Clik here to view.
Kaspersky software ban: CISOs must move quickly, experts say
The US government enacted new restrictions on Kaspersky’s customers, indicting 12 of its executives and prohibiting further sales of its software and services in June. The regulations augment existing...
View ArticleTabletop exercise scenarios: 10 tips, 6 examples
What is a tabletop exercise? A tabletop exercise is an informal, discussion-based session in which a team talks through their roles and responses during an emergency, walking through one or more...
View ArticleEuropol disrupts about 600 abusive Cobalt Strike servers
A slew of IP addresses associated with the abuse of Fortra’s legitimate red teaming tool, Cobalt Strike, have been taken down by a coordinated law enforcement operation dubbed “Morpheus.” The...
View ArticleLogic bombs explained: Definition, examples, prevention
What is a logic bomb? A logic bomb is a set of instructions embedded in a software system that, if specified conditions are met, triggers a malicious payload to take actions against the operating...
View ArticleOver 35,000 Ether subscribers targeted in a campaign from crypto draining
A huge number of Ether (ETH) investors were targeted in a phishing campaign directing users to a crypto-draining site, the cryptocurrency issuing company Ethereum said in a blog post. The threat actor...
View ArticleNew Intel CPU side-channel attack Indirector can leak sensitive data
Five years after the Spectre and Meltdown CPU attacks rocked the computer industry, researchers are still finding new techniques that exploit low-level processor features to break security boundaries...
View ArticleLegacy systems are the Achilles’ heel of critical infrastructure cybersecurity
Rare is the element of critical infrastructure ecosystem that doesn’t contain legacy systems declared at end of life (EOL) or outdated and unsupported software or operating systems. Any CISO in charge...
View ArticleIf you’re a CISO without D&O insurance, you may need to fight for it
The role of the chief information security officer (CISO) is crucial and by definition filled with risk — not only risk to the organization but personal risk as well, as has become dauntingly apparent...
View ArticleOpenAI failed to report a major data breach in 2023
A previously unreported security breach at OpenAI, the developer of ChatGPT, has raised alarms over the potential of foreign adversaries, such as China, accessing sensitive AI technologies. While the...
View ArticleFake network traffic is on the rise — here’s how to counter it
The ability to effectively analyze network traffic is a must for a successful enterprise cybersecurity program, as it’s critical to identifying and defending against many types of attacks. That...
View ArticleCRISC certification: Exam, requirements, training, potential salary
What is CRISC certification? Certified in Risk and Information Systems Control (CRISC) is an upper-level IT professional certification focused on enterprise IT risk management. CRISC is offered by...
View ArticleChina’s APT40 group can exploit vulnerabilities within hours of public release
Multiple international cybersecurity agencies, including the US CISA and the UK NCSC, have issued a joint advisory warning about a Chinese state-sponsored hacker group — APT40 — actively targeting...
View ArticleCisco adds heft to cybersecurity push with acquisitions, new talent
With new leadership, key acquisitions, and a platform-based vision, Cisco is betting big on security. Cisco’s dominance in networking and telecommunications products and services is well established,...
View ArticleMicrosoft mandates Chinese staff to use iPhones, not Android
Microsoft has ordered its staff in China to use iPhones for their work starting in September. The decision effectively bars the use of Android smartphones by the tech giant’s Chinese staffers,...
View ArticleIdentity security: The keystone of trust
A few weeks ago, my wife asked me why stopping threat actors from impacting our lives is so difficult. In this digital age, the necessity to connect online brings inherent exposure to vulnerabilities....
View ArticleMD5 attack puts RADIUS networks everywhere at risk
The “secure enough” RADIUS/UDP authentication protocol may have finally met its match, and organizations that have continued to rely on RADIUS to authenticate networked devices over UDP and TCP...
View ArticleSoftware supply chain still dangerous despite new protections
In late March, Microsoft developer and engineer Andres Freund discovered that someone had placed a backdoor in the open-source data compression tool XZ Utils, a ubiquitous feature across Linux...
View ArticleMore than a CISO: the rise of the dual-titled IT leader
The role of the CISO is expanding and these C-level leaders have been acquiring responsibilities and adding roles beyond their principal function. Dual-title roles such as CISO plus CIO, CTO, VP of...
View ArticleFBI disrupts 1,000 Russian bots spreading disinformation on X
A covert Russian government-operated social media bot farm that used generative AI to spread disinformation to global users has been disrupted by a joint FBI-international cybersecurity forces...
View ArticleEvolve data breach impacted upward of 7.64 million consumers
The number of persons affected by a recent data breach at Evolve Bank & Trust exceeds 7.64 million, a document submitted to the Office of the Maine Attorney General this week by the law firm...
View Article