Collecting Cyber-News from over 60 sources

Tag: governance

Don’t Overlook These 6 Critical Okta Security Configurations

Feb 10, 2025 1:37 PM

Tags: governance, identity, infrastructure, monitoring, okta

Given Okta’s role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture.With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for…
Snoopers’ Charter: Großbritannien will Zugriff auf iCloud-Backups weltweit

Feb 8, 2025 2:06 PM

Tags: access, apple, backdoor, backup, governance, government

Die britische Regierung verpflichtet Apple, eine Backdoor für verschlüsselte iCloud-Backups von Nutzern weltweit einzurichten. First seen on golem.de Jump to article: www.golem.de/news/snoopers-charter-grossbritannien-will-zugriff-auf-icloud-backups-weltweit-2502-193159.html
French AI Action Summit, What Can We Expect?

Feb 8, 2025 5:06 AM

Tags: ai, ceo, google, governance, open-source, openai

Summit to Focus on Open-Source, AI Governance and Development. The historic presidential Ã‰lysÃ©e Palace in Central Paris will host world leaders, tech CEOs and researchers for the French AI Action Summit, a two-day event that will commence on Monday. U.S. Vice President JD Vance, OpenAI CEO Sam Altman and Google’s Sundar Pichai will be on…
ISMG Editors: AI Security Wake-Up Call From DeepSeek

Feb 7, 2025 9:06 PM

Tags: ai, api, ciso, data, data-breach, governance, leak, open-source, risk, risk-management, vulnerability

Also: Addressing AI Vulnerabilities and Governance Challenges. DeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes. First seen on govinfosecurity.com Jump…
CIOs and CISOs grapple with DORA: Key challenges, compliance complexities

Feb 7, 2025 9:06 AM

Tags: access, automation, banking, business, cio, ciso, communications, compliance, control, country, cyber, cybersecurity, data, dora, finance, framework, GDPR, governance, jobs, law, monitoring, network, nis-2, penetration-testing, privacy, regulation, resilience, risk, risk-management, service, skills, supply-chain, technology, threat, tool, training, vulnerability

In force since January, the Digital Operational Resilience Act (DORA) has required considerable effort from CIOs and CISOs at 20 types of financial entities to achieve compliance. For many, the journey is not complete.”In the past months, financial entities targeted by DORA have been busy internally defining roles and responsibilities related to ICT security, identifying…
21% of CISOs pressured to not report compliance issues

Feb 6, 2025 10:06 AM

Tags: awareness, breach, business, ceo, ciso, compliance, control, corporate, cybersecurity, data, dora, finance, framework, governance, incident response, infrastructure, insurance, law, nis-2, regulation, resilience, risk, security-incident, training

CISOs are increasingly getting caught between business pressures and regulatory obligations, leaving them struggling to balance corporate loyalty and legal accountability.To wit: One in five (21%) security leaders have been pressured by other executives or board members not to report compliance issues at their companies, according to a recent study by security vendor Splunk.The same…
Are You Ready to Comply With the EU AI Act?

Feb 4, 2025 8:12 PM

Tags: ai, governance, risk

OneTrust’s Ojas Rege Details Act Requirements, AI Governance Challenges. The first set of rules banning high-risk AI systems under the European Union AI Act went into effect on Sunday. Starting this week, companies are now barred from deploying AI-driven emotion recognition in the workplace and schools. OneTrust’s Ojas Rege discusses the implications. First seen on…
Musk’s DOGE effort could spread malware, expose US systems to threat actors

Feb 4, 2025 10:12 AM

Tags: access, ai, api, attack, authentication, ceo, cio, computer, computing, control, cyber, cybercrime, cybersecurity, data, defense, email, exploit, governance, government, hacking, infection, infosec, international, jobs, malicious, malware, network, office, privacy, ransomware, risk, service, technology, threat, tool

Over the past 10 days, an astonishing series of actions by Elon Musk via his Department of Government Efficiency (DOGE) project has elevated the cybersecurity risk of some of the most sensitive computing systems in the US government. Musk and his team of young, inexperienced engineers, at least one of whom is not a US…
Hacker nutzen Google Gemini zur Verstärkung von Angriffen

Feb 3, 2025 1:12 PM

Tags: access, ai, apt, chatgpt, ciso, cyber, cyberattack, ddos, framework, google, governance, government, group, hacker, intelligence, LLM, microsoft, military, north-korea, openai, phishing, threat, tool, vulnerability, zero-day
Why API Security is Essential for the Hospitality Sector: Safeguarding Your Guests and Your Rewards

Jan 29, 2025 8:36 PM

Tags: ai, api, attack, authentication, breach, business, credit-card, cyber, data, exploit, finance, firewall, flaw, governance, hacker, mobile, phone, risk, threat, vulnerability, waf

Trust is the cornerstone of the hospitality industry. Guests rely on you to safeguard their personal data, payment information, and loyalty rewards. However, in today’s digital landscape, this trust faces constant risks. APIs, which serve as the unseen connections among various systems and applications, are particularly vulnerable to cyber threats. A single flaw can compromise…
Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

Jan 29, 2025 4:36 PM

Tags: access, ai, application-security, attack, best-practice, business, ciso, cloud, compliance, computing, control, cybersecurity, data, detection, finance, framework, google, governance, guide, infrastructure, injection, intelligence, lessons-learned, malicious, microsoft, mitigation, monitoring, office, openai, penetration-testing, privacy, risk, risk-assessment, risk-management, skills, software, strategy, supply-chain, technology, theft, threat, tool, training, unauthorized, vulnerability

[written together with Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud; originally posted here] In 2024, we shared our insights on how to approach generative AI securely by exploring the fundamentals of this innovative technology, delving into key security terms, and examining the essential policies needed for AI governance. We also discussed…
5 ways boards can improve their cybersecurity governance

Jan 28, 2025 11:36 PM

Tags: attack, breach, business, ciso, cloud, cyber, cybersecurity, data, election, endpoint, finance, gartner, governance, government, group, identity, incident, india, infrastructure, jobs, middle-east, network, ransomware, regulation, risk, skills, technology, threat, training

As chairman of the board for Cinturion Group, Richard Marshall is intimately involved in ensuring the security of the fiber optic network his company is constructing from India through the Middle East and on to Europe.The monumental Trans Europe Asia System (TEAS) will be difficult enough to build given it will be buried beneath thousands…
API Supply Chain Attacks, The Sky’s the Limit

Jan 28, 2025 6:36 PM

Tags: access, api, attack, authentication, awareness, business, control, credentials, credit-card, data, defense, email, endpoint, exploit, flaw, GDPR, governance, jobs, login, malicious, mobile, penetration-testing, phone, programming, risk, service, supply-chain, technology, unauthorized, vulnerability

Account takeover of a third-party service provider may put millions of airline users worldwide at risk. Summary Salt Labs has identified an account takeover vulnerability in a popular online top-tier travel service for hotel and car rentals. The service is integrated into dozens of commercial airline online services and allows airline users to add hotel…
Data Privacy Day 2025: A Chance to Take Control of Your Data

Jan 27, 2025 3:03 PM

Tags: access, ai, awareness, business, cloud, compliance, control, country, data, encryption, governance, law, password, privacy, regulation, service, software, strategy, technology, tool

Data Privacy Day 2025: A Chance to Take Control of Your Data madhav Mon, 01/27/2025 – 09:19 Trust is the cornerstone of every successful relationship between businesses and their customers. On this Data Privacy Day, we reflect on the pivotal role trust plays in the digital age. It’s earned not just through excellent products or…
CISOs’ top 12 cybersecurity priorities for 2025

Jan 27, 2025 11:03 AM

Tags: access, ai, api, attack, authentication, automation, awareness, business, cio, ciso, cloud, compliance, control, corporate, cybersecurity, data, detection, framework, governance, identity, incident response, infrastructure, intelligence, jobs, mitigation, monitoring, mssp, oracle, penetration-testing, privacy, risk, risk-management, service, strategy, technology, threat, training, usa, zero-trust

