NIST releases new tool to check AI models’ security
The US Department of Commerce’s National Institute of Standards and Technology (NIST) has released a new open source software package, Dioptra, that allows developers to determine what type of attacks...
View ArticleMicrosoft shifts focus to kernel-level security after CrowdStrike incident
The CrowdStrike incident that affected more than 8.5 million Windows PCs worldwide and forced users to face the “Blue Screen of Death,” made Microsoft sit down and revisit the resilience of its...
View ArticleCrowdStrike was not the only security vendor vulnerable to hasty testing
The CrowdStrike gaffe that caused millions of Windows machines to crash with the infamous Blue Screen of Death (BSOD) could have happened to anyone considering how security updates are pushed these...
View ArticleVMware ESXi hypervisor vulnerability grants full admin privileges
Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined...
View ArticleCrowdStrike crisis gives CISOs opportunity to rethink key strategies
At 4 a.m. UTC on July 19, cybersecurity giant CrowdStrike sent out what it thought was a routine content configuration update to its Falcon product, which analyzes internet connections for malicious...
View ArticleCritical ServiceNow vulnerabilities expose businesses to data breaches
Three critical vulnerabilities in the ServiceNow IT service management platform have been disclosed and reported to have been under active exploitation. The vulnerabilities have exposed sensitive...
View ArticlePhishers exploited Proofpoint weakness to spoof emails from IBM, Nike, and more
Phishing campaigns that spoof well-known global brands such as Disney, IBM, Nike, Best Buy, and Coca-Cola to trick recipients into clicking on malicious emails should be a thing of the past. We trust...
View ArticleChina takes steps to implement digital ID initiative
The focus of China’s proposed Digital Identity proposal revolves around three key items: minimization of data sharing, user rights, and legal compliance, with data security being the fulcrum, an...
View ArticleThe cost of a data breach continues to escalate
The global average cost of a data breach leaped by 10% compared to the previous reporting period, hitting US$4.88 million, according to the 19th annual Cost of a Data Breach Report from IBM, which...
View ArticleAdaptive Shield Showcases New ITDR Platform for SaaS at Black Hat USA
Adaptive Shield, a leader in SaaS Security, today announced its breakthrough Identity Threat Detection & Response (ITDR) platform for SaaS environments. Since entering this space a year ago, the...
View ArticleThe CSO guide to top security conferences
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have...
View Article7 top cloud security threats — and how to address them
For any enterprise relying on the cloud to accommodate a rapidly growing number of services, ensuring security is a top priority. Yet as most cloud adopters soon realize, migrating to a dynamic cloud...
View ArticleHottest selling product on the darknet: Hacked gen AI accounts
Cybercriminals looking to abuse the power of generative AI to build phishing campaigns and sophisticated malware can now purchase easy access to them from underground marketplaces as large numbers of...
View ArticleAs the skills gap grows, organizations should do these 3 things to enhance...
The cybersecurity industry needs nearly four million professionals to fill vacant roles, and as adversaries advance their tactics, this figure is set to increase. Meanwhile, this skills shortage...
View ArticleNorth Korean cyberspies trick developers into installing malware with fake...
Attackers behind a campaign that targets developers from around the world using fake job interviews have expanded their toolset with an information stealing script that also supports Linux and macOS...
View ArticleDigiCert validation bug sets up 83,267 SSL certs for revoking
Monday turned into a hectic day for some admins whose sites’ SSL/TLS certificates came from DigiCert. The company announced that it was revoking a small percentage of certificates that it discovered...
View ArticleDashlane study reveals massive spike in passkey adoption
The adoption of passkeys, a passwordless technology for authenticating user access to cloud-hosted applications, is continuing its upward trend, findings released this week from password manager maker...
View Article5 recommendations for acing the SEC cybersecurity rules
Rules implemented in 2023 by the US Securities and Exchange Commission (SEC) regarding risk management, strategy, governance, and incident disclosure have raised important considerations for security...
View ArticleOver 300 Indian banks suffer payment disruption from ransomware attack
C-Edge Technologies — a State Bank of India (SBI) and Tata Consultancy Services (TCS) joint venture — has suffered a ransomware attack, disrupting payment systems in nearly 300 small banks in India....
View ArticleWill the public nature of ransom payments change CISO strategy over whether...
Reports that a Fortune 50 company paid a $75 million ransom to the Dark Angels ransomware group back in March is raising questions about whether CISOs should revisit their ransomware decision...
View Article