provider Sekoia.io has raised €35 million ($37.5 million) in Series A funding. The post European Cybersecurity Firm Sekoia.io Raises $37.5 Million appeared first on SecurityWeek.
Today’s Cyber Defense Challenges: Complexity and a False Sense of Security
Industry standard frameworks and guidelines often lead organizations to believe that deploying more security solutions will result in greater protection against threats. The post Today’s Cyber Defense Challenges: Complexity and a False Sense of Security appeared first on SecurityWeek.
Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
Fortinet’s 2023 State of Operational Technology and Cybersecurity Report shows a drop in the number of breaches and CISOs being increasingly responsible for OT cybersecurity. The post Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations appeared first on SecurityWeek.
Attributes of a mature cyber-threat intelligence program
Earlier this year, ESG published a research report focused on how enterprise organizations use threat intelligence as part of their overall cybersecurity strategy. The research project included a survey of 380 cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees). Survey respondents were asked questions about their organization’s cyber-threat intelligence (CTI) program – […]
6 ways generative AI chatbots and LLMs can enhance cybersecurity
The rapid emergence of Open AI’s ChatGPT has been one of the biggest stories of the year, with the potential impact of generative AI chatbots and large language models (LLMs) on cybersecurity a key area of discussion. There’s been a lot of chatter about the security risks these new technologies could introduce — from concerns […]
United Airlines CISO Deneen DeFiore on elevating cyber’s value to the business
Deneen DeFiore is a Hall of Fame technology executive who currently serves as vice president and chief information security officer at United Airlines, where she leads the cybersecurity and digital risk organization to ensure the company is prepared to prevent, detect, and respond to evolving cyber threats. She also leads initiatives on commercial aviation cyber safety […]
GitLab Security Update Patches Critical Vulnerability
GitLab CE/EE version 16.0.1 patches a critical arbitrary file read vulnerability tracked as CVE-2023-2825. The post GitLab Security Update Patches Critical Vulnerability appeared first on SecurityWeek.
Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances. The post Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances appeared first on SecurityWeek.
12 reasons good employees leave — and how to prevent it
With demand for IT workers continuing to grow and the labor market for tech talent remaining tight, CIOs can’t afford to see IT workers — particularly high-performing ones — walk out the door. And yet, walk out they just might. According to the 2022 Tech Sentiment Report from Dice, 52% of respondents said they’re likely […]
SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups
Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyberespionage interest. That’s no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly. Cybersecurity firm Proofpoint analyzed its telemetry data more than […]
Why It’s Time to Bring Your Public Clouds Down to Earth
Like most IT leaders today, you find yourself grappling with a paradox. Your IT estate has the potential to afford developer teams more flexibility and agility to place workloads across on-premises systems, public and private clouds, colocation facilities and edge networks. Yet as your environment swells and sprawls your teams are struggling to corral the […]
Bare metal compute: Optionality gold for your multicloud-by-design strategy
If there is one thing developers prize above all else today, it’s the option to run the applications they want where they want, when they want. This is critical in a world increasingly given to distributed computing, where applications run within and outside organizations’ four walls. And while virtualization technologies have long provided developers the […]
Why it’s time to put your stake in a ground-to-cloud strategy
With spring creeping closer to summer, warm weather camping season is in full swing. Fans of communing with nature know that a successful camping trip requires critical planning and preparation. Whether you’re mulling a weekend trek along a stretch over the Appalachian Trail or a week’s sojourn deep in the wilds of Yellowstone National Park, […]
Microsoft Catches Chinese .Gov Hackers in Guam Critical Infrastructure Orgs
Microsoft says it has caught Chinese government hackers siphoning data from critical infrastructure organizations in Guam, a U.S. territory in the Pacific Ocean. The post Microsoft Catches Chinese .Gov Hackers in Guam Critical Infrastructure Orgs appeared first on SecurityWeek.
Biden Picks New NSA head, Key to Support of Ukraine, Defense of US Elections
U.S. President Joe Biden has picked a new NSA and Cyber Command leader to oversee America’s cyber warfare and defense. The post Biden Picks New NSA head, Key to Support of Ukraine, Defense of US Elections appeared first on SecurityWeek.
Register now: GenAI, risk & the future of security
The promise of generative AI means we are on the cusp of a rethinking of how businesses handle cybersecurity. Along with the promise is the peril of AI being used to cause harm by launching more efficient malware, creating sophisticated deepfakes, or by unintentionally disclosing code or trade secrets. Learn more about AI, security, and […]
Researchers Spot APTs Targeting Small Business MSPs
Proofpoint warns that APT actors linked to Russia Iran and North Korea are increasingly targeting small- and medium-sized businesses. The post Researchers Spot APTs Targeting Small Business MSPs appeared first on SecurityWeek.
3 early lessons with generative AI
Generative AI products like ChatGPT have introduced a new era of competition to almost every industry. As business leaders seek to quickly adopt ChatGPT and other products like it, they are shuffling through dozens, if not hundreds, of use cases being proposed. The bottom line: The companies that strike the right balance of risk and […]
IT as a catalyst for business transformation: Strategies for CIOs
Today’s CIOs have a pivotal opportunity to help their organizations meet new expectations. Yet, as organizations transform, CIOs and their teams are being asked to manage the optimal mix of infrastructure, platform, software, database, storage, and more to meet these new strategic objectives—while also creating sustained value and positioning the organization for the future. The […]
How CIOs can drive business agility with “Shift Left”
The rapid pace of digital transformation has made it crucial for companies of all sizes and industries to become digital to meet customer needs and increase internal efficiencies. As traditional sectors—from healthcare to banking to energy—increasingly look like tech companies, they must adopt the same mindset and key processes as technology companies to maximize success. […]
Rocket fuel for your sustainability initiatives: Collaborative work management
Across business types and industry sectors, sustainability initiatives have moved to the top of many leaders’ agendas. The topic continues to grow both more urgent and expansive. Within the sustainability rubric now fall efforts like reducing energy and resource consumption, meeting circular economy mandates, and reworking supply chains to address environmental and fair-trade principles. The […]
New hyperactive phishing campaign uses SuperMailer templates: Report
SuperMailer, a legitimate email newsletter program, has been found abused by threat actors to conduct a high-volume credential harvesting campaign, according to network security firm Cofense. “The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume,” Brah Haas, cyber threat intelligence analyst at Cofense, said in a blog post. “Emails containing the unique […]
US sanctions four North Korean entities for global cyberattacks
The US Department of Treasury has imposed sanctions on four entities and one individual involved in illicit revenue generation and malicious online activities to generate revenue for the Democratic People’s Republic of Korea’s (North Korea) activities. The entities and individuals sanctioned are the Pyongyang University of Automation, the RGB’s Technical Reconnaissance Bureau, the 110th Research […]
Improving the health of Walgreens scan-based trading with SAP
Long ago, Walgreens created a prescription for success. And the main ingredient was and has continued to be its innovative business practices and services for the betterment of its customers, suppliers (or vendors), and operation. This story is about one innovation adopted by Walgreens, scan-based trading (SBT), and how SAP helped improve its use. When pharmacist Charles […]
OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
OAuth vulnerabilities found in the widely used Expo application development platform could have been exploited for account takeovers. The post OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers appeared first on SecurityWeek.
CyberArk’s enterprise browser promises zero-trust support, policy management
CyberArk has announced plans to launch an enterprise browser, dubbed CyberArk Secure Browser, at the end of 2023 as part of its CyberArk Identity Security Platform. The identity security vendor decided to create a new enterprise browser based on trends impacting hybrid work environments and its own research, which found an increase in post-multifactor authentication […]
Credential harvesting tool Legion targets additional cloud services
A commercial malware tool called Legion that hackers deploy on compromised web servers has recently been updated to extract credentials for additional cloud services to authenticate over SSH. The main goal of this Python-based script is to harvest credentials stored in configuration files for email providers, cloud service providers, server management systems, databases, and payment […]
Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
The AhRat trojan was injected in a screen recording application that had amassed more than 50,000 downloads via Google Play. The post Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update appeared first on SecurityWeek.
US Sanctions North Korean University for Training Hackers
The US government has announced sanctions against four entities and one individual engaging in cyber activities on behalf of the North Korean government. The post US Sanctions North Korean University for Training Hackers appeared first on SecurityWeek.
3 powerful lessons of using data governance frameworks
The first published data governance framework was the work of Gwen Thomas, who founded the Data Governance Institute (DGI) and put her opus online in 2003. “Frameworks were already being used, but they weren’t publicly available,” she says. “I had been asked to help Coors Beer prepare for upcoming Sarbanes-Oxley audits. They already had a […]
Making sense of SAP RISE: 4 key considerations
After two years on the market, SAP RISE is becoming increasingly positioned by SAP as a solution for customers looking to move to the cloud. With the 2027 deadline to move off SAP ECC looming, SAP customers need to understand what SAP’s RISE offering is and have a comprehensive evaluation strategy for when SAP inevitably […]
What Choice’s CIO sees in a cloud-native approach to sustainability
Choice Hotels, the Maryland-based multinational hotel chain, is a $10 billion, 80-year-old hospitality company with about 7,500 hotels in 46 countries. And with such a presence of history and reputation in the market, it had the foresight and resources to make early investment and commitment to dovetailing its digital transformation with sustainability. A lot of […]
5 ways IT pros can accelerate webpages in a day at no cost
Over the years, hundreds of techniques have been introduced to optimize website speed. And for good reason – a mere one-second delay in page load time can lead to a 7% loss in conversions. There’s no room for complacency, but unless web performance is your day job, it’s probably not obvious which recommendations are going […]
New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
Honeywell announces the launch of Cyber Insights, a solution designed to help organizations identify vulnerabilities and threats in their OT environments. The post New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats appeared first on SecurityWeek.
White House Unveils New Efforts to Guide Federal Research of AI
White House announced new efforts to guide federally backed research on artificial intelligence (AI). The post White House Unveils New Efforts to Guide Federal Research of AI appeared first on SecurityWeek.
Virtual Event Today: Threat Detection and Incident Response Summit
Join thousands of attendees as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack. (Register Now) The post Virtual Event Today: Threat Detection and Incident Response Summit appeared first on SecurityWeek.
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach
Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear. As a top-level professional in the business of defending against […]
Accelerating VMware’s growth
By Hock Tan, Broadcom President & CEO Innovation comes in many forms. In Broadcom’s case, it has been through a combination of organic growth and growth through acquisition, which has created Broadcom today – a company built from a heritage of American technology pioneers such as AT&T Bell Labs and Hewlett Packard, among others. […]
3 reasons why AI strategy is HR strategy
By Bryan Kirschner, Vice President, Strategy at DataStax When Karim Lakhani, co-founder of the Digital, Data, and Design Institute at Harvard University, talks about AI, I pay attention. I’ve previously written about how national survey data collected last year by DataStax (my employer) proved out predictions Lakhani made about AI and open source back in […]
Ahead: Look for a partner, not a service provider
Todd Fortwengler, senior director of managed services sales at Ahead, wants to sound the alarm on an issue he sees too frequently among enterprises that begin their cloud journey alone. “I often encounter companies that moved to the cloud too quickly without a plan,” says Fortwengler. “For too many, their vision of ‘land and expand’ […]
Axiado releases new security processors for servers and network appliances
Security processor provider Axiado has announced the availability of two new trusted compute units (TCUs) to help detect ransomware and other cyberattacks on servers and infrastructure elements in cloud data centers, 5G networks, and network switches. Dubbed AX3000 and AX2000, these TCUs are AI-powered hardware security platform solutions that, the company says, integrate all security […]
Finding your way with Value Stream Management in 2023
There’s no longer any debate that Value Stream Management (VSM) has emerged as the best solution for breaking through some of the toughest challenges in digital transformation. Despite years of effort, our research shows that more than two-thirds of organizations still struggle with organizational silos and friction between different roles and departments. Yet the vast […]
Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own
MikroTik patches a major security defect in its RouterOS product a full five months after it was exploited at Pwn2Own Toronto. The post Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own appeared first on SecurityWeek.
Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign
A credential phishing campaign using the legitimate SuperMailer newsletter distribution app has doubled in size each month since January 2023. The post Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign appeared first on SecurityWeek.
Top reasons for implementing NaaS
By Cathy Won, Consultant with eTeam, HPE Aruba Networking Contributor In a recent IDC NaaS survey1, sponsored by HPE, 71% of respondents agree or strongly agree as-a-service (aaS) consumption models offer better IT agility compared to traditional consumption models. Typically, flexible consumption, also known as paying based on usage, has often been touted as the […]
How enterprises get ahead using hybrid cloud for innovation overlay
A 2022 survey of innovation and business strategy conducted by the International Monetary Fund found that 40% of innovation-oriented companies (SMBs to large enterprises) reduce costs as a result of new product innovations which, on average, account for 20% of all sales. How can your organization see similar benefits from its innovation pursuits? Only so […]
Value Stream Management: Let’s get real
As the father of eXtreme Programming and one of the key authors of the Agile Manifesto, Kent Beck has been one the most influential thought leaders in transforming how we build software. In a recent interview with Dave Farley, reflecting on 25 years of agile software development transformation, he declared, “The things that haven’t changed […]
New ‘GoldenJackal’ APT Targets Middle East, South Asia Governments
The newly detailed GoldenJackal APT has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. The post New ‘GoldenJackal’ APT Targets Middle East, South Asia Governments appeared first on SecurityWeek.
CSPMの自動化でクラウド セキュリティをどのように向上できるか
クラウド環境の急速な成長と複雑化に伴い、組織はさまざまなセキュリティ脅威のリスクにさらされるようになっています。クラウド セキュリティ ポスチャ管理(CSPM)は、組織がクラウドのセキュリティリスクを継続的にモニタリング、特定、修正するためのプロセスです。CSPMにおける自動化の活用は、組織のクラウド インフラストラクチャのセキュリティとコンプライアンスを確保するうえで極めて重要です。 CSPMの主要コンポーネントは、継続的なモニタリング、問題の修正、コンプライアンス管理、アラートと通知といった中核的なタスクの自動化です。CSPMにロボティック プロセス オートメーション(RPA)を統合することで、反復的で平凡な作業を行う必要性を減らすことができ、組織にとって、クラウド環境の安全性と効率化、全体のセキュリティ態勢のサポート、セキュリティ リスクの管理をより効率的に行う強力なツールになります。 クラウド セキュリティにCSPMが欠かせない理由 クラウド環境は、Dockerコンテナ、エンドポイントAPI、Kubernetesノードなどのリソースや、サーバーレス機能のデプロイにより複雑化しています。組織は、基盤となるインフラストラクチャの制御を維持し、可視化することが困難な場合があります。特に、各リソースのアクセス権を構成および管理する場合には、難易度が高くなります。 [キャリアアップにはトップレベルのセキュリティ認定資格を:対象者、費用、必要な資格| CSOニュースレターにご登録ください ] CSPMは、これらの課題に対処し、クラウド セキュリティの態勢を強化するために不可欠なツールです。一般的に、クラウドファースト戦略を優先し、ベスト プラクティスに従ってリスクを最小限に抑えながらクラウド テクノロジーの利点を活用したいと考える企業が採用しています。 自動化機能が組み込まれているCSPMは、クラウド インフラストラクチャを常時モニタリングすることでDevSecOpsの取り組みを支援および効率化します。主な利点は、以下に示すように、誤った構成を迅速に検出して対処できるため、企業がコンプライアンスの維持に先手を打てることです。 潜在的なリスクが特定されると、CSPMは是正措置を講じる機能を提供します。これには、セキュリティ パッチの適用や、セキュリティ標準を満たすためのリソースの構成など、問題の自動修復も含まれます。また、組織内の関係者にアラートと通知を送るので、必要な措置を講じることもできます。 CSPMのもう一つの重要な利点は、規制遵守の維持です。多くの組織は、HIPAA、PCI DSS、GDPRなどの規制の対象となる業種で事業を運営しています。CSPMは、組織がコンプライアンス違反のリスクにさらされる可能性のある構成ミスや脆弱性を継続的にモニタリングし、修正するために必要な措置を講じることで、組織のクラウド環境がこれらの規制に確実に準拠できるようサポートします。 CSPMは組織にクラウド環境全体の一元的な可視性も提供します。これには、すべてのリソースと構成の概要の把握、クラウド リソースの信頼できる唯一の情報源の提供、セキュリティの死角の排除が含まれます。 クラウド セキュリティの自動化で企業が得るメリット CSPMの自動化は、組織のクラウド環境における潜在的な脆弱性や構成ミスを継続的にモニタリングして特定し、それらを修復するために必要な措置を講じるように設計されています。こちらに、クラウド セキュリティ態勢の強化に活用できる、CSPMにおける自動化の主要機能をいくつか紹介します。 継続的なモニタリング:CSPMの自動化により、クラウド環境の継続的なモニタリングが可能になります。これには、ソース クラウド プロバイダやセキュリティ ツールからのデータ収集、分析による潜在的な脆弱性や構成ミスの特定が含まれます。自動化されたモニタリングにより、組織は潜在的な脅威を迅速に検知して、対応することができます。 自動修復:CSPMの自動化により、潜在的な脆弱性や構成ミスが確認された場合、組織は自動的に修正を行うことができます。これには、セキュリティ パッチの適用、セキュリティ基準を満たすためのリソースの構成、リスクがあると判断されたリソースのシャットダウンが含まれます。 コンプライアンス管理:CSPMは、組織がコンプライアンス違反のリスクにさらされる可能性のある構成ミスや脆弱性を継続的にモニタリングし、必要な措置を講じることで、HIPAA、PCI DSS、GDPRなどの規制へのコンプライアンスを確保できるようにします。 一元的な可視化:CSPMの自動化により、組織はクラウド環境を一元的に可視化できます。これには、すべてのリソースと構成の概要を把握すること、クラウド リソースの信頼できる唯一の情報源の提供、セキュリティの死角の排除が含まれます。 アラートと通知:CSPMの自動化により、潜在的な脆弱性や構成ミスが検出された場合、組織内の関係者にアラートと通知が届きます。これにより、組織は問題を解決するために必要な措置をできるだけ早急に講じることができます。 ロボティック プロセス オートメーション(RPA):RPAは、CSPMにおける反復的で平凡な作業を自動化できるようにします。RPAにより、セキュリティ アラート、セキュリティ ポリシーの更新、コンプライアンス チェックなどに迅速に対応できます。 自動化はCSPMの重要なコンポーネントであり、組織はその機能を活用してクラウド セキュリティ態勢を向上させることができます。継続的なモニタリング、自動修復、コンプライアンス管理、一元的な可視化、アラートと通知、RPAにより、CSPMは組織のクラウド インフラストラクチャのセキュリティとコンプライアンスを維持し、組織全体のセキュリティ態勢をサポートする強力なツールになります。 Cloud Security, Data Center Automation
クラウド費用管理ツールトップ17
クラウド サーバーにはほとんど費用はかからないと言われていたのがつい昨日のように感じられます。ラックをソファーのクッションの裏に落ちている小銭のような少額でレンタルし、それでもアイスクリーム サンドを買えるくらいのお金が残りましたが、 そのような時代はとっくに終わってしまいました。毎月のクラウド請求書が届くと、CFOは頭を抱えています。開発チームは、わずかな額でも積み重なれば(場合によっては予想以上に早く)大きな額となることを学び、なんらかの規律を取り入れる時期が来たことを痛感しています。 クラウド コスト マネージャーがその解決策となります。クラウド コスト マネージャーは、すべての請求書を追跡し、その蓄積に責任を持つさまざまなチームに割り当てます。そうすることで、過剰なストレージやサーバー時間を必要とする複雑な機能を追加し過ぎたグループは、その浪費を説明する必要が出てきます。RAMやディスク容量を使いすぎない優秀なプログラマーは報酬を受けることができます。 小規模でシンプルな構成のチームであれば、クラウド企業のストック型サービスで何とかなるでしょう。現在、多くのCIOにとってコスト抑制は大きな課題であり、クラウド企業もそれを理解しています。請求額が膨れ上がる前に知らせてくれる会計ツールやアラームが追加されるようになりました。三大クラウドについては、Azure Cost Management、Google Cloudの費用管理、AWS Cloud Financial Managementのツールをご覧ください。 クラウドへのコミットメントが大きくなればなるほど、独立したコスト管理ツールが重要になってきます。これらのツールは複数のクラウドと連携し、データを統一して使いやすいレポートを作成できるように設計されています。また、レンタル サーバーと自社サーバー ルームのコストを比較できるように、オンプレミスで稼働しているマシンを追跡しているものもあります。 多くの場合、クラウド コスト マネージャーは、最終的な収益をモニタリングするだけでなく、セキュリティなど他のルールを適用するために設計された大規模なスイートの一部となっています。クラウド制御ツールとして直接販売されていないものもありますが、この問題の解決に役立つものとして発展しています。エンタープライズ アーキテクチャの調査やソフトウェア ガバナンスを管理するツールの中には、コストを同時に追跡できるようになったものもあります。これらのツールは、目的に特化したクラウド コスト ツールと同じように、コスト削減の機会を提供でき、他の管理の面倒な作業もサポートします。 以下は、優れたクラウド コスト追跡ツールをアルファベット順にリストアップしたものです。企業経営者がクラウド料金を把握する必要性を認識しているなか、この領域は急速に拡大しています。これらはすべて、世界中に広がる可能性のある、急成長中のサーバー インスタンスの世界を管理するのに役立ちます。 Anodot Anodotのクラウド モニタリング ツール コレクションの最初のジョブは、さまざまなサービスやアプリケーションからデータのフローを追跡することです。ユーザーに影響を与えるような異常や不調があれば、フラグを立てます。複数のクラウドにまたがるインスタンスやポッドの費用を追跡することは、この大きなジョブの一環です。ダッシュボードでは、各マイクロサービスやAPIを調査し、高需要時や低需要時にその稼働を維持するために費用がいくらかかるかを判断するためのインフォグラフィックスが生成されます。このような詳細な情報により、費用のかかるワークロードを発見し、それらを取り除く方法を見つけることができるようになります。 特筆すべき機能: より広範なモニタリング システムと統合し、優れたカスタマー エクスペリエンスをリーズナブルな価格で提供 統合や再販のためのホワイトラベル プラットフォームとして利用可能 AppDynamics Kubernetes環境におけるコンテナの追跡と抑制が、CiscoのAppDynamics(旧称Replex)の目標です。このツールは、パブリック クラウドやローカルで稼働しているクラスタが正しく動作しているかどうかをモニタリングする、より大きなシステムの一部となりました。コスト追跡は、常に統計を収集し、異常をモニタリングするシステムのほんの一部にすぎません。重要な報告プロセスの一つは、毎月の請求書の内容を誰もが理解できるように、コストを該当するチームに遡って請求することです。また、AppDynamicsは独自の機械学習エンジンを提供し、過去のデータを効率的なデプロイのためのプランに変えることができます。ポリシー制御レイヤは、チームが必要なものにはアクセスできるが、必要ないものにはアクセスできないように、きめ細かく制限します。 特筆すべき機能: コスト管理をアプリケーション全般のモニタリングと統合 ソフトウェア スタックのすべてのレイヤのユーザー エクスペリエンスとビジネス成果をつなぐ Apptio Cloudability Apptioは、ITショップを管理するための大規模なツール コレクションを作っており、Cloudabilityはクラウド コストを扱うためのツールです。このツールは、使用中のさまざまなクラウド インスタンスを分析し、会計処理のためにチームに割り当てます。理想は、提供されるレポートやダッシュボードを使用してチームが自らのコストを管理し、将来の使用量を予測できるようになることです。たとえば、CloudabilityのTrue Cost […]
What’s next for network firewalls?
Firewalls have come a long way from their humble beginnings of assessing network traffic based on appearance alone. Today’s next-generation firewalls (NGFWs), which must protect all areas of enterprise, can filter layer 7 applications, block malicious attachments and links, detect known threats and device vulnerabilities, apply patching, prevent DDoS attacks, and provide web filtering for […]
Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security
Infrastructure access management company Teleport has announced the release of Teleport 13, the latest version of its Teleport Access Platform. Teleport 13 features scanning and automatic patching of Teleport vulnerabilities to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure, the firm said. The solution aims to address the targeting […]
クラウドを成功させるためのIT変革
Halfords GroupのCIOであるNeil Holden氏は、同社がクラウド化を進めるにあたり、ITオペレーションを単に「リフト&シフト」する以上のことを実現しようと考えました。 Holden氏は、多くのCIOがそうであるように、クラウドの利用を拡大することで会社の変革のアジェンダの実現と形成を図ろうとしており、その目的を達成するためには、技術スタックだけではなく、自社のIT部門も変革しなければならないことを認識していました。 「いかなる種類のクラウド導入でも、必ず自社のIT(部門)の構造を見直す必要があります」とHolden氏は言います。「ITは今、クラウドのためだけではなく、クラウドがビジネスにとってどのような意味を持つかということを考慮した、これまでとはまったく違った運用が必要なのです。」 そこで、英国最大の自動車とサイクリング製品の小売業者であるHalfordsで2017年からCIOを務めるHolden氏は、同社の技術チームを再編する戦略を打ち出しました。再編は、会社全体のクラウド戦略の考案中に行なわれました。それが、クラウドが提供する機能とクラウドが実現できるビジネス機会を社員が確実に享受できるようにするための最善の方法であると考えたからです。 「達成するには、適切な体制を整える必要があります。クラウドにただモノを置いておくだけでは、その投資を(最大限に)活用できないからです」と同氏は説明します。 CIOならびに研究者、コンサルタント、顧問は、クラウド コンピューティングから最大限の利益を得るには、仕組みや従業員の編成など、IT部門そのものを変える必要があるという点で意見が一致しています。 そうでなければ、IT部門は単にサーバーの場所を自社のデータセンターから第三者のデータセンターに移行するだけで、クラウド導入によって可能となるイノベーション、トランスフォーメーション、TTM(市場投入までの時間短縮)を逃してしまうリスクがあると指摘します。 「オンプレミスからクラウドに同じスキルとチームを投入することはできません。それが失敗の元となります」とTata Consultancy Servicesのバイス プレジデント兼北米クラウド トランスフォーメーション担当責任者であるSushant Tripathi氏は言います。その代わりに、CIOはクラウドが提供するあらゆる機能を駆使するために、ITの再トレーニングと再編成を行う必要があると同氏は説明します。 ここでは、4人のITリーダーが、この課題にどのように対処したかをご紹介します。 直線的なプロセスからの脱却 Holden氏による再編では、直線的なソフトウェア開発、直線的なプロジェクトのプロセス、そしてその直線的な仕事の進め方に対応した部署のチーム体制の排除にある程度の重点を置きました。 「体制をまるごと変えました」と同氏は言います。 これまで、HalfordのIT部門は通常、ビジネス分析、ソリューション デザイン、インフラストラクチャなどの個別のチームで構成されていました。その体制のもとで、業務は一つのチームから次のチームへ、順番に移っていきました。 「誰かが企業と話をして、要件を設計チームに渡し、その後デリバリー チームとインフラストラクチャ チームに渡します」とHolden氏は言い、各チームがそれぞれ単独で作業を進め、各チームの成果物やタイムラインを明確にして合意したと説明します。「今では、そのすべて(の作業)が反復的デリバリーを伴うアジャイルなサークル内で起こるので、直線的なプロセスはすべて一緒に消え去りました」。 では、どのように実現したかを説明しましょう。Holden氏は、クラウド統合エクスペリエンスを導入し、同氏が取り入れたアジャイル手法のトレーニングにクラウド アーキテクトを雇いました。また、既存のスタッフにクラウドのスキルやアジャイル手法のトレーニングも行いました。さらに、ITチームと連携するためのアジャイル コーチを雇用しました。そして、個別の独立したチームを解体し、プロダクト所有者、ビジネス アナリスト、ソリューション アーキテクト、フロントエンド開発者、バックエンド開発者、テスターで構成されるScrumチームを作成しました。 新しいScrumチームは、直線的ではなく、反復的に作業することで、新機能の提供を加速し、ITとビジネス全体が会社のクラウド投資を活用できるようにしました。 「この変革の大きな特徴は、クラウドだけでなく、人の心も変えることでした。そのため、トレーニングに非常に力を入れました」と語るHolden氏は、2021年後半に、この新体制へのほぼ完全な切り替えを取り仕切ったとも言います。 Holden氏は、この組織再編の価値を、チームのより迅速な対応力に見い出していると述べています。同氏の計算では、再編されたITチームが42日間で作成およびデプロイしたあるプロジェクトは、従来のIT部門だったら完成に152日かかったはずです。 クラウドの人材を発掘するためのコアとチャプター アリゾナ州立大学(ASU)のCIOであるLev Gonick氏も同様に、クラウドがもたらす機会をより的確に捉えるためにITチームを再編成しました。 その再構築は、すぐにはできなかったとGonick氏は言います。ASUは10年前に実験的にクラウド化への取り組みを始め、その後、2017年にGonick氏がCIOに就任すると、より戦略的で積極的なクラウド導入に踏み切りました。ASUは現在、ワークロードの約85%をクラウドで運用しています。 Gonick氏は、ビジネスニーズに対応し、大学の成長に合わせて拡大できるようにアジャイルでいるためには、チームが変わらなければならなかったと言います。同氏の解決策は、「組織を根本からフラット化する」ことでした。 「私にとってはいちかばちかの賭けでした」とGonick氏は振り返ります。この変更を行うことを決定したのは、コロナ禍の初期でした。「縦割りのチームの代わりに、大規模なソフトウェア開発ショップで言うところの一連の『コア』を作成しました。」 Gonick氏によると、これらのコアは「迅速に再構成が可能な人材のプール」であり、それぞれが5つの特定の分野に注力しています。チームとその作業の大部分は、5つのコアを中心に構成されており、それらは一般的な慣行に基づいたプロフェッショナル開発コミュニティであると同氏は説明します。エンジニアリング、サービス提供、プロダクトとプログラム、データとアナリティクスの4つのテクニカルコアがあり、5つ目のコアは学習体験に関連するものです。 プロダクトとプログラムのコアのマネージャーは、Gonick氏が作業グループになぞらえるチャプターで一緒に作業するにあたって適切な人材の組み合わせを提案します。たとえば、エンジニアリングのチャプターは30あります。 「なぜこのようなことをしたかというと、クラウドが与えてくれる機会に対応するためです」と同氏は説明します。この組織構造により、ITプロフェッショナルは「嫌な仕事を強いられ、同じツールを使用して日々作業する」のではなく、多様なプロジェクトに取り組むことで、才能を伸ばし、発揮することができるとも言います。 同氏は続けます。「まさに人間の才能を引き出すことが目的でした。これは私の個人的な見解ですが、企業の技術チームのほとんどは、階層的な体制に縛られており、多くの才能ある人材が息苦しさを覚えています。ほとんどの(プロフェッショナルな)人たちは、幅広い知識を持っていますが、それを探求し、共有し、構築する機会がほとんどありません。しかし、この体制のおかげでチームはプロフェッショナルなコミュニティとして成長し、自分たちのチームだけではなく、ビジネスにも大いに関与する機会を得ることができます。」 クラウドを成功させるためのチームの一元化 ASUと同様、Liberty Mutual Insuranceもこの10年間にわたりクラウド化への取り組みを続けてきました。実験的な利用から始まり、「市場投入のスピードを上げ、コストを下げ、機能のオンとオフを柔軟に使い分ける」ことができるよう、6年前から全面移行したとMonica Caldas氏は言います。同氏は、2018年からLiberty Mutualで2つのIT幹部職を務めた後、1月に執行副社長兼グローバルCIOに就任しました。 Liberty Mutualのクラウド化の過程で、IT部門のリーダーはオンプレミス環境からクラウド環境に移行するために必要な人材とスキルの育成に重点を置いてきた、とCaldas氏は言います。「誰もが役割を担う、大規模な変革になりました。」 その一環として、Liberty Mutualのインフラストラクチャ チームは、長年管理してきた膨大なハードウェアを維持する必要がなくなったため、再構築の必要がありました。インフラストラクチャ チームは、再構築されるのではなく、会社全体に活用できるクラウド機能に焦点を当てたグローバルな使命を担う、一元化されたデジタル […]
Transition Troubles: Successfully Getting from Here to There
Compelling insights shared at CIO’s roundtable events lead to excellent information sharing and learning among all attendees. During a recent program, attendees shared their collective challenges with visibility into critical issues that vendors often overlook, leaving IT professionals to resolve them. An excellent example is the transition process to new solutions or platforms. Many innovative […]
Solving 3 key IT challenges to unlock business innovation
CIOs live it every day. The pace of technological change is lightning-fast. Savvy CIOs navigate this by learning, deciding and taking action with incredible agility and speed. To do that, IT leaders must architect IT infrastructure that enables cloud-like agility and speed across diverse environments. But they can’t go it alone. That’s because there are […]
Think security first when switching from traditional Active Directory to Azure AD
What enforces your security boundary today? What will enforce it in the next few years? For many years, Microsoft Active Directory has been the backbone and foundation of network authentication, identity, and connection. But for many organizations moving to cloud applications or having a mixture of operating systems, the need for cloud-based network management is […]
Iranian Hackers Target Middle East Entities With New Windows Kernel Driver
Iranian threat actors use a Windows kernel driver called ‘Wintapix’ in attacks against Middle East targets. The post Iranian Hackers Target Middle East Entities With New Windows Kernel Driver appeared first on SecurityWeek.
Google Launches Bug Bounty Program for Mobile Applications
Google introduces Mobile VRP bug bounty program for vulnerabilities in its mobile applications. The post Google Launches Bug Bounty Program for Mobile Applications appeared first on SecurityWeek.
Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Rheinmetall confirms being hit by Black Basta ransomware group, but says its military business is not affected. The post Rheinmetall Says Military Business Not Impacted by Ransomware Attack appeared first on SecurityWeek.
Red Hat Pushes New Tools to Secure Software Supply Chain
Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain. The post Red Hat Pushes New Tools to Secure Software Supply Chain appeared first on SecurityWeek.
CIOs seek efficiencies as uncertain economy looms
Efficiency, always a top concern of IT leaders, is the subject of heightened focus in 2023, thanks to ongoing inflation and the threat of recession. Expenditures for cloud services in particular are coming under close scrutiny, at a time when cloud spending is nearly half of many IT budgets. “As more and more workloads migrate […]
The DR essential IT leaders can’t overlook
Several years ago, an earthquake struck a West Coast community and threw almost everyone’s data center offline. There were regional electrical outages and communications disruptions, and systems failed. It’s a vivid memory because I was the CIO of an area financial institution at that time. We went into disaster recovery failover mode, with everyone in […]
Cutting Through the Noise: What is Zero Trust Security?
With proactive steps to move toward Zero Trust, technology leaders can leverage an old, yet new, idea that must become the security norm. The post Cutting Through the Noise: What is Zero Trust Security? appeared first on SecurityWeek.
Today’s quantum-inspired approaches for ROI
Quantum computing will change the world — the industry has rightfully accepted this as fact. However, until it does, we must contend with some limitations in the noisy intermediate scale quantum (NISQ) era machines we have today. Many use cases allow us to show customers how to solve complex business problems with actual NISQ quantum computers. Still, […]
Meta fined $1.3B for violating EU GDPR data transfer rules on privacy
Meta has been fined $1.3 billion (€1.2 billion) by the Irish Data Protection Commission (DPC) for violating the terms of the EU’s GDPR by continuing to transfer EU users’ data to the US without adequate safeguards. Meta has failed to “address the risks to the fundamental rights and freedoms” of Facebook’s European users, the DPC […]
Microsoft reports jump in business email compromise activity
Cybersecurity activity around business email compromise (BEC) spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by the Microsoft Microsoft’s Digital Crimes Unit (DCU). The findings were highlighted in the latest edition of Microsoft’s Cyber Signals, a cyberthreat intelligence report that spotlights security trends and insights gathered from Microsoft’s […]
GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices
GAO report underlines the need for federal agencies to fully implement key cloud security practices. The post GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices appeared first on SecurityWeek.
Food Distributor Sysco Says Cyberattack Affects 126,000 Individuals
Food distributor Sysco Corporation says the personal information of over 126,000 individuals was compromised in a recent cyberattack. The post Food Distributor Sysco Says Cyberattack Affects 126,000 Individuals appeared first on SecurityWeek.
Dish Ransomware Attack Impacted Nearly 300,000 People
Satellite TV giant Dish Network says the recent ransomware attack impacted nearly 300,000 people and its notification suggests a ransom has been paid. The post Dish Ransomware Attack Impacted Nearly 300,000 People appeared first on SecurityWeek.
What cybersecurity professionals can learn from the humble ant
When an ant colony is threatened, individual ants release pheromones to warn of the impending danger. Each ant picking up the warning broadcasts it further, passing it from individual to individual until the full defenses of the colony are mobilized. Instead of a single ant facing the danger alone, thousands of defenders with a single […]
Microsoft: BEC Scammers Use Residential IPs to Evade Detection
BEC scammers use residential IP addresses in attacks to make them seem locally generated and evade detection. The post Microsoft: BEC Scammers Use Residential IPs to Evade Detection appeared first on SecurityWeek.
Facebook Parent Meta Hit With Record Fine for Transferring European User Data to US
The European Union slapped Meta with a record $1.3 billion privacy fine and ordered it to stop transferring user data across the Atlantic. The post Facebook Parent Meta Hit With Record Fine for Transferring European User Data to US appeared first on SecurityWeek.
China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States
China’s government told users of computer equipment deemed sensitive to stop buying products from the biggest U.S. memory chipmaker, Micron. The post China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States appeared first on SecurityWeek.
5 C-suite bridges every IT leader must build
IT leaders have known for years that having “a seat at the table” is essential to their success. Without insight into and influence over key organizational decisions and priorities, CIOs are disadvantaged when it comes to launching and supporting initiatives that will help the business thrive. But these days, that seat at the table, where […]
EU’s AI Act challenge: balance innovation and consumer protection
Members of the EU Parliament have agreed on a first draft for regulating the use of AI. The AI Act is now taking the next procedural step to be negotiated and worked out with individual member states. In the end, there should be an EU-wide body of law to regulate the use of AI technologies, such as ChatGPT. Essentially, the AI […]
Samsung Smartphone Users Warned of Actively Exploited Vulnerability
Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor. The post Samsung Smartphone Users Warned of Actively Exploited Vulnerability appeared first on SecurityWeek.
Legitimate looking npm packages found hosting TurkoRat infostealer
Despite efforts taken in recent years to proactively monitor public software repositories for malicious code, packages that bundle malware continue to routinely pop up in such places. Researchers recently identified two legitimate looking packages that remained undetected for over two months and deployed an open-source information stealing trojan called TurkoRat. Effective use of typosquatting on […]
Guerrilla malware is preinfected on 8.9 million Android devices, Trend Micro says
Cybercrime gang Lemon Group has managed to get malware known as Guerrilla preinstalled on about 8.9 million Android-based smartphones, watches, TVs, and TV boxes globally, according to Trend Micro. The Guerilla malware can load additional payloads, intercept one-time passwords (OTPs) from SMS texts, set up a reverse proxy from the infected device, and infiltrate WhatsApp […]
US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website
Wisconsin teen Joseph Garrison is charged with launching a credential stuffing attack that affected roughly 60,000 user accounts. The post US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website appeared first on SecurityWeek.
Pimcore Platform Flaws Exposed Users to Code Execution
Security researchers are warning that newly patched vulnerabilities in the Pimcore platform bring code execution risks. The post Pimcore Platform Flaws Exposed Users to Code Execution appeared first on SecurityWeek.
Accessibility should be a cybersecurity priority, says UK NCSC
The UK National Cyber Security Centre (NCSC) has urged businesses and security leaders to make accessibility a cybersecurity priority to help make systems more secure and human errors/workarounds less likely. It can also aid in meeting legal requirements, delivering better operational outcomes, and attracting and retaining more diverse talent, according to the NCSC. However, there […]
Examining the fallout of APAC tech skills shortages
Recent research from IDC report Enterprise Automation to Mitigate the Digital Skills Shortage found that up to 80% of organizations in the APAC region, excluding Japan, find it difficult or extremely difficult to fill vacancies in IT roles. Some of the hardest roles to fill include security, and development and data professionals. The report also […]
Allianz ditches mainframe for scale and innovation
Due to a risk of not being able to scale and innovate properly, nor provide a basis to accommodate new platforms or programming languages, a decision was made in mid-2019 to migrate the entire Allianz Business System (ABS) — the IT core applications including its database in Germany — to standardized x86 servers with Linux […]
Researchers Identify Second Developer of ‘Golden Chickens’ Malware
Security researchers have identified the second developer of Golden Chickens, a malware suite used by financially-motivated hacking groups Cobalt Group and FIN6. The post Researchers Identify Second Developer of ‘Golden Chickens’ Malware appeared first on SecurityWeek.
Cloudflare Unveils New Secrets Management Solution
Cloudflare introduces Secrets Store, a new solution to help developers and organizations securely store and manage secrets. The post Cloudflare Unveils New Secrets Management Solution appeared first on SecurityWeek.
Apple Patches 3 Exploited WebKit Zero-Day Vulnerabilities
Apple has patched 3 zero-days, two of which are the vulnerabilities patched with the tech giant’s first Rapid Security Response updates. The post Apple Patches 3 Exploited WebKit Zero-Day Vulnerabilities appeared first on SecurityWeek.
Critical remote code execution flaws patched in Cisco small business switches
Cisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices and can be exploited without authentication. While the company didn’t disclose which specific components of […]
6 barriers to becoming a data-driven company
It’s no surprise that becoming a data-driven company is at the top of the corporate agenda. A recent IDC whitepaper found that data-savvy companies reported a threefold increase in revenue improvement, almost tripling the likelihood of reduced time to market for new products and services, and more than doubling the probability of enhanced customer satisfaction, […]
OX Security adds ChatGPT plugin for AppSec
OX Security, an application security vendor, now has a plugin for ChatGPT, allowing users to leverage the power of the headline-making generative AI assistant to protect the software supply chain, generate personalized security recommendations and remedy security issues quickly. The Israel-based company, in a press release issued yesterday, said that generative AI has already altered […]
Investors Make $6M Bet on Manifest for SBOM Management Technology
Manifest raises $6 million in seed funding to help businesses generate, collect, and manage software bill of materials (SBOMs). The post Investors Make $6M Bet on Manifest for SBOM Management Technology appeared first on SecurityWeek.
Modernization holds the key to IBM i success
IBM i technology is a data center lynchpin for many organizations. Introduced 35 years ago as OS/400, a survey of IBM i users by Fortra found that seven out of 10 use IBM i, an operating system developed by IBM for IBM Power Systems, to run more than half of their applications. While adoption of […]
Industrial Secure Remote Access Is Essential, but Firms Concerned About Risks
Secure remote access is essential for industrial organizations, but many are concerned about the associated risks, a new study shows. The post Industrial Secure Remote Access Is Essential, but Firms Concerned About Risks appeared first on SecurityWeek.
Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats
A wave of layoffs, coupled with increased recruitment efforts by cybercriminals, could create the perfect conditions for insider threats to flourish The post Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats appeared first on SecurityWeek.
Quantum Decryption Brought Closer by Topological Qubits
Quantinuum claims the most powerful quantum computer currently available –through cloud-based access from Quantinuum, and available through Azure Quantum in June 2023. The post Quantum Decryption Brought Closer by Topological Qubits appeared first on SecurityWeek.
New SBOM Hub Helps All Stakeholders in Software Distribution Chain
Lineaje introduces SBOM360 Hub, an exchange allowing software producers, sellers, and consumers to publish, share and use SBOMs and related compliance artifacts. The post New SBOM Hub Helps All Stakeholders in Software Distribution Chain appeared first on SecurityWeek.
Google Announces New Rating System for Android and Device Vulnerability Reports
Google is updating its vulnerability reports rating system to encourage researchers to provide more details on the reported bugs. The post Google Announces New Rating System for Android and Device Vulnerability Reports appeared first on SecurityWeek.
Organizations reporting cyber resilience are hardly resilient: Study
While most organizations have a cyber resilience program in place, more than half of them lack a comprehensive approach to assessing resilience, according to a study by Immersive Labs. The study aimed at understanding business preparedness amidst growing incidents found a strong intent to strengthen cybersecurity capabilities driven by external threats. “Rules of engagement for […]
Aviatrix is transforming cloud network security with distributed firewalling
Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments. The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network […]
Russian national indicted for ransomware attacks against the US
Russian national, Mikhail Pavlovich Matveev, has been charged and indicted for launching ransomware attacks against thousands of victims in the country and across the world, the US Department of Justice (DoJ) said in a press release. The Department of State has also announced an award of up to $10 million for information that leads to […]
PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords
Researcher publishes PoC tool that exploits unpatched KeePass vulnerability to retrieve the master password from memory. The post PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords appeared first on SecurityWeek.
Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities
Cisco has released patches for critical vulnerabilities in small business switches for which public proof-of-concept (PoC) code exists. The post Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities appeared first on SecurityWeek.
Millions of Smartphones Distributed Worldwide With Preinstalled ‘Guerrilla’ Malware
A threat actor tracked as Lemon Group has control over millions of smartphones distributed worldwide thanks to preinstalled Guerrilla malware. The post Millions of Smartphones Distributed Worldwide With Preinstalled ‘Guerrilla’ Malware appeared first on SecurityWeek.
14 essential book recommendations by and for IT leaders
Looking for your next read? Why not pick up a book that will inspire you to be a more effective leader, help you spot challenges and pitfalls in your IT strategies and processes, or prepare for the future of information technology? I asked CIOs and other high-level IT leaders to recommend books that have impacted […]
Discount Tire tunes IT to reinvent customer experience
Cracking the code for fast, reliable automotive service requires vision — especially in an era in which customers expect flexible, convenient experiences delivered on their terms. For US tire retail chain Discount Tire inspiration for reinventing its retail automotive experience would come from familiar territory: the less than 20 seconds it takes a NASCAR pit […]
IBM acquires Polar Security, bolstering data security capabilities
IBM has purchased application security startup Polar Security, in an attempt to address the security of application data in the cloud and help organizations track vulnerable information. In a statement issued this morning, IBM said that the increased cloud adoption driven by the pandemic has strained organizational capacity to track certain aspects of their application […]
Researchers show ways to abuse Microsoft Teams accounts for lateral movement
With organizations increasingly adopting cloud-based services and applications, especially collaboration tools, attackers have pivoted their attacks as well. Microsoft services consistently rank at the top of statistics when it comes to malicious sign-in attempts, and Microsoft Teams is one application that recently seems to have attracted attackers’ interest. Researchers from security firm Proofpoint investigated how […]
Enabling a data-driven IT modernization strategy
The big picture: In the midst of a rush to technology modernization, it’s critical to ensure the organization’s data assets are not overlooked. Why it matters: Data-driven business decisions must factor prominently in modernization efforts. The bottom line: Don’t leave data behind. Excellent opportunities to save and make money, reduce risk, and develop new models of business emerge […]
ServiceNow, Nvidia to bring generative AI to enterprise workflows
ServiceNow and Nvidia on Wednesday said that they were collaborating to build generative AI applications for different enterprise functions in an effort to optimize business processes and workflows. ServiceNow will use data available on its workflow platform along with Nvidia’s DGX Cloud, Nvidia DGX SuperPOD, and Nvidia’s Enterprise AI software suite to develop custom large […]
Access to Energy Sector ICS/OT Systems Offered on Hacker Forums
Threat actors have been selling access to energy sector organizations, including ICS and other OT systems, according to a new report from Searchlight Cyber. The post Access to Energy Sector ICS/OT Systems Offered on Hacker Forums appeared first on SecurityWeek.
Entro exits stealth with context-based secrets management
Entro, the Israeli cybersecurity company focused on protection for secrets and programmatic access to cloud services and data, has exited stealth with its first-ever product offering context-based secrets management. The new offering is the first and only holistic secrets security platform that detects, safeguards, and provides context for secrets stored across vaults, source code, collaboration tools, […]
4 Countries Join NATO Cyber Defense Center
Japan, Ukraine, Ireland and Iceland have joined the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE). The post 4 Countries Join NATO Cyber Defense Center appeared first on SecurityWeek.
Creating wealth, jobs, and community through women-owned businesses
Women-owned businesses represent 33% of the world’s private businesses. That number should be higher when you consider that women-owned businesses are one of the most underutilized drivers of innovation and job growth in both developed and emerging markets. These businesses are particularly challenged when it comes to accessing opportunities in global trade. Technology can help […]
Apple Blocked 1.7 Million Applications From App Store in 2022
Apple says it rejected 1.7 million applications from being published in the App Store in 2022. The post Apple Blocked 1.7 Million Applications From App Store in 2022 appeared first on SecurityWeek.
Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks
CISA, FBI, and ACSC warn critical infrastructure organizations of the BianLian ransomware group’s attacks. The post Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks appeared first on SecurityWeek.
Attacker uses the Azure Serial Console to gain access to Microsoft VM
Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant. Using access to virtual machines the attackers employed malicious use of the Serial Console on Azure Virtual Machines to install third-party remote management software […]
Insider threats surge across US CNI as attackers exploit human factors
Over three-quarters (77%) of organizations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyberthreats in the last three years, according to new research from cybersecurity services firm Bridewell. The Cyber Security in CNI: 2023 report surveyed 525 cybersecurity decision makers in the US in the transport and aviation, utilities, finance, government, […]
Lacroix Closes Production Sites Following Ransomware Attack
Technological equipment supplier Lacroix has closed three production sites after experiencing a ransomware attack. The post Lacroix Closes Production Sites Following Ransomware Attack appeared first on SecurityWeek.
Cybersecurity M&A Roundup for May 1-15, 2023
Seventeen cybersecurity-related M&A deals were announced in the first half of May 2023. The post Cybersecurity M&A Roundup for May 1-15, 2023 appeared first on SecurityWeek.
Chrome 113 Security Update Patches Critical Vulnerability
Google has released a Chrome 113 update to patch 12 vulnerabilities, including a critical use-after-free flaw. The post Chrome 113 Security Update Patches Critical Vulnerability appeared first on SecurityWeek.
Security breaches push digital trust to the fore
As digital transactions with customers, employees, suppliers, and other stakeholders grow, digital trustworthiness is set to become one of the most important enterprise-wide initiatives with the biggest potential impact (both negative and positive), even though it often has the smallest budget allocation. “Organizations are focusing on security and privacy, but if your customers don’t trust […]
Entro Raises $6M to Tackle Secrets Sprawl
Israeli startup Entro launches with $6 million in seed-stage funding and a product to help manage secrets sprawl in the enterprise. The post Entro Raises $6M to Tackle Secrets Sprawl appeared first on SecurityWeek.
Accenture’s Penelope Prett on the predictive value of data
Penelope Prett has been with Accenture for over 30 years. She was named CIO in 2019, and last fall, added data and analytics to her title and remit. I recently spoke with Prett about her new role, what it means for Accenture, and her advice for CIOs who are embarking on the data-to-value journey. What […]
Einstein GPT gives Salesforce unifying vision for high-profile acquisitions
It’s no secret to anyone that generative AI is the hot new thing in tech right now, promising to revolutionize the way humans interact with software. And, perhaps uniquely, it is a potentially transformational technology that won’t require rebuilding the infrastructure stack. Salesforce is one a rising wave of software companies betting on the promise […]
US Offering $10M Reward for Russian Man Charged With Ransomware Attacks
The US is offering a $10 million reward for information on a Russian man accused of launching ransomware attacks on critical infrastructure. The post US Offering $10M Reward for Russian Man Charged With Ransomware Attacks appeared first on SecurityWeek.
Technology, Processes, and Culture: Red Hat’s Open-source Pathway to Successful Digital Transformation
The world has witnessed the undeniable power of digital transformation to unlock tremendous potential and propel businesses forward in today’s fast-paced digital era. Yet, as organisations work to reap the benefits of innovation and growth, they must also navigate this new terrain. The road to digital transformation requires significant investments of time, money, and resources, […]
AFL launches Just Walk Out technology to tackle queues at Marvel Stadium
The pain of long lines for food and drinks is about to be eased at Melbourne’s Marvel Stadium with the introduction of Amazon’s Just Walk Out technology, a first for the southern hemisphere. Rob Pickering, general manager for technology at The Australian Football League (AFL), which owns and operates the stadium, says the initiative is […]
Unlocking Growth Opportunities: 4 Ways a Strong EX Strategy Enhances CX
As businesses strive to undergo digital transformation on a large scale, IT leaders are placing increased emphasis on enhancing employee experience (EX) in order to elevate customer satisfaction and engagement. Modern companies are investing more of their budgets on tools that create and maintain a positive employee experience. Employee experience tools and software help to […]
SAP takes steps toward ‘green ledger’ for carbon accounting
SAP wants to give new meaning to the resources in enterprise resource planning, going beyond the boundaries of the enterprise and accounting for its impact on the whole planet. The software provider plans to do that by enhancing existing tools for estimating greenhouse gas emissions due to an enterprise’s activities, and adding capabilities for exchanging […]
Arnica's real-time, code-risk scanning tools aim to secure supply chain
Software supply chain security provider Arnica has added a suite of new real-time scanning tools to its namesake code-security suite, including static application security testing (SAST), infrastructure as code (IaC) scanning, software component analysis (SCA), and third-party package reputation checks. To read this article in full, please click here
Digital listening reveals 3 leading innovation drivers
In six short months, ChatGPT propelled artificial intelligence (AI) into the minds and imaginations of the masses more than any other development since the term “AI” was coined in 1956. According to research sponsored by techradar.pro, an astonishing 39% of U.S. and U.K. adult web users surveyed have used one or more generative AI tools. […]
How to Lose With AI
By Bryan Kirschner, Vice President, Strategy at DataStax Consumers love smart personalization. Developers get fired up about building AI-powered apps. And just two months after ChatGPT launched, 100 million people have added tapping into the power of AI to their toolbox. These signals point toward an “AI everywhere” future: one in which it’s a competency […]
3 ways to jump-start your journey to SD-WAN, SSE, and SASE
For decades, organizations have relied on traditional architecture to secure their network based on firewalls and other perimeter defenses. As organizations massively moved their workloads to the cloud, users are now accessing sensitive data in the cloud through unsecured links, outside of the corporate network perimeter and from any device. This trend has accelerated as […]
ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence
The head of OpenAI, which makes ChatGPT, told Congress that government intervention “will be critical to mitigate the risks of increasingly powerful” AI systems. The post ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence appeared first on SecurityWeek.
South American retailer shares lessons learned in its move to HR automation
Behind the scenes at one of South America’s largest retail conglomerates, human resources (HR) professionals manage the movement of tens of thousands of employees. Hit by a recent spike in turnover, one thing became clear to the company’s HR team: their records system needed a serious upgrade. With annual sales in the billions, the retail […]
It’s time to go paperless: are bank branches ready?
When the chief banking officer of a $10.3B community bank visited a competing super-regional branch in her suburban New Jersey neighborhood, she noticed something troubling. Piles upon piles of paper crowded the branch manager’s desk and cluttered the nearby credenza. Set amid an open floor plan, the stacks of files left sensitive customer information—business and […]
Aqua Security releases Real-Time CSPM to tackle multi-cloud security risks
Cloud native security vendor Aqua Security has announced the launch of Real-Time CSPM, a new cloud security posture management solution designed to provide visibility and risk prioritization across multi-cloud security risks. Real-Time CSPM uses “real-time scanning” to pinpoint threats that evade agentless detection and reduce noise so security practitioners can identify, prioritize, and remediate the […]
Is your cloud strategy working? Why multicloud by design is the way forward.
With the rise of cloud computing, many organizations rapidly adopted public cloud services alongside cloud principles in dedicated IT environments, or private clouds, to accelerate innovation and meet business requirements. This led to the rise of multicloud: today, almost nine out of 10 IT environments include a mix of public and private clouds1. In some […]
BCBSNC builds a better IT workplace through DEI
For companies looking for an edge in the tight talent market, a solid DEI strategy and employee engagement often go hand in hand, creating a balance that fosters an inclusive work environment. When employees feel they can bring their authentic selves to work, it can result in higher levels of employee productivity and satisfaction, improved […]
IBM Snaps up DSPM Startup Polar Security
Tech giant IBM acquires Polar Security, an early stage startup in the red-hot data security posture management (DSPM) category. The post IBM Snaps up DSPM Startup Polar Security appeared first on SecurityWeek.
Lancefly APT Targeting Asian Government Organizations for Years
A threat actor tracked as Lancefly has been targeting government organizations in South and Southeast Asia for at least three years. The post Lancefly APT Targeting Asian Government Organizations for Years appeared first on SecurityWeek.
SAP to add generative AI, industry smarts to CX tools
Every software developer is looking at how to incorporate generative AI in its products, even SAP. The ERP vendor, which turned 50 last year, is developing a companion app for its software, to be called SAP Digital Assistant, which will use generative AI to help SAP users provide a better experience to their customers. SAP […]
New APT targets South and Southeast Asia with custom-written backdoor
Lancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, education, and telecom organizations in South and Southeast Asia in an activity that has been ongoing for the past five years, according to Symantec. The group has been seen carrying out the activity with the motive of intelligence gathering. Lancefly has […]
Nozomi Networks announces Vantage IQ to address security gaps in critical infrastructure
Nozomi Networks has announced the upcoming release of Vantage IQ, a new AI-based analysis and response engine designed to address security gaps and resource limitations in critical operational infrastructure. The new offering will be available from Q3 2023 as an add-on to Vantage, Nozomi Networks’ SaaS-based security management platform. It is built to enhance threat […]
New Babuk-Based Ransomware Targeting Organizations in US, Korea
An emerging ransomware gang called RA Group is targeting organizations in the US and South Korea. The post New Babuk-Based Ransomware Targeting Organizations in US, Korea appeared first on SecurityWeek.
Huntress Closes $60M Series C for MDR Expansion
Huntress closes a $60 million Series C financing round led by Sapphire Ventures. The company has now raised $118 million. The post Huntress Closes $60M Series C for MDR Expansion appeared first on SecurityWeek.
Crosspoint Capital Partners Acquires Absolute Software in $870 Million Deal
Crosspoint Capital Partners has agreed to acquire security solutions provider Absolute Software in an $870 million deal. The post Crosspoint Capital Partners Acquires Absolute Software in $870 Million Deal appeared first on SecurityWeek.
Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks
Critical vulnerabilities found in Teltonika products by industrial cybersecurity firms Otorio and Claroty expose thousands of internet-exposed devices to attacks. The post Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks appeared first on SecurityWeek.
How Northfield Hospital uses AI to minimize risk from cyberattacks
Like all healthcare providers, US-based Northfield Hospital has a big responsibility when it comes to cybersecurity as sensitive data and the lives of patients could be at stake. A study by Proofpoint and the Ponemon Institute released in September 2022 found that patient mortality rates increased across more than 20% of healthcare organizations that suffered […]
5 IT management practices certain to kill IT productivity
Successful CIOs, like all highly placed executives, must be adept at running an organization that’s good at getting work out the door. Unfortunately, many of the most popular management techniques for fixing poor organizational performance don’t work. Or worse. If you want better guidance, start with Peter Drucker’s observation that, “Most of what we call […]
Edge platforms deliver 3 key business benefits
Traditionally, content delivery networks (CDNs) were used to cache files close to consumers, enabling media publishers to stream video and gaming software to customers as quickly as possible, and allowing high-stakes web application providers to deliver web pages equally fast. Eventually, application and content owners found these networks had use beyond caching that enabled digital […]
How to incubate a winning innovation program
When leaders consider how technology has enabled the transformation of business models over the past several years, few would disagree that the world has changed dramatically. Retail, entertainment, music, and banking have largely moved online. It’s a familiar story: Netflix beat Blockbuster; Amazon beat Borders. More recently, Tesla has transformed the experience of buying, owning, […]
New ransomware gang RA Group quickly expanding operations
Researchers warn of a new ransomware threat dubbed RA Group that also engages in data theft and extortion and has been hitting organizations since late April. The group’s ransomware program is built from the leaked source code of a different threat called Babuk. “Like other ransomware actors, RA Group also operates a data leak site […]
Oracle first to open a cloud region in Serbia
Public cloud services provider Oracle on Monday said it will launch a new cloud region in Serbia, which will make it the first among rivals including Microsoft, Amazon Web Services (AWS), Google and IBM, to offer a hyperscale data center in the Eastern European country. The new cloud region, which will serve Southeast Europe, will […]
Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot
It can seem like cybercriminals are running rampant across the world’s digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among […]
New security tool lets you bypass SSL errors
Endpoint-based web and cloud security provider Dope Security has launched a new instant secure socket layer (SSL) error resolution feature on its secure web gateway (SWG) offering, Dope.swg. The new feature is added to simplify SSL inspection conducted by Dope’s SWG and helps admins bypass SSL errors generated as a result of the inspection. “Dope’s […]
General Dynamics IT takes multicloud strategy to the next level
These days, to serve the backbone corporate needs for more than 100,000 employees globally means betting big on the cloud. That’s what James Hannah, SVP and global CIO of General Dynamics Information Technology, has done in partnership with the Reston, Va.-based aerospace and defense contractor’s 10 business units, each of which has its own CIO […]
Brightly Software Notifying 3 Million SchoolDude Users of Data Breach
Brightly Software has started informing roughly three million users that their personal information was compromised in a recent data breach. The post Brightly Software Notifying 3 Million SchoolDude Users of Data Breach appeared first on SecurityWeek.
Hackers exploit WordPress vulnerability within hours of PoC exploit release
Threat actors have started exploiting a recently disclosed vulnerability in WordPress, within 24 hours of the proof-of-concept (PoC) exploit being published by the company, according to a blog by Akamai. The high-severity vulnerability, CVE-2023-30777 that affects the WordPress Advanced Custom Fields plugin, was identified by a Patchstack researcher on May 2. To read this article in full, please […]
UK NCSC, ICO debunk 6 cyberattack reporting myths
The UK National Cyber Security Centre (NCSC) and the UK’s data protection regulator the Information Commissioner’s Office (ICO) have published a rare joint article dispelling several myths about cyberattack reporting to tackle the problem of unreported data breaches. The pair argued that, while businesses may be tempted to hide data breaches to avoid negative scrutiny, […]
Discord Informs Users of Data Breach Involving Customer Support Provider
Communications and social platform Discord is notifying users of a cyber incident involving a third-party services provider. The post Discord Informs Users of Data Breach Involving Customer Support Provider appeared first on SecurityWeek.
Top business needs driving IT spending today
After years of prioritizing digital transformation and focusing on innovation, many CIOs are reporting that their No. 1 goal now is supporting operational efficiency. CIO.com’s 2023 State of the CIO report, its 22nd such annual survey, showed that more CIOs today are seeing improved operational efficiency as the top imperative. Some 45% of respondents listed […]
Computer vision transforms tennis coaching at Billie Jean King Cup
With centuries of tradition behind it, tennis as a sport has been highly resistant to change. Other sports have been quick to embrace the use of data and analytics to transform how athletes are recruited, trained, and prepped for competitions, how they adjust to changing circumstances during play, and how they break down successes and […]
WordPress Field Builder Plugin Vulnerability Exploited in Attacks Two Days After Patch
PoC exploit targeting an XSS vulnerability in the Advanced Custom Fields WordPress plugin started being used in malicious attacks two days after patch. The post WordPress Field Builder Plugin Vulnerability Exploited in Attacks Two Days After Patch appeared first on SecurityWeek.
PharMerica Discloses Data Breach Impacting 5.8 Million Individuals
The personal information of more than 5.8 million was compromised in a data breach at national pharmacy network PharMerica. The post PharMerica Discloses Data Breach Impacting 5.8 Million Individuals appeared first on SecurityWeek.
Capita Cyberattack Hits UK Pension Funds
The recent ransomware attack on Capita may impact millions of customers of hundreds of pension funds in the UK. The post Capita Cyberattack Hits UK Pension Funds appeared first on SecurityWeek.
Insured companies more likely to be ransomware victims, sometimes more than once
Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers. Back in 2019, fewer than 20% of enterprises suffered repeat ransomware attacks, while during the pandemic, the percentage rose to around […]
Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades
The Philadelphia Inquirer experienced the most significant disruption to its operations in 27 years due to a cyberattack on Sunday, May 14, 2023. The post Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades appeared first on SecurityWeek.
CISA: Several Old Linux Vulnerabilities Exploited in Attacks
Several old Linux vulnerabilities for which there are no public reports of malicious exploitation have been added to CISA’s KEV catalog. The post CISA: Several Old Linux Vulnerabilities Exploited in Attacks appeared first on SecurityWeek.
Dialog Enterprise: keeping the data of Sri Lanka’s enterprises safe and sovereign
Offering an extensive portfolio of ICT solutions and services in conjunction with its high-available data centers, fastest broadband internet and telecommunications networks for consumers and businesses, Dialog Enterprise is one of the most trusted information and communication technology brands in Asia. Now it is also the first provider in Sri Lanka to earn the VMware […]
Igniting Innovation in Singapore: The CIO view
Following almost 3 years of enabling remote working, securing business operations and enhancing productivity levels, forward-thinking CIOs are stepping up to spearhead transformation agendas in Singapore. Leveraging a once-in-a-career opportunity, IT leaders are building new strategies to accelerate the potential of digital, mirroring boardroom ambitions to create competitive differentiation in 2023 and beyond. According to […]
Executive Fired From TikTok’s Chinese Owner Says Beijing Had access to App Data in Termination Suit
Former TikTok executive said China government officials maintained access to all company data, including information stored in the United States. The post Executive Fired From TikTok’s Chinese Owner Says Beijing Had access to App Data in Termination Suit appeared first on SecurityWeek.
Generative AI & data: Potential in cybersecurity if the risks can be curtailed
Artificial intelligence (AI) in 2023 feels a bit like déjà vu to me. Back in 2001, as I was just entering the venture industry, I remember the typical VC reaction to a start-up pitch was, “Can’t Microsoft replicate your product with 20 people and a few months of effort, given the resources they have?” Today, […]
Toyota: Data on More Than 2 million Vehicles in Japan Were at Risk in Decade-Long Breach
A decade-long data breach in Toyota’s online service put some information on more than 2 million vehicles at risk. The post Toyota: Data on More Than 2 million Vehicles in Japan Were at Risk in Decade-Long Breach appeared first on SecurityWeek.
WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers
A vulnerability in a WordPress plugin exposed the official website of sports car maker Ferrari to hacker attacks. The post WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers appeared first on SecurityWeek.
Spain Arrests Hackers in Crackdown on Major Criminal Organization
Spanish authorities have announced the arrest of 40 individuals for their roles in a group involved in bank fraud, identity theft, and money laundering. The post Spain Arrests Hackers in Crackdown on Major Criminal Organization appeared first on SecurityWeek.
Leaked Babuk Code Fuels New Wave of VMware ESXi Ransomware
SentinelOne sees multiple threat groups adopting the leaked Babuk source code to build their own VMware ESXi lockers. The post Leaked Babuk Code Fuels New Wave of VMware ESXi Ransomware appeared first on SecurityWeek.
Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products
Rockwell Automation customers have been informed about potentially serious vulnerabilities in several products, shortly after news of an investigation into the firm’s China operations. The post Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products appeared first on SecurityWeek.
Keeping IT ahead in a game when rules keep changing
IT leaders today are facing more challenges than ever before. As you look to shape your winning strategies, the rules of the game keep changing. Environments are more dispersed and dynamic, with attack surfaces and vectors expanding, and new threats emerging. Applications are no longer confined to desktops and devices but are spread across multiple […]
CISA, FBI: Ransomware Gang Exploited PaperCut Flaw Against Education Facilities
CISA and FBI have observed a ransomware gang exploiting a recent PaperCut vulnerability in attacks targeting the education facilities subsector. The post CISA, FBI: Ransomware Gang Exploited PaperCut Flaw Against Education Facilities appeared first on SecurityWeek.
France Punishes Clearview AI For Failing To Pay Fine
France’s privacy watchdog doled out further penalties to US firm Clearview AI for failing to pay a 20-million-euro fine imposed last year over data breaches. The post France Punishes Clearview AI For Failing To Pay Fine appeared first on SecurityWeek.
Australian Enterprise Software Maker TechnologyOne Resumes Trading Following Hack
Australian enterprise software maker TechnologyOne said its internal Microsoft 365 system was compromised in a cyberattack. The post Australian Enterprise Software Maker TechnologyOne Resumes Trading Following Hack appeared first on SecurityWeek.
Fraport goes all in on private 5G network
There were a multitude of reasons for Fraport AG, the operating company of Germany’s largest airport in Frankfurt, to build one of the largest European private 5G campus networks: automation, autonomous driving, localization of devices, and processing data in real time. Or as Fraport SVP of IT infrastructure Fritz Oswald puts it: “We definitely see 5G as […]
1 Million WordPress Sites Impacted by Exploited Plugin Vulnerability
Exploitation of a critical vulnerability in the Essential Addons for Elementor WordPress plugin started immediately after a patch was released. The post 1 Million WordPress Sites Impacted by Exploited Plugin Vulnerability appeared first on SecurityWeek.
Secure Messaging Arrives on Twitter – Sort of. ‘Don’t Trust It Yet,’ Musk Warns
Twitter launched encrypted messaging, offering select users the ability to communicate more securely. But its new service is much more of a baby step than a giant leap forward. The post Secure Messaging Arrives on Twitter – Sort of. ‘Don’t Trust It Yet,’ Musk Warns appeared first on SecurityWeek.
Israeli threat group uses fake company acquisitions in CEO fraud schemes
A group of cybercriminals based in Israel has launched more than 350 business email compromise (BEC) campaigns over the past two years, targeting large multinational companies from around the world. The group stands out with some of the techniques it uses, including email display name spoofing and multiple fake personas in the email chains, and […]
This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT
Yhe convergence of networking and security, the consolidation of technology vendors, and a focus on OT security are essential underpinnings of any organization’s success. The post This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT appeared first on SecurityWeek.
US Probing Cybersecurity Risks of Rockwell Automation’s China Operations: Report
US government investigating whether the Chinese operations of industrial giant Rockwell Automation pose a cybersecurity risk to critical infrastructure. The post US Probing Cybersecurity Risks of Rockwell Automation’s China Operations: Report appeared first on SecurityWeek.
Generative AI Will Transform Software Development. Are You Ready?
If you believe the hype, generative AI has the potential to transform how we work and play with digital technologies. Today’s eye-popping text-and-image generating classes of AI capture most of the limelight, but this newfangled automation is also coming to software development. It is too soon to say what impact this emerging class of code-generating […]
Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers
Claroty has disclosed the details of 5 vulnerabilities that can be chained in an exploit allowing unauthenticated attackers to hack Netgear routers. The post Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers appeared first on SecurityWeek.
OpenSSF Receives $5 Million for Open Source Software Security Project
OpenSSF has added four new members and is receiving $5 million in funding for its Alpha-Omega open source software security project. The post OpenSSF Receives $5 Million for Open Source Software Security Project appeared first on SecurityWeek.
New ‘Greatness’ Phishing-as-a-Service Targets Microsoft 365 Accounts
A new phishing-as-a-service (PaaS) tool has been observed targeting businesses, mainly in the manufacturing, healthcare, technology, and real estate sectors. The post New ‘Greatness’ Phishing-as-a-Service Targets Microsoft 365 Accounts appeared first on SecurityWeek.
Mass Event Will Let Hackers Test Limits of AI Technology
ChatGPT maker OpenAI, and other major AI providers such as Google and Microsoft, are coordinating with the Biden administration to let thousands of hackers take a shot at testing the limits of their technology. The post Mass Event Will Let Hackers Test Limits of AI Technology appeared first on SecurityWeek.
Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison
Nickolas Sharp, the former Ubiquiti employee who posed as a hacker and attempted to extort the firm for $2 million, was sentenced to prison. The post Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison appeared first on SecurityWeek.
New DownEx malware campaign targets Central Asia
A previously undocumented malware campaign called DownEx has been observed actively targeting government institutions in Central Asia for cyberespionage, according to a report by Bitdefender. The first instance of the malware was detected in 2022 in a highly targeted attack aimed at exfiltrating data from foreign government institutions in Kazakhstan. Researchers observed another attack in Afghanistan. To read this […]
Senators Push Overhaul of Classification Rules After Trump, Biden Cases
Senators introduce bill to reform security classification system in the US to prevent mishandling of classified information and promote better use of intelligence. The post Senators Push Overhaul of Classification Rules After Trump, Biden Cases appeared first on SecurityWeek.
Google Improves Android Security With New APIs
Google is improving Android security with new Safe Browsing real-time API, credential manager jetpack API, and new SDK API for developers. The post Google Improves Android Security With New APIs appeared first on SecurityWeek.
Microsoft Makes Second Attempt to Patch Recent Outlook Zero-Day
Microsoft has rolled out patches for a vulnerability allowing attackers to bypass mitigations for a critical Outlook zero-day leading to credentials theft. The post Microsoft Makes Second Attempt to Patch Recent Outlook Zero-Day appeared first on SecurityWeek.
Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches
Judge refuses to dismiss shareholder lawsuit alleging that Facebook violated the law and fiduciary duties in failing for years to protect user data privacy. The post Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches appeared first on SecurityWeek.
10 highest-paying IT skills for 2023
Digital transformation is at the forefront of every modern business strategy, whether it’s adopting the cloud, improving and updating IT infrastructure, or developing data and analytics strategy to drive decision-making. Companies are interested in hiring seasoned pros who have a strong working knowledge of the skills they need to accomplish technology and business goals. According […]
How data science gives Games 24×7 a hyperpersonalized edge
India-based Games24x7, a digital-first company, believes that “the best gaming experiences are created at the intersection of entertainment and science.” With a portfolio spanning skill games (RummyCircle), fantasy sports (My11Circle), and casual games (U Games), the company banks firmly on technology to build a highly scalable gaming infrastructure that serves more than 100 million registered […]
CIO-turned-CEO Kevin Hart on developing successful IT leaders
Kevin Hart was named chief executive officer of Segra, one of the nation’s largest independent fiber network companies, following an 11-year tenure as executive vice president and chief product and technology officer for Cox Communications. Hart’s journey from CIO to CEO is a story of intention and grit, with an equal focus on lifting others […]
The 6 best password managers for business
What’s a password manager? A password manager is a program that stores passwords and logins for various sites and apps, and generates new strong passwords when a user needs to change an old one or create a new account. Users can sign into a password manager with a single strong password or by using biometrics, […]
Ready Players Win: Leaders of the Future Enterprise
In the face of structural change and rampant crises, the world—and the technologies reshaping it—is experiencing a drastic shift. Even the very nature of disruption is evolving, with challenges such as talent gaps and inflationary pressures frequently demanding our immediate attention. To outpace these events, CIOs need to leverage resilience capabilities as a competitive advantage. […]
ChatGPT disruption: AI’s evolving vision renews need for trusted, governed data
Access to artificial intelligence (AI) and the drive for adoption by organizations is more prevalent now than it’s ever been, yet many companies are struggling with how to manage data and the overall process. As companies open this “pandora’s box” of new capabilities, they must be prepared to manage data inputs and outputs in secure […]
Dell pushes security, devops integration in storage updates
The company’s latest storage updates include Ansible and Terraform integration, zero trust readiness and security, and an array of incremental enhancements.
Microsoft fixes bypass for critical Outlook zero-click flaw patch
Microsoft fixed a new vulnerability this week that could be used to bypass defenses the company put in place in March for a critical vulnerability in Outlook that Russian cyberspies exploited in the wild. That vulnerability allowed attackers to steal NTLM hashes by simply sending specifically crafted emails to Outlook users. The exploit requires no […]
Google Now Lets US Users Search Dark Web for Their Gmail ID
Google is now letting Gmail users in the US run scans to learn whether their Gmail ID appears on the dark web. The post Google Now Lets US Users Search Dark Web for Their Gmail ID appeared first on SecurityWeek.
Equifax Releases Security and Privacy Controls Framework
Equifax released its security and privacy controls framework to provide a public blueprint to help organizations to build or enhance their own cybersecurity programs. The post Equifax Releases Security and Privacy Controls Framework appeared first on SecurityWeek.
IBM unveils end-to-end, quantum-safe tools to secure business, government data
Technology giant IBM has debuted a new set of tools and capabilities designed as an end-to-end, quantum-safe solution to secure organizations and governmental agencies as they head toward the post-quantum computing era. Announced at its annual Think conference in Orlando, Florida, Quantum Safe technology combines expertise across cryptography and critical infrastructure to address the potential […]
Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme
ICS cybersecurity vendor Dragos discloses breach and data theft but says ransomware group failed at elaborate extortion scheme. The post Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme appeared first on SecurityWeek.
Appeals Court Sides With Corellium in Apple Copyright Case
US appeals court sides with Corellium in the copyright infringement lawsuit filed by Apple against the company over its security research tools. The post Appeals Court Sides With Corellium in Apple Copyright Case appeared first on SecurityWeek.
On the cutting edge: Celebrating 30 years of technological innovation and leadership at Thoughtworks
This May, Thoughtworks is proud to celebrate 30 years of helping their clients across the world to build the modern digital businesses of the future through the application of strategy, technology and design. Since launching in 1993, Thoughtworks is now over 12,500 people strong with 50 offices in 18 countries. Thirty years of leadership in […]
AI push or pause: CIOs speak out on the best path forward
With the AI hype cycle and subsequent backlash both in full swing, IT leaders find themselves at a tenuous inflection point regarding use of artificial intelligence in the enterprise. Following stern warnings from Elon Musk and revered AI pioneer Geoffrey Hinton, who recently left Google and is broadcasting AI’s risks and a call to pause, […]
International security agencies warn of Russian “Snake” malware threat
Security agencies from five countries have issued a joint advisory revealing technical details about a sophisticated espionage tool used by Russian cyber actors against their targets. “Snake malware” and its variants have been a core component in Russian espionage operations carried out by Center 16 of Russia’s Federal Security Service (FSB) for nearly two decades, […]
SquareX Raises $6 Million for Browser Security Product
SquareX emerges from stealth mode with $6 million in seed funding for the development of its security-focused browser extension. The post SquareX Raises $6 Million for Browser Security Product appeared first on SecurityWeek.
Take a pizza chain, add SAP, and bake for ongoing success
When MOD Pizza opened in 2008, customers had a chance to get a taste of something different. MOD, which stands for “Made on Demand,” offers customizable, artisan pizzas, giving customers a choice of more than 40 toppings with various sauces, and customizable salads —delivered superfast. MOD in America But pizza (and salads) alone isn’t what separates […]
Webb Raises $7 Million for Blockchain Asset Transfer Privacy System
Blockchain company Webb Technologies has raised $7 million in seed funding for its privacy tools and protocol. The post Webb Raises $7 Million for Blockchain Asset Transfer Privacy System appeared first on SecurityWeek.
IBM Delivers Roadmap for Transition to Quantum-safe Cryptography
IBM’s Quantum Safe Roadmap was designed to help federal agencies and business meet the requirements and the deadlines for quantum safe cryptography. The post IBM Delivers Roadmap for Transition to Quantum-safe Cryptography appeared first on SecurityWeek.
Capita Says Ransomware Attack Will Cost It Up to $25 Million
UK-based Capita says the recent ransomware attack will cost it up to $25 million, but it has not clarified whether that includes a ransom payment to the cybercriminals. The post Capita Says Ransomware Attack Will Cost It Up to $25 Million appeared first on SecurityWeek.
CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief
HP and Dell Technologies are two of the world’s largest international computer manufacturers. Their CISOs, Joanna Burkey (HP) and Kevin Cross (Dell), both manage security teams comprising many hundreds of people, and are responsible for corporate security across multiple jurisdictions. The role of CISO is different for a multinational corporation compared to a national company. […]
SAP Patches Critical Vulnerabilities With May 2023 Security Updates
SAP released 18 new security notes on May 2023 Security Patch Day, including two that resolve critical vulnerabilities in 3D Visual Enterprise License Manager and BusinessObjects. The post SAP Patches Critical Vulnerabilities With May 2023 Security Updates appeared first on SecurityWeek.
Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities
Intel and AMD have informed their customers about a total of more than 100 vulnerabilities found in their products. The post Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities appeared first on SecurityWeek.
Evil digital twins and other risks: the use of twins opens up a host of new security concerns
The use of digital twins — virtual representations of actual or envisioned real-world objects — is growing. Their uses are multifold and can be incredibly helpful, providing real-time models of physical assets or even people or biological systems that can help identify problems as or even before they occur. Grand View Research has predicted that […]
Make them pay: Hackers devise new tactics to ensure ransomware payment
Ransomware remains one of the biggest cyber threats that organizations and governments continue to face. However, hackers are engineering new ways to extract ransom from their victims as organizations take a conscious call to decline ransom payment demands. With the fall of the most notorious ransomware gang Conti in May 2022, it was assumed that ransomware […]
Twitter Celebrity Hacker Pleads Guilty in US
Joseph James O’Connor pleaded guilty for his role in schemes to hack the Twitter accounts of celebrities like Barack Obama and Elon Musk. The post Twitter Celebrity Hacker Pleads Guilty in US appeared first on SecurityWeek.
How Novanta’s CIO mobilized its data-driven transformation
With headquarters in Boston and over 2,700 employees worldwide, Novanta is an $800 million global supplier of laser photonics, precision motion control, and vision technologies. CIO Sarah Betadam, who joined in 2019 as VP of business applications, and then became global CIO in January 2021, is tasked with the strategic direction, leadership, and implementation of […]
How to modernize and accelerate mainframe application development
The mainframe may seem like a relic of a day gone by, but truth be told, it’s still integral. According to the Rocket Software Survey Report 2022: The State of the Mainframe, four out of five IT professionals see the mainframe as critical to business success. At the same time, innovation and modernization are imperative […]
Tableau GPT brings generative AI to Salesforce data analytics suite
Salesforce’s business intelligence platform, Tableau, is getting generative AI features in the form of Tableau GPT, built on the company’s proprietary Einstein GPT AI engine, which has also been integrated into other products such as Slack. “Tableau GPT can enhance and automate things like analyzing data, exploring it, sharing it, consuming it. The generative AI […]
Microsoft Patch Tuesday: 40 Vulnerabilities, 2 Zero-Days
Microsoft’s May 2023 security updates address a total of 40 newly documented vulnerabilities, including two flaws already exploited in attacks. The post Microsoft Patch Tuesday: 40 Vulnerabilities, 2 Zero-Days appeared first on SecurityWeek.
Cybersecurity stress returns after a brief calm: ProofPoint report
Global cybersecurity concerns are returning to pandemic levels as 68% of CISOs from 16 countries said they fear a cyberattack in the next 12 months, according to a ProofPoint survey. “With the disruption of the pandemic now largely behind us, the return to normal operations may imply that CISOs can breathe easier, but the opposite […]
US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware
The US government has announced the disruption of Snake, a sophisticated cyberespionage malware officially attributed to a unit of Russia’s FSB agency. The post US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware appeared first on SecurityWeek.
GitHub Secret-Blocking Feature Now Generally Available
GitHub makes push protection generally available to warn developers whenever they include a secret in a commit. The post GitHub Secret-Blocking Feature Now Generally Available appeared first on SecurityWeek.
The promise, peril, and potential of the metaverse
We see the metaverse as an intersection of immersive experiences across the augmented reality (AR) and virtual reality (VR) spectrums. Businesses can use it, as many already are, to enrich experiences, products, and services with virtual overlays for navigation and context. Others are creating new, fully immersive environments and finding a way to engage customers […]
Adobe Patches 14 Vulnerabilities in Substance 3D Painter
Adobe has patched more than a dozen vulnerabilities, including critical code execution flaws, in its Substance 3D Painter product. The post Adobe Patches 14 Vulnerabilities in Substance 3D Painter appeared first on SecurityWeek.
Brewing up a perfect blend of experiences for your customers
What can you learn from a cup of coffee? A single cup might seem trivial in terms of its impact on the overall business. But capture that cup with a smart camera, track it, apply analytics—and voilà! Suddenly, for the coffee shop, that beverage becomes an opportunity to gain insights to deliver better experiences for […]
A data-driven approach to customer success — your new growth engine
In today’s challenging economy, customer expectations are high, patience is low, and attention is at a premium. Your customers demand a seamless experience with your products and services, with easy access to detailed, helpful self-service support options. So how do you stay ahead of ever-increasing customer demands? Data. Harnessing numerous customer data points, often scattered […]
ICS Patch Tuesday: Siemens, Schneider Electric Address Few Dozen Vulnerabilities
Siemens and Schneider Electric’s Patch Tuesday advisories for May 2023 address a few dozen vulnerabilities found in their products. The post ICS Patch Tuesday: Siemens, Schneider Electric Address Few Dozen Vulnerabilities appeared first on SecurityWeek.
