AMD addresses Sinkclose vulnerability but older processors left unattended
Though AMD has released security updates to address the “Sinkclose” vulnerability in its processors, some of its older and still-popular chips will not be receiving patches. The flaw, disclosed by...
View ArticleTrump campaign suffers sensitive data breach in alleged Iranian hack
The re-election campaign for former US President Donald Trump said it has fallen victim to a cyberattack by Iranian actors, leading to the theft and distribution of sensitive internal documents. The...
View ArticleWhy OT cybersecurity should be every CISO’s concern
Some CISOs believe that there is no need to assess risks in operational technology (OT) or to establish an enterprise OT cybersecurity standard – because they don’t run OT. However, I believe OT is a...
View ArticleCompanies poorly prepared for TLS transition
Transport Layer Security (TLS) certificates form the basis for a secure internet connection. They encrypt the data that is transmitted between the browser, the website visited and the server. Last...
View ArticleMicrosoft and NVIDIA: Partnering to protect AI workloads in Azure
As interest in AI soars, security leaders are prioritizing an architecture framework that supports innovation and delivers end-to-end protection of sensitive data and models—all while mitigating data...
View ArticleCISOs face uncharted territory in preparing for AI security risks
Generative AI, which has the unique ability to create original content and actions, had its conceptual origins in 1906 when Russian mathematician Andrei Andreevich Markov created a stochastic model of...
View ArticleFBI strikes down rumored LockBit reboot
The criminal ransomware group Dispossessor, a suspected rebrand of LockBit, has been disrupted by an international law enforcement operation, according to the FBI. “On August 12, FBI Cleveland...
View ArticleDownload the network observability tools enterprise buyer’s guide
From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what network observability tools can do for their organizations...
View ArticleMitre, Microsoft differ on how severe MS Office flaw really is
There is a distinct difference of opinion on the level of harm a newly revealed Microsoft Office vulnerability exposing NT Lan Manager (NTLM) hashes, being tracked as CVE-2024-38200, could potentially...
View ArticleNIST finally settles on quantum-safe crypto standards
After years of review, the National Institute of Standards and Technology officially picked the world’s first three post-quantum encryption algorithms as the basis for its post-quantum security...
View ArticleMicrosoft patches six actively exploited vulnerabilities
Microsoft fixed 88 vulnerabilities on Tuesday as part of its monthly patching cycle. Six of those flaws were already being actively exploited in the wild before a patch was available and another four...
View ArticleCybersecurity should return to reality and ditch the hype
As a chief information security officer (CISO), I’ve witnessed firsthand the transformation of cybersecurity from a niche IT function to a boardroom priority. Yet, despite its rise in prominence, this...
View ArticleSAP patches critical bugs allowing full system compromise
SAP has sealed a bunch of severe bugs affecting its systems, including two critical vulnerabilities that can allow full system compromise. On its Security Patch Day for August 2024, the software giant...
View ArticleMicrosoft Outlook security hole lets attackers in without opening a tainted...
Among the large batch of security patches that Microsoft released on Tuesday was an especially nasty hole within Microsoft’s Outlook email client, one that would allow an attacker full access by...
View ArticleHow leading CISOs build business-critical cyber cultures
Most IT and information security leaders are very familiar with the term VUCA. Standing for volatility, uncertainty, complexity, and ambiguity, it encapsulates the world we’re operating in today, one...
View ArticleMIT delivers database containing 700+ risks associated with AI
A group of Massachusetts Institute of Technology (MIT) researchers have opted to not just discuss all of the ways artificial intelligence (AI) can go wrong, but to create what they described in an...
View ArticleThousands of NetSuite stores leak sensitive data due to access control...
Researchers have found that several thousand Oracle NetSuite customers are inadvertently leaking sensitive data to unauthenticated users through externally facing stores built with NetSuite...
View ArticleMajor GitHub repos leak access tokens putting code and clouds at risk
An analysis of build artifacts generated by GitHub Actions workflows inside open-source repositories belonging to major companies revealed sensitive access tokens to third-party cloud services, as...
View Article11 top bug bounty programs launched in 2024
Bug bounty programs remain a crucial component of cybersecurity strategies in 2024, offering organisations the ability to draw in help from a diverse pool of cybersecurity professionals and...
View ArticleWhy Training is Critical to Implementing Cisco HyperShield
The imminent release of Cisco HyperShield this month marks a pivotal evolution in the cybersecurity landscape. As an “AI-native” security architecture, HyperShield promises to redefine traditional...
View Article