By centralizing, enriching and correlating identities to events, the suggestion is that security and platform teams can break silos and readily share findings to expedite investigations.

The post Sysdig Bids to Bolster Brittle Cloud Infrastructure Layers appeared first on Security Boulevard.

Cybercriminals are not about to give up – this is how they make their living. So it’s up to cybersecurity professionals to stay vigilant and learn as much as they can about the forces they face.

The post Are We Turning the Corner in the Fight Against Cybercrime? It’s Complicated. appeared first on Security Boulevard.

Runtime enforcement is the future of software security, if we can only make it accessible to the developers that understand their applications the best.

The post Runtime Enforcement: Software Security After the Supply Chain Ends appeared first on Security Boulevard.

Thomas Claburn reports via The Register: Meta allegedly tried to discredit university researchers in Brazil who had flagged fraudulent adverts on the social network's ad platform. Nucleo, a Brazil-based news organization, said it has obtained government documents showing that attorneys representing Meta questioned the credibility of researchers from NetLab, which is part of the Federal University of Rio de Janeiro (UFRJ). NetLab's research into Meta's ads contributed to Brazil's National Consumer Secretariat (Senacon) decision in 2023 to fine Meta $1.7 million (9.3 million BRL), which is still being appealed. Meta (then Facebook) was separately fined of $1.2 million (6.6 million BRL) related to Cambridge Analytica. As noted by Nucleo, NetLab's report showed that Facebook, despite being notified about the issues, had failed to remove more than 1,800 scam ads that fraudulently used the name of a government program that was supposed to assist those in debt. In response to the fine, attorneys representing Meta from law firm TozziniFreire allegedly accused the NetLab team of bias and of failing to involve Meta in the research process. Nucleo says that it obtained the administrative filing through freedom of information requests to Senacon. The documents are said to date from December 26 last year and to be part of the ongoing case against Meta. A spokesperson for NetLab, who asked not to be identified by name due to online harassment directed at the organization's members, told The Register that the research group was aware of the Nucleo report. "We were kind of surprised to see the account of our work in this law firm document," the spokesperson said. "We expected to be treated with more fairness for our work. Honestly, it comes at a very bad moment because NetLab particularly, but also Brazilian science in general, is being attacked by far-right groups." On Thursday, more than 70 civil society groups including NetLab published an open letter decrying Meta's legal tactics. "This is an attack on scientific research work, and attempts at intimidation of researchers and researchers who are performing excellent work in the production of knowledge from empirical analysis that have been fundamental to qualify the public debate on the accountability of social media platforms operating in the country, especially with regard to paid content that causes harm to consumers of these platforms and that threaten the future of our democracy," the letter says. "This kind of attack and intimidation is made even more dangerous by aligning with arguments that, without any evidence, have been used by the far right to discredit the most diverse scientific productions, including NetLab itself." The claim, allegedly made by Meta's attorneys, is that the ad biz was "not given the opportunity to appoint a technical assistant and present questions" in the preparation of the NetLabs report. This is particularly striking given Meta's efforts to limit research into its ad platform. A Meta spokesperson told The Register: "We value input from civil society organizations and academic institutions for the context they provide as we constantly work toward improving our services. Meta's defense filed with the Brazilian Consumer Regulator questioned the use of the NetLab report as legal evidence, since it was produced without giving us prior opportunity to contribute meaningfully, in violation of local legal requirements."

Read more of this story at Slashdot.

Read 28 remaining paragraphs | Comments

Cyber insurance and cybersecurity, when combined, can provide a powerful combination of protection and risk management.

The post The Seven Things You Need to Know About Cyber Insurance appeared first on Security Boulevard.

Microsoft president says the company accepts full responsibility for every cybersecurity issue raised in a recent Cyber Safety Review Board report created by multiple officials from several U.S. government agencies

The post Microsoft Accepts Responsibility for U.S. Government Security Breaches appeared first on Security Boulevard.

