Researchers at IBM and VU Amsterdam have developed a new attack that exploits speculative execution mechanisms in modern computer processors to bypass checks in operating systems against what are known …
Author: DarkReading
This week, a division of the National Health Service (NHS) Scotland was struck by a cyberattack, potentially disrupting services and exposing patient and employee data. Meanwhile, a researcher disclosed a …
In late 2023, I wrote an article comparing how well ChatGPT and Google Bard handle writing security policies. Given that ChatGPT 4.0 has been available as a paid version, called ChatGPT Plus, …
The reality of cybersecurity for companies is that adversaries compromise systems and networks all the time, and even well-managed breach-prevention programs often have to deal with attackers inside their perimeters.…
PRESS RELEASE
DENVER, March 5, 2024 – Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such …
PRESS RELEASE
HERNDON, Va., March 13, 2024 — (BUSINESS WIRE) — Expel, the leading managed detection and response (MDR) provider, today unveiled the updated version of its National Institute of …
SAN FRANCISCO, March 13, 2024 — Nozomi Networks Inc. today announced a $100 million Series E funding round to help accelerate innovative cyber defenses and expand cost-efficient go-to-market expansion globally. …
The Federal Communications Commission (FCC) will be rolling out a voluntary cybersecurity labeling program for Internet of Things (IoT) products for consumers
At its public meeting today, the Commission unanimously …
Fortinet has patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices.
The flaw, identified as CVE-2024-48788, stems from an SQL …
Congress voted in favor of banning the popular social media app TikTok on Wednesday, following its passage last week by the House Energy Committee. The bill requires any company controlled …
DarkGate malware operators have been exploiting a now-patched Windows SmartScreen bypass flaw through a phishing campaign that distributes fake Microsoft software installers to propagate the malicious code.
Trend Micro researchers, …
COMMENTARY
Cyber-incident attribution gets a lot of attention, for good reasons. Identifying the actor(s) behind an attack enables taking legal or political action against the adversary and helps cybersecurity researchers …
The rapid adoption of IT and operational technology (OT) by the United Arab Emirates (UAE) has dramatically increased its attack surface, with nearly 155,000 recently discovered remotely accessible assets left …
PRESS RELEASE
NEW YORK and ORLANDO, Fla., March 12, 2024/PRNewswire/ —Claroty, the cyber-physical systems (CPS) protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning …
PRESS RELEASE
VANCOUVER, BC,March 12, 2024/PRNewswire/ — Codezero, the innovator in secure enterprise microservices development, today announced a $3.5 million seed-funding round led by Ballistic Ventures, the venture capital firm dedicated …
PRESS RELEASE
NEW YORK and ORLANDO, Fla. — March 12, 2024 — Claroty, the cyber-physical systems (CPS) protection company, today announced at the annual HIMSS24 conference the release of the…
Whether it is to support compliance efforts for regulatory mandated logging, to feed daily security operations center (SOC) work, to support threat hunters or bolster incident response capabilities, security telemetry …
A team of researchers from Google DeepMind, Open AI, ETH Zurich, McGill University, and the University of Washington have developed a new attack for extracting key architectural information from proprietary …
Driven by the promise of new lines of revenue and lower manufacturing costs, automobile manufacturers are enthusiastically turning vehicles into next-gen application platforms. Increasingly, organizations that run fleets or have …
A possible ransomware attack at Nissan has exposed personal information belonging to around 100,000 people in Australia and New Zealand.
The Japanese vehicle manufacturer has a troubled history with cyberattacks, …
A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows …
COMMENTARY
Artificial intelligence (AI) is rapidly altering nearly every aspect of our daily lives, from how we work to how we ingest information to how we determine our leaders. As …
Three security vulnerabilities unearthed in the extension functions ChatGPT employs open the door to unauthorized, zero-click access to users’ accounts and services, including sensitive repositories on platforms like GitHub.
ChatGPT …
A sophisticated Brazilian banking Trojan is using a novel method for hiding its presence on Android devices.
“PixPirate” is a multipronged malware specially crafted to exploit Pix, an app for …
Iranian hacktivists executed a supply chain attack on Israeli universities by initially breaching systems of a local technology provider to the academic sector.