Malwarebytes releases Mobile Security for OneView to secure Chromebooks, Android, iOS devices
Endpoint security vendor Malwarebytes has announced the release of Mobile Security for OneView to enable managed service providers (MSPs) to protect Chromebooks, Android, and iOS devices against mobile threats such as ransomware and malicious apps. MSPs can now use the Malwarebytes OneView platform to monitor their customers’ mobile phones and tablets alongside their servers, workstations, […]
DigiCert’s DigiCert ONE platform now available on Oracle Cloud Infrastructure
Digital trust firm DigiCert has announced a partnership with Oracle to make DigiCert ONE available on Oracle Cloud Infrastructure (OCI). DigiCert ONE is a cloud-native SaaS platform that secures and centrally manages users, devices, servers, documents, and software. Companies use OCI for various functions including secure infrastructure, application, and workload management. The partnership makes DigiCert […]
Nebulon's TripLine offers ransomware encryption protection for on-prem systems
Smart infrastructure provider Nebulon today announced the immediate availability of TripLine, an early warning system for cryptographically based ransomware attacks on on-premises systems. It’s designed to quickly identify the precise time and system location where an attack has occurred. Nebulon said that the new service uses two techniques to achieve this aim. The first is […]
Majority of US, UK CISOs unable to protect company 'secrets': Report
About 52% of chief information and security officers (CISOs) in the US and UK organizations are unable to fully secure their company secrets, according to a report by code security platform GitGuardian. The report pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs […]
Data Protection Startup Optery Raises $2.7 Million in Seed Funding
Data protection startup Optery has raised $2.7 million in a seed funding round led by Bayhouse Capital. The post Data Protection Startup Optery Raises $2.7 Million in Seed Funding appeared first on SecurityWeek.
In Global Rush to Regulate AI, Europe Set to Be Trailblazer
Europe is set to be the trailblazer when it comes to regulating AI such as ChatGPT. The post In Global Rush to Regulate AI, Europe Set to Be Trailblazer appeared first on SecurityWeek.
Microsoft: Iranian APTs Exploiting Recent PaperCut Vulnerability
Microsoft warns that two Iranian state-sponsored groups have adopted exploits targeting a recently patched PaperCut vulnerability. The post Microsoft: Iranian APTs Exploiting Recent PaperCut Vulnerability appeared first on SecurityWeek.
Building Automation System Exploit Brings KNX Security Back in Spotlight
A public exploit targeting building automation systems brings KNX security back into the spotlight, with Schneider Electric releasing a security bulletin. The post Building Automation System Exploit Brings KNX Security Back in Spotlight appeared first on SecurityWeek.
Small- and medium-sized businesses: don’t give up on cybersecurity
In today’s increasingly hostile environment, every enterprise, be they big or small, should be concerned about cybersecurity and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world. Yet time and again, we see small- and medium-sized businesses […]
7 VPN alternatives for securing remote network access
Once the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, it has […]
Why companies with a data-driven culture achieve competitive advantage
In today’s data-driven world, many organizations face major hurdles as they navigate a transformation journey that eliminates silos, unifies data, and transforms it into value. For many, building a culture of innovation remains elusive. IDC’s Future of Intelligence predictions for 2023 show what’s possible when businesses get it right. Top-quartile enterprise intelligence performers are 2.7 […]
Are You Using a Cloud Experience to Boost Business Value?
Like most CIOs you’ve no doubt leaned on ROI, TCO and KPIs to measure the business value of your IT investments. Maybe you’ve even surpassed expectations in each of these yardsticks. Those Three Big Acronyms are still important for fine-tuning your IT operations, but success today is increasingly measured in business outcomes. Put another way: […]
The SBOM Bombshell
SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is not standardized across multiple platforms. The post The SBOM Bombshell appeared first on SecurityWeek.
US Seizes Domains of 13 DDoS-for-Hire Services
US authorities have seized 13 internet domains associated with DDoS-for-hire services. The post US Seizes Domains of 13 DDoS-for-Hire Services appeared first on SecurityWeek.
The one true way to prove IT’s value to your CEO
When I was a CIO, I always dreaded the annual budget season because I knew, somewhere during the process, the CEO, my boss, would ask, “What are we getting for this constantly growing IT department.” It’s a question that keeps most CIOs up at night when asked to defend IT investments, and it’s one all […]
AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability
A DDoS botnet named AndoryuBot has been seen exploiting CVE-2023-25717, a recent remote code execution vulnerability affecting Ruckus access points. The post AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability appeared first on SecurityWeek.
CIO50 Australia 2023 nominations extended
The deadline for nominations in this year’s CIO50 Australia has been extended to Friday, May 19. Now in its eight year, the annual CIO50 Awards will be held as part of the CIO50 Symposium & Awards on June 27 at the ICC in Sydney. This flagship awards program from CIO Australia is open to senior […]
Dow turns to AI to accelerate chemical search
For chemists, finding just the right molecule for a particular application can be like searching for a needle in a haystack. With several million compounds to choose from, chemists often must resort to intuition when trying to solve complex problems around chemical processes. US multinational Dow Chemical was working with a pulp and paper manufacturer […]
New ransomware group CACTUS abuses remote management tools for persistence
A cybercriminal group has been compromising enterprise networks for the past two months and has been deploying a new ransomware program that researchers dubbed CACTUS. In the attacks seen so far the attackers gained access by exploiting known vulnerabilities in VPN appliances, moved laterally to other systems, and deployed legitimate remote monitoring and management (RMM) […]
Elevating Wi-Fi Security and Connectivity with Passpoint: A Strategic Focus for CIOs
As campus networks continue to evolve, CIOs face a new hurdle in ensuring top-notch security measures. The importance of Wi-Fi technology cannot be understated as visitors and employees rely on it for seamless connectivity while on campus. However, CIOs and their teams are challenged with not only addressing security threats but also troubleshooting an extensive […]
How to Make the Quantum (Computing) Leap
If you’ve been reading a lot about quantum computing recently, you likely have a few questions. Some of those questions may be about how quantum computing works. After all, it is very different from other kinds of computing. (You can learn a little about the basics in the recent CIO article Are you ready for quantum computing?) […]
Google Releases Open Source Bazel Plugin for Container Image Security
Google announces the general availability of ‘rules_oci’ Bazel plugin to improve the security of container images. The post Google Releases Open Source Bazel Plugin for Container Image Security appeared first on SecurityWeek.
Ransomware Group Claims Attack on Constellation Software
The Alphv/BlackCat ransomware group claims to have stolen more than 1TB of data from Constellation Software. The post Ransomware Group Claims Attack on Constellation Software appeared first on SecurityWeek.
Review your on-prem ADCS infrastructure before attackers do it for you
Attackers love to find weak spots in our domains and networks. Too often, they can enter systems to lie in wait and launch attacks at a later time. A case in point is the infamous SolarWinds software attack, which infected up to nine US agencies and many organizations with backdoors into their infrastructure. Recent investigations […]
Esteemed UK academy proves innovation without disruption is possible
Kettering Buccleuch Academy (KBA) takes pride in offering a fantastic experience for everyone who contributes to school life, from students and parents to teaching staff and management. The mixed all-through school – praised for its amazing staff, motivational lessons, and supportive community – is the first in its county to achieve all eight Gatsby benchmarks […]
Vulnerability in Field Builder Plugin Exposes Over 2M WordPress Sites to Attacks
An XSS vulnerability in the Advanced Custom Fields WordPress plugin exposes more than 2 million sites to attacks. The post Vulnerability in Field Builder Plugin Exposes Over 2M WordPress Sites to Attacks appeared first on SecurityWeek.
Private Tweets Exposed Due to Twitter Circle Security Bug
Twitter is informing users that tweets posted to their Circle may have been seen by individuals outside the Circle. The post Private Tweets Exposed Due to Twitter Circle Security Bug appeared first on SecurityWeek.
1 Million Impacted by Data Breach at NextGen Healthcare
NextGen Healthcare is informing roughly 1 million individuals that their personal information was compromised in a data breach. The post 1 Million Impacted by Data Breach at NextGen Healthcare appeared first on SecurityWeek.
$1.1M Paid to Resolve Ransomware Attack on California County
A $1.1 million payment was made to resolve a ransomware attack on San Bernardino county’s law enforcement computer network. The post $1.1M Paid to Resolve Ransomware Attack on California County appeared first on SecurityWeek.
Smart UPS Connectivity: what it is and why you need it
The electricity supply in Australia, New Zealand and Singapore is very reliable, much more so than in many countries in East Asia, but outages do occur, and the shift to renewables is increasing the risk, as are more extreme weather events. Also, there can be other problems about which the average user would be unaware: […]
9 upskilling tips that pay dividends
Upskilling has moved from what once was viewed as an employment perk to a mandate. Even with tech layoffs and uncertain economic times, the IT labor market remains hypercompetitive and organizations cannot afford not to invest in training existing staff. Forty-one percent of CIOs reported plans to increase investment in training programs to reskill IT […]
Western Digital Confirms Ransomware Group Stole Customer Information
Western Digital has confirmed that a ransomware group has stolen customer and other information from its systems. The post Western Digital Confirms Ransomware Group Stole Customer Information appeared first on SecurityWeek.
NZ losing out on opportunity to outsource
Most New Zealand enterprises are not leveraging offshore tech skills to plug gaps, according to a new report from the University of Auckland’s Centre of Digital Enterprise. Professor Ilan Oshri from the Centre of Digital Enterprise (CODE) which is part of the University of Auckland’s Business School, has launched The Current and Future State of […]
Fletcher Building CIO’s blueprint to digitally transform
“You can never drive the car looking through the rearview mirror,” says Joe Locandro, CIO of Fletcher Building, one of Australasia’s largest building materials supplier. “As CIO, you have to keep looking ahead and feel comfortable in backing yourself. That’s the difference between being CIO and an IT manager—one is responsible for getting things done, […]
Green Clouds Ahead: Cloudist sees a new sustainable future ahead for the Nordic region’s managed service providers
Headquartered in Malmö, Sweden, Cloudist AB is on a mission to help managed service providers embrace the transformative potential of the cloud. But Robert Brink, the company’s cloud architect, notes there is a caveat. “We want our customers to be able to provide their clients with high-performance cloud services from the Nordic region’s most secure […]
Rebalancing through re-calibration
“We have to walk a new path with our clients,” says Kamal Nath, CEO of Sify, who shed light on the ways of working closely on the complexities pre-pandemic and how we are heading into a new post-pandemic era. He focuses on the strategic insights into how businesses would operate in the future. “Building new […]
Learn from IT Thought Leaders at FutureIT D.C.
The mouthwatering aromas and Instagram-worthy food coming from Chef Edward Lee’s kitchens are a far cry from the virtual worlds of IT professionals. And yet both can be high-stress work environments where smart systems and teamwork lead to the best outcomes. Lee has thought a lot about what a modern workplace should look like, and […]
8-10x performance upticks in next-gen infrastructure enable AI workloads
CIOs and IT leaders call it the most disruptive technology yet, and now it’s moving rapidly into the mainstream. Artificial intelligence (AI), an increasingly crucial piece of the technology landscape, has arrived. More than 91 percent of businesses surveyed have ongoing — and increasing — investments in artificial intelligence. Deploying AI workloads at speed and scale, however, requires software and hardware […]
Azure API Management flaws highlight server-side request forgery risks in API development
Microsoft recently patched three vulnerabilities in its Azure API Management service, two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal Azure assets. The proof-of-concept exploits serve to highlight common errors that developers could make when trying to implement blacklist-based restrictions for their own APIs and services. Web […]
Orca integrates cloud app security platform with GPT-4
Agentless cloud security provider Orca Security has integrated Microsoft Azure OpenAI GPT-4 into its cloud-native application protection platform (CNAPP) under the ChatGPT implementation program that the cybersecurity company started earlier this year. “With our transition to Azure OpenAI, our customers benefit from the security, reliability, and enterprise level support that Microsoft provides,” said Avi Shua, […]
How No-Code/Low-Code Solutions Help IT Organizations Evolve
When it comes to application development, many companies are pursuing no-code and low-code solutions to stay competitive. No-code and low-code solutions require less coding expertise, making application development accessible to more employees and enabling IT staff to focus on more strategic initiatives. They also give end users flexibility and control — all of which is […]
We Are Innovation
By Ram Velaga, Senior Vice President and General Manager, Core Switching Group As Thomas Edison said, “The value of an idea lies in the using of it,” and I very much believe that innovation without execution is just another idea. As I recently discussed with Pat Moorhead and Dan Newman during a Six Five […]
Microsoft patches 3 vulnerabilities in Azure API Management
Microsoft has patched three new vulnerabilities in the Azure API Management service which includes two Server-Side Request Forgery (SSRF) vulnerabilities and a file upload path traversal on an internal Azure workload, according to cybersecurity firm Ermetic. The vulnerabilities were achieved through url formatting bypasses and an unrestricted file upload functionality in the API Management developer […]
Pro-Russian Hackers Claim Downing of French Senate Website
The French Senate’s website was offline on Friday after pro-Russian hackers claimed to have taken it down, in just the latest such cyberattack since Russia invaded Ukraine last year. The post Pro-Russian Hackers Claim Downing of French Senate Website appeared first on SecurityWeek.
New Android Trojans Infected Many Devices in Asia via Google Play, Phishing
The recently identified Fleckpe Android trojan has infected over 600,000 users in Southeast Asia via Google Play. The post New Android Trojans Infected Many Devices in Asia via Google Play, Phishing appeared first on SecurityWeek.
Google Launches New Cybersecurity Analyst Training Program
Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google. The post Google Launches New Cybersecurity Analyst Training Program appeared first on SecurityWeek.
Fortinet Patches High-Severity Vulnerabilities in FortiADC, FortiOS
Fortinet has released patches for two high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy. The post Fortinet Patches High-Severity Vulnerabilities in FortiADC, FortiOS appeared first on SecurityWeek.
Google launches entry-level cybersecurity certificate to teach threat detection skills
Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior […]
The Merck appeal: cyber insurance and the definition of war
Pharmaceutical firm Merck recently won an appeal that could mean its insurers will have to pay up on a $1.4-billion judgment related to the NotPetya cyberattack in 2017. The New Jersey appellate division judges hearing the appeal judge noted that the plain definition of war applies to the various insurance policies and that a cyberattack […]
Biden, Harris Meet With CEOs About AI Risks
Vice President Kamala Harris met with the heads of companies developing AI as the Biden administration rolls out initiatives to ensure the technology improves lives without putting people’s rights and safety at risk. The post Biden, Harris Meet With CEOs About AI Risks appeared first on SecurityWeek.
Azure API Management Vulnerabilities Allowed Unauthorized Access
Three vulnerabilities in the Azure API Management service could be exploited for internal asset access, DoS, firewall bypass, and the upload of malicious files. The post Azure API Management Vulnerabilities Allowed Unauthorized Access appeared first on SecurityWeek.
Vulnerability Could Have Been Exploited for ‘Unlimited’ Free Credit on OpenAI Accounts
A vulnerability in OpenAI’s account validation allowed anyone to obtain virtually unlimited free credit by registering new accounts with the same phone number. The post Vulnerability Could Have Been Exploited for ‘Unlimited’ Free Credit on OpenAI Accounts appeared first on SecurityWeek.
Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid
Siemens recently patched a critical vulnerability affecting some of its energy ICS devices that could allow hackers to destabilize a power grid. The post Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid appeared first on SecurityWeek.
CarMax drives business value with GPT-3.5
Generative AI such as ChatGPT has of late captured the imagination of business leaders across industries. While enterprise IT orgs by and large are taking a measured approach, some early movers are showing impressive results. CarMax’s IT team, for one, has been working with Microsoft and OpenAI to leverage GPT-3.x for business value even before […]
Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor
Google’s latest Android security updates patch over 40 vulnerabilities, including CVE-2023-0266, a kernel flaw exploited as a zero-day by a spyware vendor. The post Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor appeared first on SecurityWeek.
Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up
Former Uber security chief Joe Sullivan was sentenced to probation and community service for covering up the data breach suffered by the ride-sharing giant in 2016. The post Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up appeared first on SecurityWeek.
Improving Data Security, Privacy, and Compliance with Sovereign Cloud
In the first use case of this series, Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud, we looked at what data sovereignty is, why it’s important, and how sovereign clouds solve for jurisdictional control issues. Now let’s take a closer look at how data privacy and sovereignty regulations are driving security, […]
Patch manager Action1 to add vulnerability discovery, prioritization
Cloud-native, patch-management application provider Action1 is set to add vulnerability discovery and prioritization capabilities to its namesake flagship platform to help businesses stay ahead of software exploits. The plan is part of a company strategy to expand beyond its traditional patch management features and add capabilities aimed at enhancing an organization’s resilience to cybersecurity threats. […]
White House unveils AI rules to address safety and privacy
President Biden’s rules are not legally binding, but they do offer guidance and begin a conversation at the national level about real and existential threats posed by generative AI technologies such as ChatGPT.
FutureIT Toronto – Where IDC Analysts and Canadian Tech Leaders Meet
At FutureIT | Toronto, you’ll walk away with insights and tactics that will help your organization no matter where you are in your digital journey. Get ready to ask questions to our experts, participate in discussion groups and learn about modernizing your digital enterprise with cloud, AI and security. Lights. Camera. Action! CIO and IDC present […]
Thinking outside the cloud: bring cloud agility to your entire infrastructure
Cloud technology is a springboard for digital transformation, delivering the business agility and simplicity that are so important to today’s business. Cloud is also a powerful catalyst for improving IT and user experiences, with operating principles such as anywhere access, policy automation, and visibility. The benefits of cloud for the business, for IT operations, and […]
Fraud Detection Startup Moonsense Raises $4.2 Million in Seed Funding
Fraud detection startup Moonsense has raised $4.2 million in a seed funding round co-led by Race Capital and XYZ Ventures. The post Fraud Detection Startup Moonsense Raises $4.2 Million in Seed Funding appeared first on SecurityWeek.
Malware disguised as ChatGPT apps are being used to lure victims, Meta says
Facebook’s parent company, Meta, has issued a warning that hackers are taking advantage of people’s interest in ChatGP and other generative AI applications to trick them into installing malware that pretends to provide AI functionality. Since March, Meta has discovered about 10 malware families using AI themes to compromise business accounts across the internet — including […]
Satori Releases Open Source Data Permissions Scanner for Enterprises
Data security firm Satori has released a free and open source tool designed to help organizations find out who has access to what data and how. The post Satori Releases Open Source Data Permissions Scanner for Enterprises appeared first on SecurityWeek.
Microsoft Expands AI Access to Public
Microsoft expanded public access to its generative artificial intelligence programs, despite fears that tech firms are rushing ahead too quickly with potentially dangerous technology. The post Microsoft Expands AI Access to Public appeared first on SecurityWeek.
Using Threat Intelligence to Get Smarter About Ransomware
Given the crippling effects ransomware has had and indications that these types of attacks aren’t slowing down, it makes sense to look to threat intelligence to help. The post Using Threat Intelligence to Get Smarter About Ransomware appeared first on SecurityWeek.
Meta Swiftly Neutralizes New ‘NodeStealer’ Malware
Meta says it disrupted the new NodeStealer malware, which likely has Vietnamese origins, within weeks after it emerged. The post Meta Swiftly Neutralizes New ‘NodeStealer’ Malware appeared first on SecurityWeek.
The post-quantum cryptography conundrum
Business leaders may have heard of quantum computing, but many are not yet aware of its incipient threat to cryptography and cryptocurrency. When these machines reach a sufficient level of performance, they will be able to easily factor prime numbers, which poses a threat to RSA. Only a few realize that the time to prepare […]
ISTARI, University of Cambridge education program to elevate cyber leaders into business leaders
Cybersecurity advisory firm ISTARI is partnering with the Cambridge Judge Business School (CJBS) at the University of Cambridge to deliver global education aimed at elevating technical cybersecurity leaders into “transformative business leaders.” The Navigator program features four days of in-person learning led by an academic faculty alongside industry-leading experts, the two parties said. The curriculum […]
Cisco Warns of Critical Vulnerability in EoL Phone Adapters
Cisco warns of a critical-severity RCE vulnerability impacting EoL SPA112 2-Port Phone Adapters. The post Cisco Warns of Critical Vulnerability in EoL Phone Adapters appeared first on SecurityWeek.
US Announces Takedown of Card-Checking Service, Charges Against Russian Operator
The US announces charges against Denis Gennadievich Kulkov, the creator and operator of card-checking platform Try2Check since 2005 until it was taken down this week. The post US Announces Takedown of Card-Checking Service, Charges Against Russian Operator appeared first on SecurityWeek.
Harris to Meet With CEOs About Artificial Intelligence Risks
The Biden administration plans to announce an investment of $140 million to establish seven new AI research institutes, administration officials said. The post Harris to Meet With CEOs About Artificial Intelligence Risks appeared first on SecurityWeek.
Apple Releases First-Ever Security Updates for Beats, AirPods Headphones
Apple has released firmware updates for Beats and AirPods to patch a vulnerability that can be exploited to gain access to headphones via a Bluetooth attack. The post Apple Releases First-Ever Security Updates for Beats, AirPods Headphones appeared first on SecurityWeek.
CIOs heed the call for customer-centric IT
Customer experience (CX) has always been vital for the success of any business — and the pandemic has only reinforced its importance. Research from global management consulting company McKinsey shows that organizations enhancing CX can boost sales by up to 7% and profitability by 1% to 2%, while improving overall shareholder returns by 7% to […]
i-Pro Americas goes hands-on with S/4HANA data migration
While mergers and the IT challenges that follow get the attention, there have been some interesting cases of the reverse in recent years. IBM sold off its managed infrastructure business to form Kyndryl; German utility E.ON spun out its gas power activities as Uniper; and most recently, General Motors set up a new subsidiary, BrightDrop, […]
Ransomware Attack Affects Dallas Police, Court Websites
Dallas was hit with a ransomware attack that brought down its Police Department and City Hall websites on May 3rd. The post Ransomware Attack Affects Dallas Police, Court Websites appeared first on SecurityWeek.
Vanta adds new SaaS capability to address growing concerns over vendor security
SaaS-based security and compliance solution provider Vanta has launched a Vendor Risk Management (VRM) offering to help organizations streamline third-party vendor security reviews and due diligence. The company claims that the new offering will automate vendor discovery, vendor assessment, and remediation workflows to significantly reduce the time and cost associated with third-party vendor risk reviews […]
Google rolls out passkey support across accounts on all major platforms
Google has begun rolling out support for passkeys across Google Accounts on all major platforms, adding a new sign-in option that can be used alongside passwords and two-step verification. The tech giant announced passkey availability on the eve of World Password Day as it looks to introduce more secure, reliable sign-in options. The rollout comes […]
ODC-Noord: The Netherland’s northernmost government data center is committed to a zero carbon future
One of four government data centers in the Netherlands, Overheidsdatacenter Noord (ODC-Noord), the northernmost facility of its kind in The Netherlands, is located in the picturesque city of Groningen. With nearly 140 employees, the high-performance data center provides government agencies with mission-critical compute, storage, and networking solutions needed to provide important services to citizens. Offering […]
Court Rules in Favor of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyberattack
Court says insurers must pay Merck for losses related to the Russia-linked NotPetya cyberattack. The post Court Rules in Favor of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyberattack appeared first on SecurityWeek.
Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices
Apple and Google propose new industry specification for Bluetooth location-tracking devices, to prevent unwanted tracking. The post Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices appeared first on SecurityWeek.
Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation
Vulnerabilities in Netgear network management system allow attackers to retrieve cleartext passwords and escalate privileges. The post Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation appeared first on SecurityWeek.
Passkeys Support Added to Google Accounts for Passwordless Sign-Ins
Google has added passkeys support to Google accounts on all major platforms as part of the company’s passwordless sign-in efforts. The post Passkeys Support Added to Google Accounts for Passwordless Sign-Ins appeared first on SecurityWeek.
Attacks increasingly use malicious HTML email attachments
Researchers warn that attackers are relying more on malicious HTML files in their attacks, with malicious files now accounting for half of all HTML attachments sent via email. This rate of malicious HTML prevalence is double compared to what it was last year and doesn’t appear to be the result of mass attack campaigns that […]
BlackCat group releases screenshots of stolen Western Digital data
Ransomware group BlackCat has released a set of screenshots on its leak site that it claims are from data stolen from Western Digital in an April system breach. The images include screenshots of videoconferences and internal emails of the storage device manufacturer, according to a tweet by cybersecurity researcher Dominic Alvieri. The screenshots also included […]
Metal recycling for a better planet
Galloo is a Western European company headquartered in Belgium, founded in 1939 with the noble purpose of processing discarded consumer goods and factory scrap into useful raw materials. Every year, the company gives a second life to more than 1 million tonnes of steel and more than 60,000 tonnes of metals, ensuring an environmental impact […]
Chrome 113 Released With 15 Security Patches
Chrome 113 was released to the stable channel with 15 security fixes, including 10 that address vulnerabilities reported by external researchers. The post Chrome 113 Released With 15 Security Patches appeared first on SecurityWeek.
Hackers Promise AI, Install Malware Instead
Facebook parent Meta warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malware on devices. The post Hackers Promise AI, Install Malware Instead appeared first on SecurityWeek.
Open Banking: A Perfect Storm for Security and Privacy?
Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security expertise or resources, are rushing new products to market. The post Open Banking: A Perfect Storm for Security and Privacy? appeared first on SecurityWeek.
oneM2M IoT security specifications granted ITU approval
The ITU Telecommunication Standardization Sector (ITU-T) has approved a set of security specifications for internet of things (IoT) systems. The oneM2M specifications define a common set of IoT service functions to enable secure data exchange and information interoperability across different vertical sectors, service providers, and use cases. The specifications were approved by more than 190 […]
Skilling up the security team for the AI-dominated era
As artificial intelligence and machine learning models become more firmly woven into the enterprise IT fabric and the cyberattack infrastructure, security teams will need to level up their skills to meet a whole new generation of AI-based cyber risks. Forward-looking CISOs are already being called upon to think about newly emerging risks like generative AI-enabled […]
Chinese APT Uses New ‘Stack Rumbling’ Technique to Disable Security Software
A subgroup of China-linked hacker group APT41 is using a new ‘stack rumbling’ DoS technique to disable security software. The post Chinese APT Uses New ‘Stack Rumbling’ Technique to Disable Security Software appeared first on SecurityWeek.
Exploitation of BGP Implementation Vulnerabilities Can Lead to Disruptions
Open source BGP implementation FRRouting is affected by three vulnerabilities that can be exploited to cause disruption via DoS attacks. The post Exploitation of BGP Implementation Vulnerabilities Can Lead to Disruptions appeared first on SecurityWeek.
9 ways to avoid falling prey to AI washing
In recent months, artificial intelligence has been everyone’s favorite buzzword. Both Silicon Valley startups and Fortune 500 companies see industries revolutionize as AI steadily picks up pace. But excitement, progress, and red flags like AI washing, are developing in equal measure. Some businesses, desperate to get on the gravy train, want to cash in on […]
Digitizing in tough times: ‘Support users, not systems’
The construction industry was one of the first affected by Sweden’s recent economic deterioration, and housing construction has also slowed down over the past year. “We notice the macroeconomic effects with both cost inflation and higher interest rates,” says Peab group CIO Klas Antoni. “That means we generally have an increased cost focus now and are […]
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cybercriminals
Authorities in the US and Ukraine have worked together to shut down nine websites offering cryptocurrency exchange services to cybercriminals. The post US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cybercriminals appeared first on SecurityWeek.
SAP to infuse IBM’s Watson AI engine into its entire portfolio
ERP software provider SAP on Tuesday said it is partnering with IBM to infuse the latter’s Watson artificial intelligence (AI) engine across its entire solutions portfolio, including SAP S/4 HANA, S/4 HANA Cloud, SAP Business One, and SAP Business ByDesign. The move, which is expected to help SAP exploit the natural language processing (NLP) abilities […]
Avoiding the catch-22 of IT outsourcing
The make-versus-buy decision at the heart of any outsourcing proposition is not as black-and-white as many IT leaders think. Keeping IT work insourced versus contracting with a partner organization no longer needs to be a yes or no decision. Over the past two decades, progressive sourcing models have emerged to enable companies to work more […]
Democratizing automation with citizen developers: navigating the pitfalls and opportunities
This article was co-authored by Massimo Pezzini, Head of Research, Future of the Enterprise at Workato. The uncertain economic environment and rapidly evolving technology landscape have pressured organizations to improve efficiency, innovate, and adapt. Citizen developers have emerged as an approach to bridge the gap between technical expertise and domain knowledge. Those self-taught deeply understand […]
Samsung bans staff AI use over data leak concerns
Samsung has reportedly banned employee use of generative AI tools like ChatGPT in a bid to stop transmission of sensitive internal data to external servers. The South Korean electronics giant issued a memo to a key division, notifying employees not to use AI tools, according to a report by Bloomberg, which said it reviewed the […]
Veza releases access security, governance solution for SaaS applications
Data security authorization vendor Veza has announced a new solution for access security and governance across SaaS applications including Salesforce, GitHub, and Slack. Veza for SaaS Apps allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations – securing the attack surface associated with widespread SaaS […]
Global Operation Takes Down Dark Web Drug Marketplace
Law enforcement agencies around the world seized an online marketplace and arrested nearly 300 people allegedly involved in buying and selling drugs. The post Global Operation Takes Down Dark Web Drug Marketplace appeared first on SecurityWeek.
IT Services Firm Bitmarck Takes Systems Offline Following Cyberattack
German IT services giant Bitmarck has taken customer and internal systems offline following a cyberattack. The post IT Services Firm Bitmarck Takes Systems Offline Following Cyberattack appeared first on SecurityWeek.
White House seeks information on tools used for automated employee surveillance
The information will be used to ascertain if employers are violating antitrust and privacy laws, for instance, if companies use technologies to artificially reduce wages.
11 security tools all remote employees should have
It’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, online shopping, or app and software usage. A major problem for businesses, particularly in a […]
HP’s circular approach to IT management case study
With an ambitious 2030 sustainability agenda for its business as a whole, HP wanted to ensure its IT operations supported that larger goal. The company looked at its workforce of 70,000+ employees—and even more devices—and deployed a future-minded approach to managing its PC fleet. To reach sustainable impact goals in its own internal products, processes, […]
T-Mobile Says Personal Information Stolen in New Data Breach
Wireless carrier T-Mobile says the personal information of a small number of individuals was exposed in a recent data breach. The post T-Mobile Says Personal Information Stolen in New Data Breach appeared first on SecurityWeek.
Critical Infrastructure Organizations Urged to Identify Risky Communications Equipment
CISA urges organizations to review FCC’s Covered List of risky communications equipment and incorporate it in their supply chain risk management efforts. The post Critical Infrastructure Organizations Urged to Identify Risky Communications Equipment appeared first on SecurityWeek.
iPhone Users Report Problems Installing Apple’s First Rapid Security Response Update
Apple has released its first Rapid Security Response patch, but iPhone users are complaining that they are having problems installing it. The post iPhone Users Report Problems Installing Apple’s First Rapid Security Response Update appeared first on SecurityWeek.
5 surefire ways to derail a digital transformation (without knowing it)
Despite the best of intentions, CIOs and their organizations often struggle to deliver business outcomes from digital transformation strategies. According to research firm Gartner, 89% of corporate boards say digital is embedded in all business growth strategies, but only 35% of organizations are on track to achieve digital transformation goals. And while KPMG reports that […]
Cybersecurity M&A Roundup: 38 Deals Announced in April 2023
Thirty-eight cybersecurity merger and acquisition (M&A) deals were announced in April 2023. The post Cybersecurity M&A Roundup: 38 Deals Announced in April 2023 appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January
CISA warns of attacks exploiting an Oracle WebLogic vulnerability tracked as CVE-2023-21839, which was patched with the January 2023 CPU. The post CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January appeared first on SecurityWeek.
Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes
Fortinet warns of a massive spike in malicious attacks targeting a five-year-old authentication bypass vulnerability in TBK DVR devices. The post Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes appeared first on SecurityWeek.
Leaked Files Show Extent of Ransomware Group’s Access to Western Digital Systems
Ransomware group leaked files showing the extent of their access to Western Digital systems and how they monitored the company’s initial response to the breach. The post Leaked Files Show Extent of Ransomware Group’s Access to Western Digital Systems appeared first on SecurityWeek.
Transformation isn’t one size fits all
Recently, we visited with several dozen CIOs and IT leaders across all industries to learn more about the challenges they are experiencing in their current transformation initiatives. The focus of our discussions was on promoting and enabling digitally driven outcomes and quicker business decisions. The conversations reminded everyone that there isn’t a one-size-fits-all approach to the journey […]
Revisiting the repatriation debate: Are organizations rethinking the public cloud?
As of late, debate has rekindled around cloud repatriation and whether it is a real phenomenon or just a myth. Much of the confusion may stem from lack of agreement on the term itself: many envision repatriation as an organization completely shifting from a public cloud provider back to on-premises infrastructure, but this is seldom […]
ChatGPT returns to Italy after OpenAI tweaks privacy disclosures, controls
ChatGPT is again available to users in Italy, after being temporarily banned by the country’s data privacy authority for possible violations of the EU’s General Data Protection Regulation (GDPR). Italy’s Guarantor for the Protection of Personal Data announced the reinstatement of ChatGPT Friday, after Microsoft-backed OpenAI, the creator of the generative AI service, made changes […]
Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
Registration is open for SecurityWeek’s ICS Cybersecurity Conference, taking place October 23-26, 2023 in Atlanta. The post Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta appeared first on SecurityWeek.
New ‘Lobshot’ hVNC Malware Used by Russian Cybercriminals
Russian cybercrime group TA505 has been observed using new hVNC malware called Lobshot in recent attacks. The post New ‘Lobshot’ hVNC Malware Used by Russian Cybercriminals appeared first on SecurityWeek.
Reigning in ‘Out-of-Control’ Devices
Out-of-control devices run the gamut from known to unknown and benign to malicious, and where you draw the line is unique to your organization. The post Reigning in ‘Out-of-Control’ Devices appeared first on SecurityWeek.
Is misinformation the newest malware?
Misinformation and cybersecurity incidents have become the top scourges of the modern digital era. Rarely does a day go by without significant news of a damaging misinformation threat, a ransomware attack, or another malicious cyber incident. As both types of threats escalate and frequently appear simultaneously in threat actors’ campaigns, the lines between the two […]
The hidden security risks in tech layoffs and how to mitigate them
In the shadowy corners of the tech world, there are plenty of stories of admins locking organizations out of their own IT environment, greedy employees selling data, or security engineers backdooring the network. The motivations for these acts can touch on anything from financial gain to revenge, and the consequences are generally disastrous for everyone […]
Companies Increasingly Hit With Data Breach Lawsuits: Law Firm
Lawsuits filed against companies that have suffered a data breach are increasingly common, with action being taken even for incidents affecting less than 1,000 people. The post Companies Increasingly Hit With Data Breach Lawsuits: Law Firm appeared first on SecurityWeek.
CISA Asks for Public Opinion on Secure Software Attestation
CISA has opened proposed guidance for secure software development to public review and comment. The post CISA Asks for Public Opinion on Secure Software Attestation appeared first on SecurityWeek.
‘BouldSpy’ Android Malware Used in Iranian Government Surveillance Operations
The Iranian government has been using the BouldSpy Android malware to spy on minorities and traffickers. The post ‘BouldSpy’ Android Malware Used in Iranian Government Surveillance Operations appeared first on SecurityWeek.
Top technologies that will disrupt business in 2023
Despite economic uncertainty, the 2023 State of the CIO survey from Foundry reports that the vast majority of CIOs (91%) expect to maintain or increase their tech budget this year. The technologies driving these investments include data analytics, AI, and other means to improve the customer experience, as enterprises seek to drive new revenue to […]
How VWFS SA’s CIO helps drive online car purchases
As more people get comfortable buying big ticket Items like cars on the internet, Volkswagen Financial Services South Africa (VWFS SA) knew it needed to simplify the entire process. CIO Wilma Crosson was in charge of making this happen. Improving its direct sales channel demanded that they come up with a way to, first of […]
How 2 Australian sporting brands leverage human-centric digital innovation to drive new fan experiences in and out of the arena
Creating new revenue streams, identifying untapped audiences and better engaging fans onsite and all year-round are just some of the wins iconic Australian sporting events are chalking up thanks to human-centric digital innovation. If there’s any lesson brands should have taken from the last three years of the Covid-19 pandemic, it’s that investing in digital […]
How Can Generative AI Boost Your Customer Experience?
Data velocity – how quickly data is generated and moved – is the key to achieving any number of business outcomes. But it’s especially important in customer experience, according to IDC’s Marci Maddox, Research Vice President Digital Experience Strategies, and Aly Pinder, Research Vice President Aftermarket Services Strategies. “We’re finding that the customer experience is […]
Cybercrime group FIN7 targets Veeam backup servers
Researchers warn that a financially motivated cybercrime group known as FIN7 is compromising Veeam Backup & Replication servers and deploying malware on them. It’s not yet clear how attackers are breaking into the servers, but a possibility is that they’re taking advantage of a vulnerability patched in the popular enterprise data replication solution last month. […]
OpenAI: ChatGPT Back in Italy After Meeting Watchdog Demands
OpenAI said ChatGPT is available again in Italy after the company met demands of regulators who temporarily blocked it over privacy concerns. The post OpenAI: ChatGPT Back in Italy After Meeting Watchdog Demands appeared first on SecurityWeek.
Why business resilience depends on software agility
Technology innovation is happening at breakneck speed, creating new opportunities and threats for companies of all sizes and industries. At the same time, ever-evolving macroeconomic conditions are pressuring leaders to drive business outcomes against tighter margins. While today’s business climate certainly feels like a test for the survival of the fittest, your goal should not […]
The Inside Startup: Meet Cisco’s Emerging Technologies and Incubation Group
“Startup” means risk. It prescribes small teams of individuals committed to an idea to make the world a better place…or to make themselves a little richer. Why not both? Regardless, new business ventures work under pressure to research, refine, and deliver an idea to the market. The alternative is shuttering for good. But despite the […]
AWS shifts focus to LLMs, generative AI as growth continues to taper
Amazon’s cloud computing division, AWS, is shifting its focus towards large language models (LLMs) and generative AI-based offerings as it continues to see a downward spiral in overall revenue growth. Amazon Web Services (AWS) has posted 16% year-on-year growth for the first quarter of fiscal year 2023 on the back of revenue of $21.4 billion. […]
5 ways threat actors can use ChatGPT to enhance attacks
The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, […]
What is the right connectivity choice for your enterprise edge? A Q&A discussion
From quality control to revenue growth and workplace safety, digital transformation strengthens almost every aspect of the business. Those who fail to keep up with the pace of digital technology run serious risks of falling behind. To fully leverage digital transformation, businesses today are turning to edge computing. Edge computing allows you to process data at the […]
Due diligence is Ever More Critical as the Battle for Cloud Sovereignty Intensifies
The IT industry has recently seen some interesting activity from global hyperscale cloud providers surrounding their cloud sovereignty ambitions, and their scrutiny by the regulators covering some basics compliance requirements, like the European Union’s (EU) General Data Protection Regulation (GDPR). Firstly, AWS made a public pledge called the “AWS Digital Sovereignty Pledge”, consisting of a commitment to […]
Google Blocked 1.4 Million Bad Apps From Google Play in 2022
Google says it prevented 1.4 million bad applications from being published on Google Play in 2022 and banned 173k developer accounts. The post Google Blocked 1.4 Million Bad Apps From Google Play in 2022 appeared first on SecurityWeek.
Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services
Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures. The post Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services appeared first on SecurityWeek.
Cisco Working on Patch for Vulnerability Reported by NATO Pentester
Cisco is working on a patch for an XSS vulnerability found in Prime Collaboration Deployment by a pentester from NATO’s Cyber Security Centre (NCSC). The post Cisco Working on Patch for Vulnerability Reported by NATO Pentester appeared first on SecurityWeek.
FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking
FDA and CISA notify healthcare providers about a component used by several Illumina medical devices being affected by serious vulnerabilities that can allow remote hacking. The post FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking appeared first on SecurityWeek.
RTM Locker Ransomware Variant Targeting ESXi Servers
A newly identified variant of the RTM Locker ransomware is targeting Linux, NAS, and ESXi hosts. The post RTM Locker Ransomware Variant Targeting ESXi Servers appeared first on SecurityWeek.
Choosing the Right Cloud for Data Sovereignty
As recently spotlighted at VMware Explore US, Sovereign Cloud continues to gain momentum. Sovereign Cloud business estimated the total addressable market (TAM) will be $60bn by 2025, in no small part due to the rapid increase of data privacy laws (currently 145 countries have data privacy laws) and the complexity of compliance in highly regulated industries. […]
Automation for all—managing and scaling networks has never been easier
At this time of dynamic business and market changes, uncertainty, and quickly evolving consumption models for IT infrastructure, every IT executive understands the benefits and necessity of network agility. Agile networks can respond quickly to changes in the market, customer demands, employee requirements, and technology advances. Yet most businesses haven’t tapped into two major capabilities […]
RSA Conference 2023 – ICS/OT Cybersecurity Roundup
SecurityWeek is providing a summary of ICS/OT cybersecurity announcements made at RSA Conference 2023, including talks, products, and new initiatives. The post RSA Conference 2023 – ICS/OT Cybersecurity Roundup appeared first on SecurityWeek.
Implementing Digital Sovereignty in the Journey to Cloud
Continuing with current cloud adoption plans is a risky strategy because the challenges of managing and securing sensitive data are growing. Businesses cannot afford to maintain this status quo amid rising sovereignty concerns. Some 90% of organisations in Europe and 88% in the Middle East, Turkey, and Africa (META) now use cloud technology, which is […]
Will the Real Data Sovereign Cloud please stand up?
Simply put, and despite claims customers may hear and/or see in this infant market, the reality is that there is no one-size-fits-all definition to “data sovereignty”, and the true source of the definition to “data sovereignty” as applicable to any workload being contemplated is the legal, policy or guidelines applicable to that data that are […]
BNY Mellon banks on AI to improve master data
Data about who owes how much to whom is at the core of any bank’s business. At Bank of New York Mellon, that focus on data shows up in the org chart too. Chief Data Officer Eric Hirschhorn reports directly to the bank’s CIO and head of engineering, Bridget Engle, who also oversees CIOs for each […]
Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud
Staying in control and securing your data has never been more important. As data privacy regulations continue to evolve, businesses have had to adapt how and where they store data. The EU’s General Data Protection Regulation (GDPR) has been the most newsworthy, requiring all businesses that operate in or have customers in the EU to […]
Skandia’s CIO drops ‘lift and shift’ to spur consolidation
Skandia consists of several different companies, of which insurance and banking are the two largest. The insurance business has old roots: the pension company was started as early as 1855, while the bank only started in 1994, yet it was first as a purely telephone bank. In light of this, the technical basis on which each […]
How Data Privacy and Sovereignty Impact Business
More countries are adopting laws designed to protect the privacy of citizens and local entities by defining how data can be securely collected, stored, and used. Many organisations are re-evaluating how to comply with the changing geo-political landscape and privacy/security regulations, which requires defining some relevant concepts: Digital sovereignty – the ability to have full control […]
Critical Vulnerability in Zyxel Firewalls Leads to Command Execution
A critical-severity vulnerability in Zyxel’s ATP, USG FLEX, VPN, and ZyWALL/USG firewalls can be exploited remotely for OS command execution. The post Critical Vulnerability in Zyxel Firewalls Leads to Command Execution appeared first on SecurityWeek.
Congratulations to the 10th anniversary SAP Innovation Awards 2023 winners!
In April 1972, entrepreneurs Dietmar Hopp, Hasso Plattner, Claus Wellenreuther, Klaus Tschira, and Hans-Werner Hector started an amazing innovation journey, which culminated in SAP’s 50th anniversary celebration in 2022. Together with our customers and partners, we are happy to celebrate the 10th Anniversary of the SAP Innovation Awards. This award program extends the co-founders’ vision […]
Chinese Cyberspies Delivered Malware via Legitimate Software Updates
Chinese APT Evasive Panda has been observed targeting local members of an international NGO with the MgBot backdoor, delivered via legitimate software updates. The post Chinese Cyberspies Delivered Malware via Legitimate Software Updates appeared first on SecurityWeek.
Modernizing applications: the importance of reducing technical debt
Technical debt is no longer just a “technical” problem. As recent, widely publicized events have shown, it is a business problem that can have serious consequences for organizations. The government and Congress are taking notice of unfair consumer experiences, and it is crucial for businesses to address their technical debt and minimize the risk of […]
Aadya Raises $5 Million for SMB-Focused Security Platform
Cybersecurity firm Aadya has raised $5 million in Series A funding for its all-in-one platform tailored for small and mid-sized businesses. The post Aadya Raises $5 Million for SMB-Focused Security Platform appeared first on SecurityWeek.
New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month
A new piece of malware named Atomic macOS Stealer (AMOS), offered for $1,000 per month, offers a wide range of data theft capabilities. The post New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month appeared first on SecurityWeek.
Innovation Sandbox: Cybersecurity Investors Pivot to Safeguarding AI Training Models
SecurityWeek editor-at-large Ryan Naraine expects to see an explosion of well capitalized startups promising to protect AI machine learning models behind enterprise products. The post Innovation Sandbox: Cybersecurity Investors Pivot to Safeguarding AI Training Models appeared first on SecurityWeek.
5 most dangerous new attack techniques
Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on […]
Chinese hackers launch Linux variant of PingPull malware
Chinese state-sponsored threat actor Alloy Taurus has introduced a new variant of PingPull malware, designed to target Linux systems, Palo Alto Networks said in its research. Along with the new variant, another backdoor called Sword2033 was also identified by the researchers. Alloy Taurus, a Chinese APT, has been active since 2012. The group conducts cyberespionage […]
How enterprises can navigate ethics and responsibility of generative AI
In a few short months, generative AI has become a very hot topic. Looking beyond the hype, generative AI is a groundbreaking technology, enabling novel capabilities as it moves rapidly into the enterprise world. According to a CRM survey, 67% of IT leaders are prioritizing generative AI for their business within the next year and a half—despite looming […]
Google Obtains Court Order to Disrupt CryptBot Distribution
Court grants Google a temporary restraining order to disrupt CryptBot information stealer’s distribution. The post Google Obtains Court Order to Disrupt CryptBot Distribution appeared first on SecurityWeek.
Big Tech Crackdown Looms as EU, UK Ready New Rules
TikTok, Twitter, Facebook, Google, and Amazon are facing rising pressure from European authorities as London and Brussels advanced new rules Tuesday to curb the power of digital companies. The post Big Tech Crackdown Looms as EU, UK Ready New Rules appeared first on SecurityWeek.
Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13
Microsoft says Cl0p ransomware operator has been exploiting a recently patched PaperCut vulnerability since April 13. The post Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13 appeared first on SecurityWeek.
RSA Conference 2023 – Announcements Summary (Day 3)
Summary of announcements made at the 2023 RSA Conference, on day 3 of the cybersecurity event. The post RSA Conference 2023 – Announcements Summary (Day 3) appeared first on SecurityWeek.
Why Russia's cyber arms transfers are poor threat predictors
The history of international cyber conflict is remarkably long and storied. The timeline of major cyber threat events stretches back nearly four decades, but it is really only the last decade that has seen the widespread proliferation of national cyber forces. As of 2007, only 10 countries had operational cyber commands, three of which were […]
Panera CIO John Meister on mastering customer experience
John Meister is the senior vice president and CIO of Panera Bread, a chain of bakery-cafe fast casual restaurants with more than 2,000 locations across the United States and Canada. Over the past decade at Panera, Meister has been instrumental in driving Panera’s customer digital experience initiatives and building an innovative IT culture that continues to stay ahead […]
CIOs in an ideal position to advance ESG goals for their organisation
Environmental, Social and Governance, or ESG, is dominating board agendas at almost every public and private sector organisation. Underpinning the actions that come from ESG are significant concerns about the environment. Organisations are looking for ways to reduce greenhouse emissions, energy use and expenditure, drive towards ambitious sustainability goals, and make a positive social impact. […]
Building the next generation of CIOs in New Zealand
Industry body IT Professionals New Zealand has the election year in its sights as it aims to grow the capability of people in tech at all levels—from those entering the industry to new CIOs. Formerly known as the New Zealand Computer Society, ITP has been operating for 65 years, and is focused on skills, talent […]
Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
A cyberespionage group believed to be associated with the Iranian government has been infecting Microsoft Exchange Servers with a new malware implant dubbed BellaCiao that acts as a dropper for additional payloads. The malware uses DNS queries to receive commands from attackers encoded into IP addresses. According to researchers from Bitdefender, the attackers appear to […]
Akamai's new cloud firewall capabilities aim to protect network edge
Content delivery network (CDN) and cloud security services provider Akamai Technologies has added a network cloud firewall capability to its cloud-based DDoS platform, Akamai Prolexic. The new feature is designed to allow Akamai’s customers to define and manage their own firewall rules and access control lists (ACLs) —lists of permissions for resources in a computer […]
Iranian hacking group targets Israel with improved phishing attacks
Iranian state-sponsored threat actor, Educated Manticore, has been observed deploying an updated version of Windows backdoor PowerLess to target Israel for phishing attacks, according to a new report by Check Point. Researchers have also linked Educated Maticore hackers to APT Phosphorus, which operates in the Middle East and North America. To read this article in full, please […]
Cybersecurity Futurism for Beginners
How will Artificial Intelligence develop in the near term, and how will this impact us as security planners and practitioners? The post Cybersecurity Futurism for Beginners appeared first on SecurityWeek.
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability
Russian cybercrime group FIN7 has been observed exploiting a Veeam Backup & Replication vulnerability patched in March 2023. The post FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability appeared first on SecurityWeek.
SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200
A high-severity vulnerability in the Service Location Protocol can be exploited to launch massive DoS amplification attacks. The post SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200 appeared first on SecurityWeek.
RSA Conference 2023 – Announcements Summary (Day 2)
Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco. The post RSA Conference 2023 – Announcements Summary (Day 2) appeared first on SecurityWeek.
Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators
By now, most of the industry has realized we’re seeing a shift from the legacy perimeter-based security model to an identity-centric approach to cybersecurity. If defenders haven’t realized this, malicious actors certainly have, with 80% of web application attacks utilizing stolen credentials and 40% of breaches that don’t involve insider threats and user error involving […]
Google Cloud posts first-ever operating profit despite slowing growth
Google Cloud, the cloud computing arm of Alphabet, has turned profitable at an operating level for the first time ever, despite fears of macroeconomic uncertainty. Google Cloud posted an operating income of $191 million for the quarter ended March, compared with an operating loss of $706 million for the corresponding period last year. The […]
7 common IT training mistakes to avoid
It’s widely recognized that introducing IT teams to the latest technology, business, and security advancements is essential for maximum performance and productivity. What’s not often discussed, however, are the mistakes IT leaders make when establishing and supervising training programs, particularly when training is viewed as little more than an obligatory task. “Treating training as a […]
SAP aims for more digital and resilient supply chains
“Supply chains are under stress,” said Thomas Saueressig, member of the SAP executive board and head of its Product Engineering division, at the recent Hanover Fair. The past few years have shown how prone to failure global logistics chains are, and he added this also has far-reaching consequences for the German manufacturing industry. Digital supply chains, therefore, are […]
GlobalFoundries overhauls its process owner model to drive transformation
When Brad Clay became chief digital officer of GlobalFoundries in early 2021, he knew his role would be less about technology implementation and more about process change. In 2018, the $8 billion global semiconductor manufacturer announced a pivot in its business strategy: The company would no longer develop and produce 7-nanometer and smaller chip technologies; […]
Z Energy’s CDO: ‘First trust, then transform’
The energy sector is in a consistent state of transformation—both digital and otherwise—but the word “transformation” can be thrown around loosely, as if it just happens with an organization. In reality, it’s hard work, and hard to do. Change is challenging, and maintaining high-performance and diverse teams is fundamental to deliver success. “A main thing […]
ChatGPT, the rise of generative AI
Over the last few months, both business and technology worlds alike have been abuzz about ChatGPT, and more than a few leaders are wondering what this AI advancement means for their organizations. Let’s explore ChatGPT, generative AI in general, how leaders might expect the generative AI story to change over the coming months, and how […]
Organizations Warned of Security Risk in Default Apache Superset Configurations
Attackers can exploit Apache Superset installations with default configurations to gain administrator access and execute code on servers and databases. The post Organizations Warned of Security Risk in Default Apache Superset Configurations appeared first on SecurityWeek.
VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest
VMware this week released patches for a critical vulnerability disclosed at the Pwn2Own Vancouver 2023 hacking contest. The post VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest appeared first on SecurityWeek.
US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt
Iranian hackers broke into to a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials. The post US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt appeared first on SecurityWeek.
New DDoS amplification vector could enable massive attacks
Security researchers sounded the alert about a vulnerability in an UDP-based network service called the Service Location Protocol (SLP) that can be abused to amplify DDoS attacks. Tens of thousands of systems and devices have this service exposed to the internet. Attackers could use them to generate massive attacks, and cleaning them up will likely […]
Amazon, Facebook, Twitter on EU list of companies facing DSA content rules
The EU Commission has announced the online companies and search engines, including Bing and Google, that will have to comply with new transparency and accountability regulations by August.
Hybrid Workplaces: Fad or Future?
As the new year gets underway, organizations are looking beyond the challenges, volatility and reactive mode of the past few years and strategically planning their future to compete and thrive. Two topics that are top of mind are where work gets done and the related impact on office real estate investments and the role of […]
7 venial sins of IT management
As a CIO you can get advice about how to be more effective from any number of sources, from what you get here in CIO Survival Guide (best practice), to other sources here at CIO.com, to, if you’re desperate, various punditries like Gartner, Forrester, and McKinsey. Most of what you read lists what should be […]
Accenture, IBM, Mandiant join Elite Cyber Defenders Program to secure critical infrastructure
Leading cybersecurity response firms Accenture, IBM, and Mandiant have joined the Elite Cyber Defenders Program – a new, collaborative initiative designed to help secure critical infrastructure. Led by Nozomi Networks, the program aims to provide global industrial and government customers access to strong cybersecurity defense tools, incident response teams, and threat intelligence. The Elite Cyber […]
Salesforce previews EinsteinGPT-powered Field Service Mobile app
Salesforce previewed new capabilities for its Field Service application suite on Tuesday, giving an early look at a new mobile application powered by the company’s EinsteinGPT generative AI engine. Salesforce Field Service, which is a part of the company’s Service Cloud, offers applications designed to boost productivity of companies’ frontline workers, lower operating costs, and […]
NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
XIoT security firm NetRise announced $8 million in additional funding, bringing the total raised by the company to $14 million. The post NetRise Adds $8 Million in Funding to Grow XIoT Security Platform appeared first on SecurityWeek.
Token Gets $30M Funding for Biometrics MFA Smart Ring
Token has raised a total of $53 million to work on a biometrics-powered wearable device featuring multi-factor authentication technologies. The post Token Gets $30M Funding for Biometrics MFA Smart Ring appeared first on SecurityWeek.
Bots and beyond: How the AI revolution is shifting the paradigm for customer experience in smart banking
Today’s consumers are accustomed to smooth, frictionless online shopping – and they increasingly expect the same kind of digital experiences from their banks. Insider Intelligence found that 89% of U.S. consumers use mobile banking channels, and 70% said mobile banking is now their primary way of accessing their accounts. “Most people do not want to […]
Rethinking the IT talent pipeline
Amanda Merola had zero technical background when she came to The Hartford in 2015, despite a natural interest in computers and a proclivity for problem-solving. After stints as a call center representative and claims adjuster, Merola got wind of the HartCode Academy, an internal program designed to help nontechnical employees make the leap into software […]
Secure Access Startup Sonet.io Emerges From Stealth With $6 Million in Funding
Cybersecurity startup Sonet.io emerges from stealth mode with $6 million in seed funding and a secure access solution for remote workers. The post Secure Access Startup Sonet.io Emerges From Stealth With $6 Million in Funding appeared first on SecurityWeek.
Abnormal Security expands threat protection to Slack, Teams and Zoom
Cloud-based email security provider Abnormal Security has announced three new capabilities focusing on threat detection for Slack, Microsoft Teams, and Zoom. The company — focused on protecting enterprises from targeted email attacks, such as phishing, social engineering, and business email compromise — is also adding data ingestion from new sources to better its AI model, which […]
Millions of Exposed Artifacts Found in Misconfigured Cloud Software Registries
Aqua Security found over 250 million artifacts and more than 65,000 container images in misconfigured registries. The post Millions of Exposed Artifacts Found in Misconfigured Cloud Software Registries appeared first on SecurityWeek.
Apiiro Launches Application Attack Surface Exploration Tool
Apiiro’s Risk Graph Explorer helps security teams to understand their application attack surface. The post Apiiro Launches Application Attack Surface Exploration Tool appeared first on SecurityWeek.
New AWS GuardDuty capabilities secure container, database, serverless workloads
Amazon Web Services (AWS) has added three new capabilities to its threat detection service Amazon GuardDuty. The new features expand GuardDuty protection to container runtime behavior, as well as database and serverless environments, strengthening customer security through enhanced coverage, AWS said. GuardDuty is part of a broad set of AWS security services that help customers […]
Circle Security debuts platform “purpose-built” to tackle credential-driven threats, cloud attacks
Cybersecurity company Circle Security has emerged from stealth with the release of a new platform “purpose-built” to protect against credential-driven threats and cloud attacks. Powered by a decentralized architecture, Circle is available as a device-native service, a mobile app, a browser-based solution, and via a developer-focused API, according to the firm. Circle Security boasts an […]
Thousands of misconfigured container and artifact registries expose sensitive credentials
Researchers have found thousands of publicly exposed and misconfigured container registries and artifact repositories belonging to businesses that could give attackers access to access tokens, encryption keys, and other sensitive information about internal systems. This information can allow attackers to plan and execute attacks against production and development systems, and in some cases even inject […]
Kaspersky Analyzes Links Between Russian State-Sponsored APTs
Kaspersky believes that Russia-linked threat actors Tomiris and Turla are cooperating at least at a minimum level. The post Kaspersky Analyzes Links Between Russian State-Sponsored APTs appeared first on SecurityWeek.
RSA Conference 2023 – Announcements Summary (Day 1)
Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco. The post RSA Conference 2023 – Announcements Summary (Day 1) appeared first on SecurityWeek.
Insider Q&A: OpenAI CTO Mira Murati on Shepherding ChatGPT
OpenAI CTO Mira Murati discusses AI safeguards and the company’s vision for the futuristic concept of artificial general intelligence, known as AGI. The post Insider Q&A: OpenAI CTO Mira Murati on Shepherding ChatGPT appeared first on SecurityWeek.
Google Audit Finds Vulnerabilities in Intel TDX
Over a nine-month audit, Google researchers identified ten security defects in Intel TDX, including nine vulnerabilities addressed with TDX code changes. The post Google Audit Finds Vulnerabilities in Intel TDX appeared first on SecurityWeek.
AI’s one true X factor: Leadership
If there are any eternal truths about emerging technologies, it’s that there are always naysayers. Some who deride the value of the latest ingenuity prove prescient. Others, not so much. Ken Olson, president, chairman, and founder of Digital Equipment Corp., famously once advised, “There is no reason for any individual to have a computer in […]
What Oracle’s cloud expansion means for businesses in the Middle East
To meet the rapidly growing demand for its cloud services, Oracle has announced plans to open a third public cloud region in Saudi Arabia. Located in Riyadh, the new cloud region will be part of a planned $1.5 billion USD investment from Oracle to expand cloud infrastructure capabilities in the Kingdom. The new region in […]
AI-powered chatbots: the threats to national security are only beginning
The United Kingdom’s National Cyber Security Center (NCSC) recently issued a warning to its constituents on the threat posed by artificial intelligence (AI) to the national security of the UK. This was followed shortly by a similar warning from NSA cybersecurity director Rob Joyce. It is clear there is great concern from many nations surrounding […]
Siemens focuses on zero trust, legacy hardware, supply chain challenges to ensure cybersecurity of internal systems
Siemens has been working to be on top of vulnerabilities found in its products, but more importantly, to ensure the security of its internal operations. The manufacturing giant that works across several different lines of business, including industrial, smart infrastructure, health care, financial services, is protecting its systems by focusing on three main areas: zero […]
2023 CIO 100 UK Awards Open for Entries and Launch New Recognition Awards
The CIO 100 returns for 2023 to showcase and celebrate the top 100 CIOs and their teams across the UK. The Official CIO 100 Awards UK acknowledges the best and brightest CIOs and technology leaders in the UK, celebrating their digital transformation achievements, and reflecting on themes and ideas which emerged from submissions. The awards […]
Generative AI: A paradigm shift in enterprise and startup opportunities
Vlad Sejnoha, Partner at Glasswing Ventures, former CTO & SVP R&D at Nuance, and Kleida Martiro, Principal at Glasswing Ventures are contributing authors. Generative AI (Artificial Intelligence) and its underlying foundation models represent a paradigm shift in innovation, significantly impacting enterprises exploring AI applications. For the first time, because of generative AI models, we have […]
Investors Place Early $4 Million Bet on Stack Identity
Silicon Valley startup emerges from stealth with $4 million in seed-stage funding and ambitious plans to disrupt the IAM governance market. The post Investors Place Early $4 Million Bet on Stack Identity appeared first on SecurityWeek.
Flashpoint releases Ignite platform with threat intelligence reports, rule-based alerts
Threat intelligence firm Flashpoint has announced the release of Ignite, a new intelligence platform built to accelerate cross-functional risk mitigation and prevention across vulnerability management and security teams, including those in law enforcement, state and local government, and federal civilian agencies. Designed for practitioners, Ignite delivers real-time pictures of pertinent risks while reducing silos that […]
OT giants collaborate on ETHOS early threat and attack warning system
One of the greatest fears among government officials and security experts is a crippling cyberattack on industrial organizations that run essential services, including electricity, water, oil and gas production, and manufacturing systems. The proprietary and complex nature of the operational technology (OT) tools used in these systems, not to mention their rapid convergence with IT […]
Paladin Cloud launches new tool for attack surface discovery and management
Open source, cloud security firm Paladin Cloud has launched a new SaaS-based platform for enterprise cloud attack surface discovery and vulnerability management. Built on Paladin Cloud’s open source core, the platform has a set of security policies implemented in code to serve as an extended policy management tool that integrates into various enterprise systems, providing […]
Adrian Stone Joins Moderna as CISO
Former Peloton CISO Adrian Stone has been tapped to steer the security ship at pharmaceutical and biotechnology giant Moderna. The post Adrian Stone Joins Moderna as CISO appeared first on SecurityWeek.
Cloud chaos: The challenges of managing data and applications across mixed environments
Six out of ten organizations today are using a mix of infrastructures, including private cloud, public cloud, multi-cloud, on-premises, and hosted data centers, according to the 5th Annual Nutanix Enterprise Cloud Index. Managing applications and data, especially when they’re moving across these environments, is extremely challenging. Only 40% of IT decision-makers said that they have […]
Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw
Researchers warn that majority of Windows and macOS PaperCut installations still vulnerable to critical vulnerability already exploited in malware attacks. The post Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw appeared first on SecurityWeek.
The Relationship Between Security Maturity and Business Enablement
AT&T Cybersecurity and Enterprise Strategy Group (ESG) completed a benchmark survey to better understand what a mature cybersecurity program looks like and how that maturity influences security and business outcomes. Results from the 500 security professionals surveyed on their processes, policies, and controls were mapped into the NIST Cybersecurity Framework’s (CSF) five foundational cybersecurity functions: […]
AT&T Cybersecurity Insights Report
This year’s Annual AT&T Cybersecurity Insights Report focuses on the edge ecosystem, with the core report focusing on connecting and securing the entire edge computing ecosystem. This includes transport infrastructure, endpoints, operating systems, application workloads, and production monitoring/management/mitigation/runtime. The 2023 AT&T Cybersecurity Insights Report presents a perspective that recognizes the essential characteristics and key differences […]
Hackers behind 3CX breach also breached US critical infrastructure
The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec. Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, […]
Akamai debuts Brand Protector service to combat phishing, online forgery
Akamai is rolling out a new service designed to provide automated detection, investigation and even takedown services for businesses looking to protect their online reputations from digital criminals and phishing campaigns. The basic concept of the new service, launched at RSA Conference in San Francisco today, is simple — Akamai, via its large array of […]
IBM offers integrated security management with QRadar release
IBM at the RSA conference today announced the availability of its new QRadar Security Suite, which is designed to help simplify the challenges faced by security teams tasked with managing an ever-growing list of different security tools. QRadar is a largely AWS-based SaaS system that features four core products that can be managed from the […]
New Data Sharing Platform Serves as Early Warning System for OT Security Threats
Several OT cybersecurity firms have teamed up to create an information sharing platform designed to serve as an early warning system for critical infrastructure. The post New Data Sharing Platform Serves as Early Warning System for OT Security Threats appeared first on SecurityWeek.
North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware
North Korea-linked hacking group BlueNoroff/Lazarus was seen using the RustBucket macOS malware in recent attacks. The post North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware appeared first on SecurityWeek.
Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor
Threat actors have been observed abusing Kubernetes RBAC to create backdoors and hijack cluster resources for cryptocurrency mining. The post Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor appeared first on SecurityWeek.
Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks
Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations. The post Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks appeared first on SecurityWeek.
SolarWinds Platform Update Patches High-Severity Vulnerabilities
SolarWinds has patched two high-severity vulnerabilities that could lead to command execution and privilege escalation. The post SolarWinds Platform Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
External Signs of Narcissism – Raising Awareness to Avoid Collateral Damage
Learning how to spot the signs of narcissism and identify narcissists will help us ensure that we do not bring these people into our security and fraud teams, or our enterprises. The post External Signs of Narcissism – Raising Awareness to Avoid Collateral Damage appeared first on SecurityWeek.
North Dakota turns to AI to boost effectiveness and efficiency of its cybersecurity
The recent proliferation of tools that employ artificial intelligence (AI) or machine learning (ML) to perform human-like tasks has sparked a great deal of interest in the cybersecurity community. And they’ve prompted some very hard questions about the future, not the least of which is whether ChatGPT, BardAI, Bing AI, and the dozens of other […]
UC Riverside turns to cloud to supercharge scientific research
For research institutions, a solid IT foundation can prove to be the difference in delivering meaningful results for scientific endeavors — and thereby in securing valuable funding for further research. To that end, University of California, Riverside has launched an ambitious cloud transformation to shift from a small on-premises data center to an advanced research […]
EU task force to review ChatGPT
The European Data Protection Board (EDPB) wants to set up a task force to take a closer look at AI tools like ChatGPT, which is being interpreted as an indication that European data protection officers could set stricter rules for the use of AI. The Italian data protection authorities in particular got a head start a few weeks ago. Since ChatGPT operator […]
38 Countries Take Part in NATO’s 2023 Locked Shields Cyber Exercise
More than 3,000 participants from 38 countries took place in NATO’s 2023 Locked Shields cyber defense exercise. The post 38 Countries Take Part in NATO’s 2023 Locked Shields Cyber Exercise appeared first on SecurityWeek.
Cisco patches high and critical flaws across several products
Cisco fixed serious vulnerabilities across several of its products this week, including in its Industrial Network Director, Modeling Labs, ASR 5000 Series Routers, and BroadWorks Network Server. The flaws can lead to administrative command injection, authentication bypass, remote privilege escalation and denial of service. The Cisco Industrial Network Director (IND), a network monitoring and management […]
Iran cyberespionage group taps SimpleHelp for persistence on victim devices
Iranian APT hacking group MuddyWater has been observed using SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices. SimpleHelp itself, as used by the threat actors, has not been compromised — instead, the group has found a way to download the tool from the official website and use it […]
Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs
The North Korean hacking group behind the supply chain attack that hit 3CX also broke into two critical infrastructure organizations in the energy sector. The post Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs appeared first on SecurityWeek.
Pillars of successful multi-cloud application platforms
Software development teams can transform or constrict a modern enterprise in today’s digital economy. As such, many organizations are starting to invest in enhancing the developer experience, understanding that a frictionless process can improve business outcomes and drive higher performance. Organizations encounter friction when shifting gears to cloud and multi-cloud, especially as they scale – […]
Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform
Texas startup scores financing to build an AI-powered anti-ransomware engine to help organizations ward off data-extortion attacks. The post Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform appeared first on SecurityWeek.
Production Assurance AI answers: Can we be profitable in the future?
In the last few years, we’ve all learned how to become more agile. In the face of unplanned events like a global pandemic and various geopolitical events, we had to change and pivot on demand. This holds true for individuals and businesses alike, and notably so in the manufacturing environments where I spend much of […]
Abandoned WordPress Plugin Abused for Backdoor Deployment
Attackers are installing the abandoned Eval PHP plugin on compromised WordPress sites to inject PHP code into web pages. The post Abandoned WordPress Plugin Abused for Backdoor Deployment appeared first on SecurityWeek.
Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities
Five Eyes agencies have issued joint cybersecurity guidance and best practices for smart cities. The post Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities appeared first on SecurityWeek.
Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors
A vulnerability in Google Cloud Platform allowed attackers to modify and hide OAuth applications to create a stealthy backdoor to any Google account. The post Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors appeared first on SecurityWeek.
Good Friday Agreement paved way for Northern Ireland’s emergence as a global cybersecurity hub
The Belfast (Good Friday) Agreement played an integral role in enabling Northern Ireland’s growth as a global cybersecurity hub, according to UK government chiefs speaking at the CyberUK conference in Belfast. The Good Friday Agreement was signed on Good Friday, April 10, 1998, following three decades of conflict known as the Troubles. In introduced several […]
Most interesting products to see at RSA Conference 2023
Security professionals attending this year’s RSA Conference expect to learn about new tools, platforms, and services from the 600-plus vendors exhibiting there. That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here. More announcements will be made throughout the […]
GitHub Announces New Security Improvements
GitHub this week introduced NPM package provenance and deployment protection rules and announced general availability of private vulnerability reporting. The post GitHub Announces New Security Improvements appeared first on SecurityWeek.
The strong link between cyber threat intelligence and digital risk protection
While indicators of compromise (IoCs) and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence (CTI) needs have grown over the past few years, driven by things like digital transformation, cloud computing, SaaS propagation, and remote worker support. In fact, these changes have led to a CTI subcategory focused on […]
House Committee Hears Testimony on DC Health Data Breach
A top administrator with Washington’s health insurance exchange apologized to House members on Wednesday for the data breach that resulted in the disclosure of personal information for thousands of users. The post House Committee Hears Testimony on DC Health Data Breach appeared first on SecurityWeek.
Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information
Capita finally confirmed that hackers stole data after the Black Basta ransomware group offered to sell information allegedly stolen from the company. The post Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information appeared first on SecurityWeek.
3CX hack highlights risk of cascading software supply-chain compromises
At the end of March, an international VoIP software company called 3CX with over 600,000 business customers suffered a serious software supply-chain compromise that resulted in both its Windows and macOS applications being poisoned with malicious code. New evidence suggests the attackers, believed to be North Korean state-sponsored hackers, gained access to the company’s network […]
4 perils of being an IT pioneer
The speed at which enterprises adopt emerging technology is widely acknowledged as a key driver of success. As a result, organizations often rush to adopt new technology believing it will make them operationally more efficient and enhance their competitiveness. Proponents of early technology adoption further argue that it enables companies to build informal relationships with […]
Best project management certifications of 2023
Behind every successful IT project, you’ll find a highly skilled project manager. From hardware and software upgrades to ongoing security patches, to application development and the rollout of software itself, project managers keep your teams on task and productive. Almost any IT pro can benefit from adding a project management certification to their list of […]
Cost-effective security: certainty without complexity
In a recent article, we discussed the connection between digital transformation, innovation, and rising IT complexity. And we noted that complexity presents a big challenge to cybersecurity teams. Nevertheless, organizations have armed themselves with a litany of best-of-breed tools to tackle their most pressing security challenges. Many large enterprises use upwards of 40 to 50 tools […]
Demystifying hybrid cloud solutions
When we think of digital transformation, perhaps no other technology comes to mind as quickly as the cloud. Many businesses have, in some form or another, been migrating their operations to the cloud for years now. But that doesn’t mean legacy systems suddenly cease to exist. A 2022 survey of business leaders by Rocket Software […]
Greater innovation comes with a cost: increased IT complexity
Digital transformation has changed how businesses operate, making them more agile and responsive to the markets they serve. But this transformation has come at a cost: a rambling web of software tools and applications, cloud infrastructures, and decentralized application services. And this complexity presents a big challenge to IT teams. In tandem with digital transformation […]
VMware Patches Pre-Auth Code Execution Flaw in Logging Product
VMware warns of two critical vulnerabilities — CVE-2023-20864 and CVE-2023-20865 — in the VMware Aria Operations for Logs product. The post VMware Patches Pre-Auth Code Execution Flaw in Logging Product appeared first on SecurityWeek.
Podcast: IHH Healthcare’s Francis Yeow on talent
Francis Yeow – Country Information Security Officer of Singapore at IHH Healthcare – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about talent, risk culture in organisations, and more. To read this article in full, please click here
Consulting, software boost IBM revenue as it turns to AI
Strong performances in software and consulting helped IBM’s profit and revenue increase in the first quarter, even as a post-pandemic slowdown hit much of the technology industry. IBM’s software and consulting revenue both rose 3% year over year. In the software segment, IBM’s enterprise Linux unit, Red Hat, saw growth of 8%, while application operations […]
Microsoft Will Name APTs Actors After Weather Events
Microsoft plans to use weather-themed naming of APT actors as part of a move to simplify the way threat actors are documented. The post Microsoft Will Name APTs Actors After Weather Events appeared first on SecurityWeek.
Xage’s new IAM offering provides multilayer authentication for ICS/OT
Zero trust security provider Xage Security has added a multilayer identity and access management (IAM) solution to its decentralized access control platform Xage Fabric to secure assets in different layers of operational technology (OT) and industrial control systems (ICS) environments. “Multilayer IAM is needed for a couple of reasons,” said Roman Arutyunov, co-founder, and SVP […]
Ransomware Attack Hits Health Insurer Point32Health
Health insurer Point32Health takes systems offline after falling victim to ransomware attack. The post Ransomware Attack Hits Health Insurer Point32Health appeared first on SecurityWeek.
Phylum Adds Open Policy Agent to Open Source Analysis Engine
The software supply chain security firm adds the Open Policy Agent to its risk analysis engine, increasing flexibility for the creation and enforcement of custom policies on the use of open source software. The post Phylum Adds Open Policy Agent to Open Source Analysis Engine appeared first on SecurityWeek.
Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App
3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm. The post Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App appeared first on SecurityWeek.
Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs
Cisco this week released patches for critical-severity vulnerabilities impacting its Industrial Network Director and Modeling Labs applications. The post Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs appeared first on SecurityWeek.
Air Force Unit in Document Leaks Case Loses Intel Mission
The Air Force is investigating how a lone airman could access and distribute possibly hundreds of highly classified documents, and in the meantime has taken away the intelligence mission from the unit where the leaks took place The post Air Force Unit in Document Leaks Case Loses Intel Mission appeared first on SecurityWeek.
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management
Cyber insurance provider At-Bay has announced the launch of a new InsurSec solution to help small-to-mid sized businesses (SMBs) improve their security and risk management postures through their insurance policy. The firm describes the At-Bay Stance platform as a “world’s first” that aims to addresses major security technology and skills access gaps by centralizing and […]
Five Eye nations release new guidance on smart city cybersecurity
New guidance, Cybersecurity Best Practices for Smart Cities, wants to raise awareness among communities and organizations implementing smart city technologies that these beneficial technologies can also have potential vulnerabilities. A collaboration among the Five Eye nations (Australia, Canada, New Zealand, the UK, and the US), it advises communities considering becoming smart cities to assess and […]
UK Warns of Russian Hackers Targeting Critical Infrastructure
The UK government’s information security arm warns of Russian state-aligned groups aiming to disrupt and destroy critical infrastructure in Western countries. The post UK Warns of Russian Hackers Targeting Critical Infrastructure appeared first on SecurityWeek.
PaperCut Warns of Exploited Vulnerability in Print Management Solutions
Print management solutions provider PaperCut warns that exploitation of a recently patched vulnerability has commenced. The post PaperCut Warns of Exploited Vulnerability in Print Management Solutions appeared first on SecurityWeek.
What CIOs need to become better enablers of sustainability
Over 90 wildfires ravaged Spain’s Asturias principality in March this year. Though not as cold and wet as northern Europe, March is still the tail end of winter in northwest Spain, a region not typically considered a tinder box. But the climate emergency is steadily changing that. But Spain’s predicament isn’t unique. Across the world, […]
CDIO Salumeh Companieh on putting the product mindset into action
Making the shift from project- to product-based IT requires more than just an operational map of capabilities and the cross-functional teams that will own them. It takes an organization-wide shift in mindset that gets people thinking and working in ways that align with the client’s definition of value. Salumeh “Sal” Companieh, chief digital and information […]
Fortra Completes Investigation Into GoAnywhere Zero-Day Incident
Fortra has shared a summary of its investigation into the GoAnywhere zero-day incident that hit dozens of the company’s customers earlier this year. The post Fortra Completes Investigation Into GoAnywhere Zero-Day Incident appeared first on SecurityWeek.
Global intelligence assessments: you are the target
The duty and responsibility of every intelligence service is to collect, analyze, and disseminate intelligence information to its country’s policymakers. In a prior piece, we discussed the US Office of the Director of National Intelligence (ODNI) global threat assessment in the cyber domain. What follows is the perspective from other countries’ intelligence services on what […]
DC Health Link Data Breach Blamed on Human Error
The recent data breach of personal information for thousands of users of Washington D.C.’s health insurance exchange, including members of Congress, was caused by basic human error The post DC Health Link Data Breach Blamed on Human Error appeared first on SecurityWeek.
Former convicted hacker Hieu Minh Ngo on top cybersecurity vulnerabilities to watch out for
Hieu Minh Ngo – Cybersecurity Specialist at the National Cyber Security Center of Vietnam – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about his past as a black-hat hacker, common cybersecurity pitfalls to avoid, and more. To read this article in full, please click here
Russian cyber spy group APT28 backdoors Cisco routers via SNMP
APT28, the hacking arm of Russia’s GRU military intelligence agency has been backdooring Cisco routers by exploiting a remote code execution vulnerability in the Cisco IOS implementation of the simple network management protocol (SNMP), according to a statement by Western security agencies. The malware deployed on compromised routers patches the router’s authentication mechanism to always […]
BrandPost: The status quo for DNS security isn’t working
The Domain Name System (DNS) is often referred to as the phone book of the internet. DNS translates web addresses, which people use, into IP addresses, which machines use. But DNS was not designed with security in mind. And even though companies have invested incredible amounts of money into their security stack (and even though […]
IHH Healthcare’s Francis Yeow on talent
Francis Yeow – Country Information Security Officer of Singapore at IHH Healthcare – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about talent, risk culture in organisations, and more. To read this article in full, please click here
Hong Kong Baptist University’s Allan Wong on his award-winning implementation of zero trust security
Allan Wong – Director of Information Technology at Hong Kong Baptist University – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the stumbling blocks in the adoption of zero trust, how to create security policies without hampering employee productivity, and more. To read this article in full, please click here
How to succeed as a fractional CIO
What is a fractional CIO? Fractional CIOs operate in a sphere that’s significantly different from their traditional, full-time counterparts. A fractional CIO is a technology leader hired on a temporary or part-time basis, explains Peter Kirkwood, corporate strategy leader at management consulting and strategy advisory firm Zinnov. A fractional CIO is typically an experienced IT […]
Top considerations for data modernization initiatives
Most organizations are already well under way with their digital transformation journeys, particularly data modernization. For most companies, the drive for data modernization is attributed to the massive growth of data and a business goal to harness as much data as possible to unlock its potential in transformative ways. Adopting cloud-based solutions is, perhaps, one […]
Investors Bet Big on Safe Security for Cyber Risk Management
Safe Security, a startup building technology to help organizations manage cyber risk, has secured a $50 million Series B funding round. The post Investors Bet Big on Safe Security for Cyber Risk Management appeared first on SecurityWeek.
Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced
Russian national Denis Dubnikov has been sentenced to time served after he pleaded guilty to charges related to laundering money for the Ryuk ransomware group. The post Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced appeared first on SecurityWeek.
Dasera Scores $12M Funding for Cloud Data Security
The Series A funding round was led by Storm Ventures and brings the total raised by Dasera to $20 million. The post Dasera Scores $12M Funding for Cloud Data Security appeared first on SecurityWeek.
Lacework adds vulnerability risk management to its flagship offering
Cloud security provider Lacework has added a new vulnerability risk management capability to its cloud-native application protection (CNAPP) offering. The SaaS capability will combine active package detection, attack path analysis, and in-house data on active exploits to generate personalized vulnerability risk scores. “Lacework takes a risk-based approach that goes beyond a common vulnerability scoring system […]
Darwinium upgrades its payment fraud protection platform
Security and fraud prevention vendor Darwinium has updated its Continuous Customer Protection platform to provide shared intelligence on anonymized data sets. The company claims that the update ensures customers remain in control of users’ data while also preventing Darwinian from becoming a target of cybercrime. Use cases for the Darwinium platform include account security, scam […]
OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks
The Open Source Security Foundation (OpenSSF) has announced the release of Supply-chain Levels for Software Artifacts (SLSA) v.1.0 with structure changes designed to make the software supply chain security framework more accessible and specific to individual areas of the software delivery lifecycle. SLSA is a community-driven supply chain security standards project that outlines increasing security […]
Cleaning Up Costs: Avaya and Stemmer Distribution
Stemmer Distribution, the largest French company to provide dental products to healthcare professionals since 1978, was able to reduce costs while improving their customer experience with the help of Avaya. With 250 employees and 14 companies across six sites, Stemmer needed a flexible and fluid communication solution for their customers as the brand experienced a […]
Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers
Discarded enterprise routers are often not wiped and contain secrets that could be highly useful to malicious hackers. The post Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers appeared first on SecurityWeek.
UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure
The UK National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert states that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, […]
Top risks and best practices for securely offboarding employees
Employees won’t work for the same organization forever and dealing with their departures is just part and parcel of business. But the security risks posed by departing staff can be significant. Without secure off-boarding processes, organizations expose themselves to a variety of cybersecurity risks ranging from the innocuously accidental to the maliciously deliberate. High turnover […]
Google Patches Second Chrome Zero-Day Vulnerability of 2023
Google warns of another zero-day vulnerability in Chrome, only days after addressing a similar issue. The post Google Patches Second Chrome Zero-Day Vulnerability of 2023 appeared first on SecurityWeek.
Oracle Releases 433 New Security Patches With April 2023 CPU
Oracle’s April 2023 critical patch update (CPU) includes 433 new security patches, including more than 70 that fix critical vulnerabilities. The post Oracle Releases 433 New Security Patches With April 2023 CPU appeared first on SecurityWeek.
Coro Raises $75 Million for Mid-Market Cybersecurity Platform
Coro, an enterprise cybersecurity platform for mid-market organizations, has raised $75 million from Energy Impact Partners. The post Coro Raises $75 Million for Mid-Market Cybersecurity Platform appeared first on SecurityWeek.
How to know it’s time for a new CIO gig
It’s no secret that the labor market has been volatile in recent years, with workers moving positions in record numbers. But it’s not just lower-level staffers making moves: Plenty of CIOs have been shuffling jobs during the past few years, too. In its 2022 Global Leadership Monitor survey, executive search firm Russell Reynolds Associates reported […]
Deutsche Bahn CIO on track to decentralize IT
Bernd Rattey has been Group CIO and CDO of Deutsche Bahn (DB) since 2021, after being in charge of IT at subsidiary DB Fernverkehr AG for five years. And it was during that time he got to know the railways from a different business area. In his eyes, the entire DB group works like a federal system, […]
Will Taiwan be the next supply chain bottleneck for IT?
Taiwan’s semiconductor factories, the source of many of the chips used in the world’s PCs, servers, and mobile phones, operate under a constant threat of disruption. The threats are both geological (earthquakes frequently force high-tech plants to shut down despite them being built to withstand seismic shocks) and geopolitical: China considers Taiwan to be part […]
CIO Fletcher Previn on designing the future of work
It has been three years since COVID sent us into remote work, and we now find ourselves with a new challenge: employees who have never met in person. The hybrid work paradigm has exposed the importance of getting in front of evolving changes in the way employees will work together in the future, accelerating IT […]
Oracle adds AI, automation capabilities to SCM, HCM Fusion apps
Oracle on Wednesday said it is adding new AI and automation capabilities to its Fusion Supply Chain Management (SCM) and Fusion Human Capital Management (HCM) suites to help enterprises increase efficiency across divisions. The updates to the SCM suite, which have been made generally available, include an AI-based planning tool, an enhanced quote-to-cash process for […]
Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure
A subgroup of Iran-linked APT Phosphorus (Mint Sandstorm) has started to quickly adopt PoC exploit code targeting vulnerabilities in internet-facing applications. The post Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure appeared first on SecurityWeek.
US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers
US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability. The post US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers appeared first on SecurityWeek.
