North Korea's state-sponsored hackers continue to refine their "cyber intrusions to conduct both espionage and financial crime to project power and to finance both their cyber and kinetic capabilities," says a new report from Google's Mandiant group.
A previously undetected cyberespionage group spied against Taiwanese government agencies and the island-country's manufacturing sector, say cybersecurity researchers. The Symantec Threat Hunter Team says it likely operates "from a region with a strategic interest in Taiwan."
Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers' location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder software, opening a permanent backdoor for unauthenticated attackers.
Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Firms using large language models that power gen AI-powered tools must consider security and privacy aspects such as data access, output monitoring and model security before jumping on the bandwagon, said Troy Leach of Cloud Security Alliance. "Everything is going to be AI as a service," Leach predicted.
Genetics testing firm 23andMe is investigating a data leak of ancestry DNA information for certain customers whose usernames and passwords were previously hacked on other websites. The company suspects a massive credential stuffing attack on individual accounts using recycled passwords and no MFA.
Israeli intelligence is considered one of the best, yet it failed to anticipate a major attack launched by Hamas over the weekend. Harvard professor Chuck Freilich said this oversight has had a profound impact on the Israeli people, "shattering what was very deep faith in the intelligence agencies."
More than five dozen British lawmakers across political parties and privacy organizations called for an "immediate stop" to real-time facial recognition in the United Kingdom. Live facial recognition faces a ban in Europe and its use by police is banned in a handful of U.S. jurisdictions.
How did Israeli intelligence fail to spot and stop the deadly assault on Saturday by Hamas militants? Experts suggest planners used offline tactics and extreme compartmentalization to prevent leaks and evade well-known Israeli cyberespionage and digital surveillance capabilities.
Israeli cybersecurity leaders reacted Saturday with shock, defiance and resolve to an unprecedented land, sea and air assault by Palestinian militants from Gaza. Much of the Israeli cybersecurity community's anger stems from the deliberate targeting of children and the elderly by Hamas militants.
Tens of thousands of knockoff Android products manufactured in China including TV streaming boxes reached consumers infected with malware, say cybersecurity researchers. Human Security says it uncovered a related operation that earned millions per month in an online advertising fraud scheme.
The use of generative AI is being "highly explored" in healthcare and has great promise for a variety of applications, but it needs to be scrutinized closely, said Erik Decker, vice president and CISO of Intermountain Health and a cybersecurity adviser to the federal government.
Veracode, Synopsys and Checkmarx remain atop Forrester's static application security testing list, while Micro Focus fell from the leaderboard after the OpenText buy. Firms have gone beyond evaluating the security of code itself and now assess the safety of the infrastructure the code is running on.
Being an independent firm under TPG's ownership will allow Forcepoint G2CI to invest in defense-grade cyber tools such as insider threats and content disarm and reconstruction. Separating Forcepoint's government security practice will allow it to focus on secure remote access to classified networks.
What kinds of training do security professionals need? The biggest skills gaps are soft skills - 55%, cloud computing - 47%, security controls - 35%, coding skills and software development - both at 30%, says ISACA's State of Cybersecurity 2023 survey of more than 2,000 security leaders globally.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.