If and when Google’s proposed 90-day limit for the lifecycle of a digital certificate comes into effect, enterprises must be ready for it. Venafi has launched its own solution. In March 2023, Google announced an intention to shorten digital certificate lifespans to 90 days. Since then, it has neither confirmed nor denied, nor provided a timescale for this proposal. However, such a move makes sense … [Read more...]
DeepKeep Launches AI-Native Security Platform With $10 Million in Seed Funding
DeepKeep, an Israeli startup providing AI-native security, on Wednesday announced that it has raised $10 million in a seed funding round led by VC Awz Ventures. Founded in 2021, the Tel Aviv-based company is on a mission to secure the entire AI lifecycle and help organizations manage risks associated with AI, generative AI, and Large language models (LLMs). In addition to the funding, DeepKeep … [Read more...]
CISO Conversations: Talking Cybersecurity With LinkedIn’s Geoff Belknap and Meta’s Guy Rosen
Facebook (with around 3 billion members) is the core product of its parent company, Meta Platforms Inc. Other platforms within Meta include WhatsApp (2 billion monthly users) and Instagram (2 billion monthly users). Meta oversees the operations of all three platforms. Guy Rosen is Meta’s CISO. LinkedIn (with around 1 billion members) is owned by Microsoft but operates as a semi-autonomous … [Read more...]
Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server
Chinese cybersecurity firm QAX XLab has uncovered a new Android trojan that hides its true command-and-control (C&C) server behind a series of compromised WordPress sites. Dubbed Wpeeper, the malware has the typical functionality of an Android trojan, such as information collection, file and directory management, file download and upload, and command execution. However, the malware stands out … [Read more...]
UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike
The Alphv/BlackCat hackers lurked in Change Healthcare’s environment for nine days before deploying file-encrypting ransomware, the healthcare payment processor’s parent company UnitedHealth Group said. The attack that crippled the US healthcare system for weeks was carried out using leaked credentials for a Citrix portal that was not properly secured, UnitedHealth Group’s CEO Andrew Witty is set … [Read more...]
Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms
A Finnish court on Tuesday sentenced a 26-year-old man to six years and three months in prison for hacking thousands of patient records at a private psychotherapy center and seeking ransom from some patients over the sensitive data. The case has caused outrage in the Nordic nation, with a record number of people — about 24,000 — filing criminal complaints with police. In February 2023, French … [Read more...]
Docker Hub Users Targeted With Imageless, Malicious Repositories
Security researchers at JFrog have identified three large-scale campaigns targeting Docker Hub with repositories that did not contain container images but featured malicious metadata instead. A platform for the development, distribution, and collaboration on Docker images, Docker Hub hosts more than 15 million repositories and is one of the most popular container platforms for developers … [Read more...]
Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover
Three critical-severity vulnerabilities in the Judge0 open source service could allow attackers to perform sandbox escapes and completely take over the host machine, according to a warning from cybersecurity firm Tanto Security. The company documented the flaws in an advisory that warns that Judge0 versions prior to 1.13.1 are impacted by CVE-2024-28185, CVE-2024-28189, and CVE-2024-29021, three … [Read more...]
Apptega Raises $15 Million for Cybersecurity Compliance Platform
Apptega, a startup building an end-to-end cybersecurity compliance platform, on Tuesday announced that it has raised $15 million in growth equity and debt capital from Mainsail Partners, bringing the total raised to over $50 million. Founded in 2017, the Atlanta, Georgia-based company provides the technology to help managed security service providers (MSSPs) and managed detection and response … [Read more...]
Island Secures $175M Investment as Enterprise Browser Startups Defy Tech Giants
Despite competitive pressures from industry behemoths like Microsoft and Google, venture capital investors are continuing to place big bets on startups in the specialized enterprise browser space. The latest evidence comes via Island, a high-flying Dallas startup that banked $175 million in new funding from Sequoia and Coatue at a staggering $3 billion valuation. In a note announcing the new … [Read more...]
Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report
A newly uncovered Chinese threat actor has been scanning DNS networks around the world for years, sending vast numbers of queries via open DNS resolvers, according to network security company Infoblox. Dubbed Muddling Meerkat (PDF) and appearing to be linked to the Chinese government, the threat actor can control the Great Firewall (GFW) of China, the nation’s system for censoring and … [Read more...]
FCC Fines Wireless Carriers for Sharing User Locations Without Consent
The Federal Communications Commission has leveraged nearly $200 million in fines against wireless carriers AT&T, Sprint, T-Mobile and Verizon for illegally sharing customers’ location data without their consent. “These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location … [Read more...]
SafeBase Scores $33M Series B Investment
San Francisco startup SafeBase has attracted $33 million in new financing and investors continue to place big bets on companies in the vendor risk management and disclosure business. SafeBase said the Series B financing was provided by Touring Capital, Zoom Ventures, NEA (New Enterprise Associates), Y Combinator, Comcast Ventures, and Cerca Partners. The company has found traction with technology … [Read more...]
Vulnerability in R Programming Language Could Fuel Supply Chain Attacks
A vulnerability in the R programming language implementation can be exploited to execute arbitrary code when a malicious RDS file is loaded and referenced, and could be used as part of a supply chain attack, AI security firm HiddenLayer warns. Tracked as CVE-2024-27322 (CVSS score of 8.8), the issue was identified in R’s serialization and deserialization process, which is used for creating and … [Read more...]
Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues
According to analyst firm Gartner, some 55% of organizations have implemented or are piloting Generative AI. For many of these, Copilot for Microsoft 365 is an obvious starting point given that it’s an easy add-on to the services millions of organizations already use such as M365 and Office365. As well as the ease of purchase there’s also a simplified implementation given that Copilot has plenty … [Read more...]
Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas
The CEOs of leading U.S. technology companies are joining a new artificial intelligence safety board to advise the federal government on how to protect the nation’s critical services from “AI-related disruptions.” Homeland Security Secretary Alejandro Mayorkas announced the new board Friday which includes key corporate leaders in AI development such as OpenAI CEO Sam Altman, Microsoft CEO Satya … [Read more...]
CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure
The US government’s cybersecurity agency CISA has rolled out a series of guidelines aimed at beefing up the safety and security of critical infrastructure against AI-related threats. The newly released guidelines categorize AI risks into three significant types: the utilization of AI in attacks on infrastructure, targeted assaults on AI systems themselves, and failures within AI design and … [Read more...]
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat
If it feels like TikTok has been around forever, that’s probably because it has, at least if you’re measuring via internet time. What’s now in question is whether it will be around much longer and, if so, in what form? Starting in 2017, when the Chinese social video app merged with its competitor Musical.ly, TikTok has grown from a niche teen app into a global trendsetter. While, of course, also … [Read more...]
Google Says it Blocked 2.28 Million Apps from Google Play Store
Google on Monday said improved security processes helped to block 2.28 million privacy-violating applications from being published in its Google Play app store in 2023. The company said investments in better security features, updated policies, advanced machine learning and application review processes, and strengthened developer onboarding helped in the battle against bad Android apps and actors … [Read more...]
Should Cybersecurity Leadership Finally be Professionalized?
Professionalization could be a solution to the increased cybersecurity risk for corporate and national security; and the mental health and even physical liberty of CISOs. But it’s not easy. Professionalization for cybersecurity leadership has long been mooted but never actioned. Times are changing. The CISO role has expanded and become critical for both individual companies and national security. … [Read more...]
- « Previous Page
- 1
- …
- 5
- 6
- 7
- 8
- 9
- …
- 146
- Next Page »