10 most powerful cybersecurity companies today
CISOs and other security execs often find themselves in a difficult position. Attackers are always getting better, and now they can use genAI to help craft ransomware emails or create deepfakes. At...
View ArticleNew campaign uses malware ‘cluster bomb’ to effect maximum impact
In a newly discovered campaign, an Eastern European threat actor is found using a novel “cluster bomb” approach to package a cascading malware deployment within a single infection. Dubbed “Unfirling...
View ArticleAI agents can find and exploit known vulnerabilities, study shows
Researchers at the University of Illinois gave a team of autonomous AI agents a CVE description of a vulnerability and the agents were able to autonomously find and exploit the vulnerability in a test...
View ArticleCocoaPods flaws left iOS, macOS apps open to supply-chain attack
Recently patched vulnerabilities in a software dependency management tool used by developers of applications for Apple’s iOS and MacOS platforms, could have opened the door for attackers to insert...
View ArticleUS Supreme Court ruling will likely cause cyber regulation chaos
The US Supreme Court has issued a decision that could upend all federal cybersecurity regulations, moving ultimate regulatory approval to the courts and away from regulatory agencies. A host of likely...
View ArticleCisco patches actively exploited zero-day flaw in Nexus switches
Cisco has released patches for several series of Nexus switches to fix a vulnerability that could allow attackers to hide the execution of bash commands on the underlying operating system. Although...
View ArticleClik here to view.
How CISOs can protect their personal liability
Court cases against CISOs that threaten jail time and expensive penalties such as those against former Uber CISO Joe Sullivan and SolarWinds’ Timothy G. Brown, have kept CISOs wake at night. The...
View ArticlePasskeys aren’t attack-proof, not until properly implemented
Passkey, a password-less technology for authenticating user access to cloud-hosted applications, may still be vulnerable to adversary-in-the-middle (AitM) attacks despite its massive popularity,...
View ArticleDownload the UEM vendor comparison chart, 2024 edition
From the editors of our sister publication Computerworld, this vendor comparison chart helps IT and security staff understand what the major unified endpoint management (UEM) platforms can do for...
View ArticleClik here to view.
Kaspersky software ban: CISOs must move quickly, experts say
The US government enacted new restrictions on Kaspersky’s customers, indicting 12 of its executives and prohibiting further sales of its software and services in June. The regulations augment existing...
View ArticleTabletop exercise scenarios: 10 tips, 6 examples
What is a tabletop exercise? A tabletop exercise is an informal, discussion-based session in which a team talks through their roles and responses during an emergency, walking through one or more...
View ArticleEuropol disrupts about 600 abusive Cobalt Strike servers
A slew of IP addresses associated with the abuse of Fortra’s legitimate red teaming tool, Cobalt Strike, have been taken down by a coordinated law enforcement operation dubbed “Morpheus.” The...
View ArticleLogic bombs explained: Definition, examples, prevention
What is a logic bomb? A logic bomb is a set of instructions embedded in a software system that, if specified conditions are met, triggers a malicious payload to take actions against the operating...
View ArticleOver 35,000 Ether subscribers targeted in a campaign from crypto draining
A huge number of Ether (ETH) investors were targeted in a phishing campaign directing users to a crypto-draining site, the cryptocurrency issuing company Ethereum said in a blog post. The threat actor...
View ArticleNew Intel CPU side-channel attack Indirector can leak sensitive data
Five years after the Spectre and Meltdown CPU attacks rocked the computer industry, researchers are still finding new techniques that exploit low-level processor features to break security boundaries...
View ArticleLegacy systems are the Achilles’ heel of critical infrastructure cybersecurity
Rare is the element of critical infrastructure ecosystem that doesn’t contain legacy systems declared at end of life (EOL) or outdated and unsupported software or operating systems. Any CISO in charge...
View ArticleIf you’re a CISO without D&O insurance, you may need to fight for it
The role of the chief information security officer (CISO) is crucial and by definition filled with risk — not only risk to the organization but personal risk as well, as has become dauntingly apparent...
View ArticleOpenAI failed to report a major data breach in 2023
A previously unreported security breach at OpenAI, the developer of ChatGPT, has raised alarms over the potential of foreign adversaries, such as China, accessing sensitive AI technologies. While the...
View ArticleFake network traffic is on the rise — here’s how to counter it
The ability to effectively analyze network traffic is a must for a successful enterprise cybersecurity program, as it’s critical to identifying and defending against many types of attacks. That...
View ArticleCRISC certification: Exam, requirements, training, potential salary
What is CRISC certification? Certified in Risk and Information Systems Control (CRISC) is an upper-level IT professional certification focused on enterprise IT risk management. CRISC is offered by...
View Article
