Tag: risk

Microsoft finds default Kubernetes Helm charts can expose data

May 5, 2025 9:50 PM

Tags: data, kubernetes, microsoft, risk

Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-finds-default-kubernetes-helm-charts-can-expose-data/
UK authorities warn of retail-sector risks following cyberattack spree

May 5, 2025 6:49 PM

Tags: cyberattack, risk

Three major retail brands, including Harrods and M&S, have been targeted in recent weeks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/uk-authorities-retail-risks-cyberattack/747128/
Top cybersecurity products showcased at RSA 2025

May 5, 2025 1:49 PM

Tags: access, ai, attack, automation, awareness, breach, cisco, compliance, control, crowdstrike, cyber, cybersecurity, data, defense, detection, edr, email, firewall, fortinet, framework, identity, incident response, infrastructure, injection, intelligence, login, malicious, open-source, phishing, risk, siem, soc, threat, tool, training, update, vulnerability, zero-trust

Cisco: Foundational AI Security Model: Cisco introduced its Foundation AI Security Model, an open-source framework designed to standardize safety protocols across AI models and applications. This initiative aims to address the growing concerns around AI security and ensure Safer AI deployments. Cisco also unveiled new agentic AI features in its XDR and Splunk platforms, along…
KnowBe4-Umfrage belegt: Über 90 Prozent halten Phishing-Tests für sinnvoll

May 5, 2025 1:49 PM

Tags: phishing, risk, training

Vor kurzem hat KnowBe4 unter Teilnehmern von Anti-Phishing-Trainings und -Tests eine internationale Umfrage durchgeführt. Befragt wurden Mitarbeiter aus europäischen, nordamerikanischen und afrikanischen Unternehmen. Rund 90 Prozent gaben an, Phishing-Tests für sinnvoll zu halten. Knapp 91 Prozent erklärten, dass die Tests ihr Bewusstsein für das Risiko von Phishing-Angriffen erhöht hätten. Nach wie vor sind zahlreiche Vorurteile…
Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US

May 5, 2025 12:49 PM

Tags: ceo, government, open-source, risk, russia, software, tool

The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm. First seen on wired.com Jump to article: www.wired.com/story/easyjson-open-source-vk-ties/
Security Professionals: Stay Aware of Current Events

May 5, 2025 11:49 AM

Tags: ai, ciso, defense, risk, technology

Ballistic Ventures’ Kevin Mandia on How CISOs Can Lead Through Economic Turbulence. In uncertain times, CISOs must balance people and technology, says Kevin Mandia, general partner, Ballistic Ventures. Security budgets face less risk, but efficiency is crucial. AI adoption will accelerate, vendor consolidation will strengthen defenses and SMBs may benefit from outsourcing security. First seen…
LLM-Risiken verstehen und reduzieren

May 5, 2025 10:49 AM

Tags: ai, LLM, risk

Es ist grundlegend zu verstehen, dass KI-Assistenten in aller Regel immer die gleichen Zugriffsrechte haben wie die jeweiligen Nutzer. Und diese sind in aller Regel viel zu weit gefasst. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/llm-risiken-verstehen-und-reduzieren/a40655/
12 most innovative launches at RSA 2025

May 5, 2025 8:49 AM

Tags: ai, attack, awareness, ciso, cloud, communications, compliance, control, cyber, cybersecurity, data, deep-fake, detection, email, endpoint, finance, framework, governance, healthcare, identity, insurance, intelligence, login, malicious, network, nist, open-source, openai, phishing, privacy, RedTeam, resilience, risk, risk-analysis, risk-management, saas, service, siem, social-engineering, tactics, threat, tool, training, update, zero-day, zero-trust

AuditBoard: AI governance solution: AuditBoard announced its AI governance solution, designed to help organizations accelerate AI risk management and promote responsible AI adoption. The solution is designed to streamline AI use case intake, review, and approval processes, establish a centralized repository for approved AI models, and dynamically link AI risks to vendors, assets, and controls…
CISO vs CFO: why are the conversations difficult?

