Tag: corporate
-
Corporate Layoffs Put Company IP at Risk
With corporate layoffs and government workforce reductions frequently making headlines, leaders often underestimate the potential for massive data loss and intellectual property liability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/corporate-layoffs-put-company-ip-at-risk/
-
BSidesLV24 HireGround Behavioral Interviewee-ing: Inverting the Corporate Interview to Get You Hired
Author/Presenter: Jason Fredrickson Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/bsideslv24-hireground-behavioral-interviewee-ing-inverting-the-corporate-interview-to-get-you-hired/
-
Veterans are an obvious fit for cybersecurity, but tailored support ensures they succeed
Security is built into just about any military role: “Veterans make great cybersecurity specialists, because they’ve had security-focused roles, whether physical or information security, no matter what branch of the service they were in,” says Bryan Radliff, a 31-year veteran of the US Army who now serves as the CyberVets program manager in the Onward…
-
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling
Double-oh-sh… First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/deel_rippling_espionage/
-
Exploited: Critical Unauthenticated Access Vulnerability in CrushFTP (CVE-2025-2825)
In the ever-evolving landscape of web application vulnerabilities, a new critical flaw has emerged. CVE-2025-2825 is a high-severity vulnerability that allows attackers to bypass authentication on CrushFTP servers. This popular enterprise file transfer solution is often used in corporate environments to manage sensitive data, making this vulnerability particularly concerning. Attackers are actively exploiting this flaw……
-
North Korea IT Workers Expand Their Employment Across Europe To Infiltrate the Company Networks
North Korean IT workers have intensified their global operations, expanding their employment footprint across Europe to infiltrate corporate networks and generate revenue for the regime. According to the latest report by Google Threat Intelligence Group (GTIG), these workers pose as legitimate remote employees, leveraging advanced technical skills and deceptive tactics to gain access to sensitive…
-
Hackers Exploit Microsoft Teams Messages to Deliver Malware
Tags: attack, corporate, credentials, cyber, cybersecurity, defense, exploit, hacker, malicious, malware, microsoft, powershell, tactics, vulnerabilityCybersecurity experts have uncovered a new malware campaign targeting Microsoft Teams users to infiltrate corporate systems. By exploiting the platform’s communication vulnerabilities and leveraging malicious PowerShell scripts, attackers bypassed traditional defenses, delivering malware capable of stealing credentials and establishing persistent backdoors. The attack demonstrates an alarming evolution in malware delivery tactics through trusted collaboration platforms.…
-
Infostealer malware poses potent threat despite recent takedowns
How CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
How to create an effective crisis communication plan
Tags: access, business, ciso, cloud, communications, corporate, cyber, cyberattack, cybersecurity, data, email, group, incident, incident response, infrastructure, mobile, monitoring, network, phone, risk, strategy, toolA crisis communications plan optimally prepares the company for all possible crisis scenarios. This includes clear rules of conduct and communication, prepared content, and secure communication channels and tools.Internet monitoring shows how the crisis is perceived in social networks and the media. Reputation-damaging publications can be identified early, and countermeasures can be initiated.Good communication in day-to-day business…
-
Mercenary Hacking Group Appears to Embrace Ransomware
Highly Targeted Ransomware Hit Traced to Long-Running Cyberespionage Group. A stealthy group of mercenary hackers active since 2018 appears to have diversified into hitting hypervisors with ransomware via highly targeted attacks. Researchers said they tracked the hit to a corporate espionage team tracked as RedCurl. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mercenary-hacking-group-appears-to-embrace-ransomware-a-27834
-
RedCurl cyberspies create ransomware to encrypt Hyper-V servers
A threat actor named ‘RedCurl,’ known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/redcurl-cyberspies-create-ransomware-to-encrypt-hyper-v-servers/
-
Legal impact on cybersecurity in 2025: new developments and challenges in the EU
Tags: 5G, authentication, compliance, corporate, cybersecurity, dora, finance, framework, fraud, identity, law, network, regulation, resilience, risk, service, strategy, technology, theftDORA Regulation: digital operational resilience in the financial sector: Regulation 2022/2554 (DORA) focuses on increasing the “Digital Operational Resilience” of financial institutions. Approved on 14 December 2022, DORA seeks to strengthen the security and robustness of financial sector entities’ information systems, with the aim of reducing technological risks and cyberthreats.As mentioned, DORA is applicable to…
-
Digital Deception: Kubient CEO Sentenced for $1.3 Million Fraud Scheme
In a case underscoring the dangers of deceptive corporate practices in the tech world, Paul Roberts, the founder First seen on securityonline.info Jump to article: securityonline.info/digital-deception-kubient-ceo-sentenced-for-1-3-million-fraud-scheme/
-
CISOs are taking on ever more responsibilities and functional roles has it gone too far?
