Does Your Company Need a Virtual CISO?

December 2, 2024 at 12:47PM Companies hire virtual chief information security officers (vCISOs) for various reasons, including expanding security strategies, responding to breaches, and complying with regulations. vCISOs offer expert guidance, consistent security program management, and cost-effective solutions for firms lacking full-time CISO resources. They also help navigate evolving cybersecurity challenges and technologies. ### Meeting … Read more

News Desk 2024: The Rise of Cybersecurity Platforms

November 27, 2024 at 08:45AM Omdia’s survey reveals cybersecurity leaders are overwhelmed by 21-50 security tools and face pressure to simplify while adding more due to rising threats. Over the next three to five years, organizations may transition to cybersecurity platforms as contracts expire, presenting opportunities for major vendors while emphasizing a supportive vendor ecosystem. … Read more

Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels

November 27, 2024 at 08:03AM Researchers have identified Bootkitty, the first UEFI bootkit designed for Linux systems, produced by BlackCat. As a proof-of-concept, it aims to disable kernel signature verification and preload unknown binaries. While not yet used in attacks, it signifies a shift in UEFI threats beyond Windows, highlighting future cybersecurity risks. ### Meeting … Read more

CISO Paychecks: Worth the Growing Security Headaches?

October 7, 2024 at 03:43PM Cybersecurity professionals serving as CISOs are experiencing modest pay increase, averaging $403,000 annually, but it lags behind their evolving responsibilities. Business operations are increasingly under attack, with CISOs facing resource constraints and budget pressures. Demand for CISOs has stabilized, and stress persists, especially in government and education sectors. AI risk … Read more

Microsoft Names Deputy CISOs, Governance Council to Manage Security Push 

September 24, 2024 at 11:54AM Microsoft’s Secure Future Initiative (SFI) is materializing with the establishment of a Cybersecurity Governance Council steered by CISO Igor Tsyganskiy. This council, overseeing a vast cybersecurity engineering effort, appoints Deputy CISOs for specific domains. SFI aims to embed security as a core priority for all Microsoft employees, paired with senior … Read more

Mastercard’s Bet on Recorded Future a Win for Cyber Threat Intel

September 23, 2024 at 04:16PM Mastercard’s $2.65 billion acquisition of Recorded Future has highlighted the growing importance of cyber threat intelligence (CTI) in enterprise security strategies. The deal is expected to close in Q1 of 2025 and demonstrates the business criticality of CTI. Analysts anticipate significant growth in demand for CTI services in the coming … Read more

From Cybercrime to Terrorism, FBI Director Says America Faces Many Elevated Threats ‘All at Once’

August 23, 2024 at 02:33PM FBI Director Christopher Wray discussed the significant increase in security threats facing the country, including terrorism, espionage, election interference, and violence against law enforcement. He emphasized the importance of partnerships to address these challenges. Wray also highlighted the FBI’s efforts to strengthen collaborations with various sectors, such as business and … Read more

Focus on What Matters Most: Exposure Management and Your Attack Surface

August 23, 2024 at 07:30AM Exposure management goes beyond attack surface management by including data assets, user identities, and cloud account configurations. It ensures continuous evaluation of digital assets’ visibility, accessibility, and vulnerability. Unlike traditional vulnerability management, exposure management considers all threat vectors, including misconfigurations and unpatched vulnerabilities, allowing prioritization and strategic focus on critical … Read more

Azure Kubernetes Bug Lays Open Cluster Secrets

August 20, 2024 at 05:14PM Microsoft addressed a critical privilege escalation vulnerability in its Azure Kubernetes Service (AKS). Attackers could gain access to credentials and perform malicious actions in affected AKS clusters. The vulnerability, which did not require special privileges, led to unauthorized access to cluster contents. Security teams should audit AKS configurations and take … Read more

Cybersecurity Veteran Kevin Mandia Named General Partner of Ballistic Ventures

June 28, 2024 at 05:22PM Ballistic Ventures, a cybersecurity-focused venture capital firm, has named co-founder Kevin Mandia as General Partner. Mandia, a cybersecurity expert with an impressive track record, has held leadership roles at prominent firms and has been appointed to prestigious advisory committees. His transition to General Partner follows the firm’s successful fundraising and … Read more