Hard-to-detect malware loader distributed via AI-generated YouTube videos
Security researchers warn of a new malware loader that’s used as part of the infection chain for the Aurora information stealer. The loader uses anti-virtual-machine (VM) and unusual compilation techniques that seem to make it quite successful at avoiding detection by security solutions. The Aurora infostealer is written in Go and is operated as a […]
App cyberattacks jump 137%, with healthcare, manufacturing hit hard, Akamai says
An analysis of customer data collected by content delivery network and internet services giant Akamai found that attacks targeting web applications rose by 137% over the course of last year, as the healthcare and manufacturing sectors in particular were targeted with an array of API and application-based intrusions. Local file intrusions — in which attackers […]
6 ways to drive Wi-Fi operational efficiencies
By: Gayle Levin, Senior Product Marketing Manager for Wireless at Aruba, A Hewlett Packard Enterprise Company. If you’re like me and you’ve been reading the news lately, the economic outlook is all over the place. It’s difficult enough to prioritize IT spending and align efforts to support business initiatives without trying to predict the future […]
SpinOne adds new capabilities to secure SaaS applications and data
SaaS data protection provider Spin.ai has launched two new service modules — SaaS security posture management (SSPM) and SaaS data leak prevention/loss protection (SDLP) — along with a few new capabilities for existing modules, to its flagship SaaS security platform SpinOne. The enhancements to the SaaS-based offering aim to protect SaaS applications, automate manual processes, […]
Daon’s TrustX to offer SaaS-based, no-code identity journeys
Identity and access management provider Daon has launched a SaaS-based identity proofing and authentication platform TrustX, designed to help customers create and manage user identity journeys across organizational workflows. The fully managed offering will use artificial intelligence (AI) and machine learning (ML) tools to support identity journeys, which will include building, verifying, and authenticating identities, along […]
IT Leadership – and Networking – Take Center Stage at FutureIT Event Series
The room was abuzz. People were standing, talking intensely, mingling, and meeting new people. This was our first in-person conference in 2023, and it was going exactly as planned: Participants were engaged and networking. In all of our surveys, networking is always one of the top two reasons attendees come to our events (the other […]
Takedown of GitHub Repositories Disrupts RedLine Malware Operations
Four GitHub repositories used by RedLine stealer control panels were suspended, disrupting the malware’s operations. The post Takedown of GitHub Repositories Disrupts RedLine Malware Operations appeared first on SecurityWeek.
New ‘Domino’ Malware Linked to FIN7 Group, Ex-Conti Members
New Domino backdoor brings together former members of the Conti group and the FIN7 threat actors. The post New ‘Domino’ Malware Linked to FIN7 Group, Ex-Conti Members appeared first on SecurityWeek.
SpecterOps Scores $25M Funding to Secure ID Attack Paths
Seattle startup SpecterOps secures $25 million in Series A funding to boost its BloodHound Enterprise platform. The post SpecterOps Scores $25M Funding to Secure ID Attack Paths appeared first on SecurityWeek.
Businesses detect cyberattacks faster despite increasingly sophisticated adversaries
Global organizations are improving their attack detection capabilities despite facing increasingly sophisticated, persistent, and creative adversaries. The Mandiant M-Trends 2023 report, now in its fourteenth year, revealed that the global median dwell time – calculated as the median number of days an attacker is present in a target’s environment before detection – dropped to 16 […]
NSO Group Used at Least 3 iOS Zero-Click Exploits in 2022: Citizen Lab
NSO Group used at least three iOS zero-click exploits in Pegasus attacks in 2022: FindMyPwn, PwnYourHome, and LatentImage. The post NSO Group Used at Least 3 iOS Zero-Click Exploits in 2022: Citizen Lab appeared first on SecurityWeek.
Elon Musk Says He’ll Create ‘TruthGPT’ to Counter AI ‘Bias’
Elon Musk plans to create an alternative to the popular AI chatbot ChatGPT that he is calling “TruthGPT,” which will be a “maximum truth-seeking AI that tries to understand the nature of the universe.” The post Elon Musk Says He’ll Create ‘TruthGPT’ to Counter AI ‘Bias’ appeared first on SecurityWeek.
New Qbot campaign delivers malware by hijacking business emails
Cyberattacks that use banking trojans of the Qbot family have been targeting companies in Germany, Argentina, and Italy since April 4 by hijacking business emails, according to a research by cybersecurity firm Kaspersky. In the latest campaign, the malware is delivered through emails written in English, German, Italian, and French. The messages are based on […]
Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks
Threat actors are getting more adept at exploiting common, everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most […]
19 startups to check out at RSA Conference 2023
This year’s RSA Conference showcases promising startups from all over the world, many of which are making their first public appearance. Most will be exhibiting in the Early Stage Expo, which features 50 new security solution providers. Other startup exhibitors are finalists in RSA’s Innovation Sandbox competition. Perhaps the most interesting aspect about startups is […]
The classified document leak: let’s talk about Jack Teixeira’s need-to-know
The arrest of 21-year-old Airman First Class Jack Teixeira last week has inspired myriad reactions from armchair pundits declaring 21 is too young to be trusted with classified information to the need to reform the Department of Defense and the intelligence community to the US Speaker of the House calling for hearings on how the […]
Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends
In a year dominated by kinetic/cyber war in Ukraine, North Korea doubles down on cryptocurrency thefts, China and Iran continue to take advantage, and a new form of personal intimidation of company personnel emerges. The post Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends appeared first on SecurityWeek.
Lockr Raises $2.5 Million for Identity and Data Protection Platform
Personal identity and data protection provider Lockr has raised $2.5 million in pre-seed funding. The post Lockr Raises $2.5 Million for Identity and Data Protection Platform appeared first on SecurityWeek.
Cyberinsurance Backstop: Can the Industry Survive Without One?
The purpose of a backstop would be to make cyberinsurance more widely available and affordable to the whole market – but it isn’t yet clear whether this can be achieved. The post Cyberinsurance Backstop: Can the Industry Survive Without One? appeared first on SecurityWeek.
CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog
CISA has added two vulnerabilities to its ‘must patch’ list, including a recently fixed Chrome flaw and a macOS flaw exploited by the DazzleSpy malware. The post CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog appeared first on SecurityWeek.
Why IT surveys can’t be trusted for strategic decisions
Information, according to the mathematical theory that bears its name, reduces uncertainty. If, for example, I tell you I tossed a coin twice, you’ll know there were four equally probable outcomes. But if I then tell you the first toss came up tails, the number of possible outcomes cuts in half: tails/heads or tails/tails. In […]
Cybersecurity M&A Roundup for April 1-15, 2023
Sixteen cybersecurity-related M&A deals were announced in the first half of April 2023. The post Cybersecurity M&A Roundup for April 1-15, 2023 appeared first on SecurityWeek.
Creative Software Maker Affinity Informs Customers of Forum Breach
UK-based creative software developer Affinity recently informed the 175,000 users of its forum of a data breach that occurred on April 6. The post Creative Software Maker Affinity Informs Customers of Forum Breach appeared first on SecurityWeek.
How TCS is helping to fight financial crime with AI and Microsoft Cloud
As consumers embrace ecommerce, digital banking, and online payment applications, the risk of fraud and other financial crimes has increased dramatically. Every new portal and mobile app expand the attack surface and give hackers new opportunities to exploit vulnerabilities. The stakes for financial organizations are growing as well. In 2021, U.S. fraud losses amounted to […]
5 hot digital transformation trends — and 2 going cold
Digital transformation has always been a continuous journey, one that should become an organizational core competency, with the introduction of digital services an ongoing imperative to evolve the business and stave off disruption. While this may remain the case, subtleties are emerging about how digital transformation should be thought of, impacting how it should be […]
Norco Industries jumpstarts digital transformation with RPA
Chris Richner signed on as CIO of Norco Industries with a clear mission: To guide the US-based manufacturer through wholesale digital transformation. “I was brought on board to be a change agent,” says Richner, who is now 18 months into the job. “The first order of business was to get my infrastructure shored up, because […]
The golden path to cloud success
As IT organizations attempt wide-scale cloud adoption, the importance of common best practices across applications and products is growing, sparking an exciting new conversation about platform teams and related disciplines like platform engineering. The problem statement driving the investment in platform teams is clear: developing, operating, and optimizing a modern application is becoming too complex […]
Buying advice for CIOs as low-code/no-code spending rises
Faced with a long-running shortage of experienced professional developers, enterprise IT leaders have been exploring fresh ways of unlocking software development talent by training up non-IT staff and deploying tools that enable even business users to build or customize applications to suit their needs. A broad spectrum of tools has arisen to facilitate software development […]
Copaco Cloud: Increasing the sustainability of enterprises in Belgium, Luxembourg, and the Netherlands
Eindhoven-based Copaco is well-known for the cloud services and solutions it offers for managed service providers – including managed security service providers – independent software vendors and systems integrators throughout Belgium, Luxembourg, and the Netherlands. Delivered from the company’s highly advanced data centers, the Copaco Cloud, powered by VMware technologies, provides the core of the […]
Google urges users to update Chrome to address zero-day vulnerability
Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed. Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects […]
The Security and Productivity Implications of Low Code/No Code Development
The low code/no code movement provides simplified app generation – but it needs to be understood to be safe. The post The Security and Productivity Implications of Low Code/No Code Development appeared first on SecurityWeek.
CISA updates zero trust maturity model to provide an easier launch
The United States Cybersecurity and Infrastructure Security Agency (CISA) has published its Zero Trust Maturity Model (ZTMM) version 2, which incorporates recommendations from public comments it received on its first version of ZTMM. “CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” […]
7 countries unite to push for secure-by-design development
Ten agencies from across seven countries have joined forces to create a guide for software developer organizations to ensure their products are both secure by design and by default. The joint guidance, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default, comes after several recently identified critical vulnerabilities in vendor software. […]
ZeroFox to Acquire Threat Intelligence Firm LookingGlass for $26 Million
Web security and threat intelligence firm ZeroFox is acquiring threat intelligence company LookingGlass for $26 million. The post ZeroFox to Acquire Threat Intelligence Firm LookingGlass for $26 Million appeared first on SecurityWeek.
LockBit Ransomware Group Developing Malware to Encrypt Files on macOS
The LockBit ransomware gang is developing malware designed to encrypt files on macOS systems and researchers have analyzed if it poses a real threat. The post LockBit Ransomware Group Developing Malware to Encrypt Files on macOS appeared first on SecurityWeek.
7 cybersecurity mindsets that undermine practitioners and how to avoid them
It’s no secret that cybersecurity jobs are burning people out. It’s a high-pressure environment that ever seems to be ratcheting up the daily demand on security professionals. There are many reasons for this, but underlying them all is the way we think about security. By consciously recognizing these mindsets we can change them and better […]
Payments Giant NCR Hit by Ransomware
US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit. The post Payments Giant NCR Hit by Ransomware appeared first on SecurityWeek.
Mobb Raises $5.4 Million in Seed Funding for Automatic Vulnerability Fixing Tool
Boston-based Mobb has raised $5.4 million in seed funding for a product that automatically fixes vulnerabilities found in applications developed by customers. The post Mobb Raises $5.4 Million in Seed Funding for Automatic Vulnerability Fixing Tool appeared first on SecurityWeek.
Online Gaming Chats Have Long Been Spy Risk for US Military
Online gaming forums have long been a particular worry of the military because of their lure for young service members. The post Online Gaming Chats Have Long Been Spy Risk for US Military appeared first on SecurityWeek.
Mandiant’s new solution allows exposure hunting for a proactive defense
Google-owned cybersecurity provider Mandiant has launched Mandiant Proactive Exposure Management, a suite of products and services to help organizations focus on “attackable exposures” rather than just vulnerabilities. “Exposures go beyond vulnerabilities and are potential exploitable entry points that can be used by an adversary to gain initial compromise into an organization or supply chain ecosystem,” […]
The Engagement You’ll Find at Our Virtual Events
A record number of participants turned out for a discussion group with one of our speakers, Tom Kouloupolous, futurist and chairman and founder of Delphi Group, during our April virtual summit, CIO’s Future of Cloud and Data. Nearly all of the almost 300 viewers of his virtual session on “Living in the Cloud” jumped onto […]
Google Warns of New Chrome Zero-Day Attack
The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. The post Google Warns of New Chrome Zero-Day Attack appeared first on SecurityWeek.
EU privacy regulators to create taskforce to investigate ChatGPT
The move comes after a number of data privacy regulators from across Europe raised concerns about whether the chatbot is compliant with the EU’s GDPR privacy law.
Building the Generative AI-Driven Enterprise: Today’s Use Cases
Generative AI (GenAI) is taking the world by storm. During my career, I’ve seen many technologies disrupt the status quo, but none with the speed and magnitude of GenAI. Yet, we’ve only just begun to scratch the surface of what is possible. Now, GenAI is emerging from the consumer realm and moving into the enterprise […]
Stolen ChatGPT premium accounts up for sale on the dark web
Trade of stolen ChatGPT account credentials, especially those of the premium accounts, is on a rise on the dark web since March, enabling cybercriminals to get around OpenAI’s geofencing restrictions and get unlimited access to ChatGPT, according to research by Check Point. “During the last month, CPR (Check Point Research) observed an increase in the chatter in underground […]
FBI Arrests 21-Year-Old Guardsman in Leak of Classified Military Documents
A Massachusetts Air National Guard member was arrested Thursday in connection with the disclosure of highly classified military documents about the Ukraine war and other top national security issues. The post FBI Arrests 21-Year-Old Guardsman in Leak of Classified Military Documents appeared first on SecurityWeek.
CISA Introduces Secure-by-design and Secure-by-default Development Principles
CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products. The post CISA Introduces Secure-by-design and Secure-by-default Development Principles appeared first on SecurityWeek.
Microsoft Warns Accounting, Tax Return Preparation Firms of Remcos RAT Attacks
A new Remcos RAT campaign is targeting US accounting and tax return preparation firms as Tax Day approaches. The post Microsoft Warns Accounting, Tax Return Preparation Firms of Remcos RAT Attacks appeared first on SecurityWeek.
Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation
The Android vulnerability CVE-2023-20963, reportedly exploited as a zero-day by a Chinese app against millions of devices, was added to CISA’s KEV catalog. The post Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation appeared first on SecurityWeek.
Mandiant’s new solution allows exposure hunting for a proactive defense
Google-owned cybersecurity provider Mandiant has launched Mandiant Proactive Exposure Management offering, a suite of products and services to help organizations focus on “attackable exposures” rather than just vulnerabilities. “Exposures go beyond vulnerabilities and are potential exploitable entry points that can be used by an adversary to gain initial compromise into an organization or supply chain […]
Juniper Networks Patches Critical Third-Party Component Vulnerabilities
Juniper Networks this week announced patches for tens of vulnerabilities across its product portfolio, including critical bugs in Junos OS and STRM. The post Juniper Networks Patches Critical Third-Party Component Vulnerabilities appeared first on SecurityWeek.
Cerbos Raises $7.5 Million for Authorization Platform
Authorization layer solution provider Cerbos has raised $7.5 million in an extended seed round led by Omers Ventures. The post Cerbos Raises $7.5 Million for Authorization Platform appeared first on SecurityWeek.
Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site
Cybersecurity firm Darktrace has issued a statement after it was listed on the leak website of the LockBit ransomware group. The post Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site appeared first on SecurityWeek.
6 best practices to develop a corporate use policy for generative AI
While there’s an open letter calling for all AI labs to immediately pause training of AI systems more powerful than GPT-4 for six months, the reality is the genie is already out of the bottle. Here are ways to get a better grasp of what these systems are capable of, and utilize them to construct […]
Russian cyberspies hit NATO and EU organizations with new malware toolset
The Polish government warns that a cyberespionage group linked to Russia’s intelligence services is targeting diplomatic and foreign ministries from NATO and EU member states in an ongoing campaign that uses previously undocumented malware payloads. The group, known in the security industry as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia’s […]
How to find and retain talent, according to CIOs
At the recent IDC CIO Summit in Dubai – themed Enabling the Digital Economy’s Leaders – the topic of talent attraction and retention was a key talking point for those at the event. Finding and keeping tech talent has never been easy but as the world of work continues to evolve and organisations shift to […]
4 ways to enable explainability in generative AI
Have you ever gazed upon a Monet painting and lost yourself for a time? I have. I love great works of art. The University of London’s research says beautiful art catalyzes an instant release of dopamine into the brain. I feel that jolt of reward and motivation when I see a masterpiece. As an artist […]
Circular innovation: how to create sustainable products
If you recycle, you’re living your belief that using and regenerating products or components in environmentally friendly ways is good for our planet and its people. By extension, you’ll likely find value in the circular economy concept. According to the renowned Ellen MacArthur Foundation, “Through design, we can eliminate waste and pollution, circulate products and […]
Google Proposes More Transparent Vulnerability Management Practices
New Google paper calls for increased transparency from vendors regarding their vulnerability management practices. The post Google Proposes More Transparent Vulnerability Management Practices appeared first on SecurityWeek.
Cisco to offer Webex air-gapped cloud system for security, defense work
The upcoming cloud system will provide an added layer of network and data handling security for companies working on national security and defense projects and collaborating through the Webex app.
Microsoft patches vulnerability used in Nokoyawa ransomware attacks
Microsoft has released a patch for a Windows zero day vulnerability that has been exploited by cybercriminals in ransomware attacks. The vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver. CLFS is a general purpose logging service that can be used by dedicated client applications and that […]
Cyfirma Raises $6 Million for Threat Management Platform
Threat intelligence and attack surface management company Cyfirma has raised $6 million in a pre-Series B funding round. The post Cyfirma Raises $6 Million for Threat Management Platform appeared first on SecurityWeek.
ChatGPT Could Return to Italy if OpenAI Complies With Rules
ChatGPT could return to Italy if its maker, OpenAI, complies with measures to satisfy regulators who imposed a temporary ban on the AI software over privacy worries. The post ChatGPT Could Return to Italy if OpenAI Complies With Rules appeared first on SecurityWeek.
Dissecting threat intelligence lifecycle problems
In my last CSO article, I looked at a few challenges related to enterprise threat intelligence programs. Security pros pointed to issues like dealing with too many manual processes, sorting through noisy threat intelligence feeds, establishing clear ROI benefits, and managing threat intelligence programs that are little more than an academic exercise for the cyber-threat […]
4 strategies to help reduce the risk of DNS tunneling
Domain name system (DNS) tunneling is a pervasive threat that enables hackers to get any data in and out of a company’s internal network while bypassing most firewalls. The domain name system translates numeric internet protocol addresses that browsers can then use to load web pages — threat actors use tunneling to exploit this process […]
Data leader Tejasvi Addagada on the value of data governance
The emergence of business models driven by data along with the evolution of modern analytics and cloud capabilities have increased the interest in data management multifold. As a result, enterprises are breaking down data siloes, transforming their data architectures, and democratizing access to data tools to accelerate decision-making. But the journey to the data-driven enterprise […]
Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data
Hikvision patches CVE-2023-28808, a critical authentication bypass vulnerability that exposes video data stored on its Hybrid SAN and cluster storage products. The post Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data appeared first on SecurityWeek.
Looking for a New Security Technology? Choose a Partner, not a Vendor
An important area of differentiation to evaluate when you make your next security investment is the vendor’s effectiveness when it comes to customer success. The post Looking for a New Security Technology? Choose a Partner, not a Vendor appeared first on SecurityWeek.
Microsoft Shares Resources for BlackLotus UEFI Bootkit Hunting
Microsoft has shared details on how threat hunters can check their systems for BlackLotus UEFI bootkit infections. The post Microsoft Shares Resources for BlackLotus UEFI Bootkit Hunting appeared first on SecurityWeek.
Why IT leaders are putting more business spin on security spend
Gartner projects that spending on information security and risk management products and services will grow 11.3% to reach more than $188.3 billion this year. But despite those expenditures, there have already been at least 13 major data breaches, including at Apple, Meta and Twitter. To better focus security spend, some chief information security officers (CISOs) are shifting […]
5 CIOs on building a service-oriented IT culture
There was a time in the not-too-distant past when the prevailing thinking among IT organizations was that what we deliver is more important than how we deliver it. Today’s most successful CIOs recognize that service missteps can make or break their team’s reputation. A culture of service excellence ensures that the IT organization is viewed […]
CIO Digital Enterprise Forum 2023: How CIOs can strategically and ethically use generative AI
The CIO Digital Enterprise Forum will be held in London on Thursday 11th May at Prospero House, London Bridge. Amit Sen from the United Nations Refugee Agency and Howard Pyle from Experience Futures will host the opening keynote. They will focus on the importance of organizations linking analytics with social impact goals and standards of […]
Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS
Irrigation systems were disrupted recently in Israel in an attack that once again shows how easy it is to hack industrial control systems (ICS). The post Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS appeared first on SecurityWeek.
Hong Kong Baptist University’s Allan Wong on his award-winning implementation of zero trust security
Allan Wong – Director of Information Technology at Hong Kong Baptist University – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the stumbling blocks in the adoption of zero trust, how to create security policies without hampering employee productivity, and more. To read this article in full, please click here
Why you should patch the Windows QueueJumper vulnerability immediately
Microsoft patched over 100 vulnerabilities this week in its products, including a zero-day privilege escalation flaw used in the wild by a ransomware gang. However, another critical vulnerability that can be easily exploited to take over Windows systems remotely over local networks and the internet is likely to be of more interest to attackers and […]
Google launches dependency API and curated package repository with security metadata
This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming languages. Today, the company also announced the general availability of its Assured Open Source Software (Assured OSS) service, which provides development teams with a Google-curated repository of security-tested […]
Where is the AI?
The recent mass media love affair with ChatGPT has led many to believe that AI is a “here and now” technology, expected to become pervasive in enterprise and consumer products in the blink of an eye. Indeed, Microsoft’s $10B investment in OpenAI, the company behind ChatGPT, has many people expecting a complete and thorough integration […]
Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments
When every environment is treated the same, teams get consistent visibility, a unified view, and a common language to describe what’s happening for detection, investigation, and response across dispersed multi-cloud and hybrid environments. The post Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments appeared first on SecurityWeek.
Building a vision for real-time artificial intelligence
By George Trujillo, Principal Data Strategist, DataStax I recently had a conversation with a senior executive who had just landed at a new organization. He had been trying to gather new data insights but was frustrated at how long it was taking. (Sound familiar?) After walking his executive team through the data hops, flows, integrations, […]
Wazuh launches version 4.4 with a suite of new capabilities
Open source security provider Wazuh has launched the latest version of its unified extended detection and response (XDR) and security information and event management (SIEM) platform with a suite of upgraded capabilities. Wazuh 4.4 adds a string of new features to Wazuh agents and managers, which users deploy on endpoints and servers respectively. These features […]
Searchlight Cyber launches Stealth Browser for safe dark web access
Dark web intelligence company Searchlight Cyber has announced the launch of Stealth Browser – a new, secure virtual machine for cyber professionals to access the dark web and conduct investigations anonymously, reducing the risk to themselves and their organization. Stealth Browser is an enhancement to Searchlight’s Cerberus investigation platform, which is used by law enforcement […]
Inside-Out Defense launches privilege access abuse detection, remediation platform
Cybersecurity vendor Inside-Out Defense has emerged from stealth with the launch of a new privilege access abuse detection and remediation platform. The SaaS, agentless platform supports all environments and applications, complementing existing identity and access management (IAM), privilege access management (PAM), and custom identity solutions, the firm said. Stolen access credentials are highly attractive to […]
Fortinet Patches Critical Vulnerability in Data Analytics Solution
A critical vulnerability in Fortinet’s FortiPresence data analytics solution leads to remote, unauthenticated access to Redis and MongoDB instances. The post Fortinet Patches Critical Vulnerability in Data Analytics Solution appeared first on SecurityWeek.
400,000 Users Hit by Data Breach at Media Player Maker Kodi
Media player maker Kodi has started rebuilding its user forum after hackers stole databases containing user posts, messages, and login credentials. The post 400,000 Users Hit by Data Breach at Media Player Maker Kodi appeared first on SecurityWeek.
Biden Administration Seeks Input on AI Safety Measures
The Biden administration wants stronger measures to test the safety of artificial intelligence tools such as ChatGPT before they are publicly released. The post Biden Administration Seeks Input on AI Safety Measures appeared first on SecurityWeek.
Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks
A Windows zero-day tracked as CVE-2023-28252 and fixed by Microsoft with its April Patch Tuesday updates has been exploited in Nokoyawa ransomware attacks. The post Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks appeared first on SecurityWeek.
SAP Patches Critical Vulnerabilities in Diagnostics Agent, BusinessObjects
Two critical vulnerabilities in SAP Diagnostics Agent allow attackers to execute malicious commands on all monitored systems. The post SAP Patches Critical Vulnerabilities in Diagnostics Agent, BusinessObjects appeared first on SecurityWeek.
OpenAI starts bug bounty program with cash rewards up to $20,000
Microsoft-backed OpenAI has launched a bug bounty program and is inviting the global community of security researchers, ethical hackers, and technology enthusiasts to help the company identify and address vulnerabilities in its artificial intelligent systems. “We are excited to build on our coordinated disclosure commitments by offering incentives for qualifying vulnerability information,” OpenAI said in […]
How Microsoft’s Shared Key authorization can be abused and how to fix it
When many of us moved our server and application needs to the cloud, we rejoiced that we no longer had to worry about the drudgery of patching. We didn’t have to monitor servers and their Patch Tuesday deployments; it was all in Microsoft’s hands. But as often occurs with cloud deployments, a solution that means […]
Going nuts: California’s largest almond cooperative streamlines its supply chain
During the pandemic, nut lovers were alarmed to see shelves in their favorite part of the supermarket empty–and devoid of the roasted delicacies they craved. Now, we finally understand why. In addition to the usual threats–droughts, wildfires, and weather–California almond growers had to contend with wild fluctuations in supply and demand while transportation resources became […]
Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers
3CX has confirmed previous reports that the recently disclosed supply chain attack was likely conducted by North Korean hackers. The post Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers appeared first on SecurityWeek.
Virtual Event Today: Zero Trust Strategies Summit
Join us for SecurityWeek’s 2023 Zero Trust Strategies Summit as we decipher the confusing world of zero trust and share war stories on securing an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. The post Virtual Event Today: Zero Trust Strategies Summit appeared first on SecurityWeek.
CISA Publishes New Guidance for Achieving Zero Trust Maturity
CISA has published the second version of its guide describing the necessary strategies and policies to achieve zero trust maturity. The post CISA Publishes New Guidance for Achieving Zero Trust Maturity appeared first on SecurityWeek.
Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware
Microsoft and Citizen Lab release information on the activities, malware and victims of Israeli spyware vendor QuaDream. The post Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware appeared first on SecurityWeek.
5 tips for tackling technical debt
CIOs have contended with technical debt for decades, yet many still struggle to adequately manage it. And it’s costing them. Management consulting firm Protiviti surveyed more than 1,000 tech execs for its 2023 Global Technology Executive Survey and found that technical debt is a leading obstacle to innovation for nearly 70% of organizations. Executives also […]
How Canadian Tire CIO & CTO balances lessons learned and leading with purpose
Having celebrated its 100th anniversary last year, Canadian Tire has had to perform some deft manoeuvring in the last couple of years to become more agile. And with his dual titles at the company—CIO and CTO—Rex Lee is in the driver’s seat to support digital transformation and implement shared knowledge across teams and management. No […]
CIO Digital Enterprise Forum 2023: How CIOs can strategically and ethically use generative AI
The CIO Digital Enterprise Forum will be held in London on Thursday 11th May at Prospero House, London Bridge. Amit Sen from the United Nations Refugee Agency and Howard Pyle from Experience Futures will host the opening keynote. They will focus on the importance of organizations linking analytics with social impact goals and standards of […]
plusserver: Offering a sovereign GDPR-compliant cloud “made in Germany”
Alexander Wallner, CEO of plusserver, believes the importance of the sovereign cloud services and solutions needed to ensure that data is protected, safe, and compliant cannot be overemphasized. He is also quick to point out that plusserver takes responsibility for the cloud-based operations of its growing customer base, which includes enterprises across industries and throughout […]
Accelerating innovation with cloud-native apps on Microsoft Cloud
The financial services sector is undergoing rapid change as fintechs develop convenient, consumer-focused services that were once the province of traditional banks. We spoke with Siddhartha Gupta, Global Head of Application Modernization on Azure at Tata Consultancy Services (TCS), about this trend and what financial services organizations need to do to improve their capacity for […]
ChatGPT Creator OpenAI Ready to Pay Hackers for Security Flaws
ChatGPT creator OpenAI announced a new bug bounty program that will pay up to $20,000 for advance notice on security vulnerabilities found by hackers. The post ChatGPT Creator OpenAI Ready to Pay Hackers for Security Flaws appeared first on SecurityWeek.
Cohesity aims an OpenAI-powered chatbot to secure your data sets
Generative AI is coming to both line-of-business data analysis as well as security, as Cohesity deepens its ties to Microsoft.
Aruba AIOps for NaaS IT efficiency
By: Trent Fierro, Head of Content and Operations at Aruba, a Hewlett Packard Enterprise company. When doing something on your own, you’ll usually give yourself a little leeway, but bringing in help that is paid often creates an expectation gap. This happens because most customers expect that a service provider will meet or exceed what they’re […]
Virtual Event Tomorrow: Zero Trust Strategies Summit
Join this virtual event as we decipher the confusing world of zero trust and share war stories on securing organizations by eliminating implicit trust. The post Virtual Event Tomorrow: Zero Trust Strategies Summit appeared first on SecurityWeek.
Microsoft Patches Another Already-Exploited Windows Zero-Day
For the second month in a row, Microsoft patches for an already-exploited vulnerability in its flagship Windows operating system. The post Microsoft Patches Another Already-Exploited Windows Zero-Day appeared first on SecurityWeek.
Adobe Plugs Gaping Security Holes in Reader, Acrobat
Adobe documents 56 security defects in multiple products, some serious enough to expose Windows and macOS users to code execution attacks. The post Adobe Plugs Gaping Security Holes in Reader, Acrobat appeared first on SecurityWeek.
Iranian APT group launches destructive attacks in hybrid Azure AD environments
Recent destructive attacks against organizations that masquerade as a ransomware operation called DarkBit are likely performed by an advanced persistent threat (APT) group that’s affiliated with the Iranian government. During some of these operations the attackers didn’t limit themselves to on-premises systems but jumped into victims’ Azure AD environments where they deleted assets including entire […]
Capitalizing on the Cloud: Research Reveals Key Reason Companies Struggle
After years of compounded digital transformation, the downsides of the cloud are starting to reveal themselves. As cloud investments increase, benefits remain elusive without also investing in optimization efforts targeted at reducing cloud waste and lowering costs, that’s according to a new study published by CIO.com. Research reveals that while most companies are investing more […]
OSINT Company Fivecast Raises $20 Million
Australian OSINT software company Fivecast has raised $20 million in a Series A funding round led by Ten Eleven. The post OSINT Company Fivecast Raises $20 Million appeared first on SecurityWeek.
CrowdStrike expands Falcon platform with XDR for IoT assets
Cybersecurity vendor CrowdStrike has announced the release of new extended detection and response (XDR) capabilities within its Falcon platform to secure extended internet of things (XIoT) assets including IoT, Industrial IoT, OT, and medical devices. CrowdStrike Falcon Insight for IoT delivers tailored threat prevention, rapid patch management, and interoperability across XIoT assets to help customers […]
ZeroFox partners with Google Cloud to warn users against phishing domains
Cybersecurity provider ZeroFox has announced a partnered capability with Google Cloud to warn users of malicious URLs and fake websites in a bid to disrupt phishing campaigns. As part of the partnership, ZeroFox will automatically detect phishing domains for customers and submit verified, malicious URLs through Google Cloud’s Web Risk Submission API, disrupting attacks and […]
3 key mistakes leaders make today and how to overcome them
By Chet Kapoor, Chairman & CEO,DataStax Mistakes: we all make them. Whether it’s screwing up a demo in front of the entire leadership team or hiring the wrong person for a role, I can’t even count how many times I’ve made mistakes throughout my career. These moments are never easy, but they are always learning […]
Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse
Microsoft Azure shared key authorization can be exploited to access business data and achieve remote code execution. The post Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities
Siemens and Schneider Electric’s Patch Tuesday advisories for April 2023 address a total of 38 vulnerabilities found in their products. The post ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities appeared first on SecurityWeek.
Battle could be brewing over new FCC data breach reporting rules
On January 6, the United States Federal Communications Commission (FCC) launched a notice of proposed rulemaking (NPRM) to update its data breach reporting rules for telecommunications carriers. “The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect […]
GitGuardian’s honeytokens in codebase to fish out DevOps intrusion
Code security provider GitGuardian has added a new honeytoken module to its platform to help customers secure their software development life cycle and software supply chains with intrusion and code leakage detection assistance. Honeytokens are code scripts containing decoy credentials, which can be placed within a customer’s development environments to lure out attackers looking to […]
Why reporting an incident only makes the cybersecurity community stronger
Reporting an incident to the correct authorities or vulnerability clearinghouses can be an experience fraught with frustration. You pour time, energy, and resources into fighting an intrusion, all while keeping company officials and stakeholders up to date and preventing sensitive information from getting into the wild. Explaining what happened might seem just like another layer […]
Apple Rolls Out Zero-Day Patches to Older iOS, macOS Devices
Three days after announcing patches for new zero-days affecting iOS and macOS, Apple released fixes for devices running older operating system versions. The post Apple Rolls Out Zero-Day Patches to Older iOS, macOS Devices appeared first on SecurityWeek.
Potential Outcomes of the US National Cybersecurity Strategy
The national strategy outlined by the Federal Government on March 1, 2023, is a monumental attempt to weave a consistent approach to cybersecurity for the whole nation. The post Potential Outcomes of the US National Cybersecurity Strategy appeared first on SecurityWeek.
Yum Brands Discloses Data Breach Following Ransomware Attack
KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack. The post Yum Brands Discloses Data Breach Following Ransomware Attack appeared first on SecurityWeek.
3 ‘phase 0’ digital transformation errors no IT leader should make
Digital transformation has embedded IT at the center of business strategy, making all organizations technology enterprises today, irrespective of their industry. Business processes, culture, workflow, and systems are all necessarily impacted by digital transformation efforts, which by definition overhaul how business gets done, expediting efficiencies, modernizing the enterprise, and — when executed well — enhancing […]
Novanta’s Sarah Betadam on transforming the IT model status quo
Over the next five years, the healthcare industry is expected to go through dramatic changes as service providers expand value-based care models and equipment manufacturers strive to keep pace in a digital-first world. One factor driving global transformation is the push to bring healthcare services, as well as responsibilities and control, closer to consumers. By […]
Multi-cloud is the future of enterprise
By Andy Nallappan, Chief Technology Officer & Head of Software Business Operations, Broadcom This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. Multi-cloud is the future of enterprise IT. The evidence is […]
Microsoft Exchange Server 2013 Reaches End of Support
Microsoft Exchange Server 2013 has reached end of support on April 11, 2023, and will no longer receive security patches. The post Microsoft Exchange Server 2013 Reaches End of Support appeared first on SecurityWeek.
Australian Finance Company Refuses Hackers’ Ransom Demand
Latitude Financial said it had recently received a ransom threat from the group behind the cyberattack, which it was ignoring in line with government advice. The post Australian Finance Company Refuses Hackers’ Ransom Demand appeared first on SecurityWeek.
Tesla Sued Over Workers’ Alleged Access to Car Video Imagery
A Tesla owner is seeking class action status for a lawsuit accusing the automaker of allowing its workers to use intimate or embarrassing imagery captured by the electric vehicles. The post Tesla Sued Over Workers’ Alleged Access to Car Video Imagery appeared first on SecurityWeek.
Toyota pushes IT automation into overdrive
Automation has long been the lifeblood of IT work. In pockets throughout the organization, the call to automate processes has always been a key driver of IT agendas, whether it be to overhaul targeted processes within the sales or marketing function, or within IT itself. But the rise of digital capabilities such as AI and […]
Crafting IT innovation strategies for real-world value
Jeff Dirks is fascinated by new technologies like generative AI. But when it comes to implementation, the chief information and technology officer of workforce augmentation firm TrueBlue chooses a path that trails early adopters. “We’re in the early majority,” is the CIO/CTO’s blunt self-assessment. Although many IT leaders would like to think of themselves — […]
MSI Confirms Cyberattack, Issues Firmware Download Guidance
Tech giant MSI confirms a cyberattack that resulted in system disruptions and possible exposure to firmware image manipulations. The post MSI Confirms Cyberattack, Issues Firmware Download Guidance appeared first on SecurityWeek.
Microsoft: Iranian Gov Hackers Caught in Azure Wiper Attacks
Microsoft catches an Iranian government-backed APT launching destructive Azure wiper attacks disguised as ransomware. The post Microsoft: Iranian Gov Hackers Caught in Azure Wiper Attacks appeared first on SecurityWeek.
Veritas Vulnerabilities Exploited in Ransomware Attacks Added to CISA ‘Must Patch’ List
CISO ordered federal agencies to patch Veritas Backup Exec vulnerabilities exploited in ransomware attacks. The post Veritas Vulnerabilities Exploited in Ransomware Attacks Added to CISA ‘Must Patch’ List appeared first on SecurityWeek.
Most Attack Paths Are Dead Ends, but 2% Lead to Critical Assets: Report
Security posture management firm XM Cyber took tens of thousands of attack path assessments involving more than 60 million exposures affecting 20 million entities during 2022. The post Most Attack Paths Are Dead Ends, but 2% Lead to Critical Assets: Report appeared first on SecurityWeek.
What is the true potential impact of artificial intelligence on cybersecurity?
Will artificial intelligence become clever enough to upend computer security? AI is already surprising the world of art by producing masterpieces in any style on demand. It’s capable of writing poetry while digging up arcane facts in a vast repository. If AIs can act like a bard while delivering the comprehensive power of the best […]
What business executives don’t understand about IT
When I graduated from college, I worked as an assembler language programmer for Sears. At that time, Sears was the world’s largest retailer and it was just beginning to use the new System 360 from IBM. IT was looked upon as a group of techies that performed some unexplainable job that was supposed to revolutionize […]
AI: A Hidden Key to Brand Trust and Loyalty
By Bryan Kirschner, Vice President, Strategy at DataStax Artificial intelligence is something developers are excited to work on. So much so that many enterprises give their AI systems names to better tout their innovations and aspirations to the world (Halo at Priceline or Michelangelo at Uber, for example). But, as the saying goes, when it […]
CISA warns of critical flaws in ICS and SCADA software from multiple vendors
The US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories this week covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors. Some of the flaws are rated critical and two of them already have public exploits. The impacted products include: Scadaflex II controllers made by […]
Bridging the developer skills gaps in enterprises
About 20 years ago, during the “dot-com” era, technology impacted a relatively small portion of the enterprise, and very few would consider themselves tech companies. Today, every company needs to think and act like a software company to compete in our digital world. As mainstream companies race to modernize their business and migrate to the […]
Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days
The newest iOS 16.4.1 and iPadOS 16.4.1 patches a pair of code execution flaws that have already been exploited in the wild. The post Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days appeared first on SecurityWeek.
DoJ: Estonian Man Tried to Acquire US-Made Hacking Tools for Russia
Andrey Shevlyakov was charged in the US for helping the Russian government and military purchase US-made electronics and hacking tools. The post DoJ: Estonian Man Tried to Acquire US-Made Hacking Tools for Russia appeared first on SecurityWeek.
Putting AI to Work: Generative AI Meets the Enterprise
Five days after its launch, ChatGPT exceeded 1 million users1. Generative AI (GenAI), the basis for tools like OpenAI ChatGPT, Google Bard and Meta LLaMa, is a new AI technology that has quickly moved front and center into the global limelight. GenAI’s hallmark is the ability to answer almost any question on demand, converting text-based queries […]
Secret US Documents on Ukraine War Plan Spill Onto Internet: Report
Secret documents that reportedly provide details of US and NATO plans to help prepare Ukraine for a spring offensive against Russia have spilled onto social media platforms. The post Secret US Documents on Ukraine War Plan Spill Onto Internet: Report appeared first on SecurityWeek.
NTC Vulkan leak shows evolving Russian cyberwar capabilities
National habits and perspectives on waging war are not just apparent in terrestrial conflict. In cyberspace, national ways of cyberwar clearly exist. From the unusually aggressive style of Israeli responses to regional cyber threat activities to the consistent correlation between Communist Party interests and China-attributed cyber espionage, a host of examples show that diverse geopolitical […]
Tesla Retail Tool Vulnerability Led to Account Takeover
A vulnerability in Tesla’s Retail Tool application allowed a researcher to take over accounts of former employees. The post Tesla Retail Tool Vulnerability Led to Account Takeover appeared first on SecurityWeek.
Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance
Sophos patches critical unauthenticated code execution vulnerability in Sophos Web Appliance. The post Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance appeared first on SecurityWeek.
Technical, Legal Action Taken to Prevent Abuse of Cobalt Strike, Microsoft Software
Microsoft, Fortra and Health-ISAC have taken legal and technical action to prevent the abuse of the Cobalt Strike exploitation tool and Microsoft software. The post Technical, Legal Action Taken to Prevent Abuse of Cobalt Strike, Microsoft Software appeared first on SecurityWeek.
CIOs step in to help upgrade Africa’s account management systems
As globalization evolves, accounting becomes more central to the development of a modern economy, with the need for greater trust in digital financial transactions. Some African entrepreneurs have begun to address this urgency by developing atypical accounting automation and new management systems where CIOs drive the ins and outs of the processes to keep up […]
OpenAI to Offer Remedies to Resolve Italy’s ChatGPT Ban
The company behind ChatGPT will propose measures to resolve data privacy concerns that sparked a temporary Italian ban on the artificial intelligence chatbot The post OpenAI to Offer Remedies to Resolve Italy’s ChatGPT Ban appeared first on SecurityWeek.
Seized Genesis malware market's infostealers infected 1.5 million computers
Infamous hacker marketplace Genesis, which was taken down this week by an international law enforcement operation involving 17 countries, was selling access to millions of victim computers gained via the DanaBot infostealer and likely other malware. Trellix, the cybersecurity firm that assisted in the takedown of the Genesis site, said that malware used by Genesis […]
Default static key in ThingsBoard IoT platform can give attackers admin access
Developers of ThingsBoard, an open-source platform for managing IoT devices that’s used in various industry sectors, have fixed a vulnerability that could allow attackers to escalate their privileges on a server and send requests with administrative privileges. The vulnerability, tracked as CVE-2023-26462, was discovered and privately reported by researchers from IBM Security X-Force. It stems […]
How Foodstuffs North Island’s IT team weathered recent NZ storms to keep stores operational
New Zealand’s start to 2023 has been challenging, with Auckland hit by torrential flooding in January followed by Cyclone Gabrielle in February, which left a trail of destruction across Northland, Hawkes Bay, and the East Coast. For Foodstuffs North Island, the supermarket cooperative behind well-known brands like New World, Pak’nSave, and Four Square, several of […]
Empowering the Edge: Five Best Practices to Unlock Manufacturing Potential
Across the manufacturing industry, innovation is happening at the edge. Edge computing allows manufacturers to process data closer to the source where it is being generated, rather than sending it offsite to a cloud or data center for analysis and response. For an industry defined by machinery and supply chains, this comes as no surprise. The […]
Cisco Patches Code and Command Execution Vulnerabilities in Several Products
Cisco has released patches for high-severity vulnerabilities impacting Secure Network Analytics and Identity Services Engine (ISE) products. The post Cisco Patches Code and Command Execution Vulnerabilities in Several Products appeared first on SecurityWeek.
Google Wants Android Users to Have More Control Over Their Data
Developers of Android applications will be required by Google to allow users to delete their account and data from within the app and online. The post Google Wants Android Users to Have More Control Over Their Data appeared first on SecurityWeek.
Thieves Use CAN Injection Hack to Steal Cars
An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars. The post Thieves Use CAN Injection Hack to Steal Cars appeared first on SecurityWeek.
CREST publishes guide for enhancing cyber resilience in developing countries
International information security accreditation and certification body CREST has published a new guide to fostering financial sector cyber resilience in developing countries. The nonprofit’s Resilience in Developing Countries paper forms part of its work in encouraging greater cyber readiness and resilience in emerging nations to help protect key industries from cyberattacks. The guide outlines that, […]
Financial Fraud-Focused Cybercrime Marketplace ‘Styx’ Emerges
Recently identified dark web portal Styx Marketplace focuses on financial fraud, identity theft, and money laundering. The post Financial Fraud-Focused Cybercrime Marketplace ‘Styx’ Emerges appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 41 Deals Announced in March 2023
Forty-one cybersecurity-related M&A deals were announced in March 2023. The post Cybersecurity M&A Roundup: 41 Deals Announced in March 2023 appeared first on SecurityWeek.
Success of Genesis Market Takedown Attempt Called Into Question
Law enforcement announced the takedown of Genesis Market, but the impact on the cybercrime marketplace’s infrastructure may be limited. The post Success of Genesis Market Takedown Attempt Called Into Question appeared first on SecurityWeek.
Cyber threat intelligence programs: Still crazy after all these years
When I asked CISOs about their cyber threat intelligence (CTI) programs about five years ago, I got two distinct responses. Large, well-resourced enterprises were investing their threat intelligence programs with the goal of better operationalizing it for tactical, operational, and strategic purposes. Smaller, resource-constrained and SMB organizations often recognized the value of threat intelligence, but […]
The 4-year debate: Do degree requirements still matter for IT?
Antonio Taylor landed his first IT job in 1999, having decided to leave his pre-law studies at college and get into tech instead. He earned a Novell certification, believing it was a quick, effective way to get into a well-paying field with growth potential. Plus, he liked technology, saying, “Computers were always easy to me.” […]
Industry leaders show the wisdom of going all-in on AI
Despite all the attention generative AI is getting right now, most organizations have done little with artificial intelligence. That is a big mistake, says Tom Davenport, senior advisor to Deloitte’s Analytics practice. Enterprises, especially industry leaders, need to be all-in on AI if they are to remain competitive. To truly benefit from AI investments, organizations […]
IHH Healthcare’s Francis Yeow on talent
Francis Yeow – Country Information Security Officer of Singapore at IHH Healthcare – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about talent, risk culture in organisations, and more. To read this article in full, please click here
To Improve Customer Experience, Improve the Digital Employee Experience
You heard about a nightmare scenario playing out for peers at other companies and hope it doesn’t affect yours. Trouble tickets are rolling in, and there’s a lack of qualified people to address security alerts and help desk issues right when customer demand, supply shortages, and potential threats are at their peak. Even with flexible […]
Your digital transformation formula for success
Your digital transformations may have turned your network operations on its head. You’ve moved workloads out to the cloud, adopted SD-WAN technologies and most of your critical applications are now hosted in a SaaS environment. So how do you manage operations when your users aren’t even using your enterprise network anymore? Join Broadcom for our […]
Increase customer protection with edge security
Traditional IT security methods are increasingly flawed and the volume and sophistication of threats continue to increase. According to NETSCOUT, one DDoS attack occurs every three seconds, and the Cybersecurity and Infrastructure Security Agency recently added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, with new common vulnerabilities and exposures (CVEs) growing over 25% […]
Improving employee experience in the hybrid workplace with Microsoft 365
Though three-quarters of U.S. employers now offer hybrid work, some banks and insurance companies have been slow to embrace this emerging work model. We spoke with Ashok Krish, Global Head of Digital Workplace at TCS, about how hybrid work will impact employers – and their employees – in the financial services industry. How will hybrid […]
Micro Logic’s Projet Cirrus – Bringing Sovereign Cloud to Canada
Stéphane Garneau, the president of Quebec-based Micro Logic, still sees the same forces driving private sector enterprises and public sector agencies to seek out sovereign cloud solutions now that he witnessed nearly a decade ago. “We first made the commitment to create and offer sovereign cloud solutions and services in 2014,” says Garneau. “At the […]
What you need to know to accelerate your cloud and data strategy
At Choice Hotels, cloud is a tool to help the hospitality giant achieve corporate goals. That can include making progress on immediate objectives, such as environmental sustainability, while keeping an eye on trendy topics such as the metaverse and ChatGPT. “We’re investing in technology, we’re investing in leveraging the cloud to do meaningful things while […]
Why Financial Institutions are Banking on AI
Today, AI-powered banks see advantages in applying the technology to a gamut of mission-critical needs—from customer service and fraud prevention to meeting environmental, social and governance standards. With AI to enhance every line of business and function, banks report significant return on investment (ROI) including the ability to increase productivity, reduce risk and keep customers […]
Tax Return Filing Service eFile.com Caught Serving Malware
Online tax return filing service eFile.com was injected with malicious JavaScript code serving malware to visitors. The post Tax Return Filing Service eFile.com Caught Serving Malware appeared first on SecurityWeek.
Push Security Raises $15 Million in Series A Funding
Push Security has raised $15 million in a Series A funding round led by Google Ventures. The post Push Security Raises $15 Million in Series A Funding appeared first on SecurityWeek.
Obsidian launches new SaaS security and compliance tools
Cybersecurity firm Obsidian has launched its SaaS security posture management (SSPM) solution with new security and compliance tools to help organizations manage third-party SaaS integrations. The SaaS-based deployment will feature three primary modules including Obsidian Compliance Posture Management (CPM), Obsidian Integration Risk Management, and Obsidian Extend. “Obsidian not only provides posture hardening and third-party SaaS […]
In a Time of Environmental Disruption, DSM ‘Does Something Meaningful’
“Doing Something Meaningful.” The term is instilled in employees at Dutch health, nutrition, and bioscience company Royal DSM N.V. (DSM), a Heerlen-based organization committed to improving global health by setting ambitious environmental, social, and governance (ESG) targets. It’s a lofty ambition in a volatile era in which global businesses are impacted by ongoing inflation and restrained […]
KPMG Tackles AI Security With Cranium Spinout
Consulting giant KPMG spins out a startup building technology to secure AI (artificial intelligence) applications and deployments. The post KPMG Tackles AI Security With Cranium Spinout appeared first on SecurityWeek.
Chrome 112 Patches 16 Security Flaws
Chrome 112 was released to the stable channel this week with 16 security fixes, including 14 for vulnerabilities reported by external researchers. The post Chrome 112 Patches 16 Security Flaws appeared first on SecurityWeek.
Android’s April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities
Android’s April 2023 security updates were released this week with patches for two critical-severity vulnerabilities leading to remote code execution. The post Android’s April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities appeared first on SecurityWeek.
Cybercrime Website Genesis Market Seized by FBI
The FBI has seized Genesis Market, a major cybercrime website offering stolen device fingerprints. The post Cybercrime Website Genesis Market Seized by FBI appeared first on SecurityWeek.
Strategic risk analysis is key to ensure customer trust in product, customer-facing app security
CISOs are no longer only responsible for the cybersecurity of systems used internally. In many organizations they also focus on securing products and public-facing applications, and one way to do this well is through risk assessment. Assessing risk requires identifying baseline security criteria around key elements such as customer contracts and regulatory requirements, Neil Lappage, […]
Let’s pump the brakes on the rush to incorporate AI into cybersecurity
It seems that everyone is rushing to embed artificial intelligence into their solutions, and security offerings are among the latest to obtain this shiny new thing. Like many, I see the potential for AI to help bring about positive change, but also its potential as a threat vector. To some, recent AI developments are a […]
5 methods to adopt responsible generative AI practice at work
Midjourney, ChatGPT, Bing AI Chat, and other AI tools that make generative AI accessible have unleashed a flood of ideas, experimentation and creativity. If you want to harness that in your organization, questions remain about where to start putting AI to work and how to do it without running into ethical dilemmas, copyright infringement, or […]
6 steps to measure the business value of IT
IT is no longer perceived as a cost factor or a pure support function at many organizations, according to management consultancy 4C Group’s Markus Matschi. And the digitization push during the pandemic accelerated this. But despite such advances, the question of the value contribution of IT isn’t always clearly answered. “Due to the increasing relevance and added value […]
Leveraging CIO experience into corporate board work
You’ve had a great CIO career filled with transformational triumphs and award-winning projects and teams. What’s next for your career before you retire? Board service, of course! With cybersecurity keeping CEOs up at night and digital transformation all the rage, the number of CIOs on corporate boards is increasing. For experienced IT leaders looking to […]
Nexx Ignores Vulnerabilities Allowing Hackers to Remotely Open Garage Doors
Nexx has ignored repeated attempts to report critical product vulnerabilities that can be exploited to remotely open garage doors, and take control of alarms and smart plugs. The post Nexx Ignores Vulnerabilities Allowing Hackers to Remotely Open Garage Doors appeared first on SecurityWeek.
Your Data Architecture Holds the Key to Unlocking AI’s Full Potential
In the words of J.R.R. Tolkien, “shortcuts make long delays.” I get it, we live in an age of instant gratification, with Doordash and Grubhub meals on-demand, fast-paced social media and same-day Amazon Prime deliveries. But I’ve learned that in some cases, shortcuts are just not possible. Such is the case with comprehensive AI implementations; […]
How to Navigate Market Pressures with Cloud-based Network Management
By: Shruthi Kalale Prakashan, Sr. Manager, Product Marketing, Aruba Central. For many organizations large and small, the COVID-19 pandemic was the tipping point for cloud adoption. Unsurprisingly, more than half of enterprise IT spending in key market segments will shift to the cloud by 2025, according to Gartner. [1] As the cloud continues to play […]
Hackers steal crypto assets by defeating 2FA with rogue browser extension
Multiple attacker groups are using a malicious browser extension for Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera that’s aimed at stealing cryptocurrency assets from multiple websites and online wallets. The extension works by injecting rogue code into websites locally in the browser to defeat two-factor authentication and delete automated alerts from […]
UK fines TikTok $15.8 million for GDPR violation of children's privacy
The UK’s Information Commissioner’s Office announced today that it has levied a nearly $16 million fine against TikTok for “a number of breaches” of the country’s data protection law. Central to the ICO’s decision to fine TikTok are the estimated 1.4 million UK children under 13 years of age, who were allowed to sign up […]
Snyk bolsters developer security with fresh devsecop, cloud capabilities
Cybersecurity application provider Snyk has added fresh capabilities to its flagship developer security platform to improve programming productivity and help secure software supply chains. The series of enhancements to Snyk’s namesake platform includes security support for C/C++ applications, new capabilities for infrastructure as code (IaC), automated security for container supply chains, and new devsecops collaboration […]
New Rorschach ransomware hits with unique features and very fast encryption
Researchers warn of a new strain of ransomware dubbed Rorschach that doesn’t appear to be related to previously known threats and uses several unique features in its implementation, including one of the fastest file encryption routines observed so far. “A behavioral analysis of the new ransomware suggests it is partly autonomous, spreading itself automatically when […]
Strivacity Scores $20M for CIAM Expansion Plans
Strivacity, a Virginia startup working on technology to simplify and secure customer logins, has attracted $20 million in funding to fuel global expansion plans. The post Strivacity Scores $20M for CIAM Expansion Plans appeared first on SecurityWeek.
UK data regulator issues warning over generative AI data protection concerns
The UK’s data regulator has issued a warning to tech companies about protecting personal information when developing and deploying large language, generative AI models. Less than a week after Italy’s data privacy regulator banned ChatGPT over alleged privacy violations, the Information Commission’s Office (ICO) published a blog post reminding organizations that data protection laws still […]
Unlocking value and success for partners
By Hock Tan, Broadcom President & CEO In the years that I have led Broadcom, I have found two things to be true for technology leaders: First, success with your customers starts with success with your ecosystem partners; and second, driving ecosystem growth is key to maintaining the growth of your own business. This is […]
TrustCloud releases TrustRegister to help gauge business impact of risks
Trust assurance platform TrustCloud has announced the release of the TrustRegister application to help software companies identify risks and understand risk-related revenue/business impact. TrustRegister is the newest addition to the TrustCloud platform and is built to automatically assign, notify, and prioritize tasks and remediation plans to help businesses elevate governance, risk management, and compliance (GRC) […]
Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA ‘Must Patch’ List
CISA has added to its Known Exploited Vulnerabilities catalog a Zimbra vulnerability exploited in attacks targeting NATO countries The post Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA ‘Must Patch’ List appeared first on SecurityWeek.
Trustle Raises $6M Seed Funding for Access Management Tech
California startup Trustle banks a $6 million seed round to join the competitive cloud access management technology space. The post Trustle Raises $6M Seed Funding for Access Management Tech appeared first on SecurityWeek.
TikTok’s Trials and Tribulations Continue With UK Data Protection Fine
The UK’s data protection regulator fined TikTok £12.7 million for “failing to use children’s personal data lawfully” The post TikTok’s Trials and Tribulations Continue With UK Data Protection Fine appeared first on SecurityWeek.
CardinalOps Extends MITRE ATT&CK-based Detection Posture Management
Tel Aviv- and Boston-based CardinalOps has extended its detection posture management capability with MITRE ATT&CK Security Layers. The post CardinalOps Extends MITRE ATT&CK-based Detection Posture Management appeared first on SecurityWeek.
Self-Propagating, Fast-Encrypting ‘Rorschach’ Ransomware Emerges
The sophisticated, self-propagating Rorschach ransomware is one of the fastest at encrypting victim’s files. The post Self-Propagating, Fast-Encrypting ‘Rorschach’ Ransomware Emerges appeared first on SecurityWeek.
NATO Seeks Contractors to Test Security of Web Assets
NATO is looking for penetration testing vendors to assess the security of its internet-facing web assets. The post NATO Seeks Contractors to Test Security of Web Assets appeared first on SecurityWeek.
Cybereason Raises $100 Million, Appoints New CEO
Cybereason appoints new CEO as it receives $100 million in venture funding from SoftBank Corp. The post Cybereason Raises $100 Million, Appoints New CEO appeared first on SecurityWeek.
3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms
3CX supply chain attack appears to have been conducted by North Korean hackers with the goal of targeting cryptocurrency firms. The post 3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms appeared first on SecurityWeek.
Views of a hot cyberwar — the Ukrainian perspective on Russia’s online assault
In a recent report issued by the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) titled “Russia’s Cyber Tactics: Lessons Learned in 2022 — SSSCIP analytical report on the year of Russia’s full-scale cyberwar against Ukraine” readers obtained a 10,000-foot overview of what a hot cyberwar entails from the Ukrainian perspective. The […]
CIOs and CDOs: A vital partnership for data value
CIOs collaborate with C-suite colleagues on a regular basis. Given the high value of data and analytics to business, among the most important of these relationships is the one a CIO develops with their chief data officer (CDO). A CDO is responsible for enterprise-wide governance and use of information as an asset, through data analysis, processing, mining, […]
3 ways CIOs should drive the future of work
“Who owns and oversees employee experience and the future of work at your organization” is a question I’ve been asking CIOs and IT leaders a lot of late. The ensuing conversation usually reveals a telling disconnect that CIOs should remedy for the health of their companies. Most IT leaders pause before responding to this question. […]
China to probe Micron over cybersecurity, in chip war’s latest battle
The Chinese government will investigate US-based Micron as a potential cyberthreat, in the latest move in an ongoing semiconductor trade dispute that is disrupting the chip supply chain.
Cloud ROI: Getting Innovation Economics Right with FinOps
Is the cloud a good investment? Does it deliver strong returns? How can we invest responsibly in the cloud? These are questions IT and finance leaders are wrestling with today because the cloud has left many companies in a balancing act—caught somewhere between the need for cloud innovation and the fiscal responsibility to ensure they […]
Cisco to Acquire Cloud Security Firm Lightspin for Reported $200 Million
Cisco is set to acquire Israel-based cloud security company Lightspin for a reported $200-250 million. The post Cisco to Acquire Cloud Security Firm Lightspin for Reported $200 Million appeared first on SecurityWeek.
How to Cut Costs by 20+%: Lessons from Managing $34B in IT Spend
Evaluating and managing billions of dollars in IT spending across 400 tech providers in 200 countries provides valuable experience in verified ways to cut costs and accelerate IT financial management tasks. Want to tap into a wealth of cost-cutting knowledge gleaned from 60 IT cost management consultants who are engaged in hundreds of cost-reduction projects […]
12 ways IT leaders can build business buy-in
CEOs continue to see the need for more collaboration between IT and the business units, so much so that in a recent survey CEOs listed that as the No. 1 objective for the IT function. The State of the CIO Study 2023 from Foundry, an IDG company and publisher of CIO.com, found strengthening IT and […]
Israeli cybersecurity firm launches managed services offering for MSPs
Israel-based managed cybersecurity provider Guardz has announced the general availability of its first cybersecurity offering for managed service providers (MSP) and IT professionals. “The launch of this dedicated MSP platform brings Guardz one step closer to our goal of democratizing enterprise-grade level cybersecurity technologies,” said Dor Eisner, co-founder and CEO of Guardz. “MSPs will be […]
3 Ways Companies Will Double Down on Agent Experience in 2023
The current state of the contact center agent is clear, but for those unaware or overlooking this opportunity for improvement: agent attrition rates currently hover around 40%, the cost of replacing just one agent is between $10k-$20k, and 97% of agents are sometimes or almost always burned out. Unengaged employees (undoubtedly including contact center agents) collectively cost $7.8 trillion in lost productivity, or about 11% of […]
ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications
Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it. The post ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications appeared first on SecurityWeek.
Elementor Pro Plugin Vulnerability Exploited to Hack WordPress Websites
A severe vulnerability in the Elementor Pro WordPress plugin is being exploited to inject malware into vulnerable websites. The post Elementor Pro Plugin Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.
Microsoft OneNote Starts Blocking Dangerous File Extensions
Microsoft is boosting the security of OneNote users by blocking embedded files with extensions that are considered dangerous. The post Microsoft OneNote Starts Blocking Dangerous File Extensions appeared first on SecurityWeek.
US Defense Department Launches ‘Hack the Pentagon’ Website
New ‘Hack the Pentagon’ website helps DoD organizations launch bug bounty programs and recruit security researchers. The post US Defense Department Launches ‘Hack the Pentagon’ Website appeared first on SecurityWeek.
Western Digital Shuts Down Services Due to Cybersecurity Breach
Western Digital shuts down several of its services after discovering a network security breach. The post Western Digital Shuts Down Services Due to Cybersecurity Breach appeared first on SecurityWeek.
4.8 Million Impacted by Data Breach at TMX Finance
Consumer loan provider TMX Finance is informing over 4.8 million individuals that their personal information was stolen in a data breach. The post 4.8 Million Impacted by Data Breach at TMX Finance appeared first on SecurityWeek.
Europe, North America Most Impacted by 3CX Supply Chain Hack
Europe, the United States and Australia seem to be the most impacted by the 3CX supply chain hack, according to data from two cybersecurity firms. The post Europe, North America Most Impacted by 3CX Supply Chain Hack appeared first on SecurityWeek.
5 strategies to manage cybersecurity risks in mergers and acquisitions
Mergers and acquisitions (M&A) have the potential to introduce significant cybersecurity risks for organizations. M&A teams are generally limited in size and focused on financials and business operations, with IT and cybersecurity taking a back seat early in the process, according to Doug Saylors, partner and co-lead of cybersecurity with global technology research and advisory […]
MLSE looks to revolutionize sports experience with digital R&D lab
Digital solutions and data analytics are changing the world of sports entertainment at a rapid clip. From how players train, to how teams make strategic decisions during games, to how venues operate and fans engage, sports organizations are turning to software engineers and data scientists to help transform the sport experience. In Toronto, Maple Leaf […]
The future of trust—no more playing catch up
By Eric Chien, Director of Security Response, Symantec Enterprise Division, Broadcom This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. It is difficult to overestimate the impact Covid had on the […]
Darktrace/Email upgrade enhances generative AI email attack defense
Darktrace has announced a new upgrade to its Darktrace/Email product with enhanced features that defend organizations from evolving cyberthreats including generative AI business email compromise (BEC) and novel social engineering attacks. Among the new capabilities are an AI-employee feedback loop; account takeover protection; insights from endpoint, network, and cloud; and behavioral detections of misdirected emails, […]
TikTok Attorney: China Can’t Get U.S. Data Under Plan
TikTok general counsel says company is trying to make it physically impossible for any government, including China, to access to U.S. user data. The post TikTok Attorney: China Can’t Get U.S. Data Under Plan appeared first on SecurityWeek.
Italy Temporarily Blocks ChatGPT Over Privacy Concerns
Italy is temporarily blocking the artificial intelligence software ChatGPT in the wake of a data breach as it investigates a possible violation of stringent European Union data protection rules. The post Italy Temporarily Blocks ChatGPT Over Privacy Concerns appeared first on SecurityWeek.
Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem
Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches. “The zero-day exploits were used alongside n-day exploits and took advantage […]
Italian privacy regulator bans ChatGPT over collection, storage of personal data
Italy’s data privacy regulator has banned ChatGPT over alleged privacy violations relating to the chatbot’s collection and storage of personal data. With immediate effect, the Guarantor for the protection of personal data has ordered the temporary limitation of the processing of data of Italian users by ChatGPT parent firm OpenAI until it complies with EU […]
TCS gives Blackhawk Network an edge with Microsoft Cloud
Blackhawk Network is shaping the future of global branded payments — from QR code payment solutions and retail gift card programs to tailored incentives and reward programs. The Silicon Valley-based company has been expanding its global footprint through numerous creative acquisitions. While each brought a wealth of benefits, the acquired companies’ existing processes and platforms […]
How TCS pioneered the ‘borderless workspace’ with Microsoft 365
Tata Consultancy Services (TCS) has always been a digital-first organization. Continuous transformation of the workplace has been a cornerstone of the company’s business model for several decades. This approach proved its value during the COVID-19 crisis, when TCS pioneered location-independent “borderless workspaces” aided by Microsoft 365 and Microsoft Teams. The modern workplace solution suite was […]
Supply chain decarbonization: The missing link to net zero
Over the last seven decades, global carbon emissions have increased almost eightfold. Meanwhile, since 1980, the planet’s average temperature has risen significantly, with nine out of 10 warmest years on record having been in the last nine years. For sustainable development, it is now widely agreed that we must achieve a shared global goal of cutting carbon […]
FDA Announces New Cybersecurity Requirements for Medical Devices
The FDA is asking medical device manufacturers to provide cybersecurity-related information when submitting an application for a new product. The post FDA Announces New Cybersecurity Requirements for Medical Devices appeared first on SecurityWeek.
Report: Chinese State-Sponsored Hacking Group Highly Active
Chinese hacking group linked previously to attacks on U.S. state government computers is still “highly active” The post Report: Chinese State-Sponsored Hacking Group Highly Active appeared first on SecurityWeek.
Votiro Raises $11.5 Million to Prevent File-Borne Threats
Votiro raised $11.5 million in a Series A investment round led by Harvest Lane Asset Management. The post Votiro Raises $11.5 Million to Prevent File-Borne Threats appeared first on SecurityWeek.
Lumen Technologies Hit by Two Cyberattacks
Communications and IT company Lumen Technologies fell victim to two cyberattacks that led to data theft. The post Lumen Technologies Hit by Two Cyberattacks appeared first on SecurityWeek.
Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
Documents show that Russian IT company NTC Vulkan was requested to develop offensive tools for government-backed hacking group Sandworm. The post Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks appeared first on SecurityWeek.
Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
Several cybersecurity companies have published blog posts, advisories and tools to help organizations that may have been hit by the 3CX supply chain attack. The post Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months appeared first on SecurityWeek.
Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
A high-severity vulnerability in Azure Service Fabric Explorer could have allowed a remote, unauthenticated attacker to execute arbitrary code. The post Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution appeared first on SecurityWeek.
AMD takes hybrid approach to engineering the cloud’s future
AMD CIO Hasmukh Ranjan sits at the cloud’s crossroads. As a chipmaker, AMD is a vital supplier for the public cloud’s compute engine, and among Ranjan’s key remits is to support the engineering of semiconductors that power the cloud. But as a consumer, Ranjan, like all CIOs, must decide where best to place his company’s […]
Best business analyst certifications to level up your career
Business analysts are in high demand, with 24% of Fortune 500 companies currently hiring business analysts across a range of industries, including technology (27%), finance (13%), professional services (10%), and healthcare (5%), according to data from Zippia. And the Bureau of Labor Statistics predicts that business analyst jobs will grow 11% from 2021 to 2031. […]
Anti-Bot Software Firm DataDome Banks $42M Financing
DataDome, a New York startup selling anti-bot and anti-fraud tech, has secured $42 million in new financing to fuel expansion plans. The post Anti-Bot Software Firm DataDome Banks $42M Financing appeared first on SecurityWeek.
Are tech layoffs inevitable, or can your company avoid them?
The headlines are clear: Recession is looming, and tech companies of all stripes are cutting thousands of employees from their rosters. Yet, despite these reductions, TOPdesk, an IT service desk software company, remains committed to growing its footprint as it continues to expand its internal teams and has no plans to change. Why? Let’s start […]
Kyndryl lays off staff in search of efficiency
The layoffs are part of a restructuring initiative aimed at improving efficiency and customer service, Kyndryl says.
Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
Water pumping systems made by ProPump and Controls are affected by several vulnerabilities that could allow hackers to cause significant problems. The post Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks appeared first on SecurityWeek.
3CX DesktopApp compromised by supply chain attack
3CX is working on a software update for its 3CX DesktopApp, after multiple security researchers alerted the company of an active supply chain attack in it. The update will be released in the next few hours; meanwhile the company urges customers to use its PWA (progressive web application) client instead. “As many of you have […]
APT group Winter Vivern exploits Zimbra webmail flaw to target government entities
An APT group known in the security industry as Winter Vivern has been exploiting a vulnerability in the Zimbra Collaboration software to gain access to mailboxes from government agencies in several European countries. While no clear links have been established between Winter Vivern and a particular country’s government, security researchers have noted that its activities […]
500k Impacted by Data Breach at Debt Buyer NCB
NCB Management Services is informing roughly 500,000 individuals of a data breach impacting their personal information. The post 500k Impacted by Data Breach at Debt Buyer NCB appeared first on SecurityWeek.
Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
The recently identified Melofee Linux implant allowed Chinese cyberespionage group Winnti to conduct stealthy, targeted attacks. The post Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks appeared first on SecurityWeek.
Why Endpoint Resilience Matters
When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own security. The post Why Endpoint Resilience Matters appeared first on SecurityWeek.
Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward. The post Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data appeared first on SecurityWeek.
3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
3CX confirms investigating a security breach as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack. The post 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component appeared first on SecurityWeek.
DXC Technology says global network is not compromised following Latitude Financial breach
Soon after Latitude Financial revealed it suffered a cyber attack, DXC Technology quietly published a note on its website stating its global network and customer support networks were not compromised. When Latitude Financial, which is listed in the Australian Securities Exchange (ASX), first published about the attack it said the activity was believed to have […]
CIOs must evolve to stave off existential threat to their role
With digital technology increasingly vital to business, the CIO role is quickly evolving, placing IT leaders under threat from business executives who offer the blend of business and technical savvy necessary to lead transformational strategies in the future. A recent report by market intelligence firm IDC has placed IT leaders at a crossroads, predicting that, […]
5 ways AI will transform CRM
The potential for generative AI systems such as OpenAI’s ChatGPT and Google’s Bard to transform how businesses work is being realized. Hype still surrounds some predictions, but change is here, and one of the first product categories to be impacted is CRM systems. Software-based services are the low-hanging fruit when it comes to this emerging […]
UK Introduces Mass Surveillance With Online Safety Bill
The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into end-to-end content The post UK Introduces Mass Surveillance With Online Safety Bill appeared first on SecurityWeek.
From CIO to CX SVP, Cisco’s Jacqueline Guichelaar takes a road less travelled
Throughout her more than 30-year career in the tech industry, Jacqueline Guichelaar has been a staunch advocate for leaning in and genuinely listening to customers in order to provide them with better experiences. It’s one of the many attributes that led her to eventually becoming global CIO with Cisco, where she charted a path that […]
Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT
A group computer scientists and tech experts are calling for a 6-month pause to consider the profound risks of AI to society and humanity. The post Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT appeared first on SecurityWeek.
Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
CrowdStrike threat intelligence team warns about unexpected malicious activity from a legitimate, signed version of the 3CXDesktopApp. The post Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App appeared first on SecurityWeek.
North Korean threat actor APT43 pivots back to strategic cyberespionage
When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38). It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. However, another team that security […]
Noname Security releases API security updates
API security vendor Noname Security today announced a new release of its platform, with a number of upgrades designed to enhance visibility into a user’s API environment and protect against the growing number of API-based threats. The growth in the number of those threats has been fueled by the increasing centrality of APIs to modern […]
LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps
New York startup LeapXpert secures funding for technology to help businesses manage the use of consumer messaging apps in the enterprise. The post LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps appeared first on SecurityWeek.
HP releases Wolf Connect solution for secure remote PC management
HP Inc. has announced the launch of HP Wolf Connect, a new IT management solution that provides resilient and secure connections to remote PCs. The solution enables IT teams to manage PCs remotely even if they are powered down or offline and was showcased at HP’s Amplify Partner Conference. HP Wolf Connect uses a cellular-based […]
Blockchain Security Firm True I/O Raises $9 Million
Total Network Services rebrands to True I/O and raises $9 million to accelerate deployment of product. The post Blockchain Security Firm True I/O Raises $9 Million appeared first on SecurityWeek.
Spera Banks $10 Million to Tackle Identity and Access Sprawl
Backed by YL Ventures, Spera banks $10 million to help businesses deal with identity and access sprawl in the enterprise. The post Spera Banks $10 Million to Tackle Identity and Access Sprawl appeared first on SecurityWeek.
OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
OpenAI resolved severe ChatGPT vulnerabilities that could have been exploited to take over accounts. The post OpenAI Patches Account Takeover Vulnerabilities in ChatGPT appeared first on SecurityWeek.
The SAP Innovation Awards 2023 Finalists Have been Selected
First and foremost, on behalf of SAP, we would like to thank all the SAP Innovation Awards 2023 participants for their hard work showcasing the many ways they are delivering impact within their businesses! We are truly grateful for and inspired by all the incredible submissions received this year. This is the perfect opportunity to […]
Latin American companies, governments need more focus on cybersecurity
For the first time, over a dozen cybersecurity companies have come together to produce an agnostic study titled LATAM CISO Report 2023: Insights from Industry Leaders. More than 200 CISOs in the Americas region, in addition to the Inter-American Development Bank (IDB), Latin American Federation of Banks (FELABAN), and the World Economic Forum (WEF), contributed […]
Spera exits stealth to reveal identity-based threat hunting capabilities
The Israeli identity-based cybersecurity provider Spera is exiting stealth mode to reveal a namesake offering with identity security posture management (ISPM) capabilities. “Two of the most prominent identity-based attack vectors — stolen credentials and phishing—take the longest to detect and are most expensive to solve,” said Dor Fledel, co-founder and CEO of Spera. “Security professionals […]
Skyhawk adds ChatGPT functions to enhance cloud threat detection, incident discovery
Cloud threat detection and response (CDR) vendor Skyhawk has announced the incorporation of ChatGPT functionality in its offering to enhance cloud threat detection and security incident discovery. The firm has applied ChatGPT features to its platform in two distinct ways – earlier detection of malicious activity (Threat Detector) and explainability of attacks as they progress […]
DarkBit puts data from Israel’s Technion university on sale
DarkBit, the group that claimed responsibility for a ransomware attack on Israel’s Technion university, is making good on its threat to sell the university’s data if the ransom went unpaid. “The price of total bulk is 104 BTC (bitcoin) if anyone buys all of it at once,” said a message on DarkBit’s Telegram channel. It also […]
OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
OpenSSL 1.1.1 will reach EoL in six months and users are instructed to either upgrade to a newer version or pay for extended support to continue receiving security patches. The post OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023 appeared first on SecurityWeek.
New Wi-Fi Attack Allows Traffic Interception, Security Bypass
A group of academic researchers devised an attack that can intercept Wi-Fi traffic at the MAC layer, bypassing client isolation. The post New Wi-Fi Attack Allows Traffic Interception, Security Bypass appeared first on SecurityWeek.
Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
Australian casino giant Crown Resorts says the Cl0p ransomware group contacted them to claim data theft in the GoAnywhere attack. The post Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims appeared first on SecurityWeek.
Managing security in the cloud through Microsoft Intune
For many years, the Group Policy feature of Microsoft’s Windows has been the go-to solution for controlling workstations, providing deployment, and in general, making a network manageable by information professionals. It does, however, require a traditional domain with an Active Directory deployment — many users already have an Active Directory (AD) and will have an […]
Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
Google has linked several zero-day vulnerabilities used last year to target Android and iOS devices to commercial spyware vendors. The post Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors appeared first on SecurityWeek.
Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report
A new research report discusses the five most exploited vulnerabilities of 2022, and the five key risks that security teams should consider. The post Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report appeared first on SecurityWeek.
Over 200 Organizations Targeted in Chinese Cyberespionage Campaign
Chinese cyberespionage group Mustang Panda was seen targeting maritime, shipping, border control, and immigration organizations in recent attacks. The post Over 200 Organizations Targeted in Chinese Cyberespionage Campaign appeared first on SecurityWeek.
5 cyber threats retailers are facing — and how they’re fighting back
There are many reasons retailers are juicy targets for hackers. They earn and handle tremendous amounts of money, store millions of customer credit card numbers, and have frontline staff who may lack cybersecurity training. To save money, some retailers use older equipment that isn’t adequately updated, secured, or monitored to deal with cyberattacks. According to […]
AI-fueled search gives more power to the bad guys
Concerns about the reach of ChatGPT and how easier it may get for bad actors to find sensitive information have increased following Microsoft’s announcement of the integration of ChatGPT into Bing and the latest update of the technology, GPT-4. Within a month of the integration, Bing had crossed the 100 million daily user threshold. Meanwhile, GPT-4 […]
QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography
Quantum cybersecurity firm QuSecure has collaborated with Accenture to develop a multi-orbit quantum-resilient satellite communications capability. The post QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography appeared first on SecurityWeek.
What Makes an Effective Anti-Bot Solution?
While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions. The post What Makes an Effective Anti-Bot Solution? appeared first on SecurityWeek.
12 ways to maximize your cloud investments
Over the past few years, more organizations have gone all in with migrations to the public cloud. But for some “without a concrete strategy, it has led to some obvious challenges with respect to measuring the real value from their cloud investments,” says Ricky Sundrani, a partner in the pricing assurance practice at Everest Group. […]
Examining key disciplines to build equity in the IT workplace
As IT leader of self-regulatory body Professional Engineers Ontario (PEO), Doria Manico-Daka continues to build on her 16 years in tech, the last five of which has seen her heavily involved in leading digital transformation and modernization. Throughout her career, industries and company sizes have varied, but there’s been one constant: environments have largely been […]
Legacy, password-based authentication systems are failing enterprise security, says study
Authentication-related attacks grew in 2022, taking advantage of outdated, password-based authentication systems, according to a study commissioned by HYPR, a passwordless multifactor authentication (MFA) provider based in the US. The study, conducted by independent technology market research firm Vanson Bourne, surveyed 1000 IT professionals from organizations around the world with more than 50 employees. These […]
Microsoft announces generative AI Security Copilot
Microsoft today announced its AI Security Copilot, a GPT-4 implementation that brings generative AI capabilities to its in-house security suite, and features a host of new visualization and analysis functions. AI Security Copilot’s basic interface is similar to the chatbot functionality familiar to generative AI users. It can be used in the same way, to […]
Mandiant Catches Another North Korean Gov Hacker Group
Mandiant flags APT43 as a “moderately-sophisticated cyber operator that supports the interests of the North Korean regime.” The post Mandiant Catches Another North Korean Gov Hacker Group appeared first on SecurityWeek.
Hackers changed tactics, went cross-platform in 2022, says Trend Micro
Payouts from ransomware victims declined by 38% in 2022, prompting hackers to adopt more professional and corporate tactics to ensure higher returns, according to Trend Micro’s Annual Cybersecurity Report. Many ransomware groups have structured their organizations to operate like legitimate businesses, including leveraging established networks and offering technical support to victims. There is an increasing […]
Leadership superpower: Succeeding sustainably
Value Stream Management (VSM) is a powerful methodology that not only streamlines value streams and optimizes processes but also promotes sustainability and creates positive impact. As today’s great leaders recognize, true success is not solely measured by the bottom line but also by the impact a business has on its stakeholders, including employees, partners, and […]
Helping the C-suite leverage their network as a business-boosting asset
By: Larry Lunetta, VP Portfolio Solutions Marketing at Aruba, a Hewlett Packard Enterprise company. As customer-centric innovators, we’re constantly looking at how we can better help businesses reach their goals by leveraging technology. That’s why hearing from them first-hand is so valuable. This year, we kicked off our quest for insights with a survey run […]
AI bots for customer experience: trends, insights, and examples
The hype surrounding AI-based voice and chatbots is evident, but do they deliver? Most still perform only extremely basic tasks and often mirror the poor practices of traditional IVRs. Customers may be open to the idea, but only 30% believe that chatbots and virtual assistants make it easier to address their service issues. The things customers say bots are good […]
Microsoft Puts ChatGPT to Work on Automating Cybersecurity
Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks. The post Microsoft Puts ChatGPT to Work on Automating Cybersecurity appeared first on SecurityWeek.
Video: How to Build Resilience Against Emerging Cyber Threats
Enjoy this session as we walk through three recent use cases where a new threat caught organizations off-guard. The post Video: How to Build Resilience Against Emerging Cyber Threats appeared first on SecurityWeek.
Data loss from insider events increase despite IRM programs: Report
A vast majority of companies are struggling with data losses from insider events despite having dedicated insider risk management (IRM) programs in place, according to a data exposure report commissioned by Code 42. The study conducted by Vanson Bourne, an independent research firm for technology companies, interviewed 700 cybersecurity professionals, managers, and leaders in the US […]
Nigerian BEC Scammer Sentenced to Prison in US
Solomon Ekunke Okpe was sentenced to four years in prison in the US for his role in a BEC fraud ring. The post Nigerian BEC Scammer Sentenced to Prison in US appeared first on SecurityWeek.
China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
A South Asian espionage group named Bitter has been observed targeting the Chinese nuclear energy sector. The post China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign appeared first on SecurityWeek.
CIOs to learn about the art of persuasive communication.
Persuasive Communication Workshop, FutureIT | Dallas, March 29th. Hosted by Dan Roberts, Host, Tech Whisperers Podcast, CEO, Ouellette & Associates and Larry Bonfante, Senior Consultant, Ouellette & Associates. IDG Don’t miss CIO’s FutureIT | March 29 at the Tower Club, Dallas presented by CIO, CSO and ComputerWorld. A pre-conference workshop will be exclusively offered to […]
SecurityScorecard Guarantees Accuracy of Its Security Ratings
SecurityScorecard is offering free digital forensics and incident response (DFIR) services to customers that have scored an ‘A’ rating if they have been breached. The post SecurityScorecard Guarantees Accuracy of Its Security Ratings appeared first on SecurityWeek.
ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an actively exploited vulnerability. The post ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation appeared first on SecurityWeek.
14 Million Records Stolen in Data Breach at Latitude Financial Services
Australian financial services provider Latitude says roughly 14 million user records were stolen in a recent cyberattack. The post 14 Million Records Stolen in Data Breach at Latitude Financial Services appeared first on SecurityWeek.
Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
The UK’s National Crime Agency has been running several DDoS-for-hire websites to collect information about individuals looking to launch such attacks. The post Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police appeared first on SecurityWeek.
5 ways to tell you are not CISO material
As the role of the CISO continues to grow in importance and gain more responsibility, many cybersecurity practitioners may wonder if they have what it takes to be successful in the role. Technical expertise and experience are obviously huge assets. An effective CISO has the ability to evaluate and select security technology, communicate with technical […]
Office of the Director of National Intelligence highlights cyber threats in 2023 Intelligence Threat Assessment
When the Office of the Director of National Intelligence (ODNI) highlights a threat in its unclassified assessment and intimates that there is substantive supporting evidence available, one should not sit back and let the data points pass idly by — and we aren’t. The ODNI minced no words as they addressed China, Russia, North Korea, […]
PwC UK partners with ReversingLabs to bring software supply chain security to third-party risk management
Advisory and professional services giant PwC UK is partnering with security firm ReversingLabs to develop a third-party risk management (TPRM) platform to help businesses address software supply chain security risks. Alongside ReversingLabs, the firm aims to help customers modernize traditional TPRM programs to better suit the modern software supply chain, operationalizing detection and mitigation of […]
CIOs address the impact of hybrid work
After recent rounds of high-profile layoffs, a lot of technologists are looking for work in a market that’s different from any they’ve experienced. More companies are now set up to support remote work, which offers candidates a wider range of potential employers. The new working models benefit companies, too, since they can now hire people […]
5 hard questions every IT leader must answer
Leadership is not something that just happens. Leadership must be measured, managed, and invested in. After all, how IT leaders are selected, trained, evaluated, and compensated materially impacts the future performance of the enterprise. So, again, when was the last time you had a substantive conversation about leadership with your direct reports? How frequently do […]
iOS Security Update Patches Exploited Vulnerability in Older iPhones
Apple has released security updates for older iPhones to address a vulnerability exploited in attacks. The post iOS Security Update Patches Exploited Vulnerability in Older iPhones appeared first on SecurityWeek.
