Category: AI in news
Jun 26, 2024NewsroomCyber Attack / Malware Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps…
Read More
“While other cloud security players with similar legacies in CSPM foray into cloud detection and response and runtime agents (e.g. Wiz’s acquisition of Gem Security), with this move, Orca is expanding on its posture-only capabilities, relying even more heavily on its side-scanning technology to increase breadth across the software supply chain,” Yates said. Additionally, Orca…
Read More
We have seen reputable independent bodies such as NISTlaunch its AI Risk Management Frameworkand CISA its Roadmap for AI. Also there have been various governments that have established new guidelines, such as EU AI EthicsGuidelines. The Five Eyes (FVEY) alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States have also weighed in…
Read More
Jun 26, 2024NewsroomWeb Skimming / Website Security Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information. According to…
Read More
Jun 26, 2024NewsroomAndroid Security / Threat Intelligence Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five…
Read More
Digital executive protection services are usually acquired through the office of the CISO or CSO, though executives themselves often acquire the services independently and then involve their CSOs, according to Chris Pierson, CEO of BlackCloak, which he founded in 2018 with the sole purpose of protecting executives from online threats that can lead to personal…
Read More
During the data collection period, Cloudflare said that it mitigated 6.8% of all web application traffic. It defines mitigated traffic as any “traffic that is blocked or is served a challenge by Cloudflare. The specific threat type and relevant mitigation technique depends on many factors such as the application’s potential security gaps, the nature of…
Read More
Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors, we strongly recommend prioritizing patching of this vulnerability. Background On June 25, Progress published an advisory for a vulnerability in MOVEit Transfer, a secure…
Read More
The prohibitive cost structure has been labeled the “SSO Tax” and CISA says potential SMB customers “perceive SSO as being excessively costly due to the higher cost of the premium-tier service that includes SSO as compared to the lower-tier service that does not include SSO coupled with a requirement to subscribe for a minimum number…
Read More
The potential for mischief is extensive. Sagi Tzadik, the Wiz researcher who discovered the vulnerability, told CSO: “An attacker would be able to covertly leak private models, spy on user prompts, alter their responses, ransom the whole system, and even gain a foothold in the internal network. Once exploited, the machine is compromised.” Authentication shortcomings…
Read More