Tag: technology
-
Your Health Information Was Compromised. Now What?
by
in SecurityNewsThe healthcare industry has become increasingly reliant on technology to enhance patient care, from advanced image-guided surgery to… First seen on hackread.com Jump to article: hackread.com/your-health-information-compromised-now-what/
-
New Microsoft Unit to Navigate Impact of AI
by
in SecurityNews‘Advanced Planning Unit’ to Focus on Societal, Economic, Workplace Implications. Microsoft has created a new research-focused entity as part of its artificial intelligence division to analyze and anticipate the technology’s societal, economic and workplace implications. It will report directly to Mustafa Suleyman, CEO of Microsoft AI. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-microsoft-unit-to-navigate-impact-ai-a-27436
-
Selecting the Right MSSP: A Chief Technology Officer’s Checklist
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/perspective/selecting-the-right-mssp-a-chief-technology-officers-checklist
-
Lazarus Group Exploits Trusted Apps for Data Theft via Dropbox
by
in SecurityNews
Tags: crypto, cyber, data, espionage, exploit, group, infrastructure, korea, lazarus, north-korea, programming, software, technology, theft, toolIn an alarming development, North Korea’s infamous Lazarus Group has been linked to a global cyber espionage campaign, code-named Operation Phantom Circuit. Beginning in September 2024, this operation exploited trusted software development tools to infiltrate systems worldwide, targeting cryptocurrency and technology developers. The campaign’s advanced obfuscation techniques and infrastructure demonstrate a significant evolution in the…
-
The CISO’s role in advancing innovation in cybersecurity
by
in SecurityNews
Tags: access, advisory, ai, attack, best-practice, business, ceo, ciso, conference, cyber, cybersecurity, finance, network, phone, risk, startup, strategy, technology, threat, toolCybersecurity leaders have an advantage when it comes to innovation given their front seat facing new and old threats. That is why many CISOs are playing an active role in shaping emerging solutions, which also gives them a clear understanding of where current solutions fall short.”CISOs can play a part in supporting innovation by shaping…
-
5 Encrypted Attack Predictions for 2025
by
in SecurityNews
Tags: access, ai, apt, attack, automation, cloud, communications, computer, computing, control, cryptography, cyber, cyberattack, cybercrime, data, data-breach, defense, detection, email, encryption, exploit, government, group, india, infrastructure, intelligence, Internet, malicious, malware, network, phishing, ransomware, risk, service, tactics, technology, threat, update, vpn, zero-trustThe cyberthreat landscape of 2024 was rife with increasingly sophisticated threats, and encryption played a pivotal role”, a staggering 87.2% of threats were hidden in TLS/SSL traffic. The Zscaler cloud blocked 32.1 billion attempted encrypted attacks, a clear demonstration of the growing risk posed by cybercriminals leveraging encryption to evade detection. ThreatLabz reported that malware…
-
New Apple SLAP FLOP Side-Channel Attacks Let Attackers Steal Login Details From Browser
by
in SecurityNewsResearchers from the Georgia Institute of Technology and Ruhr University Bochum have uncovered two novel speculative execution attacks, named SLAP (Speculative Data Attacks via Load Address Prediction) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions). These vulnerabilities impact Apple Silicon chips, exposing critical security risks in devices built on the M2/A15…
-
New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
by
in SecurityNewsA team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and…
-
Want to be an effective cybersecurity leader? Learn to excel at change management
by
in SecurityNews
Tags: authentication, awareness, business, cio, ciso, cloud, compliance, corporate, cybersecurity, finance, fraud, group, guide, Hardware, identity, jobs, password, privacy, risk, risk-management, service, skills, software, strategy, technology, threat, vulnerability, zero-trustIf there’s one thing that’s inevitable in cybersecurity, it’s change. Ever-evolving technology requires new protections, threats seem to multiply and morph on a daily basis, and even the humblest pieces of software and hardware demand constant updating to stay secure.That work has been increasing as the importance, visibility, and impact of security initiatives have ramped…
-
Unknown threat actor targeting Juniper routers with backdoor: Report
by
