Continuous Monitoring and Protection
Digital Security AI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way. Jake Moore 22 Nov 2023 • , 6 min. read The recent theft of my voice brought me to a new fork in the road in terms of how AI already has the potential of causing social disruption. I was so taken aback by…
Read MoreComputer chip and software maker Broadcom has announced it has cleared all regulatory hurdles and plans to complete its $69 billion acquisition of cloud technology company VMware on Wednesday. The company, based in San Jose, California, announced it planned to move ahead with the deal after China joined the list of countries that had given a go-ahead for the acquisition. Broadcom is paying $61 billion in cash and stock for VMware and taking on $8…
Read MoreDigital Security What happens when problems caused by autonomous vehicles are not the result of errors, but the result of purposeful attacks? 21 Nov 2023 • , 7 min. read Fleets of robotaxis hit the brakes, citing the need to “rebuild public trust”. This story had been brewing for a while. It seemed fairly inconsequential at first, or at least not the start of a big security story: A video shared on social networking site…
Read MoreResearchers at Aqua Security are calling urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations and open-source projects are vulnerable to this “ticking supply chain attack bomb.” In a research paper, Aqua researchers Yakir Kadkoda and Assaf Morag said they found Kubernetes secrets in public repositories that allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat. “Among the…
Read MoreCar parts giant AutoZone, which has over 7,000 stores across the Americas, is informing nearly 185,000 individuals that their personal information was compromised as a result of the massive MOVEit hacking campaign. AutoZone revealed that cybercriminals have stolen information, including social security numbers, after exploiting a vulnerability in the MOVEit Transfer managed file transfer application. However, the company is not aware of instances where the exposed information has been used for fraud. Nevertheless, impacted customers…
Read MoreMozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Firefox iOS 120 Firefox 120 Firefox ESR 115.5 Thunderbird 115.5.0
Read MoreEnd-to-end generative AI security startup Lasso Security has emerged from stealth mode with $6 million in a seed funding round led by Entrée Capital, with additional investment from Samsung Next. Established earlier this year, the Tel Aviv-based company is building technology to tackle the cyber threats faced by generative AI and large language models (LLMs) and prevent data exposure, and security and compliance risks. By protecting every LLM touchpoint, Lasso wants to help secure businesses…
Read MoreToday, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: LockBit Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (along with an accompanying analysis report MAR-10478915-1.v1 Citrix Bleed), in response to LockBit 3.0 ransomware affiliates and multiple threat actor groups exploiting CVE-2023-4966. Labeled Citrix Bleed, the vulnerability affects Citrix’s NetScaler…
Read MoreThe US cybersecurity agency CISA has published new guidance to help healthcare and public health organizations understand the cyber threats and risks to their sector and apply mitigations. Titled Mitigation Guide: Healthcare and Public Health (HPH) Sector (PDF), the document was released as a supplemental companion to a Cyber Risk Summary distributed in July, and comes roughly one month after CISA and HHS announced cybersecurity resources for the HPH sector. Using data collected from the…
Read MoreOur Cybersecurity Awareness Month may have come to a close at the end of October — but the importance of enhancing cybersecurity and engaging with our international partners to enhance cybersecurity is at the forefront of our minds all year long. Here are some updates on our international work: NIST is also currently working with industry partners to amplify our international outreach — as an example, we recently hosted a webinar along with the Coalition…
Read More