Source: www.darkreading.com – Author: Andrew Morris 6 Min Read Source: Andriy Popov via Alamy Stock Photo COMMENTARY If you are a member of the security team in charge of defending a network, you are probably accustomed to working with a technology stack composed of hardware (computers, servers, appliances, and network gear), software (applications and services), […]

La entrada Addressing the Cybersecurity Vendor Ecosystem Disconnect – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Source: Greg Balfour Evans via Alamy Stock Photo Santander, a Spanish banking institution, has announced that it recently suffered a data breach in which a victim gained access to a database hosted by a third-party provider. In the immediate aftermath of the breach, Santander moved […]

La entrada Santander Falls Victim to Data Breach Involving Third-Party Provider – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Microsoft Security 3 Min Read Source: Skorzewiak via Alamy Stock Photo Since June 2023, Microsoft has observed several notable cyber and influence trends from China and North Korea that indicate nation-state threat groups are doubling down on familiar targets by using more sophisticated influence techniques to achieve their goals. To protect their organizations […]

La entrada Asian Threat Actors Use New Techniques to Attack Familiar Targets – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Thongden Studio via Shutterstock A likely Chinese threat actor is using a recent variant of the notorious Gh0st RAT malware to try and steal information from artificial intelligence experts in US companies, government agencies, and academia. Researchers at security vendor Proofpoint first spotted the campaign earlier […]

La entrada US AI Experts Targeted in SugarGh0st RAT Campaign – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: maximimages.com via Alamy Stock Photo Researchers have discovered 11 security vulnerabilities in GE HealthCare’s Vivid Ultrasound family of products, as well as two related software programs. The issues are varied, and include missing encryption of sensitive data, use of hardcoded credentials, and more. They range in […]

La entrada GE Ultrasound Gear Riddled With Bugs, Open to Ransomware & Data Theft – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Source: Ian Allenden via Alamy Stock Photo For the first time ever, the Federal Communications Commission (FCC) Enforcement Bureau has identified a specific threat group as being behind a spate of pernicious robocall campaigns. The group, dubbed “Royal Tiger,” has associates in India, the United […]

La entrada FCC Reveals 'Royal Tiger' Robocall Campaign – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Brian Fox Brian Fox, CTO & Co-Founder, Sonatype May 16, 2024 5 Min Read Source: Stu Gray via Alamy Stock Photo COMMENTARY In the realm of cybersecurity, understanding your biggest vulnerabilities is essential. The National Institute of Standards and Technology (NIST) initially established the National Vulnerability Database (NVD) to provide a […]

La entrada The Fall of the National Vulnerability Database – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Alex Brylov via Shutterstock Following a recently documented Black Basta ransomware vishing campaign, Microsoft Threat Intelligence acknowledged May 15 that a financially motivated threat actor tracked as Storm-1811 since mid-April has been following the playbook. The threat group is using a socially engineered campaign to trick […]

La entrada Windows Quick Assist Anchors Black Basta Ransomware Gambit – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Arletta Cwalina via Alamy Stock Photo Another Google Chrome zero-day vulnerability is being exploited in the wild, the tech giant has disclosed — the third such bug revealed in just a week. Google has pushed an emergency fix for the high-severity flaw (CVE-2024-4947) with […]

La entrada Patch Now: Another Google Zero-Day Under Exploit in the Wild – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Aleksandra Sova via Shutterstock The Nigerian government halted its effort to fund national cybersecurity improvements through a 0.5% levy on domestic electronic transactions after the current administration faced widespread public criticism for increasing taxes during an economic crisis. As recently as May 6, the Central Bank […]

La entrada Nigeria Halts Cybersecurity Tax After Public Outrage – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Pawel Michalowski via Shutterstock Researchers at Belgium’s KU Leuven discovered a fundamental design flaw in the IEEE 802.11 Wi-Fi standard that gives attackers a way to trick victims into connecting with a less secure wireless network than the one to which they intended to connect. Such […]

La entrada Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: PRESS RELEASE SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ — Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, and IBM (NYSE: IBM), a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver AI-powered security outcomes for customers. The announcement is a testament to Palo Alto Networks’ and IBM’s commitment […]

La entrada Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: PRESS RELEASE WILLOW GROVE, Pa., May 14, 2024 /PRNewswire/ — On or around February 6, 2024, Hypertension-Nephrology Associates, P.C. (“the Practice”) became aware it was the target of an extortion attack when an extortion note was found on its computer system. Upon discovery of the extortion note, the Practice took immediate action including engaging cybersecurity […]

La entrada Notice of a Data Breach – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: PRESS RELEASE SAN JOSE, CA – May 15, 2024 – Alkira®, the leader in on-demand network infrastructure as-a-service, today announced the closing of a $100 million Series C funding round, bringing the company’s total funding raised to date to $176 million. The round was led by Tiger Global Management, a leading global investment […]

