Advertisement

us flag surveillance

What CISOs need to know about the renewal of FISA Section 702

Section 702 of the Foreign Intelligence Surveillance Act sets out the rules for the US intelligence community around gathering information abroad—but is it inadvertently being used at home too?


Ransomware concerns

MKS Instruments falls victim to ransomware attack

The semiconductor equipment maker reported the ransomware incident just a day after national cybersecurity agencies and security experts around the world warned about a global ransomware attack that hit thousands of servers running on...


ransomware attack

Massive ransomware attack targets VMware ESXi servers worldwide

Cybersecurity agencies globally — including in Italy, France, the US and Singapore — have issued alerts about a ransomware attack targeting the VMware ESXi hypervisor.


Advertisement

Election security / vulnerabilities / United States flag overlays voting ballot and unsecured lock

Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition

The cybersecuirty insurer predicts that the 1,900 CVEs would include 270 high-severity and 155 critical-severity vulnerabilities. The predictions are based on data collected over the last ten years.


metadefender kiosk k2100

OPSWAT mobile hardware offers infrastructure security for the air gap

A new, tablet-sized media scanner boasts a wide range of capabilities for critical infrastructure defense.


API security alert / software development / application flow chart diagram

Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group

NEPTUNIUM group claims access to the personal information of more than 200,000 Charlie Hebdo customers and uses sockpuppet accounts to taunt France’s cybersecurity sector.


cyber attack alarm alert

Will your incident response team fight or freeze when a cyberattack hits?

CISOs train their teams to fight hackers but often overlook the human tendency to freeze up during a crisis. Planning for the psychology of incident response can help prevent a team from seizing up at the wrong moment.


shutterstock 1808484295 board meeting security

Critical vulnerability patched in Jira Service Management Server and Data Center

Atlassian has issued fixed versions of the software and described a workaround to the flaw that could make access tokens available to attackers.


Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, January 2023

Keep up with news of CSO, CISO, and other senior security executive appointments.


A magnifying lens exposes an exploit amid binary code.

Remote code execution exploit chain available for VMware vRealize Log Insight

Researchers found four vulnerabilities in vRealize Log Insight that were relatively non-threatening on their own but lead to significant compromise when used together.


Advertisement

network security lock padlock breach

NTT, Palo Alto partner for managed SASE with AIOps

Using a managed services provider to deliver SASE can streamline deployment and free up enterprise resources.


Wired brain illustration - next step to artificial intelligence

Foreign states already using ChatGPT maliciously, UK IT leaders believe

Most UK IT leaders are concerned about malicious use of ChatGPT as research shows how its capabilities can significantly enhance phishing and BEC scams.


cyber attack alarm alert

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

Changing tactics by North Korean, Russian, and Chinese APT groups suggest that Western companies are at greater risk.


Profile photo of a developer / programmer reviewing code on monitors in his workspace.

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

The OSC&R Framework aims to help security professionals better understand and measure software supply chain risk.


Cloud security threats  >  theft / breach / fraud / phishing

Misconfiguration and vulnerabilities biggest risks in cloud security: Report

About 87% of container images include a high or critical vulnerability, while 90% of granted permissions are not used, according to cybersecurity firm Sysdig.