January 19, 2024 at 02:46PM The International Conference on Cyber Security at Fordham University highlighted the increasing use of AI for enterprise defense against adversaries. While CISOs acknowledge the importance of AI, they are also prioritizing supply chain security, authentication technologies, and addressing the implications of global conflicts on critical infrastructure. CISOs believe AI provides … Read more
January 19, 2024 at 02:30PM CISA issued an emergency directive to address widespread exploitation of Ivanti Connect Secure and Ivanti Policy Secure flaws by threat actors. Federal agencies must immediately implement mitigation measures, report indications of compromise, and take action to restore impacted appliances. Threat monitoring service has detected compromised Ivanti appliances being used for … Read more
January 19, 2024 at 01:12PM A survey of 663 security executives revealed that CISOs are increasingly expected to take on C-suite responsibilities without being recognized as such. The evolving role is driven by heightened regulatory scrutiny and demands for accountability. There’s a lack of board guidance for CISOs, who are often not integrated into the … Read more
January 19, 2024 at 12:44PM Iran-linked Mint Sandstorm group targets professionals in Middle Eastern affairs with sophisticated social engineering tactics, delivering malware and compromising systems. The group, tied to the Iranian military, uses lures related to Israel-Hamas war for cyber-espionage and is known for its persistent efforts. It impersonates journalists and researchers, employs custom backdoors, … Read more
January 19, 2024 at 12:24PM Members of the Huntr bug bounty platform discovered critical vulnerabilities in MLflow and Hugging Face. The vulnerabilities in MLflow, with a CVSS score of 10, enabled attackers to delete files, access sensitive information, or execute remote code. Hugging Face also had a flaw allowing the injection of malicious code. ClearML … Read more
January 19, 2024 at 12:14PM The FTC settled with InMarket, prohibiting it from selling Americans’ location data. The company collects data from its own and third-party apps, creating detailed advertising profiles without users’ consent. The FTC found InMarket’s data retention policy excessive and proposed measures including data deletion and consent enforcement. This is the FTC’s … Read more
January 19, 2024 at 12:08PM Australia made significant investments in cybersecurity, but still faces challenges, with numerous cyber incidents affecting key sectors. The Essential Eight, a cybersecurity framework, is outdated and fails to address modern threats like cloud and SaaS applications. An update is necessary to include directives for configuration management, identity security, third-party app … Read more
January 19, 2024 at 11:46AM Researchers at MIT have discovered that ambient light sensors in smart devices, usually used for adjusting screen brightness, can covertly capture images of user gestures without requiring permission, posing a privacy threat. The team highlighted the potential risk and suggested measures like restricting information rates and adding permission controls to … Read more
January 19, 2024 at 11:38AM Summary: A Chinese hacking group exploited a vCenter Server vulnerability (CVE-2023-34048) as a zero-day since late 2021, using it to breach targets’ servers, escalate privileges, and exfiltrate files. The group, UNC3886, also targeted Fortinet firewall devices with a zero-day. Its preferred targets include defense, government, telecom, and tech sectors in … Read more
January 19, 2024 at 10:05AM The Cybersecurity and Infrastructure Agency (CISA) has released a 2023–2024 “CISA Roadmap for Artificial Intelligence” to ensure secure and trustworthy development and use of AI, aligned with the White House Executive Order 14110. The road map focuses on four goals including cyber defense, risk reduction, operational collaboration, and agency unification. … Read more