May 5, 2025 8:49 AM

Tags: ai, attack, breach, business, ciso, compliance, cyber, cyberattack, cybersecurity, finance, insurance, jobs, metric, ransomware, RedTeam, risk, risk-management, saas, strategy, technology, threat, tool

might happen, which often means the best outcome is nothing happens. That’s a tough sell.”Although a single cyberattack can wipe out millions of dollars, CFOs and CISOs often approach cybersecurity from fundamentally different perspectives. Bridging this divide requires more than just better communication, it demands, as Argyle put it, a shift in mindset. The disconnect…
How CISOs can talk cybersecurity so it makes sense to executives

May 5, 2025 8:49 AM

Tags: business, ciso, cyber, cybersecurity, risk

CISOs know cyber risk is business risk. Boards don’t always see it that way.”‹ For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/05/ciso-talk-cybersecurity-executives/
Kundendaten sicher managen – Mit CIAM Kundenbindungen stärken und Datenschutz-Risiken minimieren

May 5, 2025 8:49 AM

Tags: risk

First seen on security-insider.de Jump to article: www.security-insider.de/strategien-fuer-effektives-ciam-a-84ab5fba2b0e4b27d82a12de7c2f27c4/
Zero Trust and Automation Crucial for Securing IoT Devices

May 4, 2025 6:50 PM

Tags: authentication, automation, ceo, iot, risk, zero-trust

Device Authority’s Antill on Secure-by-Design and Continuous Authentication. Many IoT devices were never designed with modern authentication – making them easy targets. Even when certificates are used for authentication, Darron Antill, CEO of Device Authority, points out that frequent expiration and limited visibility create operational and security risks over time. First seen on govinfosecurity.com Jump…
Inside the Relentless Liability Pressures Facing CISOs

May 4, 2025 4:50 PM

Tags: ciso, data, risk, supply-chain

SolarWinds CISO Tim Brown’s Case Shows Personal, Legal and Health Risks for CISOs. CISOs face tremendous stress in dealing with regulatory scrutiny and legal exposure in the wake of a data breach. SolarWinds CISO Tim Brown shares the personal and professional impact of Securities and Exchange Commission charges against him after the 2020 SolarWinds supply…
Seminar zu Generativer KI: Chancen nutzen und Risiken minimieren

May 4, 2025 12:50 AM

Tags: ai, risk

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/seminar-generative-ki-chancen-risiken
Supervisory Tech Critical to Managing Agentic AI

May 3, 2025 11:50 PM

Tags: ai, control, intelligence, risk

EMC Advisors’ Edna Conway on Minimizing Risks of Agentic AI Through Oversight. Agentic artificial intelligence has the potential to transform businesses, but Edna Conway, chief executive officer of EMC Advisors, discusses the top risks associated with agentic AI solutions and why supervisory technologies are needed to monitor and control the technology. First seen on govinfosecurity.com…
Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities

May 3, 2025 9:50 PM

Tags: apple, risk, vulnerability

Oligo Security uncovers >>AirBorne,
Balancing AI Innovation With Security

May 3, 2025 5:50 PM

Tags: ai, data, governance, resilience, risk, software

Accountability Is Key as Enterprises Adopt AI at Scale, Says Saviynt’s Jim Routh. AI governance must balance innovation with security, making it vital that organizations adopt flexible, consensus-driven approach to ensure responsible AI deployment while addressing risks such as data exposure and software resilience, said Jim Routh, chief trust officer at Saviynt. First seen on…
Red Teaming AI: Tackling New Cybersecurity Challenges

May 3, 2025 12:50 AM

Tags: access, ai, cybersecurity, RedTeam, risk, threat, tool

DistributedApps.ai’s Ken Huang on Agentic AI Risks and Threat Modeling. As AI agents gain autonomy and access dynamic tools, organizations must adopt new threat modeling approaches like mixture threat modeling, a new method that accounts for AI’s unpredictability, said Ken Huang, chief AI officer at DistributedApps.ai. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/red-teaming-ai-tackling-new-cybersecurity-challenges-a-28235
RSAC 2025: Top 5 mobile app risks revealed by half a million assessments

May 2, 2025 10:50 PM

Tags: mobile, risk

First seen on scworld.com Jump to article: www.scworld.com/news/rsac-2025-top-5-mobile-app-risks-revealed-by-half-a-million-assessments
Hackers Exploit Critical NodeJS Vulnerabilities to Hijack Jenkins Agents for RCE

May 2, 2025 10:50 PM

Tags: cyber, exploit, flaw, github, hacker, infrastructure, rce, remote-code-execution, risk, supply-chain, vulnerability

Security researchers have identified critical vulnerabilities in the Node.js CI/CD infrastructure, exposing internal Jenkins agents to remote code execution and raising the risk of supply chain attacks. These flaws stemmed from the integration and communication gaps between multiple DevOps platforms-specifically GitHub Apps, GitHub Actions workflows, and Jenkins pipelines-that collectively manage Node.js’ continuous integration processes. Exploiting…
Cybersecurity experts warn of rising AI risks

May 2, 2025 10:50 PM

Tags: ai, cybersecurity, risk

First seen on scworld.com Jump to article: www.scworld.com/brief/cybersecurity-experts-warn-of-rising-ai-risks
Cybersecurity Insights with Contrast CISO David Lindner – 05/02/25

