April 26, 2024 at 03:50PM CISO Corner is Dark Reading’s weekly digest for security leaders. This issue covers topics like Cloud Security truths, MITRE ATT&CK’s breach, OWASP’s LLM Top 10, SBOMs’ vulnerability census, cybersecurity pros’ licensure laws, J&J spin-off CISO’s security program, and suggestions for post-SolarWinds SEC disclosures. The articles provide insight and advice for … Read more
April 24, 2024 at 05:12PM KnowBe4 has announced the acquisition of Egress, a leader in cloud email security, to provide a comprehensive AI-enabled security platform for organizations globally. This move aims to address human-related data breaches and cultivate a strong security culture. The transaction is expected to close in the coming months, subject to customary … Read more
April 24, 2024 at 01:19PM Microsoft is facing criticism for charging for security add-ons despite its own vulnerabilities and breaches. Enterprises are frustrated with the additional costs required for essential security tools, available only with specific subscriptions. While this pricing strategy delivers high revenues, it comes at a cost to users. Pressure is mounting for … Read more
April 24, 2024 at 12:09PM Security awareness training firm KnowBe4 plans to acquire British late-stage startup Egress, specializing in cloud email security. Egress, with $48 million in funding, garnered attention in a competitive market. The merger aims to create a leading AI-driven cybersecurity platform. The deal is expected to close in the coming months, pending … Read more
April 23, 2024 at 05:07PM Cloud security has progressed but still has a long way to go, with breaches costing organizations heavily. John Kindervag, a zero trust security proponent, emphasizes that simply moving to the cloud doesn’t make organizations more secure. Meanwhile, native security controls are hard to manage, and identity alone won’t save the … Read more
April 23, 2024 at 11:28AM Researchers have found a vulnerability in the archived Apache project Cordova App Harness, leading to dependency confusion attacks. Over 49% of organizations are vulnerable. Despite npm’s efforts to fix the issue, the Cordova App Harness project remains at risk. The discovery emphasizes the importance of addressing vulnerabilities in third-party projects … Read more
April 23, 2024 at 01:30AM A misconfigured cloud server using a North Korean IP address exposed the potential inadvertent hiring of North Korean workers by film production studios like BBC, Amazon, and HBO Max for animation projects. The server, now inactive, was discovered by the NK Internet blog author. The Stimson Center and cybersecurity experts … Read more
April 22, 2024 at 02:22PM Gartner highlights that while organizations are adopting zero-trust strategies, they may not fully encompass all operational aspects. Based on the meeting notes, it seems that organizations are finding limitations in the effectiveness of zero-trust strategies, as noted by Gartner. This could suggest a need for further evaluation and potential adjustments … Read more
April 22, 2024 at 11:30AM Russian cyber firm Kaspersky reports the activities of threat actor ToddyCat, who targets primarily governmental and defense-related organizations in the Asia-Pacific region. The adversary employs various tools and techniques for large-scale data harvesting and data exfiltration, including passive backdoors and tunneling data gathering software to bypass defenses and access sensitive … Read more
April 22, 2024 at 08:00AM A 2024 survey by Pentera revealed staggering results: 51% of organizations experienced a cyberattack in the past two years, despite investing in an average of 53 security solutions. Breaches led to significant damage, prompting heightened board involvement. The survey also highlighted the need for more frequent and continuous security testing … Read more