Read 8 remaining paragraphs | Comments

Meta has confirmed that it will pause plans to start training its AI systems using data from its users in the European Union and U.K. From a report: The move follows pushback from the Irish Data Protection Commission (DPC), Meta's lead regulator in the EU, which is acting on behalf of several data protection authorities across the bloc. The U.K.'s Information Commissioner's Office (ICO) also requested that Meta pause its plans until it could satisfy concerns it had raised. "The DPC welcomes the decision by Meta to pause its plans to train its large language model using public content shared by adults on Facebook and Instagram across the EU/EEA," the DPC said in a statement Friday. "This decision followed intensive engagement between the DPC and Meta. The DPC, in cooperation with its fellow EU data protection authorities, will continue to engage with Meta on this issue." While Meta is already tapping user-generated content to train its AI in markets such as the U.S., Europe's stringent GDPR regulations has created obstacles for Meta -- and other companies -- looking to improve their AI systems, including large language models with user-generated training material. However, Meta last month began notifying users of an upcoming change to its privacy policy, one that it said will give it the right to use public content on Facebook and Instagram to train its AI, including content from comments, interactions with companies, status updates, photos and their associated captions. The company argued that it needed to do this to reflect "the diverse languages, geography and cultural references of the people in Europe."

Read more of this story at Slashdot.

QR codes have been around for three decades, but it wasn’t until the COVID-19 pandemic hit in 2020 that they got wide use, with restaurants, health care facilities, and other businesses turning to them to customers contactless ways to read menus, buy items, or track the health of people in their buildings. Around the same..

The post A New Tactic in the Rapid Evolution of QR Code Scams appeared first on Security Boulevard.

Copilot Plus? More like Copilot Minus: Redmond realizes Recall requires radical rethink.

The post Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs appeared first on Security Boulevard.

The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years.

The post Chinese Threats Aim for Government Sector  appeared first on Security Boulevard.

Companies are achieving revenue growth by addressing the needs of mid-market enterprises, offering tailored solutions that provide high value at a competitive price point.

The post SASE Market Growth Continues, Led by Cisco, Zscaler  appeared first on Security Boulevard.

PTaaS involves outsourcing penetration testing activities to a trusted third-party service provider, saving busy internal teams valuable time and offering an objective outsider’s perspective of their systems.

The post Penetration-Testing-as-a-Service: An Essential Component of the Cybersecurity Toolkit appeared first on Security Boulevard.

Whether it be purely text-based social engineering, or advanced, image-based attacks, one thing's for certain — generative AI is fueling a whole new age of advanced phishing.

The post The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe appeared first on Security Boulevard.

The MGM Resorts breach is just one example demonstrating the crippling financial, legal and operational consequences of ransomware incidents.

The post A Deep Dive Into the Economics and Tactics of Modern Ransomware Threat Actors appeared first on Security Boulevard.

At the RSA Conference last month, Netcraft introduced a generative AI-powered platform designed to interact with cybercriminals to gain insights into the operations of the conversational scams they’re running and disrupt their attacks. At the time, Ryan Woodley, CEO of the London-based company that offers a range of services from phishing detection to brand, domain,..

The post Netcraft Uses Its AI Platform to Trick and Track Online Scammers appeared first on Security Boulevard.

Location tracking service leaks PII, because—incompetence? Seems almost TOO easy.

The post Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk appeared first on Security Boulevard.

It’s no secret that hospitals and other health care organizations are among the top targets for cybercriminals. The ransomware attacks this year on UnitedHealth Group’s Change Healthcare subsidiary, nonprofit organization Ascension, and most recently the National Health Service in England illustrate not only the damage to these organizations’ infrastructure and the personal health data that’s..

The post Connecticut Has Highest Rate of Health Care Data Breaches: Study appeared first on Security Boulevard.

In the rapidly evolving landscape of software as a service (SaaS), the security of applications has never been more critical.

The post Elevating SaaS App Security in an AI-Driven Era appeared first on Security Boulevard.

The best-case scenario for mitigating cloud security risks is when CSPs and customers are transparent and aligned on their responsibilities from the beginning.

The post The Team Sport of Cloud Security: Breaking Down the Rules of the Game appeared first on Security Boulevard.

If your organization hasn’t taken these steps to prevent a ransomware attack, it’s time to act now to protect your company, its data, employees and most importantly, customers.

