Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Muhammad Toqeer via Alamy Stock Photo A Pakistan-linked cyber-espionage group has pivoted to a wider variety of legitimate software techniques in an attempt to bypass cybersecurity defenses, including targeting Linux as much as Windows and incorporating into its attacks legitimate cloud services, including Google Drive and […]

La entrada Pakistani ‘Transparent Tribe’ APT Aims for Cross-Platform Impact – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Aleksey Funtap via Alamy Stock Photo Researchers have spotted a recent surge in activity involving a Mirai distributed denial-of-service (DDoS) botnet variant called CatDDoS. The attacks have targeted organizations across multiple sectors and include cloud vendors, communication providers, construction companies, scientific and research entities, and educational […]

La entrada CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Stephen Lawton, Contributing Writer Source: Kjetil Kolbjørnsrud via Alamy Stock Photo In litigation, specificity is crucial. “Beyond a reasonable doubt” is the standard of proof in criminal cases and prosecutors have to convince the jury that the evidence leaves no reasonable doubt about the defendant’s guilt. In civil cases, the standard […]

La entrada Making the Case for ‘Reasonable’ Cybersecurity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Wright Studio via Shutterstock In recent months, researchers have observed an increase in attackers using remote access virtual private networks (VPNs) as a golden ticket for initial network access. Multiple cybersecurity vendors’ solutions have been compromised, according to a recent Check Point blog post, prompting them […]

La entrada Attackers Target Check Point VPNs to Access Corporate Networks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: SOPA Images Limited via Alamy Stock Photo Open AI is forming a safety and security committee led by company directors Bret Taylor, Adam D’Angelo, Nicole Seligman, and CEO Sam Altman.  The committee is being formed to make recommendations to the full board on safety […]

La entrada OpenAI Forms Another Safety Committee After Dismantling Prior Team – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Anatolii Babii via Alamy Stock Photo More than 90 malicious mobile apps have been downloaded more than 5.5 million times from the Google Play store in the last few months. They spread various malware, including the Anatsa banking Trojan, researchers have found. The apps, discovered by […]

La entrada 90+ Malicious Apps Totaling 5.5M Downloads Lurk on Google Play – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Alex Botting Alex Botting, Senior Director of Global Security and Technology Strategy, Venable & Coordinator of the Coalition to Reduce Cyber Risk May 21, 2024 4 Min Read Source: Skorzewiak via Alamy Stock Photo COMMENTARY Over the past decade, the digital trade policy community has been consumed by battles over data […]

La entrada Can Cybersecurity Be a Unifying Factor in Digital Trade Negotiations? – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 2 Min Read Source: MaximP via Shutterstock The Open Source Security Foundation (OpenSSF) has launched Siren, an email mailing list to share threat intelligence about vulnerabilities in open source software. Siren aims to “aggregate and disseminate threat intelligence” to provide real-time security warning bulletins and deliver a community-driven […]

La entrada OpenSSF Siren to Share Threat Intelligence for Open Source Software – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Grant Gross, Contributing Writer Source: Panther Media GmbH via Alamy Stock Photo In an era when chief information security officers (CISOs) can potentially face fraud charges following a security incident, it’s more important than ever that they develop good relationships with C-suite executives and corporate boards. Strong relationships with CEOs, chief […]

La entrada Transforming CISOs Into Storytellers – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: PRESS RELEASE ARLINGTON, Va. – The National Rural Electric Cooperative Association has been awarded $4 million from the Department of Energy to launch Project Guardian, an initiative to advance the cybersecurity posture of electric co-ops by giving them new tools to detect, respond to and recover from cyber threats and attacks. The […]

La entrada NRECA Receives $4M in DOE Funding to Boost Electric Co-op Cybersecurity Preparedness – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: George Ostertag via Alamy Stock Photo Researchers have discovered a severe memory corruption vulnerability inside of a cloud logging utility used across major cloud platforms. The service, Fluent Bit, is an open source tool for collecting, processing, and forwarding logs and other types of application data. […]

