Recent Security News
-
CISOs Struggle for C-Suite Status Even As Expectations Skyrocket
January 19, 2024 at 01:12PM A survey of 663 security executives revealed that CISOs are increasingly expected to take on C-suite responsibilities without being recognized as such. The evolving role is driven by heightened regulatory scrutiny and demands for accountability. There’s a lack of board guidance for CISOs, who are often not integrated into the…
-
Critical Vulnerabilities Found in Open Source AI/ML Platforms
January 19, 2024 at 12:24PM Members of the Huntr bug bounty platform discovered critical vulnerabilities in MLflow and Hugging Face. The vulnerabilities in MLflow, with a CVSS score of 10, enabled attackers to delete files, access sensitive information, or execute remote code. Hugging Face also had a flaw allowing the injection of malicious code. ClearML…
-
FTC bans one more data broker from selling your location info
January 19, 2024 at 12:14PM The FTC settled with InMarket, prohibiting it from selling Americans’ location data. The company collects data from its own and third-party apps, creating detailed advertising profiles without users’ consent. The FTC found InMarket’s data retention policy excessive and proposed measures including data deletion and consent enforcement. This is the FTC’s…
-
Missing the Cybersecurity Mark With the Essential Eight
January 19, 2024 at 12:08PM Australia made significant investments in cybersecurity, but still faces challenges, with numerous cyber incidents affecting key sectors. The Essential Eight, a cybersecurity framework, is outdated and fails to address modern threats like cloud and SaaS applications. An update is necessary to include directives for configuration management, identity security, third-party app…