Biden administration seeks to tamp down the spyware market with a new ban
In a significant signal to spyware vendors, the Biden administration issued an executive order (EO) prohibiting federal government agencies from using commercial spyware “that poses significant counterintelligence or security risks to the United States Government.” The spyware covered by the EO is predominately malware designed to track and collect data from mobile phones that can […]
Huawei’s F5G rollout plan signals new wave of green technology and digital transformation
The emphasis Huawei has placed on a wave of investment in optical fixed line networks is bearing fruit. At MWC 2023, the company unveiled a range of F5G(Fifth generation fixed network) solutions for vertical industries. For Gu Yunbo, who manages the part of Huawei that sells optical network products to enterprises, this is the start […]
Researchers warn of two new variants of potent IcedID malware loader
Security researchers have seen attack campaigns using two new variants of IcedID, a banking Trojan program that has been used to deliver ransomware in recent years. The two new variants, one of which appears to be connected to the Emotet botnet, are lighter compared to the standard one because certain functionality has been stripped. “It […]
Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April
Microsoft says it has evidence that Russian APT actors were exploiting a nasty Outlook zero-day as far back as April 2022, upping the stakes on organizations to start hunting for signs of compromise. The post Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April appeared first on SecurityWeek.
Huawei launches intelligent data storage solutions at MWC to satisfy rising multi-cloud demand
Peter Zhou, President of Huawei’s IT Product Line, is the public face of data storage technologies at the Chinese telecoms to IT giant. At MWC 2023, in between meetings with many of the 2,500 Huawei clients who made the trip to Barcelona, Peter described Europe’s buoyant market as one of the drivers behind 40% year-on-year […]
State of the CIO, 2023: Building business strategy
When he’s not immersed in cybersecurity, hybrid cloud strategy, or app modernization, David Reis, CIO at the University of Miami Health System and the Miller School of Medicine, spends his time working with the board of directors and top leadership to reimagine healthcare and take the lead driving digital transformation. A business objective to “arrive” […]
US to Adopt New Restrictions on Using Commercial Spyware
Executive order will require the head of any U.S. agency using commercial spyware programs to certify that the program doesn’t pose a significant counterintelligence or other security risk. The post US to Adopt New Restrictions on Using Commercial Spyware appeared first on SecurityWeek.
Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
Security researchers raked in more than $1 million in prizes at this year’s CanSecWest Pwn2Own software exploitation contest. The post Hackers Earn Over $1 Million at Pwn2Own Exploit Contest appeared first on SecurityWeek.
GoAnywhere Zero-Day Attack Hits Major Orgs
Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra’s GoAnywhere software. The post GoAnywhere Zero-Day Attack Hits Major Orgs appeared first on SecurityWeek.
Part of Twitter source code leaked on GitHub
Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the post after the social media platform requested it to do so on Friday. Twitter has also filed a case in the US District Court for the Northern District of California seeking to order GitHub to identify the […]
Australia Dismantles BEC Group That Laundered $1.7 Million
Law enforcement in Australia announce the arrest of four individuals accused of running business email compromise (BEC) schemes. The post Australia Dismantles BEC Group That Laundered $1.7 Million appeared first on SecurityWeek.
‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Criminals are set to take advantage of artificial intelligence like ChatGPT to commit fraud and other cybercrimes, Europe’s policing agency warned. The post ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns appeared first on SecurityWeek.
Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks
Webinar on third-party identity access risks will discuss topics such as unauthorized access, data breaches, and the manipulation or theft of sensitive information The post Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks appeared first on SecurityWeek.
France bans TikTok, all social media apps from government devices
The French government has banned TikTok and all other “recreational apps” from phones issued to its employees. The Minister of Transformation and the Public Service Stanislas Guerini, said in a statement that recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment. This prohibition applies immediately and […]
GitHub Rotates Publicly Exposed RSA SSH Private Key
GitHub replaced the RSA SSH private key used to secure Git operations for GitHub.com after it was exposed in a public GitHub repository. The post GitHub Rotates Publicly Exposed RSA SSH Private Key appeared first on SecurityWeek.
Best practices for protecting AWS RDS and other cloud databases
It’s no surprise that organizations are increasingly using cloud-native services, including for data storage. Cloud storage offers tremendous benefits such as replication, geographic resiliency, and the potential for cost-reduction and improved efficiency. The Amazon Web Services (AWS) Relational Database Service (RDS) is one of the most popular cloud database and storage services. At a high-level, […]
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware
Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools. What is lateral security? It leverages both access control and advanced […]
GitHub Suspends Repository Containing Leaked Twitter Source Code
Twitter sent a copyright notice to code hosting service GitHub to request the removal of a repository that contained Twitter source code. The post GitHub Suspends Repository Containing Leaked Twitter Source Code appeared first on SecurityWeek.
Why data leaders struggle to produce strategic results
Chief data and analytics officers (CDAOs) are poised to be of increasing strategic importance to their organizations, but many are struggling to make headway, according to data presented last week by Gartner at the Gartner Data & Analytics Summit 2023. Fewer than half (44%) of data and analytics leaders say their teams are effective in […]
How Infosys and Tennis Australia are harnessing technology for good
Marching resolutely alongside artificial intelligence (AI), cloud computing and digital advancement are customers demanding organisations be more environmentally sustainable, inclusive and responsible. It’s a situation raising a critical question for every IT and business leader: How can we increasingly harness technology not just for technology’s sake, but for the good we can do with it? […]
Intel Co-founder, Philanthropist Gordon Moore Dies at 94
Intel Corp. co-founder Gordon Moore, who the breakneck pace of progress in the digital age with a simple 1965 prediction of how quickly engineers would boost the capacity of computer chips, has died. He was 94. The post Intel Co-founder, Philanthropist Gordon Moore Dies at 94 appeared first on SecurityWeek.
Google Leads $16 Million Investment in Dope.security
Dope.security raised $16 million in Series A funding for its fly-direct Secure Web Gateway (SWG). The post Google Leads $16 Million Investment in Dope.security appeared first on SecurityWeek.
US Charges 20-Year-Old Head of Hacker Site BreachForums
The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers. The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.
Critical flaw in WooCommerce can be used to compromise WordPress websites
WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch. “Although what we know at this time is limited, what we do […]
How retailers are empowering business transformation with TCS and Microsoft Cloud
The retail industry is always in motion. Shifting macro-economic influences and changing customer expectations spark new business models, channel strategies, and strategic partnerships. To keep pace, retailers require a strong digital core that delivers powerful data-driven insights while staying compliant, maintaining security, and preventing fraud. Shree Venkat, chief architect at TCS, and GV Krishnan, Head […]
How to power a sustainable enterprise on Microsoft Cloud
Now, more than ever, global businesses have an opportunity. With people and infrastructure touching every point on the planet — and new technology empowering us to radically change the way we consume resources — we can lead the world toward a better, more sustainable future. That optimism stems from three core beliefs: We can build […]
Powering a sustainable future: How data can save the world – and your business
Data is the powerhouse of digital transformation. That’s no surprise. But did you know that data is also one of the most significant factors in whether a company can achieve its sustainability goals? Business leaders are at a crossroads. On one hand, a perilous financial landscape threatens to stall growth, with companies of all sizes […]
Cyberpion rebrands as Ionix, offering new EASM visibility improvements
SaaS-based external attack surface management (EASM) company Cyberpion has rebranded as Ionix, at the same time adding a clutch of new cybersecurity capabilities to its namesake offering. Designed to provide a “wider coverage and deeper focus” into its customers’ internet-facing assets and connected dependencies, the revamp of Ionix’s system will feature new abilities such as extending […]
Tesla Hacked Twice at Pwn2Own Exploit Contest
Researchers at French offensive hacking shop Synacktiv demonstrated successful exploit chains against Tesla’s newest electric car to take top billing at the annual Pwn2Own contest. The post Tesla Hacked Twice at Pwn2Own Exploit Contest appeared first on SecurityWeek.
CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
The U.S. government’s cybersecurity agency ships a new tool to help network defenders hunt for signs of compromise in Microsoft’s Azure and M365 cloud deployments. The post CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections appeared first on SecurityWeek.
Android-based banking Trojan Nexus now available as malware-as-a-service
Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available […]
Critical WooCommerce Payments Vulnerability Leads to Site Takeover
A critical-severity flaw in the WooCommerce Payments WordPress plugin could allow attackers to take over site administrator accounts. The post Critical WooCommerce Payments Vulnerability Leads to Site Takeover appeared first on SecurityWeek.
PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
Proof-of-concept code to exploit a just-patched security hole in the Veeam Backup & Replication product has been published online. The post PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw appeared first on SecurityWeek.
CISA Gets Proactive With New Pre-Ransomware Alerts
CISA has sent notifications to more than 60 organizations as part of a new initiative to alert entities of early-stage ransomware attacks. The post CISA Gets Proactive With New Pre-Ransomware Alerts appeared first on SecurityWeek.
Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for mitigating security issues. The post Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions appeared first on SecurityWeek.
UK parliament follows government by banning TikTok over cybersecurity concerns
The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and the wider parliamentary network,” a move that TikTok has described as “misguided” and “based on fundamental […]
TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
A nearly six-hour grilling of TikTok’s CEO by lawmakers brought the platform’s 150 million U.S. users no closer to an answer as to whether the app will be wiped from their devices. The post TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content appeared first on SecurityWeek.
Industry clouds prove their business value
Companies across nearly every vertical are finding a transformational lifeline in industry clouds. Swiss biopharmaceutical Idorsia is one such company, having embraced a partnership with industry cloud provider Veeva to survive. In June 2017, Idorsia had a lot on its plate, namely a new company to stand up, with 650 scientists and employees, a robust […]
What is data governance? Best practices for managing data assets
Data governance definition Data governance is a system for defining who within an organization has authority and control over data assets and how those data assets may be used. It encompasses the people, processes, and technologies required to manage and protect data assets. The Data Governance Institute defines it as “a system of decision rights […]
Russian hacktivists deploy new AresLoader malware via decoy installers
Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software. Security researchers from threat intelligence firm Intel 471 first spotted AresLoader […]
Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud
Staying in control and securing your data has never been more important! As data privacy regulations continue to evolve, businesses have had to adapt how and where they store data. The EU’s General Data Protection Regulation (GDPR) has been the most newsworthy, requiring all businesses that operate in or have customers in the EU to […]
Don’t buy into the hype of network observability to realize digital transformation success
Figure 1: Source: IDC’s Future Enterprise Resiliency and Spending Survey, Wave 2, March 2022 Broadcom For today’s teams, it is exceedingly complex and costly to support multiple generations of infrastructure and applications. What’s worse, according to an IDC report on network observability, this is the number one challenge to achieving digital transformation success. The right […]
Security at the core of Intel’s new vPro platform
Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise a 70% reduction in attack surface compared to four-year-old PCs. Windows 11 systems can also take […]
CISA, NSA Issue Guidance for IAM Administrators
New CISA and NSA guidance includes recommended best practices for identity and access management (IAM) administrators. The post CISA, NSA Issue Guidance for IAM Administrators appeared first on SecurityWeek.
Accenture to lay off 19,000 to cut costs amid economic uncertainty
IT services and consultancy firm Accenture said it would lay off 19,000 staffers, or 2.5% of its workforce, over the next 18 months to reduce costs amid uncertain macroeconomic conditions. “While we continue to hire, especially to support our strategic growth priorities, during the second quarter of fiscal 2023, we initiated actions to streamline our […]
Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
On March 15, 2023, the SEC announced a proposal for new cybersecurity requirements for covered entities. The post Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy appeared first on SecurityWeek.
Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
Intel shares information on the security improvements brought by its new vPro platform powered by 13th Gen Core processors. The post Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform appeared first on SecurityWeek.
Advice from procurement: How to evaluate and propose new IT investments
Gartner recently cut their expected IT budget prediction from 5.1% to just 2.2% in 2023. This is three times lower than the projected 6.5% global inflation rate. As the world continues to experience economic uncertainty, IT leaders look to tighten budgets, consolidate tools and resources, and generally become more risk-averse when evaluating new investments. So […]
Why AI is key to hiring and retaining developers
By Bryan Kirschner, Vice President, Strategy at DataStax It’s high time to treat HR as every bit as important to your company’s artificial intelligence strategy as IT. Alongside all the evidence that getting your developers working on AI is good for your business, there’s mounting proof that even providing the opportunity to work on—and work […]
Critical flaw in AI testing framework MLflow can lead to server and data compromise
MLflow, an open-source framework that’s used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn’t implement authentication by […]
New vulnerabilities found in industrial control systems of major vendors
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors. The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight. To read this article […]
Cisco Patches High-Severity Vulnerabilities in IOS Software
Cisco’s semiannual security updates for IOS and IOS XE software resolve high-severity DoS, command injection, and privilege escalation vulnerabilities. The post Cisco Patches High-Severity Vulnerabilities in IOS Software appeared first on SecurityWeek.
‘Nexus’ Android Trojan Targets 450 Financial Applications
Promoted as a MaaS, the Nexus Android trojan targets 450 financial applications for account takeover. The post ‘Nexus’ Android Trojan Targets 450 Financial Applications appeared first on SecurityWeek.
Tackling the Challenge of Actionable Intelligence Through Context
Making threat intelligence actionable requires more than automation; it also requires contextualization and prioritization. The post Tackling the Challenge of Actionable Intelligence Through Context appeared first on SecurityWeek.
12 job-hunting mistakes no IT leader should make
You might think that senior-level IT leaders have a lock on the art of landing jobs. After all, that’s partly how they reached such lofty heights, right? But you’d be wrong. CIOs, vice presidents, directors — all make similar mistakes when they are on a job prowl, executive recruiters say. The two most common, and […]
4 hard truths of multivendor outsourcing
How many IT services vendors do you rely on? Splitting responsibility for the IT organization into multiple outsourcing vendors, overseen (or overlooked in some unfortunate cases) by a small IT management team, has become a popular practice. Hardly “best practice” — a meaningless but popular justification for doing things a certain way — but popular […]
Dole Says Employee Information Compromised in Ransomware Attack
Dole has admitted in an SEC filing that its investigation into the recent ransomware attack found that the hackers had accessed employee information. The post Dole Says Employee Information Compromised in Ransomware Attack appeared first on SecurityWeek.
How training and recognition can reduce cybersecurity stress and burnout
Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility and are subject to long hours of work and high pressure in an unpredictable and constantly […]
Closing the gender gap: What needs to be done
Companies around the world are being urged to close the digital gender gap, especially after International Women’s Day. Although progress has been made, the gap remains in many countries, prompting questions about whether those in the industry are doing enough to address it. The development of new technologies has created demand for specialized workers with […]
SMRT Corporation’s Huang Shao Fei on AI and other technologies
Huang Shao Fei – Group Chief Information Security Officer of SMRT Corporation – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about artificial intelligence, other technologies, and more. To read this article in full, please click here
Splunk adds new security and observability features
New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.
55 zero-day flaws exploited last year show the importance of security risk management
Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available — the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don’t have a patch […]
How can CIOs protect Personal Identifiable Information (PII) for a new class of data consumers?
Industries increasingly rely on data and AI to enhance processes and decision-making. However, they face a significant challenge in ensuring privacy due to sensitive Personally Identifiable Information (PII) in most enterprise datasets. Safeguarding PII is not a new problem. Conventional IT and data teams query data containing PII, but only a select few require access. […]
ServiceNow continues workflow platform expansion with Utah release
With its Utah release, ServiceNow is expanding the reach of its Now Platform for workflow automation into new areas, and enhancing its performance in others. Since ServiceNow introduced role-based workspaces as part of its new user interface, Next Experience, in March 2022, coverage has grown with each passing release. Utah’s additions include dedicated workspaces for […]
Backslash Snags $8M Seed Financing for AppSec Tech
Backslash Security banks seed-stage capital to build new technology to identify and mitigate “toxic code flows” in cloud-native applications. The post Backslash Snags $8M Seed Financing for AppSec Tech appeared first on SecurityWeek.
‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
Black Lantern Security introduces Badsecrets, an open source tool for identifying known or weak cryptographic secrets across multiple platforms. The post ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks appeared first on SecurityWeek.
Landmark UK-Israeli agreement to boost mutual cybersecurity development, tackle shared threats
The UK and Israeli governments have signed a landmark agreement to define bilateral relations between the two countries and boost mutual cybersecurity advancement until 2030. The 2030 Roadmap for Israel-UK Bilateral Relations is the culmination of efforts that began with the signing of a Memorandum of Understanding in November 2021 to work more closely over […]
Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks
The average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited. That’s according to Continuity’s State of Storage and Backup Security Report 2023, which revealed a significant gap in the state of enterprise storage and backup security compared to other […]
Backslash AppSec solution targets toxic code flows, threat model automation
Backslash Security has announced its launch with a new cloud-native application security (AppSec) solution designed to identify toxic code flows and automate threat models. The solution is built to address time-consuming and manual methods for discovering and mapping applications code risks, along with filling the cloud-native context gaps left by traditional static application security testing […]
High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
Cisco Talos researchers found two high-severity vulnerabilities in WellinTech’s KingHistorian industrial data historian software. The post High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian appeared first on SecurityWeek.
Chrome 111 Update Patches High-Severity Vulnerabilities
The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers. The post Chrome 111 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
BreachForums Shut Down Over Law Enforcement Takeover Concerns
The popular cybercrime forum BreachForums is being shut down following the arrest of Conor Brian Fitzpatrick, who is accused of running the website. The post BreachForums Shut Down Over Law Enforcement Takeover Concerns appeared first on SecurityWeek.
CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
CISA announces adding more experts to its Cybersecurity Advisory Committee and updating the Cybersecurity Performance Goals. The post CISA Expands Cybersecurity Committee, Updates Baseline Security Goals appeared first on SecurityWeek.
Malware Trends: What’s Old is Still New
Many of the most successful cybercriminals are shrewd; they want good ROI, but they don’t want to have to reinvent the wheel to get it. The post Malware Trends: What’s Old is Still New appeared first on SecurityWeek.
Burnout in Cybersecurity – Can it be Prevented?
Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress. The post Burnout in Cybersecurity – Can it be Prevented? appeared first on SecurityWeek.
Spain Needs More Transparency Over Pegasus: EU Lawmakers
Spain needs more transparency over the Pegasus spyware hacking scandal, a European Parliament committee said. The post Spain Needs More Transparency Over Pegasus: EU Lawmakers appeared first on SecurityWeek.
Sharing sensitive business data with ChatGPT could be risky
The furor surrounding ChatGPT remains at a fever pitch as the ins and outs of the AI chatbot’s potential continue to make headlines. One issue that has caught the attention of many in the security field is whether the technology’s ingestion of sensitive business data puts organizations at risk. There is some fear that if […]
Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
Ransomware and data related attacks are the top cybersecurity threats to the transport sector in the EU, ENISA says. The post Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA appeared first on SecurityWeek.
Virtual Event Today: Supply Chain & Third-Party Risk Summit
Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for mitigating security issues. The post Virtual Event Today: Supply Chain & Third-Party Risk Summit appeared first on SecurityWeek.
How culture and strategic partnerships help fuel transformation
Multinational insurance and finance corporation AIA New Zealand’s dream is to help make the country one of the healthiest and best protected nations in the world. That’s no small undertaking, and as CTO for the company, it’s Marc Hale’s core responsibility to help achieve that goal by providing a secure and stable platform on which […]
10 things CIOs wish they knew from the start
“Life can only be understood backwards but it must be lived forwards,” wrote Danish philosopher Søren Kierkegaard. That’s true, but what if by some stroke of magic we could go back in time and give a pep talk to our younger selves. What would we say? To provide some indirect counsel for first-time CIOs, we asked […]
CIO Karriem Shakoor on harnessing the power of data democratization
At UL Solutions, CIO Karriem Shakoor has identified clear cultural and architectural requirements for achieving data democratization so that IT can get out of the reports business and into driving revenue. Recently, I had the chance to speak at length with Shakoor about data strategy at the global safety science company, which has over 15,000 […]
Ping Identity debuts decentralized access management system in early access
Ping Identity, a Colorado-based IAM software vendor, is making a new product, PingOne Neo, available in a limited early access program. PingOne Neo is designed as a decentralized platform, as opposed to the heavily federated systems commonly in use. It allows for data decentralization, storing credentials and keys on the user’s mobile device, and lets […]
As critical Microsoft vulnerabilities drop, attackers may adopt new techniques
While the total number of recorded Microsoft vulnerabilities was higher in 2022 than ever before, the number of critical vulnerabilities declined to its lowest point, according to the latest Microsoft Vulnerability Report by BeyondTrust, released Tuesday. In 2022, only 6.9% of Microsoft’s vulnerabilities were rated as critical — less than half the number of critical […]
Accenture acquires Flutura to boost industrial AI services
Accenture on Tuesday said that it was acquiring Flutura, an internet of things (IoT) and data science services firm, for an undisclosed sum to boost the industrial AI services that it sells under the umbrella of Applied Intelligence. The acquisition assumes significance as the Asia-Pacific region constitutes 70% of Accenture’s Applied Intelligence market, according to […]
Google Suspends Chinese Shopping App Amid Security Concerns
Google has suspended the Chinese shopping app Pinduoduo on its app store after malware was discovered in versions of the app from other sources. The post Google Suspends Chinese Shopping App Amid Security Concerns appeared first on SecurityWeek.
BrandPost: Stop the Sprawl: How Vendor Consolidation Can Reduce Security Risks in the Cloud
Managing multiple security vendors is proving to be a significant challenge for organizations, leading to difficulties in integration, visibility, and control. Recent surveys and reports have identified numerous problems associated with managing an assortment of security products from different vendors, and that managing multiple vendors was cited as the top challenge in achieving an effective […]
Nvidia accelerates enterprise adoption of generative AI
As the generative AI bandwagon gathers pace, Nvidia is promising tools to accelerate it still further. On March 21, CEO Jensen Huang (pictured) told attendees at the company’s online-only developer conference, GTC 2023, about a string of new services Nvidia hopes enterprises will use to train and run their own generative AI models. When they […]
Verosint Launches Account Fraud Detection and Prevention Platform
443ID is refocusing its solution to tackle account fraud detection and prevention, and has changed its name to Verosint. The post Verosint Launches Account Fraud Detection and Prevention Platform appeared first on SecurityWeek.
Developed countries lag emerging markets in cybersecurity readiness
Organizations in developed countries are not as prepared for cybersecurity incidents compared to those in developing countries, according to Cisco’s Cybersecurity Readiness Index, released today. Countries that were found to be most mature in their overall cybersecurity readiness included Asia-Pacific countries such as Indonesia, with 39% of organizations in what Cisco considers a “mature stage” […]
Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
The Play ransomware gang has published data stolen from Dutch maritime services company Royal Dirkzwager. The post Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager appeared first on SecurityWeek.
The Era of Multi-Cloud Services Has Arrived
Multi-cloud environments offer significant business benefits from increasing agility to improving efficiency. The challenge, however, is that each cloud sits in an isolated silo with its own development and operating model, taxonomy, services, APIs and management tools. This lack of consistency across clouds forces companies to manage their multi-cloud environments through a patchwork of off-the-shelf, […]
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware
Findings from two eye-opening surveys conducted by VMware show that ransomware remains a top concern for enterprises worldwide. As IT and security leaders and chief information security officers (CISOs) look for answers, many are turning to deeper deployment and investment in lateral security tools. What is lateral security? It leverages both access control and advanced […]
4 Factors That Influence Modern App Success in a Multi-Cloud Environment
How are modern CIOs making an impact with multi-cloud? A recently released VMware report, “CIO Essential Guidance: Modernizing Applications in a Multi-Cloud World,” outlines these four key factors that influence success: Drive Developer Velocity The best applications are created by the most talented developers, so it’s crucial to attract and retain the best talent. Taking […]
What’s next for network operations
By Serge Lucio, Vice President and General Manager, Agile Operations Division This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. Enterprise networks are undergoing a profound transformation. These changes are being […]
Zoom Paid Out $3.9 Million in Bug Bounties in 2022
Zoom says it paid out $3.9 million in bug bounty rewards in 2022, with a total of over $7 million awarded to researchers since 2019. The post Zoom Paid Out $3.9 Million in Bug Bounties in 2022 appeared first on SecurityWeek.
Oleria Scores $8M Seed Funding for ID Authentication Technology
Seattle startup founded by former Salesforce CISO Jim Alkove banks $8 million to build technology in the identity and authentication space. The post Oleria Scores $8M Seed Funding for ID Authentication Technology appeared first on SecurityWeek.
Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
Mandiant has conducted an analysis of the zero-day vulnerabilities disclosed in 2022 and over a dozen were linked to cyberespionage groups. The post Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant appeared first on SecurityWeek.
News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
SecurityWeek spoke to VC firm Quantum Exponential about the UK National Quantum Strategy and investments in quantum computing. The post News Analysis: UK Commits $3 Billion to Support National Quantum Strategy appeared first on SecurityWeek.
Malicious NuGet Packages Used to Target .NET Developers
Software developers have been targeted in a new attack via malicious packages in the NuGet repository. The post Malicious NuGet Packages Used to Target .NET Developers appeared first on SecurityWeek.
9 attack surface discovery and management tools
Cyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. The goal with CAASM tools is to give the adversary as little information about the security posture of the business as possible while still maintaining critical business services. If you’ve […]
10 cloud mistakes that can sink your business
The cloud has changed the IT and business worlds forever, and generally for the better. But when misused or abused the cloud can backfire, leading to a serious business setback or, in a worst-case situation, long-term competitive damage. Ensuing proper cloud use is essential in today’s high-stakes, fast-paced business environment. Learn from the following 10 […]
Arvest Bank reskills IT to support its banking core refresh
When Arvest, a regional bank operating in Arkansas, Kansas, Missouri and Oklahoma, hired Laura Merling as chief transformation and operations officer in 2021, one of the first things she changed was its digital transformation plan. The 60-year-old bank, formed from the successive mergers of 14 regional banks, was planning to launch a neobank, an online-only […]
Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
A vulnerability in Google Pixel phones allows for the recovery of an original, unedited screenshot from the cropped version. The post Google Pixel Vulnerability Allows Recovery of Cropped Screenshots appeared first on SecurityWeek.
Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
Industrial organizations using HMI and SCADA products from Aveva have been informed about potentially serious vulnerabilities. The post Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products appeared first on SecurityWeek.
Ferrari Says Ransomware Attack Exposed Customer Data
Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations. The post Ferrari Says Ransomware Attack Exposed Customer Data appeared first on SecurityWeek.
ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure […]
Aembit Scores $16.6M Seed Funding for Workload IAM Technology
Maryland startup Aembit gets funding to build an identity platform designed to manage, enforce, and audit access between federated workloads. The post Aembit Scores $16.6M Seed Funding for Workload IAM Technology appeared first on SecurityWeek.
ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure […]
Amazon to lay off 9,000 more workers, including some at AWS
Amazon will fire about 9,000 more workers from several business units, including AWS, in the coming weeks, according to a statement released today by company CEO Andy Jassy. The announcement comes two months after Amazon unveiled plans to lay off 18,000 employees. In his official statement, Jassy said that most of the layoffs in this […]
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers […]
CEO directives: Top 5 initiatives for IT leaders
CIO Talvis Love has weathered a tsunami of rapid and significant changes at Baxter International over the past year — with little reprieve in sight. In late 2021, the med tech company completed the $12.4 billion acquisition of Hillrom, the largest in its history, to expand the company’s digital health and connected care offerings. While […]
Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars’ worth of crypto-coins. The post Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes appeared first on SecurityWeek.
Waterfall Security, TXOne Networks Launch New OT Security Appliances
Waterfall Security Solutions and TXOne Networks have each announced launching new OT security appliances. The post Waterfall Security, TXOne Networks Launch New OT Security Appliances appeared first on SecurityWeek.
Digital transformation obstacles: Stubborn challenges, what to do about them
The transformation imperatives In recent years, global enterprises have gone through tectonic shifts, responding to massive changes in their societal, competitive, and geopolitical realities. These trends have had many consequences, but they’ve all served to intensify a key imperative: rapid digital transformation. While progress has been made, many organizations still have a lot of work […]
BianLian ransomware group shifts focus to extortion
Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. The shift in the operating model comes as a result of Avast’s release of a decryption tool that […]
Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra’s GoAnywhere solution. The post Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm appeared first on SecurityWeek.
NBA Notifying Individuals of Data Breach at Mailing Services Provider
NBA is notifying individuals that their information was stolen in a data breach at a third-party mailing services provider. The post NBA Notifying Individuals of Data Breach at Mailing Services Provider appeared first on SecurityWeek.
Adobe Acrobat Sign Abused to Distribute Malware
Cybercriminals are abusing the Adobe Acrobat Sign service in a campaign distributing the RedLine information stealer malware. The post Adobe Acrobat Sign Abused to Distribute Malware appeared first on SecurityWeek.
New York Man Arrested for Running BreachForums Cybercrime Website
Conor Brian Fitzpatrick of New York was arrested and charged last week for allegedly running the popular cybercrime forum BreachForums. The post New York Man Arrested for Running BreachForums Cybercrime Website appeared first on SecurityWeek.
7 guidelines for identifying and mitigating AI-enabled phishing campaigns
The emergence of effective natural language processing tools such as ChatGPT means it’s time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to […]
Topgolf Callaway tees up digital transformation for global expansion
At Topgolf Callaway Brands, digital transformation has been a key enabler of strategic growth and expansion, laying the foundation for the company’s future. Ely Callaway Jr. founded the company in 1982, buying Hickory Stick USA golf clubs after that maker started running low on funds. In 1986, the company released the Big Bertha driver using […]
Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
Huawei has replaced thousands of product components banned by the US with homegrown versions, its founder has said. The post Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder appeared first on SecurityWeek.
Signals from space: SD-WAN marks the next stage in commercialized space-based comms
Despite popular belief, most of today’s smartphones don’t connect directly with satellites orbiting our planet. The vast majority connect to nearby cell towers rooted in the earth. For the everyday consumer, space-based communications are largely limited to phone packages for use during localized emergencies when network coverage is down, or on remote camping trips via […]
Building your own web application platform is locking you in
Organizations have been transitioning away from legacy, monolithic platforms as these decades-old IT systems bog down management, flexibility, and agility with their tightly entangled components. CIOs have shifted toward building their own web application platforms with a set of best-in-class tools for more flexibility, customizations, and agile DevOps. This choice, however, isn’t right in all […]
7 ways to help your neurodiverse team deliver its best work
Technology work attracts neurodivergent people. So if you are leading a tech team, it’s likely that someone in your crew may be on the autism spectrum (ASD), be living with ADHD, or have an auditory processing disorder, learning disability, or other mental difference. Without the right accommodations, many neurodiverse professionals can struggle and, eventually, leave. […]
Latitude Financial Services Data Breach Impacts 300,000 Customers
Latitude Financial Services says the personal information of 300,000 customers was stolen in a cyberattack. The post Latitude Financial Services Data Breach Impacts 300,000 Customers appeared first on SecurityWeek.
US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
Three US government agencies have issued a joint warning to organizations about LockBit 3.0 ransomware attacks. The post US Government Warns Organizations of LockBit 3.0 Ransomware Attacks appeared first on SecurityWeek.
New ‘Trigona’ Ransomware Targets US, Europe, Australia
The recently identified Trigona ransomware has been highly active, targeting tens of organizations globally. The post New ‘Trigona’ Ransomware Targets US, Europe, Australia appeared first on SecurityWeek.
Two Patch Tuesday flaws you should fix right now
Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released. One vulnerability affects all supported versions of Outlook for Windows and allows attackers to steal Net-NTLMv2 hashes and then use them in NTLM (New […]
New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries
A newly identified threat actor named YoroTrooper is targeting organizations in Europe and the CIS region for espionage and data theft. The post New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries appeared first on SecurityWeek.
A CIO’s 10-part guide to personal branding
In addition to showcasing your executive experience and accomplishments, effective and targeted personal branding can demonstrate thought leadership and expertise within specific domain areas, as well as make a statement about your core values, character, and attitude. It can also help you move roles, whether from an operational “keep the lights on” CIO position to […]
Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
Mandiant links exploitation of the Fortinet zero-day CVE-2022-41328, exploited in government attacks, to a Chinese cyberespionage group. The post Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies appeared first on SecurityWeek.
BrandPost: 1Password integrates with Okta SSO
Single Sign-On (SSO) providers like Okta protect businesses by combining all company-approved sites and services in a single dashboard. Employees can then use a single, strongly vetted identity to log in to those sites and services using a single set of credentials. It’s better for security, and easier for employees. Now, 1Password Business customers can […]
Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits
Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs the victim’s phone number. The post Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits appeared first on SecurityWeek.
KPN CloudNL: providing customers with full say and control over their data and applications
KPN, the largest infrastructure provider in the Netherlands, offers a high-performance fixed-line and mobile network in addition to enterprise-class IT infrastructure and a wide range of cloud offerings, including Infrastructure-as-a-Service (IaaS) and Security-as-a-Service. Drawing on its extensive track record of success providing VMware Cloud Verified services and solutions, KPN is now one of a distinguished […]
Inside Meta’s Kill Chain Thesis
Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of models. The post Inside Meta’s Kill Chain Thesis appeared first on SecurityWeek.
Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111
Firefox 111 patches 13 CVEs, including several vulnerabilities classified as high severity. The post Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111 appeared first on SecurityWeek.
UK bans TikTok on government devices over data security fears
Social media app TikTok has been banned on UK government electronic devices, the Cabinet Office has announced. The ban, announced by the chancellor of the Duchy of Lancaster, Oliver Dowden, comes in the wake of a security review into the risks posed to government data by social media apps on devices along with the potential […]
Private 5G and edge computing: a perfect match for manufacturing
Private 5G is the next evolution of networking for mission-critical applications used in factories, logistics centers and hospitals. In fact, any environment that needs the reliability, security and speed of a wired connection combined with the movement of people, things and data. The element of movement is often a factor in Industry 4.0 digital transformation – […]
Poland Breaks up Russian Spy Ring
Polish counter-intelligence has dismantled a Russian spy ring that gathered information on military equipment deliveries to Ukraine. The post Poland Breaks up Russian Spy Ring appeared first on SecurityWeek.
CISA Seeks Public Opinion on Cloud Application Security Guidance
CISA this week announced it is seeking public input on draft guidance for securing cloud business applications. The post CISA Seeks Public Opinion on Cloud Application Security Guidance appeared first on SecurityWeek.
Webinar Today: How to Build Resilience Against Emerging Cyber Threats
Join us for this webinar as we walk through three recent use cases where a new threat caught organizations off-guard. The post Webinar Today: How to Build Resilience Against Emerging Cyber Threats appeared first on SecurityWeek.
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
Microsoft says Russia targeted at least 17 European nations in 2023 — mostly governments — and 74 countries since the start of the Ukraine war. The post Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up appeared first on SecurityWeek.
Make Your Picks: Cyber Madness Bracket Challenge Starts Today
SecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting events. The post Make Your Picks: Cyber Madness Bracket Challenge Starts Today appeared first on SecurityWeek.
Data Breach at Independent Living Systems Impacts 4 Million Individuals
Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals. The post Data Breach at Independent Living Systems Impacts 4 Million Individuals appeared first on SecurityWeek.
Russia-Linked APT ‘Winter Vivern’ Targeting Governments in Europe, Asia
Russia-backed threat group Winter Vivern has targeted government entities in Poland, Ukraine, Italy, and India in recent campaigns The post Russia-Linked APT ‘Winter Vivern’ Targeting Governments in Europe, Asia appeared first on SecurityWeek.
Cybercriminals, APT Exploited Telerik Vulnerability in Attacks on US Government Agency
Cyberspies and cybercriminals exploited a Telerik vulnerability tracked as CVE-2019-18935 on a government agency’s IIS server. The post Cybercriminals, APT Exploited Telerik Vulnerability in Attacks on US Government Agency appeared first on SecurityWeek.
What an IT career will look like in 5 years
While crystal ball technology is notoriously fallible, tech leaders say there are a handful of changes to IT work that we’ll likely see half a decade from now. IT pros will work in environments that are more task-based than position-based, experts say, relying more on automation and AI, and using tools that are increasingly portable […]
CTO Dwayne Allen on delivering transcendent business impact
Dwayne Allen is an ORBIE-award winning technology executive primed for times like these. Equipped with experiences across a range of industries, a healthy dose of self-awareness, and a passion for learning and people, Allen is redefining the art of the possible as a strategic and innovative CTO. In his current role as senior vice president […]
Facebook ‘Unlawfully’ Used Dutch Personal Data: Court
Social media platform Facebook unlawfully processed Dutch users’ personal details without consent for advertising purposes for almost a decade, Amsterdam-based judges ruled on Wednesday. The post Facebook ‘Unlawfully’ Used Dutch Personal Data: Court appeared first on SecurityWeek.
When and how to report a breach to the SEC
New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents. Under the proposal, the SEC would implement three new rules that public companies will […]
Why red team exercises for AI should be on a CISO's radar
AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct red team exercises against AI models and AI-enabled applications — just as security teams do with […]
Russian hacktivist group targets India’s health ministry
A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens. “On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website,” cybersecurity firm CloudSek said […]
Sunway Group’s Eddie Hau on cybersecurity as a business enabler for diversified businesses
Eddie Hau – Chief Information Security Officer of Sunway Group – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the challenges of protecting a conglomerate, Sunway Group’s digital transformation, and more. To read this article in full, please click here
What your CFO really needs in periods of economic uncertainty
The pressure is on to navigate economic uncertainty. Gartner’s downward revision of projected worldwide IT spending in 2023 from 5.1% to 2.4% growth underscores how inflation, interest rate fluctuations, and consumer spending are reshaping forecasts, investment portfolios, and the CIO agenda. Regardless of your company’s investment posture during this period of instability, interactions with the […]
Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million
Rapid7 spends $38 million to acquire Israeli anti-ransomware startup Minerva Labs to beef up its managed detection and response portfolio. The post Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million appeared first on SecurityWeek.
Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script
Microsoft blames a “Russian-based threat actor” for in-the-wild attacks hitting its flagship Microsoft Outlook and has released a detection script to help defenders. The post Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script appeared first on SecurityWeek.
Top 5 Security Trends for CIOs
The post-pandemic reality. Macroeconomic turbulence. Explosive technology innovations. Generational shifts in technological expectations. All these forces and more drive rapid, often confusing change in organizations large and small. With every such change comes opportunity–for bad actors looking to game the system. Cybersecurity cannot stand still, or the waves of innovation will overrun the shores. Adversaries […]
5 strategies for boosting endpoint management
Cloud architectures and remote workforces have effectively dissolved the network perimeter, the traditional line of defense for IT security. Lacking that decisive boundary, the work of security teams has changed. Now to guard against data breaches, ransomware, and other types of cyber threats, protecting network endpoints is more important than ever. But protecting endpoints is a […]
IT productivity secrets: how to streamline management and tasks
It’s time to get back to the basics of productivity. The IT pendulum is swinging back toward operational excellence as companies must now recover from a whirlwind of digital transformation investments made over the past three years. Today, CIOs need to operationalize new technologies and online business models. But with IT teams already overexerted, how […]
How to better secure your fleet of mobile devices
While mobile devices are the symbol of business continuity, they are also the mark of easy prey for cybercriminals. In fact, 75% of companies experienced a “major” mobile-related security compromise in 2022. And that risk brings high costs with it. When remote workers are the root cause of a data breach, mitigation costs rise 20% […]
Think your attack surface is too large? You don’t know the half of it
Purchase a cheap card swipe cloner off the Dark Web. Distract a hotel housekeeper for a moment and clone their master key. Use your mark’s email address to access a login page. Choose to reset the password and have the code sent to the mark’s phone. Check their voicemail using the default last four digits […]
Proactive cybersecurity: sometimes offence is the best defense
In today’s cybersecurity environment—with new types of incidents and threat vectors constantly emerging—organizations can’t afford to sit back and wait to be attacked. They need to be proactive and on the offensive when it comes to defending their networks, systems, and data. It’s important to understand that launching an offensive cybersecurity strategy does not mean […]
Software bill of materials: a critical component of software supply chain security
Ensuring strong software security and integrity has never been more important because software drives the modern digital business. High-profile vulnerabilities discovered over the past few years, with the potential to lead to attacks against organizations using the software, have hammered home the need to be vigilant about vulnerability management. Perhaps the most dramatic recent example […]
Oracle extends its MyLearn program to NetSuite
Oracle is extending its MyLearn program, offered via the company’s University portal, to cover its NetSuite midmarket ERP products. Like the Oracle University version of MyLearn, NetSuite’s MyLearn program — which offers courses on Oracle Cloud Infrastructure (OCI) and SaaS offerings such as Fusion applications — will offer courses on its product fundamentals and implementation. […]
Huawei Democratises Digital Infrastructure for SMEs through Global Partnerships
In today’s era of economic uncertainty, enterprises must embrace digital transformation to stay relevant. By 2026, global spending on digital transformation is expected to reach US$3.4 trillion, and this trend is accelerating. For most enterprises, digital transformation encompasses the infrastructure needed to facilitate computing, storage, and networking, while digital technologies such as the cloud, Artificial […]
Unified commerce elevates customer experience for Hippo Stores
One of the biggest challenges confronting retailers today is ensuring convergence between customers’ traditional in-store shopping experience and their digital journey, thereby delivering a seamless customer experience (CX). For brick-and-mortar stores, legacy technologies often make migrating online difficult. Over time, as they explore online opportunities, traditional retailers often find it challenging to unravel all they […]
Dell beefs up security portfolio with new threat detection and recovery tools
Dell Technologies has added a slew of in-house as well as partnered capabilities to its security portfolio in a bid to beef up its capabilities in areas including threat security, management, and incident response. “Through ongoing innovation and a powerful ecosystem of partners, we’re committed to helping organizations protect against threats, withstand and recover from […]
Your next hero move: using AI to automate IT expense optimization
Every business leader wants to be the next hero, praised for sharpening the corporate competitive edge. Business heroes are the ones who solve big problems by leveraging emerging technology to awaken new powers accelerating strategic outcomes. So, why not use artificial intelligence (AI) to step into your higher potential, automating a system that drives more […]
5 best practices for managing your mobile fleet
The effective management of mobile devices is a game of high risk. While every company is dependent on their devices to generate revenue, they also increase vulnerability to ransomware attacks costing an average $4.5 million and consume 34% of IT’s time and productivity. Keeping the corporate fleet securely up and running is top of mind […]
SD-WAN & SASE call for smarter IT service management
Today’s digital era has triggered a mass modernization of corporate IT infrastructures. But in upgrading networks and security systems with technologies like SD-WAN and SASE, IT teams face a paradigm shift in managing a cacophony of new tools and service providers behind them. SD-WAN and SASE: essential for secure innovation and remote work Company leaders […]
4 tips to cut cloud costs: IaaS, SaaS, and UCaaS
One of the key advantages of the cloud is cost savings, and yet cloud costs are on the rise and overspending by as much as 70% is commonplace, according to Gartner. Much like gyms make their money off members who never actually use the equipment, cloud providers profit from those who underutilize their resources. That’s […]
NSA Shares Guidance on Maturing ICAM Capabilities for Zero Trust
NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections. The post NSA Shares Guidance on Maturing ICAM Capabilities for Zero Trust appeared first on SecurityWeek.
US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing
Sagar Singh and Nicholas Ceraolo have been charged for their alleged roles in a doxing operation that involved hacking a law enforcement platform and email account. The post US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing appeared first on SecurityWeek.
Huawei: Transition to cloud native and democratisation of AI among changes needed for smarter, greener finance
During MWC 2023, Jason Cao, CEO of Huawei Global Digital Finance shares Huawei’s latest progress in digitalising financial services. Huawei The financial services industry (FSI) today is poised for disruption. According to IDC, changes in consumer behaviour arising from the global pandemic, consumer perceptions, technological innovation and an inclination towards During MWC 2023, Jason Cao, […]
Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs
The Chinese hacker group Tick has targeted an East Asian data loss prevention firm whose customers include military and other government organizations. The post Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs appeared first on SecurityWeek.
Are Encryption and Zero Trust Breaking Key Protections?
Compliance and ZTNA are driving encryption into every aspect of an organization’s network and enterprise and, in turn, forcing us to change how we think about protecting our environments. The post Are Encryption and Zero Trust Breaking Key Protections? appeared first on SecurityWeek.
Cybercriminals target SVB customers with BEC and cryptocurrency scams
Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware. SVB was shut down on March 10 by the California Department of Financial Protection and Innovation, after the bank failed to raise capital to keep running. […]
Palo Alto announces new SD-WAN features for IoT security, compliance support
Cybersecurity vendor Palo Alto has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the prevention of unknown and evasive man-in-the-middle (MitM) and SaaS platform phishing attacks. SD-WAN for IoT […]
Beyond Identity launches Zero Trust Authentication to align verification with zero-trust principles
Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with […]
Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks
Russia-linked APT29 was seen abusing the legitimate information exchange systems used by European countries in attacks aimed at governments. The post Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks appeared first on SecurityWeek.
Dero, Monero Cryptojackers Fighting for Same Kubernetes Clusters
Dero cryptojacking operation infecting Kubernetes infrastructure is being targeted by Monero criptojackers for control over the same clusters. The post Dero, Monero Cryptojackers Fighting for Same Kubernetes Clusters appeared first on SecurityWeek.
The Rise of the BISO in Contemporary Cybersecurity
While the BISO might appear to be a new role, it is not – and understanding its past provides insights into its present. The post The Rise of the BISO in Contemporary Cybersecurity appeared first on SecurityWeek.
Trustwave teams up with Trellix for better managed security
Managed cybersecurity vendor Trustwave said Tuesday that it will be partnering with extended detection and response company Trellix for a combined XDR/MDR offering. MDR, as offered by Trustwave, essentially works as a remote, third-party security operations center. The idea is, given the growing complexity of modern security threat landscapes, to let end user companies simply […]
6 signs it’s time to restructure your IT organization
Nothing lasts forever in IT, and that includes your organizational structure. Deciding on whether to scrap or keep existing infrastructure of any stripe isn’t easy. A complete rebuild can be disruptive, time-consuming, and risky. And if the initiative misses its goal, or runs over budget, the CIO’s job may be at stake. Yet, as any […]
Don’t do IT yourself: The trick to ensuring business alignment
Picture this: A newly hired CIO of a large Fortune 500 company meets with all the C-level executives of the firm in the CEO’s office. During the meet and greet, after saying how he looks forward to setting up one-on-ones with all of them to discuss their thoughts on the IT department, he notices a […]
SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day
SAP has released 19 new notes on March 2023 Security Patch Day, including five notes rated hot news. The post SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day appeared first on SecurityWeek.
Hawaii Health Department Says Death Records Compromised in Recent Data Breach
The Hawaii DOH says roughly 3,400 death records were accessed via the compromised account of a former employee. The post Hawaii Health Department Says Death Records Compromised in Recent Data Breach appeared first on SecurityWeek.
Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit
Cybersecurity firm Rubrik has confirmed being hit by the GoAnywhere zero-day exploit after the Cl0p ransomware group named the company on its leak website. The post Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit appeared first on SecurityWeek.
How tech companies could benefit from investing in Saudi Arabia
LEAP, one of the biggest tech events in the Middle East took place recently in Riyadh for the second year with more than 172,000 people in attendance. During the opening, Abdullah Alswaha, the Minister of Communication and Information Technology of Saudi Arabia has announced that the Arab kingdom has received US$9 billion in investments to […]
DNS data shows one in 10 organizations have malware traffic on their networks
During every quarter last year, between 10% and 16% of organizations had DNS traffic originating on their networks towards command-and-control (C2) servers associated with known botnets and various other malware threats, according to a report from cloud and content delivery network provider Akamai. More than a quarter of that traffic went to servers belonging to […]
Microsoft Patches 80 Security Vulns, Warns of Outlook Zero-Day Exploitation
Patch Tuesday: Redmond calls special attention to a pair of Windows security flaws marked as ‘actively exploited’ in the wild. The post Microsoft Patches 80 Security Vulns, Warns of Outlook Zero-Day Exploitation appeared first on SecurityWeek.
5 steps to buckle up your IT belt for a bumpy ride
When it comes to predicting the economic future, there are a lot of mixed signals right now, but one thing remains clear: Recession or no recession, cost-cutting initiatives are always a smart idea, particularly given today’s inflation rates. Economic concerns are increasing the pressures on IT to do more with less. Consider that 92% of […]
Is your BYOD mobile strategy costing more than you think?
As mobile work experiences redefine how business gets done, managing an increasing number of devices across a modern workforce has become a growing challenge. Imagine the retail associate using a tablet to check inventory and pricing for customers, the UPS driver recording deliveries and updating the system, and the construction foreman referring to a device […]
Mitigating cloud sprawl: Controlling XaaS resources, costs, and security
In the age of digital innovation and work-from-anywhere, every company has a lengthening list of cloud services and applications compounding complexity for their IT team. Consider today’s trends that make cloud resources more prolific — sometimes without any regard for cost or risk to the company: The advantages of cloud scalability and management off-loading have […]
How an immigrant back story builds up tech leaders
Covid-19 briefly immobilized the world, but as order steadily resumes, so do opportunities for those looking to advance their tech careers. For a specific section of that talent, immigrants have always been a key to the industry, and a source of inspiration for many. Yet career paths sometimes depend on networks and connections, and uprooting […]
Microsoft SmartScreen Zero-Day Exploited to Deliver Magniber Ransomware
A cybercrime group has been exploiting a Microsoft SmartScreen zero-day vulnerability tracked as CVE-2023-24880 to deliver the Magniber ransomware. The post Microsoft SmartScreen Zero-Day Exploited to Deliver Magniber Ransomware appeared first on SecurityWeek.
Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day
Adobe issues urgent warning for “very limited attacks” exploiting a zero-day vulnerability in its ColdFusion web app development platform. The post Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day appeared first on SecurityWeek.
Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor
The LockBit ransomware group claims to have stolen valuable SpaceX data after breaching the systems of Maximum Industries. The post Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor appeared first on SecurityWeek.
Universities and colleges cope silently with ransomware attacks
Although some cybersecurity researchers say that ransomware attacks are on the downswing as cybercriminals face declining payments, a spate of recent ransomware attacks makes it feel like the scourge is continuing at the same, or even an elevated, pace. Nowhere is this more apparent than in the higher education sector, with at least eight colleges […]
ReversingLabs adds new context-based secret detection capabilities
ReversingLabs has added new secret detection capabilities to its software supply chain security (SSCS) tool to help developers prioritize remediation with context-based data on secrets. In a development environment, secrets refer to digital authentication credentials used in software components including login credentials, API tokens, and encryption keys. “We are using our knowledge of exposed secrets […]
How the Best CISOs Drive Operational Resilience
Cyberattacks have exposed a myriad of vulnerabilities in our healthcare infrastructure, and will continue to do so as new and innovative medical technologies are developed. The post How the Best CISOs Drive Operational Resilience appeared first on SecurityWeek.
CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks
A new CISA pilot program to warn critical infrastructure organizations if their systems are unpatched against vulnerabilities exploited in ransomware attacks. The post CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks appeared first on SecurityWeek.
ChatGPT and the Growing Threat of Bring Your Own AI to the SOC
Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring your own AI (BYO-AI). The post ChatGPT and the Growing Threat of Bring Your Own AI to the SOC appeared first on SecurityWeek.
Cloud Forensics Startup Mitiga Completes $45M Series A
Israeli cloud security startup Mitiga adds Samsung Next as an investor in a completed $45 million Series A financing round. The post Cloud Forensics Startup Mitiga Completes $45M Series A appeared first on SecurityWeek.
ICS Patch Tuesday: Siemens, Schneider Electric Address Over 100 Vulnerabilities
Siemens and Schneider Electric have addressed more than 100 vulnerabilities with their March 2023 Patch Tuesday security advisories. The post ICS Patch Tuesday: Siemens, Schneider Electric Address Over 100 Vulnerabilities appeared first on SecurityWeek.
Ring Denies Falling Victim to Ransomware Attack
Ring says it has no indications it has fallen victim to a ransomware attack after cybergang threatens to publish supposedly stolen data. The post Ring Denies Falling Victim to Ransomware Attack appeared first on SecurityWeek.
Amazon-owned Ring reportedly suffers ransomware attack
Ring, a home security and smart home company owned by Amazon, has reportedly suffered a ransomware attack by Russia-linked ALPHV group, according to a tweet by VX-Underground. The ALPHV ransomware group, also known as BlackCat, has posted the company’s logo on its website along with a message that reads, “There’s always an option to let us leak your […]
Can a quantum algorithm crack RSA cryptography? Not yet
Every CISO has encryption implementation decisions to make at a variety of levels and instances as they sort the support needed for business operations such as production, sales, support, data retention, and communication. These decisions tend to lean heavily on the “ease of use” doctrine and ubiquitousness of the various product offerings being considered. Therefore […]
Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach
Fortinet says recently patched FortiOS vulnerability was exploited in sophisticated attacks targeting government entities. The post Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach appeared first on SecurityWeek.
SAP 2023 outlook: 7 predictions for customers
With the threat of a recession looming, cost pressures increasing, and the deadline to move off SAP ECC swiftly approaching, SAP customers have a lot to consider as they plan for the year ahead. Here are some of the trends we expect to play out as the year goes on, specifically for SAP customers. 1. […]
US Military undergoes shift in CIO ranks
The US Military is undergoing major changes in its CIO ranks as it finalizes its joint warfighting cloud platform. On Feb. 10, US Army CIO Dr. Raj Iyer concluded his two-year contract and was awarded the Distinguished Civilian Service Medal, the highest honor that can be granted to a civilian employee, for his efforts to […]
AI and automation will play an increasing role in technology
By Ram Velaga, Senior Vice President and General Manager, Core Switching Group This article is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts. It is clear that artificial intelligence, machine learning, and […]
Decoding the Qualtrics deal: Was the firm a good fit for SAP?
SAP’s acquisition of a majority stake at customer experience (CX) software firm Qualtrics back in 2018 for $8 billion was never a match made in heaven. Both companies remained incongruous to each other’s progress before Qualtrics was sold to Silver Lake and CPP Investments earlier this week, according to experts and analysts. “Even though Qualtrics […]
CIOs take aim at Silicon Valley talent
Signs of a tech talent shift are under way, with IT pros increasingly turning away from Silicon Valley and tech stalwarts in favor of new roles outside the technology industry. For Andreea Bodnari and Chris Jones, both of whom left Silicon Valley tech companies to work at healthcare organization Optum, the lure was not concern […]
Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia
The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ. The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, 2023, ElectricIQ […]
Dark Pink APT group linked to new KamiKakiBot attacks in Southeast Asia
The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ. The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, 2023, ElectricIQ […]
How to overcome the data silo challenge
Organizations that are investing in analytics, artificial intelligence (AI), and other data-driven initiatives have exposed a growing challenge: a lack of integration across data sources that is limiting their ability to extract true value from these investments. It’s imperative for IT and business leaders to eliminate these data silos – some of which are operational, […]
A feat of skill: Moving SAP workloads to the cloud
Moving SAP workloads to the cloud promises to be transformational, but it’s not for the faint of heart. Goals for an ERP modernization initiative often range from lowering costs through infrastructure savings to adding cloud-based capabilities to ERP tasks with minimal disruption to day-to-day business. Achieving these objectives takes perceptive analysis, meticulous planning, and skillful […]
Healthcare providers focus on quality for the next phase of digital transformation
As healthcare providers emerge from the operational disruptions caused by the global pandemic, IT and business leaders are renewing their focus on “quality”– specifically, have digital investments provided quality and value for IT systems; is technology improving quality for caregivers inside facilities; and have digital transformation efforts enhanced the patient experience and the quality of care […]
A critical next phase of cloud transformation: Reducing WAN complexity
Over the past two decades, cloud computing has evolved from a method that utilized extra data center capacity to the mission-critical infrastructure across enterprises that we see today. But along the way, the transformation and dramatic growth of the cloud have created increasingly complex, multi-account, and multi-region environments that can hinder, rather than accelerate, a company’s […]
How the cloud helps banking and finance companies tackle core modernization challenges
Two decades of technology-driven transformation has left many financial services firms with significant complexity and technical debt. While banking and finance organizations have aggressively moved workloads and apps to the cloud to meet changing customer needs, some remain hesitant to tackle modernization of core infrastructure and systems, fearing a disruption to the business. In a […]
Delta takes off with modernized blend of mainframes and cloud
When it comes to IT, Delta Air Lines is climbing higher into the clouds even as it keeps its footing on solid ground. The Atlanta-based airlines, which is partnering with Amazon Web Services on the cloud front and Kyndryl for its mainframe systems, is very content with its choice for a hybrid infrastructure, says Matt […]
Cybercrime Losses Exceeded $10 Billion in 2022: FBI
The FBI received more than 800,000 cybercrime-related complaints in 2022, with losses totaling over $10 billion. The post Cybercrime Losses Exceeded $10 Billion in 2022: FBI appeared first on SecurityWeek.
CISA Warns of Plex Vulnerability Linked to LastPass Hack
CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Plex Vulnerability Linked to LastPass Hack appeared first on SecurityWeek.
Euler Loses Nearly $200 Million to Flash Loan Attack
London, UK based De-Fi platform company Euler has lost a reported $196 million to a flash loan attack. The post Euler Loses Nearly $200 Million to Flash Loan Attack appeared first on SecurityWeek.
New ‘GoBruteforcer’ Botnet Targets Web Servers
The recently identified Golang-based GoBruteforcer botnet is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. The post New ‘GoBruteforcer’ Botnet Targets Web Servers appeared first on SecurityWeek.
Assessing the impact of layoffs on Africa’s IT talent
While much of the news around tech layoffs has focused on US giants like Amazon, Microsoft, Google, Oracle, Meta and Twitter, dismissals are also happening closer to home. Since December, Chipper Cash, an African cross-border payments business and one of Africa’s few tech unicorns, has laid off about 150 staff, with the brand’s engineering team taking […]
Blackbaud penalized $3M for not disclosing the full scope of ransomware attack
Software firm Blackbaud has agreed to pay a $3 million penalty for failing to disclose the full scope of the ransomware attack it suffered in 2020, according to the US Securities and Exchange Commission (SEC). South Carolina headquartered Blackbaud provides donor relationship management software to various non-profit organizations, including charities, higher education institutions, K-12 schools, […]
NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry
NMFTA appoints Antwan Banks as director of enterprise security as the organization shifts focus to end-to-end security for the trucking industry. The post NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry appeared first on SecurityWeek.
Zoll Medical Data Breach Impacts 1 Million Individuals
Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year. The post Zoll Medical Data Breach Impacts 1 Million Individuals appeared first on SecurityWeek.
SAP-owned Qualtrics to be sold to Silver Lake, CPP Investments for $12.5 billion
Customer Experience management company Qualtrics on Monday said private equity firm Silver Lake and Canada Pension Plan Investment Board (CPP Investments) have agreed to buy the entire company for $12.5 billion in an all-cash transaction. CPP Investments, according to a joint statement, will pay $1.75 billion in equity and another $1 billion in debt […]
Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms
Reports published by various industrial cybersecurity companies provide different numbers on ICS vulnerabilities — here’s why. The post Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms appeared first on SecurityWeek.
6 reasons why your anti-phishing strategy isn’t working
Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on. “Bad actors are highly motivated and funded with the sole […]
BrandPost: Cybersecurity Automation: Leveling the Playing Field
Many things challenge how we practice cybersecurity these days. Digital transformation has brought significant adoption of new technology and business models, including cloud solutions, e-commerce platforms, smart devices, and a significantly more distributed workforce. These, in turn, have brought with them an increase in new threats, risks, and cybercrime. As organizations emerge post-pandemic, many of […]
Cybersecurity Automation: Leveling the Playing Field
By Leonard Kleinman, Field Chief Technology Officer (CTO) ) Cortex for Palo Alto Networks JAPAC Many things challenge how we practice cybersecurity these days. Digital transformation has brought significant adoption of new technology and business models, including cloud solutions, e-commerce platforms, smart devices, and a significantly more distributed workforce. These, in turn, have brought with […]
Silicon Valley Bank Seized by FDIC as Depositors Pull Cash
The FDIC seized the assets of Silicon Valley Bank on Friday, which could impact cybersecurity firms that use the bank’s services. The post Silicon Valley Bank Seized by FDIC as Depositors Pull Cash appeared first on SecurityWeek.
New variant of the IceFire ransomware targets Linux enterprise systems
A novel Linux version of the IceFire ransomware that exploits a vulnerability in IBM’s Aspera Faspex file-sharing software has been identified by SentinelLabs, a research division of cybersecurity company Sentinel One. The exploit is for CVE-2022-47986, a recently patched Aspera Faspex vulnerability. Known up to now to target only Windows systems, the IceFire malware detected by […]
Blackbaud Fined $3M For ‘Misleading Disclosures’ About 2020 Ransomware Attack
Blackbaud has been slapped with a $3 million civil penalty by the SEC for “making misleading disclosures” about a 2020 ransomware attack that impacted more than 13,000 customers. The post Blackbaud Fined $3M For ‘Misleading Disclosures’ About 2020 Ransomware Attack appeared first on SecurityWeek.
Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying
Researchers discover a dozen serious vulnerabilities in Akuvox smart intercom, but the vendor has not released any patches. The post Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying appeared first on SecurityWeek.
Cyber Madness Bracket Challenge – Register to Play
SecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting events. The post Cyber Madness Bracket Challenge – Register to Play appeared first on SecurityWeek.
Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website
Authorities seized a domain distributing the NetWire RAT and arrested a Croatian individual who administered the website. The post Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website appeared first on SecurityWeek.
AT&T informs 9M customers about data breach
AT&T is informing customers about a data breach at a vendor’s system that allowed threat actors to gain access to AT&T’s Customer Proprietary Network Information (CPNI). The incident came to light after customers posted the email communication from AT&T on community forums to know if it was legitimate or email fraud. “We recently determined that […]
Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor
AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor. The post Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor appeared first on SecurityWeek.
Serious Vulnerability Patched in Veeam Data Backup Solution
A serious vulnerability in Veeam Backup & Replication may allow attackers to obtain encrypted credentials from the configuration database. The post Serious Vulnerability Patched in Veeam Data Backup Solution appeared first on SecurityWeek.
Cerebral Informing 3.1 Million Individuals of Inadvertent Data Exposure
Cerebral is informing 3.1 million individuals that their PHI was inadvertently exposed via third-party tracking technologies. The post Cerebral Informing 3.1 Million Individuals of Inadvertent Data Exposure appeared first on SecurityWeek.
Attacks on SonicWall appliances linked to Chinese campaign: Mandiant
A persistent malware targeting unpatched SonicWall Secure Mobile Access (SMA) appliances has been linked to a Chinese campaign dating back to 2021, according to a Mandiant research done in partnership with SonicWall’s in-house research team. The responsible malware, dubbed UNC4540, has been found to be stealing user credentials, providing shell access, and persisting through firmware […]
White House Budget Plan Seeks to Boost Cybersecurity Spending
President Biden’s new $6.9 trillion budget proposal for 2024 shows that the administration wants to increase cybersecurity spending. The post White House Budget Plan Seeks to Boost Cybersecurity Spending appeared first on SecurityWeek.
Unilever leverages ChatGPT to deliver business value
The past several years have thrown numerous challenges at consumer packaged goods (CPG) companies. The pandemic has led to shifting consumer channel preferences, a supply chain crunch, and cost pressure, to name just a few. CPG titan Unilever has been answering the challenge with analytics and artificial intelligence (AI). The 93-year-old, London-based CPG company is […]
8 ways to retain top developer talent
Human-centric work is a growing movement that focuses on the needs of people, reaping business rewards in the process. As recent Gartner research shows, human-centric work practices leads to better employee performance, with workers 3.8 times more likely to be considered high performing in these environments. As some of your most valuable employees, software developers […]
Driving Customer Loyalty with Secure and Modern Apps
According to a PwC report, one in three consumers (32%) say they will walk away from a brand they love after just one bad experience. Unlike personal relationships, loyalty in the consumer world can be surprisingly transitory. This gets worse in the digital world where it takes just a few clicks and minutes to uninstall […]
Acronis Clarifies Hack Impact Following Data Leak
Acronis said a single customer’s account was compromised after a hacker leaked gigabytes of information on a cybercrime forum. The post Acronis Clarifies Hack Impact Following Data Leak appeared first on SecurityWeek.
OCI demand for AI workloads, Cerner boost Oracle’s third quarter revenue
Oracle on Thursday reported third quarter total revenue of $12.4 billion, up 18% year-on-year, boosted by the demand for AI workloads in Oracle Cloud Infrastructure (OCI) and Cerner’s contribution to the topline. “So, we have a lot of business, a lot of new AI companies coming to Oracle because we’re the only ones who can […]
Stolen credentials increasingly empower the cybercrime underground
The cybercrime underground has long functioned as an open market where sellers of products and services are paired with buyers and contractors. One of the most valuable commodities on this market are stolen credentials since they can provide attackers with access into networks, databases, and other assets owned by organizations. It’s no surprise to see […]
Congressional health insurance service hit by data breach
A health insurance marketplace that provides coverage for members of the US Congress and congressional staffers was found to be compromised on Wednesday, according to a letter apparently sent from House Chief Administrative Officer Catherine L. Szpindor to members of that chamber. Szpindor’s office would not directly confirm or deny the authenticity of the letter, […]
New Chinese regulatory body expected to streamline data governance rules
A new data regulation body that China is reportedly set to create is expected to clarify and establish new data sovereigny rules for multinational companies and accelerate tech-based initatives such as public administration services built on anonymized citizen data. The new governent body will streamline data governance policies in the country, amid increasing confusion from […]
4 Reasons to Outsource Large IT Projects During Economic Headwinds
Large IT projects are hard to execute, particularly when in-house staff are often pulled into their day jobs and distracted by other priorities. This can be costly for organizations. In fact, McKinsey suggests that early cost and schedule overruns can cause projects to cost twice as much as anticipated. One common resolution to this challenge […]
GitHub begins 2FA rollout for code contributors
GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub first announced its intention to mandate 2FA for all code contributors in May 2022, and will begin the first group’s enrolment on Monday, March 13. […]
Custom Chinese Malware Found on SonicWall Appliance
Malware deployed by Chinese hackers on a SonicWall SMA appliance includes credential theft, shell access, and persistence functionality. The post Custom Chinese Malware Found on SonicWall Appliance appeared first on SecurityWeek.
Learn from IT Innovators at CIO’s FutureIT Dallas
Leading a technically complex initiative can feel like you’re climbing Mount Everest. Find out what it’s actually like to scale the world’s tallest peak – and how it really does relate to your digital journey – from extreme adventurer Jamie Clark. Clark will join prominent IT leaders from around the region at CIO’s FutureIT Dallas […]
Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks
Cisco has released patches for a high-severity DoS vulnerability in IOS XR software for several enterprise-grade routers. The post Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks appeared first on SecurityWeek.
Lazarus group infiltrated South Korean finance firm twice last year
Lazarus group was spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year. The North Korea-linked group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability, according to a research by AhnLab Security Emergency Response Center (ASEC). ASEC […]
QuSecure Unveils Quantum-Resilient Communications Satellite Link
QuSecure announced an end-to-end quantum resilient encrypted communications link that protects data delivered by satellite. The post QuSecure Unveils Quantum-Resilient Communications Satellite Link appeared first on SecurityWeek.
Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List
An analysis found that over 40 exploited vulnerabilities, mostly leveraged by botnets, are missing from CISA’s ‘must patch’ catalog. The post Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List appeared first on SecurityWeek.
Jenkins Server Vulnerabilities Chained for Remote Code Execution
Two vulnerabilities recently addressed in Jenkins server can be chained to achieve arbitrary code execution. The post Jenkins Server Vulnerabilities Chained for Remote Code Execution appeared first on SecurityWeek.
Fortinet Patches Critical Unauthenticated RCE Vulnerability in FortiOS
Fortinet has patched a critical buffer underflow vulnerability in FortiOS and FortiProxy that could lead to remote code execution without authentication. The post Fortinet Patches Critical Unauthenticated RCE Vulnerability in FortiOS appeared first on SecurityWeek.
Defeating the Deepfake Danger
Deepfakes are becoming increasingly popular with cybercriminals, and as these technologies become even easier to use, organizations must become even more vigilant. The post Defeating the Deepfake Danger appeared first on SecurityWeek.
Google Discontinuing Chrome Tool for Removing Unwanted Software
Google has announced the discontinuation of the Chrome Cleanup Tool, an application for identifying and removing unwanted software. The post Google Discontinuing Chrome Tool for Removing Unwanted Software appeared first on SecurityWeek.
ChatGPT Integrated Into Cybersecurity Products as Industry Tests Its Capabilities
ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations. The post ChatGPT Integrated Into Cybersecurity Products as Industry Tests Its Capabilities appeared first on SecurityWeek.
Cado Security Banks $20M in Series B Funding
French investment firm Eurazeo leads a $20 million bet on Cado Security, a British cloud forensics technology startup. The post Cado Security Banks $20M in Series B Funding appeared first on SecurityWeek.
Congress Members Warned of Significant Health Data Breach
House and Senate members informed that hackers may have gained access to their sensitive personal data in DC Health Link breach. The post Congress Members Warned of Significant Health Data Breach appeared first on SecurityWeek.
The CIO’s guide to smarter vendor negotiation: 10 tips
In an IT marketplace marked by turbulence, inflation, and economic uncertainty, the process of contracting with vendors for technology products and services has gotten significantly more challenging for CIOs. IT leaders may find that prices are going up without an accompanying increase in benefits, with technology providers — less dependent on any one industry or […]
Why IT communications fail to communicate
One of my client’s business analysts solicited my opinion: “Is this a good specification document?” he asked. Long ago I’d learned — the hard way — the wisdom of the adage “When someone asks for advice, they’re usually looking for an accomplice.” So I answered his question with a question of my own, asking him why […]
Revelstoke Security Raises $20 Million for SOAR Platform
Revelstoke Security has raised $20 million in a Series B funding round co-led by ClearSky Security and SYN Ventures. The post Revelstoke Security Raises $20 Million for SOAR Platform appeared first on SecurityWeek.
Vendor consolidation a hot-button topic for CIOs as they try to manage the tensions between innovation and efficiency
CIOs have always had to find a balance between the need to deliver innovation and the need to establish operational excellence. However, this tension has become even more challenging in recent years. After several years in which businesses of all sizes and across all sectors were forced to transform rapidly in response to the pandemic, […]
How CIOs Can Drive Positive Disruption Through Global Macro-Economic Challenges
CIOs have a significant opportunity to drive a transformation and innovation agenda in 2023. Despite the global economic outlook pointing to ongoing market disruption, inflation, and recession in many parts of the world, organisations are going to want to continue to invest in technology, and this will benefit both employees and customers. Research in the […]
A refocus on the hybrid working technology experience is now critical to employee satisfaction and retention
Flexibility and lifestyle are critical concerns for the modern employee. While the “Great Resignation” – a trend that has caused unprecedented rates of employees quitting and churn over the past few years – looks like it is finally starting to ease, the changes it drove in how business is done will persist. Companies were incentivised […]
Support the development of your IT professionals. Become an ACS partner.
ACS (Australian Computer Society) is the professional association for Australia’s technology sector. With 35,000+ members, ACS is dedicated to growing the nation’s digital skills and capacity. ACS members benefit from professional training and skills certification, networking and events, liability insurance cover and access to technology and innovation hubs. In addition, ACS has developed a Professional […]
What it’s going to take for advanced AI to reshape the enterprise landscape
According to Infosys research, data and artificial intelligence (AI) could generate $467 billion in incremental profits worldwide and become the cornerstone of enterprises gaining a competitive edge. But while opportunities to use AI are very real – and ChatGPT’s democratisation is accelerating generative AI test-and-learn faster than QR code adoption during the Covid pandemic – […]
SANS, Google launch academy to promote cloud security, diversity in workforce
SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in partnership with Google, to help provide training and certifications to women, ethnic minorities, Indigenous people and other groups that are currently underrepresented in the cybersecurity sector. A 2022 report by Cybersecurity Ventures found that women make up only 25% of the cybersecurity workforce globally, […]
Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking
Threat actors really only stop when their infrastructure is disrupted and their flow of funds disappears. The post Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking appeared first on SecurityWeek.
Hard-coded secrets up 67% as secrets sprawl threatens software supply chain
The number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded secrets and accelerating secrets sprawl (storing secrets in many different places) are threatening the security […]
SAP rounds out data warehouse cloud functionality, renamed Datasphere
SAP’s Data Warehouse Cloud is evolving, gaining new features and a new name, Datasphere, as the company addresses continued diversification of the enterprise data. It’s part of SAP’s move to become a more significant player in the business data fabric space, said Irfan Khan, SAP’s chief product officer for its HANA database and analytics. Khan […]
Don’t let NetOps “gotchas” derail your digital transformation
Over the past few years, technological and business advancements have created increasingly grand expectations. Your customers expect an “always on” experience. (Today, you can also add “always fast,” “always intuitive,” “always successful,” and so on.) Fundamentally, if customers find it too difficult to engage digitally with your business, they’ll engage elsewhere. Digital transformation: The implications […]
Understanding the security shared responsibility model in an as-a-service world
As organizations shape the contours of a secure edge-to-cloud strategy, it’s important to align with partners that prioritize both cybersecurity and risk management, with clear boundaries of shared responsibility. The security-shared-responsibility model is essential when choosing as-a-service offerings, which make a third-party partner responsible for some element of the enterprise operational model. Outsourcing IT operations […]
Which workloads are best suited for cloud vs. on-premises or edge?
Enterprises driving toward data-first modernization need to determine the optimal multicloud strategy, starting with which applications and data are best suited to migrate to cloud and what should remain in the core and at the edge. A hybrid approach is clearly established as the optimal operating model of choice. A Flexera report found the shift to hybrid […]
Tapping high-performance computing for new business value
Many people associate high-performance computing (HPC), also known as supercomputing, with far-reaching government-funded research or consortia-led efforts to map the human genome or to pursue the latest cancer cure. But HPC can also be used to advance more traditional business outcomes — from fraud detection and intelligent operations to digital transformation. The challenge: making complex […]
Bringing Your Employees Together Under a Shared Customer Experience Ownership Model
Breaking communication siloes between contact center and non-contact center employees is paramount to improving customer satisfaction, employee engagement, and operating costs. The average contact center agent spends 15% of their working day chasing down information needed to serve customers. These hours can add up to a financial loss of $1.5 million annually for a 200-agent contact center, according […]
Secure data-first modernization? Leverage a trusted ecosystem of partners
As companies lean into data-first modernization to deliver best-in-class experiences and drive innovation, protecting and managing data at scale become core challenges. Given the diversity of data and range of data-inspired use cases, it’s important to align with a robust partner ecosystem. This can help IT teams map the right set of services to unique […]
Best practices for developing an actionable cyberresilience road map
Pandemic-era ransomware attacks have highlighted the need for robust cybersecurity safeguards. Now, leading organizations are going further, embracing a cyberresilience paradigm designed to bring agility to incident response while ensuring sustainable business operations, whatever the event or impact. Cyberresilience, as defined by the Ponemon Institute, is an enterprise’s capacity for maintaining its core business in the face of […]
Parlay insights from the edge across your enterprise for real business value
Companies capture more data and compute capacity at the edge. At the same time, they are laying the groundwork for a distributed enterprise that can capitalize on a multiplier effect to maximize intended business outcomes. The number of edge sites — factory floors, retail shops, hospitals, and countless other locations — is growing. This gives […]
Ceiling breakers: Women IT execs shake up the status quo
Early in her life Ricki J. Koinig saw the immense impact that technology could have on individuals and their ability to move through life. To pay for horseback riding lessons while growing up, Koinig worked in a program for children and young adults with special needs who used assistive technologies. Those early professional experiences in […]
‘Sys01 Stealer’ Malware Targeting Government Employees
The Sys01 Stealer has been observed targeting the Facebook accounts of critical government infrastructure employees. The post ‘Sys01 Stealer’ Malware Targeting Government Employees appeared first on SecurityWeek.
Chrome 111 Patches 40 Vulnerabilities
Google has released Chrome 111 in the stable channel with patches for 40 vulnerabilities, including eight high-severity bugs The post Chrome 111 Patches 40 Vulnerabilities appeared first on SecurityWeek.
TSA Requires Aviation Sector to Enhance Cybersecurity Resilience
TSA instructs airport and aircraft operators to improve their cybersecurity resilience and prevent infrastructure disruption and degradation. The post TSA Requires Aviation Sector to Enhance Cybersecurity Resilience appeared first on SecurityWeek.
How CISOs can do more with less in turbulent economic times
CISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington, DC, and I wondered what was going on. I went straight to the office where […]
Exploring the digital impact in Northern Ireland’s health and social care system
The pandemic accelerated the urgency for reform in health and social care around the world, which strained resources to unprecedented levels. The effects are still being felt and in Northern Ireland specifically, ongoing political instability is further complicating approaches to digital transformation. Although progress is being made that should be recognized and celebrated, Dan West, […]
Keeping customers at the center of everything
By Hock Tan, Broadcom President and CEO During the 17 years I have led Broadcom, solving problems for customers and giving them the tools they need to succeed have been the most rewarding parts of my job. It’s important to me that whether we’re inventing the future through innovative R&D or co-creating new solutions with […]
Salesforce not ready to unleash generative AI on its customers
Salesforce was an early adopter of artificial intelligence (AI) with its Einstein recommendation tools, but it is taking a cautious approach to deploying the latest AI trend, generative AI. It’s been a month since Salesforce CEO Marc Benioff tweeted, “Get ready to be wowed by Salesforce EinsteinGPT! It generates leads, closes deals, and even makes […]
Leaders That Reboot Their Game to Become a Future Enterprise
If digital transformation was about driving fundamental change within the company, then its next chapter will be far more outward-looking. This is about being digital-first: to build digital businesses that are viable and sustainable in the long term. Rather than just leveraging digital technology to seize new opportunities, such organisations are poised to create operating […]
Salesforce earmarks $250 million for AI startup investment
CRM giant Salesforce today said that it would commit $250 million to investments in startups focused on generative AI, even as the company warned of the dangers of the technology. The company emphasized the potential gains for application software possible through the use of AI in its initial announcement of investments in four AI-driven companies. […]
Enterprise IT moves forward — cautiously — with generative AI
Vince Kellen understands the well-documented limitations of ChatGPT, DALL-E and other generative AI technologies — that answers may not be truthful, generated images may lack compositional integrity, and outputs may be biased — but he’s moving ahead anyway. Kellen, CIO at the University of California San Diego (UCSD), says employees are already using ChatGPT to […]
Pre-Deepfake Campaign Targets Putin Critics
Russia is continuing its campaign of disinformation around the Ukraine war through advanced social engineering delivered by a threat group tracked as TA499. The post Pre-Deepfake Campaign Targets Putin Critics appeared first on SecurityWeek.
Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit
Register for SecurityWeek’s Ransomware Resilience & Recovery Summit, a virtual event designed to help businesses to plan, prepare, and recover from a ransomware incident. The post Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit appeared first on SecurityWeek.
Attack campaign uses PHP-based infostealer to target Facebook business accounts
Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP. “We have […]
Akamai releases new threat hunting tool backed by Guardicore capabilities
Akamai on Tuesday launched Akamai Hunt, a visibility tool that uses the infrastructure of microsegmentation platform Guardicore to allow customers to identify and remediate threats and risks in their cloud environments. Akamai acquired Guardicore in October 2022 for about $600 million. Akamai Hunt combines Akamai’s historic data with Guardicore’s network segmentation and visualization capabilities to […]
Vulnerability in Toyota Management Platform Provided Access to Customer Data
A vulnerability in Toyota Customer 360 CRM platform provided a security researcher with full access to the car maker’s Mexican customers The post Vulnerability in Toyota Management Platform Provided Access to Customer Data appeared first on SecurityWeek.
Acer Confirms Breach After Hacker Offers to Sell Stolen Data
Acer said one of its document servers was hacked after a hacker claimed to have stolen 160 Gb of data from the company. The post Acer Confirms Breach After Hacker Offers to Sell Stolen Data appeared first on SecurityWeek.
New Oman-Australia undersea cable promises alternate, reliable route
Australian investment firm Subco is offering an alternative route for internet connectivity between Australia, Middle East and Europe through the Oman Australia Cable (OAC) by avoiding the earthquake prone route that currently goes through Malacca Strait. Subco OAC is already 9,800 km long, with landing points in Perth, West Island, and Cocos Islands in Australia, […]
Talking Cyberinsurance With Munich Re
SecurityWeek spoke to Chris Storer, head of the cyber center of excellence at reinsurance giant Munich Re, for the cyber insurers’ view of cyberinsurance. The post Talking Cyberinsurance With Munich Re appeared first on SecurityWeek.
Edgeless Systems Raises $5m for Trustworthy Data Processing
German cybersecurity start-up Edgeless Systems raises $5 million to build an open-source stack for confidential computing. The post Edgeless Systems Raises $5m for Trustworthy Data Processing appeared first on SecurityWeek.
Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia
Kaspersky has seen a surge in attacks on ICS computers in Russia and blames it on the exploitation of a Bitrix CMS vulnerability tracked as CVE-2022-27228. The post Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia appeared first on SecurityWeek.
What is zero trust? A model for more effective security
Security leaders are embracing zero trust, with the vast majority of organizations either implementing or planning to adopt the strategy. The 2022 State of Zero-Trust Security report found that 97% of those surveyed either have or plan to have a zero-trust initiative in place within 18 months. In fact, the percentage of organizations with zero […]
Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing
Wallarm Detect warns of ongoing exploitation of a critical vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V). The post Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing appeared first on SecurityWeek.
Android’s March 2023 Updates Patch Over 50 Vulnerabilities
Google has released patches for more than 50 vulnerabilities as part of the March 2023 security updates for the Android platform. The post Android’s March 2023 Updates Patch Over 50 Vulnerabilities appeared first on SecurityWeek.
3 force multipliers for digital transformation
Many CIOs will face a challenging year grappling with growing pressure from transformation initiatives, weekly layoff announcements, and the prospect of a recession. While digital initiatives and talent are the board directors’ top strategic business priorities in 2023-2024, IT spending is forecasted to grow by only 2.4% in 2023. Tech companies have laid off over […]
IT leaders tackle the high price of talent
Since the onset of the pandemic, IT has risen in prominence as an engine for business sustainability and growth across all industries. The subsequent demand for enterprise IT talent has led to a sharp spike in salaries CIOs must pay to staff their teams. “Demand for tech talent was up by 50% to 60% in […]
PayPal sued for negligence in data breach that affected 35,000 users
A pending class action lawsuit accuses online payments giant PayPal of failing to adequately safeguard the personal information of its users, leaving them vulnerable to identity theft and related ills at the hands of the unidentified perpetrators of a data breach that occurred late last year. Nearly 35,000 people were affected by the cyberattack, which […]
Cyberattack Hits Major Hospital in Spanish City of Barcelona
A ransomware attack on one of Barcelona’ s main hospitals has crippled the center’s computer system and forced the cancellation of non-urgent operations and patient checkups. The post Cyberattack Hits Major Hospital in Spanish City of Barcelona appeared first on SecurityWeek.
Generative AI to be a key priority for senior IT leaders: Salesforce report
Generative AI has become a top priority among businesses even though IT leaders are expressing concerns about potential ethical issues posed by the technology, according to a new Salesforce survey. Sixty-seven percent of senior IT leaders surveyed said they will be prioritizing the technology over the next 18 months, and 33% claimed it would be […]
Police Looking for Russian Suspects Following DoppelPaymer Ransomware Crackdown
Several locations in Germany and Ukraine were raided recently as part of an international law enforcement operation targeting the DoppelPaymer ransomware. The post Police Looking for Russian Suspects Following DoppelPaymer Ransomware Crackdown appeared first on SecurityWeek.
Next CIO Champions the Rising Stars of IT in the UK
Next CIO returns for 2023 to continue to support the career development of aspiring IT and Tech leaders. Next CIO is the annual awards and mentoring programme helping aspiring IT leaders to develop their careers, build their network and improve their skill sets. It is an opportunity for aspiring digital, data, and technology leaders to […]
Shutterstock capitalizes on the cloud’s cutting edge
When you store and deliver data at Shutterstock’s scale, the flexibility and elasticity of the cloud is a huge win, freeing you from the burden of costly, high-maintenance data centers. But for the New York-based provider of stock photography, footage, and music, it’s the innovation edge that makes the cloud picture perfect for its business. […]
New ATM Malware ‘FiXS’ Emerges
Metabase Q documents FiXS, a new malware family targeting ATMs in Latin America. The post New ATM Malware ‘FiXS’ Emerges appeared first on SecurityWeek.
Open letter demands OWASP overhaul, warns of mass project exodus
For more than two decades, the Open Worldwide Application Security Project (OWASP) has provided free and open resources for improving the security of software. Led by the non-profit OWASP Foundation, OWASP has brought together community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and educational and training conferences for developers […]
New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems
Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems. The post New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems appeared first on SecurityWeek.
European Police, FBI Bust International Cybercrime Gang
Authorities disrupted an international cybercrime gang which has been blackmailing large companies and institutions for years. The post European Police, FBI Bust International Cybercrime Gang appeared first on SecurityWeek.
