Image: ISMG

Steve Katz, World's First CISO, Dies in Hospice Care

Anna Delaney • December 4, 2023

Steve Katz, the world's first CISO, died Saturday night while under hospice care in Long Island, New York. He left a strong legacy - not just as a pioneer and trailblazer in cybersecurity leadership but also as a beloved colleague and mentor who generously shared his time and wisdom.

Cryptocurrency Fraud

SolarWinds Ruling: Why CISOs Need to be Aware of Fraud

Founder Sam Altman Back as OpenAI CEO Under Revamped Board

Latest

Critical Infrastructure Security

US CISA: Secure Israeli-Made Technology From Iranian Hackers

Chris Riotta • December 4, 2023

The U.S. Cybersecurity and Infrastructure Security Agency encouraged all organizations that use equipment developed by an Israeli technology company called Unitronics to bolster their cyber posture amid the Israel-Hamas war after an Iranian hacking group attacked a Pennsylvania water municipality.

Governance & Risk Management

Russian GRU Hackers Target Polish Outlook Inboxes

David Perera • December 4, 2023

Russian military intelligence hackers active in Poland are exploiting a patched flaw in Microsoft Outlook, say cyber defenders from Redmond and Warsaw. Microsoft in a Monday post identifies the hackers as Forest Blizzard, also known as APT28 and Fancy Bear.

Governance & Risk Management

Democrat Blocks Biden's NSA Nominee Over Data Controversy

Chris Riotta • December 4, 2023

A senior Democrat on the Senate Intelligence Committee pledged to block Air Force Lt. Gen. Timothy Haugh from serving as director of the National Security Agency until the agency says whether it is purchasing data on U.S. citizens from data brokers, including location data and web browsing history.

Endpoint Security

LogoFAIL Bootup Flaw Puts Hundreds of Devices at Risk

Prajeet Nair • December 4, 2023

Hackers could use a firmware specification designed to flash a corporate logo during computer bootup to deliver a malicious payload that circumvents the industry standard for only loading trusted operating systems. The flaw stems from graphic image parsers embedded into system firmware.

Black Hat

Previewing Black Hat Europe 2023 in London: 16 Hot Sessions

Mathew J. Schwartz • December 4, 2023

Winter in London features Hyde Park's Winter Wonderland, Christmas lights galore, and the return of the Black Hat Europe cybersecurity conference, featuring briefings on everything from quantum cryptography and router pwning to dissecting iOS zero-days and training generative AI to attack.

Artificial Intelligence & Machine Learning

ISACA Generative AI Survey: Training Gaps, Focus on Security

Anna Delaney • December 1, 2023

According to a recent pulse poll from ISACA on generative AI, only 6% of respondents' organizations are providing training to all staff on AI, and more than half - 54% - say that no AI training is provided at all, even to teams directly affected by AI.

Cybercrime

TrickBot Developer Pleads Guilty in US Court

David Perera • December 1, 2023

A Russian national pleaded guilty in U.S. federal court for his role in developing TrickBot. Operators of the malware targeted hospitals and healthcare centers with ransomware attacks during the height of the novel coronavirus pandemic. Vladimir Dunaev faces up to 35 years in prison.

Artificial Intelligence & Machine Learning

ISMG Editors: What Did the Sam Altman-OpenAI Saga Teach Us?

Anna Delaney • December 1, 2023

In the latest weekly update, four editors at Information Security Media Group discuss Sam Altman and OpenAI's brief leadership nightmare, the state of generative AI one year after the general release of ChatGPT, and how police nabbed a suspected ransomware group ringleader in Ukraine.

Fraud Management & Cybercrime

Cactus Ransomware Using Qlik Bugs, DanaBot in Latest Attacks

Mihir Bagwe • December 1, 2023

Operators of a new ransomware strain dubbed Cactus are using critical vulnerabilities in a data analytics platform to gain access to corporate networks. Cactus ransomware operators are also getting an assist from deploying Danabot malware that is distributed through malvertising.

Standards, Regulations & Compliance

US Bipartisan Lawmakers Urge Crackdown on Chinese LiDAR

Chris Riotta • December 1, 2023

A bipartisan group of lawmakers urged the Biden administration to consider intensifying restrictions on semiconductor sales to Chinese companies in a bid to ensure that U.S. remote-sensing technology doesn't aid Beijing's national security efforts.

General Data Protection Regulation (GDPR)

British Lawmakers Push Ahead With Modifying UK GDPR

Akshaya Asokan • December 1, 2023

British Conservative lawmakers are pushing ahead with legislation modifying the U.K. codification of European privacy law despite objections from privacy advocates and concerns about the legislation's impact on European trade. Government backers say the bill will bolster the domestic AI industry.

Information Sharing

Okta Delays New Products, Projects 90 Days to Boost Security

Michael Novinson • November 30, 2023

Okta has paused product development and internal projects for 90 days to beef up its security architecture and operations for applications, hardware and third-party vendors. Okta will move to strengthen its cyber posture, including a security action plan and engaging with third-party cyber firms.