Data Breaches

New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents. Under the proposal, the SEC would implement three new rules that public companies will need to follow: A requirement that companies report any cybersecurity event within four business days of determining that it was…

Read More

AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct red team exercises against AI models and AI-enabled applications — just as security teams do with any traditional application, platform, or IT system. AI increasingly powers business decision-making, financial forecasting, predictive maintenance, and an endless list…

Read More

A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens. “On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website,” cybersecurity firm CloudSek said in a post. “An analysis of the samples shared concluded that the affected entity is the Health Management Information system…

Read More

Dell Technologies has added a slew of in-house as well as partnered capabilities to its security portfolio in a bid to beef up its capabilities in areas including threat security, management, and incident response. “Through ongoing innovation and a powerful ecosystem of partners, we’re committed to helping organizations protect against threats, withstand and recover from attacks and provide confidence that their environments are secure,” said Matt Baker, senior vice president, corporate strategy at Dell Technologies.…

Read More

Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware. SVB was shut down on March 10 by the California Department of Financial Protection and Innovation, after the bank failed to raise capital to keep running. SVB customers are expected to transfer their financial operations to other banks in the coming weeks. This means these customers…

Read More

Cybersecurity vendor Palo Alto has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the prevention of unknown and evasive man-in-the-middle (MitM) and SaaS platform phishing attacks. SD-WAN for IoT security provides device visibility, prevents threats Prisma SD-WAN with integrated IoT security enables accurate detection and identification of branch IoT…

Read More

Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with zero-trust-level certainty, according to Beyond Identity. Without such enhanced verification capacities, organizations cannot truly implement zero trust security, it said.…

Read More

Managed detection and response (MDR) company Trustwave said Wednesday that it will be partnering with extended detection and response (XDR) company Trellix. The partnership calls for Trustwave to support Trellix endpoint security and to sell  MDR with Trellix, Trustwave said. MDR, as offered by Trustwave, essentially works as a remote, third-party security operations center. The idea is, given the growing complexity of modern security threat landscapes, to let end user companies simply offload key parts…

Read More

During every quarter last year, between 10% and 16% of organizations had DNS traffic originating on their networks towards command-and-control (C2) servers associated with known botnets and various other malware threats, according to a report from cloud and content delivery network provider Akamai. More than a quarter of that traffic went to servers belonging to initial access brokers, attackers who sell access into corporate networks to other cybercriminals, the report stated. “As we analyzed malicious…

Read More