La entrada Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Andrea Danti via Alamy Stock Photo Phishing emails mimicking DocuSign are rising, thanks to a thriving underground marketplace for fake templates and login credentials. Over the past month, researchers from Abnormal Security claim to have tracked a significant increase in phishing attacks designed to mimic legitimate […]

La entrada Scammers Fake DocuSign Templates to Blackmail & Steal From Companies – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Convery flowers via Alamy Stock Photo On the morning of May 15, the FBI seized BreachForums’ hacking forum, as well as its Telegram channel. The website is now displaying a message alerting visitors that it has been taken down by the FBI and US […]

La entrada FBI, DoJ Shut Down BreachForums, Launch Investigation – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: KsanderDN via Shutterstock Researchers have released an exploit for a zero-day security flaw in a family of D-Link routers that can allow attackers to take over devices and execute commands with root privileges. The SSD Secure Disclosure team of researchers released a proof-of-concept exploit for a […]

La entrada D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Matan Getz Matan Getz, CEO & Co-Founder, Aim Security May 15, 2024 5 Min Read Source: marcos alvarado via Alamy Stock Photo COMMENTARY We are now deep in the age of artificial intelligence (AI). Much more than a passing trend, this transformative technology is set to fundamentally alter the way we do […]

La entrada 3 Tips for Becoming the Champion of Your Organization’s AI Committee – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: VideoFlow via Shutterstock Lawmakers in Singapore updated the nation’s cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident […]

La entrada Singapore Cybersecurity Update Puts Cloud Providers on Notice – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Ericka Chickowski, Contributing Writer Source: Stuart Miles via Alamy Stock Photo RSA CONFERENCE 2024 – San Francisco – Only five months into 2024, and the year has been a busy one for cybersecurity practitioners, with multi-year supply chain attacks, nation-state actors exploiting multiple vulnerabilities in network gateways and edge devices, and […]

La entrada Top 5 Most Dangerous Cyber Threats in 2024 – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: Wim Wiskerke via Alamy Stock Photo A trio of zero-days headline Microsoft’s May Patch Tuesday update, which offers a modest spring bouquet of 59 CVEs in total (just a third of last month’s downpour of patches for admins to deal with). But at […]

La entrada Microsoft Windows DWM Zero-Day Poised for Mass Exploit – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: FrankHH via Shutterstock Many organizations that have implemented passwordless authentication via the FIDO2 standard may be undermining some of the security benefits of the approach by not properly securing the sessions that take place after authentication happens. That oversight gives adversaries an opening to use a […]

La entrada Unprotected Session Tokens Can Undermine FIDO2 Security – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Design Pics Inc via Alamy Stock Photo Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them. A game of cops and robbers is playing out between the FBI and Scattered Spider (aka UNC3944, […]

La entrada As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: NicoElNino via Shutterstock Companies have a problem with encryption: While many businesses duly encrypt sensitive data, there is no standard strategy for deploying and managing an key-management infrastructure. Every organization needs to make a large number of decisions in designing a key-management policy that works for […]

La entrada A Cost-Effective Encryption Strategy Starts With Key Management – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: Kristoffer Tripplaar via Alamy Stock Photo Google has released an emergency security update for its Chrome browser, including a patch for a zero-day vulnerability that has exploit code released in the wild that could lead to data theft, lateral movement, malware implantation, and […]

La entrada Dangerous Google Chrome Zero-Day Allows Sandbox Escape – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Aleksey Funtap via Alamy Stock Photo Attackers are taking malicious manipulation of DNS traffic to the next level, abusing DNS tunneling to scan a victim’s network infrastructure as well as track victims’ online behavior. The goal? To gain useful insights into new ways to compromise organizations. […]

La entrada DNS Tunneling Abuse Expands to Tracking & Scanning Victims – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Rex Booth Rex Booth, Chief Information Security Officer, SailPoint May 14, 2024 5 Min Read Source: Bryan Sikora via Alamy Stock Photo COMMENTARY The unfortunate truth is, if you’re looking for an entry-level position in the cybersecurity field, there aren’t many on-ramps. The wide-ranging security certification bodies and training organizations that […]

La entrada There Is No Cyber Labor Shortage – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Andrada Fiscutean Back in April 2014, researchers uncovered a serious vulnerability in OpenSSL. There are many serious vulnerabilities, but this one was particularly bad, with security expert Bruce Schneier calling it “catastrophic.” On his blog, Schneier wrote, “On the scale of 1 to 10, this is an 11.” The Tor Project […]

La entrada Heartbleed: When Is It Good to Name a Vulnerability? – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: ciaobucarest via Alamy Stock Photo A new Black Basta campaign is annoying victims into submission with onslaughts of spam emails and fake customer service representatives tricking them into downloading malware. The news comes against the backdrop of a fresh joint cybersecurity advisory from the FBI, Cybersecurity […]

La entrada 500 Victims In, Black Basta Reinvents With Novel Vishing Strategy – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Trambler58 via Shutterstock A Ukrainian agency in charge of television and radio broadcasting reported that Russian hackers hijacked Ukrainian television channels on May 9 to air a Victory Day parade honoring the defeat of Nazi Germany in World War II. The broadcasting agency, Nacrada, […]

