PRESS RELEASE
BIRMINGHAM, Mich., March 11, 2024/PRNewswire/ — IT-Harvest, the only provider of comprehensive cybersecurity industry data, is thrilled to announce a significant milestone in its journey. IT-Harvest’s industry Dashboard, the company’s flagship platform, has now ingested over 10,000 cybersecurity products, marking a new era in cybersecurity industry research.…
The role of chief information security officer (CISO) has expanded in the past decade thanks to rapid digital transformation. Now CISOs have to be far more business-oriented, wear many more hats, and communicate effectively with board members, employees, and customers alike, or else risk serious security failures.…
Ever since the Internet became a commercial entity, hackers have been using it to impersonate businesses through a variety of clever means. And one of the most enduring of these exploits is the practice of typosquatting — i.e., using look-alike websites and domain names to lend legitimacy to social engineering efforts.…
To security professionals, compliance may not be the sexiest subject. It is an important one, however, for a variety of reasons. The security team are important stakeholders in governance, risk, and compliance (GRC) efforts, and thus, those efforts deserve an appropriate amount of attention within the goals and priorities of the security organization.…
As companies rush to develop and test artificial intelligence and machine learning (AI/ML) models in their products and daily operations, the security of the models is often an afterthought, putting the firms at risk of falling prey to backdoor and hijacked models.
Companies with their own ML team have more than 1,600 models in production, and 61% of companies acknowledge that they do not have good visibility into all of their ML assets, according to survey data published by HiddenLayer, an AI/ML security firm.…
A nonprofit has launched the first open source platform aimed at delivering sophisticated anti-fraud capabilities to financial systems in Africa as well as parts of Asia and the Middle East.
The Tazama open source project is real-time financial transaction monitoring software that can be deployed by digital financial services providers to detect and block fraudulent transactions and protect consumer accounts.…
COMMENTARY
The cybersecurity landscape, particularly within the Microsoft 365 ecosystem, constantly evolves. Recent incidents involving major tech companies and cybersecurity firms highlight a critical reality: Understanding security best practices for Microsoft 365 differs from implementing them effectively.
Kaspersky reports that 2023 saw a 53% increase in cyber threats targeting documents, including Microsoft Office documents, daily.…
Japanese cybersecurity officials warned that North Korea’s infamous Lazarus Group hacking team recently waged a supply chain attack targeting the PyPI software repository for Python apps.
Threat actors uploaded tainted packages with names such as “pycryptoenv” and “pycryptoconf” — similar in name to the legitimate “pycrypto” encryption toolkit for Python.…
The US Justice Department has charged a former Google software engineer with stealing artificial intelligence-related trade secrets from the company, with an eye to using it at two AI-related firms he was associated with in China.
If convicted, Linwei Ding, aka Leon Ding, faces up to 10 years in prison and a fine of $250,000 on each of the four counts of trade secrets theft on which he has been indicted.…
Cybersecurity professionals are finding it more attractive to take their talents to the Dark Web and earn money working on the offensive side of cybercrime. This puts enterprises in a tough spot: cut into profit growth to keep cybersecurity skills from flowing to the highest bidder, or figure out how to defend their networks against those who know their weaknesses most intimately.…
Amid a steep rise in politically motivated deepfakes, South Korea’s National Police Agency (KNPA) has developed and deployed a tool for detecting AI-generated content for use in potential criminal investigations.
According to the KNPA’s National Office of Investigation (NOI), the deep learning program was trained on approximately 5.2 million pieces of data sourced from 5,400 Korean citizens.…
The Russian state-sponsored advanced persistent threat (APT) group known as Midnight Blizzard has nabbed Microsoft source code after accessing internal repositories and systems, as part of an ongoing series of attacks by a very sophisticated adversary.
The Redmond giant noted today that the previously announced cyber campaign by Midnight Blizzard, which commenced in January, has evolved.…
Fresh proof-of-concept (PoC) exploits are circulating in the wild for a widely targeted Atlassian Confluence Data Center and Confluence Server flaw. The new attack vectors could enable a malicious actor to stealthily execute arbitrary code within Confluence’s memory without touching the file system.
Researchers at VulnCheck have been tracking the exploits for the CVE-2023-22527 remote code execution (RCE) vulnerability, which was disclosed in January.…
When you step inside Cloudflare’s San Francisco office, the first thing you notice is a wall of lava lamps. Visitors often stop to take selfies, but the peculiar installation is more than an artistic statement; it’s an ingenious security tool.
The changing patterns created by the lamps’ floating blobs of wax help Cloudflare encrypt internet traffic.…
COMMENTARY
Ten years have passed since the infamous Stuxnet attack highlighted the vulnerabilities of the operational technology (OT) systems that play a crucial role in our critical infrastructure. Yet despite advancements, these systems remain exposed, raising concerns about our preparedness for future cyber threats. A recent Dark Readingarticle by Dan Raywood highlighted how programmable logic controllers (PLCs), specifically Siemens-branded controllers, are still vulnerable.…
The US National Security Agency (NSA) delivered its guidelines for zero-trust network security this week, offering a more concrete roadmap towards zero-trust adoption. It’s an important effort to try to bridge the gap between desire for and implementation of the concept.
As businesses shift more workloads to the cloud, zero trust computing strategies have moved from a buzzy hype phase to enjoying the status of an essential security approach.…
Open-source repositories are critical to running and writing modern applications, but beware – carelessness could detonate mines and inject backdoors and vulnerabilities in software infrastructures. IT departments and project maintainers need to assess a project’s security capabilities to ensure malicious code is not being incorporated into the application.…
Open source repositories are critical to running and writing modern applications, but beware — carelessness could detonate mines and inject backdoors and vulnerabilities in software infrastructures. IT departments and project maintainers need to assess a project’s security capabilities to ensure malicious code is not being incorporated into the application.…
Attacks targeting two security vulnerabilities in the TeamCity CI/CD platform have begun in earnest just days after its developer, JetBrains, disclosed the flaws on March 3.
The attacks include at least one campaign to distribute ransomware, and another in which a threat actor appears to be creating admin users on vulnerable TeamCity instances for potential future use.…
PRESS RELEASE
SINGAPORE – 29th February 2024 — In the modern age, large companies are wrestling to leverage their customers’ data to provide ever-better AI-enhanced experiences but a key barrier to leveraging this opportunity is mounting public concern around data privacy, as ever-greater data processing poses risks of data leaks by hackers and malicious insiders.Silence…