Ransomware Operators Leak Data Allegedly Stolen From City of Oakland
Play ransomware operators have leaked data allegedly stolen from the City of Oakland last month. The post Ransomware Operators Leak Data Allegedly Stolen From City of Oakland appeared first on SecurityWeek.
BetterHelp Shared Users’ Sensitive Health Data, FTC Says
The online counseling service BetterHelp has agreed to return $7.8 million to customers to settle with the Federal Trade Commission for sharing health data it had promised to keep private The post BetterHelp Shared Users’ Sensitive Health Data, FTC Says appeared first on SecurityWeek.
Cybercrime Marketplace Leaks Over 2.1 Million Payment Cards
Carding marketplace BidenCash last week released information on more than 2.1 million credit and debit cards. The post Cybercrime Marketplace Leaks Over 2.1 Million Payment Cards appeared first on SecurityWeek.
557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022
There are nearly 900 vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog, including nearly 100 discovered in 2022. The post 557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022 appeared first on SecurityWeek.
Tracking device technology: A double-edged sword for CISOs
The transportation industry has doubled down in the area of fleet tracking in recent years, which has come with great benefits and not a few security headaches. On the consumer side, we’ve spoken of Apple’s AirTag and how it has been used to find personal items of import — and also its potential to be […]
Cybersecurity M&A Roundup: 35 Deals Announced in February 2023
Thirty-five cybersecurity-related M&A deals were announced in February 2023 The post Cybersecurity M&A Roundup: 35 Deals Announced in February 2023 appeared first on SecurityWeek.
Transforming IT for cloud success
As CIO Neil Holden moved his company, Halfords Group, further into the cloud, he sought to do more than simply “lift-and-shift” IT operations. Rather, Holden — like most CIOs — wanted his increasing use of cloud to enable and shape the company’s transformation agenda. To succeed in that objective, he knew he had to transform […]
How Pick n Pay’s migration to the cloud is paying off
Pick n Pay’s bold plan to modernize infrastructure and drive efficiency is beginning to pay dividends as its migration to AWS was successfully completed last year, signaling the digital ambitions of this retail giant. This move to the cloud lays the foundation for further expansion into other cloud-based applications to deliver deeper insights and better […]
Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs
Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs). The post Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs appeared first on SecurityWeek.
Little Caesars’ CIO on achieving ‘Mission Impossible’
With a talent for developing people and inspiring innovation from her teams, Anita Klopfenstein has built a powerhouse IT organization since joining Little Caesars in 2017 as its CIO. One of the secrets behind her success as a leader is her love of learning. After majoring in both computer science and radio, television and film, […]
Diversity in UK tech on the rise, but not for senior leadership
The sixth annual report from Tech Talent Charter (TTC) has revealed that while companies in the UK are making progress toward improving diversity in their overall workforce, there is still a significant lack of diversity among senior technology leaders. The not-for-profit charity, which focuses on tracking diversity in technology, compiled its report using data from […]
AI value begins with managing the C-suite conversation
Every futurist and forecaster I have talked to is convinced the transformative technology of the next seven years is artificial intelligence. Everyone seems to be talking about AI. Unfortunately, most of these conversations do not lead to value creation or greater understanding. And, as an IT leader, you can bet these same conversations are reverberating […]
Sports venues advance goals, enhance fan experience with data analytics
Sports fans today have more ways than ever to watch their favorite teams beyond the traditional, live stadium experience, including television, streaming services, even highlights on social media. For years, fans have been less inclined to choose the live stadium experience, with game attendance across major North American professional sports in decline. In 2020, financial […]
Mulesoft, Tableau uptake fuels Salesforce growth spurt
Despite a tumultuous couple of months, strong user uptake of Tableau business intelligence and MuleSoft data automation and integration software fueled a surprising 14% year-over-year jump in revenue for Salesforce’s fourth quarter. Posting revenue of $8.38 billion after stock market trading closed on Wednesday, the company beat the expectations of analysts, whose average forecast for […]
Macquarie Government: Providing Australia’s Federal Agencies with the Cloud and Security Solutions They Need to Safeguard the Most Sensitive Data
With five state-of-art data centers located in the Sydney and Canberra metropolitan areas, including a facility created to manage cloud applications and data that require PROTECTED, SECRET and higher classifications, Macquarie Government, as part of the ASX listed Macquarie Telecom Group, was one of the first companies to provide sovereign IT services to Australia’s government […]
Give them a break: How to unstress IT security teams overburdened with vulnerability patching
IT teams are exhausted. The tech talent shortage has led to severe understaffing even as cybercriminals ramp up their attacks. The ever-increasing shift toward hybrid working models has only compounded the issue, with IT teams struggling to deploy patches and other fixes across an expanded attack surface transcending the corporate firewall. Nearly three-quarters (74%) of […]
Are you protected against vulnerabilities with known exploits?
No IT leader wants to tell the C-suite about a serious breach that took advantage of a known infrastructure vulnerability. Hackers develop new attack strategies so often that it’s easy to forget a fundamental truth about cybersecurity: hackers don’t have to rely on finding new vulnerabilities. The inability of organizations to promptly address the rapidly […]
A CIO’s first rule for automation: Have a clear business case
By virtue of their position between IT and effecting business strategy, CIOs can identify what processes their organizations need in order to modernize and automate. When it comes to updating core systems to drive operational efficiencies, they also have to ensure that a sound business case exists to automate them, says Laurie Shotton, VP and […]
EPA Mandates States Report on Cyber Threats to Water Systems
The Biden administration said it would require states to report on cybersecurity threats in their audits of public water systems, a day after it released a broader plan to protect critical infrastructure against cyberattacks. The post EPA Mandates States Report on Cyber Threats to Water Systems appeared first on SecurityWeek.
HPE to acquire Axis Security to deliver a unified SASE offering
Hewlett Packard Enterprise has agreed to buy cloud security services provider Axis Security, its third acquistion since January, to deliver a unified secure access service edge (SASE) offering. The acquisition is aimed at incorporating the Axis security service edge (SSE) platform into HPE’s edge-to-cloud network security capabilities with to deliver integrated networking and security solutions […]
Thousands of Websites Hijacked Using Compromised FTP Credentials
Cybersecurity startup Wiz warns of a widespread redirection campaign in which thousands of websites have been compromised using legitimate FTP credentials. The post Thousands of Websites Hijacked Using Compromised FTP Credentials appeared first on SecurityWeek.
Iron Tiger updates malware to target Linux platform
Iron Tiger, an advanced persistent threat (APT) group, has updated their SysUpdate malware to include new features and add malware infection support for the Linux platform, according to a report by Trend Micro. The earliest sample of this version was observed in July 2022 and after finding multiple similar payloads in late October 2022, Trend […]
Organizations Warned of Royal Ransomware Attacks
FBI and CISA have issued an alert to warn organizations of the risks associated with Royal ransomware attacks. The post Organizations Warned of Royal Ransomware Attacks appeared first on SecurityWeek.
Industry Experts Analyze US National Cybersecurity Strategy
Feedback Friday: Industry professionals commented on various aspects of the new national cybersecurity strategy, its impact, and implications. The post Industry Experts Analyze US National Cybersecurity Strategy appeared first on SecurityWeek.
White House Cybersecurity Strategy Stresses Software Safety
Some say the White House cybersecurity strategy is largely aspirational. Its boldest initiatives — including stricter rules on breach reporting and software liability — are apt to meet resistance from business and Republicans in Congress. The post White House Cybersecurity Strategy Stresses Software Safety appeared first on SecurityWeek.
Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts
Chick-fil-A is informing users that their accounts have been compromised in a two-month-long credential stuffing campaign. The post Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts appeared first on SecurityWeek.
IBM partners up with Cohesity for better data defense in new storage suite
Data security and protection are the main upside for IBM’s upcoming storage offering, which combines the company’s own products with those from third parties.
White House releases an ambitious National Cybersecurity Strategy
The White House released its long-anticipated National Cybersecurity Strategy, a comprehensive document that offers fundamental changes in how the US allocates “roles, responsibilities, and resources in cyberspace.” The strategy involved months of discussions among more than 20 government agencies and countless consultations with private sector organizations. It encompasses virtually all the weaknesses and challenges inherent […]
Gitpod flaw shows cloud-based development environments need security assessments
Researchers from cloud security firm Snyk recently discovered a vulnerability that would have allowed attackers to perform full account takeover and remote code execution (RCE) in Gitpod, a popular cloud development environment (CDE). Cloud-based development environments are popular because they’re easier to deploy and maintain than local ones and promise better security. However, organizations should properly […]
Software liability reform is liable to push us off a cliff
Like “SBOMs will solve everything,” there is a regular cry to reform software liability, specifically in the case of products with insecurities and vulnerabilities. US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly’s comments this week brought the topic back into focus, but it’s still a thorny issue. (There’s a reason certain things are […]
BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems
ESET says the BlackLotus UEFI bootkit can bypass secure boot on fully updated Windows 11 systems. The post BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems appeared first on SecurityWeek.
Advancing Women in Cybersecurity – One CMO’s Journey
Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. The post Advancing Women in Cybersecurity – One CMO’s Journey appeared first on SecurityWeek.
Critical Vulnerabilities Allowed Booking.com Account Takeover
Booking.com recently patched several vulnerabilities that could have been exploited to take control of a user’s account. The post Critical Vulnerabilities Allowed Booking.com Account Takeover appeared first on SecurityWeek.
Booking.com account takeover flaw shows possible pitfalls in OAuth implementations
Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link. The attack combined three separate issues that on their own could be categorized as low risk […]
Microsoft Intune Suite consolidates endpoint management and protection
Intune Suite will streamline endpoint management with added features for controlled and secure access.
Unpatched old vulnerabilities continue to be exploited: Report
Known vulnerabilities as old as 2017 are still being successfully exploited in wide-ranging attacks as organizations fail to patch or remediate them successfully, according to a new report by Tenable. The report is based on Tenable Research team’s analysis of cybersecurity events, vulnerabilities and trends throughout 2022, including an analysis of 1,335 data breach incidents […]
Best and worst data breach responses highlight the do's and don'ts of IR
In theory, enterprises should not only have security measures in place to prevent a data breach but should also have detailed plans for a response in the event of a breach. And they should periodically conduct drills to test those plans. Industry-wide best practices for incident response are well established. “In general, you want breach […]
Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack
Canadian bookstore chain Indigo this week confirmed that employee data was stolen in a ransomware attack last month. The post Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Information of European Hotel Chain’s Customers Found on Unprotected Server
The personal information of many customers of European hotel chain Falkensteiner was discovered by a researcher on an unprotected server. The post Information of European Hotel Chain’s Customers Found on Unprotected Server appeared first on SecurityWeek.
White House Releases National Cybersecurity Strategy
The U.S. government released its widely anticipated National Cybersecurity Strategy on Tuesday. The post White House Releases National Cybersecurity Strategy appeared first on SecurityWeek.
New CISA Tool ‘Decider’ Maps Attacker Behavior to ATT&CK Framework
CISA has released a free and open source tool that makes it easier to map an attacker’s TTPs to the Mitre ATT&CK framework. The post New CISA Tool ‘Decider’ Maps Attacker Behavior to ATT&CK Framework appeared first on SecurityWeek.
Cisco Patches Critical Vulnerability in IP Phones
Cisco has released patches for a critical remote code execution vulnerability in certain IP phones. The post Cisco Patches Critical Vulnerability in IP Phones appeared first on SecurityWeek.
GitHub Secret Scanning Now Generally Available
GitHub this week made secret scanning generally available and free for all public repositories. The post GitHub Secret Scanning Now Generally Available appeared first on SecurityWeek.
AWS makes its Lift program available in India
Amazon Web Services on Wednesday made its global Lift program available in India, targeting small and medium-size businesses with revenue ranging from 800 million to 6.25 billion rupees. The Lift program, according to AWS, offers promotional credits and nearly 200 AWS services to help enterprises move on-premises workloads to the cloud. The India Lift program […]
Coca-Cola Beverages Philippines’ Trisha Liu-Ventura on the manufacturing industry
Trisha Liu-Ventura – Head of Cybersecurity, Governance, Risk and Compliance at Coca-Cola Beverages Philippines – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about challenges in securing the manufacturing industry, oversharing on social media, and more. To read this article in full, please click here
Internet Access, Privacy ‘Essential for Freedom’: Proton Chief
Proton, perhaps best known for its encrypted email service, sees its mission of ensuring privacy and online access as a vital tool in shoring up democracy in the digital age. The post Internet Access, Privacy ‘Essential for Freedom’: Proton Chief appeared first on SecurityWeek.
Why TikTok Is Being Banned on Gov’t Phones in US and Beyond
So how serious is the threat of using TikTok? Should TikTok users who don’t work for the government be worried about the app, too? The post Why TikTok Is Being Banned on Gov’t Phones in US and Beyond appeared first on SecurityWeek.
3 ways to invest in IT during a recession while keeping costs low
The world is experiencing an onslaught of economic uncertainty, and the IT industry is facing headwinds just like any other. Gartner recently lowered their expectations for IT budgets to increase by just 2.2% in 2023 on average – lower than the projected 6.5% global inflation rate. But the economic turmoil doesn’t mean your competitors are […]
Real-time artificial intelligence for everyone
By Chet Kapoor, Chairman & CEO of DataStax Every business needs an artificial intelligence strategy, and the market has been validating this for years. Gartner® predicts that, “By 2027, over 90% of new software applications that are developed in the business will contain ML models or services, as enterprises utilize the massive amounts of data […]
Mainframe modernization and the importance of security
At a time when businesses are pushing the limits of digital transformation and modernization, security, particularly in the mainframe, is critical. But while most firms know this, research has shown that widespread understanding has not manifested much in the way of action. And when asked to rank their most important mainframe security features, respondents said […]
Webinar Tomorrow: Entering the Cloud Native Security Era
Join SecuityWeek and LogRhythm as we dive into security risks associated with SaaS, as well as best practices for mitigating these risks and protecting data. The post Webinar Tomorrow: Entering the Cloud Native Security Era appeared first on SecurityWeek.
Top 10 Security, Operational Risks From Open Source Code
Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS). The post Top 10 Security, Operational Risks From Open Source Code appeared first on SecurityWeek.
Cisco to Acquire Valtix for Cloud Network Security Tech
Cisco announced plans to acquire Valtix, an early-stage Silicon Valley startup in the cloud network security business. The post Cisco to Acquire Valtix for Cloud Network Security Tech appeared first on SecurityWeek.
BlackLotus bootkit can bypass Windows 11 Secure Boot: ESET
A Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus is found to be capable of bypassing an essential platform security feature, UEFI Secure Boot, according to researchers from Slovakia-based cybersecurity firm ESET. BlackLotus uses an old vulnerability and can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled, the researchers found. UEFI […]
Top 10 open source software risks for 2023
Known vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs. The other major open source software risks, according to the report, include unmaintained software, outdated software, untracked dependencies, license risk, immature software, unapproved changes, […]
Ransomware Attacks: Don’t Let Your Guard Down
History has shown that when it comes to ransomware, organizations cannot let their guards down. The post Ransomware Attacks: Don’t Let Your Guard Down appeared first on SecurityWeek.
Two Hacking Groups Seen Targeting Materials Sector in Asia
Two APTs, named Winnti and Clasiopa, have been observed targeting Asian organizations in the materials sector. The post Two Hacking Groups Seen Targeting Materials Sector in Asia appeared first on SecurityWeek.
Several Law Firms Targeted in Malware Attacks
In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns. The post Several Law Firms Targeted in Malware Attacks appeared first on SecurityWeek.
US Officials Make Case for Renewing FISA Surveillance Powers
The Biden administration urged Congress to renew the Foreign Intelligence Surveillance Act (FISA) that the government sees as vital in countering overseas terrorism, and cyberattacks. The post US Officials Make Case for Renewing FISA Surveillance Powers appeared first on SecurityWeek.
Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar
Google this week made client-side encryption for Gmail and Calendar available for Workspace customers. The post Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar appeared first on SecurityWeek.
CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles
In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person. The post CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles appeared first on SecurityWeek.
South American Cyberspies Impersonate Colombian Government in Recent Campaign
The South American cyberespionage group Blind Eagle has been observed impersonating a Colombian government tax agency in recent attacks. The post South American Cyberspies Impersonate Colombian Government in Recent Campaign appeared first on SecurityWeek.
How security leaders can effectively manage Gen Z staff
In 2022, I started a podcast aimed at converting more Gen Z to seek careers in cybersecurity. In doing so, I had to educate myself on what they value and realized the many differences between Gen Z and previous generations. Gen Z refers to those born between mid-to-late 1990s and 2010, making them between the […]
Dish Network Says Outage Caused by Ransomware Attack
Satellite TV giant Dish Network has confirmed rumors that a recent outage was the result of a cyberattack and admitted that data was stolen. The post Dish Network Says Outage Caused by Ransomware Attack appeared first on SecurityWeek.
Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products
Several ThingWorx and Kepware products are affected by two vulnerabilities that can be exploited for DoS attacks and unauthenticated remote code execution. The post Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products appeared first on SecurityWeek.
Think carefully before considering cloud repatriation
Most IT leaders have assets moved to the cloud to achieve some combination of better, faster, or cheaper compute and storage services. They also expect to benefit from the expertise of cloud providers—expertise that isn’t easy for companies to develop and maintain in house, unless your company happens to be a technology provider. “While computing […]
From CIO to CEO: XPO’s Mario Harik on leveling up
With technology increasingly central to business value, CIOs stepping up to plus-size roles and even making the leap from CIO to CEO is no longer the rare feat it once was. Still, earning that corner office is an achievement few IT leaders can list among their career accomplishments. As XPO’s first CIO, Mario Harik played […]
Huawei unveils plans to target Small and Medium Enterprise market at MWC
Huawei’s Enterprise Business Group (EBG) arrived at Mobile World Congress in Barcelona this year with a proposition fit for the times, emphasizing the value created by digital transformation across multiple industries and use case scenarios. Huawei has developed more than 100 scenario-based solutions, covering over 10 industries. EBG’s strategy of ‘Weaving Technologies for Industry Scenarios’ […]
Hacked home computer of engineer led to second LastPass data breach
Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches […]
New cyberattack tactics rise up as ransomware payouts increase
While phishing, business email compromise (BEC), and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint. “While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and […]
Security Defects in TPM 2.0 Spec Raise Alarm
Security defects in the Trusted Platform Module (TPM) 2.0 reference library specification expose devices to code execution attacks. The post Security Defects in TPM 2.0 Spec Raise Alarm appeared first on SecurityWeek.
Ransomware Attack Hits US Marshals Service
The US Marshals Service has confirmed that ransomware was deployed on one of its systems that contains sensitive law enforcement information. The post Ransomware Attack Hits US Marshals Service appeared first on SecurityWeek.
Malicious package flood on PyPI might be sign of new attacks to come
Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository. If executed on a Windows system, these packages will download and install a Trojan program hosted on Dropbox. Flooding public package repositories with malicious packages is not entirely new. Last year researchers detected […]
Trackd Snags $3.35M Seed Funding to Automate Vuln Remediation
Trackd, an early stage startup founded by former NSA engineer Mike Starr, has secured $3.35 million in seed funding to automate vulnerability remediation. The post Trackd Snags $3.35M Seed Funding to Automate Vuln Remediation appeared first on SecurityWeek.
Well-funded security systems fail to prevent cyberattacks in US and Europe: Report
Multilayered, well-funded cybersecurity systems are unable to protect enterprises in the US and Europe from cyberattacks, according to a report by automated security validation firm Pentera. The report, which was based on a survey of 300 CIOs, CISOs and security executives to get insights on their current IT and security budgets and cybersecurity validation practices, […]
How 3 Digital Champions Tackle Real-Time Data Challenges
By Thomas Been, DataStax Building data-driven, high-growth businesses takes a certain kind of roll-up-your-sleeves, determined, and smart builder who understands the importance of building a unified, foundational data architecture. We call these people Digital Champions. They’re visionaries in using real-time data and the cloud to deliver unprecedented value to their organizations and, in turn, to […]
Vulnerabilities Being Exploited Faster Than Ever: Analysis
The time from vulnerability disclosure to exploitation is decreasing, according to a new intelligence report from Rapid7. The post Vulnerabilities Being Exploited Faster Than Ever: Analysis appeared first on SecurityWeek.
New ‘Exfiltrator-22’ Post-Exploitation Framework Linked to Former LockBit Affiliates
A recently identified post-exploitation framework ‘Exfiltrator-22’ uses the same C&C infrastructure as the LockBit ransomware. The post New ‘Exfiltrator-22’ Post-Exploitation Framework Linked to Former LockBit Affiliates appeared first on SecurityWeek.
33 New Adversaries Identified by CrowdStrike in 2022
CrowdStrike identified 33 new threat actors and campaigns in 2022, including many cybercrime groups and operations. The post 33 New Adversaries Identified by CrowdStrike in 2022 appeared first on SecurityWeek.
‘Hackers’ Behind Air Raid Alerts Across Russia: Official
Russian authorities said that several television and radio stations that have recently broadcast air raid alerts had been breached by hackers. The post ‘Hackers’ Behind Air Raid Alerts Across Russia: Official appeared first on SecurityWeek.
Vouched Raises $6.3 Million for Identity Verification Platform
AI-driven identity verification platform Vouched has raised $6.3 million in a funding round led by BHG VC and SpringRock Ventures. The post Vouched Raises $6.3 Million for Identity Verification Platform appeared first on SecurityWeek.
Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites
A critical vulnerability in the Houzez premium WordPress theme and plugin has been exploited in the wild. The post Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites appeared first on SecurityWeek.
How to de-risk your digital ecosystem
Companies rightly see much promise for future revenues and productivity by building and participating in emerging digital ecosystems — but most have not given enough consideration to the risks and threats inherent in such ecosystems. According to the TCS Risk & Cybersecurity Study, cyber threats within digital ecosystems may be an enterprise blind spot. TCS […]
Economic pressures are increasing cybersecurity risks; a recession would amp them up more
Predictions on whether or when the global economy will fall into a recession continue to swirl. Even if one doesn’t hit anytime soon, economic volatility, more cautious corporate spending plans, and employee layoffs are already in play. For security chiefs, such news portends a tougher road ahead. CISOs have never had an easy time — […]
Bringing the National Museum of African American History and Culture to the world
In 2022, with the pandemic subsiding, the National Museum of African American History and Culture at the Smithsonian Institution in Washington, DC, once again served more than 1 million visitors. But thanks to an inventive digital offering, called Searchable Museum, the museum has been able to reach even more. The searchable replica of the museum, […]
The CIO’s new C-suite mandate
JP Saini’s dual role as chief digital and technology officer at Sunbelt Rentals requires strategic relationships with his C-suite peers beyond just sharing a seat at the executive table. He’s also considered a strategic advisor and changemaker in the organization, and he’s often called on to speak with investors. He relies on his C-suite peers […]
The Rome Call for AI Ethics: Should CIOs heed it?
As enterprises increasingly look to artificial intelligence (AI) to support, speed up, or even supplant human decision-making, calls have rung out for AI’s use and development to be subject to a higher power: our collective sense of right and wrong. One such entity weighing in on the need for AI ethics is the Vatican, which […]
7 CIOs on building a consultative IT culture
How can we get our IT teams to be viewed as more consultative partners to the business? It’s one of the big questions I continue to hear from CIOs. While technology has changed dramatically over the past decade and become increasingly intertwined with the business’s success, many IT teams remain in order-taking mode, responding to […]
Everything-as-a-Service: Huawei Brings the Cloud Ecosystem Within Reach at MWC 2023
GSMA’s Mobile World Congress (MWC) 2023 in Barcelona—the largest and most influential event for connectivity—is expected to attract over 80,000 attendees from 200 countries and over 2,000 exhibitors. This year’s event will explore themes of 5G acceleration, immersive technology, open networks, fintech, and ‘Digital Everything’, encompassing intelligent solutions, Internet-of-Things, Industry 4.0, and how every industry […]
IT spend in META region expected to grow in 2023 despite challenges
The year ahead is likely to be characterised by recessionary pressures in key global economies, increasing borrowing costs, unpredictable supply chains, oil price uncertainty, and volatile demand. Regardless of the challenges of the past few years and the hurdles ahead, digital transformation investments in the Middle East, Türkiye, and Africa (META) are set to more […]
US Electric Cooperative Association Launches Commercial OT Security Solution
The National Rural Electric Cooperative Association (NRECA) announces commercial launch of its OT cybersecurity solution. The post US Electric Cooperative Association Launches Commercial OT Security Solution appeared first on SecurityWeek.
Australian businesses need new servers to drive sustainability and innovation
Businesses are feeling growing pressure to act on climate change from all angles. However, despite data centres and transmission networks being responsible for nearly 1 per cent of energy-related greenhouse gas emissions, a new Deloitte study reports little over half (54 per cent) of businesses have converted to energy-efficient technologies. This number is concerning given […]
White House: No More TikTok on Gov’t Devices Within 30 Days
The White House is giving all federal agencies 30 days to wipe TikTok off all government devices. The post White House: No More TikTok on Gov’t Devices Within 30 Days appeared first on SecurityWeek.
Ukraine IT’s unparalleled resilience
On the morning of Feb. 24, 2022, Russia invaded Ukraine, escalating a years-long conflict between the two countries. In the year since those first pre-dawn attacks, hundreds of thousands of troops and civilians have been wounded or killed, millions of Ukrainians have been displaced, and cities have been shattered. The previously rapidly growing IT industry […]
How Blacks in Technology Foundation is ‘stomping the divide’
When Greg Greenlee joined the IT industry in 2008, the lack of representation of Black IT professionals among attendees and speakers at tech conferences and events was readily apparent. “It wasn’t a thing where I was made to feel out of place or that I did not belong,” Greenlee says, but it did make him […]
LastPass Says DevOps Engineer Home Computer Hacked
LastPass DevOp engineer’s home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. The post LastPass Says DevOps Engineer Home Computer Hacked appeared first on SecurityWeek.
Cyberattack on Boston Union Results in $6.4M Loss
A cyberattack on the Boston-based Pipefitters Local 537 union’s health fund resulted in the loss of $6.4 million. The post Cyberattack on Boston Union Results in $6.4M Loss appeared first on SecurityWeek.
Perspectives on how cloud computing & app development trends will take shape in 2023
We’ve entered another year where current economic conditions are pressuring organizations to do more with less, all while still executing against digital transformation imperatives to keep the business running and competitive. To understand how organizations may be approaching their cloud strategies and tech investments in 2023, members of VMware’s Tanzu Vanguard community shared their insights […]
Germany plans new visa aimed at attracting more Indian tech workers
The German government has announced plans to make it easier for IT workers from India to obtain work visas in Germany. While visiting Bengaluru, the center of India’s tech sector, German Chancellor Olaf Scholz held a televised press conference Sunday with the country’s prime minister, Narendra Modi, where he said Germany not only wants to […]
US National Cyber Strategy Pushes Regulation, Aggressive Hack-Back Operations
The U.S. government is set to green-light a more aggressive ‘hack-back’ approach to dealing with foreign adversaries and mandatory regulation of critical infrastructure vendors. The post US National Cyber Strategy Pushes Regulation, Aggressive Hack-Back Operations appeared first on SecurityWeek.
US Sanctions Several Entities Aiding Russia’s Cyber Operations
US Department of Treasury has announced a fresh set of sanctions against entities helping Russia in the war against Ukraine. The post US Sanctions Several Entities Aiding Russia’s Cyber Operations appeared first on SecurityWeek.
‘PureCrypter’ Downloader Used to Deliver Malware to Governments
Threat actor uses the PureCrypter downloader to deliver malware to government entities in Asia-Pacific and North America. The post ‘PureCrypter’ Downloader Used to Deliver Malware to Governments appeared first on SecurityWeek.
Cybersecurity in wartime: how Ukraine's infosec community is coping
Whenever shells rain down on Ukraine, Yuriy Gatupov’s colleagues put a ‘+’ sign in a chat room. Then, the pluses are counted. “We check if everybody is alive,” he says. Gatupov, the owner of two cybersecurity companies, says it is vital to stay connected during a time of war. With Russia now controlling around 18% […]
Cloud Security Firm Wiz Raises $300 Million at $10 Billion Valuation
Cloud security company Wiz has raised $300 million in a Series D funding round that brings the total raised by the company to $900 million. The post Cloud Security Firm Wiz Raises $300 Million at $10 Billion Valuation appeared first on SecurityWeek.
QNAP Offering $20,000 Rewards via New Bug Bounty Program
New QNAP Systems bug bounty program covers vulnerabilities in applications, cloud services, and operating systems. The post QNAP Offering $20,000 Rewards via New Bug Bounty Program appeared first on SecurityWeek.
Coding for the Future of U.S. National Defense
By Hock Tan, Broadcom President & CEO Since we announced our intent to acquire VMware last year, customers have expressed to me their excitement about VMware’s momentum around cloud-native apps in its Tanzu business. Tanzu is a central part of VMware’s software portfolio and its multi-cloud strategy, and will remain that way after Broadcom’s acquisition […]
Cost still biggest driver for multicloud, study finds
Italian insurer Reale Group found itself with four cloud providers running around 15% of its workloads, and no clear strategy to manage them. “It was not a result we were seeking, it was the result of reality,” said Marco Barioni, CEO of Reale ITES, the company’s internal IT engineering services unit. Since then, Barioni has […]
Media Giant News Corp Discloses New Details of Data Breach
News Corp says a threat group, previously linked to the Chinese government, had access to its systems for two years before the breach was discovered. The post Media Giant News Corp Discloses New Details of Data Breach appeared first on SecurityWeek.
Palo Alto Networks Unveils Zero Trust OT Security Solution
Palo Alto Networks introduces a new OT security solution for industrial organizations that provides visibility, zero trust and simplified operations. The post Palo Alto Networks Unveils Zero Trust OT Security Solution appeared first on SecurityWeek.
5 top threats from 2022 most likely to strike in 2023
The threat landscape is highly diverse and attacks range in sophistication from the most basic scams to nation-state-level cyberespionage. However, companies need to prioritize their defenses against the most common threats that are likely to impact them and their employees. In its newly released annual State of Malware report, cybersecurity firm Malwarebytes selected five threats […]
What Executives Should Know About Shift-Left Security
By Zachary Malone, SE Academy Manager at Palo Alto Networks The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. Often, this lifecycle is depicted as a horizontal timeline with the conceptual and coding phases “starting” the cycle on […]
US warns of cyberattacks by Russia on anniversary of Ukraine war
The US Cybersecurity and Infrastructure Security Agency has issued an advisory urging organizations to increase cybersecurity vigilance today, the anniversary of Russia’s invasion of Ukraine, in the wake of a cyberattack against several Ukrainian government websites. “The United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow […]
What Executives Should Know About Shift-Left Security
By Zachary Malone, SE Academy Manager at Palo Alto Networks The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. Often, this lifecycle is depicted as a horizontal timeline with the conceptual and coding phases “starting” the cycle on […]
We’re not bluffing: Poker and other games are good models of the autonomous enterprise
ChatGPT and other artificial intelligence tools have dominated the conversation lately. Their power to imitate human writing and art is raising concerns that machines could start replacing white-collar workers, the way they took over many blue-collar jobs in the 19th century. We at Digitate are thinking about machines’ role at work too, as we develop […]
Securing 5G for 2023 and beyond
By Anand Oswal, Senior Vice President and GM at cyber security leader Palo Alto Networks While mobile technology has been around for decades, the current generation, 5G, is increasingly being recognized for the exciting new benefits it brings to enterprises, SMBs, and public sector organizations. Specifically, when properly secured, 5G capabilities such as ultra-high speeds, […]
Aligning security and business strategies
By Sean Duca, vice president and regional chief security officer for Asia Pacific and Japan at Palo Alto Networks Some economists predict that we could soon face a global recession. Looking at history, this does not bode well for levels of cybercrime. However, there is some evidence that macroeconomic conditions can impact cybercrime. In times […]
Evaluation Guide: How to choose the right modern BI & analytics platform
The transition to a modern business intelligence model requires IT to adopt a collaborative approach that includes the business in all aspects of the overall program. This guide focuses on the platform evaluation and selection. It is intended for IT to use collaboratively with business users and analysts as they assess each platform’s ability to […]
Equifax CTO Bryson Koehler on the CIO as product chief
Bryson Koehler, Chief Product, Data, Analytics and Technology Officer at Equifax, joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss “decision intelligence” vs. data overload, advancing ethical AI, cloud native operations and more. Watch this episode: Listen to this episode: Careers, CIO, CIO […]
Microsoft tells Exchange admins to revert previously recommended antivirus exclusions
Microsoft is advising Exchange Server administrators to remove some of the endpoint antivirus exclusions that the company’s own documentation recommended in the past. The rules are no longer needed for server stability and their presence could prevent the detection of backdoors deployed by attackers. “Times have changed, and so has the cybersecurity landscape,” the Exchange […]
Enterprises aren’t using data to make business decisions: Salesforce survey
Enterprises worldwide are not tapping the potential of their data when making critical business decisions and navigating uncertain macroeconomic conditions, according to a Salesforce survey. Nearly 67% of 10,000 business leaders polled globally are not using data to set pricing in line with economic conditions such as inflation, according to the Untapped Data Research survey. […]
A Year of Conflict: Cybersecurity Industry Assesses Impact of Russia-Ukraine War
On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact. The post A Year of Conflict: Cybersecurity Industry Assesses Impact of Russia-Ukraine War appeared first on SecurityWeek.
Edgio adds advanced DDoS protection with other WAAP enhancements
Content delivery network (CDN) service provider Edgio has added a new Distributed Denial of Service (DDoS) scrubbing ability along with improved Web Application and API Interface (WAAP) to its network security offering. Designed to reduce severe damages from sophisticated DDoS attacks, Edgio’s scrubbing solution impersonates the customer’s network by routing the customer’s IP traffic through […]
11 Countries Take Part in Military Cyberwarfare Exercise
750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe. The post 11 Countries Take Part in Military Cyberwarfare Exercise appeared first on SecurityWeek.
Fortinet Shares Clarifications on Exploitation of FortiNAC Vulnerability
Fortinet provides clarifications following ‘sensationalized reports’ related to exploitation attempts targeting the FortiNAC vulnerability CVE-2022-39952 The post Fortinet Shares Clarifications on Exploitation of FortiNAC Vulnerability appeared first on SecurityWeek.
Product-based IT fuels Lufthansa’s digital CX transformation
Like many airlines, Lufthansa Group had its business upended by the COVID-19 pandemic. By April 2020, with travel bans proliferating, the airline suffered losses of €1 million per hour. Thomas Rückert, senior vice president and CIO of Lufthansa Group, says those early days of the pandemic laid bare that the airline’s digital solutions were not […]
5 measures to gauge your digital portfolio maturity
The motivations to digitize client-facing solutions vary but are often both push and pull: a push from your organization to grow revenues, gain competitive advantage, and further differentiate products and services, and a pull by the market looking for the latest technologies such as AI/ML, AR/VR, and digital twins for immediate business benefit. When WGI […]
Ransomware Attack Forces Produce Giant Dole to Shut Down Plants
Dole was forced to shut down systems in North America due to a ransomware attack, which has reportedly led to salad shortages in some grocery stores. The post Ransomware Attack Forces Produce Giant Dole to Shut Down Plants appeared first on SecurityWeek.
Introducing the CIO Tech Talk Community
At Foundry, we work hard to bring you a range of premier content and websites and strive to stay in touch with the changing needs of our audience. We proudly announce the launch of the CIO Tech Talk Community, an exclusive online community brought to you by Foundry (publisher of CIO, CSO, Computerworld, InfoWorld, Network World, […]
Companies urged to patch critical vulnerability in Fortinet FortiNAC
Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible. FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual […]
Introducing the CIO Tech Talk Community
We proudly announce the launch of the CIO Tech Talk Community, an exclusive online community brought to you by Foundry (publisher of CIO, CSO, Computerworld, InfoWorld, Network World, and other technology sites). The CIO Tech Talk Community is a safe and trusted environment to share stories, best practices, and conversations, and network with peers and industry thought […]
Puerto Rico draws business owners and investors alike through its Impeller investment platform
Puerto Rico has a lot going for it. Sixty percent of its university graduates hold a STEM degree, giving it the sixth highest availability of scientists and engineers in the world. The workforce is almost entirely bilingual, and in Latin America and the Caribbean the island is first in higher education and second in digital […]
KIO Networks Spain: Empowering Enterprises in Spain and Beyond to Achieve Real Sustainability in the Cloud
With the most advanced tier IV data center in Spain, and one of the most advanced in Europe, KIO Networks Spain provides a diverse array of private-sector and public-sector enterprises with Infrastructure-as-a-Service for mission-critical systems and applications. The company also offers a diverse array of cloud solutions and services. Some of the many offerings in […]
Debunking conventional wisdom: increased security improves performance and customer experience
Conventional wisdom says businesses must balance the cost of security with user experience—implying that security is a tax on digital interactions. Conventional wisdom appears to be outdated. According to Foundry, the need for improvements in cybersecurity was cited as the No. 1 reason for the increase in tech budgets this year. Further, CEOs’ top priorities […]
At least one open source vulnerability found in 84% of code bases: Report
At a time when almost all software contains open source code, at least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers at application security company Synopsys. In addition, 48% of all code bases analyzed by Synopsys researchers contained high-risk vulnerabilities, which are those that […]
Darktrace launches AI-driven vulnerability detection, alert system Newsroom
AI-focused cybersecurity vendor Darktrace has announced the release of Newsroom, a new detection and warning system for critical vulnerabilities that uses open-source intelligence (OSINT) sources to identify threats posed to businesses. Newsroom leverages deep and AI-assisted knowledge of a customer’s external attack surface to gauge its exposure to detected vulnerabilities and provides a summary of […]
CIO Leadership Live with MTF Finance Chief Technology Officer Dan Wilkinson
MTF Finance Chief Technology Officer Dan Wilkinson on why transformation needs an ignition point, how to change mindsets to embrace doing things differently, and the challenges that lie ahead as MTF acquires new businesses. Watch the episode: CIO Leadership Live
3 reasons why every real-time application needs AI
By Bryan Kirschner, Vice President, Strategy at DataStax Imagine getting a recommendation for the perfect “rainy Sunday playlist” midway through your third Zoom meeting on Monday. Or a receiving text about a like-for-like substitute for a product that was out of stock at your preferred e-commerce site 10 minutes after you’d already paid a premium […]
Stealthy Mac Malware Delivered via Pirated Apps
Cybercriminals are delivering stealthy cryptojacking malware to Macs using pirated apps and they could use the same method for other malware. The post Stealthy Mac Malware Delivered via Pirated Apps appeared first on SecurityWeek.
Cybersecurity VC Funding Topped $18 Billion in 2022: Report
Over 1,000 cybersecurity funding announcements were made in 2022, and startups raised $79 billion across more than 4,200 deals since 2018. The post Cybersecurity VC Funding Topped $18 Billion in 2022: Report appeared first on SecurityWeek.
TikTok Banned From EU Commission Phones Over Cybersecurity
The European Union’s executive branch has banned TikTok from phones used by employees as a cybersecurity measure, reflecting widening worries over the Chinese-owned video app. The post TikTok Banned From EU Commission Phones Over Cybersecurity appeared first on SecurityWeek.
Russian Accused of Developing NLBrute Malware Extradited to US
A Russian malware developer behind the NLBrute brute-forcing tool has been extradited to the United States from Georgia. The post Russian Accused of Developing NLBrute Malware Extradited to US appeared first on SecurityWeek.
Stress pushing CISOs out the door
Nearly half of CISOs will change jobs by 2025 due to stress caused by the risk of being breached while trying to retain staff, according to the Gartner report, Predicts 2023: Cybersecurity Industry Focuses on the Human Deal. The research firm found that the stressors of the cybersecurity world make the job of a cybersecurity […]
Webinar Today: Building Sustainable OT Cybersecurity Programs
Join this webinar to gain clear advice on the people, process and technology considerations that must be made at every stage of an OT security program’s lifecycle. The post Webinar Today: Building Sustainable OT Cybersecurity Programs appeared first on SecurityWeek.
Cisco Patches High-Severity Vulnerabilities in ACI Components
Cisco has patched DoS and CSRF vulnerabilities in the Application Policy Infrastructure Controller (APIC) and Nexus 9000 series switches. The post Cisco Patches High-Severity Vulnerabilities in ACI Components appeared first on SecurityWeek.
Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch
Hackers started exploiting the Fortinet FortiNAC vulnerability CVE-2022-39952 the same day a PoC exploit was released. The post Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch appeared first on SecurityWeek.
5 hot IT budget investments — and 2 going cold
The economy may be looking uncertain, but technology continues to drive the business and CIOs are investing big in 2023. At the same time, they are defunding technologies that no longer contribute to business strategy or growth. It’s not a stretch to say that across the board, CIOs are continuing to invest in some form […]
How CIOs overcome the challenges of leading IT in smaller cities
Most enterprises globally are based in metropolitan regions because of their inherent advantages of good infrastructure and diverse customer base. But certain businesses such as manufacturing facilities and educational institutions may be in smaller cities due to cheaper land prices, government subsidies, proximity to raw materials, and lower salaries, among other reasons. While these are […]
Why you can’t ignore cloud security
Over the past few years, enterprises across Australia have moved more and more of their systems and applications to the cloud, with the trend only gathering pace with people increasingly working outside the traditional network perimeter, often at home and other locations. Throughout 2022, several large enterprises, including NAB, doubled-down on their cloud migration plans, […]
Cyberattacks hit data centers to steal information from global companies
Cyberattacks targeting multiple data centers in several regions globally have been observed over the past year and a half, resulting in exfiltration of information pertaining to some of the world’s biggest companies and the publishing of access credentials on the dark web, according to cybersecurity company Resecurity. “Malicious cyber activity targeting data center organizations creates […]
5 top threats from 2022 most likely to strike in 2023
The threat landscape is highly diverse and attacks range in sophistication from the most basic scams to nation-state-level cyberespionage. However, companies need to prioritize their defenses against the most common threats that are likely to impact them and their employees. In its newly released annual State of Malware report, cybersecurity firm Malwarebytes selected five threats […]
How to Build ROI from Cloud Migration
Organizations are racing to modernize their legacy technology, architecture, infrastructure, and databases. Modernization often revolves around cloud migration. But not every approach provides the same ROI. Before committing to a migration strategy, organizations must identify the best approach for their business requirements. Each approach comes with its own benefits, time commitments, and cost. This whitepaper […]
Driving Business Agility on Microsoft Cloud with a Cloud Center of Excellence (CoE)
Even as cloud spend is set to grow at a CAGR of 16.9% and surpass $1.3 trillion by 2025, the transformation journey is riddled with challenges, such as security, governance, compliance, economics, and resourcing. A cloud center of excellence (CoE) in an enterprise can make a big difference in the return on cloud investments. Cloud […]
10 ways to accelerate digital transformation
The pandemic-era push to quickly boost digital touchpoints and services proved that transformation can happen fast. That has left a lasting legacy: Even as the pandemic recedes, enterprise executives continue to expect CIOs and their IT departments to deliver transformative capabilities at a rapid-fire pace. If you think you’re keeping up, think again: One recent […]
Konica Minolta’s cloud play is crucial for office comeback
Aside from commercial real estate dealers, office equipment vendors were among the hardest hit by the massive office evacuation following the pandemic. But the death of the office was much exaggerated, say some affected CIOs, who point to an increasing number of corporate mandates for employees to return to the office for at least three […]
Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017
Intel paid out more than $935,000 through its bug bounty program in 2022, but found over half of the vulnerabilities internally. The post Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017 appeared first on SecurityWeek.
Entitle debuts with automated SaaS permissions-management application
Cloud-based permissions management startup Entitle debuted Wednesday with the launch of its namesake SaaS-based application, designed to automate access requests and solve the problem of what it calls the “entitlement sprawl” faced by corporations. Enterprise security teams are confronted with an overwhelming amount of permission requests, the Israel-based company said. “We saw that permission management […]
Why Ruby Life CISO George Al Koura puts people first
Beyond one’s own personal relationships, opinions on how others conduct theirs are usually none of anyone’s business. But when it comes to actual business, George Al Koura, CISO of online dating company Ruby Life, has built a career on how long-term success depends on building team cohesion within the organization, and elevating the relationship with […]
Expat CIOs: IT leaders broaden horizons with global experiences
For many IT leaders, taking on an IT opportunity abroad can be a boon for career and life experience alike. When Richard Ventre got an opportunity to move to India from the Netherlands, he latched on to it. “We live in a world that is more global than ever before and it is important to […]
Google Paid Out $12 Million via Bug Bounty Programs in 2022
Google rewarded over 700 researchers in 2022 for contributions to its bug bounty program, with the highest single payout at $605,000. The post Google Paid Out $12 Million via Bug Bounty Programs in 2022 appeared first on SecurityWeek.
Editor’s note: Behind our new look
If there’s a common thread in CIO.com’s editorial coverage when it comes to transformation, it’s that coping with change is often the hardest part. But CIOs who have successfully led IT transformations say that embracing change can be richly rewarding—especially when the change is so obviously for the better. In a recent interview with CIO.com […]
What Heineken’s CIO is brewing for better connectivity
As a 159-year-old family business, Dutch brewing company Heineken owes its longevity to a steady stream of innovation. Founded by entrepreneur Gerard Adriaan Heineken in 1864, who sought to renovate an old brewery in the center of Amsterdam, the beer company that would later bear his name has become synonymous with Dutch beer, readily recognizable […]
Bridging the IT leadership gender gap
The ‘broken rung’ has long restricted women from achieving managerial positions in IT, and the latest joint LeanIn.org and McKinsey Women in the Workplace report finds underrepresentation in leadership roles is still a problem, and more so for women of color. Teradyne CIO Shannon Gath, who has a passion for helping women in STEM leadership […]
Salesforce certification guide: Roles, paths, exams, cost, training, requirements
Salesforce skills are among the most sought-after in the IT industry and demand is soaring. The most performant CRM system today, Salesforce is a core technology for digital business, and its associated applications and ecosystem help make it in a leading platform for those seeking a lucrative IT career. Salesforce certification is an excellent path […]
Twinings tech chief stirs up the IT department
As the chief business transformation and technology officer at Twinings Ovaltine (TwO), some might imagine Sandeep Seeripat’s role to be the epitome of what a senior technology executive should be, with a remit beyond IT operations, an authoritative voice in the boardroom and a reporting line straight to the CEO. But it hasn’t always been […]
CI&TO Abhi Dhar on embracing challenges and growing IT leaders
Abhi Dhar has had a rich career journey, from serving as chief digital officer of a Fortune 50 company to co-founding a tech startup. In his current role as executive vice president and chief information and technology officer at TransUnion, he’s responsible for all aspects of the company’s technology, including strategy, security, applications, operations, infrastructure, […]
Straumann Group is transforming dentistry with data, AI
Straumann Group’s Sridhar Iyengar has a bold mission: To transform the nearly 70-year-old company’s data and technology organization into a data-as-a-service provider for the global manufacturer and supplier of dental implants, prosthetics, orthodontics, and digital dentistry — and to provide business stakeholders machine learning (ML) as a service as well. “My vision is that I […]
Backdoor deployment overtakes ransomware as top attacker action
Deployment of backdoors on networks was the top action attackers made in almost a quarter of all incidents remediated in 2022. A spike in the use of the multi-purpose Emotet malware early in the year was the main culprit of this increase, accounting for 47% of backdoors deployed throughout the year, according to IBM Security […]
What is Traffic Light Protocol? Here's how it supports CISOs in sharing threat data
Traffic Light Protocol (TLP) was created to facilitate greater sharing of potentially sensitive threat information within an organization or business and to enable more effective collaboration among security defenders, system administrators, security managers, and researchers. TLP grew out of efforts by various public-sector security incident response teams of various nations that began sharing security alerts. […]
R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor
Hackers have been exploiting a vulnerability tracked as CVE-2022-36537 to hack hundreds of R1Soft servers. The post R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor appeared first on SecurityWeek.
Metomic Lands $20 Series A for Data Security Platform
Evolution Equity Partners leads a new venture capital raise by the early-stage British data security startup. The post Metomic Lands $20 Series A for Data Security Platform appeared first on SecurityWeek.
Entitle Nabs $15M Seed Funding for Cloud Permissions Management Tech
Glilot Capital Partners leads a seed-round of funding for Entitle, an Israeli startup tackling entitlement sprawl in the enterprise. The post Entitle Nabs $15M Seed Funding for Cloud Permissions Management Tech appeared first on SecurityWeek.
CISA Warns of Two Mitel Vulnerabilities Exploited in Wild
CISA has added two Mitel MiVoice Connect vulnerabilities to its known exploited vulnerabilities catalog and instructed federal agencies to patch them within three weeks. The post CISA Warns of Two Mitel Vulnerabilities Exploited in Wild appeared first on SecurityWeek.
VMware Plugs Critical Carbon Black App Control Flaw
VMware issues a critical fix for a vulnerability that allows hacker to gain full access to the underlying server operating system. The post VMware Plugs Critical Carbon Black App Control Flaw appeared first on SecurityWeek.
Alcatraz AI streamlines facial recognition access control with mobile update
Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration. The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics […]
Enterprise Blind Spots and Obsolete Tools – Security Teams Must Evolve
The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. The post Enterprise Blind Spots and Obsolete Tools – Security Teams Must Evolve appeared first on SecurityWeek.
Register Now: Attack Surface Management Summit – Feb. 22
In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing. The post Register Now: Attack Surface Management Summit – Feb. 22 appeared first on SecurityWeek.
Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities
Apple has updated its security advisories to add new iOS and macOS vulnerabilities, including ones belonging to a new class of bugs. The post Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities appeared first on SecurityWeek.
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm
The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks. The post AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm appeared first on SecurityWeek.
Cyber arms race, economic headwinds among top macro cybersecurity risks for 2023
Despite the billions of dollars poured annually into cybersecurity by investors, organizations, academia, and government, adequate and reliable cybersecurity remains an ever-elusive goal. The technological complexity and growing attack surface, along with a growing array of threat actors and increased interconnectivity, make securing digital systems and assets a perennial pipedream. Chief among the challenges for […]
DNA Diagnostic Center fined $400,000 for 2021 data breach
DNA Diagnostics Center, a DNA testing company, will pay a penalty of $400,000 to the attorneys general of Pennsylvania and Ohio for a data breach in 2021 that affected 2.1 million individuals nationwide, according to a settlement deal with the states’ attorneys general. The company will also be required to implement improvements to its data security, including […]
HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance
HardBit ransomware operators want to work with victims to negotiate a ransom behind the back of cyberinsurance companies. The post HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance appeared first on SecurityWeek.
10 dark web monitoring tools
The dark web is the place where every CISO hope their company’s data will not end up. It consists of sites that are not indexed by popular search engines such as Google, and the dark web includes marketplaces for data usually obtained as a result of a cyberattack such as compromised user accounts, identity information, […]
Why CISOs change jobs
Being a CISO is a hard job. You must constantly balance business, technology, and regulatory requirements against things like employee and adversary behavior. You can be a superstar, build a world-class cybersecurity program, and follow best practices, providing exceptional protection for the organization. Despite this excellence, a single employee can click on a malicious web […]
Three-quarters of businesses braced for ‘serious’ email attack this year
IT security leaders at three-out-of-four global businesses expect an email-borne attack will have serious consequences for their organization in the coming year, with the increasing sophistication of attacks a top concern, according to the 2023 State of Email Security (SOES) report. Businesses’ use of email is increasing, with 82% of companies reporting a higher volume […]
Scrut Automation Raises $7.5 Million for GRC Platform
India-based Scrut Automation has raised money to improve its risk observability and compliance automation platform and expand its presence in the US. The post Scrut Automation Raises $7.5 Million for GRC Platform appeared first on SecurityWeek.
Twitter Shuts Off Text-Based 2FA for Non-Subscribers
Twitter started a security ruckus over the weekend with the sudden decision to turn off text message/SMS method of two-factor authentication (2FA) for non-subscribers. The post Twitter Shuts Off Text-Based 2FA for Non-Subscribers appeared first on SecurityWeek.
Coinbase Attack Linked to Group Behind Last Year’s Twilio, Cloudflare Hacks
Coinbase was recently targeted in a sophisticated phishing attack and the cryptocurrency exchange linked the hack to the 0ktapus group. The post Coinbase Attack Linked to Group Behind Last Year’s Twilio, Cloudflare Hacks appeared first on SecurityWeek.
GoDaddy connects a slew of past attacks to a multiyear hacking campaign
Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an […]
New Samsung Message Guard Protects Mobile Devices Against Zero-Click Exploits
Samsung’s Message Guard provides a sandbox designed to protect phones and tablets against zero-click exploits. The post New Samsung Message Guard Protects Mobile Devices Against Zero-Click Exploits appeared first on SecurityWeek.
GoDaddy connects a slew of past attacks to a multi-year hacking campaign
Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an […]
7 reasons to avoid investing in cyber insurance
With cyberattacks rising at an alarming rate around the world, cyber insurance has become an increasingly popular layer of protection for businesses across all sectors. However, despite its clear appeal as a means of supporting and augmenting cyber risk management, insurance might not be the right fit for all companies in every circumstance. In fact, […]
Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb
Fortinet releases 40 security advisories to inform customers about patches, including for critical code execution vulnerabilities in FortiNAC and FortiWeb. The post Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb appeared first on SecurityWeek.
Cybersecurity M&A Roundup for February 1-15, 2023
Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023. The post Cybersecurity M&A Roundup for February 1-15, 2023 appeared first on SecurityWeek.
GoDaddy Says Recent Hack Part of Multi-Year Campaign
GoDaddy recently discovered a hacker attack where a sophisticated threat group infected websites and servers with malware. The post GoDaddy Says Recent Hack Part of Multi-Year Campaign appeared first on SecurityWeek.
Spain Orders Extradition of British Alleged Hacker to U.S.
Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates. The post Spain Orders Extradition of British Alleged Hacker to U.S. appeared first on SecurityWeek.
EU parliamentary committee says 'no' to EU-US data privacy framework
Progress on ratifying the Trans-Atlantic Data Policy Framework hit a snag, as a parliamentary committee rejected a draft decision to adopt the pact, saying it did not comply with the EU’s GDPR privacy regulations.
New Mirai botnet variant V3G4 targets Linux servers, IoT devices
A new variant of Mirai — the botnet malware used to launch massive DDoS attacks —has been targeting 13 vulnerabilities in IoT devices connected to Linux servers, according to researchers at Palo Alto Network’s Unit 42 cybersecurity team. Once the vulnerable devices are compromised by the variant, dubbed V3G4, they can fully controlled by attackers […]
Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks
Malwarebytes warns of a remote code execution vulnerability impacting Arris G2482A, TG2492, and SBG10 routers, which have reached end-of-life (EOL). The post Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks appeared first on SecurityWeek.
‘Frebniis’ Malware Hijacks Microsoft IIS Function to Deploy Backdoor
The Frebniis malware abuses a Microsoft IIS feature to deploy a backdoor and monitor all HTTP traffic to the system. The post ‘Frebniis’ Malware Hijacks Microsoft IIS Function to Deploy Backdoor appeared first on SecurityWeek.
Security Experts Warn of Foreign Cyber Threat to 2024 Voting
Top state election and cybersecurity officials warned about threats posed by Russia and other foreign adversaries ahead of the 2024 elections The post Security Experts Warn of Foreign Cyber Threat to 2024 Voting appeared first on SecurityWeek.
SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities
SolarWinds advisories describe multiple high-severity vulnerabilities that a Platform update will patch by the end of February. The post SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities appeared first on SecurityWeek.
EU Organizations Warned of Chinese APT Attacks
ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union. The post EU Organizations Warned of Chinese APT Attacks appeared first on SecurityWeek.
Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023
White hat hackers received $180,000 at Pwn2Own Miami 2023 for exploits targeting widely used ICS products. The post Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023 appeared first on SecurityWeek.
Data Security Startup CommandK Raises $3 Million in Seed Funding
CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data. The post Data Security Startup CommandK Raises $3 Million in Seed Funding appeared first on SecurityWeek.
Atlassian Investigating Security Breach After Hackers Leak Data
A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy. The post Atlassian Investigating Security Breach After Hackers Leak Data appeared first on SecurityWeek.
How Ukraine War Has Shaped US Planning for a China Conflict
A look at some of the lessons from the Ukraine war and how they could apply to a Taiwan conflict. The post How Ukraine War Has Shaped US Planning for a China Conflict appeared first on SecurityWeek.
Malware authors leverage more attack techniques that enable lateral movement
A new study of over a half-million malware samples collected from various sources in 2022 revealed that attackers put a high value on lateral movement, incorporating more techniques that would allow them to spread through corporate networks. Several of the most prevalent tactics, as defined by the MITRE ATT&CK framework, that were identified in the […]
Published XIoT Vulnerabilities Trend Down, but Vigilance Must Remain High: Report
While the total number of new XIoT vulnerabilities is reducing, the difficulty in securing these devices remains high – especially in OT situations. The post Published XIoT Vulnerabilities Trend Down, but Vigilance Must Remain High: Report appeared first on SecurityWeek.
Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk
The evolution of cybercrime is weighing heavily on digital forensics and incident response (DFIR) teams, leading to significant burnout and potential regulatory risk. That’s according to the 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions. The firm surveyed 492 DFIR professionals in North America and Europe, the Middle […]
Chris Inglis Steps Down as US National Cyber Director
The former NSA deputy director Chris Inglis was picked 17 months ago to be President Joe Biden’s top advisor on cybersecurity issues. The post Chris Inglis Steps Down as US National Cyber Director appeared first on SecurityWeek.
Firefox Updates Patch 10 High-Severity Vulnerabilities
Mozilla releases Firefox 110 and Firefox ESR 102.8 with patches for 10 high-severity vulnerabilities. The post Firefox Updates Patch 10 High-Severity Vulnerabilities appeared first on SecurityWeek.
Mirai Variant V3G4 Targets 13 Vulnerabilities to Infect IoT Devices
A recent variant of the Mirai malware has been observed targeting 13 IoT vulnerabilities to ensnare devices into a botnet. The post Mirai Variant V3G4 Targets 13 Vulnerabilities to Infect IoT Devices appeared first on SecurityWeek.
BEC groups are using Google Translate to target high value victims
Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide. The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, […]
How automation in CSPM can improve cloud security
With the rapid growth and increasing complexity of cloud environments, organizations are increasingly at risk from various security threats. Cloud security posture management (CSPM) is a process that helps organizations continuously monitor, identify, and remediate security risks in the cloud. The use of automation in CSPM is crucial to ensuring the security and compliance of […]
Critical Vulnerability Patched in Cisco Security Products
Cisco updates endpoint, cloud, and web security products to address a critical vulnerability in third-party scanning library ClamAV. The post Critical Vulnerability Patched in Cisco Security Products appeared first on SecurityWeek.
Surge in ESXiArgs Ransomware Attacks as Questions Linger Over Exploited Vulnerability
Hundreds of new servers were compromised in the past days as part of ESXiArgs ransomware attacks, but it’s still unclear which vulnerability is being exploited. The post Surge in ESXiArgs Ransomware Attacks as Questions Linger Over Exploited Vulnerability appeared first on SecurityWeek.
Funding Societies’ Shakthi Priya Kathirvelu on overcoming challenges in securing fintech startups
Shakthi Priya Kathirvelu – Vice President and Head of Information Security and IT at Funding Societies | Modalku Group – joins Xiou Ann Lim for this CSO Executive Sessions interview. They discuss the challenges of securing fintech firms, cultivating a good cybersecurity culture, and more. To read this article in full, please click here
Security tool adoption jumps, Okta report shows
A report from identity and access management (IAM) vendor Okta says that zero trust and new types of security tooling are in increasingly widespread use, as businesses tackle a changing security landscape.
China-based cyberespionage actor seen targeting South America
China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team. The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday. DEV-0147’s attacks in South America included post-exploitation activity involving […]
Cybersecurity startup Oligo debuts with new application security tech
Israel-based startup Oligo Security is exiting stealth mode with the public launch of its namesake software, offering a new wrinkle in library-based application security monitoring, observability, and remediation. Utilizing a technology called extended Berkeley Packet Filter (eBPF), it is able to provide agentless security coverage for open source code. Given the prevalence of open source […]
5 biggest risks of using third-party services providers
As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work that would otherwise require significant effort and potentially drain in-house resources to those who can do […]
PE Firm Francisco Partners to Take Sumo Logic Private in $1.7B Deal
Private equity firm Francisco Partners is acquiring cloud monitoring, log management and SIEM solutions provider Sumo Logic. The post PE Firm Francisco Partners to Take Sumo Logic Private in $1.7B Deal appeared first on SecurityWeek.
Ransomware Attack Pushes City of Oakland Into State of Emergency
The city of Oakland, California issued a local state of emergency as a result of the impacts from a ransomware attack. The post Ransomware Attack Pushes City of Oakland Into State of Emergency appeared first on SecurityWeek.
Mentoring tomorrow’s Black IT leaders
Daryl Hammett saw the continued underrepresentation of Black leaders across industries — tech in particular — and decided to take action. Hammett, general manager of global demand and operations at Amazon Web Services, in 2022 founded Enable, a mentoring and leadership program that creates “an environment where Black leaders could know that they are not […]
Splunk Enterprise Updates Patch High-Severity Vulnerabilities
Splunk updates for Enterprise products resolve multiple high-severity vulnerabilities, including several in third-party packages. The post Splunk Enterprise Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Descope launches authentication and user management SaaS
Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants […]
Dozens of Vulnerabilities Patched in Intel Products
Intel has released patches for multiple critical- and high-severity vulnerabilities across its product portfolio. The post Dozens of Vulnerabilities Patched in Intel Products appeared first on SecurityWeek.
Descope Targets Customer Identity Market with Massive $53M Seed Round
Descope raises an abnormally large $53 million seed-stage funding round for technology in the customer identity and authentication space. The post Descope Targets Customer Identity Market with Massive $53M Seed Round appeared first on SecurityWeek.
Recently Patched IBM Aspera Faspex Vulnerability Exploited in the Wild
A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks. The post Recently Patched IBM Aspera Faspex Vulnerability Exploited in the Wild appeared first on SecurityWeek.
ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric
Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories. The post ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric appeared first on SecurityWeek.
Oligo Security Exits Stealth with $28M for AppSec, Open Source Security
Israeli startup Oligo Security raises $28 million to build technology to detect and mitigate open source code vulnerabilities. The post Oligo Security Exits Stealth with $28M for AppSec, Open Source Security appeared first on SecurityWeek.
Russian Businessman Guilty in Hacking, Insider Trade Scheme
Vladislav Klyushin was found guilty on all charges against him, including wire fraud and securities fraud, after a two-week trial in federal court in Boston. The post Russian Businessman Guilty in Hacking, Insider Trade Scheme appeared first on SecurityWeek.
Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps
Citrix released patches for multiple vulnerabilities in Virtual Apps and Desktops, and Workspace apps for Windows and Linux. The post Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps appeared first on SecurityWeek.
SAP’s February 2023 Security Updates Patch High-Severity Vulnerabilities
SAP has released 21 notes on February 2023 Security Patch Day, including three notes addressing high-severity vulnerabilities in SAP Start Service and BusinessObjects. The post SAP’s February 2023 Security Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage
Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge. The post ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage appeared first on SecurityWeek.
Defending against attacks on Azure AD: Goodbye firewall, hello identity protection
Not too long ago, guarding access to the network was the focal point of defense for security teams. Powerful firewalls ensured that attackers were blocked on the outside while on the inside things might get “squishy,” allowing users fairly free rein within. Those firewalls were the ultimate defense—no one undesirable got access. Until they did. […]
8 signs you’ve mistimed a major IT initiative
Planning and launching a major IT initiative can be a CIO’s biggest challenge. Everything has to go right: the technology, the goals, the financial platform, and most important of all, the timing. Launch an initiative too soon and the technology may be premature and flawed. On the other hand, failing to start the project a […]
Bijoy Sagar on driving digital transformation at Bayer and beyond
Bayer is using drones to collect farming data across 80 million acres and satellite data to predict soil moisture down to the square meter. These are just two examples in a transformation that is impacting every part of the business and all 100,000 employees, as undertaken under the helm of Bijoy Sagar, the multinational’s chief […]
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that’s capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% […]
Zscaler to Acquire Israeli Startup Canonic Security
Zcaler plans to acquire Israeli startup Canonic Security to expand into the red-hot software supply chain security business. The post Zscaler to Acquire Israeli Startup Canonic Security appeared first on SecurityWeek.
Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days
Microsoft’s Patch Tuesday machine is humming loudly with software updates to fix at least 76 vulnerabilities in Windows and OS components. The post Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days appeared first on SecurityWeek.
Maximizing the Business Benefits of Multi-Cloud Adoption
Experts reveal that by 2027, cloud adoption will be mainstream, with 90% of enterprises implementing some kind of cloud strategy. What’s key is that, in the process, the cloud won’t just be a technology disruptor — it will be a business disruptor. What does this mean for your business? If you don’t tackle the challenges […]
2023 CCaaS Trends, Insights, and Statistics to Know
We know that the Contact Center-as-a-Service (CCaaS) market is growing; an increasing number of companies are choosing this flexible model to support their CX operations, and this will continue through 2023. Vendors are also increasingly expanding the capabilities of their CCaaS solutions and evolving them at speed. What can we expect over the next 12 months? Here’s where Avaya […]
Unlocking the Power of AI with a Real-Time Data Strategy
By George Trujillo, Principal Data Strategist, DataStax Increased operational efficiencies at airports. Instant reactions to fraudulent activities at banks. Improved recommendations for online transactions. Better patient care at hospitals. Investments in artificial intelligence are helping businesses to reduce costs, better serve customers, and gain competitive advantage in rapidly evolving markets. Titanium Intelligent Solutions, a global […]
Adobe Plugs Critical Security Holes in Illustrator, After Effects Software
Patch Tuesday: Adobe ships security fixes for at least a half dozen vulnerabilities that expose Windows and macOS users to malicious hacker attacks. The post Adobe Plugs Critical Security Holes in Illustrator, After Effects Software appeared first on SecurityWeek.
Florida Crystals concentrates SAP in hosting sweet spot
“I inherited a gift from the previous CIO,” says Florida Crystals CIO Kevin Grayling. “I had a modern S/4HANA landscape for the majority of the business.” That would have been an enviable situation for many of his contemporaries in the consumer packaged goods (CPG) industry — “Some have 20 or 30 different ERP solutions,” he […]
Spanish, US Authorities Dismantle Cybercrime Ring That Defrauded Victims of $5.3 Million
Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million. The post Spanish, US Authorities Dismantle Cybercrime Ring That Defrauded Victims of $5.3 Million appeared first on SecurityWeek.
EnterpriseDB adds Transparent Data Encryption to PostgreSQL
The new Transparent Data Encryption (TDE) feature will be shipped along with the company’s enterprise version of its database.
Open Systems launches Ontinue MDR division, new MXDR service Ontinue ION
Managed security services provider Open Systems has announced the launch of Ontinue, a new managed detection and response (MDR) division. It has also unveiled a new managed extended detection and response (MXDR) service, Ontinue ION, along with a new add-on service called Managed Vulnerability Mitigation (MVM). Ontinue ION offers advanced capabilities that enable faster detection […]
2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged
Dragos ICS/OT Cybersecurity Year in Review 2022 report covers state-sponsored attacks, ransomware, and vulnerabilities. The post 2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged appeared first on SecurityWeek.
CISO Conversations: The Role of the vCISO
SecurityWeek examines the role of the virtual CISO in a conversation with Chris Bedel and Greg Schaffer. The post CISO Conversations: The Role of the vCISO appeared first on SecurityWeek.
Expel announces MDR for Kubernetes with MITRE ATT&CK framework alignment
Security operations provider Expel has announced the general availability of Expel managed detection and response (MDR) for Kubernetes. The firm said the product enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. It has also been designed to align with the MITRE […]
Pepsi Bottling Ventures Discloses Data Breach
Pepsi Bottling Ventures, the largest privately-held bottler of Pepsi-Cola products in the United States, says data was stolen from its systems following a malware attack. The post Pepsi Bottling Ventures Discloses Data Breach appeared first on SecurityWeek.
Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare
Cloudflare over the weekend mitigated a record-setting DDoS attack that peaked at 71 million requests per second. The post Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare appeared first on SecurityWeek.
GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact
Organizations hit by exploitation of the GoAnywhere MFT zero-day vulnerability CVE-2023-0669 have started coming forward. The post GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact appeared first on SecurityWeek.
Taking the Friction out of Work
As organisations seek to re-establish long-term working models, it’s becoming increasingly clear that business cultures must fundamentally change. To create a productive and motivated hybrid-working model, companies need to actively increase empathy, according to a recent CIO virtual roundtable entitled “Taking the Friction Out of Work”. At the forefront of this move towards a more […]
Dimension Data: Dedicated to Making the Greatest Impact on the Planet, the Economy and the Communities it Serves
Dimension Data is widely known for bold innovations and stalwart cloud solutions and services that enable enterprises to dramatically improve their businesses; now it is on mission to benefit the planet – and in the process, the communities it services and the economies it influences. Whether it is using the Internet of Things (IoT) to […]
Hackers Target Bahrain Airport, News Sites to Mark Uprising
Hackers took down the websites of Bahrain’s international airport and state news agency to mark the 12-year anniversary of an Arab Spring uprising in the small Gulf country. The post Hackers Target Bahrain Airport, News Sites to Mark Uprising appeared first on SecurityWeek.
Apple Patches Actively Exploited WebKit Zero-Day Vulnerability
Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529. The post Apple Patches Actively Exploited WebKit Zero-Day Vulnerability appeared first on SecurityWeek.
Measuring cybersecurity: The what, why, and how
A core pillar of a mature cyber risk program is the ability to measure, analyze, and report cybersecurity threats and performance. That said, measuring cybersecurity is not easy. On one hand business leaders struggle to understand information risk (because they usually are from a non-cyber background), while on the other, security practitioners get caught up […]
PLC vulnerabilities can enable deep lateral movement inside OT networks
Threat groups who target operational technology (OT) networks have so far focused their efforts on defeating segmentation layers to reach field controllers such as programmable logic controllers (PLCs) and alter the programs (ladder logic) running on them. However, researchers warn that these controllers should themselves be treated as perimeter devices and flaws in their firmware […]
Mayor of London’s CDO turns smart city visions into reality
Theo Blackwell MBE, Chief Digital Officer at the London Mayor’s Office, sits down with CIO UK editor Doug Drinkwater on CIO UK Leadership Live to give a whistle-stop tour on CDO misconceptions, smart city futures, fostering local government collaboration and balancing technological innovation with digital inclusion. Watch the episode: Listen to the episode: CIO Leadership […]
CIO Leadership Live with Mandy Simpson, Chief Digital Officer at Z Energy
Mandy Simpson, Chief Digital Officer at Z Energy, on why she embraces working for high-change organisations, the need for IT teams to build up trust across the business, and why you should always go for a job that scares you a little. Watch the episode: CIO Leadership Live
Helping the Federal Government Navigate Its Multi-Cloud Future
By Brian McNeice, Vice President Federal Sales, Broadcom Software Federal government agencies in the United States must navigate a number of considerations when evaluating solutions from cloud service providers. At Broadcom, we also understand the importance of choice and flexibility when making strategic cloud investments that won’t disrupt the mission-critical daily operations of these agencies. […]
Key Pillars to Future-Proofing Your Cloud Management Strategy
The onset of the COVID-19 pandemic led many organizations to further adopt public clouds, and geopolitical conflicts have demonstrated the importance and need for sovereign clouds. Today, many organizations are already embracing or are moving to multi-cloud environments, but this multi-cloud reality does not come without its challenges. As the nature of the cloud evolves, […]
Must Read: New Trends for Digital Transformation in 2023 – Value Stream Management
For many of today’s global enterprises, it’s a struggle to adapt quickly to emerging challenges. With supply chain issues and the impending recession, digital transformation remains a pressing strategic imperative. However, key digital transformation milestones remain out of reach for far too many teams. To make real strides in each of these areas, Value Stream […]
CIO Leadership Live with Lekan Olawoye, Founder and CEO, BPTN & Obsidi
Lekan Olawoye, Founder and CEO, BPTN & Obsidi, talks about the Obsidi platform and building community and networking for Black technology professionals. To learn more about how Obsidi is working with partners to hire incredible Black talent, there’s Obsidi Recruit: https://obsidi.com/obsidi-recruit/ To join Obsidi, the URL is https://obsidi.com/ or the direct login page is: https://app.obsidi.com […]
The Lessons From Cyberwar, Cyber-in-War and Ukraine
The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question the nature of modern warfare and the role of cyber in its operation. The post The Lessons From Cyberwar, Cyber-in-War and Ukraine appeared first on SecurityWeek.
3.3 Million Impacted by Ransomware Attack at California Healthcare Provider
The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group. The post 3.3 Million Impacted by Ransomware Attack at California Healthcare Provider appeared first on SecurityWeek.
City of Oakland Hit by Ransomware Attack
The City of Oakland has disclosed a ransomware attack that impacted several non-emergency systems. The post City of Oakland Hit by Ransomware Attack appeared first on SecurityWeek.
Hackers attack Israel’s Technion University, demand over $1.7 million in ransom
Israel’s Technion University on Sunday suffered a ransomware attack, which has forced the university to proactively block all communication networks. A new group calling itself DarkBit has claimed responsibility for the attack. “The Technion is under cyber attack. The scope and nature of the attack are under investigation,” Technion University, Israel’s top public university in Haifa […]
Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT
Cybersecurity company Group-IB claims it was repeatedly targeted by a Chinese APT called Tonto Team, CactusPete, and Karma Panda. The post Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT appeared first on SecurityWeek.
Play Ransomware Group Claims Attack on A10 Networks
The Play ransomware group has claimed responsibility for a cyberattack on application delivery controller maker A10 Networks The post Play Ransomware Group Claims Attack on A10 Networks appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 40 Deals Announced in January 2023
Forty cybersecurity-related M&A deals were announced in January 2023. The post Cybersecurity M&A Roundup: 40 Deals Announced in January 2023 appeared first on SecurityWeek.
SecurityWeek Cyber Insights 2023 Series
SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present new and expanded risk for cybersecurity teams in 2023 and beyond. The post SecurityWeek Cyber Insights 2023 Series appeared first on SecurityWeek.
What is Six Sigma? Streamlining quality management
What is Six Sigma? Six Sigma is a quality management methodology used to help businesses improve current processes, products, or services by discovering and eliminating defects. The goal is to streamline quality control in manufacturing or business processes so there is little to no variance throughout. Six Sigma was trademarked by Motorola in 1993. The […]
Plan now to avoid a communications failure after a cyberattack
Responses to recent cyber breaches suggest organizations can struggle to get the message right in the midst of an incident. While managing the communications around an incident is outside the direct purview of the CISO, having an existing communications plan in place is an essential element of cyber preparedness. “Communications are a critical component of […]
US Blacklists 6 Chinese Entities Over Balloon Program
The United States on Friday blacklisted six Chinese entities it said were linked to Beijing’s aerospace programs as part of its retaliation over an alleged Chinese spy balloon that traversed U.S. airspace. The economic restrictions followed the Biden administration’s pledge to consider broader efforts to address Chinese surveillance activities and will make it more difficult […]
Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks
It’s common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial wireless IoT devices, increase the attack surface of OT networks and can provide remote attackers […]
Siemens Drives Rise in ICS Vulnerabilities Discovered in 2022: Report
The number of vulnerabilities discovered in industrial control systems (ICS) continues to increase, and many of them have a ‘critical’ or ‘high’ severity rating, according to a new report from industrial cybersecurity firm SynSaber. The report compares the number of ICS and ICS medical advisories published by CISA between 2020 and 2022. While the number […]
NIST Picks Ascon Algorithms to Protect Data on IoT, Small Electronic Devices
The National Institute of Standards and Technology (NIST) has selected a group of cryptographic algorithms called Ascon as the lightweight cryptography standard to protect data flowing through IoT devices. Following a multi-year effort that included security code reviews, NIST announced the Ascon family of algorithms will soon be the standard to protect data created and […]
Episode 3: How one startup is removing friction (and paper) from the healthcare experience
Digital platforms and technologies are transforming healthcare by providing secure, seamless access to disjointed islands of data and siloed technology. The goal is improving the experience for both healthcare providers and their patients, which ultimately leads to better healthcare and, hopefully, better outcomes for patients. And that’s a pretty good KPI. In this episode of […]
Broadcom: 2023 Tech Trends That Transform IT
At Broadcom, we see challenges companies face first-hand, and in turn how technology trends impact the world’s largest companies. We’re sharing the top 5 predictions that you should be planning for in 2023. Stay tuned for future blogs that dive into the technology behind these predictions from Broadcom’s industry-leading experts: AI and automation will play […]
Microsoft OneNote Abuse for Malware Delivery Surges
Organizations worldwide have been warned of an increase in the number of attacks abusing Microsoft OneNote documents for malware delivery. Part of the Office suite, OneNote is typically used within organizations for note taking and task management, among other operations. What makes OneNote documents an attractive target for threat actors includes the fact that they […]
Security Awareness Training Startup Riot Raises $12 Million
Riot Security, a startup focused on security awareness training, has secured $12 million in a Series A funding round led by San Francisco-based VC fund Base10. Riot’s SaaS-based platform provides personalized awareness programs that can be consistently sent to employees in order to foster cybersecurity culture within companies. The programs are run through an interactive […]
Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool
A newly identified threat actor has been targeting military organizations in Pakistan with sophisticated malware, BlackBerry reports. Tracked as NewsPenguin, the adversary has been observed sending phishing emails that use the upcoming Pakistan International Maritime Expo & Conference (PIMEC-2023) as bait and which carry weaponized documents to deliver an advanced espionage tool. Running February 10-12, […]
US, South Korea: Ransomware Attacks Fund North Korea’s Cyber Operations
The United States and South Korea have issued a joint advisory on ransomware attacks on critical infrastructure that are funding North Korea’s malicious cyber activities. North Korean government-backed threat actors have been using ransomware in attacks against critical infrastructure for years, with at least two ransomware families attributed to them, namely Maui and H0lyGh0st. In […]
GoAnywhere MFT Zero-Day Exploitation Linked to Ransomware Attacks
The recent exploitation of a zero-day vulnerability in the GoAnywhere managed file transfer (MFT) software has been linked by a cybersecurity firm to a known cybercrime group that has likely attempted to exploit the flaw in a ransomware attack. On February 1, Fortra alerted GoAnywhere MFT users about a zero-day remote code injection exploit. The […]
Documents, Code, Business Systems Accessed in Reddit Hack
Reddit on Thursday informed users that its systems were hacked as a result of what the company described as a sophisticated and highly targeted phishing attack aimed at employees. According to Reddit, the intrusion was detected on February 5. The hackers gained access to some internal documents, source code, internal dashboards and business systems. Up […]
FINRA CIO Steve Randich pushes the public cloud forward
The CIO of a regulatory agency that reports to the US Securities and Exchange Commission — one of the biggest cloud consumers in the world — has made it his mission to help other CIOs — and Amazon Web Services itself — improve cloud computing. The Financial Industry Regulatory Authority, an operational and IT service […]
What is predictive analytics? Transforming data into future insights
Predictive analytics definition Predictive analytics is a category of data analytics aimed at making predictions about future outcomes based on historical data and analytics techniques such as statistical modeling and machine learning. The science of predictive analytics can generate future insights with a significant degree of precision. With the help of sophisticated predictive analytics tools […]
Top cybersecurity M&A deals for 2023
Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the world’s biggest tech companies as predictions of recession loomed and war in Ukraine dragged on […]
Australian Defense Department to Remove Chinese-Made Cameras
Australia’s Defense Department will remove surveillance cameras made by Chinese Communist Party-linked companies from its buildings, the government said Thursday after the U.S. and Britain made similar moves. The Australian newspaper reported Thursday that at least 913 cameras, intercoms, electronic entry systems and video recorders developed and manufactured by Chinese companies Hikvision and Dahua are […]
Effective File Feed Monitoring Is Essential for Smooth Business Operations
Companies’ core systems, business applications, and hosting environments all depend on the integrity of the file feeds they process — no matter the industry. When enterprises don’t effectively monitor their file feeds, damaged files can go undetected, and serious business consequences can — and do — occur. This was the case for the U.S. Federal […]
Unifying Multi-Cloud Operations to Tackle Complexity and Control Cost
Over the last decade, many organizations have turned to cloud technologies on their journey to become a digital business. The advantages of multi-cloud are well-documented: efficiency, flexibility, speed, agility, and more. Yet without consistent, comprehensive management across all clouds – private, hybrid, public, and even edge – the intended benefits of multi-cloud adoption may backfire. […]
Glendale, Ariz., CIO Feroz Merchhiya on prepping IT for the Super Bowl
Feroz Merchhiya, CIO of the city of Glendale, Ariz., joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss the Super Bowl host city’s IT challenges, “smarter city” tech horizons, innovations in broadband & 5G, and more. Watch this episode: Listen to this episode: […]
VulnCheck Raises $3.2M Seed Round for Threat Intel
VulnCheck, a Massachusetts startup with ambitious plans in the vulnerability intelligence space, has attracted $3.2 million in seed-stage funding from several prominent investors. The early-stage financing round was led by Sorensen Ventures and included equity stakes for In-Q-Tel, Lux Capital, and Aviso Ventures. Based in Lexington, Mass., VulnCheck is building technology that promises exploit intelligence […]
US, UK Slap Sanctions on Trickbot Cybercrime Gang
The US Treasury on Thursday slapped sanctions against seven Russians accused of running the notorious Trickbot cybercrime operation, freezing assets in multiple countries and imposing travel bans. The seven individuals are being blamed for a series of major ransomware attacks targeting organizations in the US and the United Kingdom and the Treasury Department said it […]
VMware ESXi server ransomware evolves, after recovery script released
The FBI and CISA have released a recovery script for the global ESXiArgs ransomware campaign targeting VMware ESXi servers, but the ransomware has since been updated to elude former attempts at remediation.
UK/US cybercrime crackdown sees 7 ransomware criminals sanctioned
A UK/US campaign to tackle international cybercrime has seen Seven Russian cybercriminals linked to a notorious ransomware group exposed and sanctioned. The sanctions were announced today by the UK’s Foreign, Commonwealth and Development Office (FCDO) alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). This follows a lengthy investigation by the […]
HTML smuggling campaigns impersonate well-known brands to deliver malware
Trustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. The firm has detailed four recent HTML smuggling campaigns attempting to lure users into saving and opening malicious payloads, impersonating well-known brands such as Adobe Acrobat, Google […]
US Says Chinese Military Behind Vast Aerial Spy Program
China’s balloon that crossed the United States was equipped to collect intelligence signals and was part of a huge, military-linked aerial spy program that targeted more than 40 countries, the Biden administration said Thursday, outlining the scope and capabilities of the huge balloon that captivated the country’s attention before being shot down. The fleet of […]
Google Describes Privacy, Security Improvements in Android 14
Google this week announced the availability of the first Android 14 developer preview and also shared details on some of the security and privacy improvements the platform update will bring. Expected to arrive on devices sometime in fall, Android 14 brings new features and APIs, as well as behavioral changes that might impact applications. The […]
Vulnerabilities in Popular DMS Products Can Expose Sensitive Documents
Multiple cross-site scripting (XSS) vulnerabilities in popular document management system (DMS) products could allow attackers to access sensitive documents, Rapid7 reports. DMS solutions help users manage the production, storage, and distribution of documents. They may also provide collaboration capabilities and support for managing other types of files. A total of eight XSS vulnerabilities were identified […]
Android’s February 2023 Updates Patch 40 Vulnerabilities
Google this week announced the release of patches for 40 vulnerabilities as part of the February 2023 security updates for the Android operating system. The first part of the update arrives on devices as a 2023-02-01 security patch level and resolves a total of 17 high-severity vulnerabilities impacting components such as Framework, Media Framework, and […]
Cybercrime Gang Uses Screenlogger to Identify High-Value Targets in US, Germany
A recently identified financially motivated threat actor is targeting companies in the United States and Germany with custom malware, including a screenlogger it uses for reconnaissance, Proofpoint reports. Tracked as TA866, the adversary appears to have started the infection campaign in October 2022, with the activity continuing into January 2023. As part of the campaign, […]
Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras
Researchers have discovered a vulnerability that can be exploited by remote hackers to tamper with the timestamp of videos recorded by Dahua security cameras. The flaw, tracked as CVE-2022-30564, was discovered last year by India-based CCTV and IoT cybersecurity company Redinent Innovations. Advisories describing the vulnerability were published on Wednesday by both Dahua and Redinent. […]
Yes, CISOs should be concerned about the types of data spy balloons can intercept
The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit […]
How to unleash the power of an effective security engineering team
Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams are typically made up of software and infrastructure engineers, architects, and product managers. The collective […]
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware
There have been some new developments in the case of the ESXiArgs ransomware attacks, including related to the encryption method used by the malware, victims, and the vulnerability exploited by the hackers. After the US Cybersecurity and Infrastructure Security Agency (CISA) announced the availability of an open source tool designed to help some victims of […]
Coaching IT pros for leadership roles
When you’ve spent your career mastering complex technologies, stepping into a leadership role might not be the first item on your wish list. As a CIO, you’ve already made this transition. But how do you prepare others on your team for this next career step? This is one of the more challenging steps in any […]
Minister: Cybercrimes Now 20% of Spain’s Registered Offenses
Spain’s government on Wednesday pledged stronger action against cybercrime, saying it has come to account for about a fifth of all offenses registered in the country. Interior Minister Fernando Grande-Marlaska said police would be given additional staff, funding and resources to address online crime. He said reported cases of cybercrime were up 72% last year […]
Threat group targets over 1,000 companies with screenshotting and infostealing malware
Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of infected computers. Tracked as TA866 by researchers from security firm Proofpoint, the group’s tooling seems […]
Growing number of endpoint security tools overwhelm users, leaving devices unprotected
Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group. Between the ongoing influence of remote work and IoT, the number and diversity of devices that have to be managed by endpoint […]
Episode 2: How AI can help bridge the employee-employer expectations gap
Microsoft CEO Satya Nadella observed last year that every organization in every industry will need to infuse technology into every business process and function so that they can do more with less. But he wasn’t talking about working harder or longer – he was talking about the need to apply technology to augment and amplify […]
Spies, Hackers, Informants: How China Snoops on the US
An alleged Chinese surveillance balloon over the United States last week sparked a diplomatic furore and renewed fears over how Beijing gathers intelligence on its largest strategic rival. FBI Director Christopher Wray said in 2020 that Chinese spying poses “the greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality”. […]
Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery
Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack […]
Skybox Security Raises $50M, Hires New CEO
Skybox Security, a late-stage California startup in the security analytics space, has closed a $50 million financing round and hired a new chief executive. The San Jose company announced Wednesday that former Digital Guardian CEO Mordecai (Mo) Rosen will take the reins at Skybox and manage the company through a new financing round that brings […]
Surge of swatting attacks targets corporate executives and board members
At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would harm first responders, too. Groveland police chief Jeffrey Gillen summoned […]
Australian Man Sentenced for Scam Related to Optus Hack
Australian authorities this week announced the sentencing of a Sydney man for attempting to blackmail Optus customers using leaked data stolen during a September 2022 data breach at the wireless carrier. The Optus hack resulted in the theft of personal information belonging to 9.8 million customers, including names, birth dates, physical and email addresses, and […]
Chrome 110 Patches 15 Vulnerabilities
Google this week announced that the first stable release of Chrome 110 brings 15 security fixes, including 10 that address vulnerabilities reported by external researchers. Of the externally reported bugs, three are rated ‘high severity’. These include a type confusion flaw in the V8 engine, an inappropriate implementation issue in full screen mode, and an […]
Application Security Protection for the Masses
I’ve always found it entertaining that so many sales pitches are essentially a listing of features for the product or service being sold. The reason I find this entertaining is that for anyone who has worked on the customer side or has ever listened to customers, it is obvious that customers buy solutions, not products. […]
No choice? No problem!