Security chief Andrew Obadiaru’s to-do list for the upcoming year will be familiar to CISOs everywhere: advance a zero-trust architecture in the organization; strengthen identity and access controls as part of that drive; increase monitoring of third-party risks; and expand the use of artificial intelligence in security operations.”Nothing is particularly new, maybe AI is newer,…
Automating endpoint management doesn’t mean ceding control

Jan 23, 2025 6:22 PM

Tags: ai, automation, business, compliance, control, cybersecurity, data, endpoint, governance, intelligence, ml, risk, security-incident, skills, threat, tool, vulnerability

Beset with cybersecurity risks, compliance regimes, and digital experience challenges, enterprises need to move toward autonomous endpoint management (AEM), the next evolution in endpoint management and security solutions. CSO’s Security Priorities Study 2024 reveals that 75% of security decision-makers say that understanding which security tools and solutions fit best within their company is becoming more complex. Many are…
Operationalizing MITRE ATLAS to Defend Against Attacks on AI

Jan 23, 2025 6:22 PM

Tags: ai, attack, business, conference, cybersecurity, governance, mitre, risk
Treasury Department Breach: A Crucial Reminder for API Security in the Public Sector

Jan 23, 2025 6:22 PM

Tags: access, ai, api, application-security, attack, authentication, breach, china, cve, cyber, data, detection, exploit, finance, flaw, framework, governance, government, hacker, healthcare, infrastructure, injection, malicious, monitoring, network, programming, risk, siem, software, sql, strategy, supply-chain, threat, tool, unauthorized, vpn, vulnerability, zero-day, zero-trust

The recent cyber breach at the U.S. Treasury Department, linked to state-sponsored Chinese hackers, has set off alarm bells in the public sector. As the investigation continues, this incident reveals a pressing issue that all government agencies must confront: securing their APIs (Application Programming Interfaces). APIs are essential connections within our digital infrastructure, facilitating communication…
7 top cybersecurity projects for 2025

Jan 21, 2025 12:22 PM

Tags: access, advisory, ai, backup, best-practice, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, encryption, framework, google, governance, infrastructure, intelligence, law, mitigation, monitoring, network, resilience, risk, risk-management, service, strategy, technology, threat, tool, vulnerability

As 2025 dawns, CISOs face the grim reality that the battle against cyberattackers never ends. Strong and carefully planned cybersecurity projects are the best way to stay a step ahead of attackers and prevent them gaining the upper hand.”Urgency is the mantra for 2025,” says Greg Sullivan, founding partner of cybersecurity services firm CIOSO Global.…
Sicherheitsrisiko: USA verbieten vernetzte Fahrzeuge aus China und Russland

Jan 15, 2025 2:02 PM

Tags: china, governance, government, usa

Kurz vor dem Amtsantritt von Trump beschließt die US-Regierung noch ein Verbot für vernetzte und autonome Autos aus China. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsrisikov-usa-verbieten-vernetzte-fahrzeuge-aus-china-und-russland-2501-192444.html
Sicherheitsrisikov: USA verbieten vernetzte Fahrzeuge aus China und Russland

Jan 15, 2025 1:02 PM

Tags: china, governance, government, usa

Kurz vor dem Amtsantritt von Trump beschließt die US-Regierung noch ein Verbot für vernetzte und autonome Autos aus China. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsrisikov-usa-verbieten-vernetzte-fahrzeuge-aus-china-und-russland-2501-192444.html
Fifteen Best Practices to Navigate the Data Sovereignty Waters

Jan 14, 2025 9:46 AM

Tags: access, attack, automation, awareness, backup, best-practice, breach, cloud, compliance, computer, computing, container, control, country, crypto, cybersecurity, data, encryption, governance, iam, identity, international, law, least-privilege, monitoring, network, privacy, ransomware, regulation, resilience, risk, security-incident, service, software, strategy, threat, tool, unauthorized, update, zero-trust

