Are you a toxic cybersecurity boss? How to be a better CISO
It wasn’t just one thing that made Keith, a 40-something cybersecurity pro in New York City, quit his job — there was no single straw that broke the proverbial camel’s back. “It was really the...
View ArticleCisco announces AI-powered Hypershield for autonomous exploit patching in the...
Cisco has announced Hypershield, an AI-based capability of the company’s Security Cloud platform for hyperscalers. Hypershield is designed to defend cloud, data center, and distributed edge appliances...
View ArticleConsolidation blamed for Change Healthcare ransomware attack
The Change Healthcare ransomware attack has provoked calls to mandate baseline security standards for healthcare providers during Congressional hearings on Tuesday. UnitedHealth Group (UHG) was...
View ArticleUK law enforcement busts online phishing marketplace
UK law enforcement has infiltrated “LabHost,” a fraudulent online service used by more than 10,000 cybercriminals to create phishing websites and trick victims into revealing personal information. Law...
View ArticleCisco fixes vulnerabilities in Integrated Management Controller
Cisco has released patches for two privilege escalation vulnerabilities in its Integrated Management Controller (IMC) that is used for out-of-band management of many of its server products, as well as...
View ArticleTop cybersecurity product news of the week
Conatix introduces malware detector and ransomware blocker CYSANA April 17: Cybersecurity software startup Conatix and the University of Luxembourg’s Interdisciplinary Centre for Security, Reliability...
View ArticleRansomware feared in Octapharma Plasma’s US-wide shutdown
US-based human plasma collector, tester, and supplier Octapharma Plasma may have been experiencing a ransomware attack pushing the company into operational shutdown, according to a report by The...
View ArticleRethinking work dynamics: Why consumer browsers are no longer enough
In the fast-paced realm of modern business, adaptation is key. As organizations transition to hybrid work models and embrace cloud-based operations, the very fabric of how we work has transformed –...
View ArticleWindows path conversion weirdness enables unprivileged rootkit behavior
Attackers can take advantage of how Windows converts file paths between the traditional DOS format to the more modern NT format in order to achieve rootkit-based capabilities such as hiding files and...
View ArticleImproved incident response planning is a business necessity
Chief information security officers (CISOs) understand the importance of having an incident response plan in place to help decrease the impact of a cyberattack. That’s because despite increased...
View Article6 security items that should be in every AI acceptable use policy
An AI acceptable use policy (AI AUP) serves as a foundational component of an organization’s security framework, helping to mitigate risks and promote the responsible use of AI technologies. Broadly...
View ArticleMITRE Corporation targeted by nation-state threat actors
MITRE Corporation, a non-profit organization that operates federally funded research and development centers (FFRDCs) on behalf of the US government, has revealed a major breach in its Networked...
View ArticleDon’t be afraid of GenAI code, but don’t trust it until you test it
“You are what you eat” applies figuratively to humans. But it applies literally to the large language models (LLM) that power generative artificial intelligence (GenAI) tools. They really are what...
View ArticleDevSecOps: Still a challenge but more achievable than ever
It’s been said before—long before. It’s the 18th-century philosopher Voltaire who gets credit for the timeless proverb “Perfect is the enemy of good.” But here we are, centuries later, and it’s still...
View ArticleHow application security can create velocity at enterprise scale
Modern software has completely transformed the way organizations operate and compete in the market. With the increasing demand for secure and reliable software delivered at scale, the pressure to meet...
View ArticleMore attacks target recently patched critical flaw in Palo Alto Networks...
An increasing number of attackers are trying to exploit a critical vulnerability in firewall appliances from Palo Alto Networks after proof-of-concept exploit code was published last week. The flaw...
View ArticleMicrosoft’s mea culpa moment: how it should face up to the CSRB’s critical...
After the CSRB report, Microsoft must eschew marketing hyperbole while apologizing for its cavalier security practices, communicating its remediation plan, and report honest metrics to the security...
View ArticleTop 10 physical security considerations for CISOs
While chief information security officers (CISOs) are rarely tasked with the full range of health and human safety concerns that facilities teams or chief security officers must act upon, CISOs still...
View ArticleRussian state-sponsored hacker used GooseEgg malware to steal Windows...
Russia-linked advanced persistent threat (APT) actor Forest Blizzard had, since June 2020, exploited a now-patched Windows vulnerability to drop previously unknown, custom post-compromise malware,...
View ArticleAuthentication failure blamed for Change Healthcare ransomware attack
Absence of adequate remote access authentication has emerged as the probable cause of the infamous Change Healthcare ransomware attack. Attackers “compromised credentials on an application that allows...
View Article