in SecurityNewsNetwork administrators using routers from Juniper Networks are being urged to scan for possible compromise after the discovery that an unknown threat actor has been installing a backdoor in customer routers since at least 2023.The bad news: According to researchers at Lumen Technology’s Black Lotus Labs, the unknown attacker can install a reverse shell on…
-
Canceled executive order clears way for unbridled GenAI growth
by
in SecurityNewsAt first glance, the deregulation appears like a way to drive innovation forward. However, it will slow AI safety efforts and could impede innovation in AI technology in some ways. First seen on techtarget.com Jump to article: www.techtarget.com/searchenterpriseai/news/366618451/Canceled-executive-order-clears-way-for-unbridled-GenAI-growth
-
5 ways boards can improve their cybersecurity governance
by
in SecurityNews
Tags: attack, breach, business, ciso, cloud, cyber, cybersecurity, data, election, endpoint, finance, gartner, governance, government, group, identity, incident, india, infrastructure, jobs, middle-east, network, ransomware, regulation, risk, skills, technology, threat, trainingAs chairman of the board for Cinturion Group, Richard Marshall is intimately involved in ensuring the security of the fiber optic network his company is constructing from India through the Middle East and on to Europe.The monumental Trans Europe Asia System (TEAS) will be difficult enough to build given it will be buried beneath thousands…
-
Is Online Fax Secure? Everything You Need to Know
by
in SecurityNewsOnline faxing uses the latest security technology, including end-to-end encryption, secure transmission and multi-factor authentication, to keep your information safe. How Does Online Fax Work? Online faxing is a cutting-edge technology that is much more convenient and secure than traditional faxing. Online fax services use the latest encryption, secure transmission and multi-factor authentication to keep…
-
Prosecutors say they can’t obtain murder conviction after judge throws out evidence from facial recognition match
by
in SecurityNewsAn Ohio judge threw out key evidence in a murder case earlier this month because the prosecution improperly relied on facial recognition technology, highlighting the limitations of a tool being widely adopted by police departments across the country. First seen on therecord.media Jump to article: therecord.media/prosecutors-cant-obtain-murder-conviction-after-judge-throws-out-facial-recognition-evidence
-
DeepSeek hit by cyberattack and outage amid breakthrough success
by
in SecurityNews
Tags: access, ai, apple, attack, ceo, china, compliance, control, cyberattack, cybersecurity, data, detection, encryption, finance, GDPR, google, group, HIPAA, infrastructure, malicious, nvidia, open-source, risk, saas, service, startup, technology, threat, tool, training, vulnerabilityChinese AI startup DeepSeek said it was hit by a cyberattack, prompting the company to restrict user registrations and manage website outages as demand for its AI assistant soared.According to the company’s status page, DeepSeek has been investigating the issue since late evening Beijing time on Monday.”Due to large-scale malicious attacks on DeepSeek’s services, registration…
-
US takes aim at healthcare cybersecurity with proposed HIPAA changes
by
in SecurityNews
Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-managementThe US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
-
The cybersecurity skills gap reality: We need to face the challenge of emerging tech
by
in SecurityNewsThe cybersecurity skills shortage remains a controversial topic. Research from ISC2 states that the current global workforce of cybersecurity professionals stands at 5.5 million, but the workforce currently needs 10.2 million, a gap of 4.8 million people.Skeptics (and there are lots of them) say hogwash! They claim that these numbers are purely self-serving for ISC2,…
-
Privacy Roundup: Week 4 of Year 2025
by
in SecurityNews
Tags: access, ai, apt, attack, backup, botnet, breach, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, identity, infrastructure, korea, lazarus, leak, login, malicious, malware, north-korea, phishing, phone, privacy, regulation, remote-code-execution, risk, router, scam, service, software, startup, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 19 JAN 2025 – 25 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
DeepSeek’s New AI Model Shakes American Tech Industry
by
in SecurityNewsAI Startup’s R1 Model Draws Praise and Skepticism. An open reasoning model from Chinese artificial intelligence startup DeepSeek has the tech industry assessing its potential impact as shares of U.S. technology mainstays plummeted in trading on Monday. Hangzhou-based DeepSeek released its R1 model on Jan. 20. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/deepseeks-new-ai-model-shakes-american-tech-industry-a-27381
-