Fifteen Best Practices to Navigate the Data Sovereignty Waters josh.pearson@t“¦ Tue, 01/14/2025 – 08:04 Data sovereignty”, the idea that data is subject to the laws and regulations of the country it is collected or stored in”, is a fundamental consideration for businesses attempting to balance harnessing the power of data analytics, ensuring compliance with increasingly…
Redefining third-party governance and identity for the cloud-first era

Jan 14, 2025 8:46 AM

Tags: cloud, governance, identity

First seen on scworld.com Jump to article: www.scworld.com/resource/redefining-third-party-governance-and-identity-for-the-cloud-first-era
CISOs embrace rise in prominence, with broader business authority

Jan 13, 2025 11:26 AM

Tags: ai, attack, business, ceo, cio, ciso, compliance, control, corporate, cyber, cyberattack, cybersecurity, data, governance, healthcare, infrastructure, intelligence, network, privacy, regulation, risk, risk-management, security-incident, strategy, technology, threat, update

It’s a familiar refrain: As cybersecurity has become a core business priority, it is no longer a siloed operation, and the responsibilities of CISOs have grown, giving them greater prominence within the organization.According to CSO’s 2024 Security Priorities Study, 72% of security decision-makers say their role has grown to include additional responsibilities over the past…
8 Cyber Predictions for 2025: A CSO’s Perspective

Jan 10, 2025 1:18 AM

Tags: access, ai, attack, authentication, business, ceo, ciso, cloud, compliance, computing, control, credentials, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, encryption, exploit, extortion, firewall, framework, governance, group, hacker, hacking, healthcare, identity, intelligence, international, law, leak, malicious, mfa, microsoft, network, north-korea, organized, phishing, privacy, ransom, ransomware, regulation, risk, risk-management, service, social-engineering, software, strategy, supply-chain, theft, threat, tool, update, wifi, zero-trust

As we step into 2025, the cyberthreat landscape is once again more dynamic and challenging than the year before. In 2024, we witnessed a remarkable acceleration in cyberattacks of all types, many fueled by advancements in generative AI. For security leaders, the stakes are higher than ever. In this post, I’ll explore cyberthreat projections and…
Trolley Problem, Safety Versus Security of Generative AI

Jan 7, 2025 7:17 PM

Tags: ai, governance, training

The only way to advance AI safety is to increase human interactions, human values and societal governance to promote a reinforced human feedback loop, much like we do with traditional AI training methods. The post Trolley Problem, Safety Versus Security of Generative AI appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/trolley-problem-safety-versus-security-of-generative-ai/
Vorratsdatenspeicherung: Rot-Grün ist sich doch nicht einig

Jan 5, 2025 1:18 PM

Tags: governance

Wenige Tage nach einer angeblichen Einigung zur Vorratsdatenspeicherung rudert die Bundesregierung wieder zurück. Die Gespräche liefen noch, heißt es. First seen on golem.de Jump to article: www.golem.de/news/vorratsdatenspeicherung-rot-gruen-ist-sich-doch-nicht-einig-2501-192114.html
Data Breaches in the USA in December 2024: 8,172,797 People Impacted

Jan 2, 2025 5:58 PM

Tags: breach, data, data-breach, governance, office, usa

Analyzing the Maine Attorney General’s data For December 2024, IT Governance USA’s analysis of the Office of the Maine Attorney General’s data breach notifications found the following: We look at what’s reported to a regulator to help us identify significant real-world trends and patterns. We chose the Office of the Maine Attorney General as this…
6 AI-Related Security Trends to Watch in 2025

Jan 1, 2025 12:27 AM

Tags: ai, governance, privacy, tool

AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/6-ai-related-security-trends-watch-2025
Addressing Gen AI Privacy, Security Governance in Healthcare

Dec 31, 2024 7:27 PM

Tags: ai, governance, healthcare, privacy, tool

As healthcare entities embrace generative AI tools, it’s critical they take a holistic approach addressing privacy and security governance, said Dave Perry, digital workspace operations manager, St. Joseph’s Healthcare in Ontario, who discusses how his organization is tackling those challenges. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/addressing-gen-ai-privacy-security-governance-in-healthcare-i-5433