In 2022, the European Commission announced that it is outlawing the use of general-purpose compact fluorescent lamps (CFL). The lamps, which have been in common use for decades, had been shown to emit toxic levels of mercury. The move is a no-brainer — and authorities across other continents have either followed suit or put the […]
EVs: what’s light got to do with it?
Climate change is the pre-eminent issue of our present and our future. And figures suggest that our attempts at staving it off so far are falling well short. If we are to achieve a cleaner, greener future, one of the most significant overhauls will be a shift to electric vehicles (EVs). Unsurprisingly, lining our roads […]
Tor Network Under DDoS Pressure for 7 Months
For the past seven months, the Tor anonymity network has been hit with numerous distributed denial-of-service (DDoS) attacks, its maintainers announced this week. Some of the attacks have been severe enough to prevent users from loading pages or accessing onion services, the Tor Project says. Publicly released in 2003, Tor directs traffic through a global […]
Siemens License Manager Vulnerabilities Allow ICS Hacking
The Siemens Automation License Manager is affected by two serious vulnerabilities that could be chained to hack industrial control systems (ICS), according to industrial cybersecurity firm Otorio. On January 10, Siemens released its first round of Patch Tuesday updates for 2023, addressing a total of 20 vulnerabilities affecting the company’s products. One of the six […]
UN Experts: North Korean Hackers Stole Record Virtual Assets
North Korean hackers working for the government stole record-breaking virtual assets last year estimated to be worth between $630 million and more than $1 billion, U.N. experts said in a new report. The panel of experts said in the wide-ranging report seen Tuesday by The Associated Press that the hackers used increasingly sophisticated techniques to gain access to digital networks involved […]
Russian Admits in US Court to Laundering Money for Ryuk Ransomware Gang
Denis Mihaqlovic Dubnikov, of Russia, has admitted in a United States court to laundering cryptocurrency for the Ryuk ransomware gang. Ryuk is a file-encrypting ransomware that emerged in 2018 and which was operated by the same cybercriminals as the Trickbot botnet. In early 2021, security researchers estimated the Ryuk operation to be worth over $150 […]
A Deep Dive Into the Growing GootLoader Threat
GootLoader was born from GootKit, a banking trojan that first appeared around 2014. In recent years GootKit has evolved into a sophisticated and evasive loader — and it was given a new name to reflect its new purpose in 2021. The same group is responsible for both versions of the malware, and is monitored by […]
CISA Releases Open Source Recovery Tool for ESXiArgs Ransomware
The US Cybersecurity and Infrastructure Security Agency (CISA) has released an open source tool that could help some victims of the recent ESXiArgs ransomware attacks recover their files. The ESXiArgs ransomware attacks, first observed on February 3, involve exploitation of CVE-2021-21974, a high-severity ESXi remote code execution vulnerability that VMware patched in February 2021. Hackers […]
Software project management challenges — and how to handle them
The need for efficient software development has taken on greater importance as enterprises introduce more and more digital services and add automation capabilities to enhance business processes. Managing software projects might not be at the top of CIOs’ priority lists, but it is something that IT leaders will have to master. There are plenty of […]
How MaRS Discovery District’s André Allen helps nurture a hub of talent
Toronto’s MaRS Discovery District is a renowned urban innovation hub supporting ventures and startups tackling key challenges in the health, cleantech, fintech and enterprise sectors. And André Allen, MaRS’ VP of IT, chief privacy officer and CISO, is at the center of its growth, ambition, and success. “I’ve been with MaRS for just over a […]
CIOs Discuss how to Enhance the Digital Experience Across the Business
Both customer and employee experience have seen an accelerated transformation with the introduction of cloud technologies, were significantly affected by the pandemic, and now see a remarkable shift in terms of new approaches in leadership. In customer experience, the introduction of cloud-based solutions has accelerated automation and enhanced client success prediction accuracy. As a result, […]
Patient Information Compromised in Data Breach at San Diego Healthcare Provider
San Diego healthcare services provider Sharp HealthCare is informing patients that some of their information was compromised in a recent data breach. A not-for-profit healthcare provider, Sharp operates multiple hospitals and facilities in San Diego County, has 19,000 employees and works with roughly 2,700 affiliated physicians. The incident took place on January 12, when an […]
CIO Leadership Live with Marc Hale, Chief Technology Officer, AIA NZ
Marc Hale, Chief Technology Officer, AIA NZ, on enabling healthier outcomes for customers and his approach to his own career transformation. Watch the episode: Listen to the episode: CIO Leadership Live
Germany Appoints Central Bank IT Chief to Head Cybersecurity
The German government announced the appointment Tuesday of the European Central Bank’s head of IT systems to lead the national cybersecurity agency, months after her predecessor was removed following reports of possible problematic ties to Russia. Interior Minister Nancy Faeser said Claudia Plattner “brings the experience and expertise with her that we need for cybersecurity […]
How to ensure security in a cloud migration
For as long as organizations have been interested in moving resources to the cloud, they’ve been concerned about security. That interest is only getting stronger as cloud usage grows – making it a perfect topic for the latest #CIOTechTalk Twitter chat. The chat brought together a host of security consultants and practitioners who weren’t shy about […]
OpenSSL Ships Patch for High-Severity Flaws
The OpenSSL Project on Tuesday shipped a major security update to cover at least eight documented security flaws that expose OpenSSL users to malicious hacker attacks. The most serious of the bugs, a type confusion issue tracked as CVE-2023-0286, may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read […]
Customer service, especially field service, helps companies outperform competitors and drive growth
In economic uncertainty, it’s natural for executives to explore where to reduce spending, trim the fat, so to speak, and cut enterprising investments as a matter of caution. But this thinking is also counter-productive for all the reasons that make uncertainty so predictable. We can expect that every company is going to react this way […]
Fresh start: Time to reset passwords and rethink your password management strategy
Most people have probably broken their new year’s resolutions by now, but here’s one I plan to stick with: resetting my passwords and rethinking the strategy behind password management solutions. Here’s why. If you work in information security, you already know how severe the LastPass breach of security, announced in late December 2022, was. By […]
How the UK tech industry is failing Black women
Black women in technology are burnt out and impatient with an IT industry slow to change. More than a dozen Black women working in technology roles, across a wide range of industries and at varying levels of seniority, spoke to CIO.com on the back of a British Computer Society (BCS) and Coding Black Females (CBF) […]
CIO Leadership Live with George Eapen, Group Chief Information Officer at Petrofac
Why a CISO can become a CIO: Before working for Petrofac, George Eapen spent 12 years with General Electric where he had multiple IT leadership roles. At Petrofac, Eapen was appointed CISO in 2018 and was promoted to CIO in 2020. Watch the episode: Listen to the episode: CIO Leadership Live
Mario Foster to become Al Ghurair Group group CIO
Mario Foster is an experienced CIO who has been in the industry and the region for over 15 years. Before joining Al Ghurair Group, he worked for Saeed & Mohammed Al Naboodah Group based in Dubai for almost eight years leading the digital charter of the organization by exploring the business potential of new technologies […]
Software Supply Chain Security Firm Lineaje Raises $7 Million
Software supply chain security startup Lineaje today announced that it has raised $7 million in a seed funding round led by Tenable Ventures. Dreamit Ventures and Veear Capital also participated in the investment round, along with various angel investors. Founded in 2021, the Saratoga, California-based company helps organizations secure their software supply chain, regardless of […]
ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
Industrial control systems (ICS) cybersecurity company Opscura announced its launch on Tuesday with $9.4 million in Series A funding. Opscura is a new brand and the company has a new global management team, but it’s not new in the ICS cybersecurity sector. The company was founded in Spain as Enigmedia and it has been around […]
Vulnerability Provided Access to Toyota Supplier Management Network
A severe vulnerability in the web portal of Toyota’s global supplier management network allowed a security researcher to gain access to sensitive information. The issue was identified by US-based researcher Eaton Zveare in Toyota’s Global Supplier Preparation Information Management System (GSPIMS), a web portal that provides Toyota employees and suppliers with access to ongoing projects, […]
Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
A patch has been released for the GoAnywhere managed file transfer (MFT) software zero-day vulnerability whose existence came to light recently. News of active exploitation emerged roughly a week ago, but details about the attacks are still not available. Fortra, known until recently as HelpSystems, alerted GoAnywhere MFT users on February 1 about a ‘zero-day […]
What CISOs need to know about the renewal of FISA Section 702
In our hyperconnected world, multinational organizations operate within and across multiple nation-states. Those who do business within the United States will want to keep their eye on the status of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which sets out procedures for physical and electronic surveillance and collection of foreign intelligence. Section 702 […]
Linux Variant of Cl0p Ransomware Emerges
A Cl0p ransomware variant targeting Linux systems emerged recently, but a flaw in the encryption algorithm has already allowed for the creation of a free decryptor for it. Cl0p has been one of the most active ransomware families over the past several years, targeting numerous private and public organizations globally, in sectors such as aerospace, […]
VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
VMware has urged customers to take action as unpatched ESXi servers continue to be targeted in ESXiArgs ransomware attacks. Hackers are exploiting CVE-2021-21974, a high-severity ESXi remote code execution vulnerability related to OpenSLP that VMware patched in February 2021. Following successful exploitation, unidentified threat actors have deployed file-encrypting ransomware that targets virtual machines. Technical details […]
8 steps to turning around a toxic IT culture
Despite greater emphasis on empathy and inclusivity, toxic behavior is still an issue for many IT organizations. And when toxicity takes root, friendliness, kindness, and basic civility quickly fall by the wayside, replaced by selfishness, harassment, and even outright emotional and physical abuse. Identifying and neutralizing an emerging toxic IT culture before it can begin […]
Redefining the Role of IT in a Modern BI World
IntroductionSince its inception decades ago, the primary objective of business intelligence has been the creation of a top-down single source of truth from which organizations would centrally track KPIs and performance metrics with static reports and dashboards. This stemmed from the proliferation of data in spreadsheets and reporting silos throughout organizations, often yielding different and […]
MKS Instruments falls victim to ransomware attack
Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission. MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards. An email sent […]
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition
Cybersecurity insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022. The predictions are a part of the company’s Cyber Threat Index, which was compiled using data gathered by the company’s active risk management and reduction technology, combining data from underwriting […]
Massive ransomware attack targets VMware ESXi servers worldwide
A global ransomware attack has hit thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world. The Computer Emergency Response Team of France (CERT-FR) was the first to notice and send an alert about the attack. “On February […]
Comcast Wants a Slice of the Enterprise Cybersecurity Business
Telco and media conglomerate Comcast has jumped headfirst into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace. The Philadelphia technology giant has created a new cybersecurity business unit led by former Zscaler executive Nicole Bucala to develop and sell what Comcast is describing as […]
Are SMBs invited to the business intelligence (BI) party?
Executive leaders of small businesses and startups frequently lament that they lack the same access to data and insights that enterprise competitors and other more entrenched players enjoy. Most SMBs haven’t fully adopted business intelligence (BI) analytics, citing various reasons such as a lack of scalable technology infrastructure or skilled human capital. They’re also hesitant […]
Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
A critical vulnerability affecting wireless communication base stations from Baicells Technologies can be exploited to cause disruption in telecom networks or take complete control of data and voice traffic, according to a researcher. Baicells Technologies is a US-based telecommunications equipment provider for 4G and 5G networks. The company says more than 100,000 of its base […]
New York Attorney General Fines Vendor for Illegally Promoting Spyware
The New York Office of the Attorney General has announced punitive measures against Patrick Hinchy and 16 of the companies he owns, for illegally promoting spyware. Since 2011, Hinchy has owned and operated numerous companies, including the 16 investigated by the New York OAG, for selling and promoting spyware targeting Android and iOS devices, including […]
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition
Cyber insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022. The predictions are a part of the company’s Cyber Threat Index, which was compiled using data gathered by the company’s active risk management and reduction technology, combining data from underwriting […]
Attacks targeting employees are the main cause of avoidable breaches
As many CIOs know, cyber security incidents are one of an organisation’s most significant threats. Unfortunately, these incidents have become increasingly costly and complex as technology advances rapidly. A UK study has revealed that employee-targeted attacks are the leading cause of avoidable cybersecurity incidents. The report by Tanium delves deep into the modern security landscape, […]
OPSWAT mobile hardware offers infrastructure security for the air gap
Infrastructure protection vendor OPSWAT has announced the availability of its new MetaDefender Kiosk K2100 hardware, designed to provide a mobile option for users who want the company’s media-scanning capabilities to work in the field. OPSWAT’s MetaDefender line of kiosks is designed to address a potential security weakness for critical infrastructure defended by air gaps. In […]
Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group
Microsoft’s Digital Threat Analysis Center (DTAC) has attributed a recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor. Microsoft dubbed the threat group, which calls itself Holy Souls, NEPTUNIUM. It has also been identified as Emennet Pasargad by the US Department of Justice. In January, the group claimed to […]
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021 An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of 455 deals, compared to 435 in 2021. The US and UK continue to […]
20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
PeopleConnect-owned background check services Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users. In individual data breach notices published on February 3, the organizations informed users that the incident was discovered after cybercriminals started sharing databases stolen from the two companies on underground forums. The databases – […]
Albemarle supercharges employee experience with federated automation
One of the first things Patrick Thompson (pictured) did on becoming chief information and digital transformation officer of specialty chemicals manufacturer Albemarle in 2017 was to introduce an annual survey to gauge employee attitudes toward services IT staff provides. Now he has a self-service bot delivering some of those services through Microsoft Teams, and providing real-time […]
Cyber Insights 2023 | The Coming of Web3
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023 | Zero Trust and Identity and Access Management
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
European Police Arrest 42 After Cracking Covert App
European police arrested 42 suspects and seized guns, drugs and millions in cash, after cracking another encrypted online messaging service used by criminals, Dutch law enforcement said Friday. Police launched raids on 79 premises in Belgium, Germany and the Netherlands following an investigation that started back in September 2020 and led to the shutting down […]
Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
Tallahassee Memorial HealthCare (TMH) has canceled procedures and is diverting some patients following a cyberattack that forced it to take some IT systems offline. Founded in 1948, the not-for-profit community healthcare system provides acute and other types of healthcare services to a 21-county area in North Florida, South Georgia and South Alabama. On February 3, […]
Will your incident response team fight or freeze when a cyberattack hits?
If there’s an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there’s still a chance they might freeze up when the pressure is on, says Bec […]
Insurance IT leaders herald new era for digital customer experience
The insurance industry is undergoing a sea change, with IT playing a crucial role in rolling out digital customer experiences for policyholders and agents, as in-person meetings all but vanish in the post-pandemic era. This pivot to digital customer experiences has become a new insurance industry imperative, as John Aflac, Liberty Mutual, MassMutual, MetLife, and […]
Many VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
Unpatched and unprotected VMware ESXi servers around the world have been targeted over the past few days in a large-scale ransomware attack exploiting a vulnerability patched in 2021. The attacks, dubbed ESXiArgs, are still being analyzed by the cybersecurity community, but based on the information available to date, it appears that threat actors are exploiting […]
Why IT professionalism matters to BCS CEO Rashik Parmar
Rashik Parmar MBE, the chief executive of BCS, The Chartered Institute for IT, discusses a 40-year career in IT, his new role as CEO of the UK’s leading accreditation body, the BCS mission to drive IT professionalism and tech for good, and how the industry can finally move the dial on diversity, equity and inclusion. […]
Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. It is not new. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores – giving them greater apparent validity to targets. The scam is a version […]
US Downs Chinese Balloon Off Carolina Coast
President Joe Biden said on Saturday that he ordered U.S. officials to shoot down the suspected Chinese spy balloon earlier this week and that national security leaders decided the best time for the operation was when the it got over water. “They successfully took it down and I want to complement our aviators who did […]
Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
After the French satirical magazine Charlie Hebdo launched a cartoon contest to mock Iran’s ruling cleric, a state-backed Iranian cyber unit struck back with a hack-and-leak campaign that was designed to provoke fear with the claimed pilfering of a big subscriber database, Microsoft security researchers say. The FBI blames the same Iranian cyber operators, Emennet […]
Feds Say Cyberattack Caused Suicide Helpline’s Outage
A cyberattack caused a nearly daylong outage of the nation’s new 988 mental health helpline late last year, federal officials told The Associated Press Friday. Lawmakers are now calling for the federal agency that oversees the program to prevent future attacks. “On December 1, the voice calling functionality of the 988 Lifeline was rendered unavailable […]
Critical vulnerability patched in Jira Service Management Server and Data Center
A critical vulnerability was fixed this week in Jira Service Management Server, a popular IT services management platform for enterprises, that could allow attackers to impersonate users and gain access to access tokens. If the system is configured to allow public sign-up, external customers can be affected as well. The bug was introduced in Jira […]
How New Data Tools Can Expand Expertise at the Enterprise
The increasing amounts of data generated by today’s modern enterprise continues to challenge organizations as they look to extract valuable insights from that data. The inability to leverage all kinds of data and the amount of expertise required from data scientists to prep data put a strain on many enterprises. IT groups need a new […]
Google Cloud growth slows as Alphabet net income plunges
Even though Google Cloud revenue growth showed signs of slowing, it nevertheless provided something of a bright spot as parent company Alphabet — hit hard by the tightening of customer budgets — posted a year-over-year decline in net income for its 2022 fourth quarter. Fourth-quarter gross revenue for Alphabet was $76.05 billion, up just 1% […]
Big China Spy Balloon Moving East Over US, Pentagon Says
The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China’s claims that it was not being used for surveillance. Brig. Gen. Pat Ryder, Pentagon press secretary, refused to provide details on exactly where the balloon was or whether […]
How Data Governance Enables Analytics and Drives Business Growth
When it comes to data, the first question isn’t whether you can measure something, it’s whether you should. What you can or should measure impacts what you can do as a business, potentially affecting your business model. Along with respecting regulatory compliance requirements and the privacy rights of individuals, it’s necessary to consider the business […]
AWS growth slows further by persistent macroeconomic uncertainty
Revenue growth at Amazon’s cloud computing division, Amazon Web Services, continued to slow in the fourth quarter as enterprises advanced their cost-cutting measures, brought on by uncertain macroeconomic environment. Despite a 20% year-on-year increase in revenue, reaching $21.4 billion in Q4 2022, this growth rate is slower compared to the 27.5% and 33% growth seen […]
Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort the company, the Department of Justice announced. Sharp, 37, of Portland, Oregon, worked at the New York City-based IoT device maker between August 2018 and April 2021, as a senior developer who had access […]
Cyber Insights 2023: Venture Capital
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Atlassian Warns of Critical Jira Service Management Vulnerability
Atlassian this week warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow attackers to impersonate Jira users. Tracked as CVE-2023-22501 (CVSS score of 9.4), the flaw impacts Jira Service Management Server and Data Center versions 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0. “An authentication vulnerability was discovered […]
High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
VMware has informed users about the availability of patches for a Workstation vulnerability that could be exploited by malicious hackers for privilege escalation. The flaw, tracked as CVE-2023-20854 and rated ‘high severity’, has been described by VMware as an arbitrary file deletion vulnerability affecting version 17.x on Windows. “A malicious actor with local user privileges […]
Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
Exploitation attempts targeting a critical-severity Oracle E-Business Suite vulnerability have been observed shortly after proof-of-concept (PoC) code was published. One of the major Oracle product lines, the E-Business Suite is a set of enterprise applications that help organizations automate processes such as supply chain management (SCM), enterprise resource planning (ERP), and customer relationship management (CRM). […]
China Says It’s Looking Into Report of Spy Balloon Over US
China said Friday it is looking into reports that a Chinese spy balloon has been flying in U.S. airspace and urged calm, adding that it has “no intention of violating the territory and airspace of any sovereign country.” Foreign Ministry spokesperson Mao Ning also said she had no information about whether a trip to China […]
GoAnywhere MFT Users Warned of Zero-Day Exploit
Users of the GoAnywhere secure managed file transfer (MFT) software have been warned about a zero-day exploit that malicious actors can target directly from the internet. The GoAnywhere MFT is made by Fortra, known until recently as HelpSystems, and it’s designed to enable organizations to automate and secure the exchange of data with their trading […]
Top 24 RPA tools available today
Even the modern workplace can be boring and repetitive. Enter robotic process automation (RPA): a smart set of tools that deploys AI and low-code options to simplify workflows and save everyone time while also adding safeguards that can prevent costly mistakes. What is RPA? Robotic process automation (RPA) is an application of technology, governed by […]
The Royal Mint’s diversification means all change for IT and security
It’s a new era for The Royal Mint, Britain’s oldest recognised company and the official maker of UK coins. Six months have passed since the death of Queen Elizabeth II, but that’s not all that’s changed at an institution established back in 886 AD. More recently, The Royal Mint has evolved its business model in […]
Remote code execution exploit chain available for VMware vRealize Log Insight
VMware published patches last week for four vulnerabilities in its vRealize Log Insight product that, if combined, could allow attackers to take over the log collection and analytics platform. This week, a proof-of-concept exploit chain has been released by security researchers, along with detailed explanations for each vulnerability, meaning in-the-wild attacks could soon follow. “Gaining […]
Networking tips for IT leaders: A guide to building connections
Networking isn’t just for holiday parties. It’s something you should do all year long and, if approached correctly, it works no matter where you are on the career ladder. The two cardinal rules of networking, according to CIOs and career coaches, are to schedule time to do it for at least an hour every month, […]
Manufacturing CIOs see bright future for the industry, thanks to IT
The manufacturing industry is undergoing a renaissance, thanks in part to advances in information technology. Two IT leaders who have been on the forefront of that are Kim Mackenroth and Chris Nardecchia. Kim Mackenroth is vice president and global CIO of Textron, a Fortune 302 multi-industry company with around 33,000 employees worldwide. Her global IT […]
Practical advice to optimize savings with cloud migrations
As organizations of all stripes continue their migration to the cloud, they are coming face to face with sometimes perplexing cost issues, forcing them to think hard about how best to optimize workloads, what to migrate, and who exactly is responsible for what. It’s an issue that’s coming to the fore with the steady migration […]
Google Shells Out $600,000 for OSS-Fuzz Project Integrations
Google this week announced an extension to its OSS-Fuzz rewards program, an initiative meant to reward contributors for integrating projects into OSS-Fuzz. Launched in 2016, OSS-Fuzz is meant to help identify vulnerabilities in open source software through continuous fuzzing, with a declared goal of making common software infrastructure more secure. Six months after the launch, […]
What’s Next for the Future of Work?
Under new iterations of remote and hybrid work, the solution for some companies may involve monitoring employees electronically. For CIOs asked to implement such tools, it’s critical to understand the legal and ethical aspects of new technologies. “No one’s saying you can’t do it. You need to have a really good justification for doing it,” […]
NTT, Palo Alto partner for managed SASE with AIOps
Using a managed services provider to deliver SASE can streamline deployment and free up enterprise resources.
Foreign states already using ChatGPT maliciously, UK IT leaders believe
Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That’s according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of respondents see ChatGPT as generally being used for “good” purposes, 72% are concerned by its […]
CIO Leadership Live with Bill Moses, Chief Digital Officer at Te Kawa Mataaho/Public Service Commission
Bill Moses, Chief Digital Officer at Te Kawa Mataaho/Public Service Commission, on the organisation’s ‘spirit of service’, keeping up to date on emerging trends, why digital leaders don’t need to come from technology backgrounds, and the growth in ‘wiggly line’ career paths. Watch the episode: Listen to the episode: CIO Leadership Live
F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution
F5 warns of a high-severity format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service (DoS) condition and potentially execute arbitrary code. Tracked as CVE-2023-22374, the security defect impacts iControl SOAP, an open API that enables communication between systems, which runs as root. The SOAP interface is accessible from the […]
Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
Cisco on Wednesday announced patches for a high-severity command injection vulnerability in the IOx application hosting environment that could allow malicious code to persist across reboots. Tracked as CVE-2023-20076, the security defect exists because parameters that are passed for the activation of an application are not completely sanitized. “An attacker could exploit this vulnerability by […]
UK Car Retailer Arnold Clark Hit by Ransomware
UK-based car retailer Arnold Clark is informing customers that their personal information may have been stolen as a result of a cyberattack. A ransomware group has taken credit for the attack, claiming to have obtained gigabytes of sensitive information. Arnold Clark has more than 200 dealerships in England and Scotland, selling vehicles from over 25 […]
Dealing with the Carcinization of Security
Recently, a friend brought up the term “carcinization” and I must admit, I had to look it up! Turns out the term was coined more than 100 years ago to describe the phenomenon of crustaceans evolving into crab-shaped forms. Today, there are even memes for it. So, what does this example of convergent evolution have […]
HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
A sophisticated piece of malware named HeadCrab has ensnared at least 1,200 Redis servers worldwide, Aqua Security reports. Designed to run on secure networks, Redis servers do not have authentication enabled and are prone to unauthorized access if exposed to the internet. Redis servers can be set up in clusters, which allows for data to […]
Cyber Insights 2023: Regulations
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023 | Supply Chain Security
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: Quantum Computing and the Coming Cryptopocalypse
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: Ransomware
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns. At the same time, […]
EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
Researchers warn that many electric vehicle (EV) charging management systems are affected by vulnerabilities that could allow hackers to cause disruption, steal energy, or obtain driver information. The vulnerabilities were discovered by researchers working for SaiFlow, an Israel-based company that specializes in protecting EV charging infrastructure and distributed energy resources. The security holes are related […]
CIO Leadership Live with Andre Allen, VP Technology and CISO, MaRS Incubator
André Allen, Vice President Information Technology at MaRS Discovery District, Chief Privacy Officer & Chief Information Security Officer discusses building innovation and how inclusion is a major part of building teams and sustaining businesses. Watch this episode: Listen to this episode: CIO, CIO Leadership Live
The Connection between EX and CX
It is no longer a point of discussion that any organisation’s success depends on its relationships with its customers and employees. Especially as economies mature towards becoming a service industry, a relentless focus on and alignment between customer experience (CX) and employee experience (EX) is critical to an organisation’s success. Companies that spend time ensuring […]
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs
A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, led by OX Security, evaluates software supply chain security threats, covering a wide range of attack vectors […]
5 Reasons Data Security Works Best with Open Standards
Open standards are a critical consideration when evaluating data security platforms. Why should you care? A data security platform is an enterprise solution that will likely span your entire data ecosystem, touching and requiring integration with many different systems, unlike standalone or point solutions. When dealing with enterprise systems, standards matter. What critical component of […]
3 Ways to Discover Your Authentic Leadership Style
By Chet Kapoor, Chairman and CEO, DataStax Everyone has a point of view on leadership. There are tons of books, articles, and case studies with frameworks for becoming a great leader. These resources can absolutely help you find inspiration and hone your perspective, but here is the truth: There is no perfect model. After 20+ […]
Malicious NPM, PyPI Packages Stealing User Information
Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors are increasingly relying on software supply chain attacks to infect both developers and users with malware. According to […]
VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
The urgency to patch a trio of dangerous security flaws in a VMware virtual appliance product escalated this week after exploit code was published on the internet. VMware confirmed the publication of exploit code in an update to its VMSA-2023-0001 bulletin and called on customers using its VMware vRealize Log Insight product to implement mitigations […]
98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
The digital supply chain is probably more extensive and more complicated than you realize. Upward of 98% of organizations have a relationship with at least one third party that has experienced a breach in the last two years – and these figures are almost certainly no exaggeration. The figures come from a report by SecurityScorecard. […]
Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
Dutch cyber authorities said Wednesday that several hospital websites in the Netherlands and Europe were likely targeted by a pro-Kremlin hacking group because of their countries’ support for Ukraine. The UMCG hospital in the northern Dutch city of Groningen, one of the largest in the country, saw its website crash in a cyberattack on Saturday. […]
Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
Israeli venture group Team8 has bankrolled an $11 million seed-stage investment in Gem Security, a startup with ambitious plans in the cloud threat detection and incident response space. Gem Security, based in Tel Aviv, emerged from stealth Wednesday with technology that promises to give corporate security teams a practical way to manage threat detection, investigation […]
Misconfiguration and vulnerabilities biggest risks in cloud security: Report
The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed that least privilege access rights, an underpinning of zero trust architecture, are not properly enforced. Almost 90% […]
Silver Spring Pathfinder’s Secret to Innovation: Avaya Experience Platform
The government of Singapore recognizes that Persons with Disabilities (PWDs) have historically suffered from substantially reduced prospects of securing and retaining employment and is actively encouraging employers to look for ways to utilize this very capable but often overlooked group. Silver Spring Pathfinder (SSP) is championing change on this front, seeing the strengths and skills that PWDs […]
Ransomware Leads to Nantucket Public Schools Shutdown
For the second day in a row, public schools on the tiny island of Nantucket remained closed Wednesday as administrators scrambled to cope with a ransomware attack on its computer systems. According to published reports, Nantucket’s five public schools shut its doors to students and teachers after a data encryption and extortion attack prompted staff […]
Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
As we reflect on 2022, we’ve seen that malicious actors are constantly coming up with new ways to weaponize technologies at scale to cause more disruption and devastation. The dangers are showing up everywhere – and more frequently. The volume and variety of threats, including Ransomware-as-a-Service (RaaS) and novel attacks on previously less conventional targets, […]
Boxx Insurance Raises $14.4 Million in Series B Funding
Cyberinsurance and protection firm Boxx Insurance has raised $14.4 million in a Series B funding round that brings the total investment in the company to $24.5 million. Led by Zurich Insurance, the new funding round comes hot on the heels of Boxx acquiring cyber threat intelligence platform Templarbit in November 2022, only two months after […]
Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data
The point-of-sale (PoS) malware named Prilex has been modified to block contactless transactions in an effort to force users to insert their credit cards into terminals and steal their information. Initially detailed in 2017, Prilex has evolved from targeting ATMs into an advanced PoS malware that can perform a broad range of nefarious activities leading […]
30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability
Attack surface management firm Censys has identified roughly 30,000 internet-exposed QNAP network-attached storage (NAS) appliances that are likely affected by a recently disclosed critical-severity code injection vulnerability. Tracked as CVE-2022-27596 (CVSS score of 9.8), the security defect is described as an SQL injection bug that allows remote attackers to inject malicious code into vulnerable NAS […]
Cyber Insights 2023: Criminal Gangs
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: The Geopolitical Effect
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: ICS and Operational Technology
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
A researcher has discovered two potentially serious vulnerabilities affecting Econolite traffic controllers. Exploitation of the security flaws can have serious real-world impact, but they remain unpatched. Cyber offensive researcher Rustam Amin informed the US Cybersecurity and Infrastructure Security Agency (CISA) that he had identified critical and high-severity vulnerabilities in Econolite EOS, a traffic controller software […]
US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy
The US Department of Justice (DOJ) has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act (FCPA) in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney General Kenneth A. Polite, Jr., shared the 2022 success of the Criminal Division of the DOJ […]
Why you might not be done with your January Microsoft security patches
The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the patches and updates you need to evaluate if you haven’t already done so. […]
Digital transformation – from mainframes to the ‘deeply digital’ organisation
The next generation of successful organisations will be the ones that embrace the potential of digital transformation, or so it has been said with increasing frequency in the last decade. But is the term as useful in understanding the future of organisations as its advocates claim? While some see digital transformation as a trend that […]
Google Fi Data Breach Reportedly Led to SIM Swapping
The Google Fi telecommunications service has informed customers about a data breach that appears to be related to the recently disclosed T-Mobile cyberattack. Google Fi, which provides wireless phone and internet services, has told customers that the breach is related to its primary network provider, without naming it. However, T-Mobile is Google Fi’s primary network […]
Dynamic talent sourcing gains traction for filling skills needs
Michael Edmunds needed top-notch consulting expertise, and he needed it fast. But getting strategy guidance for his startup from one of the big consultancies would be prohibitively expensive and time-consuming. Edmunds is senior vice president for global operations and quality at Witricity, which is developing magnetic resonance electrical charging technology for automobiles, industrial vehicles, and […]
Sentra Raises $30 Million for DSPM Technology
Sentra, a cloud data security company with roots in New York and Tel Aviv, has raised a $30 million funding round as investors continue to place big bets on the DSPM (data security posture management) category. The $30 million Series A comes just 18 months after Sentra’s launch with backing from Bessemer Venture Partners and […]
IoT, connected devices biggest contributors to expanding application attack surface
The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations’ expanding attack surfaces. That’s according to a new report from Cisco AppDynamics, which revealed that 89% of global IT professionals believe their organization has experienced an expansion in its attack surface over the last two years. The […]
Guardz debuts with cybersecurity-as-a-service for small businesses
Guardz, a Tel Aviv-based startup promising a broad range of out-of-the-box cybersecurity solutions for small and medium-size businesses (SMBs), has announced both a successful $10 million round of seed funding and the broad availability of its flagship product. The premise of the company’s main offering is tight API integration with Microsoft 365 and Google Workspace. […]
Privacera connects to Dremio’s data lakehouse to aid data governance
The integration of open-source based Privacera into Dremio’s data lakehouse is designed to allow joint customer enterprises to manage and organize secure data access.
Trulioo launches end-to-end identity platform
Identity verification firm Trulioo on Tuesday launched a new global identity platform for “person” and “business” verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from person and business verification, to no-code workflow building, low-code integrations, and anti-fraud measures. The new platform combines all these solutions […]
Is ITOM Still Relevant for Multi-cloud Environments?
IT Operations management (ITOM) – a framework that gives IT teams the tools to centrally monitor and manage applications and infrastructure across multi-premise environments – has been the foundation of enterprise IT infrastructure and applications for the last 30 years. It has been the backbone that ensures technology stacks are operating optimally to provide timely […]
Enterprise architecture modernizes for the digital era
With digital operating models altering business processes and the IT landscape, enterprise architecture (EA) — a rigid stalwart of IT — has shown signs of evolving as well. One key indicator of this evolution is the increasing interest in enterprise architecture management (EAM) tools, which transformational enterprise architects and CIOs are turning to in order […]
Cyber Insights 2023: Attack Surface Management
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: Cyberinsurance
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Cyber Insights 2023: Artificial Intelligence
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Making Remarkable Energy Grids a Reality
Many industries already benefit from the transformative power of advanced digitalization. Telecommunications, manufacturing, retail, publishing, and others have seen amazing changes in terms of new opportunities, capabilities, and efficiencies. While the energy sector has long embraced IT, it’s on the verge of a digital makeover. The dilemma of constantly growing energy demand and the need […]
Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
Microsoft and cybersecurity firm Proofpoint on Tuesday warned organizations that use cloud services about a recent campaign that involved malicious OAuth applications and abuse of Microsoft’s ‘verified publisher’ status. The campaign mainly targeted Microsoft customers in Ireland and the UK. The tech giant has taken steps to disrupt the operation and it has published an […]
Guardz Emerges From Stealth Mode With $10 Million in Funding
Guardz today emerged from stealth mode with $10 million raised in a seed funding round led by Hanaco Ventures, with additional investment from iAngels, Cyverse Capital, and GKFF Ventures. Founded in May 2022, the Tel Aviv, Israel-based startup has developed a platform designed to protect small and growing businesses from cyberattacks, and it also helps […]
How the Atomized Network Changed Enterprise Protection
Cyberattacks rose at a rate of 42% in the first half of 2022 and the average cost of a data breach has hit a record high of $4.35 million with costs in the U.S. peaking at $9.44 million. Unfortunately, this shouldn’t come as a surprise. Enterprise networks have changed dramatically, particularly over the last few […]
Critical QNAP Vulnerability Leads to Code Injection
QNAP Systems this week issued a warning on a critical vulnerability that could allow attackers to inject malicious code on network-attached storage (NAS) devices. The Taiwan-based manufacturer is known for its NAS appliances and professional network video recorder (NVR) solutions, but also produces various types of networking equipment. Tracked as CVE-2022-27596 (CVSS score of 9.8), […]
Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges
Researchers from cybersecurity firm Proofpoint claim to have discovered a new threat campaign involving malicious third-party OAuth apps that are used to infiltrate organizations’ cloud environments. According to a blog on the company’s website, threat actors satisfied Microsoft’s requirements for third-party OAuth apps by abusing the Microsoft “verified publisher” status, employing brand abuse, app impersonation […]
OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings
Chainguard on Tuesday published a draft OpenVEX specification to help software vendors and maintainers communicate precise metadata about the vulnerability status of products directly to end users. The Chainguard specification is an implementation of the NTIA’s VEX (Vulnerability Exploitability eXchange) concept that aims to provide additional information on whether a product is impacted by a […]
Saviynt Raises $205M; Founder Rejoins as CEO
Identity and access governance vendor Saviynt on Tuesday announced the closing of a $205 million financing round and the return of its founder Sachin Nayyar as chief executive. The latest funding brings the total raised by the California company to $375 million and provides a growth-mode runway for Saviynt to establish a foothold in a […]
GitHub Revokes Code Signing Certificates Following Cyberattack
Code hosting platform GitHub on Monday announced the revocation of three digital certificates used for the GitHub Desktop and Atom applications. The three certificates were stolen on December 6, 2022, after an unauthorized third-party used a compromised Personal Access Token (PAT) for a machine account to clone repositories from Atom, GitHub Desktop, and other deprecated […]
New UN cybercrime convention has a long way to go in a tight timeframe
Cybercrime is a growing scourge that transcends borders, spreading across the boundaries of virtually all the world’s nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the political welfare of all countries. Now, the United Nations has a major initiative to develop a […]
Discover’s unique IT training platform builds skills and community
With talent markets tight as ever, upskilling is increasingly becoming an IT imperative, and Discover Financial Services is among those companies sharpening staff capabilities by investing in their IT training strategies. The company, which has a culture of “empowering [employees] to work better together in modern ways,” says Angel Diaz, vice president of technology capabilities […]
Russian Millionaire on Trial in Hack, Insider Trade Scheme
A wealthy Russian businessman and associates made tens of millions of dollars by cheating the stock market in an elaborate scheme that involved hacking into U.S. computer networks to steal insider information about companies such as Microsoft and Tesla, a prosecutor told jurors on Monday. Vladislav Klyushin, the owner a Moscow-based information technology company with […]
C&S modernizes with wholesale shift to the cloud
Some CIOs approach technology modernization by deciding on a cloud platform, designing a blueprint, and executing it with their own IT staff, C-suite funding, and the hypervisor’s vertical industry experts. Other CIOs hand over most of the project to consulting firms: the old throat choke. There is no right or wrong way to proceed. […]
Fundaments: Helping Enterprises in the Netherlands Decrease Their Carbon Footprints
With seven high-performance and high-security data centers located throughout the Netherlands and full array of cloud services and solutions, including Infrastructure-as-a-Service (IaaS) that enables customers to harness the strengths of the private, public and hybrid cloud with ease, Fundaments is trusted by enterprises in numerous industries. The company is equally well-known among independent software vendors […]
What’s Next in Securing Healthcare
By Tapan Mehta, Global Healthcare Solutions Executive at Palo Alto Networks Over the last decade, healthcare has offered new lines of services such as telehealth and remote patient monitoring, expanded accessibility and ease for both patients and healthcare professionals, and supported innovations that measurably improve patient outcomes. It’s a profound digital transformation. Today’s digital healthcare […]
3 Fundamentals to Truly Secure Remote Workers
By Christian Aboujaoude, chief technology officer at Keck Medicine, USC In the pre-pandemic days, security solutions could be more basic. Securing the perimeter could be likened to locking the door of your house. But with remote workers taking devices off premises and sometimes using their own, securing the workplace requires a new approach. Sophisticated threats […]
Get Business Done Faster with HPC and Exascale Supercomputing
A common misconception is that high-powered computing (HPC) and exascale supercomputing are too powerful for traditional businesses — that they’re only designed for mammoth university and government programs that seek to answer humanity’s biggest questions, like how the galaxies are formed or finding solutions for global crises like climate change and hunger. But the reality […]
This Next-Generation Data Center Fabric Is a Total Game Changer
As applications and IT services advance, scaling and modernizing data centers and meeting increased performance and security requirements grows more and more challenging. While networking technology has evolved over the past decade to provide higher-performing leaf-spine topologies, the unfortunate reality is that associated security and services architectures have not kept pace. To compensate, many organizations […]
Are You Overthinking Your Cloud Model? You Need a Cloud Strategy
Are you overthinking your cloud model? If so, you’re likely in need of a well-defined cloud strategy. Companies with a clear cloud strategy position themselves to achieve more from cloud computing than those without. A well-defined cloud strategy provides a playbook inclusive of principles, baselines, services, financial models, and prioritization guidelines that enable companies to […]
British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
British sports fashion retail firm JD Sports on Monday revealed that it has discovered a data breach impacting roughly 10 million of its customers. According to the company, the cyber incident affects information provided by customers who placed online orders between November 2018 and October 2020. The JD, Size, Millets, Blacks, Scotts and MilletSport brands […]
Sitecore Ramps Up CX with Smarter Content Discovery and Management
Change and instability seem like the only constants for brands for over two years now. And while those conditions may have made for a rocky road, they also provided brands an opportunity to explore new ways to engage with customers regardless of where they were in their customer journey. Brands capitalized on this opportunity to […]
Zero trust is a never-ending journey, not a ready-made solution
Nearly all organizations are struggling with how to stay in control as their data migrates to the cloud and users connect from anywhere. The answer, they’ve been told, is zero trust. Zero trust starts from the premise that an organization is going to be breached so that they can then focus on minimizing any potential […]
Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
Vulnerabilities in the OpenEMR healthcare software could allow remote attackers to steal sensitive patient data or execute arbitrary commands and take over systems. OpenEMR is an open source software used for the management of health records. It also allows patients to schedule appointments, get in touch with physicians, and pay invoices. Security researchers at Sonar […]
How to survive below the cybersecurity poverty line
The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then […]
Economic headwinds could deepen the cybersecurity skills shortage
According to the most recent research report from ESG and the Information System Security Association International (ISSA), 57% of organizations claim that they’ve been impacted by the global cybersecurity skills shortage, while 44% of organizations believe the skills shortage has gotten worse over the past few years. The result? Increasing workloads on existing cybersecurity staff, job […]
AWS launches Data Lab program in India
Amazon Web Services (AWS) on Monday said it was making its AWS Data Lab program available in India. The complimentary program is targeted at accelerating joint engineering efforts between enterprise customers and AWS technical experts to tackle complex data, architecture challenges using AWS products and services, the company said. AWS Data Lab, which primarily has […]
Russia-Linked APT29 Uses New Malware in Embassy Attacks
Russia-linked cyberespionage group APT29 has been observed staging new malware for attacks likely targeting embassy-related individuals, Recorded Future reports. Also referred to as Cozy Bear, the Dukes, Nobelium, and Yttrium, APT29 is a Russian advanced persistent threat (APT) group believed to be sponsored by the Russian Foreign Intelligence Service (SVR). It’s also believed to have […]
Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
A researcher has disclosed the details of a two-factor authentication (2FA) vulnerability that earned him a $27,000 bug bounty from Facebook parent company Meta. Gtm Manoz of Nepal discovered in September 2022 that a system designed by Meta for confirming a phone number and email address did not have any rate-limiting protection. A fix was […]
Top 6 roadblocks derailing data-driven projects
Data is what drives digital business. Consider how strategically important it has become for companies to leverage advanced analytics to uncover trends that can help them gain decisive insights they might not otherwise possess. But data-driven projects are not always easy to launch, let alone complete. In fact, enterprises face several challenges as they look […]
The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment
On Friday, January 20, 2023, Google announced it would lay off 12,000 employees. Amazon and Microsoft have laid off a combined 28,000 people; Twitter has reportedly lost 5,200 people; Meta (Facebook, etcetera) is laying off 11,000… This is just the tech giants, and almost all the staff looking for new positions are, by definition, tech-savvy […]
Winning with Unified Data Security and Access Governance
How do you become data-driven? It’s a question that seemingly has infinite answers. That’s why many companies flounder in the ambiguity of data-driven initiatives absent of concrete, actionable focus areas. Forward-thinking leaders are strategically focused on a particular data-driven initiative — self-service data access and governance. But even for companies who’ve succeeded in pinpointing the […]
Ericsson and Vonage are putting the power of 5G at the fingertips of developers
The Communications Platform as a Service (CPaaS) market is big and growing fast. Already worth more than $8 billion, analysts predict that the market will nearly triple in size to $22 billion by 2025. CPaaS is a cloud platform that exposes communications functions such as SMS, voice, video, and IP chat via programmable application programming […]
Hispanic IT leaders work to close the gap
When Pete Torres transitioned to the IT industry after serving in the military, he encountered a noticeable lack of Hispanic representation at conferences and events he attended. Even when he was young, the idea of a career in technology was “not really an option,” he says, owing in part to the IT industry’s decades-long issues […]
Hackers abuse legitimate remote monitoring and management tools in attacks
Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organization’s network and systems might not raise […]
Critical Vulnerability Impacts Over 120 Lexmark Printers
Printer and imaging products manufacturer Lexmark this week published a security advisory to warn users of a critical vulnerability impacting over 120 printer models. The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited […]
What is a Data Fabric?
By now, you’ve heard the good news: The business world is embracing data-driven decision making and growing their data practices at an unprecedented clip. The pandemic may have forced their hands, but they’ve seen the value of data and will never go back to making decisions based on hunches. Here is the so-so news: They’re […]
FBI takes down Hive ransomware group in an undercover operation
The US Department of Justice (DOJ) along with international partners have taken down the Hive ransomware group. The operation that began in July 2022 resulted in the FBI penetrating Hive’s computer networks, capturing its decryption keys, and offering them to victims worldwide, preventing victims from having to pay the $130 million in ransom demanded, DOJ […]
BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
The Internet Systems Consortium (ISC) this week announced patches for multiple high-severity denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The addressed issues could be exploited remotely to cause named – the BIND daemon that acts both as an authoritative name server and as a recursive resolver – to crash, or could lead to […]
Industry Reactions to Hive Ransomware Takedown: Feedback Friday
Authorities in the United States and Europe have announced the results of a major law enforcement operation targeting the Hive ransomware. Agencies from around the world worked together to take down Hive’s leak website and servers. In addition, agents hacked into Hive systems in July 2022, allowing them to identify targets and obtain decryption keys […]
Microsoft Urges Customers to Patch Exchange Servers
Microsoft this week published a blog post to remind its customers of the continuous wave of attacks targeting Exchange servers and to urge them to install the latest available updates as soon as possible. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” Microsoft says, reminding customers that both a cumulative […]
Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
The Iran-linked advanced persistent threat (APT) actor known as Moses Staff is leaking data stolen from Saudi Arabia government ministries using a recently created online persona. Also referred to as Cobalt Sapling, Moses Staff has been likely active since November 2020, but its existence was not revealed until September 2021. A declared anti-Israeli and pro-Palestinian […]
US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
Following the shutdown of the Hive ransomware operation by law enforcement, the US government has reminded the public that a reward of up to $10 million is offered for information on cybercriminals. Authorities in the United States and Europe announced on Thursday the results of a major law enforcement operation targeting the Hive ransomware. More […]
IT leaders take note: The future is what you create
The new year brings with it enthusiasm for new priorities and accomplishments to come, resolutions to seize opportunities and overcome challenges, and the opportunity to assess takeaways from the previous year and turn the page on projects and missteps past. In the ideal beginning of the year scenario, organizations would have completed celebrating and cerebrating […]
Cyberattacks Target Websites of German Airports, Admin
The websites of German airports, public administration bodies and financial sector organizations have been hit by cyberattacks instigated by a Russian “hacker group”, authorities said Thursday. The Federal Cyber Security Authority (BSI) had “knowledge of DDoS attacks against targets in Germany”, a spokesman told AFP. A distributed denial-of-service (DDoS) attack is designed to overwhelm the target with a […]
IBM reports rise in Q4 profit, but plans to cut 3,900 jobs
IBM reported net income of $2.9 billion in the fourth quarter of 2022 and year-on-year increases in revenue across all three of its business segments. That’s an increase in net income of 9% compared to the total reported for the corresponding quarter of 2021, or 17% comparing only continuing operations: IBM spun off most its […]
CIO Leadership Live with Roxanne Salton, Chief Digital Officer at Southern Cross Health Society
Roxanne Salton, Chief Digital Officer at Southern Cross Health Society, on why the job of transformation is not just the job of the CIO, the need to get more women into IT leadership roles, and being mindful of uncertainty in the year ahead and how it impacts your people. Watch the episode: Listen to the […]
US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
The FBI has at least temporarily dismantled the network of a prolific ransomware gang it infiltrated last year, saving victims including hospitals and school districts a potential $130 million in ransom payments, Attorney General Merrick Garland and other U.S. officials announced Thursday. “Simply put, using lawful means we hacked the hackers,” Deputy Attorney General Lisa […]
SAP plans layoffs and selloff with cloud revenue up but profit down
SAP’s revenue rose 11% in 2022 with the cloud component of that climbing 33%, but net income dropped 68%, prompting restructuring and layoffs in its CRM activities. The company is also exploring selling its majority stake in Qualtrics, the experience management platform it bought for $8 billion in 2018, to refocus on its core business. […]
Tenable Launches $25 Million Early-Stage Venture Fund
Vulnerability management software firm Tenable has launched a $25 million venture fund to place bets on early-stage startups in the attack surface and exposure management space. The new Tenable Ventures plans to make seed- and early-stage investments in companies building technology to help businesses discover, assess and manage security risk. The Columbia, Maryland-based Tenable said […]
How IT Can Deliver Better Business Outcomes
Cloud services, software-as-a-service (SaaS) applications, and on-premises infrastructures connected by wired and wireless networks now represent the backbone of modern enterprises. To fully harness the benefits of modern network architectures, network operations teams need a deep understanding of how these systems perform. This visibility is essential if teams are to avoid the downtime that results […]
How Real-Time Data and Open-Source Software Fuel ‘AI Factories’
By Bryan Kirschner, Vice President, Strategy at DataStax In their 2020 book Competing in the Age of AI, Harvard Business School professors Marco Iansiti and Karim Lakhani make some bold predictions about the winning enterprises of the future. These organizations, which they refer to as “AI factories,” build a “virtuous cycle between user engagement, data […]
820k Impacted by Data Breach at Zacks Investment Research
Stock research firm Zacks Investment Research is in the process of notifying customers that their personal information was compromised in a data breach. Founded in 1978, Zacks Investment Research is one of the largest providers of stock research, analysis and recommendations for firms in the US. Earlier this week, the company informed the Maine Attorney […]
Mapping Threat Intelligence to the NIST Compliance Framework Part 2
The NIST compliance framework consists of 5 core functions: identify, protect, detect, respond and recover. In my previous column, I mapped threat intelligence capabilities to the NIST core function of Identify. In this column, I will continue the discussion by mapping threat intelligence to the additional functions of Protect, Detect and Respond. By doing so, […]
UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
The United Kingdom’s National Cyber Security Centre (NCSC) has published an advisory to warn organizations and individuals about separate spearphishing campaigns conducted by Russian and Iranian cyberespionage groups. The advisory focuses on activities conducted by the Russia-linked Seaborgium group (aka Callisto, Blue Callisto and Coldriver) and the Iran-linked TA453 (aka Charming Kitten, APT35, Magic Hound, […]
Chinese Hackers Adopting Open Source ‘SparkRAT’ Tool
A Chinese threat actor tracked as DragonSpark has been using the SparkRAT open source remote administration tool (RAT) in recent attacks targeting East Asian organizations, cybersecurity firm SentinelOne reports. Relatively new, SparkRAT is a multi-platform RAT written in Golang that can run on Windows, Linux, and macOS systems, and which can update itself with new […]
Dozens of Cybersecurity Companies Announced Layoffs in Past Year
Dozens of cybersecurity companies have announced cutting staff over the past year as part of reorganization strategies, in many cases triggered by the global economic slowdown. One of the most recent announcements was made by Sophos, which in mid-January confirmed reports that it’s laying off 10% of its global workforce. Roughly 450 people have reportedly […]
Malicious Prompt Engineering With ChatGPT
The release of OpenAI’s ChatGPT available to everyone in late 2022 has demonstrated the potential of AI for both good and bad. ChatGPT is a large-scale AI-based natural language generator; that is, a large language model or LLM. It has brought the concept of ‘prompt engineering’ into common parlance. ChatGPT is a chatbot launched by […]
Security Update for Chrome 109 Patches 6 Vulnerabilities
Google has awarded a total of more than $25,000 to the researchers who reported the vulnerabilities patched with the release of a Chrome 109 update. The company informed users on Tuesday that six security holes have been patched in Chrome, including four reported by external researchers. Two of them are high-severity use-after-free issues affecting the […]
North Korean APT Expands Its Attack Repertoire
The advanced persistent threat (APT) tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated (that is, has had its infrastructure abused by other hackers). TA444 is a North Korean state-sponsored threat group tracked by Proofpoint as actively targeting cryptocurrencies since at least 2017. It has […]
CISA Provides Resources for Securing K-12 Education System
The US Cybersecurity and Infrastructure Security Agency (CISA) this week published a report detailing the cybersecurity risks the K-12 education system faces, along with recommendations on how to secure it. Over the past four years, there have been thousands of cyber incidents involving K-12 institutions, where threat actors targeted school computer systems to deploy ransomware, […]
New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
Industrial cybersecurity firm Otorio has released an open source tool designed to help organizations detect and address issues related to an upcoming update from Microsoft. Otorio’s DCOM Hardening Toolkit, which is available for free on GitHub, is a PowerShell script that lists weak DCOM authentication applications installed on the tested workstation and provides functionality to […]
Hive Ransomware Operation Apparently Shut Down by Law Enforcement
The Hive ransomware operation appears to have been shut down as part of a major law enforcement operation involving agencies in 10 countries. A message displayed in English and Russian on the Hive ransomware operation’s Tor-based website reads: The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken […]
US Government Agencies Warn of Malicious Use of Remote Management Software
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are warning organizations of malicious attacks using legitimate remote monitoring and management (RMM) software. IT service providers use RMM applications to remotely manage their clients’ networks and endpoints, but threat actors are abusing these tools to […]
9 API security tools on the frontlines of cybersecurity
Application programming interfaces (APIs) have become a critical part of networking, programs, applications, devices, and nearly everything else in the computing landscape. This is especially true for cloud and mobile computing, neither of which could probably exist in its current form without APIs holding everything together or managing much of backend functionality. Because of their […]
Recent legal developments bode well for security researchers, but challenges remain
Despite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by probing and testing the security configurations of digital networks and assets. Yet the law has often failed to distinguish between malicious hackers and good-faith security researchers. This failure to distinguish between the two hacker camps has, however, improved over […]
6 tips for making the most of a tight IT budget
IT leaders seeking to drive enterprise growth through technology investments are often saddled with budgets that make their tasks of increasing the top and bottom lines challenging. The year 2023 seems to be no different. Despite an estimated increase to IT budgets of 5.1% on average for 2023, research firm Gartner points to a projected […]
ServiceNow posts Q4 growth as enterprise automation remains strong
Enterprise software and workplace management orchestrator ServiceNow announced rosy revenue numbers in its Q4 2022 earnings call Wednesday evening, saying that total revenues topped $1.9 billion, which represents a 20% year-on-year increase. IDC analyst Stephen Elliot noted strong corporate management and the company’s expansion into the workplace experience market as contributing factors in the reported […]
Attackers move away from Office macros to LNK files for malware delivery
For years attackers have used Office documents with malicious macros as one of the primary methods of infecting computers with malware. Microsoft finally took steps to disable such scripts by default in documents downloaded from the internet, forcing many groups to change tactics and increasingly choose LNK (shortcut) files as a delivery mechanism. This trend […]
H2M architects + engineers’ John McCaffrey on infrastructure lifecycles
John McCaffrey, CIO at H2M architects + engineers, joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss infrastructure lifecycles, 3D scanning and design, and more. Watch this episode: Listen to this episode: Careers, CIO, CIO Leadership Live
AVM Cloud: Empowering Enterprises in Malaysia to Deploy a Robust Sovereign Cloud
Already a leader in Malaysia’s burgeoning cloud services and solutions sector when it was acquired by Time dotCom, one of the region’s largest fixed-line communications companies in 2021, AVM Cloud recently became one of the select group of providers who offer VMware Cloud Verified Services to earn the VMware Sovereign Cloud distinction. Originally known as […]
Chinese threat actor DragonSpark targets East Asian businesses
Organizations in Taiwan, Hong Kong, Singapore and China have been recently facing attacks from a Chinese threat actor DragonSpark. The threat actor was observed using the open-source tool SparkRAT for its attacks, according to a report by SentinelOne. SparkRAT is multi-platform, feature-rich, and frequently updated with new features, making the remote access Trojan (RAT) attractive to threat actors. […]
Veterans bring high-value, real-life experience as potential cybersecurity employees
Johanna Wood was an armored crewman with Lord Strathcona’s Horse, a Canadian Army regiment. At first glance, Wood’s military role may seem incompatible with civilian work; there’s not a lot of call for tank operators in private companies. But Wood believes her experience working in tanks gives her a significant edge as she enters the […]
United Airlines gives employees the digital tools to make customers happy
As CIO of United Airlines, Jason Birnbaum is laser focused on using technology and data to enable the company’s 86,000 employees to create as seamless a customer travel experience as possible. “Our goal is to improve the entire travel process from when you plan a trip to when you plan the next trip,” says Birnbaum, […]
Examining the CIO time management dilemma
CIOs are expected to successfully split their time between duties that can greatly vary day to day. Federal Reserve System CIO Ghada Ijam, for instance, says on a good day, 60% of her time is spent on strategic planning and the rest keeping the business running. As every CIO knows, though, days can be unpredictable, […]
Modernize Your Data Stack to Thrive in Uncertain Times
Economic instability and uncertainty are the leading causes for technology budget decreases, according to the IDG/Foundry 2022 annual State of the CIO survey. Despite a desire to cut budgets, data remains the key factor to a business succeeding – especially during economic uncertainty. According to the Harvard Business Review, data-driven companies have better financial performance, are more likely to survive, and […]
CYGNVS exits stealth, trumpeting its cyberattack recovery platform
Cyber recovery startup CYGNVS announced its emergence from stealth today, having raised $55 million in series A funding and created a highly functional “cyber crisis” platform which promises to help organizations recover from major breaches. The company’s product is in its name – CYGNVS says it’s an acronym for Cyber GuidaNce Virtual Space. It’s effectively […]
P-to-P fraud most concerning cyber threat in 2023: CSI
US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023. It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). Industry respondents also expressed concerns over identity theft at […]
Achieve Modern Data Security Governance for Faster Insights
Every company and government entity is tasked with striking a critical balance between data access and security. As Forrester’s Senior Analyst Richard Joyce stated, “For a typical Fortune 1000 company, just a 10 percent increase in data accessibility will result in more than $65 million additional net income.” As the need to become more data-driven […]
Data Democratization: How to Balance Performance and Compliance
Hyper competition, globalization, economic uncertainties — all of it converging to drive a C-suite impetus for the business to become more data-driven. Organizations invest in more data science and analytical staff as they demand faster access to more data. At the same time, they’re forced to deal with more regulations and privacy mandates such as […]
How a Data Security Platform Tackles the Toxicity of Tool Sprawl
One of the main causes of security operations (SecOps) pain is the sheer number of disparate protection tools now in use across the enterprise, leading to an ever higher volume of alerts, operational inefficiencies, and increased cost. There’s no denying the cybersecurity threat landscape has become extremely dynamic and complex — encompassing data, applications, APIs, […]
Protect Your Data with Zero Trust
As the threat landscape evolves and adversaries find new ways to exfiltrate and manipulate data, more organizations are adopting a zero trust strategy. However, many are only focusing attention on endpoints, leaving the database vulnerable to malicious attacks. Databases are the last line of defense against data exfiltration by cybercriminals. To combat this, it’s essential […]
ServiceNow to detect open source security vulnerabilities with Snyk integration
ServiceNow Vulnerability Response users will now have access to Snyk Open Source. This will represent the Israeli-US vendor’s advanced software composition analysis (SCA) backed by Snyk’s security intelligence—a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI. ServiceNow Vulnerability Response is part of ServiceNow Security Operations and […]
Skyhawk launches platform to provide threat detection and response across multi-cloud environments
Cloud threat detection vendor Skyhawk Security has released a platform designed to address alert fatigue that provides cloud detection and response (CDR) across multi-cloud environments, the company said Tuesday in a statement. The company says the Synthesis platform is being released on a “freemium” basis—the base version is available at no cost, but supplement features […]
How passkeys are changing authentication
Passwords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. These security and useability shortcomings have driven the search for alternative approaches known generally as passwordless authentication. Passkeys are a […]
Why sustainable transportation needs 5G connectivity and digitalisation
Decarbonising transportation through electrification is critical to helping companies and economies meet net-zero emissions targets. Fortunately, three forces are combining to make this vision for sustainable transportation a reality: connectivity, digitalisation, and cross-sector collaboration. In a recent “fireside chat” on the topic of sustainable transportation, Erik Ekudden, CTO of Ericsson, and Christian Levin, CEO of […]
CIOs sharpen tech strategies to support hybrid work
A significant number of organizations are operating in a hybrid model — and expect to continue with that hybrid environment for the foreseeable future. Global analytics and advice firm Gallup has found that the percentage of remote-capable workers working in a hybrid environment increased in 2022, moving from 42% in February to 49% in June. […]
Brilliance: The CIO’s most seductive career-limiting trait
Good leaders get things done. Great leaders build organizations that get things done. As a leader, being thought of as a source of the great ideas that help get things done is a three-fold liability, especially when you’re working with executive peers outside of IT. The first fold is that if a brilliant idea has […]
Australia fronts International Counter Ransomware Taskforce
The International Counter Ransomware Taskforce (ICRTF), envisioned by the International Counter Ransomware Initiative (CRI), kicked off its operations on Monday with Australia as its inaugural chair and coordinator. The CRI was first brought together in October 2021 with a virtual meeting of 30 countries, facilitated by the US White House National Security Council. In November 2022, […]
Microsoft’s latest OpenAI investment opens way to new enterprise services
OpenAI has landed billions of dollars more funding from Microsoft to continue its development of generative artificial intelligence tools such as Dall-E 2 and ChatGPT. A move that is likely to unlock similar investments from competitors — Google in particular — and open the way for new or improved software tools for enterprises large and […]
Nvidia targets insider attacks with digital fingerprinting technology
Nvidia today announced that a digital lab playground for its latest security offering is now available, letting users try out an AI-powered system designed to monitor individual user accounts for potentially hazardous behavior. The idea, according to the company, is to leverage the large amounts of data that many organizations compile anyway about login and […]
Attackers exploiting critical flaw in many Zoho ManageEngine products
Users of on-premises deployments of Zoho ManageEngine products should make sure they have patches applied for a critical remote code execution vulnerability that attackers have now started exploiting in the wild. Technical details about the flaw along with a proof-of-concept exploit was released late last week, which will allow more attackers to add this exploit […]
Murat Ozkan, Chief Information and Digital Officer at Anadolu Efes
Murat Ozkan, Chief Information and Digital Officer at Anadolu Efes, the Turkey-based international beverages company, talks about how a data management strategy comprising AI and analytics will sustain further growth. Watch the episode: Listen to the episode: CIO Leadership Live
CIOs step up to fill plus-size leadership roles
With a career path that wound through R&D, product development, advanced supply chain, and technology, Praveen Jonnala is well positioned to lead a global IT organization as well as take the reins of operations and other core business functions. Jonnala stepped in as CIO at network infrastructure provider CommScope two years ago after more than […]
US Supreme Court leak investigation highlights weak and ineffective risk management strategy
The Supreme Court of the United States (SCOTUS) has announced that its investigation to find the insider who leaked a draft opinion of the Dobbs v. Jackson Women’s Health Org. decision to media outlet Politico has come up empty. In a nutshell, the court’s insider risk management program, designed to protect the information the justices […]
The Impossible Manual Task for Outdated Contact Centers
The cloud, combined with conversational artificial intelligence (AI), is dramatically expanding the capabilities of the modern-day contact center. These solutions are the twin pillars of contact center success, allowing them to serve more customers faster and more effectively. The two technologies go hand in hand for creating the flexible, flawless customer experience (CX) that companies […]
The metaverse brings a new breed of threats to challenge privacy and security gatekeepers
The metaverse is coming; businesses and government agencies are already building virtual worlds to support city services, meetings and conferences, community building, and commerce. They’re also rendering spatial apps around travel, car sales, manufacturing, and architecture in what Citi predicts will be a $13-trillion market with 5 billion users by 2030. “Just as the internet, […]
DEI that works: 5 companies reaping the benefits of IT diversity strategies
The tech industry has long been known for its lack of diversity and, as a result, there’s been a big push for companies to take DEI strategies seriously. Diversity not only helps organizations perform better but fostering equity and inclusion can also strengthen recruiting and retention rates, as well as overall employee satisfaction. In fact, […]
2023: The year of the rise of the digital economy in GCC countries
The pandemic has led many organizations in the Middle East to shift towards a digital-first strategy. According to IDC’s group vice president and regional managing director for the Middle East, Turkey, and Africa, Jyoti Lalchandani: “This means choosing digitalization options over non-digital options as a rule while implementing or enhancing new products, services, channels, customer/employee […]
Wallarm touts API leak protection with new scanning feature
API security company Wallarm announced Frdiay that it had opened a preview period for its newest offering — an active scanning system that checks through public sources of compromised API data, alerts users, and provides automated responses if a compromise is detected. The API Leak Protection feature, which will be deployed via Wallarm’s existing End-to-End […]
What is business intelligence? Transforming data into business insights
Business intelligence definition Business intelligence (BI) is a set of strategies and technologies enterprises use to analyze business information and transform it into actionable insights that inform strategic and tactical business decisions. BI tools access and analyze data sets and present analytical findings in reports, summaries, dashboards, graphs, charts, and maps to provide users with […]
Does the Future of Work include Network as a Service (NaaS)?
By: Cathy Won, Consultant with eTeam, HPE Aruba Contributor. The Future of Work and the Workplace is a 2023 Leesman survey report co-authored by HPE Aruba. The report explores the critical questions on the minds of business leaders coming out of the pandemic today. What is the future of work and the workplace? How must organizations adapt? Unsurprisingly, […]
The Reason Many AI and Analytics Projects Fail—and How to Make Sure Yours Doesn’t
Topping the list of executive priorities for 2023—a year heralded by escalating economic woes and climate risks—is the need for data driven insights to propel efficiency, resiliency, and other key initiatives. Many companies have been experimenting with advanced analytics and artificial intelligence (AI) to fill this need. Now, they must turn their proof of concept […]
The Technology Enabling Successful Hybrid Workforce Transformation
What was once an anomaly is now a global reality as remote and hybrid work models settle in across industries. To adapt to this new “new normal,” organizations will need to reinforce their workforces with technologies that can keep pace. In 2022, the percentage of remote workdays in the US soared above the pre-pandemic levels […]
IoT Adoption in Healthcare Brings Security Opportunities
By Anand Oswal, Senior Vice President and GM at cyber security leader Palo Alto Networks Connected medical devices, also known as the Internet of Medical Things or IoMT, are revolutionizing healthcare, not only from an operational standpoint but related to patient care. In hospital and healthcare settings around the world, connected medical devices support critical […]
How Well-Established Enterprises Can Achieve Innovation Without Disruption
Before any innovation initiative starts, there are questions (and usually lots of them). What is innovation and, more importantly, what does it mean for your organization? What fears or misperceptions hold innovation back? If you haven’t yet, check out this blog before reading this follow-up piece. Decades ago, Netflix mailed DVDs to homes and a copy of […]
T-Mobile suffers 8th data breach in less than 5 years
Telecom player T-Mobile US has suffered a cybersecurity incident that resulted in the exposure of personal details of 37 million users, the company reported in a filing to the US Securities and Exchange Commission on Thursday. Customer data such as customer name, billing address, email, phone number, date of birth, T-Mobile account number and information such as […]
The essential check list for effective data democratization
Truly data-driven companies see significantly better business outcomes than those that aren’t. According to a recent IDC whitepaper, leaders saw on average two and a half times better results than other organizations in many business metrics. In particular, companies that were leaders at using data and analytics had three times higher improvement in revenues, were […]
Three Keys to Protecting the Corporate Network in the Era of Hybrid Work
Remote and hybrid work is here to stay. In an increasingly complex security environment, no challenge looms larger than how to protect remote devices that tie back into the corporate network. In fact, modernizing networking technologies ranks among the top IT goals for 2022 according to an IDG survey conducted on behalf of Insight Enterprises. With more users […]
Many ICS flaws remain unpatched as attacks against critical infrastructure rise
Patching vulnerabilities in industrial environments has always been challenging due to interoperability concerns, strict uptime requirements, and sometimes the age of devices. According to a recent analysis, a third of vulnerabilities don’t even have patches or remediations available. Out of 926 CVEs — unique vulnerability identifiers — that were included in ICS advisories from the […]
Leveraging Cybersecurity to Supercharge Retail’s Frontline
By Ravi Balwada, CTO of Guitar Center In retail, we don’t have the luxury of thinking about security as an afterthought. We have to think about security early in the innovation process and make sure our security best practices, governance and architectures are taken into account when we are designing our solutions—everything from defining what […]
Why you don’t have to fix every vulnerability
The word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. […]
Chinese hackers targeted Iranian government entities for months: Report
Chinese advanced persistent threat actor, Playful Taurus, targeted several Iranian government entities between July and December 2022, according to a Palo Alto Networks report. The Chinese threat actor also known as APT15, KeChang, NICKEL, BackdoorDiplomacy, and Vixen Panda, was observed attempting to connect government domains to malware infrastructure previously associated with the APT group, according […]
Delegation: The biggest test for transformational CIOs
Two events influenced Schneider Electric CIO Elizabeth Hackenson to distribute more decision-making authority throughout the company’s IT organization. “During the pandemic we needed to have people make as many local decisions as possible,” which she says was essential to keep operations moving across the 100 countries in which the company operates. More importantly, the company’s […]
How CISOs can manage the cybersecurity of high-level executives
High-level executives, including board members and C-level executives, often have access to sensitive information, making them prime targets for bad actors looking to penetrate corporate defenses. Their personal devices, among other points of entry, are glaring attack vectors for cybercriminals looking to get in on the top floor. As CISOs know, cyber incidents all too often […]
CIO Wendy Pfeiffer on getting hybrid work right
Wendy M. Pfeiffer is a technology leader who’s as dedicated to excellence in operations and delivery as she is to maintaining a focus on innovation. She joined Nutanix as SVP and CIO following a successful career leading technology teams at companies like GoPro, Yahoo, Cisco Systems, and Robert Half. Highly regarded by her industry peers for […]
CIO Leadership live with Derek Cullen, CIO of Stikeman Elliott
Derek Cullen, CIO, Stikeman Elliott discusses the evolving role of the CIO as a leader and business partner. He also discusses supporting career development through networking and volunteering. Watch this episode: Listen to this episode: CIO, CIO Leadership Live
The Significance of Open Source Software in the Digital-First Future Enterprise
As companies shift their focus from the digital transformation of individual processes to the business outcomes enabled by a digitally transformed organisation, software engineering will become a core enterprise capability. To become a software-powered organisation, companies must first identify and address the concerns of its developers in areas such as developer experience, developer velocity and […]
(ISC)² CISO Jon France shares predictions for 2023
Jon France – Chief Information Security Officer at (ISC)² – joins Xiou Ann Lim for this CSO Executive Sessions interview. They discuss predictions in cybersecurity for 2023, how CISOs can prepare for the year ahead, and more. To read this article in full, please click here
Lawsuit claims IBM falsely used mainframe sales to boost AI, cloud businesses
A lawsuit has been filed against 13 current and former IBM executives, including CEO and Chairman Arvind Krishna and former CEO Ginni Rometty, accusing the company of securities fraud — bundling mainframe sales together with those of poorly performing products in order to make them appear more profitable than they actually were. The lawsuit was […]
8 ‘future of work’ mistakes IT leaders must avoid
CIOs supporting a hybrid mix of in-office and remote workers, and those who float between, need to implement new tools and strategies to get it right. But they will also need to change how they think about hybrid work, which analyst firm Forrester characterizes as “messy” even as it says 51% of organizations are moving […]
QuSecure launches quantum-computing based security for endpoints
QuSecure, a quantum-computing technology company based in Silicon Valley, today announced the latest version of its security platform, called QuEverywhere — designed to allow organizations to extend quantum-safe security all the way to endpoints like laptops and smartphones, the company said in a statement. QuEverywhere, according to the company, is an app- or browser-based method […]
So, You’re Moving Your Contact Center to the Cloud
‘Cloud’ is a buzzword that has run its course in a lot of industries, but there is a resurgence of cloud talk in the contact center arena these days. Contact Center as a Service (CCaaS) is a high-priority digital transformation project for many businesses around the world, and some of the biggest players in tech […]
Trustwave relaunches Advanced Continual Threat Hunting with human-led methodology
Cybersecurity vendor Trustwave has announced the relaunch of its Advanced Continual Threat Hunting platform with new, patent-pending human-led threat hunting methodology. The firm claimed the enhancement will allow its SpiderLabs threat hunting teams to conduct increased human-led threat hunts and discover more behavior-based findings that could go undetected by traditional endpoint detection and response (EDR) […]
Perception Point launches Advanced Threat Protection for Zendesk
Threat protection company Perception Point has launched Advanced Threat Protection for Zendesk to provide detection and remediation services for Zendesk customers. Perception Point said that customers can now protect customer service software Zendesk a single, consolidated platform alongside their email, web browsers and other cloud collaboration apps. Advanced Threat Protection for Zendesk has been built […]
Why it's time to review your on-premises Microsoft Exchange patch status
We start the patching year of 2023 looking at one of the largest releases of vulnerability fixes in Microsoft history. The January 10 Patch Tuesday update patched one actively exploited zero-day vulnerability and 98 security flaws. The update arrives at a time when short- and long-term technology and budget decisions need to be made. This […]
4 ways upskilling and reskilling can fill hard-to-hire positions
The employees you need may already be on your team but out of sight. Looking for existing staff with transferable skills, hidden skills, technical learnability, and hidden knowledge can bring these potential employees into focus. Transferable skills These are comprised of knowledge, experience, and abilities that make it easier to learn new skills. Within IT, […]
How IT leads can build a high-performing environment for sales teams
Karl Nicholson, Technology Evangelist at Slack Ask any tech team, and they’ll tell you that the use of workplace apps has skyrocketed in recent years. Off the back of the pandemic, an age of technological empowerment swept in — where employees had greater autonomy in choosing the best tools they needed to do their best […]
Remote.it takes steps toward zero trust with 'single line of code' provisioning
Network management company Remote.it today announced new features for its core SaaS-based service, including support for the Okta user identification platform and Docker containers, and what it’s describing as “programmatic deployment” of zero trust networks. Essentially, the company said, the idea is to provide automated provisioning and deployment of network access to managed assetts — […]
How attackers might use GitHub Codespaces to hide malware delivery
Attackers could start abusing GitHub Codespaces, a new service that allows developers to create and test applications inside development containers running on GitHub’s servers. Developers can make their applications accessible via public GitHub URLs for preview by others, a functionality that can be abused to distribute malware payloads in a stealthy way. “If the application […]
5 top IoT sustainability trends for 2023
The new year brings familiar problems for cities around the world. Many countries are still facing a multitude of crises: climate change continues to accelerate, economies are under pressure, and consumers are coping with inflation and skyrocketing energy bills. But a new year also brings a renewed sense of optimism and fresh focus. Innovators are […]
COP27: successes, failures, and next steps
Like its predecessors, COP27 offered mixed results. As the conference’s detractors have long lamented, if COPs were truly effective, we wouldn’t have needed 27 of them. Still, there are some genuine marks of progress to celebrate. A landmark “loss and damage” fund will come as welcome news for the many vulnerable countries that have been […]
Spend Less, Get More: How Switching from Legacy PDF Editor Can Elevate Your Business
The PDF is a de facto electronic file format for a wide range of industries, giving organizations a reliable way to present information to others in a format that remains consistent no matter the user’s underlying hardware or software. From financial statements and invoices to purchase orders and healthcare records, PDFs are a fundamental element […]
CIO Leadership live with TAB’s Fred Laury
Fred Laury, Chief Digital Officer at TAB New Zealand, on the importance of empathy to influence and collaborate, how the CIO role is changing post-pandemic, and how he’s learned to adjust the sails in rough waters. Watch this episode: Listen to this episode: CIO, CIO Leadership Live
How FiveStars re-engineered its data engineering stack
Building and managing infrastructure yourself gives you more control — but the effort to keep it all under control can take resources away from innovation in other areas. Matt Doka, CTO of FiveStars, a marketing platform for small businesses, doesn’t like that trade-off and goes out of his way to outsource whatever he can. It […]
DigiCert releases Trust Lifecycle Manager to unify certificate management, PKI services
Digital security certificate company DigiCert has announced the launch of DigiCert Trust Lifecycle Manager – a new solution designed to unify certificate authority-agnostic certificate management and public key infrastructure (PKI) services. Available now as part of the DigiCert ONE platform, Trust Lifecycle Manager aims to set a new standard for managing trust within an organization’s […]
European data protection authorities issue record €2.92 billion in GDPR fines
European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine of […]
US Maritime Administrator to study port crane cybersecurity concerns
The 2023 National Defense Authorization Act (NDAA) passed by Congress and signed by President Biden in late December 2022 was filled with a host of military-related cybersecurity provisions. One little-noticed provision in the bill called for a study of cybersecurity and national security threats posed by foreign-manufactured cranes at United States ports. Under this provision, […]
Accelerating Aerospace Organizational Innovation, Speed, and Resilience with Digital Technologies
Aerospace organizations are pushing new boundaries every day. Their products, research, and technologies are changing the way the world works. We see it every day in the way humanity relies on communication, global positioning, and special analytics to enable smart cities, smart cars, and smart factories. It is their ability to systematically innovate, push boundaries, […]
The 7 new rules of IT leadership
The CIO role continues to evolve, changing as dramatically as the technology it manages and maintains. Moreover, the pace of the chief IT position’s transformation seems to be accelerating — likewise mirroring the speed of change in the tech stack. Consequently, tech executives must lead, manage, and work differently than they did in the past. […]
4 moves CIOs should make to achieve a more efficient IT organization
The effects of such an unpredictable environment are profound, and no organization in any industry is immune. Looking across our client base, we expect to see varying degrees of impact as the turbulence continues. The common thread? In almost every case, there’s an increased need for data insight and technology-enabled agility to reaffirm technology’s position […]
How AI chatbot ChatGPT changes the phishing game
ChatGPT, OpenAI’s free chatbot based on GPT-3.5, was released on 30 November 2022 and racked up a million users in five days. It is capable of writing emails, essays, code and phishing emails, if the user knows how to ask. By comparison, it took Twitter two years to reach a million users. Facebook took ten […]
7 tell-tale signs of fake DevOps
There’s no doubt that DevOps has helped many IT organizations achieve their goal of delivering applications and services faster and better than traditional software development processes. Unfortunately, while some IT leaders do a fine job of trumpeting DevOps’ benefits, their teams are headed in the wrong direction, embracing half-baked or completely wrong tools and practices. […]
Choice Hotels’ all-in cloud journey to sustainable business value
Choice Hotels International’s early and big bet on the cloud has allowed it to glean the many benefits of its digital transformation and devote more energies to a key corporate value — sustainability, its CIO maintains. That is largely due to the 80-year-old hotel chain’s tight partnership with Amazon Web Services, says Choice CIO Brian […]
Attackers deploy sophisticated Linux implant on Fortinet network security devices
In December network security vendor Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details about a sophisticated malware implant that those attackers deployed through the flaw. Based on currently available information, the original zero-day attack […]
Google Cloud for Retailers adds AI-based inventory, e-commerce tools
In a bid to help retailers transform their in-store, inventory-checking processes and enhance their e-commerce sites, Google on Friday said that it is enhancing Google Cloud for Retailers with a new shelf-checking, AI-based capability, and updating its Discovery AI and Recommendation AI services. Shelf-checking technology for inventory at physical retail stories has been a sought-after […]
Is Your Contact Center Recession-Proof?
