Personhood: Cybersecurity’s next great authentication battle as AI improves
CISOs may be intimately familiar with the dozens of forms of authentication for privileged areas of their environments, but a very different problem is arising in areas where authentication has...
View ArticleAustralian cops bust underworld app through compromised software updates
Australia’s Federal Police (AFB) said it hacked into a dedicated encrypted communication platform, Ghost, to dismantle global criminal operations. The action was carried out as part of “Operation...
View ArticleSpyCloud Unveils Massive Scale of Identity Exposure Due to Infostealers,...
Research indicates that an infostealer malware infection is often a precursor to a ransomware attack SpyCloud, the leader in Cybercrime Analytics, today announced new cybersecurity research...
View ArticleHow cybersecurity red teams can boost backup protections
Cybersecurity red teams are known for taking a more adversarial approach to security by pretending to be an enemy that’s attacking an organization’s IT systems. Let’s look at the tactics, strategies,...
View ArticleDo boards understand their new role in cybersecurity?
Julie Ragland was CIO of vehicle manufacturing company Navistar, and has held IT leadership roles at Adient and Johnson Controls. To Ragland, who also sits on several state agency and non-profit...
View ArticleDeepfakes break through as business threat
Deepfakes targeting enterprise financial data used to be a hypothetical concern, but that’s no longer the case, as criminal deepfakers now target more than a quarter of all companies, according to a...
View ArticleCompanies skip security hardening in rush to adopt AI
Security analysis of assets hosted on major cloud providers’ infrastructure shows that many companies are opening security holes in a rush to build and deploy AI applications. Common findings include...
View ArticleMicrosoft warns of ransomware attacks on US healthcare
Ransomware group Vanilla Tempest is targeting US healthcare providers using the INC ransomware service, according to Microsoft. “Microsoft observed the financially motivated threat actor tracked as...
View ArticleNeed better network performance? Adopt better secure networking strategies
Many organizations consider digital acceleration a key initiative because those in the C-Suite and IT leadership understand that to be competitive they must have a high-performance network. However,...
View ArticleReveal of Chinese-controlled botnet is another warning to CISOs to keep up...
A Chinese-controlled botnet of tens of thousands of unpatched internet-connected firewalls, network attached storage devices, internet-connected surveillance cameras, and small office/home office...
View ArticleWhat is pretexting? Definition, examples, and attacks
Pretexting definition Pretextingis form of social engineering in which an attacker fabricates a story to convince a victim to give up valuable information or access to a service or system. The...
View ArticleWant to know how the bad guys attack AI systems? MITRE’S ATLAS can show you
It’s one thing to understand that artificial intelligence introduces new and rapidly evolving threats, but it’s quite another — incredibly daunting — task to stay on top of what those threats look...
View ArticleHacker selling 7 TB of Star Health Insurance’s customer data using Telegram
Sensitive customer data from Star Health and Allied Insurance, India’s largest standalone health insurer, has been leaked via chatbots on the messaging platform Telegram, raising serious concerns...
View ArticleMFA adoption is catching up but is not quite there
While the adoption of multifactor authentication has picked up in the face of growing identity threats, it isn’t quite where it should be, according to Osterman Research. The study, which surveyed a...
View ArticleLLMjacking: How attackers use stolen AWS credentials to enable LLMs and rack...
The black market for access to large language models (LLMs) is growing, with attackers increasingly abusing stolen cloud credentials to query AI runtime services such as Amazon Bedrock in a practice...
View ArticleGerman police dismantles illegal crypto exchanges
The German Federal Criminal Police Office (BKA), in cooperation with the Central Office for Combating Internet Crime (ZIT), has dealt a severe blow to the “infrastructure of digital money launderers...
View ArticleClear as mud: global rules around AI are starting to take shape but remain a...
The state of AI legislation, rules, and regulations around the world is clear as mud. That’s not surprising, given that dozens, if not hundreds of governments are all trying to find their footing in...
View Article10 things CISOs wished they knew from the start
Becoming a first-time CISO can be overwhelming. From day one, these professionals, often external hires, must keep the organization secure while juggling a large set of challenges. On one hand,...
View ArticleHacker selling Dell employees’ data after a second alleged data breach
Dell Technologies has allegedly suffered two data breaches since Thursday amounting to a breach of over 3.5GB of data belonging to at least 10,000 company employees. A hacker using the alias “grep”...
View ArticleMeet MathPrompt, a way threat actors can break AI safety controls
Security controls aimed at preventing a threat actor from abusing generative AI (genAI) systems maliciously can be bypassed by translating malicious requests into math equations, say cybersecurity...
View Article