Tag: communications
-
Meta Permanently Disables EndEnd Encryption for Instagram DMs
Meta has announced plans to permanently turn off end-to-end encryption for Instagram Direct Messages. Effective May 8, 2026, the social media platform will officially cease support for this critical security feature. This decision marks a significant change in how user communications are protected on the platform, moving away from cryptographic models that previously prevented third-party…
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
A 5-step approach to taming shadow AI
Tags: ai, api, business, communications, compliance, control, data, defense, finance, framework, governance, incident response, monitoring, network, nist, risk, risk-assessment, risk-management, service, strategy, technology, toolthought work happened and how it actually does today.Here’s a five-step approach to put a robust AI-risk management framework in place: Employees often use public model APIs, browser-based prompt tools and unsanctioned or ungoverned internal chatbots to boost productivity without considering the risk of exposing sensitive data.AI usage is not difficult to identify; you just need…
-
Survey: CISOs Continue to Struggle to Strike Right Risk Balance
A survey of 422 CISOs finds that while well over half (61%) believe their organizations are highly competent when it comes to cybersecurity and cyber resilience, less than half (45%) said their organization’s risk appetite is effectively aligned with cybersecurity risk management even though 57% claimed their communications channels with the line of business units..…
-
PQC roadmap remains hazy as vendors race for early advantage
Tags: attack, cisco, communications, control, crypto, cryptography, data, encryption, finance, firmware, gartner, google, grc, guide, Hardware, healthcare, identity, infrastructure, monitoring, network, nist, risk, software, technology, threat, tool, vpn, vulnerabilitySome are already ahead as the migration question looms: One of the earliest vendors to operationalize cryptographic discovery specifically for PQC readiness was Sandbox AQ, which emerged from Google’s quantum research efforts. As early as 2022, the company argued that enterprises needed to inventory cryptography assets long before post-quantum algorithms could be deployed at scale.Initially…
-
China-Linked Hackers Use Malware Trio for Telecom Espionage
Tags: access, china, cisco, communications, cyberespionage, espionage, group, hacker, infrastructure, malware, tool, usaResearchers Tie UAT-9244 Intrusion to Famous Sparrow and Tropic Trooper. A China-linked cyberespionage group has been targeting telecommunications providers in South America since 2024 using a set of newly discovered malware tools designed to maintain persistent access to critical communications infrastructure, Cisco Talos researchers found. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/china-linked-hackers-use-malware-trio-for-telecom-espionage-a-30940
-
Challenges and projects for the CISO in 2026
Tags: access, ai, authentication, automation, awareness, cisco, ciso, cloud, communications, control, credentials, cybersecurity, data, defense, detection, edr, email, encryption, endpoint, finance, framework, group, identity, intelligence, leak, mobile, network, service, soc, sophos, strategy, technology, trainingHazel DÃez (Banco Santander), Roberto Lara (Vodafone), Marijus Briedis (NordVPN), Ãlvaro Fernández (Sophos), and Ãngel Ortiz (Cisco). Banco Santander, Vodafone, NordVPN, Sophos y Cisco. Montaje: Foundry Against this backdrop, Cisco defines AI as “the fundamental technology that will set the cybersecurity agenda in 2026,” in the words of Ortiz, who refers to the company’s Integrated…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
What to Expect from Iran’s Digital Counterstrike
Tags: attack, breach, cloud, communications, cyber, cyberattack, cybersecurity, data, defense, espionage, exploit, extortion, finance, government, group, hacking, infrastructure, intelligence, international, iran, leak, middle-east, military, network, ransomware, risk, risk-assessment, service, tool, update, vulnerability, wormAfter the United States and Israel began a bombing campaign on Iran, leading to the decapitation of its political and military leaders, the Middle East has erupted into waves of kinetic warfare. But what should we expect about cyber? Iran has a formidable offensive cybersecurity capability and is considered one of the four most aggressive…
-
How to know you’re a real-deal CSO, and whether that job opening truly seeks one
Tags: access, ai, breach, business, communications, compliance, control, cyber, data, data-breach, finance, framework, governance, incident response, infosec, insurance, jobs, metric, privacy, radius, risk, skills, strategy, threat, training, vulnerabilityStriking the right balance of experience and responsibility: Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.In some firms, a newly appointed CSO might be positioned as a gatekeeper without the…
-
Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran
After U.S. and Israeli forces started bombing Iran, reports say cyber operations have disrupted communications, supported surveillance activities, and have been used in psychological operations. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/03/hacked-traffic-cams-and-hijacked-tvs-how-cyber-operations-supported-the-war-against-iran/
-
Jetzt Staats-CISO werden für unter 160.000 Euro
Tags: ciso, cloud, communications, compliance, cyber, cybersecurity, cyersecurity, DSGVO, framework, governance, government, ISO-27001, jobs, nist, riskDas britische Government Communications Headquarters (GCHQ) in Cheltenham, England. GCHQEine aktuelle Stellenausschreibung sorgt in der Branche für Kopfschütteln. Sie legt nahe, dass manche hochrangigen Regierungsstellen offenbar nicht ganz mit der Realität des heutigen Cybersecurity-Arbeitsmarktes Schritt halten. Dabei ist gut dokumentiert, dass weltweit erheblicher Bedarf an IT-Sicherheitsexperten besteht. Laut einer aktuellen Umfrage von ISC2 sind 33…