The post 5 Ways to Thwart Ransomware With an Identity-First Zero Trust Model appeared first on Security Boulevard.

A long-running ransomware campaign that has been targeting Windows and Linux systems since 2019 is the latest example of how closely threat groups track public disclosures of vulnerabilities and proofs-of-concept (PoCs) and how quickly they move in to exploit them. The PHP Group last week disclosed a high-severity flaw – tracked as CVE-2024-4577 and with..

The post Ransomware Group Jumps on PHP Vulnerability appeared first on Security Boulevard.

IT systems – and this year networking equipment in particular – continue to pose the most security risk for organizations, but it is the vulnerable Internet of Things (IoT) devices that are quickly moving up the ladder, according to researchers with Forescout’s Verdere Labs researchers. In this year’s Riskiest Connected Devices report released this week,..

The post Network Equipment, IoT Devices are Big Security Risks: Forescout appeared first on Security Boulevard.

Microsoft and Google will provide free or low-cost cybersecurity tools and services to rural hospitals in the United States at a time when health care facilities are coming under increasing attack by ransomware gangs and other threat groups. For independent rural and critical access hospitals, Microsoft will provide grants and as much as 75% discounts..

The post Microsoft, Google Come to the Aid of Rural Hospitals appeared first on Security Boulevard.

Not our fault, says CISO: “UNC5537” breached at least 165 Snowflake instances, including Ticketmaster, LendingTree and, allegedly, Advance Auto Parts.

The post Ticketmaster is Tip of Iceberg: 165+ Snowflake Customers Hacked appeared first on Security Boulevard.

Fortinet, known for network security capabilities within its Fortinet Security Fabric cybersecurity platform, is bolstering its AI and cloud security capabilities with the planned acquisition of Lacework and its AI-based offerings. The companies announced the proposed deal on Monday, with expectations that it will close in the second half of the year. The plan is..

The post Fortinet to Expand AI, Cloud Security with Lacework Acquisition appeared first on Security Boulevard.

U.S. Senator Ron Wyden, who late last month asked federal agencies to investigate flaws in UnitedHealth Group’s cybersecurity measures that led to the massive ransomware attack that disrupted hundreds of hospital and pharmacy operations, now is pushing the Health and Human Services (HHS) Department to require such large health care organizations to immediately implement protections...

The post Senator: HHS Needs to Require Security Measures for Health Sector appeared first on Security Boulevard.

The Federal Communications Commission is considering requiring broadband providers to improve the cybersecurity of the networks that route traffic around the internet, an issue the FCC and other government agencies have been working on for more than a year. The proposal would require ISPs to generate confidential reports that would outline what they have done..

The post FCC Pushes Ahead with Internet Routing Security Requirements appeared first on Security Boulevard.

SaaS security has become organizations' top consideration, highlighted by establishing dedicated SaaS security teams. There’s also a notable increase in SaaS cybersecurity budgets, with 39% of organizations boosting their allocations.

The post Organizations Move to Establish Dedicated SaaS Security Teams appeared first on Security Boulevard.

Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files.

The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.

Stress? What stress? 43% of IT professionals report that their organization had experienced a security breach that caused downtime and cost $1-10 million.

The post CDW Survey Surfaces Cybersecurity Tool Sprawl Challenges appeared first on Security Boulevard.

There is still a significant gap between cybersecurity needs and available talent, according to Cyberseek, but all those tech industry layoffs are raising eyebrows. Organizations can expand the candidate pool by training people for these jobs rather than insisting on outside industry credentials.

The post Narrowing the Stubborn Cybersecurity Worker Gap appeared first on Security Boulevard.

Read 41 remaining paragraphs | Comments

It remembers everything you do on your PC. Security experts are raging at Redmond to recall Recall.

The post Microsoft Recall is a Privacy Disaster appeared first on Security Boulevard.

Automated patch management is one important way to reduce the barrage of cyberattacks and guard against vulnerabilities.

The post Automation Takes Off: A New Dawn for Enterprises to Guard Against the Cyberattack Barrage appeared first on Security Boulevard.

