Tag: corporate
-
10 Kennzahlen, die CISOs weiterbringen
Geht es um Security-Kennzahlen, sollten CISOs sich auf das Wesentliche fokussieren. Die Security-Performance zu messen, gehört vielleicht nicht zu den aufregendsten Aufgaben eines CISOs kann allerdings sehr nützlich sein, um eine ganze Reihe von Herausforderungen zu bewältigen. Neben der Erkenntnis darüber, wie effektiv ihre Security-Bemühungen sind, können Sicherheitsentscheider mit den richtigen Kennzahlen unter anderem auch…
-
Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware
The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its focus to corporate Human Resources (HR) departments with a highly targeted spear-phishing operation. According to research by Arctic Wolf Labs, the group is leveraging legitimate job platforms and messaging services to send fraudulent job applications laced with malicious resumes. These deceptive…
-
Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims
A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed a surge in malicious activity tied to the Luna Moth hacking group. The actors are now leveragingfake helpdesk-themed domainsto impersonate legitimate businesses and steal sensitive data. This campaign, first detected in March 2025, primarily targets law firms and corporate entities. How…
-
How China and North Korea Are Industrializing Zero-Days
Tags: china, cloud, corporate, cyberattack, exploit, google, group, hacker, intelligence, korea, north-korea, organized, threat, zero-dayGoogle Cloud’s Hultquist on How State Hackers Exploit Code and Corporate Hiring. John Hultquist, chief analyst at Google Threat Intelligence Group, Google Cloud, discussed how China and North Korea are transforming cyberattacks into organized, factory-like operations. Alongside zero-day exploits, North Korean IT operatives are quietly infiltrating Fortune 500 companies under false identities. First seen on…
-
What is EDR? An analytical approach to endpoint security
Tags: access, android, antivirus, api, attack, automation, breach, cloud, corporate, data, defense, detection, edr, email, endpoint, firewall, incident response, infection, infosec, infrastructure, intelligence, Intruder, linux, macOS, malicious, malware, network, service, siem, soar, software, threat, tool, trainingEDR vs. antivirus: What’s the difference?: Antivirus software has similar goals to EDR, in that it aims to block malware from installing on and infecting endpoints (usually user PCs). The difference is that antivirus spots malicious activity by trying to match it to signatures, known patterns of code execution or behavior that the security community…
-
The Expanding Role of CISOs in Tech and Corporate Governance
Team8’s Liran Grinberg on How CISOs Influence Boardrooms and Enterprise Security. With cyber risk ranked as one of the top threats to business continuity, cybersecurity has now become a core component to business survival. Liran Grinberg, co-founder and managing partner at Team8, said the CISO’s role has transformed into one of the most critical positions…
-
How AI can attack corporate decision-making
As AI gets embedded in corporate systems, experts warn of emerging security risks caused by influencing retrieval augmentation systems First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623417/How-Ai-can-attack-corporate-decision-making
-
Verantwortungsvolle Cybersicherheit: Der CISO im Zentrum der CSR-Strategie
Die Corporate Social Responsibility (CSR) erfordert heute eine strategische Verknüpfung von Cybersicherheit und Nachhaltigkeit. CISOs stellen sicher, dass Investitionen in Cybersicherheit umweltverträgliche Ziele unterstützen und somit zu einer verantwortungsvollen Unternehmensführung beitragen. Die soziale Verantwortung von Unternehmen (CSR) ist heute ein unverzichtbarer strategischer Schwerpunkt, wobei die Cybersicherheit eine Schlüsselrolle spielt. Jüngste Initiativen auf europäischer Ebene,… First…
-
RansomHub Ransomware Deploys Malware to Breach Corporate Networks
The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging SocGholish malware, also known as FakeUpdates, was uncovered targeting corporate networks. This attack, orchestrated by affiliates of RansomHub-a notorious Ransomware-as-a-Service (RaaS) group emerging in 2024-demonstrates a calculated approach to infiltrate high-profile organizations. SocGholish Malware as Initial Vector RansomHub markets its illicit…
-
RSAC 2025 Innovation Sandbox – Knostic: Reshaping the Access Control Paradigm for Enterprise AI Security
Introduction As generative artificial intelligence (GenAI) and large language models (LLM) rapidly penetrate corporate operations, data leakage and privacy risks have become major challenges faced by enterprises. Knostic, a startup founded in 2023, is providing enterprises with a layer of intelligent security protection with its innovative Need-to-Know access control technology to ensure the safe deployment…The…
-
10 key questions security leaders must ask at RSA 2025
Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trustIs agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
-
Interlock ransomware gang pushes fake IT tools in ClickFix attacks
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interlock-ransomware-gang-pushes-fake-it-tools-in-clickfix-attacks/
-
If Boards Don’t Fix OT Security, Regulators Will
Around the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won’t drive up security maturity for operational technology unless they’re made to. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/boards-fix-ot-security-regulators
-
ISACA and Chartered IIA pen open letter to UK Government urging swift audit reform to build digital resilience
