A U.S. federal watchdog said government agencies could better synchronize efforts to improve water and wastewater sector cybersecurity efforts and faulted the Cybersecurity and Infrastructure Security Agency for not coordinating well with the Environmental Protection Agency.
In the latest weekly update, ISMG editors discussed how the surge in API usage poses challenges for organizations, why good governance is so crucial to solving API issues and how The New York Times' legal action against OpenAI and Microsoft highlights copyright concerns.
In a year in which the financial impact of cyberattacks has more than doubled to $1.4 million, organizations are exploring generative artificial intelligence but so far mostly sticking to machine learning, Dell reported on Tuesday after surveying 1,500 IT and security decision-makers.
Ransomware-wielding attackers show no signs of stopping, and experts report December 2023 was the second-worst month on record for known victims. Lately, Akira-wielding attackers have been hitting Finland hard, and Medusa has been behind a rising number of attacks.
Financially motivated Turkish hackers are targeting Microsoft SQL servers in the United States, Europe and Latin America in hacking that ultimately ends with deployment of Mimic ransomware or the sale of access to infected hosts on criminal online markets.
The SASE marketplace has evolved significantly since it first emerged in 2019, and enterprises today can see the stark differences between piecemeal and integrated solutions. Kumar Ramachandran of Palo Alto Networks and Ganesh Devarajan of Accenture talk about the power of platform and services.
Fraudsters have long relied on mule accounts to deposit proceeds from a variety of scams, but financial crimes investigators are seeing a shift to dropped accounts, which can be opened and quickly discarded to evade detection by law enforcement, said M&T Bank's Karen Boyer.
This week: Microsoft addressed 48 security flaws, AsyncRAT targeted critical infrastructure operators, the Supreme Court rejected X Corp.'s bid to disclose national security requests, hackers hit Beirut airport flight displays, the FTC banned Outlogic from sharing sensitive location data, and more.
While cybercriminals and advanced persistent threat groups have long abused legitimate internet services both to scale and disguise various types of attacks, a new report warns of a growing challenge posed by the illegitimate use of GitHub and offers essential defenses for users.
Hackers possibly connected to the Chinese government since December have exploited two zero-days in a VPN from software developer Ivanti that is widely used by governments and corporations, and a patch won't be available until later this month.
This week, hackers ran crypto phishing scams on X accounts, the SEC approved bitcoin ETP, hackers stole $3.4 million from Gamma, dYdX detailed post-hack steps, CertiK published 2023 hack stats, TRM Labs discussed North Korean hacking and Apple India blocked users from offshore crypto exchanges.
Merck & Co.'s proposed settlement with insurers over a $1.4 billion claim related to the NotPetya attack will change the language the insurance industry uses to exclude acts of war in its policies, and organizations need to consider how those changes affect risk, said attorney Peter Halprin.
Google Cloud's Mandiant says its account at X, formerly Twitter, was hijacked and used to link to cryptocurrency phishing pages after an attacker guessed the account password, apparently after Twitter last year deactivated the account's SMS-based two-factor authentication, leaving it unprotected.
The European Union adopted regulations on cyber hygiene intended to beef up cybersecurity at EU government agencies amid concerns that trading bloc institutions have failed to keep pace with mounting digital threats. European agencies lack "cyber preparedness commensurate with the threat."
The European Commission took preliminary steps toward investigating Microsoft's financial interest in ChatGPT maker OpenAI under the trading bloc's antitrust regulation. The Tuesday announcement marks the second instance of official interest in Microsoft's investments in the generative AI firm.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.