Category: Cybersecurity

July 25, 2024

Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the […]

July 8, 2024

Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore. Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows […]

July 2, 2024

While their business and tech colleagues are busy experimenting and developing new applications, cybersecurity leaders are looking for ways to anticipate and counter new, AI-driven threats. It’s always been clear that AI impacts cybersecurity, but it’s a two-way street. Where […]

May 31, 2024

Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this […]

May 31, 2024

Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. “These repeated attacks against OT devices emphasize the crucial need to improve the security posture of […]

May 23, 2024

The Biden administration has made clear its stance on deepfakes: Technology companies must play a critical role in stopping such imagery, which is generated by artificial intelligence. On Thursday, the White House published a list of steps tech companies should […]

May 20, 2024

I once transitioned from a SaaS CTO role to become a business unit CIO at a Fortune 100 enterprise that aimed to bring startup development processes, technology, and culture into the organization. The executives recognized the importance of developing customer-facing […]

May 15, 2024

The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. “Storm-1811 is a financially motivated cybercriminal group known to […]

May 14, 2024

The innovation hub of RSAC 2024, the RSAC Early Stage Expo was specifically designed to showcase emerging players in the information security industry. Among the 50 exhibitors crammed into the second floor booth space, seven VC-backed up-and-comers in application security […]

May 8, 2024

״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list […]

May 3, 2024

SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the […]

April 30, 2024

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. “These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both […]

April 18, 2024

A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. “The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads […]

April 5, 2024

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means […]

April 1, 2024

In guidance to congressional offices issued by The House’s Chief Administrative Officer, Catherine Szpindor, and seen by Axios, it’s stated that Copilot is “unauthorized for House use.” The guidance adds that Copilot will be removed from and blocked on all […]

April 1, 2024

When the massive trove of data was posted for sale on a cybercrime forum early this month, AT&T said it did not originate from its systems, even though the poster said it was stolen from a 2021 breach of the […]

April 1, 2024

Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN’s Satori Threat Intelligence team, which said the […]

March 26, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities added are as follows – CVE-2023-48788 (CVSS score: 9.3) – Fortinet FortiClient EMS SQL Injection […]

March 20, 2024

In JFrog’s just-released Software Supply Chain State of the Union 2024 report, the software supply chain platform provider found extensive use of AI and machine learning tools for security. However, only one in three software developers the company surveyed use […]

March 19, 2024

In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers […]