-
When and how to report a breach to the SEC
PRIVACY PRIVACY New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents. Under the proposal, the SEC would implement three new rules that public…
-
Why red team exercises for AI should be on a CISO’s radar
PRIVACY PRIVACY AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct red team exercises against AI models and AI-enabled applications — just as security teams…
-
Russian hacktivist group targets India’s health ministry
PRIVACY PRIVACY A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain health data of millions of Indian citizens. “On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website,” cybersecurity firm CloudSek…
-
Smashing Security podcast #313: Tesla twins and deepfake dramas
PRIVACY PRIVACY The twisted tale of the two Teslas, and a deepfake sandwich. All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault. Read More
-
Microsoft has another go at closing security hole exploited by Magniber ransomware
PRIVACY PRIVACY In its latest Patch Tuesday bundle of security fixes, Microsoft has patched a security flaw that was being used by the Magniber cybercrime gang to help them infect computers with ransomware. Read more in my article on the Hot for Security blog. Read More
-
Tick APT Group Hacked East Asian DLP Software Firm
PRIVACY PRIVACY The hacker breached the DLP company’s internal update servers to deliver malware within its network Read More
-
“FakeCalls” Android Malware Targets Financial Firms in South Korea
PRIVACY PRIVACY CPR discovered 2500 samples of the malware, impersonating 20 financial institutions in the region Read More
-
Humans Still More Effective Than ChatGPT at Phishing
PRIVACY PRIVACY The research paper by HoxHunt analyzed 53,127 emails sent to users in over 100 countries Read More
-
Microsoft Patch Tuesday, March 2023 Edition
PRIVACY PRIVACY Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability (CVE-2023-23397) affects all versions of Microsoft…
-
Dell beefs up security portfolio with new threat detection and recovery tools
PRIVACY PRIVACY Dell Technologies has added a slew of in-house as well as partnered capabilities to its security portfolio in a bid to beef up its capabilities in areas including threat security, management, and incident response. “Through ongoing innovation and a powerful ecosystem of partners, we’re committed to helping organizations protect against threats, withstand and…