Critical Isolation Vulnerability in Intel Trust Domain Extensions Exposes Sensitive Data
by
in SecurityNewsResearchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel Trust Domain Extensions (TDX), a foundational technology designed to ensure robust isolation between virtual machines (VMs) in secure environments. The study reveals that hardware performance counters (HPCs), meant for performance monitoring, can be exploited by Virtual Machine Managers (VMMs) to…
-
Data Privacy Day 2025: A Chance to Take Control of Your Data
by
in SecurityNews
Tags: access, ai, awareness, business, cloud, compliance, control, country, data, encryption, governance, law, password, privacy, regulation, service, software, strategy, technology, toolData Privacy Day 2025: A Chance to Take Control of Your Data madhav Mon, 01/27/2025 – 09:19 Trust is the cornerstone of every successful relationship between businesses and their customers. On this Data Privacy Day, we reflect on the pivotal role trust plays in the digital age. It’s earned not just through excellent products or…
-
A pickle in Meta’s LLM code could allow RCE attacks
by
in SecurityNews
Tags: ai, attack, breach, cve, cvss, data, data-breach, exploit, flaw, framework, github, LLM, malicious, ml, network, open-source, rce, remote-code-execution, software, supply-chain, technology, theft, vulnerabilityMeta’s large language model (LLM) framework, Llama, suffers a typical open-source coding oversight, potentially allowing arbitrary code execution on servers leading to resource theft, data breaches, and AI model takeover.The flaw, tracked as CVE-2024-50050, is a critical deserialization bug belonging to a class of vulnerabilities arising from the improper use of the open-source library (pyzmq)…
-
CISOs’ top 12 cybersecurity priorities for 2025
by
in SecurityNews
Tags: access, ai, api, attack, authentication, automation, awareness, business, cio, ciso, cloud, compliance, control, corporate, cybersecurity, data, detection, framework, governance, identity, incident response, infrastructure, intelligence, jobs, mitigation, monitoring, mssp, oracle, penetration-testing, privacy, risk, risk-management, service, strategy, technology, threat, training, usa, zero-trustSecurity chief Andrew Obadiaru’s to-do list for the upcoming year will be familiar to CISOs everywhere: advance a zero-trust architecture in the organization; strengthen identity and access controls as part of that drive; increase monitoring of third-party risks; and expand the use of artificial intelligence in security operations.”Nothing is particularly new, maybe AI is newer,…
-
Cybersecurity needs women, and it needs to treat them better
by
in SecurityNews
Tags: cio, ciso, computer, cyber, cyberattack, cybersecurity, data-breach, group, healthcare, jobs, service, skills, technology, trainingThe participation of women in cybersecurity is vital, a non-negotiable proposition. Forget any current handwringing over diversity and equity; it’s fundamental that the contribution of women to the profession has made cybersecurity better.The proverbial door was kicked open long ago for women, who have made major contributions to the development of information security. But it’s…
-
New CEO Rob Greer on Scaling ExtraHop’s NDR Product Globally
by
in SecurityNewsGreer on Adding Capabilities Adjacent to NDR, Using Channel Partnerships for Scale. New ExtraHop CEO Rob Greer sees massive potential in scaling the company’s network detection and response platform globally. His strategy includes investing in international markets, enhancing channel partnerships and delivering value to large enterprises through seamless technology integration. First seen on govinfosecurity.com Jump…
-
10 top XDR tools and how to evaluate them
by
in SecurityNews
Tags: ai, attack, automation, business, cloud, computing, container, corporate, credentials, data, defense, detection, edr, email, encryption, endpoint, finance, firewall, google, guide, Hardware, iam, ibm, identity, incident response, infrastructure, intelligence, malicious, malware, marketplace, microsoft, mitigation, network, office, okta, open-source, organized, risk, security-incident, service, siem, skills, soar, software, spam, technology, threat, tool, training, vulnerability, zero-dayLittle in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat…
-
Vishal Rao to Pull Double Duty as CEO of Trellix, Skyhigh
by
in SecurityNewsRao Replaces Bryan Palma, Who Combined McAfee Enterprise, FireEye to Form Trelli. Symphony Technology Group tapped Vishal Rao to take over as CEO of Trellix while continuing to serve as chief executive of sister company Skyhigh Security. The San Jose, California-based platform security vendor tasked longtime Cloudera and Splunk leader Rao with accelerating Trellix’s market…