New guidance urges software developers to create memory safe road maps. (Image: Shutterstock)

CISA Urges Software Developers to Prioritize Memory Safe Coding

Chris Riotta • December 6, 2023

The U.S. Cybersecurity and Infrastructure Security Agency is urging software developers to implement memory safe coding as part of an effort to address critical vulnerabilities in programming languages and further shift security responsibilities away from end users.

Governance & Risk Management

NIST Says Federal Agencies Struggling to Achieve Zero Trust

Latest

Cybercrime

Ransomware, Vendor Hacks Push Breach Number to Record High

Marianne Kolbasuk McGee • December 7, 2023

The number of data breaches in the U.S. has hit an all-time high, amid mounting attacks against third-party vendors and aggressive ransomware attacks, says a report from Apple and a Massachusetts Institute of Technology researcher. Breaches have more than tripled between 2013 and 2022.

Cybercrime

Joe Sullivan Tells Black Hat Europe: 'Choose Your Own Destiny'

Mathew J. Schwartz • December 7, 2023

Cybersecurity professionals must choose their own destiny, former CSO Joe Sullivan said at this week's Black Hat Europe in London. CISOs will either remain down in the weeds, technically speaking, or learn to become true senior executives and be treated as such by the board.

Governance & Risk Management

Lessons in Threat Detection for Insider Threats

David Perera • December 7, 2023

Whether because they're malicious, oblivious to company rules or outsmarted by hackers, insiders pose a mounting degree of risk to companies. Hunting for outside hackers offers lessons in preventing insider incidents, said Thomas Etheridge, CrowdStrike chief global professional services officer.

Cyberwarfare / Nation-State Attacks

Israel-Hamas War: 'We All Know Someone That Lost Someone'

Steve King • December 7, 2023

After the latest Israel-Hamas war began, Kollender found herself trying to return to her homeland, but "no airline was flying to or from Israel," she said. In this episode of CyberEd.io's podcast series "Cybersecurity Insights," she discussed her personal views about the Israel-Hamas war.

Fraud Management & Cybercrime

Russia Uses AI, Evasion Tactics in Disinformation Drive

Mihir Bagwe • December 6, 2023

A Russia-linked disinformation campaign known as Doppelgänger is employing advanced obfuscation techniques and likely deploying AI to generate content, say security researchers. Doppelgänger has been called Russia's "most aggressively persistent covert influence operation" since 2017.

Governance & Risk Management

Biden Administration Issues Cyber Strategy for Health Sector

Marianne Kolbasuk McGee • December 6, 2023

The U.S. Department of Health and Human Services on Wednesday released a sweeping strategy document proposing how the Biden administration intends to push the healthcare sector - through new requirements, incentives and enforcement - into improving the state of its cybersecurity.

Cyberwarfare / Nation-State Attacks

New iPhone Exploit Technique Evades Lockdown Mode Function

Chris Riotta • December 6, 2023

Researchers from Jamf Threat Labs said they have managed to manipulate the code in a compromised iPhone to effectively make it appear as if the device is entering Lockdown Mode - but "without any of the protections that would normally be implemented by the service."

Black Hat

Better Cybersecurity Defense? Try Surprising Adversaries

Mathew J. Schwartz • December 6, 2023

"How do we surprise our adversaries?" So asked Ollie Whitehouse, CTO of Britain's National Cyber Security Center, in a keynote speech at Black Hat Europe in London in which he urged defenders to focus on resilience and on finding fresh ways to impose material costs on adversaries.

Breach Notification

Hackers Hit Medical Imaging Services Centers in NY, Texas

Marianne Kolbasuk McGee • December 6, 2023

A New York medical imaging services provider is notifying nearly 606,000 individuals that their information was potentially accessed and copied in a recent hacking incident. The entity is one of several medical imaging centers that have reported major hacking breaches in recent weeks and months.

Artificial Intelligence & Machine Learning

How to Jailbreak Machine Learning With Machine Learning

Rashmi Ramesh • December 6, 2023

A small group of researchers says it has identified an automated method for jailbreaking OpenAI, Meta and Google large language models with no obvious fix. Just like the algorithms that researchers can force into giving dangerous or undesirable responses, the technique depends on machine learning.

Next-Generation Technologies & Secure Development

Unlocking the Superpower of DevSecOps

Michael Novinson • December 6, 2023

Enterprises have struggled to strike a balance between speed and security and stability, said Sean D. Mack, author, speaker and former CIO and CISO at Wiley. DevSecOps is the superpower that resolves this long-standing conflict and allows organizations to deliver software faster and more securely.

Cyberwarfare / Nation-State Attacks

Russian GRU Hackers Exploit Critical Patched Vulnerabilities

Prajeet Nair • December 5, 2023

A Russian military hacking intelligence group is winning the race to exploit known vulnerabilities before system administrators can apply patches, warns Proofpoint. The firm has seen a spike in activity from TA422, also known as APT28, Fancy Bear and Forest Blizzard.