Xynik

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack 

by

January 8, 2024 at 08:36AM Security researchers warn that tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, posing high-impact supply chain attack risks. These attacks can be launched using self-hosted runners, allowing malicious code execution and persistence. Exploitation of this vulnerability has led to significant … Read more

NIST: No Silver Bullet Against Adversarial Machine Learning Attacks

by

January 8, 2024 at 08:36AM NIST’s report cautions on the vulnerability of AI to adversarial machine learning attacks and emphasizes the absence of foolproof defenses. It covers attack types, including evasion, poisoning, privacy, and abuse, and urges the community to develop better safeguards. Industry experts acknowledge the report’s depth and importance in understanding and mitigating … Read more

How to Get Started with Security Automation: Consider the Top Use Cases within Your Industry

by

January 8, 2024 at 08:36AM Security professionals are prioritizing use cases such as incident response, alert triage, vulnerability management, spear phishing, and threat intelligence for technology investments. Automation adoption is driven by the need for efficiency, with top use cases varying by industry. A standardized, data-driven and extensible platform is key for successful security automation … Read more

British Library: Finances remain healthy as ransomware recovery continues

by

January 8, 2024 at 08:26AM The British Library is disputing reports of potentially $9 million recovery costs from a 2023 ransomware attack, with final costs unconfirmed. The attack caused significant disruption, with various systems offline. The recovery process could take several months, impacting services and payments to authors. The library will issue updates on its … Read more

CISO Conversations: Jason Rebholz and Jason Ozin From the Insurance Sector

by

January 8, 2024 at 07:30AM CISO Conversations with insurance sector leaders, Jason Rebholz and Jason Ozin, detail their unconventional paths to becoming cybersecurity leaders. They stress the importance of knowledge, ambition, and building a diverse team. They also highlight the need to address burnout and future threats, such as third-party risks and evolving hacking techniques. … Read more

Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy

by

January 8, 2024 at 07:22AM The text discusses the challenges and importance of a unified approach to cybersecurity. With talent retention, leadership focus, board engagement, and organizational silos as key issues, integrating managed SOC, managed risk, and managed strategy is pivotal. This holistic approach offers benefits such as cost-effective resource allocation, informed decision-making, swift incident … Read more

Lebanon Airport Screens Display Anti-Hezbollah Message After Being Hacked

by

January 8, 2024 at 06:18AM Beirut’s airport screens were hacked by anti-Hezbollah groups, accusing the militant group of risking war with Israel. The message was shared by a Christian group and another little-known group. Clashes between Hezbollah and Israel intensified, with Hezbollah launching rockets and both sides exchanging strikes. The government and international community aim … Read more

Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs

by

January 8, 2024 at 06:18AM The number of CNA organizations and CVE identifiers increased in 2023. There were 28,902 published CVEs with an average of 80 new CVEs per day, and the average CVSS score was 7.12. The number of new CNAs announced increased to 84, totaling nearly 350 CNAs from 38 countries. The top … Read more

Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface

by

January 8, 2024 at 04:27AM Digital expansion increases the external attack surface, exposing organizations to cyberthreats. Traditional security tools such as firewalls and VPNs contribute to this vulnerability. External Attack Surface Management (EASM) is a growing priority, with zero trust security being a key solution to minimize the attack surface. Join the webinar with Zscaler … Read more

NIST Warns of Security and Privacy Risks from Rapid AI System Deployment

by

January 8, 2024 at 04:27AM NIST highlights AI’s security and privacy challenges, including adversarial manipulation of training data, exploitation of model vulnerabilities, and exfiltration of sensitive information. Rapid integration of AI into online services exposes models to threats like corrupted training data and privacy breaches. NIST urges the tech community to develop better defenses against … Read more