Data Breaches

Tension between difficult economic conditions and the pace of technological innovation, including the evolution of artificial intelligence (AI), is fueling the growth of the identity attack surface and identity-led cybersecurity exposure. That’s according to the CyberArk 2023 Identity Security Threat Landscape Report, which details how these issues have the potential to compound “cyber debt” where investment in digital and cloud technology outpaces cybersecurity spend. This create a rapidly expanding and unsecured identity-centric attack surface. The…

Read More

What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence,…

Read More

In a campaign that exploits the relationships between different organizations, attackers managed to chain business email compromise (BEC) against four or more organizations jumping from one breached organization to the next by leveraging the relationships between them. The attack, which Microsoft researchers call multi-stage adversary-in-the-middle (AiTM) phishing, started with a compromise at a trusted vendor and targeted organizations from the banking and financial services sectors. “This attack shows the complexity of AitM and BEC threats,…

Read More

BlackBerry CISO Arvind Raman looks beyond job titles when he has open positions to fill and instead focuses on the key skills required to do the work. That mindset allows Raman to readily identify and recruit qualified professionals from outside the security field, instead of simply seeking candidates working their way up the typical chain of security roles. For example, he has hired finance professionals for risk- and compliance-related work and marketing pros for awareness…

Read More

Cycode’s new Cimon monitoring tool for continuous integration and continuous delivery is designed to offer a new level of visibility into the CI/CD process, securing code against data exfiltration and other malicious activity. According to the company’s announcement, Cimon — short for CI Monitor — is a runtime security agent that uses the enhanced Berkeley Packet Filter (eBPF) system to look directly into the CI pipeline, develop a baseline understanding of what normal behavior looks…

Read More

In my last CSO article, I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research, the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies. Alas, most CTI programs are far from mature, but this may change over the next few years as most enterprise…

Read More

Google has announced the launch of the Secure AI Framework (SAIF), a conceptual framework for securing AI systems. Google, owner of the generative AI chatbot Bard and parent company of AI research lab DeepMind, said a framework across the public and private sectors is essential for making sure that responsible actors safeguard the technology that supports AI advancements so that when AI models are implemented, they’re secure-by-default. Its new framework concept is an important step…

Read More