Tag: risk
-
2025 CSO Hall of Fame honorees
Tags: ceo, cio, ciso, corporate, cybersecurity, finance, google, group, infrastructure, international, jobs, risk, risk-management, sans, technologyMeg Anderson, VP & CISO (retired), Principal Financial Group Bob Bruns, CISO, Avanade Jonathan Chow, CISO, Genesys Mignona Cote, CISO, Infor Laura Deaner, Managing Director, CISO, The Depository Trust & Clearing Corporation (DTCC) George Finney, CISO, University of Texas System Michael Gordon, SVP & CISO, McDonald’s Ron Green, Cybersecurity Fellow/Former CSO, Mastercard Shawn Henry, CSO, CrowdStrike Todd Lukens, SVP, Security & Infrastructure, Nationwide Rishi Tripathi,…
-
Software vulnerabilities pile up at government agencies, research finds
A Veracode report reveals that government networks have accumulated years of unresolved security flaws, putting them at serious risk of exploitation. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/software-vulnerabilities-government-agencies/750549/
-
Google Releases Android 16: What’s New and What’s Missing
Android 16 debuts with smarter notifications, improved hearing aid support, and advanced security tools for high-risk users. It’s rolling out now to Pixel devices. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-16-launch-notifications-security/
-
Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks
GitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity vulnerabilities that could allow attackers to take over user accounts, inject malicious code, and disrupt services. The new versions”, 18.0.2, 17.11.4, and 17.10.8 for both Community Edition (CE) and Enterprise Edition (EE)”, contain critical fixes, and administrators are strongly advised to…
-
Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks
The 16 other flagged issues are on customers, says CRM giant First seen on theregister.com Jump to article: www.theregister.com/2025/06/11/salesforce_cves_misconfigs/
-
New Cybersecurity Executive Order: What You Need To Know
Tags: ai, cisa, cloud, communications, compliance, computing, control, cyber, cybersecurity, data, defense, detection, encryption, exploit, fedramp, framework, government, identity, incident response, infrastructure, Internet, iot, network, office, privacy, programming, resilience, risk, service, software, supply-chain, technology, threat, update, vulnerability, vulnerability-management, zero-trustA new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development. On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces…
-
AI is Redefining Cyber Risk Quantification: Here’s What Every CISO Needs to Know
For years, security leaders have been stuck in a reporting loop: patch volumes, CVSS scores, and red-yellow-green dashboards. These are useful”¦ until they hit the boardroom. That’s when things fall apart. “What does a CVSS score of 9.8 mean for our revenue?” “How exposed are we to real-world loss?” “How much should we budget for……
-
AI is Redefining Cyber Risk Quantification: Here’s What Every CISO Needs to Know
For years, security leaders have been stuck in a reporting loop: patch volumes, CVSS scores, and red-yellow-green dashboards. These are useful”¦ until they hit the boardroom. That’s when things fall apart. “What does a CVSS score of 9.8 mean for our revenue?” “How exposed are we to real-world loss?” “How much should we budget for……
-
Windows Common Log File System Driver Flaw Allows Attackers to Escalate Privileges
Microsoft addressed a critical security flaw (CVE-2025-32713) in the Windows Common Log File System (CLFS) driver during its June 2025 Patch Tuesday. The heap-based buffer overflow vulnerability enables local attackers to escalate privileges to SYSTEM-level access, posing significant risks to enterprise environments. Anatomy of CVE-2025-32713 The vulnerability stems from improper memory handling in the CLFS…
-
APIContext Releases Guide to Enterprise API Readiness for Autonomous AI Agents
In 2025, agentic AI has rapidly moved from theoretical promise to real-world implementation, reshaping the digital infrastructure of enterprises worldwide. These autonomous systems, capable of making decisions, initiating actions, and interacting with APIs at machine speed, are unlocking extraordinary efficiencies across industries. But with innovation comes risk and with that in mind, APIContext have today…
-
Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers
Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025 Patch Tuesday updates, posing significant risks to organizations and individuals who depend on the widely used productivity software. The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, each received a CVSS v3.1 base score of…
-
Ganzheitliches Risikomanagement – Was ist Enterprise Risk Management?
