Security experts testified to Congress ahead of a looming 2025 deadline for national compliance that the National Institute of Standards and Technology is better placed than the Transportation Security Administration to lead national implementation efforts for mobile drivers licenses.
A Russian military hacking intelligence group is winning the race to exploit known vulnerabilities before system administrators can apply patches, warns Proofpoint. The firm has seen a spike in activity from TA422, also known as APT28, Fancy Bear and Forest Blizzard.
Seoul police have accused the North Korean hacker group Andariel of stealing sensitive defense secrets from South Korean defense companies and laundering ransomware proceeds back to North Korea. The hackers stole 1.2TB of data, including information on advanced anti-aircraft weapons.
A recent spike in ransomware attacks has prompted federal regulators and the American Hospital Association to issue urgent warnings to hospitals and other healthcare firms to prevent potential exploitation of the Citrix Bleed software flaw affecting some NetScaler ADC and NetScaler Gateway devices.
Genetics testing firm 23andMe says hackers, in a credential-stuffing attack this fall, siphoned the ancestry data of 6.9 million individuals. 23andMe disclosed the attack on Oct. 1, stating the attackers had scraped the profiles of 23andMe users who opted in to the company's DNA Relatives feature.
Security researchers could access and modify an artificial intelligence code generation model developed by Facebook after scanning for API access tokens on AI developer platform Hugging Face and code repository GitHub. Tampering with training data is among the top threats to large language models.
The Transportation Security Administration is exploring the possibilities of a future of U.S. travel "underpinned by AI advancements," according to the agency's deputy CIO, with next-generation technologies shaping new verification and threat detection efforts.
Zombie APIs are becoming more common, just because of the sheer number APIs and third-party vendors that organizations rely on. Joshua Scott, head of information security and IT at API platform Postman, says businesses need to identify "what is critical to the business and map backward."
Many government and higher ed organizations are focusing on log management to reduce risk, accelerate remediation, and comply with regulations. But logging can come with challenges, such as difficulties ingesting data, slow access to historical data, and tool sprawl.
Steve Katz, the world's first CISO, died Saturday night while under hospice care in Long Island, New York. He left a strong legacy - not just as a pioneer and trailblazer in cybersecurity leadership but also as a beloved colleague and mentor who generously shared his time and wisdom.
The U.S. Cybersecurity and Infrastructure Security Agency encouraged all organizations that use equipment developed by an Israeli technology company called Unitronics to bolster their cyber posture amid the Israel-Hamas war after an Iranian hacking group attacked a Pennsylvania water municipality.
Russian military intelligence hackers active in Poland are exploiting a patched flaw in Microsoft Outlook, say cyber defenders from Redmond and Warsaw. Microsoft in a Monday post identifies the hackers as Forest Blizzard, also known as APT28 and Fancy Bear.
A senior Democrat on the Senate Intelligence Committee pledged to block Air Force Lt. Gen. Timothy Haugh from serving as director of the National Security Agency until the agency says whether it is purchasing data on U.S. citizens from data brokers, including location data and web browsing history.
Hackers could use a firmware specification designed to flash a corporate logo during computer bootup to deliver a malicious payload that circumvents the industry standard for only loading trusted operating systems. The flaw stems from graphic image parsers embedded into system firmware.
Winter in London features Hyde Park's Winter Wonderland, Christmas lights galore, and the return of the Black Hat Europe cybersecurity conference, featuring briefings on everything from quantum cryptography and router pwning to dissecting iOS zero-days and training generative AI to attack.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.