Source Search Page
darkreading.com — 3+ hour, 3+ min ago
Securing AI: What You Should Know
darkreading.com...In many ways, fundamental principles for securing AI tools are the same as general cybersecurity best practices.... ...The current AI revolution may be new, but security teams at Google and elsewhere have worked on AI security for many years, if not decades.... ...But as Google CISO Phil Venables said in a recent podcast, "To implement [an] AI system, you've got to think about input and output management."... ...Read more Partner Perspectives from Google Cloud...
darkreading.com — 5+ hour, 22+ min ago
DHS: Physical Security a Concern in Johnson Controls Cyberattack
darkreading.com...In the latest development around the cyberattack impacting Johnson Controls International (JIC), officials at the Department of Homeland Security... ...Johnson Controls serves as a government contractor, providing building automation services to facilities, such as HVAC, fire, and security equipment... ...More than 80% of the Cybersecurity and Infrastructure Security Agency (CISA) workforce will be furloughed should this shutdown go into effect, and... ...According to media reports, officials detailed in an internal memo that Johnson Controls holds "classified/sensitive contracts for DHS that depict...
darkreading.com — 4+ hour, 22+ min ago
How Can Your Security Team Help Developers Shift Left?
darkreading.com...Scott Gerlach, CSO and co-founder of StackHawk: Ultimately, it requires a mix of people, processes, and technology.... ...When teams apply the steps, they can actually start to shift security left without compromising developer velocity.... ...Testing in CI/CD helps ensure that security is integrated into the development process alongside other automated software testing like unit and integration...
darkreading.com — 5+ hour, 20+ min ago
Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
darkreading.com...According to a recent report from Google's Threat Analysis Group (TAG), the company — which calls itself "Intellexa" — used the special access it... ...Predator was first developed by Cytrox, one of a number of spyware developers that have been absorbed under the umbrella of Intellexa in recent years... ...The flaw exists in Google Chrome and enables attackers to execute arbitrary code on a host machine via a specially crafted HTML page.... ...Independently reported by a security researcher and patched as of Sept. 5, Google TAG believes Intellexa was previously using the vulnerability as...
darkreading.com — 5+ hour, 22+ min ago
DHS Calls Into Question Physical Security in Johnson Controls Cyberattack
darkreading.com...In the latest development of the cyberattack impacting Johnson Controls International (JIC), officials at the Department of Homeland Security (DHS... ...Johnson Controls serves as a government contractor providing manufacturing services such as HVAC, fire, and security equipment.... ...More than 80% of the Cybersecurity and Infrastructure Security Agency (CISA) workforce will be furloughed should this shutdown go into effect, and... ...This incident highlights the importance of the executive order President Biden issued in 2021 for federal agencies to bolster their cybersecurity...
darkreading.com — 6+ hour, 54+ min ago
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
darkreading.com > cloud...For the second time in recent months, Progress Software is requiring enterprise security teams to drop everything and move quickly to protect their... ...organizations against critical vulnerabilities in its file-transfer software — this time, the WS_FTP file transfer product used by some 40 million... ..."WF_FTP has a rich history and is typically used among IT and developers," says Timothy Morris, chief security advisor at Tanium, adding that organizations... ...Caitlin Condon, head of vulnerability research at Rapid7, says her company's research team was able to identity the vulnerability and test its exploitability...
darkreading.com — 10+ hour ago
Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files
darkreading.com...Fortinet senior security engineer Fred Gutierrez, who declined to name the spoofed firm, says other businesses hit with the campaign included subsidiaries... ...smuggling, which displays four images, one of which is actually a LNK file that downloads the malware.... ...Once the user opens the downloaded zip file and enters a password that opens the fake image, the installer is downloaded.... ...HTML smuggling requires the user to perform an action to actually become fully infected....
darkreading.com — 10+ hour, 3+ min ago
People Still Matter in Cybersecurity Management
darkreading.com...research that connects the dots | Learn more In the run-up to the 1992 US presidential election, Bill Clinton's campaign famously had a large sign... ...2023 has been a year of great distractions as war, new malware campaigns, industry mergers, and generative AI have each demanded their share of executive...
darkreading.com — 1+ day ago
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
darkreading.com > cloud...shutdown plan includes the indefinite furlough of more than 80% of the Cybersecurity and Infrastructure Security Agency (CISA) workforce.Shutdown... ...does not pass a budget by the Oct 1 deadline, experts warn.The US Department of Homeland Security (DHS) updated its plan to respond to the "lapse... ...to Roselle Safran, founder and CEO of KeyCaliber She was the head of cybersecurity efforts of the Executive Office of the President during the... ...MITRE's open frameworks and knowledge bases such as MITRE ATT&CK, Caldera, D3FEND, Engage, ATLAS, Security Automation, System of Trust, CVE, and...
darkreading.com — 1+ day ago
Johnson Controls International Disrupted by Major Cyberattack
darkreading.com...Johnson Controls International (JCI) this week reported in a filing with the US Securities and Exchange Commission (SEC) that it had suffered a cyberattack... ...and stadiums," Lior Yaari, CEO and co-founder of Grip Security, said in an emailed statement.... ...Johnson Controls said in the SEC filing that its applications remain operation and unaffected but that it continues to review the financial impact...