Latest

Multi-factor & Risk-based Authentication

CISA Urges Americans to Apply MFA, 'Think Before They Click'

Michael Novinson  •  September 26, 2023

CISA Director Jen Easterly urged citizens to boost their defenses by choosing strong passwords, opting for multi-factor authentication, reporting phishing and enabling automatic software updates. Easterly said users should choose passwords that are complex and unique to each sensitive account.

Artificial Intelligence & Machine Learning

US, South Korea Pledge Strengthened Tech Collaboration

Rashmi Ramesh  •  September 26, 2023

The United States and South Korea reaffirmed a commitment to mitigate the risks in technologies including AI, 5G networks and cloud computing, while developing an "inclusive approach" to govern their use. The two countries said governance must support the development of trustworthy AI.

Identity & Access Management

Microsoft Brings Passkeys, Bad Code Protection to Windows 11

Michael Novinson  •  September 26, 2023

Microsoft updated Windows 11 on Tuesday to simplify passwordless adoption, protect against malicious code and have the ability to refresh configuration in the event of tampering. Updates to Windows 11 allow users to replace passwords with passkeys to stop hackers from exploiting stolen passwords.

Artificial Intelligence & Machine Learning

London Cybersecurity Summit Spotlights AI and Ransomware

Pooja Tikekar  •  September 26, 2023

Information Security Media Group recently concluded its Cybersecurity Summit: London, which brought together industry leaders for a day of informative sessions covering a diverse range of critical cybersecurity topics, including CISOs' vulnerability to liability, ransomware threats and burnout.

Privileged Access Management

CyberArk, BeyondTrust, Delinea Dominate Gartner MQ for PAM

Michael Novinson  •  September 25, 2023

CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past half-decade, PAM has gone from being required for large companies to being an insurance prerequisite.

Cyberwarfare / Nation-State Attacks

Deadglyph Backdoor Targeting Middle Eastern Government

Prajeet Nair  •  September 25, 2023

Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages: native x64 binary and a .NET assembly.

Artificial Intelligence & Machine Learning

Governor at Fed Cautiously Optimistic About Generative AI

Rashmi Ramesh  •  September 25, 2023

Federal Reserve Board Governor Lisa D. Cook is cautiously optimistic about the impact of generative AI on jobs and productivity but urged the industry to address the "very real concerns." While she sees "broad benefits from its use, in the short term, she said, AI could disrupt the labor market.

Artificial Intelligence & Machine Learning

Polish Privacy Regulator Probes OpenAI's ChatGPT

Akshaya Asokan  •  September 25, 2023

The Polish data regulator launched a probe into OpenAI's ChatGPT for potential privacy violations of the European General Data Protection Regulation. The Polish regulator is the third European data protection agency to raise privacy concerns related to ChatGPT.

Cyber Insurance

CommonSpirit Details Financial Fallout of $160M Cyberattack

Marianne Kolbasuk McGee  •  September 25, 2023

Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" hampered billing and collection activities contributed to a $1.4 billion operating loss for the year.

Cybercrime

Bermuda Struggles to Recover From Cyberattack

Mihir Bagwe  •  September 25, 2023

Bermuda government workers Monday remained cut off from email and normal telephone systems following a hacking incident disclosed late last week. Bermuda Premier David Burt on Thursday attributed the hack to "Russia-based actors," without elaborating.

►

Open XDR

How to Overcome Practitioner Concerns Over Cisco-Splunk Deal

Michael Novinson  •  September 25, 2023

Security practitioners are skeptical of Cisco's proposed $28 billion Splunk purchase given the networking giant's track record around funding and investing in previous acquisition targets. Forrester's Allie Mellen expects some customers to try out other SIEM tools given Cisco's heritage in hardware.

Cybercrime

Data Breach Toll Tied to Clop Group's MOVEit Attacks Surges

Mathew J. Schwartz  •  September 25, 2023

The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.