-
Epic Fury introduces new layer of enterprise risk
Tags: access, apt, attack, business, cisa, ciso, communications, country, credentials, cyber, cybersecurity, data-breach, disinformation, exploit, group, infrastructure, intelligence, international, Internet, iran, malware, middle-east, network, ransomware, resilience, risk, rust, service, software, technology, tool, ukrainePhysical attacks on US-linked locations through direct action or partner groups. We are already seeing Iranian missile launches into a variety of nations in the region.Cyber operations that include disruptive activity, targeted intrusions, credential and access harvesting, destructive malware deployment, and the use of compromised infrastructure to support broader influence or operational objectives.Proxy networks across…
-
Cyber Command disrupted Iranian comms, sensors, top general says
U.S. Cyber Command conducted online attacks against Iranian communications systems that the country’s top general said set the stage for the joint bombing campaign with Israel. First seen on therecord.media Jump to article: therecord.media/iran-cyber-us-command-attack
-
Ex-Nuance IT Worker Pleads Guilty in Geisinger Health Case
Fired Employee Illegally Downloaded 1M Patient Records. A former Nuance Communications IT worker has pleaded guilty in a criminal case that alleged he downloaded and stored on a personal hard drive containing 1.2 million patient records of a client, Geisinger Health, two days after he was terminated from his job in 2023. First seen on…
-
How CISOs can build a resilient workforce
Tags: ai, automation, ciso, communications, cyber, cybersecurity, data, infrastructure, jobs, monitoring, network, risk, service, skills, soc, software, strategy, technology, threat, tool, trainingBurnout leads to job dissatisfaction: Burnout is an ongoing concern for many CISOs and their teams, especially when unpredictable events can trigger workload spikes, burnout can escalate fast. “It’s something that can overwhelm pretty quickly,” Ford says.Industry surveys continue to flash red on persistent burnout that leads to job dissatisfaction. The ISC2 study found almost…
-
Why Tehran’s Two-Tiered Internet Is So Dangerous
Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of internet censorship. This was not merely blocking social media or foreign…
-
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks.The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the…
-
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries
Tags: access, api, apt, china, cloud, communications, cyber, cyberespionage, data, defense, endpoint, espionage, google, government, group, hacker, infrastructure, intelligence, linux, mandiant, monitoring, network, phone, radius, service, spy, theft, threat, vpnHow Mandiant found it: The campaign came to light during a Mandiant Threat Defense investigation, when analysts flagged unusual activity on a CentOS server. A binary named xapt, designed to masquerade as the apt package manager on Debian-based Linux systems, had already escalated to root and was running shell commands to confirm its access level,…
-
Hackers Exploit Cortex XDR Live Terminal for C2 Communications
Hackers can repurpose the Cortex XDR Live Terminal feature as a stealthy, EDR”‘trusted command”‘and”‘control (C2) channel, effectively turning a built”‘in response tool into a “living off the land” backdoor on protected endpoints. This abuse leverages the agent’s trusted communications and flexible remote”‘execution capabilities to blend malicious operations into normal Cortex XDR traffic. Cortex XDR Live…
-
UK regulator fines porn company $1.8 million for failing to verify user ages
Tags: communicationsThe U.K.’s communications regulator fined the porn company 8579 LLC £1.35 million ($1.82 million) for not verifying user ages. First seen on therecord.media Jump to article: therecord.media/ofcom-porn-fine-verification
-
PayPal launches latest struggle to get rid of SMS for MFA
Tags: authentication, ceo, ciso, communications, compliance, cybersecurity, email, finance, fraud, government, group, login, mfa, mobile, nfc, passkey, password, phishing, risk, service, strategy, switch, updateMuddled effort, mixed messages Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, says he’s “always found it odd” that PayPal still supports SMS as its primary secondary authentication factor.”Everyone in financial services and government has abandoned it for not being sufficiently secure and are moving to even phishing-resistant authentication, such as passkeys, Yubikeys,” he…
-
Researchers Uncover DoS Vulnerabilities in Socomec DIRIS M-70 IIoT Power Meter via Thread Emulation Fuzzing
Selective thread emulation and coverage-guided fuzzing have exposed six denial-of-service (DoS) vulnerabilities in the Socomec DIRIS M-70 IIoT power-monitoring gateway, all of which are now patched under Cisco’s Coordinated Disclosure Policy. The Socomec DIRIS M-70 gateway is a central communications node for energy monitoring, supporting RS485 and Ethernet plus protocols such as Modbus RTU, Modbus…
-
Why are cybersecurity professionals confident in Agentic AI defenses?
How Are Non-Human Identities Reshaping Cloud Security Strategies? In what ways do organizations manage evolving digital machine identities? The rapid increase in machine-to-machine communications has brought about a new dimension of security considerations, particularly with the rise of Non-Human Identities (NHIs). NHIs, primarily composed of secrets like encrypted passwords, tokens, or keys, demand a strategic……