First seen on security-insider.de Jump to article: www.security-insider.de/was-ist-erm-enterprise-risk-management-a-95772b2efb270802d7a6c2d60231c13e/
-
Reiseportale schützen Kunden nicht ausreichend vor EBetrug
Eine aktuelle Studie deckt auf: Die Mehrheit der großen deutschen Online-Reiseanbieter schützt ihre Kunden kaum vor E-Mail-Betrug. Mit fehlender oder unzureichender E-Mail-Authentifizierung setzen sie Urlauber einem erheblichen Risiko aus gerade in der Hauptbuchungszeit. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/reiseportale-e-mail-betrug
-
Salesforce Industry Cloud Hit by 20 Vulnerabilities Including 0days
AppOmni research reveals over 20 security vulnerabilities, including zero-days, in the Salesforce Industry Cloud. Learn about critical risks, customer responsibilities, and how to protect sensitive data. First seen on hackread.com Jump to article: hackread.com/salesforce-industry-cloud-20-vulnerabilities-0days/
-
CoreDNS Vulnerability Allows Attackers to Exhaust Server Memory via Amplification Attack
A high-severity vulnerability (CVE-2025-47950) in CoreDNS’s DNS-over-QUIC (DoQ) implementation enables remote attackers to crash DNS servers through stream amplification attacks. Patched in v1.21.2, this flaw highlights risks in modern protocol adoption for cloud-native systems Goroutine Proliferation in DoQ Implementation The vulnerability stems from CoreDNS’s handling of QUIC streams in its server_quic.go component. For every incoming…
-
Cyber Bill at risk of becoming a missed opportunity, say MPs
An APPG report warns that the government’s flagship cyber security legislation is too narrow in its scope and risks missing opportunities to embed resilience at the heart of the British economy First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625838/Cyber-Bill-at-risk-of-becoming-a-missed-opportunity-say-MPs
-
Apache CloudStack Flaw Allows Attackers to Execute Privileged Actions
Apache CloudStack, a leading open-source cloud management platform, has announced the immediate availability of new Long-Term Support (LTS) releases”, version 4.19.3.0 and 4.20.1.0″, to address multiple critical security vulnerabilities. The advisory, published by PMC member Pearl Dsilva on June 10, 2025, highlights five distinct vulnerabilities, two of which are rated critical and pose significant risks…
-
How IP Geolocation Enhances Password Security
Discover how IP geolocation strengthens password security by detecting suspicious login attempts, reducing fraud risks, and enhancing user authentication. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/how-ip-geolocation-enhances-password-security/
-
8 things CISOs have learned from cyber incidents
Tags: apt, attack, authentication, backup, breach, business, ciso, compliance, cyber, data, defense, detection, endpoint, exploit, incident, incident response, infection, insurance, jobs, malicious, malware, metric, network, ransom, ransomware, RedTeam, risk, skills, tool, training, update, virus, vulnerability, vulnerability-management, zero-trust2. You’ll need shift from defense to offence: The role and the CISO won’t be the same after an incident.”My job on December 11 was very different from my job on December 12 and beyond, says Brown.Following an incident, some organizations need to change to such an extent that they need a different CISO with…
-
Insyde UEFI Flaw Enables Digital Certificate Injection via NVRAM Variable
A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. Dubbed Hydroph0bia, this flaw enables pre-boot execution of unsigned code, posing severe risks to enterprise and consumer devices. Insecure NVRAM Variable Handling The vulnerability stems from the improper use…
-
Is attacker laziness enabled by genAI shortcuts making them easier to catch?
Tactics of attackers: The OpenAI report, published in June, detailed a variety of defenses the company has deployed against fraudsters. One, for example, involved bogus job applications.”We identified and banned ChatGPT accounts associated with what appeared to be multiple suspected deceptive employment campaigns. These threat actors used OpenAI’s models to develop materials supporting what may…
-
How to Get a Clearer Picture of Vendor Risk
Experts Call for Continuous Assessments of Vendor Risk – Not Just at Onboarding. As vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they’re onboarded. But organizations often focus too heavily on upfront vetting of vendors and fail to track how their risk profiles may…
-
Behavior Data Now Key to Cyber Risk Posture
Frost & Sullivan’s Stahnke on How Human Risk Insights Drive Better Threat Response. Legacy cybersecurity training often fails because users skip the content or treat it as a compliance task. Forward-looking organizations now recognize that human behavior is a critical piece of their security posture, said Claudio Stahnke, industry analyst at Frost & Sullivan. First…
-
GuidePoint Security Launches Incident Response Maturity Assessment to Help Organizations Reduce Cyber Risk
First seen on scworld.com Jump to article: www.scworld.com/news/guidepoint-security-launches-incident-response-maturity-assessment-to-help-organizations-reduce-cyber-risk
-
IoT and Cloud Systems Face Escalating Cyber Risks Amid Global Instability
Insights on the Expanding Threat Landscape from AWS and Deloitte. As geopolitical tensions rise, companies face an expanding threat landscape – particularly through IoT and OT vulnerabilities that leave cloud infrastructures at risk, said PJ Hamlen at Amazon Web Services, and Julie Bernard at Deloitte & Touche LLP. First seen on govinfosecurity.com Jump to article:…