La entrada Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Ericka Chickowski, Contributing Writer Source: Olena Bartienieva via Alamy Stock Photo It takes a complex coordination of law enforcement, judicial processes, and technical capabilities in order to truly disrupt cybercrime. What’s more, all of this work has to be able to cut across barriers of language, culture, and geopolitical divides. So […]

La entrada 6 Facts About How Interpol Fights Cybercrime – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Mojahid Mottakin via Shutterstock Microsoft’s plans to introduce a “Recall” feature powered by artificial intelligence in its Copilot+ PCs lineup has evoked considerable privacy concerns. But the extent to which these concerns are fully justified remains a somewhat open question at the moment. Recall is technology […]

La entrada Microsoft’s ‘Recall’ Feature Draws Criticism From Privacy Advocates – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: PRESS RELEASE NEW YORK, May 21, 2024 /PRNewswire/ — Claroty, the cyber-physical systems (CPS) protection company, today announced new proprietary data revealing that 13% of the most mission-critical operational technology (OT) assets have an insecure internet connection, and 36% of those contain at least one Known Exploited Vulnerability (KEV), making them both remotely accessible […]

La entrada Research From Claroty’s Team82 Highlights Remote Access Risks Facing Mission-Critical OT Assets – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: OleCNX via Alamy Stock Photo Gipy, a newly discovered campaign using a strain of infostealer malware, is targeting users in Germany, Russia, Spain, and Taiwan with phishing lures promising an AI voice changing application. Researchers at Kaspersky said Gipy malware first emerged in early […]

La entrada AI Voice Generator App Used to Drop Gipy Malware – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: dpa picture alliance via Alamy Stock Photo Google has released an update from its Chrome team for a high-severity security flaw, tracked as CVE-2024-5274, that actively exists in the wild. The bug is classified as critical and is a type confusion vulnerability in the […]

La entrada Google Discovers Fourth Zero-Day in Less Than a Month – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: ASP Religion via Alamy Stock Photo Iranian state-backed threat actors have been working closely to spy on, and then wreak havoc against, major organizations in Albania and Israel. Iran’s Ministry of Intelligence and Security (MOIS)-linked Scarred Manticore (aka Storm-861), Iran’s most sophisticated espionage actor, has been […]

La entrada Iran APTs Tag Team Espionage, Wiper Attacks Against Israel & Albania – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 2 Min Read Source: Andrea Danti via Alamy Stock Photo YouTube has turned into a new front for malicious actors to deploy phishing, other malware, and bogus investment schemes, according to a report from researchers at security vendor Avast. The researchers specifically homed in on Lumma and RedLine […]

La entrada YouTube Becomes Latest Battlefront for Phishing, Deepfakes – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: Shahid Mehmood via Alamy Stock Photo Nearly 70% of the United States’ community drinking water systems fails to comply with the Safe Drinking Water Act, according to the Environmental Protection Agency (EPA) — including the cybersecurity standards that it lays out. New EPA […]

La entrada EPA Puts Teeth Into Water Sector Cyber Efforts – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: John Klossner, Cartoonist 1 Min Read We’re gonna need a bigger … fly swatter? Come up with a clever cybersecurity-related caption to describe the scene above, and our favorite will win a $25 Amazon gift card. Here are four convenient ways to submit your ideas before the June 17, 2024, deadline: […]

La entrada Name That Toon: Buzz Kill – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Eakrin Rasadonyindee via Shutterstock Modern cybersecurity technologies produce massive quantities of data, which requires rethinking how to store and manage all the different types of information being generated. Many cybersecurity platforms are increasingly relying on one of two database technologies — graph or streaming databases — […]