In some form or another, a recession is looking increasingly likely in 2023. The Conference Board, a global nonprofit think tank, called for a 96% probability of recession in the U.S. within 12 months from October 2022. That’s a steep increase from the 0% likelihood in early 2020 through early 2022.[1] We can be confident […]
Royal ransomware group actively exploiting Citrix vulnerability
The Royal ransomware group is believed to be actively exploiting a critical security flaw affecting Citrix systems, according to the cyber research team at cyber insurance provider At-Bay. Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510, allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery […]
Five Trends in 2023 Strategic Portfolio Planning
Heading into 2020, there were plenty of predictions about the year ahead (not to mention detailed business plans, economic forecasts, scheduled events, and so on)—and all were rendered worthless by the pandemic. Looking ahead to 2023, therefore, I do so with a healthy dose of humility, and an acknowledgement that there will be monumental events […]
5 Signs Your PMO is on the Hot Seat
Not too long ago, I was on a call with a top-level executive at a large enterprise. During the discussion, I heard something pretty shocking: They were looking seriously at getting rid of the project management office (PMO) altogether. Even more disturbing: I don’t see this as an aberration. In a significant number of businesses, […]
Securing Critical Infrastructure with Zero Trust
By Anand Oswal, Senior Vice President and GM at cyber security leader Palo Alto Networks Critical infrastructure forms the fabric of our society, providing power for our homes and businesses, fuel for our vehicles, and medical services that preserve human health. With the acceleration of digital transformation spurred by the pandemic, larger and larger volumes […]
2 Innovations That Can Tip the Balance in Cybersecurity
By John Davis, Retired U.S. Army Major General and Vice President and Federal Chief Security Officer for Palo Alto Networks What critical innovations can change the balance in cybersecurity, providing those of us responsible for defending our organizations with more capabilities against those who would do us harm? This is not just a theoretical exercise. […]
NASA overspent $15 million on unused Oracle licenses as it failed to track usage
All Posts The US National Aeronautics and Space Administration (NASA) has overspent about $15 million on Oracle software over the past five years because it lacked a centralized software asset management practice, according to an audit report published by the space agency’s office of the inspector general (OIG). The report attributes the huge over-expenditure […]
Diversity and inclusion: 7 best practices for changing your culture
Diversity and inclusion (D&I) have become necessary missions for most businesses. Research has long shown that diverse teams are more productive, more engaged, and the companies that create them are more profitable. And the murder of George Floyd — and the social unrest that followed — made it clear that taking a stand around social […]
Top automation pitfalls and how to avoid them
First Tech Credit Union is a San Jose-based financial institution with more than $16 billion in assets. As the eighth largest in the country, it primarily serves tech companies and their employees, but still has a lot of manual processes in place. “We’re very early in our automation journey,” says Mike Upton, the organization’s digital […]
Nvidia offers retail loss prevention software to accelerate accelerator chip sales
GPU manufacturer Nvidia is expanding its enterprise software offering with three new AI workflows for retailers it hopes will also drive sales of its hardware accelerators. The workflows are built on Nvidia’s existing AI technology platform. One tracks shoppers and objects across multiple camera views as a building block for cashierless store systems; one aims […]
Chatbot Security in the Age of AI
With each passing year, contact centers experience more of the benefits of artificial intelligence. This technology — once only a distant idea portrayed with wonder and fear in science fiction — is now a key part of how businesses and customers interact. According to survey data from Call Centre Helper, customer satisfaction is the number one factor […]
Innovative Manufacturers are Investing in these Advanced Technologies
In many ways, the manufacturing industry stands on edge—emerging from a pandemic and facing all-time highs in demand yet teetering on inflation-related economic uncertainty and coping with skilled labor shortages. Answering these concerns, smart factories are moving to another edge: edge computing, where operational data from Internet of Things (IoT) sensors can be collected and […]
CIO Leadership Live with Corinne Sharp, Co founder & CMO of the WIT Network
Women in Technology – Corinne Sharp, Co founder &CMO the WIT Network, talks about building support and community for women in technology. You can learn more at https://thewitnetwork.com/ Watch this video: Listen to this episode: Careers, CIO, CIO Leadership Live
CloudSek launches free security tool that helps users win bug bounty
Cybersecurity firm CloudSek has launched BeVigil, a tool that can tell users how safe the apps installed on their phone are, and helps users and developers win bug bounty by helping them identify and report bugs in the code. BeVigil scans all the apps installed on a user’s phone and rates them as dangerous, risky, […]
Cybersecurity spending and economic headwinds in 2023
Now that everyone, their brother, sister, and dog have chimed in on cybersecurity predictions for 2023, here are a few observations based on some recent ESG research. First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT […]
Agritech forces gain ground across Africa
“Land never deceives” is a common slogan of farmers around Africa. Many people go into farming entirely, or as a side endeavor, with a high certainty they’ll make money and produce more good for all. And when technology is added to the mix, opportunities multiply. Having the largest area of uncultivated arable land in the […]
3 nonprofits committed to empowering women in tech
A 2020 report from McKinsey found that companies with stronger gender diversity numbers were 25% more likely to outperform their less diverse competition. Yet, while companies have placed a greater emphasis on addressing the gender gap of late, women remain largely underrepresented in IT positions. Here, a number of factors are at play, not the […]
Data strategy is a differentiator for universities. Here’s how to get it right
Data is critical to success for universities. Data provides insights that support the overall strategy of the university. It can also help with specific use cases: from understanding where to invest resources and discovering new ways to engage pupils, to measuring academic outcomes and boosting student performance. Data also lies at the heart of creating […]
Journey Beyond transforms its contact center to deliver better customer journeys
Journey Beyond, a part of Hornblower Group, is Australia’s leading experiential tourism group. Headquartered in Adelaide, it operates 13 brands and experiences spanning the country. The company’s overall strategy is to “have a customer experience that’s second-to-none — from the moment they first engage with the company to plan their experience, to when they return […]
Cybercriminals bypass Windows security with driver-vulnerability exploit
The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike. In […]
Events and Awards UK: New for 2023
2023 sees the return of in-person events and awards. Here are the details for our packed schedule this year. January Applications launch for the 2023 Next CIO cohort on Friday 20th January. The award recognises and celebrates the best rising stars across the IT Sector in the UK. Through interviews at CIO UK, awards, and mentoring opportunities, […]
Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams
Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off. The study, by researchers with security firm […]
Giant Eagle’s Kirk Ball on grocery retail innovations
Kirk Ball, Chief Information Officer/Chief Technology Officer, Giant Eagle, joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss grocery retail innovations, digital customer strategies, sourcing global talent, augmented reality and more. Watch this video: Listen to this episode: CIO, CIO Leadership Live
Understanding Innovation as a Large, Well-established Enterprise
Innovation is crucial to the continuing success of any business, especially well-established enterprises. New products and ideas are tested every day, just as new opportunities are ignored. Blockbuster thought going digital would be too expensive. Blackberry failed to adapt to the changing smartphone market. Toys R Us sued Amazon versus using them to build an […]
Timeline of the latest LastPass data breaches
On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service. While LastPass claims that users’ passwords remain safely encrypted, it admitted that certain elements of customers’ information have been exposed. The security incident was the latest to affect the service in recent times […]
University of Ottawa’s Martin Bernier on continuous learning
A CIO has to understand the focus of the overall business, of course, but there are usually many segments or different dimensions to consider. In Martin Bernier’s case, as CIO of the University of Ottawa, managing the hyper-dynamic environment of 50,000 students, faculties and research groups is a discipline that requires both a holistic and […]
8 top priorities for CIOs in 2023
Welcome to 2023. As the new year arrives, CIOs are facing a challenging to-do list as they strive to maximize IT productivity and efficiency in increasingly unpredictable times. As technology projects, budgets, and staffing grew over the past few years, the focus was on speed to market to maximize opportunity, says Troy Gibson, CIO services […]
Data leak exposes information of 10,000 French social security beneficiaries
[Editor’s note: This article originally appeared on the Le Monde Informatique website.] More than 10,000 beneficiaries of a local branch of the French social security agency CAF, or Family Allowance Fund, saw their data exposed for about 18 months, after a file containing personal information was sent to a service provider. The mistake, discovered by […]
The Delicate Dance Between AI and Human Agents
Artificial intelligence will soon take center stage in your contact center — if it hasn’t already. Artificial intelligence (AI) uptake increased dramatically over the last few years. A 2022 PwC report revealed that more than 70% of companies were already using or planning to deploy AI in some form within their business operations. Business leaders […]
Intel boosts VM security, guards against stack attacks in new Xeon release
Intel today announced the rollout of the fourth generation of its Xeon family of server chipsets, detailing several new features under the company’s confidential computing umbrella of security features. Improvements to Intel’s trusted execution environment and a new technique for combatting jump- and return-oriented programming attacks were the most notable upgrades. Xeon’s fourth generation introduces […]
How to Future-Proof Your Technology With No-Code/Low-Code Solutions
When it comes to technology, among the biggest concerns companies face is the rigidity and inflexibility of legacy platforms. These platforms make it difficult for business and IT leaders facing ever-evolving business needs to seamlessly implement a change. In some cases, an organization’s current tools simply can’t perform a necessary change or add a new […]
5 hot IT hiring trends — and 5 going cold
Hiring tech talent in 2023 means navigating an uncertain economy, the effects of widespread tech industry layoffs, and candidates who want to work for a company with a mission and workplace culture that align with their values, including diversity, equity, and inclusion. IT leaders say the best approach is to focus on adaptability. Firms that […]
How Can Contact Centers Use AI-Powered Chatbots Responsibly?
Chatbots have been maturing steadily for years. In 2022, however, they showed that they’re ready to take a giant leap forward. When ChatGPT was unveiled a few short weeks ago, the tech world was abuzz about it. The New York Times tech columnist Kevin Roose called it “quite simply, the best artificial intelligence chatbot ever […]
CIO Leadership Live with Veneeth Purushotaman, Group Chief Information Officer, Aster DM Healthcare
Veneeth Purushotaman, Group CIO at Aster DM Healthcare explains how the hospital digital strategy helped them to become the first private hospital in Dubai to secure HIMSS Stage 6 certification. Watch the episode: Listen to the episode: CIO Leadership Live
How to Protect Your IT Systems During Power Interruptions
Nowadays, the world seems to experience once-in-a-century storms almost monthly. These cataclysmic weather events often cause extensive property damage, including major disruptions to the power grid that can cripple IT systems. More commonly, human error and power fluctuations can be just as costly and devastating to continued IT service delivery. To avoid costly outages and […]
The New Way Companies are Harnessing Data at the Edge for Value Added in Real-Time
Imagine an airport that uses computer vision to track errant luggage in real time, or a commercial kitchen able to detect refrigeration conditions and prevent spoilage. Imagine an amusement park outfitting its rides with sensors that can talk directly to operations for upgraded safety and better guest experiences. Imagine a factory or a chain of […]
How Graph Analytics is Helping Improve Personalized Healthcare
When the world’s largest healthcare company by revenue went looking for a technology solution that could improve quality of care while reducing costs, the search took ten years. What they found—an innovative way to model healthcare data—is saving the company an estimated $150M annually and enabling its medical professionals to provide accurate and effective care […]
Top 9 challenges IT leaders will face in 2023
Three years ago, IT leaders were squarely focused on how to adopt fledgling AI techniques and approaches into their business models in service of digital transformations that included plans for shifting some workloads to the cloud. But then the pandemic hit, requiring a historic pivot that set some best-laid plans aside and accelerated others. Now […]
How SAP Helped Create a Next-Generation Factory for Beauty and Sustainability
The product line is designed to be beautiful as well as sustainable in terms of its durability and benefits for the environment. It’s highly resistant to scratches, abrasions, dry heat, solvents and cleaners, food, ink, makeup, crayons, and much more so that it can stay beautiful for years to come. But what the revolutionary high-pressure […]
If governments are banning TikTok, why is it still on your corporate devices?
TikTok, the viral app resident on millions of devices, was recently banned from executive branch devices in the United States, as set out in in the recent Omnibus Bill signed by President Joe Biden. The Omnibus Bill, as detailed in CSO Online’s overview, highlighted that the “legislation required the Office of Management and Budget in […]
11 top XDR tools and how to evaluate them
Little in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat […]
Estes Express shifts gears on customer experience by streamlining data operations
Customers are increasingly demanding access to real-time data, and freight transportation provider Estes Express Lines is among the rising tide of enterprises overhauling their data operations to deliver it. To fuel self-service analytics and provide the real-time information customers and internal stakeholders need to meet customers’ shipping requirements, the Richmond, VA-based company, which operates a […]
14 UK schools suffer cyberattack, highly confidential documents leaked
More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That’s according to a report from the BBC which claimed that children’s SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice […]
Twitter's mushrooming data breach crisis could prove costly
Since Elon Musk purchased Twitter in late October, non-stop turmoil and controversy have dogged the company, from massive staff firings and resignations to reputational damage from Musk’s careless and often bizarre tweets. Now, mushrooming concern around a possible data breach stemming from a now-fixed Twitter flaw is poised to drive the company further down unless […]
How CIOs can be pillars of stability in an uncertain world
Stop me if you’ve heard this one before. Several economists, a bank president, and a couple of reporters walk into a bar. The economists lament, “A thick fog of uncertainty still surrounds us.” The bank president wails, “Economic hurricane.” The reporters keen about “gut-churning feelings of helplessness” and “a world of confusion.” Sitting in a […]
Attackers create 130K fake accounts to abuse limited-time cloud computing resources
A group of attackers is running a cryptomining operation that leverages the free or trial-based cloud computing resources and platforms offered by several service providers including GitHub, Heroku, and Togglebox. The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or […]
Sara Fenwick, Vice President Business Technology, Ren’s Pets
Women in IT – Sara Fenwick shares her journey as a tech leader in Canada to support diversity, equity and inclusion and her role as a woman in leadership. Watch the episode: Listen to the episode: CIO Leadership Live
Low code/no code tools reap IT benefits—with caveats
Low-code/no-code visual programming tools promise to radically simplify and speed up application development by allowing business users to create new applications using drag and drop interfaces, reducing the workload on hard-to-find professional developers. A September 2021 Gartner report predicted that by 2025, 70% of new applications developed by enterprises will use low-code or no-code technologies, up from […]
NATO tests AI’s ability to protect critical infrastructure against cyberattacks
Autonomous intelligence, artificial intelligence (AI) that can act without human intervention, can help identify critical infrastructure cyberattack patterns and network activity, and detect malware to enable enhanced decision-making about defensive responses. That’s according to the preliminary findings of an international experiment of AI’s ability to secure and defend systems, power grids and other critical assets […]
The BISO: bringing security to business and business to security
Throughout her career in IT security, Irina Singh has thrived on difficult projects. With a bachelor of science degree in management of information systems and a minor in international business, she now manages a team of business information security liaisons serving four foundational business units at medical device company Medtronic. “One of my slogans is that we […]
What it takes to succeed as a CIO today
The market for technology talent has been white hot over the past year. What will the next twelve to eighteen months bring? On a recent episode of the Tech Whisperers podcast, two executive recruiters in the CIO retained search space, Martha Heller, CEO of Heller Search Associates, and Art Hopkins, executive director of Russell Reynolds Associates’ […]
Why Investing in the Database Market Is More Interesting Than Ever
By Olaf de Senerpont Domis, senior editor at DataStax Premji Invest is an evergreen fund formed to support the Azim Premji Foundation, which was founded by Azim Premji, the former chairman of IT services consultancy Wipro. Premji Invest deploys a “crossover format” (investing in both private and public companies) across the technology, healthcare, consumer, and FinTech […]
Attackers use stolen banking data as phishing lure to deploy BitRAT
In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. The group, which might have been responsible for the data breach in the first place, is distributing […]
Cyberattacks against governments jumped 95% in last half of 2022, CloudSek says
The number of attacks targeting the government sector increased by 95% worldwide in the second half of 2022 compared to the same period in 2021, according to a new report by AI-based cybersecurity company CloudSek. The increase in attacks can be attributed to rapid digitization and the shift to remote work during the pandemic, which […]
Meta hit with $413 million fine in EU for breaking GDPR rules
Regulatory wrangling results in a huge new fine over Facebook and Instagram data handling, even as Meta vows to appeal and EU data protection groups prepare for a court battle.
Society 5.0: What To Do Today To Be Ready To Support Human-Centered Innovation
Society 5.0 was proposed in the “5th Science and Technology Basic Plan” as a future society to which Japan should aspire. It brings together concerns for people, planet, and profit equally in order to build a better world. In Society 5.0, we believe everyone can have an abundant and balanced life. A “new wisdom” will be developed […]
Why investing in automation could be the answer to navigating a tough economic climate
Despite its potential for relieving pressure on the workforce, automation in the workplace is often seen negatively, as a cause of job losses or a growing skills gap. Yet, done well, automation can provide critical support that frees people up to focus on more impactful work — and can lead to happier, more motivated and […]
What’s New and What’s Next in 2023 for HPC
Cloud, sustainability, scale, and exponential data growth—these major factors that set the tone for high performance computing (HPC) in 2022 will also be key in driving innovation for 2023. As more organizations rely on HPC to speed time to results, especially for their data-intensive applications, the $40B market[1] faces challenges and opportunities. Fortunately, the HPC community […]
Salesforce to cut 10% of its global workforce in restructuring plan
Almost two months after cloud-based CRM software provider Salesforce announced it would be cutting around 950 jobs, the company has announced it will lay off about 10% of its workforce, roughly 8,000 employees, and close some offices as part of a restructuring plan. Salesforce had nearly 80,000 global employees as of February 2022, up from […]
Kudzai Kanhutu, Dean Royal Australasian College of Physicians, Infectious diseases specialist with Royal Melbourne Hospital
Leading digital health expert, Kudzai Kanhutu reflects on how she and her peers helped Melbourne deal with Australia’s worst COVID experiences, forever transforming how we care for our sick and elderly. Watch the episode: CIO Leadership Live
IBM reorganizes partner program to incentivize indirect sales
IBM is reorganizing its partner program in a bid to serve clients through partners with the same level of expertise as it does directly. This is a big deal for all but its largest clients, as IBM has spent the last two years moving much of its focus to indirect sales channels. IBM now has […]
Why it might be time to consider using FIDO-based authentication devices
Every business needs a secure way to collect, manage, and authenticate passwords. Unfortunately, no method is foolproof. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Password management products are more secure, but they have vulnerabilities as shown by the recent LastPass breach that […]
Picture This: How Graph Analytics Simplifies Complex Insights
Enterprises across multiple industries and domains are increasingly turning to graph analytics, thanks to its power to uncover complex non-linear patterns and relationships in a dataset that would not be easily visible or apparent using most traditional analytics techniques. Applications of graph analytics is wide-ranging, including customer relationship management, social network analysis, and financial crimes […]
5 questions CIOs must ask after Southwest Airlines’ failure
The last thing any CIO wants is to experience catastrophic operational issues during a peak season, but that’s exactly what executives at Southwest Airlines faced last week. While weather may have been the root cause, the 16,000 flights canceled between Dec. 19-28 far exceeded any other airlines’ operational impacts. Experts point to Southwest’s point-to-point operating […]
9 ways IT leaders can impact sustainability initiatives
Companies across industries are committing to maximizing sustainability within their operations — and IT is at the heart of most of these efforts. In its Worldwide Sustainability/ESG 2023 Predictions, analyst firm IDC sees digital and sustainability transformations converging. “Decision makers are realizing that technology is essential for reaching their ESG goals,” noted Bjoern Stengel, IDC […]
PyTorch suffers supply chain attack via dependency confusion
Users who deployed the nightly builds of PyTorch between Christmas and New Year’s Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems. The incident was the result of an attack called dependency confusion that continues to impact package managers and development environments if hardening steps […]
LockBit apologizes for ransomware attack on hospital, offers decryptor
LockBit, a prominent ransomware-as-a-service (RaaS) operation, has apologized for an attack on the Toronto-based Hospital for Sick Children, also known as SickKids, and offered a free decryptor. SickKids, a major pediatric teaching hospital, announced on December 19 that it had called a Code Grey system failure, as it was responding to a cybersecurity incident that […]
New Platform Lets IT Leader Put Its Philosophy into Action
Manfred Grossmann has seen the scenario play out over and over. “I think companies that sell new products in an IT environment don’t always use them themselves,” said the vice president of corporate IT and project excellence for digital service provider Sycor Group. “Like everybody else, they focus on things that are not quite new.” […]
PureGym’s new CIO Andy Caddy plans for international expansion
Andy Caddy, formerly the group CIO at Virgin Active and group CTO at Whitebread, joins CIO UK Leadership Live to discuss his return to the CIO hotseat at low-cost gymnasium group PureGym, his development as a technology leader over a 30-year career, avoiding a race to the bottom in a low-cost fitness market, and why […]
10 IT resolutions for 2023
This past year was another pivotal one for IT, with IT leaders learning new lessons for implementing value-oriented IT initiatives and establishing thriving workplace cultures against the backdrop of economic uncertainty. CIOs anticipate addressing these and other challenges in the year ahead, but they also have big plans for 2023. These plans go beyond any […]
NHL turns to venue metrics data to drive sustainability
To reduce its carbon footprint and mitigate climate change, the National Hockey League (NHL) has turned to data and analytics to gauge the sustainability performance of the arenas where its teams play. In October, the league, with partner SAP, launched NHL Venue Metrics, a sustainability platform that teams and their venue partners can use for […]
Ransomware ecosystem becoming more diverse for 2023
The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratization of ransomware is bad news for organizations because it also brought in a diversification of tactics, techniques, and […]
5 ways CIOs will disappoint their CEOs in 2023
Surveys can be useful, but when it comes to setting IT’s priorities they’re more rearview mirror than windshield. Which is why we at CIO Survival Guide headquarters have an alternative to suggest: List the promises you’ve made to the CEO for 2023, along with a compendium of what the various business punditries the CEO reads […]
US Congress funds cybersecurity initiatives in FY2023 spending bill
On December 23, the House and Senate Appropriations Committee agreed to a $1.7 trillion omnibus spending bill that funds government operations through the fiscal year 2023. On December 29, President Biden signed it. The 4,155-page bill reflects an already agreed-upon $858 billion for defense spending and an additional $800 billion for non-defense spending, including several […]
The platform that allows Royal Opera House CTO to stream events into homes
Covid-19 had an instant impact on London’s West End, and the Royal Opera House (ROH) was no exception. In March 2020, the company took the decision to close the building in Covent Garden and approximately 163 shows were cancelled in the first year of the pandemic. So when James Whitebread joined in June 2021, he […]
10 IT certifications paying the highest premiums today
IT certifications can boost your career, but it’s not always easy to tell which certifications hold the most value for your resume. Moreover, pay associated with any given cert fluctuates based on business interest and the supply of IT pros who hold it. To help gauge certification values, Foote Partners tracks premiums paid for popular […]
Log4Shell remains a big threat and a common cause for security breaches
The Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its long-lasting impact highlights the major risks posed by flaws in transitive software dependencies and the […]
Scope 3 is coming: CIOs take note
Even though sustainability can be an amorphous organizational pursuit, it’s becoming more of an urgent priority all industries must clearly define. Whether that’s through internally motivated ESG efforts or imposed regulations, CIOs, in particular, find themselves increasingly central figures in sustainability initiatives. And scope 3 reporting—an account of carbon emissions across the supply chain to […]
What is FinOps? Your guide to cloud cost management
With the cloud becoming such an integral part of the IT strategies of so many enterprises, it’s natural that managing the expense of all these services would be an emerging priority for executives. Although the cloud is touted by providers as a way to potentially save money because of greater efficiencies and shared expenses, an […]
The top 12 tech stories of 2022
The year highlighted how vulnerable the technology sector is to the vagaries of geopolitics and the macroeconomy, as IT giants laid off workers, regulators cracked down on tech rule-breakers, nations negotiated data security regulations, the US-China chip war widened, and the Ukraine war disrupted business as usual.
Inside Vodafone’s insourced model to increase efficiency and growth
Differentiating your brand in the telecommunications market is hard—just ask Vodafone’s CDIOScott Petty. Despite the British multinational telco’s continued investments in fibre and 5G, and growing consumption of broadband and cellular services, intense price competition, rising energy prices, market regulation and economic headwinds have made for an industry where single-digit revenue growth is difficult to […]
Cyber hygiene: because prevention is always easier than treatment
Cyber hygiene offers a preventative approach to future attacks in order to avoid costly remediation and recovery incidents – much like dental hygiene recommends flossing and brushing to avoid later cavities and painful procedures. Asking a good CISO which applications and devices should be inventoried and secured is like asking a dentist which teeth you […]
How Marvel’s Avengers inspire Pinsent Masons CISO to adapt cybersecurity hiring
Cybersecurity’s ongoing battle with a “skills shortage” has seen the sector lose its way regarding talent hiring and retention, says Christian Toon, CISO at London-based law firm Pinsent Masons. In an industry crying out for diversity and innovation, this year’s number one UK CSO 30 Awards winner says he takes inspiration from the Marvel Comics […]
What is DataOps? Collaborative, cross-functional analytics
What is DataOps? DataOps (data operations) is an agile, process-oriented methodology for developing and delivering analytics. It brings together DevOps teams with data engineers and data scientists to provide the tools, processes, and organizational structures to support the data-focused enterprise. Research firm Gartner further describes the methodology as one focused on “improving the communication, integration, […]
4 nonprofits fostering diversity and career advancement in IT
Despite a recent push to address diversity issues in IT, the industry as a whole has a long way to go. From hiring practices to advancement opportunities, most IT organizations are falling short, despite their best intentions, when it comes to fostering diverse workplaces where individuals of all backgrounds can thrive. As a response to […]
Due diligence is ever more critical as the battle for cloud sovereignty intensifies
In the last few weeks, the IT industry has seen some very interesting activity from global hyperscale cloud providers surrounding their cloud sovereignty ambitions, and their scrutiny by the regulators covering some basics compliance requirements, like the European Union’s (EU) General Data Protection Regulation (GDPR) Firstly, AWS made a public pledge called the “AWS Digital Sovereignty Pledge”, […]
Driving ESG readiness: Avery Dennison CIO Nick Colisto shares smart first steps
This article was co-authored by Katherine Kennedy, an Associate at Metis Strategy. For years, ESG has been little more than a sub-bullet or appendix slide in most CIOs’ strategy decks. But changing consumer sensibilities and heightened investor scrutiny have swept ESG, and technology’s role in it, to the top of the agenda. Corporate strategies hinge […]
BrandPost: The Next Big Attack Vector: Your Supply Chain
There’s an old security adage: a chain is only as strong as its weakest link. The sentiment long predates Information and Communications Technology (ICT), but it’s never been more relevant. With modern ICT connecting millions of systems worldwide, there are exponentially more “links” to worry about. That’s especially true when we shift our focus from […]
TruStone Financial Credit Union’s Gary Jeter on friction-free digital experiences
Gary Jeter, Executive Vice President, Chief Technology Officer at TruStone Financial Credit Union, joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss mission-based credit unions, expanding fintech relationships, agile product management and more. Watch the episode: Listen to the episode: CIO Leadership Live
6 BI challenges IT teams must address
Every day, organizations of every description are deluged with data from a variety of sources, and attempting to make sense of it all can be overwhelming. So a strong business intelligence (BI) strategy can help organize the flow and ensure business users have access to actionable business insights. “By 2025, it’s estimated we’ll have 463 […]
Social media use can put companies at risk: Here are some ways to mitigate the danger
We live in a social world, but should our businesses? For many, the answer to that is increasingly no—that’s why laws and regulations have recently been put in place restricting access to some social media in certain situations because of the hidden risks of these seemingly innocuous platforms. The United States federal government and some […]
The CIO Guide for 2023: Top Tips for Navigating Uncertainty in the New Year
By Saket Srivastava, Chief Information Officer at Asana There has never been a better time to be a CIO. The pandemic has evolved how we regard the IT organization within businesses, in no small part due to the extensive role it played in keeping teams connected and able to perform during a more disconnected time […]
Why You Need to Consider Disaster Recovery-as-a-Service
In today’s connected, always-on world, unplanned downtime caused by a disaster can exact substantial tolls on your business from a cost, productivity, and customer experience perspective. Investing in a robust disaster recovery program upfront can save considerable costs down the road. Unfortunately, many businesses learn this lesson the hard way. According to FEMA, nearly a […]
The Top Cloud Security Threat Comes from Within
One of the biggest cloud security threats your company faces isn’t malicious. In fact, it originates from inside your IT organization. Accidental misconfigurations pose one of the leading security vulnerabilities IT organizations contend with in the cloud. According to a recent study, 79% of companies had experienced a cloud data breach in the past 18 […]
Overcome These 7 Challenges to Optimize Your Hybrid Multicloud Journey
In a 2021 survey, 95% of respondents agreed that a hybrid cloud is critical for success, and 86% plan to invest more in hybrid multicloud. Hybrid multicloud has emerged as the new design center for organizations of all sizes. Rather than purchasing costly infrastructure upfront to accommodate future growth, the hybrid multicloud helps you scale […]
Why Your Healthcare Organization Should Consider HPE GreenLake for EHR
The Electronic Health Record (EHR) is only becoming more critical in delivering patient care services and improving outcomes. As a leading provider of the EHR, Epic Systems (Epic) supports a growing number of hospital systems and integrated health networks striving for innovative delivery of mission-critical systems. However, legacy methods of running Epic on-premises present a […]
BrandPost: Managing Risk Would be Easier if It Weren’t for People
Businesses are as much at risk from human error as from threat actors. Typos, configuration errors, and other human errors can lead to disaster on the same scale as any modern cyberthreat. Great technology defenses can only get you so far with managing risk. It is generally agreed upon that Zero Trust principles are a […]
How to enable event collection in Windows Server
Event logs register information about software and hardware events that occur in a system, and they are a key weapon in the arsenal of computer security teams. Windows Server has offered Windows Event Forwarding (WEF) for aggregating system event logs from disparate systems to a central event log server for several versions now. High end […]
From Cloud to Customer
Why Cloud Platforms Matter to Marketing Leaders According to IDC, 89% of marketing campaign management applications in Europe are now cloud based rather than on premises. This is expected to rise to an almost ubiquitous level of 96% by 2026. Marketing is becoming digitally transformed through the adoption of new cloud-based marketing applications. Until recently, […]
Talon Outdoor’s Josko Grljevic on trading CTO for COO, plus adtech innovation
From training as a marine biologist to becoming Chief Transformation Officer and now Chief Operating Officer, Talon Outdoor’s Josko Grljevic sits down with CIO UK editor Doug Drinkwater to discuss technology executives becoming business leaders, digitising out-of-home media, building better data and analytics teams…and long-lost dreams of becoming a fisherman. Watch the episode: Listen to […]
Owens Corning’s Zerby and Baymiller on customer-centric innovation
After more than three decades in corporate IT, including the last 10 years as senior vice president and CIO of Owens Corning, Steve Zerby will be retiring in March, handing over the reins to his longtime colleague and the company’s current vice president of IT, Annie Baymiller. Under Zerby’s tenure, the $8.5 billion global building […]
Top cloud strategy mistakes CIOs can’t help making
Cloud adoption continues its meteoric rise, with IT leaders increasingly going all-in on the platform. But succeeding in the cloud can be complex, and CIOs have continued to fumble their cloud strategies in 2022 in a variety of ways, industry observers say. Topping the list of typical cloud strategy are three mistakes that fall under […]
A Combined Broadcom & VMware: Clouds and Sovereignty
By Hock Tan, Broadcom President & CEO The trend towards sovereign clouds has been one of the central topics that customers, particularly in Europe, have raised since we announced the Broadcom-VMware transaction. They want to know what role a combined Broadcom-VMware would play as governments increasingly recognize the power of data – economically, politically, and […]
Understanding the new era of digital workplace platforms
The all-encompassing digital workplace platform Work as we know it has changed in the past few years coming out of the COVID-19 pandemic. Communications and collaboration technology were critical to that shift. As a result, we have witnessed the evolution of communications and collaboration suites to UCaaS platforms that are now evolving into fuller all-encompassing […]
Digital Transformation and the Evolving Role of CIOs
By Chet Kapoor, Chairman & CEO of DataStax Enterprises have been talking about digital transformation for quite a while. It’s about rethinking how we use technology to drive new or improved strategy, people, and operations to meet changing business and customer needs. But what does digital transformation mean for the CIO? How has their role […]
7 ways CIOs can build a high-performance team
Having a clear vantage point within the organization, CIOs play a vital role bringing together engaged and motivated employees to work toward a common outcome, increase productivity, and achieve better business outcomes. Many CIOs know that a high-performance team is usually greater than the sum of its parts, comprised of talent with highly complementary skills, a broader set of […]
IT leaders’ top 12 takeaways from 2022
The past year offered new challenges and opportunities to executives across all industries. That had CIOs moving as fast as ever to keep up with market trends, changing economic forecasts, talent needs, and business requirements. So as 2022 closes out, we asked IT leaders to share their thoughts about what the prior 12 months have […]
Nutanix acquisition rumors highlight need for managing vendor risk
Technology mergers and acquisitions are on the rise, and any one of them could throw a wrench into your IT operations. After all, many of the software vendors you rely on for point solutions likely offer cross-platform or multiplatform products, linking into your chosen ERP and its main competitors, for example, or to your preferred […]
Piramal CTO Saurabh Mittal on financial services innovation
To create innovative products that meet the various finance requirements of the market, Piramal Capital & Housing Finance opened the Piramal Innovation Lab in Bengaluru on Dec. 15, 2022. The 36,000-square-foot innovation hub will be led by the company’s CTO, Saurabh Mittal, and Markandey Upadhyay, head of business intelligence unit for Piramal. CIO.com caught up […]
Flexing your flexible work muscle: What’s the CIO play in Singapore?
With the shift to hybrid work here to stay, CIOs are building out new strategies designed to convert employee flexibility into organisational efficiency in Singapore. Such strategies remain anchored around overcoming key business challenges linked to modernised technology infrastructure and data security, viewed as mission-critical in creating enhanced hybrid work frameworks. In response, CIOs are […]
BrandPost: One-Policy Framework, Zero Trust, and Ops teams
In today’s digital era, customers expect information, resources, and services to be readily available from anywhere in the world. To deliver on customers’ expectations and leverage the best of on-premises and public cloud offerings, many enterprises use a mix of on-premises and cloud-based architectures. The freedom to choose from many architectures and deployment strategies results […]
Sovereign Cloud: A Rising Customer Priority
With massive global and geopolitical changes and significant increases in data privacy laws and regulations, the focus on data sovereignty and protecting consumer value has never been higher. Safeguarding highly sensitive, proprietary data and workloads have become a top priority to ensure their usage as a national asset and protection from foreign access. Because VMware has […]
Top 20 enterprise architecture tools
In the beginning, no one needed enterprise architecture tools. A back of an envelope would do in the early years. Thomas Watson Jr., one of the leaders of International Business Machines, supposedly said in 1940s, “I think there is a world market for about five computers.” The modern enterprise, however, is much different. Some employees […]
Oracle’s Chicago cloud region targets manufacturing, financial services
As part of its ongoing strategy to expand its roster of public cloud regions and catch up with larger cloud service providers such as AWS, Microsoft and Google, Oracle has launched a new cloud region in Chicago to cater to enterprises operating out of the US Midwest. The Chicago region, which will be Oracle’s fourth […]
What’s Next for Conversational AI?
Next generation chatbots are now writing poetry and giving math lessons, but these smart applications have a bigger job to do. Advanced chatbots simulate human interaction via complex artificial intelligence (AI) processes, or conversational AI. As business-ready systems, conversational AI is joining mainstream tech to deliver strategic benefits to customers and employees. For companies looking […]
Foote Partners: bonus disparities reveal tech skills most in demand in Q3
Cash pay premiums for some IT certifications rose as much as 57% in Q3 in the US, highlighting for employees the importance of keeping up to date on training, and for CIOs the cost of running the latest (or oldest) technologies. On average, though, bonuses for non-certified skills were bigger and faster-growing than those for […]
Lenovo Research Shows The Next Stage Of Transformation Is Human Centricity
The demand for ongoing transformation and innovation is going to continue to drive IT budgets into 2023. As a solution to the challenges of inflation, recession, geopolitical instability, and the broader economy, IT is seen as the way forward. Research shows that more than half – 52 per cent – of organisations are expecting to […]
MTTR “not a viable metric” for complex software system reliability and security
Mean time to resolve (MTTR) isn’t a viable metric for measuring the reliability or security of complex software systems and should be replaced by other, more trustworthy options. That’s according to a new report from Verica which argued that the use of MTTR to gauge software network failures and outages is not appropriate, partly due […]
BrandPost: How to Choose Security Technology That Works
The role of a security practitioner is difficult. From operational workflow changes to accommodating the latest application requirement impacting policies, it’s a relentless wave of actions to ensure that users, environments, and data are protected as effectively as possible. After all, that’s management of the attack surface. This role becomes even more daunting when selecting […]
IT leaders face reality check on hybrid productivity
CIO Ted Ross believes the honeymoon is over for breakneck productivity when it comes to hybrid work, and he’s not the only one. Tech employees at the City of Los Angeles IT agency who were forced to work remotely in the early pandemic days were very efficient, Ross says. “Fully into the pandemic we had […]
F5 expands security portfolio with App Infrastructure Protection
F5 on Thursday announced the launch of F5 Distributed Cloud Services App Infrastructure Protection (AIP), expanding its SaaS-based security portfolio. The new release is a cloud workload protection solution that will provide application observability and protection to cloud-native infrastructures. AIP is built using technology acquired with Threat Stack and will be a part of the […]
Dozens of cybersecurity efforts included in this year’s US NDAA
Last week, members of the US House of Representatives and Senate reconciled their versions of the annual must-pass National Defense Authorization Act (NDAA). Each year the NDAA contains a wealth of primarily military cybersecurity provisions, delivering hundreds of millions, if not billions, in new cybersecurity funding to the federal government. This year’s bill is no […]
Microsoft’s EU data boundary plan to take effect Jan. 1
The plan, which covers Microsoft products and services such as Azure, Power BI, Dynamics 365 and Office 365, will allow customers to store and process their customer data within the EU.
Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it
Last year, two high severity, easily exploitable Microsoft Exchange vulnerabilities dubbed ProxyLogon and ProxyShell made waves in the infosec sphere. Nearly a year later, Exchange Server admins are met with another threat: ProxyNotShell, which in fact is a vulnerability chain comprising two actively exploited flaws: CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability that an […]
Sustainable Petrochemical Company Expands Risk-Based Inspection Philosophy
PET is a major industrial polymer used to manufacture the polyester fibers used in clothing, plastic bottles, and much more. As such, it is the most widely recycled plastic in the world. As a global chemical company and producer of PET, Indorama Ventures Limited (IVL) has made sustainability a priority for over a decade, from […]
How the digital HQ can deliver efficiency and productivity—even in challenging times
Chris Mills, Head of Customer Success, EMEA at Slack The roles of the CTO and CIO have grown enormously in recent years, proving fundamental in facilitating the rapid shift from traditional working to hybrid working during the pandemic. But this was no short term shift—the value of the CTO and CIO continues to rise. The […]
SAP user groups see pick-up in migration to S/4HANA
Enterprise adoption of SAP S/4HANA continues to climb despite the obstacles in its way, according to new research by user groups in the US and Europe. Adopters are being drawn by advanced capabilities in the new software, and driven by concerns about maintenance of older systems. In the UK and Ireland, 89% of SAP customers […]
Maryfran Johnson, Host of the CIO Leadership Live video podcast, CEO Maryfran Johnson Media
It’s a wrap. Lee interviews Maryfran Johnson about 2022 trending themes in technology as discussed with CIOs on CIO Leadership Live. Watch this episode: Listen to this episode: CIO Leadership Live
Cuba ransomware group used Microsoft developer accounts to sign malicious drivers
Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy. “In most ransomware incidents, attackers kill the target’s security […]
Canadian innovation leaders celebrated through 2022 TECHNATION’s Ingenious Awards program
Canada’s success on the global stage depends on the accelerated adoption oftechnology across all sectors. As a nation, Canada has a history of award-winning thought leaders, innovators and founders of some of the most globally disruptive technologies. TECHNATION’s Ingenious Awards program sets out to find both public and private organizations that have delivered real impact. […]
Lacework adds new capabilities to its CSPM solution
Lacework on Wednesday released new cloud security posture management (CSPM) capabilities, designed to help organizations create custom policies for AWS, Google Cloud, and Azure to secure their cloud infrastructure. The new CSPM solution offers three key enhancements. First, it allows organizations to customize policies and ensure configurations align with an organization’s specific needs. Second, it […]
Wiz debuts PEACH tenant isolation framework for cloud applications
Cloud security vendor Wiz has announced PEACH, a tenant isolation framework for cloud applications designed to evaluate security posture and outline areas of improvement. The firm stated that the framework has been developed on the back of its cloud vulnerability research to tackle security challenges impacting tenant isolation. Security boundaries, incohesion, transparency impacting tenant isolation […]
New Royal ransomware group evades detection with partial encryption
A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. “The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of […]
How acceptable is your acceptable use policy?
In a world before smartphones, social media, and hybrid workplaces, an acceptable use policy was a lot easier to write—and to enforce. These days, it’s a lot more complicated. Work can take place almost anywhere, on any number of devices. An employee can accept a job and then never physically set foot in the office, […]
How tech leaders can better navigate organizational politics
When you think about people entangled in organizational politics, terms that come to mind include manipulation, self-serving, turf battles, power plays, and hidden agendas. Not terribly uplifting. But Neal Sample, former CIO of Northwestern Mutual, sees it a different way. “I think of a different set of words like influence, diplomacy and collaboration,” he says. […]
Why CIOs Need to Understand Apache Cassandra
By Jeff Carpenter You might have heard of Apache Cassandra, the open-source NoSQL database. And you might know that some big, very successful companies rely on it, including LinkedIn, Netflix, The Home Depot, and Apple. But did you know that Cassandra is used by a huge range of companies — including small, cloud-native application builders, […]
You may already be sustainability-minded!
Corporate sustainability initiatives increasingly are finding their way into the data center. But many CIOs who invest in and deploy leading-edge carbon-cutting technology aren’t even aware they’re taking climate action. They’re just trying to improve the bottom line. That puts CIOs in an enviable position. In most corners of the enterprise, ESG decision-making necessitates squaring […]
The Secret to Mitigating Bias in Your Chatbots and Conversational IVR Systems
Conversational AI is changing the way we do business. In 2018, IBM boldly declared that chatbots could now handle 80% of routine customer inquiries. That report even forecasted that bots would have a 90% success rate in their interactions by 2022.[1] As we survey the landscape of businesses using conversational AI, it appears to be […]
BrandPost: Securing Operational Technology Environments for Critical Infrastructure
Juniper Networks is applying its industry leading AI-driven capabilities and cloud-native architectures to Critical Infrastructure (CI) networks. We’re directly addressing the communications and cybersecurity challenges exposed by the convergence of IT and OT networks alongside the ever-increasing drumbeat of cyber threats from sophisticated, state-sponsored malicious actors. By enabling network architects, builders, and operators to fully […]
Palo Alto Networks flags top cyberthreats, offers new zero-day protections
Firewall and security software vendor Palo Alto Network’s annual Ignite conference kicked off Tuesday, highlighted by several product announcements, which were unveiled alongside the company’s latest threat report. Palo Alto’s “What’s Next in Cyber” report named ransomware and business email compromise as the most common attacks faced by businesses worldwide, with supply chain threats, malicious […]
European Commission takes step toward approving EU-US data privacy pact
The EU-US Data Privacy Framework—drafted to allow the flow of data between the US and the European Union—has cleared the first hurdle on its way to approval in the EU, but criticism of the pact makes it far from a done deal.
CIO Leadership Live with Tend Health’s Josh Robb
Josh Robb, Chief Product and Technology Officer at Tend Health, on what he’s learned founding and scaling start-ups, the importance of candid feedback and enabling a just culture, and why the best leaders are always great storytellers. Watch the episode: CIO Leadership Live
Lohia Group turns to IT to modernize its supply chain
Efficient supply chain operations are increasingly vital to business success, and for many enterprise, IT is the answer. With over 2,000 suppliers and 35,000 components, Kanpur-based Lohia Group was facing challenges in managing its vendors and streamlining its supply chain. The capital goods company, which has been in textiles and flexible packaging for more than […]
Hybrid working: network managers need to take care of unfinished business
For many enterprises, the pandemic involved rapidly deployed ways of enabling remote working. Today, the need for long-term solutions means that hybrid working is one of the top three trends driving network modernization – as reflected in the 2022-23 Global Network Report published by NTT. According to the survey data for this report, 93% of […]
Data Analytics: Strategies to Demonstrate Value and Achieve Transformation
Recently, chief information officers, chief data officers, and other leaders got together to discuss how data analytics programs can help organizations achieve transformation, as well as how to measure that value contribution. We shared our insights at this CIO Online virtual roundtable event, which included leaders from organizations in healthcare, financial services, utilities, communications, and more. The […]
ARM’s Sarah Cunningham chips away at D&I
Sarah Cunningham, senior VP of enterprise IT at chipmaker ARM, joins CIO UK Leadership Live with editor Doug Drinkwater, as they discuss dyslexia, falling into IT, empathic leadership, driving D&I action, transgender healthcare and her dream job when growing up. Watch the episode: Listen to the episode: CIO Leadership Live
PCI Secure Software Standard version 1.2 sets out new payment security requirements
The Payment Card Industry Security Standards Council (PCI SSC) has published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. One of two standards that make up the PCI Software Security Framework (SSF), the PCI Secure Software Standard sets out requirements to help ensure that payment software is designed, developed, and […]
Cloud to edge: NTT multicloud platform fuels digital transformation
Is the move to cloud a modern gold rush? This seems to be the case for many organizations as they embark on a cloud strategy to support their business goals. But there are pitfalls along the way: the cloud is, after all, simply an enabling technology and not a solution in itself. Organizations are increasingly […]
Are robots too insecure for lethal use by law enforcement?
In late November, the San Francisco Board of Supervisors voted 8-3 to give the police the option to launch potentially lethal, remote-controlled robots in emergencies, creating an international outcry over law enforcement use of “killer robots.” The San Francisco Police Department (SFPD), which was behind the proposal, said they would deploy robots equipped with explosive […]
Oracle to invest $2.4 billion quarterly in cloud infra as demand grows in triple digits
Oracle on Monday said it will continue to invest $2.4 billion per quarter in its cloud business, which accelerated 48% in the second quarter, helping the company revenue grow 25% year-on-year, without accounting for currency fluctuations. Cloud services as a category, according to CEO Safra Catz, has been growing faster than license support. The company […]
CIO Leadership Live with Martin Bernier, CIO of University of Ottawa
Martin Bernier, CIO, University of Ottawa discussed continuous learning, building diverse and equitable teams, and allyship to support diversity in technology. Watch this episode: Listen to this episode: CIO, CIO Leadership Live
DaVita’s technology strategy driven by the ‘power of purpose’
Kidney diseases are a leading cause of death in the US, claiming more than a quarter million lives each year. Roughly 37 million people in the US are inflicted with chronic kidney disease (CKD) although most are undiagnosed. Left untreated, CKD may advance and can lead to more serious medical issues such as high blood […]
Customer experience: 10 tips for a successful CX strategy
Once relegated to the back office, CIOs are now key customer-facing leaders charged with delivering great customer experiences. According to our State of the CIO 2022 survey, 57% of responding IT leaders say improving customer experience (CX) is a top goal, while 81% are implementing new technologies to support customer interactions. Research also indicates that […]
Broadcom Software: Taming IT Complexity through Effective Strategies and Partnerships
By Andy Nallappan, Chief Technology Officer and Head of Software Business Operations, Broadcom Software The information technology that enables scientific and commercial breakthroughs, from precision medicine to digital transformation, demonstrates tech’s boundless potential to improve our world. Yet, tech practitioners have long traded progress for increased complexity. IT complexity, seen in spiraling IT infrastructure costs, […]
Grow your own CIO: Building leadership and succession plans
Steve Zerby prides himself on the fact that he not only mentors midlevel IT managers but spends time with all 211 people in the Owens Corning IT organization. Steve Zerby, CIO, Owens Corning Owens Corning “I could probably tell you the name of their significant other,’’ says Zerby, who will retire as CIO of the […]
Microsoft signs $2.8B cloud deal with London Stock Exchange Group
Microsoft has signed a 10-year deal with the London Stock Exchange Group (LSEG) that calls for the software giant to buy a 4% stake in the exchange in order to jointly develop new products and services for data and analytics. Microsoft will buy the stake from a Blackstone and Thomson Reuters consortium, which previously sold […]
SAP Innovation Awards: Celebrating 10 Years of Innovation
It’s human nature — as well as the nature of this magnificent planet — that change is constant. But sometimes, change can be perceived as bad. We see and feel this in the form of climate change, supply chain issues, and sustainability challenges, just to name a few. But are these problems insurmountable? No. Rather, […]
14 lessons CISOs learned in 2022
We’re about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach. These events and many more have changed the business landscape and forced CISOs […]
Maersk embraces edge computing to revolutionize supply chain
Supply chain disruptions have impacted businesses across all industries this year. To help ease the transport portion of that equation, Danish shipping giant Maersk is undertaking a transformation that provides a prime example of the power of computing at the edge. Gavin Laybourne, global CIO of Maersk’s APM Terminals business, is embracing cutting-edge technologies to […]
IT monitoring is mission critical. It’s time to evolve the helpdesk
Digital transformation and the shift to hybrid working are unlocking new revenue opportunities for businesses, driving operational efficiencies, and improving employee experiences. But for IT teams, the two trends are also bringing a range of challenges. First, IT teams must manage ever more decentralised networks that extend to anywhere an employee can connect to corporate […]
CIO Leadership Live with Germin Abouel Atta, CIO, The British University in Egypt
Watch the episode: Listen to the episode: CIO Leadership Live
French Multinational Learns Introspection Leads to Innovation
In business as well as technology, nothing stands in place. Complacency based on past accomplishments never brings you forward, even if you’ve been defining yourself as the paragon of digital transformation. So when Atos reevaluated itself a few years ago, it was forced to take a deep look inward and come to terms with the […]
The AI Sustainability Paradox – And How to Solve It
Sustainability now challenges executives on several immediate fronts—as concerns from investors, consumers, and employees, and as a regulatory issue. Sustainable practices have also become integral to both efficiency gains and long-term business value. But achieving sustainability requires more than a shift in mindset. It also takes a lot of work. Perhaps that’s why, as part […]
AT&T embraces intelligent automation at scale
For CIOs riding today’s rising wave of robotic process automation (RPA), leading-edge adopters whose mature implementations have paid off can provide invaluable lessons about how to make the best of the technology and where its use can lead. Telecom titan AT&T is one such enterprise, having began RPA trials in 2015 to reduce repetitive tasks […]
Uptycs launches agentless cloud workload scanning
CNAPP (cloud native application protection platform) and XDR (extended detection and response ) provider Uptycs announced Friday that it has added agentless scanning to its existing cloud workload protection platform, which it said will open up a range of new use cases and attract new potential customers. The company said that its agentless workload scanning […]
IT’s ‘war for talent’ is a losing battle
It has been almost 25 years since McKinsey & Co. introduced the term “talent war” to the world. For almost a quarter of a century CIOs have been locked in a Sisyphean battle to attract and retain the IT talent necessary to create competitive advantage. Every year, “talent” is one of the top challenges facing […]
UK movers and shakers: New CIO and IT executive appointments
The world of the UK CIO is a dynamic one. It’s not unusual to find tech leaders seeking new challenging roles where they can bring their experience and digital transformation vision to fruition, especially in the current climate on the brink of a new year. Here, we bring you all the relevant announcements from the […]
Bringing the power: Generac CIO Tim Dickson says IT leaders need to start innovating today
This article was co-authored by Duke Dyksterhouse, an Associate at Metis Strategy. A lobby television isn’t all that uncommon or remarkable for a $4.5-billion-dollar company, but what’s on the 85-inch screen in the lobby of Generac’s headquarters certainly is. Rather than the predictable advertisements or staged photos featuring happy employees, it’s a demo of the […]
JSON-based SQL injection attacks trigger need to update web application firewalls
Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for JSON inside SQL statements, allowing potential attackers to easily hide their malicious payloads. The bypass technique, discovered by researchers from Claroty’s Team82, was confirmed […]
Ransomware Warranties: Gimmick or Guarantee?
Warranties inspire confidence. If something goes wrong with a purchase, you’ll be made whole. That’s the idea anyway. Now consider ransomware. It’s not a “something.” It’s a “when thing.” So ransomware warranties hold understandable appeal. Here’s why: By 2031, ransomware is expected to attack a business, customer, or device every two seconds, costing victims around […]
Verticalization, managed services and sustainability to drive cloud trends in 2023
No matter how reliable their sources, IT analysts’ technology adoption forecasts are fundamentally interpretive – opinions based on received data. This is particularly true when predicting deployment trends in tomorrow’s cloud market. Predictive viewpoints from cloud service providers, meanwhile, are informed by direct interactions with client IT teams experienced in projecting their organizations’ technology needs. […]
How security fears are driving network modernization
The negative impact of legacy networks can be substantial: increased operational costs, restricted potential for digital transformation and difficulty responding to the demands of the business. NTT’s research finds that two in three organizations confirm their technical debt has accumulated, with 71% saying that low network maturity levels are negatively impacting their operational delivery and […]
How Edge as a Service is shaping the future of fan engagement
The Tour de France is many things. It’s the world’s largest cycling event, attracting 150 million TV viewers in Europe alone and 10 million fans across social media platforms. It’s also a huge logistical challenge, requiring a complex network of road closures as well as ensuring millions of spectators enjoy the race safely. Amaury Sport […]
How adopting sustainability as a service can drive business success and help the planet
Sustainability is a major priority in business boardrooms already, and pressures from regulators, shareholders, board members and employees are likely to further drive this trend. Businesses need to do more than just track carbon output. They must reduce waste and increase efficiency. Going green makes good business sense. While organizations know they need to mitigate […]
CIO Leadership Live with Brian Ferris, Loyalty NZ Chief Data, Analytics and Technology Officer
Loyalty NZ Chief Data, Analytics and Technology Officer Brian Ferris on the importance of listening to understand what the business challenges are and collaborating with the leadership team to tackle them, what he learned working overseas at global companies, and why building diversity and belonging is a central focus for the organisation. Watch the episode: […]
Innovation chief Claus T. Jensen on executing a vision
Claus T. Jensen, PhD, is known for boldly initiating and leading complex, multi-year transformation initiatives. The author of six books, including his latest, Digital Transformation for Dummies, Jensen’s career journey spans 20 years of transformational leadership in CTO, CIO, and CDO roles at organizations like Danske Bank, IBM, and Memorial Sloan Kettering Cancer Center. In […]
Microsoft's rough 2022 security year in review
We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here’s a month-by-month look at the past year. January: […]
Modern cloud-based networks: the key to high-level commercial performance?
Here’s a proposition to consider: among the ranks of large enterprises, commercial success increasingly relies on digital transformation. In turn, digital transformation relies on modernized enterprise networks that deliver flexibility, performance and availability from the edge to the cloud. Intuitively, this hypothesis makes a lot of sense. In many enterprises, it’s also increasingly becoming the […]
Top Down, Bottom Up or a Bit of Both? Process and Deployment Considerations for AIOps
AIOps – a must-have rather than a nice to have Where IT is concerned, there’s no longer a valid business case for the old argument of “doing more with less.” The stakes are too high given the tightly connected global economy, the 24/7 speed of business, digital security threats, and their corresponding data protection regulations. […]
Why, and when, CIOs deserve a seat at the M&A negotiating table
When one company acquires another, it’s typically to enter a new market, gain market share, or obtain a new technology. In all three cases, IT systems and the data they hold are crucial to the realization of those goals. “The biggest mistake most companies make when they’re looking at deals is they tend to minimize […]
Why CIOs must think of themselves as products—and hostage negotiators
Prior to joining research firm Gartner in 2008, Irving Tyler was a CIO at IMS Health, and VP and CIO at Quaker Chemical Corporation. In the late 1990s, he was challenged to address the ‘year 2000’ problem, or Y2K scare, as computer systems were readied for the new millennium, and he saw his skillsets develop […]
IBM to acquire Octo to boost its US government business
IBM has announced it is acquiring US-based digital transformation services provider Octo for an undisclosed amount from private equity firm Arlington Capital Partners. Octo exclusively serves the US federal government, including its defense, health, and civilian agencies, boosting IBM’s ability to expand its presence in this highly lucrative segment. The deal, which is expected […]
BrandPost: CSO30 ASEAN 2022: The top 30 cybersecurity leaders in Southeast Asia and Hong Kong
The second CSO30 ASEAN Awards programme recognises the top 30 senior cybersecurity executives driving business value, demonstrating leadership, and influencing rapid change across Southeast Asia and Hong Kong. The CSO30 ASEAN Awards programme is aligned to Foundry’s global awards and celebrates the leading individuals and organisations delivering cybersecurity projects and initiatives that demonstrate outstanding business […]
Apple finally adds encryption to iCloud backups
Apple has rolled out a number of security features that will now offer end-to-end encryption to protect data, including backups, contacts, notes, photos, and wallet passes. The company also announced hardware Security Keys for Apple ID.
US Congress rolls back proposal to restrict use of Chinese chips
After business groups argued that proposed legislation to curb use of Chinese-made semiconductors would hurt national security, lawmakers amended it—but a final vote and the president’s approval of the proposed National Defense Authorization Act (NDAA) is still to come.
Cardinal Health CIO Michelle Greene on simplifying transformation
Recently, I had the pleasure of speaking with Michelle Greene, who was promoted from SVP of EIT of Cardinal Health’s pharmaceutical segment to CIO last August. As technology chief, Greene is now charged with leading IT teams to help the Dublin, Ohio-based distributor and manufacturer of medical and laboratory products innovate new ways to evolve […]
IT leaders weigh the case for innovation in industry clouds
As companies migrate to the cloud, many providers are serving up industry clouds—cloud services that offer data models and workflows that meet the basic needs of companies in particular industries like banking, healthcare, and manufacturing. By taking care of table stakes requirements, these specialized clouds are saving companies time and money. And perhaps more importantly, […]
IT leaders adjust budget priorities as economic outlook shifts
Budget planning during uncertain economic times is never CIOs’ favorite activity. But the next eighteen months aren’t shaping up to be as challenging as some may fear. For the most part, budgets are holding steady or growing in the single digits, with continued investments in security, analytics, and the cloud, among other areas. Gartner predicts […]
Sourced Group an Amdocs Company, empowers the growth of BaaS for Standard Chartered nexus
Banking as a Service (BaaS) is revolutionising the finance sector. BaaS enables non-financial companies to provide customers with financial products and services such as personal loans, credit cards and digital savings accounts. It leverages the expertise and experience of trusted banks, such as Standard Chartered, so they can offer a wider range of services to […]
Establishing Trust and Control in the Age of Data Privacy Regulation
One of the most important components of data privacy and security is being compliant with the regulations that call for the protection of information. Regulators want to see transparency and controllability within organizations, because that is what makes them trustworthy from a data privacy and security standpoint. Ideally, organizations will deploy systems that provide compelling evidence […]
Managing an Increasingly Risk-Averse Regulatory Environment
Risk management and mitigation is a high priority for CEOs and other senior executives worldwide — including CIOs and cybersecurity executives. The fact is, it’s impossible to separate risk from technology implementations and the potential cybersecurity vulnerabilities they present. One of the biggest challenges of risk management, as it relates to IT, is the emergence of a […]
Managing M&A Risk: How Endpoint Visibility Could Deliver Critical Advantage
Merger and acquisition (M&A) activity hit a record high in 2021 of more than $5 trillion in global volume. While the market has certainly slowed this year, it remains on par with pre-pandemic levels — quite a feat at a time of business uncertainty and inflation. But when it comes to corporate deal-making, risk lurks around every corner. The […]
Combining Cybersecurity and Reliability Risk Management for Better Collaboration across IT
Cybersecurity threats and their resulting breaches are top of mind for CIOs today. Managing such risks, however, is just one aspect of the entire IT risk management landscape that CIOs must address. Equally important is reliability risk – the risks inherent in IT’s essential fragility. Issues might occur at anytime, anywhere across the complex hybrid […]
How Can Boards and CIOs Help Reduce Risk? By Asking the Right Questions
Cybersecurity breaches can result in millions of dollars in losses for global enterprises and they can even represent an existential threat for smaller companies. For boards of directors not to get seriously involved in protecting the information assets of their organizations is not just risky — it’s negligent. Boards need to be on top of […]
Add brand security to your workload
Last month in this column, I wrote about how businesses need to “lock up the front door” to their systems to prevent phishing attacks and take a multi-tiered approach to rethinking the identity of their employees, partners, and customers. And while we have been banging this drum for quite some time, a new villain has […]
Cardinal Health CIO Michelle Greene on simplifying transformation
Recently, I had the pleasure of speaking with Michelle Greene, who was promoted from SVP of EIT of Cardinal Health’s pharmaceutical segment to CIO last August. As technology chief, Greene is now charged with leading IT teams to help the Dublin, Ohio-based distributor and manufacturer of medical and laboratory products innovate new ways to evolve […]
IT leaders weigh the case for innovation in industry clouds
As companies migrate to the cloud, many providers are serving up industry clouds—cloud services that offer data models and workflows that meet the basic needs of companies in particular industries like banking, healthcare, and manufacturing. By taking care of table stakes requirements, these specialized clouds are saving companies time and money. And perhaps more importantly, […]
IT leaders adjust budget priorities as economic outlook shifts
Budget planning during uncertain economic times is never CIOs’ favorite activity. But the next eighteen months aren’t shaping up to be as challenging as some may fear. For the most part, budgets are holding steady or growing in the single digits, with continued investments in security, analytics, and the cloud, among other areas. Gartner predicts […]
Athletic shoe maker Brooks runs down cyberattacks with zero-trust segmentation
Ransomware was again the top attack type in 2021, with manufacturing replacing financial services as the top industry in a Brooks Jon Hocut, director of information security for Brooks To read this article in full, please click here
Sourced Group an Amdocs Company, empowers the growth of BaaS for Standard Chartered nexus
Banking as a Service (BaaS) is revolutionising the finance sector. BaaS enables non-financial companies to provide customers with financial products and services such as personal loans, credit cards and digital savings accounts. It leverages the expertise and experience of trusted banks, such as Standard Chartered, so they can offer a wider range of services to […]
Ransomware attack knocks Rackspace’s Exchange servers offline
Rackspace’s hosting for Exchange servers remained offline Tuesday after an outage Friday that the company now ascribes to a ransomware attack.
Establishing Trust and Control in the Age of Data Privacy Regulation
One of the most important components of data privacy and security is being compliant with the regulations that call for the protection of information. Regulators want to see transparency and controllability within organizations, because that is what makes them trustworthy from a data privacy and security standpoint. Ideally, organizations will deploy systems that provide compelling evidence […]
Managing an Increasingly Risk-Averse Regulatory Environment
Risk management and mitigation is a high priority for CEOs and other senior executives worldwide — including CIOs and cybersecurity executives. The fact is, it’s impossible to separate risk from technology implementations and the potential cybersecurity vulnerabilities they present. One of the biggest challenges of risk management, as it relates to IT, is the emergence of a […]
Managing M&A Risk: How Endpoint Visibility Could Deliver Critical Advantage
Merger and acquisition (M&A) activity hit a record high in 2021 of more than $5 trillion in global volume. While the market has certainly slowed this year, it remains on par with pre-pandemic levels — quite a feat at a time of business uncertainty and inflation. But when it comes to corporate deal-making, risk lurks around every corner. The […]
Combining Cybersecurity and Reliability Risk Management for Better Collaboration across IT
Cybersecurity threats and their resulting breaches are top of mind for CIOs today. Managing such risks, however, is just one aspect of the entire IT risk management landscape that CIOs must address. Equally important is reliability risk – the risks inherent in IT’s essential fragility. Issues might occur at anytime, anywhere across the complex hybrid […]
How Can Boards and CIOs Help Reduce Risk? By Asking the Right Questions
Cybersecurity breaches can result in millions of dollars in losses for global enterprises and they can even represent an existential threat for smaller companies. For boards of directors not to get seriously involved in protecting the information assets of their organizations is not just risky — it’s negligent. Boards need to be on top of […]
Add brand security to your workload
Last month in this column, I wrote about how businesses need to “lock up the front door” to their systems to prevent phishing attacks and take a multi-tiered approach to rethinking the identity of their employees, partners, and customers. And while we have been banging this drum for quite some time, a new villain has […]
Flaws in MegaRAC baseband management firmware impact many server brands
Researchers have found three vulnerabilities in AMI MegaRAC, a baseband management controller (BMC) firmware used by multiple server manufacturers. If exploited, the flaws could allow attackers to remotely control servers, deploy malware and firmware implants, or trigger damaging actions that leave them inoperable. BMCs are microcontrollers present on server motherboards that have their own firmware, […]
Episode 5: Customer-centricity: The Great Differentiator
Customer centricity, or putting the customer’s expectations front and center, is not a new concept. But given the reality of the global pandemic, coupled with uncertain times, delivering on this concept is more important than ever, especially for SMBs. Simply put, delivering genuine value across every customer touchpoint can not only help build resilience but […]
London Borough of Camden’s Tariq Khan on using data to improve local services
Watch the episode: Listen to the episode: CIO Leadership Live
Finally leverage edge by adopting an as-a-service approach
A shift toward hybrid IT infrastructure has accelerated as a result of the pandemic, along with an increased demand for ultra-low latency, high-bandwidth networks and, by extension, edge computing. However, many organizations simply don’t have the resources or the expertise to build or manage the complex distributed systems required for effective edge computing delivery, a […]
The Future of Energy is in Energy Communities
Energy production and consumption are gradually changing from a centralized model that relies on a power plant generating and distributing regional power to a decentralized model that relies on renewable energy traded in energy communities — groups that share and trade renewable energy. Public utility companies are scrambling to fit into this new, decentralized, digital-first […]
7 Considerations for Maximizing ROI on AI/ML Investments
Motivated by multiple drivers, enterprises across nearly all industries are increasingly embracing artificial intelligence (AI) and machine learning (ML) to enhance efficiency, profitability, and customer experience while improving evidence-based decision making. Ever-increasing volumes of available data, both structured and unstructured, combined with ongoing innovations in the software and infrastructure space capable of handling large data volumes efficiently, […]
Focus on cost and agility to ensure your cloud migration success
When businesses migrate to public cloud, they expect to enjoy greater agility, resiliency, scalability, security, and cost-efficiency. But while some organizations undergo a relatively smooth journey, others can find themselves embarked on a bumpy trek fraught with time-wasting detours and lurking money pits – and with that glowing cloud promise still beyond their reach. Where […]
Action1 launches threat actor filtering to block remote management platform abuse
Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry […]
The cybersecurity challenges and opportunities of digital twins
Digital twins are a digital representation of objects, structures or systems that give organizations greater insight into the life cycle of these objects, but this same level of insight and control can also open doors for malicious attackers. Digital twins can be created for any physical infrastructure that includes individual components of an engine, turbine […]
The changing role of the MITRE ATT@CK framework
Since its creation in 2013, the MITRE ATT&CK framework has been of interest to security operations professionals. In the early years, the security operations center (SOC) team used MITRE as a reference architecture, comparing alerts and threat intelligence nuggets with the taxonomy’s breakdown of adversary tactics and techniques. Based on ESG research, MITRE ATT&CK usage […]
What you should know when considering cyber insurance in 2023
As the frequency and severity of ransomware, phishing, and denial of service attacks has increased, so has demand for cyber insurance. About $6.5 billion in direct written premiums were recorded in 2021, a 61% increase over the prior year, according to an October 2022 memorandum from the National Association of Insurance Commissioners. “Some companies see it as […]
7 ways to cope with a C-level rival
Leadership colleagues who endlessly throw cold water onto your plans, initiatives, proposals, or insights can be a drain on your energy and motivation — and your career. Such rivals can prevent you from receiving sufficient budget, successfully implementing vital business initiatives, and steering your organization in the right direction. They must be dealt with but […]
A CIO’s gift guide for IT and business colleagues
Welcome to the holiday season. Sure, I know the holiday season’s true start date is sometime in September, but I didn’t want to hurt Halloween’s and Thanksgiving’s feelings. Which is why I’ve refused to start my shopping until after the last of the turkey leftovers and Kit Kat Bars are gone. Once upon a time […]
Van maker BrightDrop builds ERP and business in parallel
Electric vehicles are sufficiently distinct from their gas-guzzling cousins that auto makers have the chance to toss out decades of legacy manufacturing systems. That can go for their IT infrastructure too. When General Motors named Namo Tiwari CIO of its internal startup BrightDrop, he decided to build an ERP from scratch rather than piggy-back on […]
CIO Leadership Live with Hesham Daabes, CIO, Banque du Caire
Watch the episode: Listen to the episode: CIO Leadership Live
Broadcom and VMware: Investing for Customer Value
By Hock Tan, Broadcom President & CEO In October I shared my thoughts about what a combined Broadcom and VMware will mean for customers. I wrote about the conversations I’ve had to date, the future of multi-cloud, and our philosophy on pricing, and I reiterated Broadcom’s commitment to keeping customers at the center of our […]
Palo Alto Networks looks to shore up healthcare IoT security
Palo Alto Networks today rolled out a new Medical IoT Security offering, designed to provide improved visibility, automated monitoring and more for hitherto vulnerable healthcare IoT frameworks, thanks to machine learning and adherence to zero trust principles. Medical device security is a serious problem for most organizations in healthcare, with a long string of reported […]
CIOs get serious about sustainability
Momentum had already been building around environmental issues and corporate sustainability efforts, but over the past few years — fueled by pandemic, global conflict, and a greater understanding of the impact of climate change — these initiatives have kicked into high gear. Once considered nice to have, today 90% of companies are adopting ESG solutions, […]
How Cloud is Revolutionizing Your Travel and Hospitality Experience
In the age of disruptive business models and constant competition, the travel and hospitality industry, like most industries, needs to deliver services in real-time. The Covid-19 pandemic has created a significant shift in the industry with a greater demand for competitive pricing to prevent loss of market share, targeted marketing to build loyalty, optimizing company […]
Project management: Tips, tools, best practices
What is project management? Project management is a business discipline that involves applying specific processes, knowledge, skills, techniques, and tools to successfully deliver outcomes that meet project goals. Project management professionals drive, guide, and execute company-identified value-added goals by applying processes and methodologies to plan, initiate, execute, monitor, and close all activities related to a […]
Microsoft increases software, services pricing by up to 11% in India
Citing currency fluctuations, Microsoft is all set to increase prices of its on-premises software, online services and Windows licenses in India by up to 11%. The new prices that are expected to take effect from February 1, 2023, are meant to “harmonize” prices for Microsoft software and services between India and the Asian region, the […]
PepsiCo transforms for the digital era
For any IT leader new to an organization, gaining employee trust is paramount — especially when, like PepsiCo’s Athina Kanioura, you’ve been brought in to transform the way work gets done. Kanioura, who was hired away from Accenture two years ago to serve as the food and beverage multinational’s first chief strategy and transformation officer, says […]
Zero Trust: Hype or Hope?
Businesses are always in need of the most robust security possible. As the remote workforce expanded during and post-COVID, so did the attack surface for cybercriminals—forcing security teams to pivot their strategy to effectively protect company resources. Furthermore, the rise of organisations moving to the cloud, increasing complexity of IT environments, and legacy technical debts […]
Hastings Mutual Insurance: A Proactive Approach to Modernizing Content Management
By Milan Shetti, CEO Rocket Software In today’s digitalized world, customers value transparency and accessibility above all else. As a result, organizations are taking a proactive approach to provide critical content to end users at the click of a button. For over 130 years, Hastings Mutual Insurance Company has served and protected its clients throughout […]
Bechtle: Pursuing a Multi-Faceted Sustainability Strategy
“Our sustainability goals and key performance indicators are important to us. We’re committed to achieve net-zero carbon emissions in areas we can influence by 2030 with a three-pronged approach that includes avoidance, reduction and compensation.” — Arthur Schneider, Head of Sustainability Management One of Europe’s largest IT services providers, Bechtle offers a full IT portfolio […]
Salesforce co-CEO Bret Taylor’s resignation overshadows solid sales growth
Salesforce’s third-quarter financial report Wednesday showed a solid 14% year-over-year increase in revenue, beating analysts’ expectations, but was overshadowed by the announcement that company co-CEO Bret Taylor will be stepping down. The move will leave company founder Marc Benioff once again running the company as lone CEO. Salesforce’s revenue growth, totalling $7.8 billion for the […]
Enabling smart cities through connected lightning
The world has become increasingly urbanised. The UN reports that since 2007 more than half the world’s population has been living in cities. That number is projected to rise to 60% by 2030. Increased urbanisation brings with it increased responsibility for cities, especially regarding the environment. Cities account for roughly 70% of global carbon emissions and […]
When blaming the user for a security breach is unfair – or just wrong
In his career in IT security leadership, Aaron de Montmorency has seen a lot — an employee phished on their first day by someone impersonating the CEO, an HR department head asked to change the company’s direct deposit information by a bogus CFO, not to mention multichannel criminal engagement with threat actors attacking from social […]
CIO100 2022: Honouring the top tech leaders and teams in ASEAN and Hong Kong
CIO is proud to unveil the expanded CIO100 awards in 2022, recognising the top 100 senior technology executives and teams driving innovation, strengthening resiliency, and influencing rapid change. Winners were unveiled during an in-person awards ceremony at Marina Bay Sands in Singapore, housing more than 200 executives from all key markets across ASEAN, Hong Kong […]
Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions
The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery) workflows that don’t perform sufficient filtering when downloading artifacts. Cybersecurity researchers have identified several popular artifacts download scripts used by thousands of repositories that are vulnerable to […]
How certification can unlock the benefits of smart cities
Where are you right now, as you read this? Our educated guess would be a city. According to current figures from World Bank, around half of the world’s population — 56% to be precise — call cities their home. However, if we were to ask you the same question in 2050, those odds will have […]
Researchers found security pitfalls in IBM’s cloud infrastructure
Security researchers recently probed IBM Cloud’s database-as-a-service infrastructure and found several security issues that granted them access to the internal server used to build database images for customer deployments. The demonstrated attack highlights some common security oversights that can lead to supply chain compromises in cloud infrastructure. Developed by researchers from security firm Wiz, the […]
HPE is in talks to buy Nutanix: Report
Hewlett Packard Enterprise (HPE) is in talks to acquire cloud computing firm Nutanix, Bloomberg reported on Thursday, quoting sources familiar with the matter. The deal between the two companies could be mutually benefitial according to experts. Nutanix offers its customers an open, software-defined hybrid cloud platform. HPE, on the other hand, calls itself an edge-to-cloud […]
8 things to consider amid cybersecurity vendor layoffs
2022 has been a heavy year for layoffs in the technology sector. Whether due to budget restraints, mergers and acquisitions, streamlining, or economic reasons, TrueUp’s tech layoff tracker has recorded over 1000 rounds of layoffs at tech companies globally so far, affecting more than 182,000 people. Some of the biggest tech companies in the world […]
Talent development: 4 upskilling success stories
In the war for talent, sometimes the solution is right in front of you. For businesses struggling to compete for tech talent, investing in your current talent through upskilling and training initiatives can provide invaluable returns, as many IT leaders are finding. A study from Korn Ferry estimates that by 2030 more than 85 million […]
MoJ CDIO Gina Gill appeals for digital pragmatism
As a young Indian girl growing up in Glasgow, Scotland, Gina Gill was attracted to IT from an early age. She took computer studies in secondary school before going onto computer science and management science at university. But her career journey to become CDIO at the Ministry of Justice, where she is responsible for supporting […]
Technology Leadership in a pre and post pandemic world
Nick Marchand, Vice President, Digital & Technology Operations and Cyber Security, Cineplex discussed leadership in the post pandemic world. Watch this episode: Listen to this episode: Careers, CIO, CIO Leadership Live
Fortanix unveils AWS integration for centralized key management
Cloud security vendor Fortanix has updated its Data Security Manager to incorporate support for AWS’ external encryption key store system, adding another major public cloud vendor to the list of those supported for the company’s key management system. With this week’s update, Fortanix, which already supports this type of cloud key management system in Azure […]
CIO Leadership Live with Ty Tastepe, CIO at Cedar Fair Entertainment
Ty Tastepe, CIO at Cedar Fair Entertainment, joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss digitizing guest experiences, data-driven pricing decisions, innovation partnerships and more. Watch this episode: Listen to this episode: CIO, CIO Leadership Live
AWS' Inspector offers vulnerability management for Lambda serverless functions
Amazon Web Services has announced AWS Lambda serverless function support for its automated vulnerability management service, Amazon Inspector, and a new automated sensitive data discovery capability in its machine learning security and privacy service, Amazon Macie. Both announcements were made during the AWS Re:Invent 2022 conference in Las Vegas this week. They follow other security-focused […]
Make Smarter Enterprise Purchasing Decisions With Continuous Monitoring Tools
Companies today face disruptions and business risks the likes of which haven’t been seen in decades. The enterprises that ultimately succeed are the ones that have built up resilience. To be truly resilient, an organization must be able to continuously gather data from diverse sources, correlate it, draw accurate conclusions, and in near-real time trigger […]
AWS launches new cybersecurity service Amazon Security Lake
Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account, the company said in a statement. “Customers must be able to quickly detect and respond to security risks so they can take […]
The 4 Core Features of Successful Data Governance Automation
By Milan Shetti, CEO Rocket Software If we’ve learned anything over the last few years facing a global pandemic, stalled supply chains, rising inflation, and sinking economies, it’s that change is the new normal in today’s markets. In response, organizations have invested heavily in digital transformation. IDC forecasts that global spending on digital transformation will […]
5 top qualities you need to become a next-gen CISO
Ransomware and data breaches pose a massive risk to organizations, resulting in loss of customer trust and shareholder value, reputation damage, hefty fines, and penalties. Cyber risk is a top concern in US corporate boardrooms, elevating the role of the chief information security officer to rapid prominence. More than half (61%) of CISOs report to […]
What is Ransom Cartel? A ransomware gang focused on reputational damage
Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that […]
What the expanding role of the CIO means to Lenovo’s Arthur Hu
Global PC manufacturer Lenovo has upward of 70,000 employees worldwide, delivering round-the-clock IT services, and Arthur Hu, the company’s SVP and global CIO—and as of April 2022, also the Services & Solutions Group CTO—is in a constant state of getting the most out of related teams, management and himself to cement partnerships, and achieve optimum […]
CIOs find big benefits in shift to human-centered design
As a service organization, Save the Children wants to know the impact of its programs. And the information it needs to gather to make that judgment differs from data typically collected by reporting software, says Sarah Angel-Johnson, the UK-based NGO’s CIO and vice president of business and technology solutions. Using traditional measures, around project outputs, […]
CIO Carissa Rollins reimagines Illumina IT for business impact
Seemingly since the beginning of time, CIOs have been working to change their IT organizations from “order takers” into “business partners.” They have established business relationship management functions, developed “we are the business” rallying cries, and built leadership development programs emphasizing influence, courage, and business acumen. These efforts have had a positive impact, but an […]
AWS makes a foray into supply chain management
Amazon Web Services (AWS) is making a foray into supply chain management with the release of a cloud application that integrates machine-learning to help large enterprises, which often use multiple ERP systems, get a unified view of suppliers, inventory, logistics and other supply-chain related components. The launch of the application, dubbed AWS Supply Chain, comes […]
Episode 4: Keeping Teams Together in a Digital and Distributed Workplace
Most everyone agrees: Before the pandemic, creating a company culture and encouraging people’s connection with their colleagues was simpler – many SMBs had a shared office where employees could gather, work, and collaborate. Today, things are dramatically different – and HR and IT leaders must shift their strategies in kind. In this 4th episode of […]
Broadcom Raises the Bar on Identity Security
By Vadim Lander, Identity Security CTO & Distinguished Engineer Even before the era of digital transformation, a central pillar of enterprise security was Identity Security, which focuses on access to digital information or services based on the authenticated identity of an individual. But in this emerging era of multi-cloud, where organizations can no longer depend […]
How a Video-Enabled Contact Center Platform Enhances IT Support Experiences for a Hybrid Workforce
The modern hybrid workforce is composed of employees working in a variety of settings, from home, on the road, in the office, and just about everywhere in between. The help desk teams who support these dispersed employees are often in mixed working environments themselves and require enhanced contact center software with robust features to adequately […]
How to Pinpoint Where Your Organization Wins (and Loses) with Data
By George Trujillo, Principal Data Strategist, DataStax Innovation is driven by the ease and agility of working with data. Increasing ROI for the business requires a strategic understanding of — and the ability to clearly identify — where and how organizations win with data. It’s the only way to drive a strategy to execute at […]
BrandPost: SASE: The Only Way to Improve Network Security Without Added Complexity
By: Mike Spanbauer, Field CTO, Security at Juniper Networks The future of network security has a new shiny architecture to meet organizational needs with Secure Access Service Edge (SASE). Still, most network administrators are either not ready or able to decommission their existing on-premisessecurity solutions. Organizations are much more likely to need to support hybrid environments […]
AWS adds machine learning capabilities to Amazon Connect
In a bid to help enterprises offer better customer service and experience, Amazon Web Services (AWS) on Tuesday, at its annual re:Invent conference, said that it was adding new machine learning capabilities to its cloud-based contact center service, Amazon Connect. AWS launched Amazon Connect in 2017 in an effort to offer a low-cost, high-value alternative to […]
CIO Leadership Live with Peter Kennedy, Chief Digital Officer of Genesis
Genesis Chief Digital Officer Peter Kennedy on being visionary and playing the long game, identifying the capacity and ambition for change in any business, and the importance of CIOs being ‘value creators not risk mitigators’. Watch this episode: CIO, CIO Leadership Live
How Value Stream Management is Fueling Digital Transformation: Real-World Examples
If you’re looking to accelerate your organization’s digital transformation, the good news is that there are some proven principles you can apply. By employing Value Stream Management (VSM), some top enterprises are now better positioned to speed their transformation—and seeing multimillion-dollar savings as well. If you’re not familiar with this concept, the basic premise is […]
Achieving the ‘Endless Aisle’ with Intelligent Supply Chain Systems
The “endless aisle” concept isn’t new, but it’s definitely the future for many supply chain operators. This retail strategy enables customers at a physical store to virtually browse and order any products that are either out of stock or not sold in-store and have them shipped to the store or their home. A fulfillment center […]
Infosys elevates employee experience with intelligent platform
With employee experience increasingly vital to business success, enterprises are rethinking how they deliver applications to business users to ensure greater productivity and efficiency. Global consulting and IT services company Infosys is one such company doing that at scale. Rapid digital transformation at Infosys over recent years had resulted in a multitude of applications both […]
How to build a public profile as a cybersecurity pro
Cybersecurity professionals interested in raising their profiles as subject matter experts can count on social media to become more visible. With everyone being online this may not be enough though. CSO spoke to Forrester analyst Jinan Budge and cybersecurity professionals Katie Moussouris, Troy Hunt, Rachel Tobac, and Christina Morillo about their journeys and their tips […]
7 lies IT leaders should never tell
There are big lies, small lies, white lies, and boldface lies. They all have one thing in common: None should ever be used by a CIO to deceive staff, customers, or management colleagues. Lying to yourself about the state of your IT operations is one thing — and can certainly get you in trouble. But […]
Melissa & Doug buys oversized ERP to grow into
At Melissa & Doug, a toy company whose mantra is “more play time, less screen time,” CIO Mike Macrie isn’t planning to take his colleagues’ screens away — but he is looking for ways for technology to better enable their creativity and remove drudgery. “My belief is that technology is a set of tools to […]
Top 15 certifications for enterprise architects
If you’re planning a career as an enterprise architect, certifications are a great way to validate your enterprise architecture (EA) skills. As an enterprise architect, you’ll be responsible for developing the IT strategy for a business that keeps business goals in line with IT goals. Companies rely heavily on technology, so IT is now a foundational […]
CIO Leadership Live with Shumon A Zaman, Chief Information and Digital Officer, Ali & Sons
Watch the episode: Listen to the episode: CIO Leadership Live
Financial services increasingly targeted for API-based cyberattacks
A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year. APIs are a core part of how financial services […]
AWS releases Wickr, its encrypted messaging service for enterprises
The release of the enterprise version of the encrypted messaging service, announced at AWS re:Invent, is designed to allow secure collaboration across messaging, voice, video and file sharing.
Working Smart in the Free Dimension
If 2020 was the year of remote work, and 2021 was the year of hybrid work, then 2022 is the year to really make hybrid work, work. In fact, Microsoft’s second Annual Work Trend Index “Great Expectations: Making Hybrid Work Work” reveals that employees are calling for a ‘Free Dimensional’ Workplace. The survey explores changes from the […]
EU Council adopts NIS2 directive to harmonize cybersecurity across member states
The Council of the European Union (EU) has adopted a new cybersecurity directive designed to improve resilience and incident response capacities across the EU, replacing NIS, the current directive on the security of network and information systems. The new directive, NIS2, will set the baseline for cybersecurity risk management measures and reporting obligations across sectors […]
500 million WhatsApp mobile numbers up for sale on the dark web
A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on a hacking community forum. The data set contains WhatsApp user data from more than 84 countries, the post shows. The story was first reported by Cybernews. The seller of the leaked data is also offering it through the controversial messaging […]
Website offering spoofing services taken offline after joint operation
Judicial and law enforcement authorities in Europe, Australia, the US, Ukraine, and Canada took down a so-called spoofing website that allowed fraudsters to impersonate trusted corporations or contacts in order to steal more than $120 million from victims. In a coordinated action led by the UK and supported by Europol and EU judicial cooperation agency […]
Here is why you should have Cobalt Strike detection in place
Google recently released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red teams that has also been adopted by many threat actors, from APT groups to ransomware gangs […]
Top 7 CIAM tools
Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. To helps organizations compare their needs against the options in the market, CSO prepared a list with the top seven vendors in the market. To […]
5 ways to avoid IT purchasing regrets
When asked about technology purchase regrets, veteran tech exec Sanjay Macwan digs deep for a classic hyped technology that has yet to pan out: smart glasses. Nearly a decade ago, as the technology was hitting the market, Macwan and his executive colleagues were “hugely interested in leveraging the technology,” he says. So they took a […]
Virtual and hybrid learning works. Here’s how to get it right.