Tags: ai, business, cio, ciso, cloud, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, framework, fraud, governance, healthcare, infosec, intelligence, international, Internet, jobs, law, mitigation, nist, privacy, regulation, resilience, risk, risk-management, service, skills, software, supply-chain, technology, threatth century alongside technology and internet-enabled threats, morphing to meet the demands of the moment. But the position hasn’t just matured; in many cases it has expanded, taking on additional domains.”The CISO role has expanded significantly over the years as companies realize that information security has a unique picture of what is going on across…
-
11 hottest IT security certs for higher pay today
Tags: access, attack, automation, business, cloud, container, control, corporate, credentials, cyber, cybersecurity, data, defense, encryption, exploit, finance, fortinet, google, governance, incident response, infosec, intelligence, Internet, jobs, linux, malicious, malware, monitoring, network, penetration-testing, remote-code-execution, resilience, reverse-engineering, risk, risk-assessment, risk-management, skills, software, technology, threat, tool, training, vulnerability, windowsOffensive Security Certified Expert (OSCE): OffSec’s Offensive Security Certified Expert consists of three courses: Advanced Web Attacks and Exploitation, Advanced Evasion Techniques and Breaching Defenses, and Windows User Mode Exploit Development. The format for each course exam is the same: Candidates have 48 hours to compromise a given target using various techniques. No formal prerequisites exist for any of the…
-
Choosing the Right Cloud Security Provider: Five Non-Negotiables for Protecting Your Cloud
Tags: attack, business, cloud, control, corporate, data, infrastructure, intelligence, jobs, risk, service, strategy, technology, threat, vulnerabilityProtecting your cloud environment for the long term involves choosing a security partner whose priorities align with your needs. Here’s what you need to know. As organizations embrace multi-cloud and hybrid environments, the complexity of securing that landscape increases. However, the overlooked risks may not come solely from threat actors. Choosing a security provider that…
-
Mobile Jailbreaks Exponentially Increase Corporate Risk
Both Android devices and iPhones are 3.5 times more likely to be infected with malware once broken and 250 times more likely to be totally compromised, recent research shows. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/mobile-jailbreaks-corporate-risk
-
News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk
Austin, TX, Ma. 19, 2025, CyberNewswire, The average corporate user now has 146 stolen records linked to their identity, an average 12x increase from previous estimates, reflecting a surge in holistic identity exposures. SpyCloud, the leading identity threat… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/news-alert-spycloud-study-shows-darknet-identity-exploitation-arising-to-become-a-primary-cyber-risk/
-
Google buys cloud security provider Wiz for $32 billion
The purchase is the biggest such deal in Google’s history and also the largest corporate acquisition overall this year. First seen on therecord.media Jump to article: therecord.media/google-buys-cloud-security-provider-wiz
-
7 misconceptions about the CISO role
Tags: api, attack, breach, business, ceo, ciso, compliance, control, corporate, cyber, cyberattack, cybersecurity, defense, exploit, finance, firewall, governance, infrastructure, insurance, jobs, network, password, phishing, resilience, risk, risk-assessment, risk-management, saas, software, startup, strategy, technology, threat, tool, training, update, vulnerabilityKatie Jenkins, EVP and CISO, Liberty Mutual Insurance Liberty Mutual InsuranceThe field is changing so rapidly, Jenkins adds, she needs to commit time to keeping up on research and connecting with other CISOs for knowledge exchange.In addition to securing infrastructure, an effective CISO focuses on securing the business, experts say. This requires understanding how security…
-
Boards Challenged to Embrace Cybersecurity Oversight
Integrating Cyber Risk into Business Risk Decisions Cybersecurity failures are now business risks that CEOs and Boards must own. The world of business owners, investors, and their representatives are collectively realizing the potentially catastrophic impacts of cybersecurity incidents if not incorporated into the strategic management of the most senior business leadership. Many regulatory bodies, insurance…
-
Developer Pleads Guilty to Injecting Malware and Crippling Company Systems
In a stunning case of corporate sabotage, a former software developer for Eaton Corp., Davis Lu, 55, of Houston, has been found guilty by a jury of intentionally damaging the company’s internal computer systems. This malicious act occurred after his work responsibilities were reduced in 2018. The verdict was delivered after a six-day trial in…
-
CISOs and CIOs forge vital partnerships for business success
Tags: advisory, ai, attack, breach, business, ceo, cio, ciso, cloud, communications, corporate, cybersecurity, data, data-breach, finance, firewall, framework, ibm, infrastructure, resilience, risk, risk-management, service, strategy, technology, threatVikram Nafde, EVP and CIO, Webster Bank Webster BankAs is the case at many companies, Webster Bank’s CISO Patty Voight reports into the CIO. While there is a direct line between the executive functions, Nafde says the structure is collaborative, not hierarchical, a significant evolution as the intensity of threats escalate, raising the bar for…
-
Beware of Trojanized Apps: EncryptHub Targets Cryptocurrency Wallets and Corporate Networks
A newly cybercriminal entity, EncryptHub, has gained attention from multiple threat intelligence teams, including Outpost24’s KrakenLabs. Their latest First seen on securityonline.info Jump to article: securityonline.info/beware-of-trojanized-apps-encrypthub-targets-cryptocurrency-wallets-and-corporate-networks/
-
Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies
A data breach suffered by the Japanese telecom giant NTT exposed information of nearly 18,000 corporate customers. Japanese telecom giant NTT suffered a data breach that exposed information of nearly 18,000 corporate customers. On February 5th, the security team detected suspicious activity in its ‘Order Information Distribution System,’ and immediately restricted access to device A.…