La entrada Picking the Right Database Tech for Cybersecurity Defense – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: George V. Hulme, Contributing Writer 2 Min Read The growing number of cybersecurity incidents and wave of data privacy laws and regulations is behind the current boost in demand for cybersecurity. Consider a recent survey from management consulting firm McKinsey that forecasts a 13% annual increase in cybersecurity spending through at […]

La entrada Outsourcing Security Without Increasing Risk – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Age Foto Stock via Alamy Stock Photo A Russia-linked advanced persistent threat (APT) group has been abusing PDF and MSBuild project files in a campaign that uses socially engineered emails to deliver the TinyTurla backdoor as a fileless payload. The campaign’s seamless delivery routine is a […]

La entrada Russia’s Turla APT Abuses MSBuild to Deliver TinyTurla Backdoor – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 2 Min Read Source: Olekcii Mach via Alamy Stock Photo The Advanced Research Projects Agency for Health (ARPA-H) pledged $50 million to bring together hospital IT staff, equipment managers, and cybersecurity experts to create software that helps hospitals become cyber-resilient. ARPA-H, a funding agency created by the Biden administration, […]

La entrada US Pumps $50M Into Better Healthcare Cyber Resilience – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Igor Golovnov via Alamy Stock Photo A max-critical security vulnerability in GitHub’s Enterprise Server could allow attackers to bypass authentication and obtain administrative privileges. The good news is that the bug (CVE-2024-4985, CVSS 10) only affects implementations that use the SAML single sign-on (SSO) […]

La entrada GitHub Authentication Bypass Opens Enterprise Server to Attackers – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Paul Shomo 5 Min Read Source: Aleksia via Alamy Stock Photo COMMENTARY Artificial intelligence (AI) security, automation’s nonhuman identity problem, and the reinvention of detection and response (DR) were emerging trends at the RSA Conference 2024’s top startup competition, Innovation Sandbox.  Reality Defender took the crown for deepfake detection. In the space […]

La entrada Trends at the 2024 RSA Startup Competition – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Data service provider Snowflake deepened its strategic partnership with cybersecurity-analytics provider Anvilogic this week with a joint offering that could further shake up the security information and event management (SIEM) market. The two cloud service providers are targeting business customers that already use Snowflake’s software-as-a-service offering for […]

La entrada Snowflake's Anvilogic Investment Signals Changes in SIEM Market – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Jack Maguire via Alamy Stock Photo A novel malware that targets vulnerable drivers to terminate and thus evade endpoint detection and response (EDR) solutions has come to light, for now used in service of an elaborate cryptomining campaign. Researchers at Elastic Security Labs identified what they […]

La entrada Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Karl Mattson 5 Min Read Source: vska via Alamy Stock Vector COMMENTARY As our world becomes increasingly digitized, malicious actors have more opportunities to carry out attacks. Data breaches and ransomware are on the rise, and the urgency to fortify our digital defenses has never been greater. With one cyberattack occurring […]

La entrada Preparing Your Organization for Upcoming Cybersecurity Deadlines – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Porntep Lueangon via Alamy Stock Photo Chinese threat actors have been quietly and gradually revolutionizing anti-analysis techniques by hiding their malicious activities behind vast global networks of proxy devices. At issue: the operational relay box network (ORB), a vast infrastructure comprised of virtual private servers (VPS) […]

La entrada Chinese 'ORB' Networks Conceal APTs, Render Static IoCs Irrelevant – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: batjaket via Shutterstock A critical vulnerability in the open source version of Netflix’ Genie job orchestration engine for big data applications gives remote attackers a way to potentially execute arbitrary code on systems running affected versions of the software. The bug, designated as CVE-2024-4701, carries a […]

La entrada Critical Netflix Genie Bug Opens Big Data Orchestration to RCE – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: krot studio via Shutterstock Despite the interest in AI tools and AI-enhanced technologies, many organizations are holding back because of one of three major barriers: lack of visibility, control, and protection. And there is a growing consensus that broad AI adoption means a need […]

La entrada WitnessAI Launches With Guardrails for AI – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.