ISACA and the Chartered Institute of Internal Auditors (Chartered IIA), have sent a letter to Rt Hon Jonathan Reynolds MP, Secretary of State for Business and Trade, stressing the urgent need for audit reform legislation to boost digital resilience. The letter underlines strong stakeholder support for the Audit Reform and Corporate Governance Bill promised in…
-
Mobile Security Emerging Risks in the BYOD Era
The rise of Bring Your Own Device (BYOD) policies has revolutionized workplace flexibility, enabling employees to use personal smartphones, tablets, and laptops for professional tasks. While this shift reduces hardware costs and supports hybrid work models, it introduces complex security challenges. Cybercriminals increasingly target personal devices as gateways to corporate networks, exploiting vulnerabilities in fragmented…
-
NetFlow and PCAP Logs Reveal Multi-Stage Attacks In Corporate Networks
In the modern enterprise, network security teams face the daunting challenge of detecting and responding to multi-stage attacks that unfold over days or even weeks. Two of the most powerful tools in this battle are NetFlow and PCAP. NetFlow, often described as a metadata sentinel, provides a high-level summary of network traffic flows by recording…
-
How to Outsource Your Humanity 101
You’re so busy climbing the corporate ladder that you can’t spare five minutes to ring mum and dad. But fear not! For a mere £24.90 a month, you can now hire a silicon-based impersonator to pretend it cares about your parents’ day. Welcome to inTouch Family, the service that lets you tick “filial piety” off……
-
Top Four Considerations for Zero Trust in Critical Infrastructure
Tags: access, ai, attack, authentication, automation, best-practice, breach, business, cctv, ceo, cloud, communications, compliance, corporate, cyber, cybersecurity, data, defense, email, encryption, exploit, finance, group, hacker, healthcare, identity, infrastructure, iot, law, malicious, mfa, nis-2, privacy, regulation, risk, saas, service, software, strategy, threat, tool, vulnerability, zero-trustTop Four Considerations for Zero Trust in Critical Infrastructure madhav Tue, 04/15/2025 – 06:43 TL;DR Increased efficiency = increased risk. Critical infrastructure organizations are using nearly 100 SaaS apps on average and 60% of their most sensitive data is stored in the cloud. Threat actors aren’t naive to this, leading to a whopping 93% of…
-
My Take: Is Amazon’s Alexa+ a Gutenberg moment, or a corporate rerun of history’s greatest co-opt?
Last Friday morning, April 11, I was making my way home from NTT Research’s Upgrade 2025 innovation conference in San Francisco, when it struck me that we’re at a watershed moment. I was reflecting on NTT’s newly launched Physics of… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/my-take-is-amazons-alexa-a-gutenberg-moment-or-a-corporate-rerun-of-historys-greatest-co-opt/
-
Cybercriminal groups embrace corporate structures to scale, sustain operations
In this Help Net Security interview, Sandy Kronenberg, CEO of Netarx, discusses how cybercriminal groups are adopting corporate structures and employee incentives to scale … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/15/sandy-kronenberg-netarx-cybercriminal-groups-corporate-structures/
-
Chief Legal Officers step up in cybersecurity oversight
In this Help Net Security video, Jennifer Chen, Executive Director of the Association of Corporate Counsel (ACC) Foundation, discusses how globally, Chief Legal Officers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/15/chief-legal-officers-cybersecurity-video/
-
Moroccan cybercrime group Atlas Lion hiding in plain sight during attacks on retailers
Researchers at Expel said a cybercrime group that specializes in gift card fraud used a novel tactic to hide its activities: signing up its own virtual machines (VMs) within a legitimate corporate cloud domain. First seen on therecord.media Jump to article: therecord.media/atlas-lion-gift-card-cybercrime-hiding-virtual-machines
-
How to find out if your AI vendor is a security risk
One of the most pressing concerns with AI adoption is data leakage. Consider this: An employee logs into their favorite AI chatbot, pastes sensitive corporate data, and asks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/10/ai-vendor-risk/
-
From likes to leaks: How social media presence impacts corporate security
From a psychological standpoint, we all crave attention, and likes and comments fuel that need, encouraging us to share even more on social media. In the corporate world, this … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/10/social-media-cybersecurity-risk-for-companies/
-
Google launches unified enterprise security platform, announces AI security agents
Cloud security enhancements: The Google Cloud Platform (GCP) Security Command Center will gain new capabilities for protecting cloud workloads, especially those related to AI model use.Model Armor, a feature that’s part of GCP’s existing AI Protection service, will allow customers to apply content safety and security controls to prompts that are sent to self-hosted AI…
-
Boards Urged to Follow New Cyber Code of Practice
The British government has launched a new code of practice designed to boost corporate cyber governance First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bords-urged-follow-new-cyber-code/
-
23andMe Data Breach: A Wake-Up Call for Consumer Privacy and Corporate Accountability
In recent months, the fallout from the 23andMe data breach has offered a sobering reminder of the real-world implications of poor data security”, and the profound responsibility companies bear when entrusted with sensitive consumer information. In October 2023, 23andMe, one of the most well-known consumer genetic testing companies, disclosed a significant breach that affected nearly…