The self-styled Lord Nemesis group boasted online …
Last year, the National Institute of Standards and Technology (NIST) began the process of standardizing the post-quantum cryptography (PQC) algorithms it selected — the final step before making these mathematical …
Microsoft issued patches for 60 unique CVEs in its Patch Tuesday security update for March, only two of which are rated as “critical” and needing priority attention. Both affect the …
While threat actors converged on Ivanti edge devices earlier this year, one of them moved quicker than the rest, deploying a one-day exploit the day after its public disclosure.
Of …
COMMENTARY
Part one of a two-part article.
In cybersecurity, attribution refers to identifying an adversary (not just the persona) likely responsible for malicious activity. It is typically derived from collating …
For all its guardrails and safety protocols, Google’s Gemini large language model (LLM) is as susceptible as its counterparts to attacks that could cause it to generate harmful content, disclose …
Voice phishing, or vishing, is having a moment right now, with numerous active campaigns across the world that are ensnaring even savvy victims who might seem likely to know better, …
PRESS RELEASE
BIRMINGHAM, Mich., March 11, 2024/PRNewswire/ — IT-Harvest, the only provider of comprehensive cybersecurity industry data, is thrilled to announce a significant milestone in its journey. IT-Harvest’s industry Dashboard, the company’s …
The role of chief information security officer (CISO) has expanded in the past decade thanks to rapid digital transformation. Now CISOs have to be far more business-oriented, wear many more …
Ever since the Internet became a commercial entity, hackers have been using it to impersonate businesses through a variety of clever means. And one of the most enduring of these …
To security professionals, compliance may not be the sexiest subject. It is an important one, however, for a variety of reasons. The security team are important stakeholders in governance, risk, …
As companies rush to develop and test artificial intelligence and machine learning (AI/ML) models in their products and daily operations, the security of the models is often an afterthought, putting …
A nonprofit has launched the first open source platform aimed at delivering sophisticated anti-fraud capabilities to financial systems in Africa as well as parts of Asia and the Middle East.…
COMMENTARY
The cybersecurity landscape, particularly within the Microsoft 365 ecosystem, constantly evolves. Recent incidents involving major tech companies and cybersecurity firms highlight a critical reality: Understanding security best practices for …
Japanese cybersecurity officials warned that North Korea’s infamous Lazarus Group hacking team recently waged a supply chain attack targeting the PyPI software repository for Python apps.
Threat actors uploaded tainted …
The US Justice Department has charged a former Google software engineer with stealing artificial intelligence-related trade secrets from the company, with an eye to using it at two AI-related firms …
Cybersecurity professionals are finding it more attractive to take their talents to the Dark Web and earn money working on the offensive side of cybercrime. This puts enterprises in a …
Amid a steep rise in politically motivated deepfakes, South Korea’s National Police Agency (KNPA) has developed and deployed a tool for detecting AI-generated content for use in potential criminal investigations.…
The Russian state-sponsored advanced persistent threat (APT) group known as Midnight Blizzard has nabbed Microsoft source code after accessing internal repositories and systems, as part of an ongoing series of …
Fresh proof-of-concept (PoC) exploits are circulating in the wild for a widely targeted Atlassian Confluence Data Center and Confluence Server flaw. The new attack vectors could enable a malicious actor …
When you step inside Cloudflare’s San Francisco office, the first thing you notice is a wall of lava lamps. Visitors often stop to take selfies, but the peculiar installation is …
COMMENTARY
Ten years have passed since the infamous Stuxnet attack highlighted the vulnerabilities of the operational technology (OT) systems that play a crucial role in our critical infrastructure. Yet despite …
The US National Security Agency (NSA) delivered its guidelines for zero-trust network security this week, offering a more concrete roadmap towards zero-trust adoption. It’s an important effort to try to …
Open source repositories are critical to running and writing modern applications, but beware — carelessness could detonate mines and inject backdoors and vulnerabilities in software infrastructures. IT departments and project …
Open-source repositories are critical to running and writing modern applications, but beware – carelessness could detonate mines and inject backdoors and vulnerabilities in software infrastructures. IT departments and project maintainers …
Attacks targeting two security vulnerabilities in the TeamCity CI/CD platform have begun in earnest just days after its developer, JetBrains, disclosed the flaws on March 3.
The attacks include at …