Category: AI in news
NIST Cybersecurity Framework 2.0 NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It also has a new focus on governance, which…
Read More
More than a decade ago, the concept of the ‘blameless’ postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: “One option is to assume the single cause…
Read More
Mar 01, 2024NewsroomDevSecOps / Cybersecurity GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you…
Read More
The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor…
Read More
The report points to the need for companies to patch open- source software and components, said Mike McGuire, senior software solutions manager at Synopsys Software Integrity Group. “It’s unpatched vulnerabilities that have led to some of the most significant data breaches,” he said. “Arguably, it’s the duty of these companies to address vulnerabilities, especially if…
Read More
In an era of unprecedented technological advancement, the adoption of AI continues to rise. However, with the proliferation of this powerful technology, a darker side is emerging. Increasingly, malicious actors are using AI to enhance every stage of an attack. Cybercriminals are using AI to support a multitude of malicious activities, ranging from bypassing algorithms that detect…
Read More
Feb 29, 2024NewsroomThreat Intelligence / Cyber Threat Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to…
Read More
What’s happened? The US government warned healthcare organizations about the risk of being targeted by the ALPHV BlackCat ransomware after a surge in attacks. I thought ALPHV BlackCat had been taken down by the cops? Well remembered. Shortly before Christmas, the US Department of Justice (DOJ) announced that it had disrupted the gang’s operations and…
Read More
“Top quartile total earnings across the various roles in the sample are considerably higher than the median pay,” the study added. “In many cases, the top 10% average is as much as three times the median total compensation, indicating a significant pay band within each of the roles.” For cybersecurity directors, the total annual compensation…
Read More
Feb 29, 2024NewsroomRootkit / Threat Intelligence The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It…
Read More