From the editors of CSO, this enterprise buyer’s guide helps security IT staff understand what cloud access security brokers (CASBs) can do for their organizations and how to choose the right solution. Source link lol
Read More
YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements. The report comes from SponsorBlock, a third-party browser extension that crowdsources data about which video segments contain sponsored content and skips them. SponsorBlock reports that server-side ad injection will break its functionality, though solutions are…
Read More
Jun 13, 2024NewsroomThreat Intelligence / Mobile Security The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. “The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a Palestinian Civil Registry app,”…
Read More
Jun 13, 2024NewsroomVulnerability / Software Security The security risks posed by the Pickle format have once again come to the fore with the discovery of a new “hybrid machine learning (ML) model exploitation technique” dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning…
Read More
While Splunk-Cisco product integration was big news at this week’s .conf24 event, Splunk also debuted new products around AI, next-generation Security Operations Centers and data management. Splunk has unveiled a series of AI tools and assistants across its product portfolio that the company said are designed to help organizations speed up routine tasks, glean new…
Read More
Experts agree that organisations need to conduct thorough audits and risk assessments. The best defences involve tight configuration management, software bill-of-materials tracking, security awareness training, and limiting what can be installed. “Understanding your attack surface and conducting regular external asset mapping exercises is critical,” Tim West, Director, Threat Intelligence at With Secure. “It is important…
Read More
Jun 13, 2024NewsroomSaaS Security / Shadow IT Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don’t have efficient methods to manage related time-sensitive SaaS security and compliance tasks. Free SaaS risk assessment tools are an easy…
Read MoreAI and the Indian Election As India concluded the world’s largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies—and what lessons that holds for the rest of the world. The campaigns made extensive use of AI, including deepfake impersonations…
Read More
Jun 13, 2024NewsroomMalware / Cyber Attack The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer. “The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing self-modifying techniques to evade…
Read More
Jun 13, 2024NewsroomThreat Intelligence / Cyber Attack Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are…
Read More