Tag: corporate
-
What does aligning security to the business really mean?
Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
-
What does aligning security to the business really mean?
Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
-
What does aligning security to the business really mean?
Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
-
Knee-jerk corporate responses to data leaks protect brands like Qantas, but consumers are getting screwed
When courts ban people from accessing leaked data as happened after the recent Qantas data breach only hackers and scammers win<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>It’s become the playbook for big Australian companies that have customer data stolen in a cyber-attack: call in the lawyers and get…
-
Akira Ransomware Strikes Apache OpenOffice, Allegedly Exfiltrates 23GB of Data
The notorious Akira ransomware gang announced on October 29, 2025, that it successfully penetrated the systems of Apache OpenOffice, claiming to have exfiltrated a staggering 23 gigabytes of sensitive corporate data. The group posted details on its dark web leak site, threatening to release the stolen information unless a ransom demand is met. This incident…
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems
The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick.The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month,…
-
Yubico bolsters APAC presence, touts device subscriptions
Yubico is moving beyond one-off product sales, hiring local teams in Singapore and pitching its subscription service to help enterprises secure employee access to corporate networks and applications First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366633872/Yubico-bolsters-its-APAC-presence-touts-device-subscriptions
-
Shadow AI: New ideas emerge to tackle an old problem in new form
Shadow AI is the second-most prevalent form of shadow IT in corporate environments, 1Password’s latest annual report has revealed. Based on a survey of over 5,000 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/31/shadow-ai-advice-solutions/
-
Proton trains new service to expose corporate infosec cover-ups
Service will tell on compromised organizations, even if they didn’t plan on doing so themselves First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/proton_data_breach_observatory/
-
Proton trains new service to expose corporate infosec cover-ups
Service will tell on compromised organizations, even if they didn’t plan on doing so themselves First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/proton_data_breach_observatory/
-
Typo hackers sneak cross-platform credential stealer into 10 npm packages
Payload for IP fingerprinting and credential theft: Once the fake CAPTCHA interaction occurs, the installer sends the victim’s IP address to the attacker’s server, a step that allows tracking, geofencing, and exclusion of unwanted targets.It then downloads the payload from the same host, which is a 24 MB Pyinstaller-packed application that contains hundreds of thousands…
-
Tips for CISOs switching between industries
Understand and demonstrate achieved results: Making the jump into a new industry isn’t about matching past job titles but about proving you can create impact in a new context. DiMarco says the key is to demonstrate relevance early.”When I pitch a candidate, I explain what they did, how they did it, and what their impact…
-
Hackers Hijack Corporate XWiki Servers for Crypto Mining
Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers. First seen on hackread.com Jump to article: hackread.com/hackers-hijack-xwiki-servers-crypto-mining/
-
Hackers Hijack Corporate XWiki Servers for Crypto Mining
Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers. First seen on hackread.com Jump to article: hackread.com/hackers-hijack-xwiki-servers-crypto-mining/
-
Hackers Hijack Corporate XWiki Servers for Crypto Mining
Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers. First seen on hackread.com Jump to article: hackread.com/hackers-hijack-xwiki-servers-crypto-mining/
-
AI adoption outpaces corporate governance, security controls
Security and business leaders warn that companies are accelerating their use of agentic AI beyond the ability to maintain proper guardrails.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-corporate-governance-security-controls/804087/
-
Security for AI: A Practical Guide to Enforcing Your AI Acceptable Use Policy
Tags: access, ai, awareness, best-practice, business, chatgpt, compliance, control, corporate, data, data-breach, disinformation, finance, governance, government, guide, intelligence, LLM, malicious, monitoring, openai, privacy, regulation, risk, service, strategy, technology, threat, tool, training, update, vulnerabilityAn AI acceptable use policy can help your organization mitigate the risk of employees accidentally exposing sensitive data to public AI tools. Benchmark your organization’s policy against our best practices and discover how prompt-level visibility from Tenable AI Exposure eases policy enforcement. Key takeaways: An AI acceptable use policy governs the appropriate use of generative…
-
Copilot diagrams could leak corporate emails via indirect prompt injection
The bigger threat of indirect prompt injection: The incident underscores that the risk goes beyond simple “prompt injection,” where a user types malicious instructions directly into an AI. Here, the attacker hides instructions inside document content that gets passed into the assistant without the user’s awareness. Logue described how the hidden instructions use progressive task…
-
Copilot diagrams could leak corporate emails via indirect prompt injection
The bigger threat of indirect prompt injection: The incident underscores that the risk goes beyond simple “prompt injection,” where a user types malicious instructions directly into an AI. Here, the attacker hides instructions inside document content that gets passed into the assistant without the user’s awareness. Logue described how the hidden instructions use progressive task…
-
Step aside, SOC. It’s time to ROC
Tags: attack, breach, business, communications, corporate, cyber, cybersecurity, data, defense, exploit, finance, framework, government, infrastructure, insurance, intelligence, military, monitoring, network, resilience, risk, risk-assessment, soc, strategy, threat, vpn, vulnerability, zero-dayWhat is a ROC?: At its core, the Resilience Risk Operations Center (ROC) is a proactive intelligence hub. Think of it as a fusion center in which cyber, business and financial risk come together to form one clear picture.While the idea of a ROC isn’t entirely new, versions of it have existed across government and…
-
Step aside, SOC. It’s time to ROC
Tags: attack, breach, business, communications, corporate, cyber, cybersecurity, data, defense, exploit, finance, framework, government, infrastructure, insurance, intelligence, military, monitoring, network, resilience, risk, risk-assessment, soc, strategy, threat, vpn, vulnerability, zero-dayWhat is a ROC?: At its core, the Resilience Risk Operations Center (ROC) is a proactive intelligence hub. Think of it as a fusion center in which cyber, business and financial risk come together to form one clear picture.While the idea of a ROC isn’t entirely new, versions of it have existed across government and…
-
Do CISOs need to rethink service provider risk?
Tags: access, ai, breach, ciso, compliance, control, corporate, cyber, cybersecurity, data, framework, governance, group, guide, incident, incident response, ISO-27001, penetration-testing, risk, risk-assessment, risk-management, service, soc, technology, threat, tool, training, update, vulnerabilityShould risk assessment be about questionnaires or conversation?: David Stockdale, director of cybersecurity at the University of Queensland (UQ), needs services providers to understand the make-up and complexity of a higher education institution.”Because of the size and research intensity of the university, we tend to build a lot in-house. Where we do use service providers,…
-
Do CISOs need to rethink service provider risk?
Tags: access, ai, breach, ciso, compliance, control, corporate, cyber, cybersecurity, data, framework, governance, group, guide, incident, incident response, ISO-27001, penetration-testing, risk, risk-assessment, risk-management, service, soc, technology, threat, tool, training, update, vulnerabilityShould risk assessment be about questionnaires or conversation?: David Stockdale, director of cybersecurity at the University of Queensland (UQ), needs services providers to understand the make-up and complexity of a higher education institution.”Because of the size and research intensity of the university, we tend to build a lot in-house. Where we do use service providers,…
-
OpenAI goes after Microsoft 365 Copilot’s lunch with ‘company knowledge’ feature
ChatGPT can now rummage through corporate files via connectors, though Redmond still has the deeper hooks First seen on theregister.com Jump to article: www.theregister.com/2025/10/24/openai_chatgpt_company_knowledge/