Supply chain attacks, such as the MOVEit data breach that has affected more than 150 organizations, are "the nature of the landscape now," said security leader Ian Hill of Upp Corp. The answer to this scourge may be using generative AI to qualify partners and to analyze and score supply chain risk.
Apart from some of the threats surrounding AI, this emerging technology can help defenders formulate effective policies and controls to prevent and mitigate BEC scams. With the evolving threat landscape, harnessing AI becomes crucial in defending, said Johan Dreyer, CTO at Mimecast.
API security platforms have become an essential part of any organization's cybersecurity strategy, but with so many options available, it can be difficult to know how to choose the right one. In this article, we'll discuss how to evaluate API security platforms and what factors to consider.
Cryptocurrency is the lifeblood of ransomware gangs, and their illicit use of crypto could hit record numbers this year. While overall crypto proceeds, including from crimes such as scams, fell dramatically over the past year, ransomware funds are expected to hit $899 million in 2023.
Russia is mulling a ban on iPhone use by government employees after a suspected American intelligence campaign exploited vulnerabilities in the device to spy on Russian staff. The ban is the latest in a slew of similar measures taken by Moscow against Western tech devices.
Security experts say China-based hackers are "leading their peers in the deployment of zero-days" in the wake of another wide-ranging attack that abused a flaw in Microsoft Outlook and used forged authentication tokens to access email accounts of governments in the United States and Western Europe.
British prosecutors have accused two teenagers of several high-profile hacks while being part of the now-inactive, teenager-dominated Lapsus$ hacking group, clearing the way for their legal prosecution. The two suspects face charges related to blackmail, fraud and Computer Misuse Act violations.
Orca has accused cloud security rival Wiz of violating two patents associated with securing virtual machines and virtual cloud assets at rest against cyberthreats. Orca's complaint accused Wiz of patent infringement across its portfolio, including in its CNAPP, CSPM, CIEM, DSPM, IaC and CDR tools.
TikTok executives were unable to answer Liberal senator and chair of the committee James Paterson when he questioned them on how many times Australian user data had been accessed by TikTok staff in China, but the executives admitted it had happened.
Configuration management - especially vulnerability patching - is a significant challenge for many healthcare entities, including some Veterans Affairs medical facilities. A recent watchdog agency security inspection found configuration to be a top weakness at a VA healthcare system in Arizona.
Retired four-star Gen. Keith Alexander resigned as IronNet's CEO as part of a deal with C5 Capital to take the beleaguered threat detection firm private. C5 extended IronNet a financial lifeline in exchange for Alexander, 71, giving up day-to-day management of the company he founded nine years ago.
Diplomats in Ukraine shopping for used cars have been targeted with a listing for a "very good condition, low-fuel consumption" 2011 BMW 5 Series. In reality, the listing was designed to push Russian-built malware onto diplomats' systems, security researchers warned.
Microsoft released the largest set of patches of the year - software updates for 132 vulnerabilities, including six zero-days. Microsoft rated nine of the flaws as having critical severity, 121 as being important and eight as being linked to critical remote code execution vulnerabilities.
Safe Security purchased the creators of the industry's only open standard for cyber risk quantification to improve the visibility, management and communication of risk. Buying RiskLens will help CISOs answer questions about risk from board members or regulators without talking about products.
The growing list of MOVEit cyberattack victims has grown. Sixty-two clients of Big Four accounting firm Ernst & Young now appear on the Clop ransomware group's data leak site. A spokesperson for Ernst & Young confirmed that a "limited" attack on the company's systems had occurred.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.