Meta Platforms withheld information from federal regulators during their original reviews of the Instagram and WhatsApp acquisitions, the US Federal Trade Commission said in a court filing as part of a lawsuit seeking to break up the social networking giant. From a report: In its filing Tuesday, however, the FTC said the case involves "information Meta had in its files and did not provide" during the original reviews. "At Meta's request the FTC undertook only a limited review" of the deals, the agency said. "The FTC now has available vastly more evidence, including pre-acquisition documents Meta did not provide in 2012 and 2014." Meta said that it met all of its legal obligations during the Instagram and WhatsApp merger reviews. The FTC has failed to provide evidence to support its claims, a spokesperson said. "The evidence instead shows that Meta faces fierce competition and that Meta's significant investment of time and resources in Instagram and WhatsApp has benefited consumers by making the apps into the services millions of users enjoy today for free," spokesperson Chris Sgro said in a statement. "The FTC has done nothing to build its case over the past four years, while Meta has invested billions to build quality products."

Read more of this story at Slashdot.

Train people. It makes a difference. In organizations without security awareness training, 34% of employees are likely to click on malicious links or comply with fraudulent requests.

The post Cybersecurity Training Reduces Phishing Threats – With Numbers to Prove It appeared first on Security Boulevard.

RansomHub, which has become among the most prolific ransomware groups over the past few months, likely got its start with the source code from the Knight malware and a boost from a one-time BlackCat affiliate.

The post RansomHub Rides High on Knight Ransomware Source Code appeared first on Security Boulevard.

A rising volume of risks, shortage of qualified cybersecurity professionals and time management with vendors are among the challenges MSPs face.

The post MSPs Look to Streamline Cybersecurity Partnerships, Skills Shortage Persists appeared first on Security Boulevard.

An escalation in AI-based attacks requires security operations leaders to change cybersecurity strategies to defend against them.

The study found 61% of respondents had experienced a deepfake incident in the past year, with 75% of those attacks impersonating CEOs or other C-suite members.

The post SecOps Teams Shift Strategy as AI-Powered Threats, Deepfakes Evolve  appeared first on Security Boulevard.

Russian threat groups are using old tactics and generative AI to run malicious disinformation campaigns meant to discredit the Paris Olympic Games, France and its president, and the IOC -- less than two months before the Games begin.

The post Russian Threat Groups Turn Eyes to the Paris Olympic Games appeared first on Security Boulevard.

Incorporating DevSecOps into CNAPP strategies can improve the way organizations develop and secure their applications.

The post The Role of DevSecOps in Enhancing CNAPP Efficiency appeared first on Security Boulevard.

Snowflake, Inc. says NO, threatening legal action against those who say it was. But reports are coming in of several more massive leaks from other Snowflake customers.

The post Was the Ticketmaster Leak Snowflake’s Fault? appeared first on Security Boulevard.

Only half of cybersecurity leaders feel their C-suite understands cybersecurity risks, a Trend Micro survey found. Four in five have been told to downplay a potential risk’s severity.

The post CISOs and Senior Leadership at Odds Over Security appeared first on Security Boulevard.

Security experts have been frustrated because no one was managing the Common Vulnerabilities and Exposures security reports. Good news: The NIST has hired a company to manage the backlog. Bad news: The company has no experience with this kind of security work.

The post The NIST Finally Hires a Contractor to Manage CVEs appeared first on Security Boulevard.

The UPGRADE program seeks to enhance and automate cybersecurity for healthcare facilities, focused on protecting operations and ensuring continuity of patient care.

The post Cybersecurity Automation in Healthcare Program Launched by HHS Agency appeared first on Security Boulevard.

Three-quarters of SMBs fear that a cyberattack could put them out of business. For good reason: 96% of them have already been the victims of a cyberattack.

The post Cyberattack Risks Keep Small Business Security Teams on Edge appeared first on Security Boulevard.

We warned you. As of June 3, Google is following through on its threat to kill ad blockers. Privacy-focused Chrome extensions are living on borrowed time; developers must upgrade to the less capable “Manifest V3” API.

The post Google Hates Ad Blockers: Manifest V3 Push Starts Today appeared first on Security Boulevard.