May 2, 2025 6:50 PM

Tags: ciso, control, cybersecurity, exploit, risk, threat, vulnerability
Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud, OT, Apps and More

May 2, 2025 6:50 PM

Tags: access, ai, attack, authentication, best-practice, breach, business, cisa, ciso, cloud, computer, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, firewall, flaw, framework, government, guide, hacker, iam, identity, incident, incident response, infrastructure, injection, international, Internet, iot, kubernetes, login, mfa, microsoft, mitigation, mitre, network, nist, open-source, organized, password, phishing, programming, RedTeam, risk, risk-management, sbom, service, software, sql, supply-chain, tactics, technology, threat, tool, unauthorized, update, usa, vulnerability, vulnerability-management, windows, xss, zero-day

In this special edition of the Cybersecurity Snapshot, we’re highlighting some of the most valuable guidance offered by the U.S. Cybersecurity and Infrastructure Security Agency in the past 12 months. Check out best practices, recommendations and insights on protecting your cloud environments, OT systems, software development processes and more. In case you missed it, here’s…
Beyond Models: Securing AI’s Real-World Use

May 2, 2025 6:50 PM

Tags: ai, risk, threat, tool

Menlo Venture’s Rama Sekhar on AI Threats and Opportunities. Public attention has been focused on the dangers of large language models such as hallucinations or harmful output, but the most pressing security risks are no longer rooted in the models, but in how they are integrated with real-world tools, said Rama Sekhar, partner at Menlo…
The Cloud Illusion: Why Your Database Security Might Be at Risk

May 2, 2025 5:50 PM

Tags: cloud, risk

With the right cloud database architecture, you gain versatility as well as optimal security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/the-cloud-illusion-why-your-database-security-might-be-at-risk/
Strategien für eine sichere digitale Zukunft von der RSA

May 2, 2025 5:50 PM

Tags: ai, ciso, conference, cyberattack, cyersecurity, google, governance, government, malware, openai, phishing, resilience, risk, social-engineering, threat, tool, vulnerability

Auf der RSA Conference wurden zentrale Strategien diskutiert, wie Unternehmen KI sicher und wirkungsvoll einsetzen können.Künstliche Intelligenz (KI) wird künftig eine noch größere Rolle für CISOs spielen. Angesichts Herausforderungen wie dem Fachkräftemangel nutzen viele Unternehmen bereits KI in der Cybersicherheit. Deren sicherer und strategischer Einsatz ist jedoch komplex. Die RSA Conference in San Francisco bot…
Your graphics card’s so fat, it’s got its own gravity alert

May 2, 2025 4:50 PM

Tags: risk

Asus implements droop detector for PCIe slots as GPUs now so heavy they risk toppling out First seen on theregister.com Jump to article: www.theregister.com/2025/04/30/gpu_pcie_droop/
Statements von IT-Experten zum Koalitionsvertrag zwischen CDU/CSU und SPD

May 2, 2025 3:50 PM

Tags: germany, resilience, risk

In einer Zeit tiefgreifender geopolitischer Verwerfungen und wachsender globaler Ungewissheit steht Europa vor enormen Herausforderungen. Strategische Abhängigkeiten haben sich als Risiko für Sicherheit und Wohlstand erwiesen und erfordern ein entschlossenes Handeln. Jetzt ist es an der Europäischen Union und insbesondere an Deutschland, Verantwortung zu übernehmen, ihre Resilienz zu stärken und ihre digitale Souveränität zu festigen.…
Mehr Assets mehr Angriffsfläche mehr Risiko

May 2, 2025 12:50 PM

Tags: cyberattack, cybersecurity, germany, infrastructure, monitoring, risk, risk-management, security-incident, tool, vulnerability, vulnerability-management

Unternehmen sollten ihre Angriffsflächen genau kennen.Nur wer seine Angriffsflächen kennt, kann diese wirksam verteidigen. Was eine Binsenweisheit scheint, scheint vielen Unternehmen jedoch Probleme zu bereiten. Laut einer Umfrage des Security-Anbieters Trend Micro unter mehr als 2.000 Cybersecurity-Führungskräften mussten knapp drei Viertel (73 Prozent) von ihnen einräumen, schon einmal einen Sicherheitsvorfall erlebt zu haben, weil Assets…
CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

May 2, 2025 9:50 AM

Tags: cisa, control, cyber, cybersecurity, exploit, infrastructure, risk, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical vulnerabilities found in widely used Industrial Control Systems (ICS). Released on May 1, 2025, the advisories spotlight severe security risks affecting KUNBUS GmbH’s Revolution Pi devices and the MicroDicom DICOM Viewer, with some vulnerabilities scoring the highest possible rating for risk…