News
Foreign states already using ChatGPT maliciously, UK IT leaders believe
Most UK IT leaders are concerned about malicious use of ChatGPT as research shows how its capabilities can significantly enhance phishing and BEC scams.
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
Changing tactics by North Korean, Russian, and Chinese APT groups suggest that Western companies are at greater risk.
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs
The OSC&R Framework aims to help security professionals better understand and measure software supply chain risk.
Misconfiguration and vulnerabilities biggest risks in cloud security: Report
About 87% of container images include a high or critical vulnerability, while 90% of granted permissions are not used, according to cybersecurity firm Sysdig.
![A multitude of arrows pierce a target. [numerous attacks / quantity / severity]](https://images.idgesg.net/images/article/2020/12/arrows_piercing_a_target_numerous_attacks_quantity_by_franck_v_cc0_via_unsplash-100869381-small.3x2.jpg?auto=webp&quality=85,70)
IoT, connected devices biggest contributors to expanding application attack surface
New report shines light on application security challenges impacting global businesses.
Guardz debuts with cybersecurity-as-a-service for small businesses
An easy-to-use cybersecurity toolkit from Tel Aviv-based startup Guardz targets small and medium-size businesses (SMBs).
Privacera connects to Dremio’s data lakehouse to aid data governance
The integration of open-source based Privacera into Dremio’s data lakehouse is designed to allow joint customer enterprises to manage and organize secure data access.
Trulioo launches end-to-end identity platform
The new Trulioo platform will combine all existing Trulioo products into a single platform, allowing the ID verification firm to target global enterprise customers.
Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges
Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps.
New UN cybercrime convention has a long way to go in a tight timeframe
Nations around the world are hammering out a new cybercrime convention, but some UN members seek to criminalize activities that are not bona fide crimes.
Hackers abuse legitimate remote monitoring and management tools in attacks
Researchers and government agencies warn that threat actors are increasing their use of commercial RMM tools to enable financial scams.
FBI takes down Hive ransomware group in an undercover operation
FBI covertly infiltrated the Hive network—which has targeted more than 1,500 victims in over 80 countries around the world—and thwarted over $130 million in ransom demands.
Recent legal developments bode well for security researchers, but challenges remain
Security researchers gained greater federal legal protections over the past two years, but US state laws and China’s recently adopted vulnerability disclosure law pose threats.
Attackers move away from Office macros to LNK files for malware delivery
Barriers that Microsoft has placed to prevent malicious macros has forced some cybercriminals to use LNK files for malware delivery, but at the cost of easier detection.
Chinese threat actor DragonSpark targets East Asian businesses
The group is seen using SparkRAT, a multi-platform remote access Trojan, to target firms in Hong Kong, Taiwan, China, and Singapore.
![recovery gauge [disaster recovery - crisis survival - business continuity]](https://images.idgesg.net/images/article/2018/02/disaster_recovery_crisis_survival_business_continuity_thinkstock_680719460-100749261-small.3x2.jpg?auto=webp&quality=85,70)
CYGNVS exits stealth, trumpeting its cyberattack recovery platform
CYGNVS platform promises a playbook, out-of-band connectivity, and more to help organizations recovery from major cyberattacks.
P-to-P fraud most concerning cyber threat in 2023: CSI
Peer-to-peer fraud and other digital fraud constituted more than 29% of bankers categorizing it as the most worrying cyber threat in 2023, according to CSI.