La entrada Ukrainian, Latvian TV Hijacked to Broadcast Russian Celebrations – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: Deco via Alamy Stock Photo A well-known hacking outfit called “IntelBroker” has put up for sale what it claims to be Europol data stolen earlier this month. The international law enforcement agency has confirmed that it’s investigating the incident. The data was advertised […]

La entrada IntelBroker Nabs Europol Info; Agency Investigating – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: John A. Smith John A. Smith, Founder & Chief Security Officer, Conversant Group May 13, 2024 4 Min Read Source: Leigh Prather via Alamy Stock Photo COMMENTARY Authentication tokens aren’t actual physical tokens, of course. But when these digital identifiers aren’t expired regularly or pinned for use by a specific device […]

La entrada Why Tokens Are Like Gold for Opportunistic Threat Actors – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: jamesteohart via Shutterstock Millions of IoT devices in sectors such as financial services, telecommunications, healthcare, and automotive are at risk of compromise from several vulnerabilities in a cellular modem technology the devices use to communicate with each other and with centralized servers. The vulnerabilities in Cinterion […]

La entrada Millions of IoT Devices at Risk from Flaws in Integrated Cellular Modem – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Lev Dolgachov via Alamy Stock Photo Roughly a third of CISOs are dissatisfied with their compensation, according to new data from IANS Research and Artico Search. The research — “The Compensation, Budget and Satisfaction Benchmark for Tech CISOs, 2023–2024” — was based on nearly […]

La entrada CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Anthony Spratt via Alamy Stock Photo Around 50,000 instances of an open source proxy server used for small networks are exposed to denial-of-service (DoS) attacks and even potentially remote code execution (RCE), via a flaw that can be exploited by an HTTP request. A use-after-free flaw […]

La entrada Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Ericka Chickowski, Contributing Writer Source: designer491 via Alamy Stock Photo As the CISO role matures in enterprise settings and security executives level up their positions from technology managers into more well-rounded risk advisers and business leaders, career progressions are changing. The CISO job is no longer the final executive destination for […]

La entrada CISO as a CTO: When and Why It Makes Sense – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer At 2024’s RSA Conference this week, brand names like Microsoft, Amazon Web Service (AWS), International Business Machines (IBM), Fortinet, and more agreed to take steps toward meeting a set of seven objectives defined by the US’s premier cyber authority. The agreement is voluntary, not legally binding, anodyne, […]

La entrada Is CISA’s Secure by Design Pledge Toothless? – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Karen Spiegelman, Features Editor Reality Defender co-founder and CEO Ben Colman (left) onstage with host Hugh ThompsonSource: RSA Conference For the second year in a row, an AI-based security startup took the prize for Most Innovative Startup at RSA Conference’s Innovation Sandbox competition. Last year, HiddenLayer started its presentation with a […]

La entrada Reality Defender Wins RSAC Innovation Sandbox Competition – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Nathan Eddy, Contributing Writer Source: MBI via Alamy Stock Photo Healthcare provider Ascension, which operates 140 hospitals across 19 states, fell victim to a cyberattack that took down multiple essential systems including electronic health records (EHRs), the MyChart platform for patient communication, and certain medication and test-ordering systems. The organization disclosed […]

La entrada Ascension Healthcare Suffers Major Cyberattack – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff Transcript of Dark Reading Confidential, Episode 1: The CISO and the SEC Becky Bracken, Senior Editor, Dark Reading: Hello everyone and welcome to Dark Reading Confidential. It’s a brand new podcast from the editors of Dark Reading where we are going to focus on bringing you real-world stories […]

La entrada Dark Reading Confidential: The CISO and the SEC – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Jackson Shaw Jackson Shaw, Chief Security Officer, Clear Skye May 10, 2024 4 Min Read Source: Brain light via Alamy Stock Photo COMMENTARY Prevention: It’s the word we hear most when discussing cybersecurity. We read articles and hear experts speak about attack prevention or carelessness that leads to data compromises. In […]

La entrada You’ve Been Breached: What Now? – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Kelly Jackson Higgins, Editor-in-Chief, Dark Reading Source: aleksandr Lychagin via Alamy Stock Photo At one of the first meetings Dark Reading held with its inaugural CISO Advisory Board last year, one of the questions a couple members of the board asked us was, “Why doesn’t Dark Reading have a podcast?” The […]

La entrada Dark Reading ‘Drops’ Its First Podcast – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Kelly Jackson Higgins, Editor-in-Chief, Dark Reading Source: Alfonso Fabiio Iozzino via Alamy Stock Photo RSA CONFERENCE 2024 – San Francisco – Everyone’s talking about deepfakes, but the majority of AI-generated synthetic media circulating today will seem quaint in comparison to the sophistication and volume of what’s about to come. Kevin Mandia, […]

La entrada Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.