Education is changing. In part, this shift is driven by students, who increasingly demand virtual and hybrid learning experiences that better match the ways they like to consume content at home. Meanwhile, virtual education has become an essential element of resilience for educational institutions by ensuring that students don’t fall behind during closures. In the […]
Cybercriminals are increasingly using info-stealing malware to target victims
Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB. The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model. Info stealer malware collects users’ […]
What is outsourcing? Definitions, benefits, challenges, processes, advice
Outsourcing definition Outsourcing is a business practice in which services or job functions are hired out to a third party on a contract or ongoing basis. In IT, an outsourcing initiative with a technology provider can involve a range of operations, from the entirety of the IT function to discrete, easily defined components, such as […]
Carhartt turns to data under new CIO
Carhartt’s signature workwear is near ubiquitous, and its continuing presence on factory floors and at skate parks alike is fueled in part thanks to an ongoing digital transformation that is advancing the 133-year-old Midwest company’s operations to make the most of advanced digital technologies, including the cloud, data analytics, and AI. The company, which operates […]
How to Unlock the Power of a Digital HQ
Two years ago, many organizations were forced to adopt remote working models overnight. We saw an acceleration toward a digital-first era no one — not even those of us trying to predict the future of work — saw coming. Suddenly, those unpredictable changes became standard work realities. Teams expect to work when, where and how […]
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back
A group of attackers, likely based in Vietnam, that specializes in targeting employees with potential access to Facebook business and ads management accounts, has re-emerged with changes to its infrastructure, malware, and modus operandi after being initially outed a few months ago. Dubbed DUCKTAIL by researchers from WithSecure, the group uses spear phishing to target […]
EPSS explained: How does it compare to CVSS?
The Common Vulnerability Scanning System (CVSS) is the most frequently cited rating system to assess the severity of security vulnerabilities. It has been criticized, however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this reason, some have called for using the Exploit Prediction Scoring System (EPSS) or combining CVSS and […]
Examining low-code/no-code popularity across Africa and its range of disruption for CIOs
Coding has been an educational trend in Africa for many years, and schools and movements have been created in response to a pressing need and necessity in the digital age. It’s still the case today, except entrepreneurs and companies are now beginning to adopt tools to create applications and develop services that don’t require coding. […]
Meta outlines US involvement in social media disinformation in new report
A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. “Coordinated inauthentic behavior” is Meta’s term for misinformation activity performed by groups of social media accounts on its […]
The Future of Consulting
The Consulting industry, over the last few decades, has been at the forefront of helping firms navigate their key Enterprise Transformation initiatives. The industry has typically helped clients navigate these transformations through an optimal combination of proprietary frameworks, IP, tools, and a team of consultants trained with in-house consulting methodologies. However, the accelerated advancement of […]
Why endpoint security will be a renewed priority for businesses of all sizes in 2023
A recent spate of high-profile security breaches at some of the largest enterprises in Australia has reminded everyone of the importance of security. Cyber crime is estimated to cost the Australian economy around $42 billion per year, and that number is only increasing. The biggest challenge when it comes to cyber crime is that there […]
What You Need to Know About Digital Innovation Now
Don’t miss CIO’s Future of Digital Innovation Summit and Awards Canada, happening on November 29-30 produced by IDC and CIO, in partnership with TECHNATION. Registration is complimentary, and attendees will have the opportunity to gain the latest knowledge in innovation from experts in a broad range of industries. The conference will kick off on November […]
The Biden administration has racked up a host of cybersecurity accomplishments
When it comes to hitting the ground running on cybersecurity, the Biden administration has engaged in an extensive set of initiatives that far outstrip those of the Trump administration – and even those of the Obama administration, which established the previous highwater mark for cybersecurity actions. In mid-October, the White House issued a fact sheet […]
UK finalizes first independent post-Brexit data transfer deal with South Korea
The UK has finalized its first independent data adequacy decision since leaving the European Union (EU) which will allow UK organisations to securely transfer personal data to the Republic of Korea without restrictions by the end of the year. The UK government stated that the new legislation, first agreed upon in principle in July, will […]
A healthcare CDIO’s unexpected path to interim CEO
Andy Callow was appointed Group CDIO at the University Hospitals of Northamptonshire in December 2020, and has spent the last three years unifying the Kettering and Northampton hospitals through one digital strategy, taking strides to adopt cloud, build an RPA Centre of Excellence, and roll-out AI proof-of-concepts. Then the call came that CEO Simon Weldon […]
The State of Artificial Intelligence at the Manufacturing Edge
As the chief engineer and head of the department for digital transformation of manufacturing technologies at the Laboratory for Machine Tools and Production Engineering (WZL) within RWTH Aachen University, I’ve seen a lot of technological advancements in the manufacturing industry over my tenure. I hope to help other manufacturers struggling with the complexities of AI in manufacturing […]
The CIO and CISO – Leadership and collaboration conversation
George Al Koura, CISO Ruby, discusses his career and leadership journey, working with vendors, and building collaboration with teams. Watch this episode: Listen to this episode: Careers, CIO, CIO Leadership Live
Think in Systems to Propel Your Transformation
Lately glazing up in a clear night sky and identifying different star constellations (in these days with the support of a mobile app – of course!) I got unswervingly reminded that everything is related to and interconnected with each other. Stars, together with planets and asteroids, form the solar system we live in, which constitutes […]
Online retailers should prepare for a holiday season spike in bot-operated attacks
With the holiday shopping season in full swing, retail websites can expect a spike in account takeover fraud, DDoS, and other attacks, including attacks via APIs, which now represent almost half of e-commerce traffic. According to a recent report from application and data security company Imperva, bots account for more than 40% of traffic to […]
How to reset a Kerberos password and get ahead of coming updates
Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. If you’ve followed my advice, you are already one step ahead of the side […]
What is enterprise architecture? A framework for transformation
Enterprise architecture definition Enterprise architecture (EA) is the practice of analyzing, designing, planning, and implementing enterprise analysis to successfully execute on business strategies. EA helps organizations structure IT projects and policies to achieve desired business results, to stay agile and resilient in the face of rapid change, and to stay on top of industry trends […]
5 pitfalls to avoid when partnering with startups
Enterprise technology leaders are actively partnering with startups to help make their organizations more innovative and agile. Co-creating with startups can help kickstart innovation, provide CIOs with access to hard-to-find skills in emerging technologies, and round out digital transformational strategies. Their unique focus and approaches to innovation can make startups a highly advantageous partner in […]
Microsoft Azure launches DDoS IP protection for SMBs
Microsoft is extending the Azure DDoS Protection family with a new product focusing on small and medium-size businesses (SMBs). The product, DDoS IP Protection for SMBs, was announced at Microsoft’s Ignite conference and is now in public preview. DDoS IP Protection for SMBs is designed to provide enterprise-grade DDoS (distributed denial of service) protection at […]
Know thy enemy: thinking like a hacker can boost cybersecurity strategy
As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they’re after. That could mean placing decoys and lures that […]
Leaning into Retail’s Challenges with Digital Transformation
Digital transformation initiatives have picked up in the retail sector in recent years as store chains compete for brand awareness and sales in a rapidly evolving market. By 2026, retailers’ global investments in digital transformation tools are expected to reach $388 billion, growing by 18% a year. That may sound like retail leaders are all […]
Episode 3: How Good Customer Experience Stems the Rising Cost of Missed Connections
It’s clear that in the last few years, the global pandemic has created unique circumstances for business and IT leaders at small- and medium-sized businesses (SMBs). Yet a relentless focus on customers can help build resilience and success. In this 3rd episode of our 5-episode podcast, Essential Connections: The Business Owner’s Guide to Growth […]
Building Services Versus Buying Them: It’s Not a Zero-Sum Game
By Patrick McFadin, DataStax When the gap between enterprise software development and IT operations was bridged 15 or so years ago, building enterprise apps underwent a radical change. DevOps blew away manual and slow processes, and adopted the idea of infrastructure as code. This was a change that upped the ability to scale quickly and […]
Do Your Chatbots and Voice Assistants Have the Testing Support They Need to Succeed?
It’s hard to imagine where today’s businesses would be without conversational AI. This technology, which powers both chatbots and conversational IVR systems, proved essential for navigating a changing service economy through a global pandemic. Even before COVID-19, Gartner predicted that 70% of white-collar workers would interact with conversational AI platforms every day by 2022. The […]
CIO Leadership Live with Glen McLatchie, Chief Information Officer of SkyCity Entertainment Group
SkyCity Entertainment Group Chief Information Officer Glen McLatchie on his career-defining moments, the importance of mentoring and professional development, and the transformation plans ahead for the casino and hotel group after a challenging few years. Watch this episode: CIO, CIO Leadership Live
10 tips for running a world-class innovation contest
When it comes to sourcing ideas from across the organization, there’s a number of well-proven techniques ranging from specific event-based ideation sessions and broader innovation contests, challenges and pitch days, to ongoing enterprise innovation processes, incubators and labs where ideas can be submitted and evaluated at any time. The best approach is often a combination […]
7 enterprise data strategy trends
Every enterprise needs a data strategy that clearly defines the technologies, processes, people, and rules needed to safely and securely manage its information assets and practices. As with just about everything in IT, a data strategy must evolve over time to keep pace with evolving technologies, customers, markets, business needs and practices, regulations, and a […]
AWS launches second region in India with a $4.4 billion commitment
Amazon Web Services (AWS) on Tuesday launched its second region in India and said it was committing $4.4 billion (Rs 36,300 crore) to scale it till the end of 2030. The $4.4 billion investment is a huge increase from the initially announced investment of $2.8 billion for the region in 2020 as the cloud computing […]
Why IPaaS is key to gaining insights in higher education
Higher education is entering a new era of data-driven insights, which promise to elevate both learner experience and institutional performance. The HE colleges and universities capable of collecting and leveraging data in a timely manner will not only boost student outcomes but also run their back-office operations in a significantly more effective and cost-efficient way […]
Episode 4: Data is the New Currency
Data is the new currency of business. We hear that constantly and it is an accurate description of the value that data provides for the successful operation of a business. Put simply, organizations with “better” data management and use it more effectively, win in the market. This blog summarizes a recent podcast that featured Graeme […]
The Movement to Modernized Content Management Software
By Milan Shetti, CEO Rocket Software If you ask business leaders to name their company’s most valuable asset, most will say data. But while businesses recognize the value of data, few have the processes and tools in place to access its full potential. In our most recent Rocket survey, 46% of IT professionals indicate that […]
Luna Moth callback phishing campaign leverages extortion without malware
Palo Alto’s Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and […]
Human and AI Partnerships Are Integral to the Future of Customer Experience
The age-old debate on technology versus human capability remains inconclusive. But in this time of artificial intelligence (AI), analytics, and cloud, we’re seeing more opportunities to think of how humans and machines can come together as a team, rather than acting against each other. From diagnosing diseases and delivering effortless customer experiences to understanding human […]
How remote working impacts security incident reporting
The ability for employees to work remotely comes with many benefits, from better work-life balance to lower expenses to higher productivity. But a widely dispersed workforce can pose some great challenges for security teams, not least of which is how remote work affects security incident reporting. With companies growing more accustomed to implementing security technologies […]
IT leaders take charge of customer experience
Erin Howard, executive director of product, service, and experience design at Charles River Laboratories, admits she doesn’t get into all the scientific intricacies of the blood products her company supplies to its customers for their research needs. But she and her team did understand what was working and, perhaps more importantly, what wasn’t working in […]
Music distributor tracks SaaS usage to boost security, satisfaction
Originally an online CD store, CD Baby now primarily deals in “music as a service,” serving 700,000 independent music artists by managing the distribution of over 10 million unique tracks through download platforms and streaming services such as Spotify. In parallel, its IT team manages the consequences of software’s move to an as-a-service model. It’s […]
CIO Leadership Live with Dan West, CDIO of Health and Social Care in Northern Ireland
Dan West, Chief Digital Information Officer (CDIO) for Health and Social Care in Northern Ireland, discusses health and social care reform, innovating through uncertainty, and balancing transformation with business-as-usual. Speaking to CIO UK editor Doug Drinkwater, he also reveals how digital is improving operational efficiency and patient experiences, and the challenges that lie ahead through […]
Digital Champions: Building the Future In Real Time
By Thomas Been, DataStax Bringing a promising idea to life with an application that solves a hard problem or creates an amazing experience (or does both)—this is the developer’s dream. But even if that dream comes true, real success can only be achieved if the groundwork has been laid for high growth. DataStax set out […]
Almost half of customers have left a vendor due to poor digital trust: Report
Forty-seven percent of consumers have stopped doing business with a company after losing trust in that company’s digital security, according to new research from certificate authority and cybersecurity vendor DigiCert. The findings, which have been compiled in the company’s 2022 State of Digital Trust Survey, also revealed that 84% of customers would consider switching if […]
How Private 5G Is Transforming Oil & Gas Operations in the Field
Technologies like the Internet of Things (IoT), artificial intelligence (AI), and advanced analytics provide tremendous opportunities to increase efficiency, safety, and sustainability. However, for businesses with operations in remote locations, the lack of public infrastructure, including cloud connectivity, often places these digital innovations out of reach. Until recently, this has been the predicament of oil […]
How a cloud-based data ecosystem is helping 3M HIS transform the healthcare business
3M Health Information Systems (3M HIS), one of the world’s largest providers of software solutions for the healthcare industry, exemplifies 3M Co.’s legendary culture of innovation. By combining the power of a cloud-based data ecosystem with artificial intelligence (AI) and machine learning (ML), 3M HIS is transforming physician workflows and laborious “back office” processes to […]
India drafts new privacy bill for transfer of personal data internationally
The Indian federal government on Friday published a new draft of data privacy laws that would allow personal data transfer to other nations under certain conditions, and impose fines for breaches of data-transfer and data-collection regulations. The proposed legislation has been in the works for about four years. Up until now, the Reserve Bank of […]
XPO Logistics invests in IT for the long haul
XPO Logistics’ new CIO is pumped about the sophisticated IT platform built to handle its less-than-truckload (LTL) freight transportation loads in North America. LTL is a freight model in which a single truck’s load contain products from multiple customers, all with their own delivery location, delivery deadline, pricing, footprint, pallet size, and transport requirements. Though […]
Noname Security releases Recon attack simulator
As breaches increase and companies scramble to go from a defensive to an offensive approach, API-focused Noname Security has launched Recon, whice simulates an attacker performing reconnaissance on an organization’s domains. Recon works from a root-level domain to find other domains, shadow domains, sub-domains, APIs, vulnerabilities, and public issues that put the organization at risk, […]
Transforming public utilities: how digitalisation is the next progression for society
GITEX GLOBAL is the largest event for global enterprise and government technology, with public digital transformation top of the agenda. Though different countries had slightly different priorities, they were all rebuilding from the pandemic through initiatives in three areas: Digital public utilities, which include e-services for essentials such as gas, water, and communication systemsDigital economy […]
Leveraging Content Management Software to Facilitate a Cloud-First Approach
By Milan Shetti, CEO Rocket Software In today’s fast-paced digital business world, organizations have become highly adaptive and agile to keep up with the ever-evolving demands of consumers and the market. This has pushed many organizations to accelerate their digital transformation efforts in order to remain competitive and better serve their constituents — and there […]
With No-Code/Low-Code Solutions, Companies Find Flexibility and Reduce Cost
In today’s fast-paced business world, where companies must constantly innovate to keep up with competitors,depending on fully customizable software solutions created with programming languages and manual coding is insufficient. Instead, enterprises increasingly are pursuing no-code and low-code solutions for application development. No-code and low-code development entails creating software applications by using a user-friendly graphic interface […]
2022–23 Global Network Report: are you a top performer?
Senior executives around the world are realising their business success is irrevocably tied to their network strategy. Yet, the goalposts keep moving amid rapidly evolving network technology, making it harder to stay on a sustainable path of network growth. This is clear from NTT’s 2022–23 Global Network Report, for which we conducted 1,378 in-depth interviews […]
Are you ready for networking in 2025 and beyond?
Time stands still for no one – and for no network either. If there’s one lesson that emerged from the COVID-19 pandemic, it’s that large-scale change can happen without warning. If your network can’t adapt quickly and efficiently, you’ll be left by the wayside. For example, while your organisation may already have tapped the power of […]
How sport made CIO 100 winner Joanna Drake a better technology leader
As CIO at The Hut Group (THG), the British ecommerce firm behind such brands as Lookfantastic and Myprotein, Joanna Drake has been navigating some serious headwinds. Responsible for global operations and technology services across company and customer websites, staff technology, and THG’s direct-to-consumer Ingenuity service and hosting business, Drake has looked to support the rapid […]
Android security: Which smartphones can enterprises trust?
Google’s Android operating system dominates smartphone usage throughout the world — in every region except North America and Oceania, in fact. Thus, businesses in many regions are likely to support and issue Android devices to employees as their mainstay mobile devices. Even in areas where Apple’s iPhone dominates or is comparable in market share, businesses […]
CDO resumes: 5 tips for landing a chief data officer role
As companies start to adapt data-first strategies, the role of chief data officer is becoming increasingly important, especially as businesses seek to capitalize on data to gain a competitive advantage. A role historically focused on data governance and compliance, the scope of responsibilities for CDOs has since grown, pushing them to become strategic business leaders, according to […]
Sanjib Sahoo on the CIO as chief value officer
Sanjib Sahoo left his small hometown in India as a young man to pursue a career in transforming businesses. It’s a journey that took him across the globe and across industries, ultimately leading him to his current role as the award-winning chief digital officer and executive vice president of Ingram Micro, a $54 billion Fortune […]
Broadcom Software and Google Cloud: What’s Next for Software
By Andy Nallappan, Chief Technology Officer and Head of Software Business Operations, Broadcom Software Last month at Gartner Symposium in Orlando, Fla., I enjoyed talking with ZDNet’s Chris Preimesberger and Sahana Sarma, leader of Google Cloud’s transformation advisory, about the enterprise software landscape and how it is growing more complex and business-critical daily. Transforming and […]
A Team in Oregon is Tracking Endangered Owls by Sound Alone
When technology companies develop innovative new products in the high-performance computing (HPC) space, it allows life science researchers to do new things that they hadn’t imagined before. And when life science researchers make new breakthroughs, it pushes information technology to innovate new approaches to support those scientific advances. It’s a relationship that has driven innovation […]
CIO Australia Webinar: How to take customer experience to the next level
In the second of this two part CIO webinar series ‘Driving business success with true enterprise applications’, we speak with DXC Technology, brewing giant Lion and analysts Ecosystm about ‘How to take customer experience to the next level’. Today more than ever before, the customer is king. And having been conditioned – some might say […]
Palo Alto releases PAN-OS 11.0 Nova with new evasive malware, injection attack protection
Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy […]
Are Your IoT Devices Leaving Your Network Exposed?
For years, we’ve known that Internet of Things (IoT) devices can come under attack as quickly as within five minutes of being connected to the internet. These events predominantly include large-scale scanning techniques to exploit IoT devices that are vulnerable to basic attacks such as default credentials. Historically, hackers have used these attacks to create a network […]
Are you ready for quantum computing?
For years, quantum computing has seemed like the stuff of science fiction. But the truth is that quantum computing is here and it’s more accessible to organizations than you think. And while the technology is still in its infancy, it is advancing fast. In a recent interview, Ken Durazzo, vice president of Dell Technologies’ OCTO […]
Why Visibility is the Missing Component of Your Digital Transformation Program
Digital Transformation is a phrase prominent in the mind of every board executive. Gartner reports that 87% of senior leaders see digital transformation as a priority for their enterprise. The need to digitalise and modernise business processes and services has long been a desire, but the need to innovate has been accelerated by what we have […]
What you can’t see can hurt you: the importance of full-stack observability
Around the world, organisations are fine-tuning the new digital focus brought about by the COVID-19 pandemic. To remain competitive, they have to grapple with multicloud-based data and operations, software as a service and hybrid working, among other trends. In this dynamic environment, those that don’t know exactly how their business-critical applications are behaving and performing […]
Meet 2022 CIO UK 100 winner Joanna Drake
Speaking at the CIO UK 100 ceremony in London, The Hut Group’s Joanna Drake reveals what it means to be ranked the top CIO in the UK, how automation is helping her IT team become ‘consultants’, and why her sports background made her a better leader. Watch this episode: Listen to this episode: CIO, CIO […]
XDR: Still confusing after all these years
We’ve been discussing extended detection and response (XDR) for years now, but a fundamental question remains: Just what the heck are we talking about, anyway? Alarmingly, this continues to be a pertinent question. According to ESG research, 62% of security professionals claim to be “very familiar” with the term XDR, up from just 24% in […]
5 ways to find hidden IT talent inside your organization
A bank teller, a marketer, and an operations product owner at TruStone Financial Credit Union each had a knack for technology, but they didn’t think it would lead to a job in the IT department. Yet all three are now on CIO Gary Jeter’s IT team, and not because he’s desperate for bodies. Formal and […]
CIO and CTO Art Hu on incubating a new business inside Lenovo
Over the past several years, IT has undergone a profound shift in which a formerly support-oriented organization has taken on a much more prominent customer-centric role. Much of this has occurred thanks to the power of data to drive decisions and digital transformation’s impact in enabling companies to create new service- and data-based offerings around […]
Are product managers chief executives of their product? It depends.
It’s said that every company is now, at least partly, a software company, which is undoubtedly changing the IT landscape. As a result, product managers (PMs) have more opportunities and are more important than ever. Yet it’s often wondered, by everyone from the chief information officer to the help-desk technicians: What exactly does a PM […]
4 Tips to Managing Modernization Without Disruption
By Milan Shetti, CEO Rocket Software In today’s digital world, technology can make or break a company’s outcomes for its customers. As a result, all companies that use technology to meet or solve customer needs should consider themselves a tech company. In order to meet ever-changing customer demands, it’s critical that companies understand why and […]
ForgeRock set to roll out new IAM capabilities designed for the cloud
Identity and access management (IAM) vendor ForgeRock said Tuesday that it’s set to start rolling out its new Identity Governance offering—a cloud-based security and governance product designed to provide one-stop shopping for organizations looking to solve access management issues. There are three main components to ForgeRock’s newest IAM product, according to the company. The first, […]
Cohesity previews AI-powered ransomware protection suite, Datahawk
Backup and data management vendor Cohesity has started to preview a new ransomware protection SaaS product called Datahawk, which leverages AI and a host of other capabilities to help companies defend their data against bad actors. There are three core components to Datahawk, according to Cohesity. The first is a ransomware detection engine that uses […]
Episode 2: Future-Proofing Your Business with Agile IT Leadership
It’s clear that in the last two years, the global pandemic has created unique circumstances for business and IT leaders at small- and mid-sized businesses.. Yet strategic technology decisions, such as vendor consolidation, can help support a business’s ability to handle volatility and remain agile in challenging times. In this second episode of our 5-episode […]
Net-zero buildings for energy efficiency and climate action: Sydney and Toronto
For years, climate action groups such as the World Green Building Council have been working with businesses, organisations, and governments to deliver on the ambitions of the Paris Agreement and UN Global Goals for Sustainable Development. The central premise of their mission? If we are to fulfil the landmark pledges made in Paris, we need […]
Energy efficiency is no longer a nice-to-have, but a can’t-do-without
Today, the world is facing what might be called a trilemma: the concurrent climate, energy, and economic crises. Economies are struggling with multiple impacts, businesses are dealing with quickly increasing costs and supply chain disruptions, and consumers are coping with inflation and skyrocketing energy bills. Although the intensity of these crises varies in different parts […]
Key considerations for leaders at COP27
From the 6 – 18 of November, the Egyptian coastal city of Sharm el-Sheikh will play host to the largest annual gathering on climate action the world over: COP27. This year’s event marks the thirtieth anniversary of the adoption of the United Nations Framework Convention on Climate Change, with COP27’s fundamental purpose to push the […]
Cybersecurity issues in retail and smart cities
Cybercrime is nothing new. The threats that accompany society’s increased digitalization have been explored in alarmist articles, science fiction movies, and everything in between for decades. But that doesn’t mean the need for robust cybersecurity isn’t real. Digital enhancement brings increasing digital risk. Stringent provisions are more necessary than ever. Cybercrime’s prevalence and costs are […]
Veeam’s new pitch to CIOs: Outcome-based backup and recovery offerings
Veeam is all set to shift its selling strategy to appeal to CIOs with performance guarantees that could penalize the data replication, backup and recovery company if it fails to meet agreed-on outcomes. “CIOs more and more seek outcomes, not just services,” said Anand Eswaran, CEO at Veeam. “They need to hedge their risks. They […]
How Embracing DevOps Will Revolutionize Your Contact Center
Agility may be the defining feature of today’s contact centers. In the past, speed was the name of the game. How could a contact center be as efficient as possible, maximizing the call volume each agent could handle and minimizing average handle time? While these factors still play a role in contact center operations, customer […]
Global 2000 companies failing to adopt key domain security measures
Forbes Global 2000 companies are failing to adopt key domain security measures, exposing them to significant security risks, according to CSC’s Domain Security Report 2022. The enterprise-class domain registrar and Domain Name System (DNS) threats mitigator found that 75% of Global 2000s have implemented fewer than half of all domain security measures with Domain-based Message […]
Meta’s new kill chain model tackles online threats
In April 2014, Lockheed Martin revolutionized the cyber defense business by publishing a seminal white paper Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. This document sparked a new wave of thinking about digital adversaries, specifically, nation-state advanced persistent threat groups (APTs). The authors of the paper argued that […]
SAP seeks to make builders of business technologists
The good news for CIOs wanting to enable domain experts to develop their own apps to solve business problems is that there’s a vast array of low-code development platforms to choose from. The bad news: there’s a vast array of platforms to choose from. CIOs may, therefore, have mixed feelings about SAP’s release of yet […]
Build a mature approach for better cybersecurity vendor evaluation
Seasoned CISO Mike Manrod knows the value of a good cybersecurity vendor evaluation. He recalls that in a past job he inherited some very expensive vaporware under a long-term services agreement. His predecessor had purchased an “innovative” beta identity and access management platform but hadn’t done any analysis on the product, simply accepting the vendor’s […]
7 ways CIOs get themselves fired
CIO, the old wisecrack has it, stands for “career is over.” It’s a profession that’s fraught with ways to be forcibly escorted from your prestigious office and down to Human Resources to be walked through your severance package, and from there, after having signed mutual non-disparagement and non-compete agreements, along with a few other bits […]
Tata Consultancy Services delivers self-service analytics in-house
As one of the largest IT service providers in the world, TCS produces and depends on a massive amount of data to conduct and grow its business. But like many enterprises, its data practices made it difficult to derive timely, actionable insights from ever-increasing volumes of data, preventing the Mumbai-based multinational from becoming a truly […]
Why CIOs should invest in digital through economic headwinds
During the opening keynote at the recent Gartner IT Symposium in Barcelona, Gartner analysts said that CIOs should look to its latest moniker, IT for sustainable growth, to drive business transformation by focusing on three key strategies: ‘revolutionary work’ to empower the workforce, ‘responsible investment’ to balance financial and sustainability objectives, and ‘resilient cybersecurity’ to […]
Analytics is changing. How are you keeping pace?
Analytics have evolved dramatically over the past several years as organizations strive to unleash the power of data to benefit the business. While many organizations still struggle to get started, the most innovative organizations are using modern analytics to improve business outcomes, deliver personalized experiences, monetize data as an asset, and prepare for the unexpected. […]
New York-barred attorneys required to complete cybersecurity, privacy, and data protection training
New York-barred attorneys will be required to complete one continuing legal education (CLE) credit hour of cybersecurity, privacy, and data protection training as part of their biennial learning requirement beginning July 1, 2023. New York is the first jurisdiction to stipulate this specific requirement as the state aims to emphasize the technical competence duty of […]
With Digitate ignio™, Enterprises Managing a Multi-Cloud Strategy Automate Processes and Reduce Costs
Organizations that have embraced a cloud-first model are seeing a myriad of benefits. The elasticity of the cloud allows enterprises to easily scale up and down as needed. In practice, rather than commit to just one cloud service in today’s world of more distributed organizations due to Covid-19, many enterprises prefer to have multiple cloud […]
Stay-at-home Sales Propels Turkish Bathroom Pioneer into a Digital Transformation
During the recent pandemic, Turkey’s largest producer and exporter of ceramic bathroom products noticed an unusual phenomenon. “With everybody staying at home for two years, people looked around and thought it was time to change something in their bathroom,” noted Alp Güldür, group IT director at Eczacıbaşı Building Products. “The first year of the coronavirus, […]
8 reasons why digital transformations fail
Digital transformations can go off the rails in the best of times, but the past two years have wreaked additional havoc since employees began working remotely. Timing being what it is, though, with organizations hyperfocused on digitization, it’s more important than ever to address issues and fix problematic projects. Organizations can’t afford to fail at […]
How Cisco keeps its APIs secure throughout the software development process
Software developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring instead of rebuilding things that have great solutions out there already,” says Grace Francisco, vice president […]
Cybersecurity startups to watch for in 2023
The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base. The downside, of course, is that startups often lack resources and maturity. It’s […]
Medibank hackers revealed to be in Russia
The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia. On October 13, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber incident”. At the time the company believed no data had been accessed and that the […]
Johnson & Johnson’s big bet on intelligent automation
Three years ago, Johnson & Johnson (J&J) set out to apply intelligent automation (IA) to every aspect of its business. As the global COVID-19 pandemic was beginning to spread, the company, one of the world’s largest suppliers of pharmaceuticals, medical devices, and consumer packaged goods, needed to reduce costs, speed up tasks, and improve the […]
The top 12 supply chain management certifications
Supply chain management is a growing field and a satisfying profession, as a recent survey from the Association for Supply Chain Management (ASCM) found that 96% of those surveyed were highly satisfied with their career in SCM, with average rating of 8.4 out of 10. The survey also found that it pays to get certified: SCM pros with […]
Foundry announces CIO50 NZ Awards
CIO New Zealand is proud to present the CIO50 NZ Awards for 2022, recognising the top 50 senior technology executives who are driving innovation and influencing rapid change across their organisations. The CIO50 NZ Awards are aligned to Foundry’s global awards program and viewed as a mark of excellence in the CIO community worldwide. The […]
UK tech leaders report a spending increase, as IT blurs into business
Even though 90% of IT leaders in the UK expect an economic downturn, technology spending this year is set to grow at its third fastest rate in over 15 years, and most tech executives expect their budget to rise in 2023, according to the latest Digital Leadership report from talent and technology solutions firm Nash […]
3 Tips for Recession Proofing Your Tech Stack
By Milan Shetti, CEO Rocket Software For several months now, pundits and economists alike have indicated that we are likely to enter, or already have entered, a recession. Regardless, The National Bureau of Economic Research (NBER) has the final say on whether any period of economic decline qualifies as a recession, and that determination might not […]
Lacework releases cloud-native application security service
Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture. There are two main components to the CNAPP release, according to Lacework, both of which require only that […]
The Role of a Chief Modernization Officer: The Yin to Your CTO’s Yang
By Milan Shetti, CEO Rocket Software Modernization has become a hot-button topic across the tech and business landscape. With ongoing advancements in cloud technology and the seemingly unlimited potential of Artificial Intelligence (AI) and Machine Learning (ML) technologies, many organizations are eager to digitally transform and modernize their operations and software applications. In fact, 80% […]
Veteran CIOs on leading IT today
We live in a world where volatility, uncertainty, complexity, and ambiguity (VUCA) can either paralyze you with fear or energize you with unlimited opportunities. Because of this, leadership matters more than ever. And no organization develops leaders, at scale, better than the military. For a recent episode of the Tech Whisperers podcast, I sat down with […]
IT leaders meet the challenge to innovate frugally
These are challenging economic times for enterprises, and more so for IT leaders asked to drive innovation despite budgetary constraints. “There is a huge pressure on IT budgets across organizations,” says Vijay Sethi, chairman and chief mentor at technology-based mentorship platform MentorKart. “At the same time, the demands of users from IT are growing as […]
PCI DSS 4.0 is coming: how to prepare for the looming changes to credit card payment rules
For enterprises that handle credit card data, which means just about every consumer-facing company, payment processing is a mission-critical system that requires the highest levels of security. The volume of transactions conducted with general purpose credit cards (American Express, Discover, Mastercard, Visa, UnionPay in China, and JCB in Japan) totaled $581 billion in 2021, up […]
Zendesk announces 300 job cuts to reduce costs
CRM software provider Zendesk has decided to lay off 300 employees from its global workforce of 5,450 employees to reduce operating expenses, a recent filing with the US Securities and Exchange Commission (SEC) showed. The decision comes just months after the company was acquired by a consortium of private equity firms for $10.2 billion. “This […]
Microsoft faces new antitrust complaint over cloud software licensing in Europe
Changes Microsoft made to its cloud licensing of Windows and application software to “make bringing workloads and licenses to partners’ clouds easier,” the company says, have drawn the ire of those cloud partners, some of whom have jointly filed an antitrust complaint in the European Union. They’re concerned that Microsoft is using software licensing to […]
Business or IT: Who Drives Results with Your Data?
By Bryan Kirschner, Vice President, Strategy at DataStax One of the most painful – and pained – statements I’ve heard in the last two years was from an IT leader who said, “my team is struggling to find ways that our company’s data could be valuable to the business.” Contrast this with what a financial […]
Okta streamlines IAM portfolio with consumer identity management cloud
Potential access management customers got a new option from Okta Wednesday, as the identity and access management (IAM) provider announced a newly streamlined Consumer Identity Cloud system designed to simplify the deployment and use of its various products. Okta said that the new cloud program is split into two main components—those aimed at providing identity […]
Researchers show techniques for malware persistence on F5 and Citrix load balancers
Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks. While finding remote code execution vulnerabilities in such devices is not uncommon, incidents where attackers were able to deploy malware on them that can survive restarts or firmware upgrades […]
GitHub releases new SDLC security features including private vulnerability reporting
GitHub has announced new security features across its platform to help protect the software development lifecycle (SDLC). These include private vulnerability reporting, CodeQL vulnerability scanning support for the Ruby programming language, and two new security overview options. The world’s leading development platform said these updates make securing the SDLC end-to-end easier and more seamless for […]
Climate Innovators in the Information Age
Doing good for the planet is not inversely proportional to doing good business. Today it can actually mean better profit, stronger customer loyalty, and longer company sustainability. First, offices are finding paper less necessary than they used to. Recent surveys show a drop in paper consumption since the COVID-19 pandemic began. Work-from-home and remote offices […]
CIO Leadership Live with Ivneet Kaur, Chief Technology Officer at Silicon Valley Bank
Ivneet Kaur, Chief Technology Officer at Silicon Valley Bank, joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss the evolving digital customer experience, secure cloud migrations, agile-first, API-first strategies, competing for tech talent and more. Watch this episode: Listen to this episode: CIO, […]
Salesforce announces hundreds of job cuts
Cloud-based CRM software provider Salesforce has become the latest technology company to announce mass layoffs, cutting at least hundreds of jobs from its 73,000-person workforce. “Our sales performance process drives accountability. Unfortunately, that can lead to some leaving the business, and we support them through their transition,” Salesforce said in a statement confirming the layoffs. […]
Rezilion expands SBOM to support Windows environments
Software security platform Rezilion has expanded its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. The firm said the move will provide organizations with the tools to efficiently manage software vulnerabilities and meet new regulatory standards, addressing functionality gaps of traditional vulnerability management tools primarily designed for use with Linux OS. Features […]
Why it's time to review your Microsoft patch management options
You have several options to manage patching on Microsoft networks: let machines independently update or use a third-party patching tool, Windows Software Update Services (WSUS), or another Microsoft management product. If you are still using WSUS as your key patching tool, you may want to review your options. Microsoft is developing additional patching tools that […]
Examining the digital transformation juggling act at Novanta
Headquartered in Boston with more than 2,700 employees worldwide, Novanta is an $800 million global supplier of laser photonics, precision motion control, and vision technologies. As CIO, Sarah Betadam, who joined in 2019 as VP of business applications, and then became global CIO in January 2021, is charged with the strategic direction, leadership, and implementation […]
5 tips for excelling at self-service analytics
Data-informed decision-making is a key attribute of the modern digital business. But experienced data analysts and data scientists can be expensive and difficult to find and retain. One potential solution to this challenge is to deploy self-service analytics, a type of business intelligence (BI) that enables business users to perform queries and generate reports on […]
Is your cyber education program up to scratch?
The cyber-attacks on Optus and Medibank recently have brought into focus the devastating impact breaches can have on the reputation of any organisation. The Optus attack, which was the largest and most high profile in Australian history, has left almost 10 million customers understandably livid that their personal information was stolen. It is believed that […]
Fortanix unveils free DSM Explorer edition for managed data security
Fortanix is offering a free tier for its data security manager software, aiming squarely at attracting new small- and medium-size businesses into its customer ranks. The Explorer tier, announced Tuesday, offers five separate solutions for businesses to try or implement long-term, as long as they stay within the various usage caps. Those solutions include tokenization […]
WIIT: Enabling Enterprises to Realize the Full Potential of the Cloud While Bypassing its Complexity
Based in Italy and with more than 20 years of experience helping enterprises, from large international firms to emerging mid-sized operations, grow their businesses with technology, WIIT serves a rapidly expanding and diverse customer base. With a full portfolio that includes an extensive array of cloud offerings – including private, public, and hybrid cloud services […]
Resiliency, the Edge, and the Future of AI: A Conversation with SAS CTO Bryan Harris
What is the future of analytics and AI? And how can organizations thrive in an era of disruption? We asked Bryan Harris, Executive Vice President and Chief Technology Officer of analytics software company SAS, for his perspective. Q: What is your advice to technology leaders for improving organizational resiliency? A: Right now, we are all […]
CIO Confidential: What Keeps CIOs and IT Leaders Up at Night
By Ginna Raahauge, CIO at Zayo For businesses to deliver value to customers, they must stay on top of customer challenges. At Zayo, we understand the macro trends our customers are currently facing — such as remote and hybrid work and the growing importance of user experience — have impacted how they approach business. To […]
The 15 biggest data breaches of the 21st century
In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but […]
What the CIO balancing act looks like to Ovo Energy’s Christina Scott
CIO.com: Can you give us a snapshot of your role and responsibilities as CPTO at Ovo? Christina Scott: I joined Ovo, the UK’s third largest energy supplier, in September 2021 as chief product and technology officer. In this role, I lead Ovo’s technology, product and data teams, who provide intelligent energy technology solutions as we […]
8 secrets of successful IT freelancers
IT freelancing offers multiple benefits, including flexible working schedules, location choice, engaging assignments, diverse clients, and an opportunity to apply one’s talents in several different areas. But freelancing is also a business, and skilled IT freelancers know what it takes to find and keep great clients, as well as how to drop organizations that make […]
Why Is Data Quality Always an Afterthought? Strategies to Master Data Quality Management
For probably the umpteenth time, we use the term “garbage in, garbage out” when summarizing problems with data quality. It has indeed become a cliché. Various industry studies have uncovered the high cost of bad data, and it’s estimated that poor data quality costs organizations an average of $12 million yearly. Data teams waste 40% of […]
How ergonomics and technology combine to help health best practices
Ergonomics is often one of the most overlooked health concerns within the office. While there are OH&S regulations for lifting, moving heavy objects, and safety when working with chemicals and electricity, and there are guidelines for how long a person should be “sedentary” (i.e sitting), there are no formal governance requirements for the chairs that […]
Cloud and Conversational AI: The Twin Pillars of Success for Today’s Contact Centers
Contact centers are evolving rapidly. The days of single-channel, telephony-based call centers are long gone. This old model has given way to the omnichannel customer experience center. In legacy call centers, the customer’s pathway through sales or service was relatively linear. Call in, speak to an agent, and (hopefully) resolve the issue. In this system, […]
How to Launch Your AI Projects from Pilot to Production – and Ensure Success
This post is brought to you by NVIDIA and CIO. The views and opinions expressed herein are those of the author and do not necessarily represent the views and opinions of NVIDIA. CIOs seeking big wins in high business-impacting areas where there’s significant room to improve performance should review their data science, machine learning (ML), […]
Episode 1: Future-forward Marketing Strategies for Growth and Resilience
There’s no doubt that today’s small- and medium-sized business leaders are facing several unprecedented challenges. And building resilience to weather any upcoming storms is essential. In this first episode of our 5-episode podcast, Essential Connections: The Business Owner’s Guide to Growth During Economic Uncertainty, we welcome Jamie Domenici, Chief Marketing Officer at GoTo. Jamie’s unique […]
How Future-Minded Leaders Harness Cloud Technologies to Create a Sustainable Future
In a world where sustainability has become the new norm, technology is a key driving force for innovative businesses. Today, companies are looking for sustainable ways to reinvent the entire ecosystem of customers, suppliers, contract manufacturers, logistics service providers, and partners to support their supply chains from product design to operation. Let’s look at last year’s […]
Product-based IT: A blueprint for success
For veteran CIO Amir Arooni, the aha moment came during a master’s dissertation deep dive into why there were so many IT project failures. Digging through research examining the impact of standard conventions like siloed teams and staged gate processes, Arooni began percolating ideas for how to shift IT organizations away from the traditional project-oriented […]
How to prepare for a SOC 2 audit – it’s a big deal, so you’d better get ready
Organizations that want to prove to others – and to themselves – that they have a solid cybersecurity and data privacy program will undergo a SOC 2 audit. As such, a SOC 2 audit is a big deal, and it’s demanding, and it requires some serious preparation. SOC audits were created by the American Institute […]
12 famous ERP disasters, dustups and disappointments
With enterprise resource planning (ERP) and customer relationship management (CRM) applications at the heart of many a company’s operations, the consequences of a failed software rollout can be serious, including shareholder lawsuits and financial meltdown. But after a spate of high-profile failures, there are signs that vendors and customers are working hard to ensure the success of their ERP […]
The secret to minimising wrongly declined online payments
Every online business has two primary objectives: to get people to visit the site and convert those visitors into customers. Over the years, conversion efforts have evolved from focusing on shopping cart completion to capitalising on every feature of the website to enhance customer experience and maximise conversions. However, these efforts falter at the final […]
Qualys previews TotalCloud FlexScan for multicloud security management
Vulnerability management vendor Qualys this week announced the trial availability of its TotalCloud with FlexScan offering, an agentless, cloud-native vulnerability detection and response platform designed for use in multicloud and hybrid environments. The software is designed to provide a holistic overview of an organization’s cloud-based workloads and identify known vulnerabilities. The system also scans workloads […]
10 future trends for working with business leaders
More than ever, CIOs are expected to work with other parts of their business to help create value through the use of digital technologies — but the business world is volatile, making long-term planning a challenge. As part of the IDC FutureScape program, IDC Group VP Tony Olvet and research director Craig Powers offer 10 […]
Regeneron turns to IT to accelerate drug discovery
For pharmaceutical companies in the digital era, intense pressure to achieve medical miracles falls as much on the shoulders of CIOs as on lead scientists. Rigid requirements to ensure the accuracy of data and veracity of scientific formulas as well as machine learning algorithms and data tools are common in modern laboratories. When Bob McCowan […]
Geopolitics plays major role in cyberattacks, says EU cybersecurity agency
The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA). In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the […]
Identifying and Controlling Unconscious Bias Towards Suppliers
Supply chains are built on partner and supplier relationships, but often these relationships are not as strategic as they perhaps should be. Typically, companies have large numbers of suppliers and hundreds of line items that they source so manual selection of suppliers for each line item is practically impossible. Rather than continually reassessing and optimizing […]
To Unlock the Power of AIOps for Digital Transformation, Choose the Right Platform and Use Cases
The digital transformation bandwagon is a crowded one, with enterprises of all kinds heeding the call to modernize. The pace has only quickened in a post-pandemic age of enhanced digital collaboration and remote work. Nonetheless, 70% of digital transformation projects fall short of their goals, as organizations struggle to implement complex new technologies across the […]
Putting Out Fires Before They Start: The Compelling Case for AIOps + Observability
As organizations evolve and fully embrace digital transformation, the speed at which business is done increases. This also increases the pressure to do more in less time, with a goal of zero downtime and rapid problem resolution. Real costs to the business are at stake. For instance, a 2021 ITIC report found that a single […]
With Better Business Transaction Monitoring, Enterprises Move Away From Manual Tasks, Curb Revenue Loss
An organization depends on its financial institution to complete a major transaction, but a glitch holds up funds, negatively impacting cash flow. Meanwhile, regulators fined a different financial institution for failing to catch fraudulent transactions. In both situations, better business transaction monitoring could have helped prevent negative, costly outcomes. In the former, more seamless monitoring […]
4 Important Technology Investments for Every Contact Center
Contact centers don’t look like they did 10 years ago. Technology has fundamentally changed the way they do business. Alongside that transformation has come steady growth. In 2022, 80% of contact centers planned to expand their workforces, with half of those expecting to create entirely new roles. Only 1% planned to cut staff. Yet, as […]
Mapping a Cloud Strategy for 2023
Developing a strategy for controlling hard-to-predict cloud costs, remains difficult, especially when considering the new decentralized model of procurement. Consider this: “Any person who can commit code to the cloud can commit your organization to spend,” said Jennifer Hays, senior vice president of engineering efficiency and assurance at Fidelity Investments and the FinOps Foundation’s governance […]
Great Engineering Cultures are Built on Social Learning Communities
Reposted from Stack Overflow’s blog Stack Overflow is named as a Sample Vendor in the 2022 Gartner® Hype Cycle™ for Agile and DevOps for Communities of Practice. We believe this is a powerful step forward in enabling organizations of all sizes to build strong internal communities that foster collective learning. But before we get into […]
The CSO guide to top security conferences
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the months ahead. […]
CSO Executive Sessions with Darren Argyle of Standard Chartered Bank
Darren Argyle – Group Chief Information Security Risk Officer of Standard Chartered Bank – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about the importance of leadership and communication, best practices in hiring, and more. To read this article in full, please click here
Mondelez and Zurich’s NotPetya cyber-attack insurance settlement leaves behind no legal precedent
Multinational food and beverage company Mondelez International and Zurich American Insurance have settled their multiyear litigation surrounding the cyberattack coverage – or lack of such coverage – following the NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone’s […]
Why Modernizing Mainframe Development Needs Secure Open Source
By Milan Shetti, CEO Rocket Software According to a recent Rocket Software survey, 80% of IT professionals categorize the mainframe as critical to their business. But in order to be successful in today’s technology-driven world, businesses that rely on the mainframe must modernize their operations and integrate the latest tools and technologies. Companies choosing to abandon […]
CIO Middle East Promotion: Vendor interview – CommScope
Ehab Kanary, VP Sales, Enterprise Infrastructure for CommScope EMEA Emerging Markets, joins CIO Middle East Editor Andrea Benito at Gitex Technology Week. Watch the video: Vendors and Providers
CIO Middle East Promotion: Vendor interview – Commvault
Fady Richmany, Regional Vice President for Commvault, South Eastern Europe, Middle East and Africa, joins CIO Middle East Editor Andrea Benito at Gitex Technology Week. Watch this video: Vendors and Providers
CIO Middle East Promotion: Vendor interview – Micro Focus
Toufic Derbass, MEA Managing Director at Micro Focus, joins CIO Middle East Editor Andrea Benito at Gitex Technology Week. Watch the video: Vendors and Providers
CIO Middle East Promotion: Vendor interview – Snowflake
Mohamed Zouari, General Manager, Middle East, Turkey and Africa at Snowflake, joins CIO Middle East Editor Andrea Benito at Gitex Technology Week. Watch the video: Vendors and Providers
CIO Middle East Promotion: Vendor interview – Help AG
Nicolai Solling, Chief Technology Officer at Help AG, joins CIO Middle East Editor Andrea Benito at Gitex Technology Week. Watch the video: Vendors and Providers
CIO Middle East Promotion: Vendor interview – Zoom Video Communications
Sam Tayan, Head of MENA at Zoom Video Communications, joins CIO Middle East Editor Andrea Benito at Gitex Technology Week. Watch the video: Vendors and Providers
CIO Middle East Promotion: Vendor interview – Oracle
Cherian Varghese, Senior Vice President, Technology Software Middle East, Africa, Turkey and Levant for Oracle, joins CIO Middle East Editor Andrea Benito at Gitex Technology Week. Watch the video: Vendors and Providers
Espionage campaign loads VPN spyware on Android devices via social media
A new espionage campaign, dubbed SandStrike, has been detected using malicious VPN apps to load spyware on Android devices, cybersecurity company Kaspersky reports. It’s an example of how APT (advanced persistent threat) actors are constantly updating old attack tools and creating new ones to launch new malicious campaigns, particularly against mobile devices. “In their attacks, […]
Azul detects Java vulnerabilities in production apps
Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.
White House ransomware summit highlights need for borderless solutions
The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. At a press briefing before the Summit, a White House spokesperson said, “While the United States […]
Making the case for security operation automation
According to ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to […]
The new CIO security priority: Your software supply chain
One reason open source is popular in the enterprise is that it provides well-tested building blocks that can speed up the creation of sophisticated applications and services. But third-party software components and the convenience of packages and containers bring risks along with the benefits because the applications you build are only as secure as those […]
How Trainline’s CTO stays on track with professional development
Few would swap sunny San Francisco and the innovation of Silicon Valley for a train ticketing company serving disgruntled UK commuters, but try telling that to Trainline CTO, Milena Nikolic. A long-time Googler, who’s role as engineering director saw her lead the Google Play developer ecosystem, Nikolic was keen for something new that offered a […]
JetBlue optimizes data operations with shift to the cloud
The air travel industry has dealt with significant change and uncertainty in the wake of the COVID-19 pandemic. In 2020, JetBlue Airways decided its competitive advantage depended on IT — in particular, on transforming its data stack to consolidate data operations, operationalize customer feedback, reduce downstream effects of weather and delays, and ensure aircraft safety. […]
CIO Middle East Promotion: Vendor interview – Netscout
Emad Fahmy, systems engineering manager at NETSCOUT, Middle East, joins CIO Middle East Editor Andrea Benito at Gitex Technology Week. Watch the video: Vendors and Providers
CIO Middle East Promotion: Vendor interview – Mandinat
Gordon Love, VP Middle East and Africa at Mandinat, joins CIO Middle East Editor Andrea Benito at Gitex Technology Week. Watch the video: Vendors and Providers
Oracle interview – Gitex Technology Week
How to launch—and scale—a successful AI pilot project
At the US Patent & Trademark Office in Alexandria, Virginia, artificial intelligence (AI) projects are expediting the patent classification process, helping detect fraud, and expanding examiners’ searches for similar patents, enabling them to search through more documents in the same amount of time. And every project started with a pilot project. “Proofs of concept (PoCs) […]
Menora Mivtachim goes digital to speed up pension transfers
The pace of population aging is accelerating. In 2020, people aged 60 and older already outnumbered children younger than five, and by 2050, the world’s population of those 60 and older will double according to the World Health Organization. So, for instance, it’s not surprising that retirees represent the largest growth segment in Israel’s insurance […]
Netacea launches malicious bot intelligence service to help customers tackle threats
Cybersecurity vendor Netacea has announced the launch of a new Business Logic Intelligence Service (BLIS) designed to give customers actionable insight to help them tackle malicious bot activity and security threats. The firm said that the tiered, fee-based service will provide organizations with bot threat intelligence based on research including analysis of dark web forums […]
How to securely manage LAPS on a Windows network
Passwords have always been a pain point in securing computing infrastructure. Complexity and length are key components of a strong password, but both make it inherently difficult for a human to remember. Additionally, passwords should be changed periodically, fine when you’re working with a handful of devices, but when your network is distributed geographically with […]
7 hard truths of business-IT alignment
When New York-Presbyterian CIO Daniel Barchi arrives at work in the morning, he doesn’t sit down at his desk. That’s because he doesn’t have a desk — or an office — of his own. “I guide a very, very large team of IT people, but I don’t have one office where I go every day,” […]
OpenSSL project patches two vulnerabilities but downgrades severity
The OpenSSL project released a patch for two high severity vulnerabilities in the world’s most widely used cryptographic library. The project’s maintainers warned users since last week to prepare for a critical patch on November 1, but the severity has since been downgraded following additional testing. Organizations should still determine which of their applications and […]
SASE Reality Check: Security and SD-WAN Integration Journey
By: Nav Chander, Head of Service Provider SD-WAN/SASE Product Marketing at Aruba, a Hewlett Packard Enterprise company. Today, enterprise IT leaders are facing the reality that a hybrid work environment is the new normal as we transition from a post-pandemic world. This has meant updating cloud, networking, and security infrastructure to adapt to the new realities […]
Teraco and VMware are Taking a New Approach to Support the Efforts of South Africa’s Cloud Innovators in Their Quest to Achieve Zero Carbon Emissions
“The barriers confronting organizations in South Africa that want to achieve carbon neutral status by 2030 are significant. Among them is the simple reality that most of the nation’s power production originates from coal-fired plants located in the northeastern part of the country while the greatest potential impact for sustainable approaches like solar and wind […]
The OSPO – the front line for secure open-source software supply chain governance
Organizations of every shape, size, and sector have embraced open-source software (OSS). The financial, medical, and manufacturing industries – and even national security – now use OSS to power their most critical applications and activities. However, this widespread adoption comes with pitfalls: a corresponding increase of almost 800% in software supply chain attacks according to […]
CIOs rethink how they hire for hard-to-fill IT roles
CIOs need to try a lot harder these days to find IT talent, particularly when it comes to the most difficult-to-fill positions. Strategies most IT leaders are deploying include offering signing bonuses and more paid time off, being open to hiring people with different types of life experiences, and looking for cultural fit in addition […]
Avoiding a Stay at a Haunted Hotel And Why We Need a Travel App for That
Imagine booking a room at a small, charming, off-the-beaten-path hotel on the Hawaiian island of Kauai using a popular mobile travel app, only to discover that the room is… haunted! That’s what happened to my friend Dana. As Dana told it, she went to bed at midnight after a long travel day. But that didn’t […]
What a Combined Broadcom and VMware Can Deliver to Our Customers
By Hock Tan, Broadcom President & CEO Over the last several weeks, I have had the opportunity to visit with Broadcom customers around the world to discuss what’s on the horizon as they navigate increasingly complex IT operating environments. During these visits, I’ve also answered their questions and shared our vision of what a combined […]
Cloud spending forecast to grow despite faltering global economy
Even as enterprises attempt to tackle economic headwinds with budget cutbacks, a research report from market research firm Gartner showed that end-user public cloud spending is expected to grow in 2023. The report, which covers categories such as infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS) among other cloud services, showed that public cloud spending is […]
Engineering workstation attacks on industrial control systems double: Report
Engineering workstation compromises were the initial attack vector in 35% of all operational technology (OT) and industrial control system breaches in companies surveyed globally this year, doubling from the year earlier, according to research conducted by the SANS Institute and sponsored by Nozomi Networks. While the number of respondents who said they had experienced a […]
CISA releases cybersecurity performance goals to reduce risk and impact of adversarial threats
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) released voluntary cross-sector Cybersecurity Performance Goals (CPGs). CISA was required to produce the CPGs under a national security memo on improving cybersecurity for critical infrastructure control systems issued by President Biden in July 2021. Working in coordination with the National Institute of Standards and Technology […]
Akamai to boost network-layer DDoS protection with new scrubbing centers
Content delivery network (CDN) provider Akamai said Tuesday that its Prolexic DDoS protection service will become able to handle DDoS attacks of up to 20Tbps, thanks to a new wave of construction of so-called scrubbing centers. The company’s announcement said that this will effectively double its current capacity to handle network-level DDoS attacks, with rollouts […]
How business password managers solve the chaos of password misuse
For network administrators, passwords are like an old but increasingly unreliable friend. While easy to use on a single site, employees often choose weak ones, which makes them easy to brute force. Even when they’re strong, using them across multiple logins means employees end up with too many to remember in ways that encourage the […]
Product manager salary: Pay range factors, tips for making more
As project-based business practices give way to product-focused cross-functional teams, the product manager role is taking on prominence, increasingly attracting interest from job candidates who might otherwise go into IT. A product manager coordinates technical, marketing, and business functions, taking ownership over a specific product or service over the course of its lifecycle. It’s an […]
Data capture by border agencies can and will happen – are your on-the-road employees prepared?
Does your company have a travel policy that instructs and supports employees traveling internationally for business with direction regarding comportment and cooperation? This isn’t a trick question. To have a travel program that provides employees with anticipated scenarios, and to provide them with unique devices for international travel, is a significant investment of resources both […]
8 hallmarks of a proactive security strategy
CISOs have long been tasked with building response and recovery capabilities, the objective being to have teams that can react to a security incident as quickly as possible and can restore business functions with as little damage as possible. The need for those activities is certainly not going to go away, but many security chiefs […]
How online retailers can harness live shopping on social media with modern commerce — and boost massive growth
Live shopping is one of the most exciting retail experiences in a long time. As shoppers become increasingly eager to buy via live shopping on social platforms such as Instagram and TikTok, retailers face new challenges: How to capture the shoppers’ attention on social media when the urge to buy hits? How can retailers create […]
Phishing attacks increase by over 31% in third quarter: Report
Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing 2021 levels by 55.8 million. Malware emails in the third quarter of 2022 alone increased by […]
Blockchain security companies tackle cryptocurrency theft, ransom tracing
According to data from the Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 […]
Macroeconomic jitters further slow AWS growth in Q3
Macroeconomic conditions led by the pandemic and the geopolitical crisis in Ukraine have further slowed down growth of Amazon’s cloud computing unit, Amazon Web Services (AWS), in the third quarter of 2022. Amazon on Thursday said AWS had raked in revenue of $20.5 billion for the quarter ended September 30, up 27.5% year-on-year. However, revenue […]
Top cybersecurity M&A deals for 2022
The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period in 2020. That trend is likely to continue in 2022. Many of the 2021 transactions CSO […]
How to prepare for your first CIO role
“As a first-time CIO, there are things you’ve never done before, and conversations you’ve never had before, at this level, in this role,” recounts Sarah Cockrill, who is one year into the director of digital strategy and information technology position at Canterbury University, in Kent, England. “You almost don’t want to say to your boss, […]
What transformational leaders too often overlook
High-performing CIOs know that digital mastery depends on a strong foundation of rock-solid infrastructure, information security, enterprise data management, and sound IT governance. But for all the emphasis on cutting-edge technology for business transformation, IT infrastructure too often gets short shrift. Infrastructure, what happens behind the IT screen, and related support activities remains poorly understood, […]
Security by design vital to protecting IoT, smart cities around the world, says CEO of UK NCSC
A secure by design approach is vital to protecting the internet of things (IoT) and smart cities, according to Lindy Cameron, CEO of the UK National Cyber Security Centre (NCSC). Cameron spoke during Singapore International Cyber Week, calling for swift ongoing action to ensure connected devices are designed, built, deployed, and managed securely to prevent […]
Why Terminal Emulation is One of Your Business’s Most Critical Tools
By Milan Shetti, CEO Rocket Software According to PwC, almost two-thirds (60%) of Chief Information Officers (CIOs) see digital transformation as one of the most important drivers of growth this year. The cloud has been a major part of most organizations’ IT investments and digital transformation journeys. In fact, Gartner forecasts worldwide public cloud end-user […]
Booz Allen Hamilton CIO Brad Stone discusses key leadership methods to fuel success
Since its beginnings in 1914 to what it is now as a global consultancy firm with nearly 30,000 employees, Booz Allen Hamilton has been able to evolve through the ages by helping to redefine the industry through advancements in technology and sourcing the right talent. Brad Stone, who has been with the company for over […]
BrandPost: Top 5 Regulatory Reasons for Implementing Zero Trust
We are beyond the point of viewing Zero Trust as a simple marketing feature for information technology or cybersecurity companies. It is a floor for any technology vendor who wants to provide high-value solutions to government or commercial customers. Before getting into the details, let’s first settle on what we mean by Zero Trust. In […]
How Cisco's Cloud Control Framework helps it comply with multiple security standards
An XKCD comic strip shows two tech workers frustrated that there are 14 competing standards for a variety of use cases. “We need to develop one unified standard that covers everyone’s use cases,” they say. The next frame shows that there are now 15 standards instead of one. Brad Arkin, the chief security and trust […]
BrandPost: 10 Best Practices for a Zero Trust Data Center
Today, there is no such thing as an enterprise network perimeter — the location of applications, users, and their devices are no longer static; BYOD is common; and data is everywhere. With ever-evolving cybersecurity threats and no fixed perimeter, traditional security strategies fail to protect highly distributed networks, users, and applications. Organizations need an innovative […]
ServiceNow buoyant about growth despite economic headwinds
Workflow automation provider ServiceNow on Wednesday said it remained optimistic about growth for the rest of the year, despite the uncertain macroeconomic environment, hoping the situation will in fact boost demand for its offerings. “As you know, they (enterprises) are either not hiring, they’re laying people off, and they have to do more with less. […]
Iran’s nuclear energy agency confirms email server hacked
The Atomic Energy Organization of Iran on Sunday confirmed that an email server at its Bushehr Nuclear Power Plant was hacked. The organization blamed a foreign country, but an Iranian hacking group that goes by the name Black Reward has claimed responsibility for the breach. The Atomic Energy Organization said that the IT group serving […]
When CISOs are doomed to fail, and how to improve your chances of success
There’s a joke cryptographer Jon Callas likes to tell: CISO stands for Chief Intrusion Scapegoat Officer, “because CISOs are often thrown into a position where they can’t succeed.” Callas, who is the director of public interest tech at the Electronic Frontier Foundation, says that security officers are often “simultaneously in charge and powerless.” They know […]
Top 14 CompTIA certifications
Whether you are just starting your IT career or looking to upgrade your career path by benchmarking your skills, exploring CompTIA certifications could be a wise choice. It provides vendor-neutral, entry-level to advanced certifications on a wide range of technology topics. According to CompTIA, it has awarded more than 2.5 million certifications in areas such […]
5 top ERP trends for 2022 — and their implications for IT leaders
It wouldn’t be far-fetched to call ERP (enterprise resource planning) the brain of an organization’s IT infrastructure. After all, an ERP system streamlines, standardizes, and integrates a wide range of vital business processes across diverse business functions. Implementing an ERP solution ranks among the most capex-intensive projects any IT leader will undertake. In addition to […]
Leadership playbook: Michelle McKenna’s winning formula for CIOs
A transformer, teambuilder, and trailblazer, Michelle McKenna founded her executive advisory firm, The Michelle McKenna Collaborative, after spending 10 seasons as the National Football League’s first-ever CIO and its first female C-level executive. Those are just two of the many “firsts” McKenna has accomplished over the course of her career, which has also included executive […]
Huawei Technologies’ Surachai Chatchalermpun on protecting the company’s business in Thailand
Surachai Chatchalermpun – Country Cyber Security & Privacy Officer at Huawei Technologies (Thailand) – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about Thailand’s Personal Data Protection Act, Huawei’s initiatives to plug the cybersecurity talent shortage in the country, and more. To read this article in full, please click here
IoT security strategy from enterprises using connected devices
IoT devices pose significant threats to enterprises because of lack of visibility into what devices are on enterprise networks and inadequate use of monitoring tools to watch for malicious behaviors.
Shut the front door: Preventing phishing attacks
Security incidents have been at record high levels throughout 2022, with the top threats including data breaches and ransomware, driving financial fraud, and losses from ransom payments. The numbers are ever rising for known malware attacks. A recent report by UK-based IT Governance identified 112 publicly disclosed security incidents in August 2022 across the United […]
Research reveals how to shift customer service from a cost center to a growth driver engine; Service set to unite customer experiences
There’s an old saying when something you value changes and no longer brings you the joy the way it used to, “it’s not like it used to be.” For those who remember the good old days, great service was an essential part of the customer experience. Nowadays, customer service is not what it used to […]
U.S. Bank’s Dilip Venkatachari on the explosive growth in digital services
Dilip Venkatachari, Global Chief Information and Technology Officer at U.S. Bank, joins host Maryfran Johnson for this CIO Leadership Live interview, jointly produced by CIO.com and the CIO Executive Council. They discuss the explosive growth in digital services, mapping new customer journeys, critical upskilling needs and more. Watch this episode: Listen to this episode: Careers, […]
7 ways to ruin your IT leadership reputation
Respect is an asset every CIO seeks. Achieving a reputation for knowledge, reliability, and honesty takes time, as well as a strong personal commitment to embracing professional standards. Yet a single false move, made in haste or by a momentary lack of judgment, can leave a hard-earned reputation in ashes. The IT leader’s role has […]
Microsoft Event Log vulnerabilities threaten some Windows operating systems
A pair of newly discovered vulnerabilities have highlighted the ongoing risks posed by Internet Explorer’s (IE) deep integration into the Windows ecosystem, despite Microsoft ending support for IE in June 2022. Discovered by the Varonis Threat Labs team, the exploits affect an IE-specific Event Log that is present on all current Windows operating systems up […]
How to update your Windows driver blocklist to keep malicious drivers away
For many years, attackers have used and abused various ways to get on our systems. From phishing to tricking us to click on websites, if an attacker can get their code on our systems they are no longer our systems. Attackers will even invest the time, energy, and expense to get their malicious drivers approved […]
Alphabet pins hopes on Google Cloud as ad revenue growth declines
Alphabet on Tuesday posted lower-than-expected numbers for its third financial quarter, where it fell behind both revenue and profit expectations. While overall revenue growth slowed to 6% in the quarter for Alphabet, Google Cloud grew 38% year-on-year to $6.9 billion, giving the company much needed support. “I’ve long shared that cloud is a key priority […]
Three Ways Banks Can Improve Identity Authentication and Customer Data Privacy
Digitalization is a double-edged sword for banks, especially when it comes to security. A massive shift to cloud and API-based ways of working has made the sector become more agile and innovative, but it has also opened the floodgates for identity theft. As interactions and transactions become more interconnected, even the simplest processes like opening […]
96% of companies report insufficient security for sensitive cloud data
The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA). The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various […]
Resume makeover: Transforming a career post-mortem into a C-suite future
One trap IT leaders often fall into when seeking a new job is viewing their resume as a historical document of their career. The reality is that your resume should paint a clear picture of your career’s future, detailing your past work experience as a roadmap that leads inevitably to your next leadership gig. But […]
SAP cloud sales jump, fueling a rise in revenue
Fueled by strong sales of cloud-based software that more than offset a decline in revenue from on-premises applications, SAP revenue jumped in the third quarter compared to the year-earlier period. Total revenue for the quarter ending Sept. 30 was €7.84 billion (US$7.72 billion), up 15%, according to company’s quarterly financial report, released Tuesday. SAP’s cloud […]
The data flywheel: A better way to think about your data strategy
This article was co-authored by Duke Dyksterhouse, an Associate at Metis Strategy. Data & Analytics is delivering on its promise. Every day, it helps countless organizations do everything from measure their ESG impact to create new streams of revenue, and consequently, companies without strong data cultures or concrete plans to build one are feeling the […]
Advizex and HPE GreenLake Take Aim at Hybrid Cloud Complexity
Companies are angling for the pay-per-use pricing, scalability, and flexibility advantages of public cloud, yet not every application or workload is a fit for the paradigm. Enter the Advizex/HPE GreenLake partnership, which tackles hybrid IT challenges by replicating the cloud experience wherever workloads are running and without the typical operational complexities. With the HPE GreenLake […]
It’s time to prioritize SaaS security
Did our focus on IaaS security come at the expense of SaaS security? Know what to guard against, especially excessive user permissions and misconfigured UIs, APIs, and integrations.
IBM and AWS Create a Path to Modernization Via Industry-Specific Solutions
Modernization journeys are complex and typically highly custom, dependent on an enterprise’s core business challenges and overall competitive goals. Yet one way to simplify transformation and accelerate the process is using an industry-specific approach. Any vertical modernization approach should balance in-depth, vertical sector expertise with a solutions-based methodology that caters to specific business needs. As […]
Episode 3: The Data Imperative for Financial Services
The move to digital business has wrought profound changes in certain industries, and financial services is one of them. Not only are traditional financial services companies using data and technology to change the game, a plethora of “FinTech” startups are using digital products to dislodge traditional players. This podcast features Peter Ku. Vice President, Chief […]
The successful CIO’s trick to mastering politics
Politics gets a bad rap. Or is it rep? When a CIO proposes a transformational initiative that fails to get traction, they often complain that politics got in the way. They might even add the once-humorous, now tired definition — that politics gets its name from “poly” (many) followed by the name of a popular […]
Leveraging Standardization and Automation to Facilitate DevOps Testing in Multi-Code Environments
By Milan Shetti, CEO Rocket Software In today’s volatile markets, agile and adaptable business operations have become a necessity to keep up with constantly evolving customer and industry demands. To remain resilient to change and deliver innovative experiences and offerings fast, organizations have introduced DevOps testing into their infrastructures. DevOps environments give development teams the […]
Break Down Silos and Foster Collaboration: Best Practices for Knowledge Sharing
You’ve heard it before: change is the only thing we can count on. It’s especially true in today’s volatile job market and constantly changing work landscape. With so much in flux, organizations that fail to preserve their institutional knowledge are inviting major losses in productivity and innovation. The reality is that doing nothing to surface, […]
How SAP Helped a Leading Apparel Manufacturer Stay in Fashion with International Customers
If there is one universal truth, it’s that fashion is fickle. In the apparel industry, what’s in fashion one day may be out of fashion the next. So, if you’re an apparel manufacturer, you need the most efficient, responsive, and innovative operation possible. That way, you can keep up with ever-changing demand and stay in […]
IT’s most wanted: 11 traits of indispensable IT pros
The skills that make some IT pros invaluable can be hard to put your finger on, but tech leaders say the high-performers on their teams share similar traits that are helpful to identify when recruiting — and to keep teams running smoothly. These indispensable technologists are always solving problems, and they consistently bring enthusiasm to […]
An expanded attack surface: The cybersecurity challenges of managing a hybrid workforce
With the global pandemic upending the traditional way we work, employees across every market sector in New Zealand are now spending their workdays alternating between offices, their homes and other locations. It’s a hybrid work model that Kiwis have embraced and it is here to stay. At a recent CIO New Zealand roundtable event in […]
How Obsessing Over Customers Can Result in Greater Overall Success
Listening to customers is a strategy that often sounds good on paper but is soon overshadowed by other areas of business or trends. Hyland, however, remains laser-focused on making sure customer success is the key to product improvements and a core component of the company’s culture. We spoke with Drew Chapin, CMO at Hyland, to […]
Putting an End to Zombie Projects: How Value Stream Management Can Help
For many of today’s IT teams, there’s a common, recurring question that keeps being posed: Why are we doing this? This question is fundamental, some may say basic, but it is often one that teams don’t get good, solid answers to. Further, this speaks to a broader lack of visibility and insight. Among the many […]
Over 90% of companies overpay for project collaboration software: Report
As popularity of project collaboration software grows along with other software-as-a-service products, a research report from SaaS purchasing platform Vertice shows that more than 90% of enterprises are overpaying for these tools. The project collaboration software market is estimated to reach a value of $27.40 billion by the end of 2022, from $21.69 billion […]
Inside track: Chris Bedi on his evolving CIO role at ServiceNow
What’s in a name? For Chris Bedi, who joined ServiceNow as CIO in September 2015, a lot: the company recently gave him a new title, chief digital information officer, and rebranded his IT team as “digital technology.” “The rebranding is an acknowledgement of how the role has changed,” he says, but is also intended to […]
The rise of the revenue-generating CIO
It’s Business 101: A company exists to make money. So as a CIO, Ajay Sabhlok believes his mandate is “to figure out how to generate revenue for the company.” Sabhlok, CIO and chief data officer of security technology vendor Rubrik, says he does that by searching for unmet needs, bottlenecks, and problem areas and then […]
4 Steps to Streamline Your Contact Centre Spend
The contact center market is growing at a rapid pace. As the key business hub for sales and service, contact centers have long served an important role for customer experience (CX). During the pandemic, they became even more critical. Today’s contact center agents handle 7.2 more calls per day than they did pre-pandemic. The contact […]
Chipotle’s recipe for digital transformation: Cloud plus AI
When Curt Garner became Chipotle’s first CIO in 2015, the only technology used for online restaurant ordering was, “believe it or not,” a fax machine, he says. Seven years later, the Newport Beach, Calif.-based company is piloting a system with a robotic arm dubbed “Chippy” that prepares the fast-casual chain’s famed fried salt-and-lime chips homemade […]
Don’t Have Real-time Visibility and Control Over Your Endpoints? Your Business May Be at Risk
Since the pandemic began, 60 million people in Southeast Asia have become digital consumers. The staggering opportunities Asia’s burgeoning digital economy presents are reason enough to spur you into rethinking the way you do business. This means one thing: digital transformation. Cloud adoption empowers organisations to adapt quickly to sudden market disruptions. Back when the […]
As ESG Action Gains Momentum, Innovation Takes the Spotlight
Written by Pamela Rucker, CIO Advisor and Instructor, Harvard Professional Development ESG (Environmental, Social, and Governance) topics have emerged as critical issues for organizations of all sizes. Among those issues, sustainability has seen a surge of interest, rising steadily on CIOs’ priority lists. Via a series of interviews and panels at Schneider Electric’s Innovation Summit 2022, a […]
3 ways to deter phishing attacks in 2023
Retailers are not the only people looking forward to the holiday season. It will be a busy time for scammers and fraudsters too as they send out coupons, deals and offers to consumers, and even thank-you vouchers to employees, purporting to come from organizations and brands they trust. In fact, CIO has reported that it […]
Routed: Being Committed to Sustainability Will Ultimately be a Non-Negotiable Attribute in Business
“The foundation of our business is rooted in sustainability. From the products we offer to the services we provide, our aim is to provide the highest levels of business continuity responsibly. Moving workloads to the cloud has been proven to reduce enterprises’ energy usage and their carbon footprint by at least 30%. To be known […]
With Conti gone, LockBit takes lead of the ransomware threat landscape
The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to reports from two threat intelligence companies. However, the gap left by the Conti gang has been filled by other players, with LockBit cementing itself in the top position and likely to serve as a future source […]
Securing your organization against phishing can cost up to $85 per email
As phishing attacks increase, preventing them from doing damage is proving costly for organizations. Phishing-related activities are consuming a third of the total time available to IT and security teams and costing organizations anywhere between $2.84 and $85.33 per phishing email, according to a new report by Osterman Research. The report does not calculate the […]
What is ESG? Environmental, social, and governance commitment explained
What is ESG and why is it important? Environmental, social, and corporate governance (ESG) is a strategic framework for identifying, assessing, and addressing organizational objectives and activities ranging from the company’s carbon footprint and commitment to sustainability, to its workplace culture and commitment to diversity and inclusion, to its overall ethos regarding corporate risks and […]
Tunstall’s CTO wants to build the Porsche 911 of telehealth
Gary Steen joined assistive technology provider Tunstall Healthcare as its group chief technology officer (CTO) in August 2021, having previously been managing director for technology at telecommunications provider TalkTalk. The move was motivated by his desire to bring expertise across sectors, to work for a British technology company, and to fulfil his own social purpose […]
Reimagining the new future of work: The CXO’s transformation conundrum
However we may have defined the “future of work” before 2020, our new reality has advanced technology investments, inspired new operational models, and changed how we work. While the rapid shift to a digital-first world powered by remote work proved mostly successful, some organizations are vying to put the genie back in the bottle by […]
Supply chain attacks increased over 600% this year and companies are falling behind
The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels […]
Oracle adds Fusion Cloud features targeted at healthcare firms
Increasing its focus on healthcare industry customers, Oracle on Wednesday announced updates for its Cloud Fusion suite aimed at meeting their financial planning, supply chain and human resources needs. The updates, which were announced at the company’s ongoing annual CloudWorld conference, include additions to the company’s Enterprise Planning Management (EPM), Supply Chain management (SCM) […]
Oracle opens up ERP app platform, updates Fusion Cloud offerings
Oracle on Wednesday said that it is opening up its ERP applications platform to customer developers and partners, unveiled new B2B commerce services, and announced a variety of additions to its enterprise planning management (EPM), supply chain management (SCM) and human capital management (HCM) Fusion Cloud offerings. The updates, which were announced at the company’s […]
Extraordinary Digital Experiences, Made Possible by Cloud and a Modern IT Infrastructure
With 190 participating countries and 24 million visitors, Expo 2020 Dubai was one of the world’s largest events, connecting everyone to innovative and inspiring ideas for a brighter future. But what does it take to support an event on such a grand scale? The answer is a robust cloud and modern IT infrastructure, which would […]
What is the CIO’s role today? Redefining transformational IT leadership
When your children, friends, or acquaintances, ask what you do for a living, how do you, a CIO, answer them? “I am the future of our business” sounds a bit megalomaniacal, and “I manage the technology function” does not begin to do justice to the impact of your work. Since my team and I spend […]
CIOs get strategic in the cloud: 4 success stories
Enterprise CIOs are gobbling up a vast buffet of advanced cloud services in the post-pandemic era. In the aftermath of that unprecedented time, the cloud has evolved from a single-purpose compute and storage IaaS that saved business from global collapse into a far more complex platform capable of supporting a new class of advanced applications […]
Driving a culture of innovation at Merchants Fleet
For the past 60 years, privately-owned Merchants Fleet has provided fleet management and leasing solutions to a broad range of businesses, governments, and educational institutions. And according to Jeanine Charlton, the company’s SVP and chief technology and digital officer, 2021 was their best year ever, helped in large part to its approach to digital transformation and an […]
8 top multi-factor authentication products and how to choose an MFA solution
Today’s credential-based attacks are much more sophisticated. Whether it’s advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of a third-party service, credentials are easily the most vulnerable point in defending corporate systems. All these attacks key on traditional credentials, usernames and passwords, which are past their expiration date as […]
Radically Reduce Downtime and Data Loss with SaaS-based Disaster Recovery
As 2022 wraps up, many IT leaders are re-evaluating their current infrastructure to understand how they can continue to modernize, reduce complexity at scale and — most importantly — protect their organization. Common pain points include management overhead and rising costs, with their overall impact on budget becoming a larger and larger concern. But it’s […]
GitGuardian adds IaC scanning to code security platform to protect SDLC
GitGuardian has added infrastructure-as-code (IaC) scanning to its code security platform to enhance the security of software development. The firm said the new feature will help security and development teams write, maintain, and run secure code, protecting the software development lifecycle (SDLC) against risks like tampering, code leakage and hardcoded credentials. The release reflects a […]
Pathway to simplifying complexity and fast track app modernisation
Increasing adoption of digital technologies are making apps inevitable in our everyday life. Apps are pivotal in enabling companies to innovate and gain a competitive edge in digital interactions, from social selling to data-driven marketing. “With customers gaining control over the way companies deliver experiences, enterprises must provide new customer experiences to meet and exceed […]
24 mistakes that make hiring IT talent harder
Demand for tech workers remains high, with no signs of easing up. The proof is in the numbers: 319,652 job postings for IT workers in August, according to CompTIA, a nonprofit trade association issuing IT professional certifications. The month before there were 371,847. That kind of competition for talent puts pressure on CIOs and their […]
Texas Rangers data transformation modernizes stadium operations
In 2016, Major League Baseball’s Texas Rangers announced it would build a brand-new state-of-the-art stadium in Arlington, Texas. It wasn’t just a new venue for the team, it was an opportunity to reimagine business operations. The old stadium, which opened in 1992, provided the business operations team with data, but that data came from disparate […]
Altruism under attack: why cybersecurity has become essential to humanitarian nonprofits
Humanitarian initiatives have always been of huge global importance, but perhaps never more so than over the past few years. The impacts of the COVID-19 pandemic, unprecedented shifts in weather patterns limiting resource availability and triggering mass migration, Russia’s invasion of Ukraine, and some of the largest rises in living costs for decades have all […]
Wonderla Holidays goes digital to enhance business and customer fun
As the COVID-19 pandemic wanes, attendance at Wonderla amusement parks has hit new heights, leaving Bengaluru-headquartered Wonderla Holidays Ltd. at a crossroads. The company, listed on both the National Stock Exchange and the Bombay Stock Exchange, operates three amusement parks in Kochi, Bengaluru, and Hyderabad that were set up in 2000, 2005, and 2016, respectively, and […]
BrandPost: Why Ease-of-Use is Central to Better Security
Here is an old joke from my days as a consultant. A customer asked, “How can I be sure my computer is protected from viruses?” My admittedly sarcastic response was that they should disconnect it from the network. Unplugging devices from the network has never been a practical solution, then or now. The world relies […]
A Passionate ‘Angel Investor” Turns Clean-power Champ
No one sounds more amazed about his career path than Anthony Osijo himself. He was a career banker living in Hong Kong when friends from university pitched their new utility startup called Bboxx. “I was an angel investor,” laughs Osijo from his London home office. Now, as Chief Financial Officer of Bboxx, it’s Osijo’s job […]
The Countdown to DORA
By Ilias Chantzos, Global Privacy Officer and Head of EMEA Government Affairs, Broadcom On May 11, 2022, the European Union (EU) reached provisional agreement on the new Digital Operational Resilience Act (DORA). Despite the choice of term, there’s nothing “provisional” about DORA. In fact, one of the world’s most far-reaching cybersecurity regulations for financial services […]
The CIO as chief integration (and influence) officer
IT leaders hold a powerful position at Owens Corning. CIO Steve Zerby not only has a seat at the table, but he’s driving business strategy at the manufacturing company thanks to his panoptic view of the centralized yet global organization. He’s able to spot synergies in supply chain processes that could create efficiencies, and connect […]
Top 16 Microsoft Azure certifications to expedite your IT career
With companies increasingly moving their data to cloud, there is an extensive need for more professionals with sound understanding and expertise of cloud technology. Microsoft’s cloud offering, Azure, ranks among the top in the industry. Enterprises find Azure’s hybrid feature appealing, as well as the wide range of tools offered on the platform. As per […]
Top skill-building resources and advice for CISOs
The role of the CISO has evolved, and so have the responsibilities. Some believe a CISO must have technical knowledge and experience as a cybersecurity professional, others think leadership skills such as being able to communicate with boards are what matters most. Ultimately, the hiring organisations will define what it needs in terms of cybersecurity […]
Salesforce seeks to unify automobile supply chain with Automotive Cloud
For years, auto makers and dealers have used Salesforce for CRM — but it’s involved a hodge-podge of company-specific customizations. Now Salesforce is hoping to sweep that away with Salesforce Automotive Cloud, a dedicated platform for the auto industry that sticks close to industry standards on data exchange. This new offering has arrived as auto […]
Is it SaaS, IaaS, or NaaS?
By: Scott Dennehy, Edge Innovation at Aruba, a Hewlett Packard Enterprise Company As the adoption of cloud and other as-a-service offerings has accelerated in recent years, so has the number of acronyms used to describe these offerings. In some cases, the acronyms are used interchangeably, confusing the service that is being delivered and consumed. Let’s […]
Oracle continues to lay off staff in the US
Oracle is continuing to lay off people in the US, just months after the company acquired healthcare data specialist firm Cerner for $28.3 billion and announced a first round of layoffs, according to published reports. The layoffs come as hiring for IT jobs slows due to worries about an economic downturn. In Oracle’s latest round […]
How to hire the right product manager for your IT needs
IT organizations are increasingly shifting from project-based organizational structures to product-based methodologies, which involve cross-functional teams. These new building blocks of business include both tech and business pros, and they’re generally led by a product manager, who acts as the point person throughout the product’s lifecycle. Product managers aren’t a new job category by any […]
Security startups to watch for 2022
The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base. The downside, of course, is that startups often lack resources and maturity. It’s […]
The Race to Data-first Modernization Is On
Data represents a store of value and a strategic opportunity for enterprises across all industries. From edge to cloud to core, businesses are producing data in vast quantities, at an unprecedented pace. And they’re now rapidly evolving their data management strategies to efficiently cope with data at scale and seize the advantage. … Or are […]
Lintasarta Cloudeka is Helping Enterprises in Indonesia Realize the Full Potential of the Cloud
Founded in 2011, Lintasarta Cloudeka is a division of Lintasarta, Indonesia’s leading provider of information and communications technology. Offering everything from fiber optics to data centers and satellite networks, Lintasarta has a presence throughout Indonesia, with 54 facilities spread throughout the nation and more than 2,400 enterprise customers. These include leading businesses in a wide […]
New Chinese attack framework Alchimist serves Windows, Linux, and macOS implants
Researchers have discovered a new attack framework of Chinese origin that they believe is being used in the wild. The framework is made up of a command-and-control (C2) backend dubbed Alchimist and an accompanying customizable remote access Trojan (RAT) for Windows and Linux machines. The framework can also be used to generate PowerShell-based attack shellcode […]
Enhance Employee Experience and Lower TCO with FlexSpace for Apple
Over the past few years, many enterprises saw much of their knowledge workforce move away from the office to work out of their homes. This move beyond the traditional firewall setup created security issues and device management issues for many IT departments. Adding to these issues was an increasing need to keep employees happy once […]
Bubble Wrap: How Eurovision Monitors Covid Risk at Events
While pandemic-driven digital transformation has enabled the media and entertainment industry to stream awesome content 24/7 – digital technology is also safeguarding visitors, performing artist, and crew at the Eurovision Song Contest by monitoring their Covid-19 exposure levels in real time. The Eurovision Song Contest, by the way, is the world’s largest live music event, organized […]
Aflac’s Rich Gilbert on the 7 Cs of top IT leaders
Rich Gilbert, who joined Aflac in 2019 as chief digital and information officer, now serves as its chief transformation officer and head of individual benefits. The promotion and title are well deserved. Aflac is the leading provider of supplemental health insurance in the United States, and Gilbert has been recognized for his commitment to accelerating […]
Hello world!
Welcome to WordPress. This is your first post. Edit or delete it, then start writing!