Tag: risk
-
Klassenzimmer offline Wie Cyber-Kriminelle im Zeitalter der KI das Bildungswesen angreifen
Das moderne Klassenzimmer hat sich zu einem digitalen Schulhof gewandelt, der auf Plattformen wie Microsoft-Teams, Google-Classroom oder Zoom basiert. Diese Tools fördern zwar die Zusammenarbeit und Innovation, sind aber auch bevorzugte Ziele für Cyberangriffe, insbesondere solche, die KI nutzen. Somit sind Schulen und Universitäten Risiken ausgesetzt, die Schüler, Pädagogen und sogar die nationale Innovation direkt…
-
6 novel ways to use AI in cybersecurity
Tags: access, ai, attack, authentication, business, ceo, cloud, cyberattack, cybersecurity, data, defense, detection, email, infrastructure, intelligence, malicious, malware, network, phishing, risk, service, tactics, technology, threat, tool, training2. Machine-learning generative adversarial networks: Michel Sahyoun, chief solutions architect with cybersecurity technology firm NopalCyber, recommends using generative adversarial networks (GANs) to create, as well as protect against, highly sophisticated previously unseen cyberattacks. “This technique enables cybersecurity systems to learn and adapt by training against a very large number of simulated threats,” he says.GANs allow…
-
6 novel ways to use AI in cybersecurity
Tags: access, ai, attack, authentication, business, ceo, cloud, cyberattack, cybersecurity, data, defense, detection, email, infrastructure, intelligence, malicious, malware, network, phishing, risk, service, tactics, technology, threat, tool, training2. Machine-learning generative adversarial networks: Michel Sahyoun, chief solutions architect with cybersecurity technology firm NopalCyber, recommends using generative adversarial networks (GANs) to create, as well as protect against, highly sophisticated previously unseen cyberattacks. “This technique enables cybersecurity systems to learn and adapt by training against a very large number of simulated threats,” he says.GANs allow…
-
The CISO’s guide to rolling out generative AI at scale
Tags: access, ai, best-practice, chatgpt, ciso, communications, governance, guide, jobs, lessons-learned, network, privacy, risk, technology, tool, trainingSet the stage for success Before launch, host an organization-wide lunch and learn to introduce the platform, explain the rollout’s goals, and connect the initiative to real work. This is not a marketing event; it’s an operational alignment session. Bring the vendor in to walk through the platform, show what it does, and answer questions.…
-
The CISO’s guide to rolling out generative AI at scale
Tags: access, ai, best-practice, chatgpt, ciso, communications, governance, guide, jobs, lessons-learned, network, privacy, risk, technology, tool, trainingSet the stage for success Before launch, host an organization-wide lunch and learn to introduce the platform, explain the rollout’s goals, and connect the initiative to real work. This is not a marketing event; it’s an operational alignment session. Bring the vendor in to walk through the platform, show what it does, and answer questions.…
-
Lectora Desktop and Online XSS Vulnerability Enables JavaScript Injection
A critical cross-site scripting (XSS) vulnerability affecting both Lectora Desktop and Lectora Online has been disclosed, enabling attackers to inject JavaScript through crafted URL parameters. Discovered by security researcher Mohammad Jassim and documented by the CERT® Coordination Center on September 22, 2025, this flaw poses a risk of client-side code execution, session hijacking, and user…
-
Anton’s Security Blog Quarterly Q3 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, edr, google, governance, guide, metric, office, RedTeam, risk, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify). Gemini for docs based on this blog Top 10 posts with the most…
-
TDL 005 – A Defender’s Journey: From Passion Project to Protecting Children Online
Tags: access, business, control, corporate, country, cyber, cybersecurity, data-breach, defense, dns, encryption, endpoint, finance, github, government, group, guide, identity, Internet, jobs, microsoft, network, open-source, privacy, risk, service, technology, tool, zero-trustSummary A Defender’s Journey: From Passion Project to Protecting Children Online In a recent episode of “The Defender’s Log,” host David Redekop sat down with cybersecurity expert Will Earp to discuss his unconventional path into the industry and his current mission-driven career. Earp, a self-proclaimed “tinkerer” from a young age, shared how his early fascination…
-
AI Regulations Frameworks: Building Risk Readiness – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/ai-regulations-frameworks-building-risk-readiness-kovrr/
-
How Autonomous AI Agents Amplify Insider Threats
Sumitomo’s Sawant on the Internal Risks of Autonomous AI Agents. Autonomous AI agents are shifting the nature of insider threats by operating at machine speed and mimicking human-level access and privilege. These synthetic entities can act independently within systems and carry out actions traditionally reserved for human users, introducing new security risks. First seen on…
-
CS4CA: OT Security Strategies for Critical Infrastructure
Speaker for Upcoming CS4CA Europe London Event Discusses OT Risk and Collaboration. IT and OT teams at critical infrastructure companies face the imperative of balancing digitalization and automation with cybersecurity. In advance of the CS4CA Europe London Conference (Sept. 30 – Oct. 1, 2025), event speaker Marta Majtenyi previews some of the major themes. First…
-
Organizations Must Update Defenses to Scattered Spider Tactics, Experts Urge
Experts at a Gartner event highlighted areas of focus in identity, processes and third-party risk management to tackle the novel tactics employed by Scattered Spider First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/update-defenses-scattered-spider/
-
Data Trust Takes Center Stage at Healthcare Security Summit
CISOs, Regulators and Innovators Unite in New York to Safeguard Healthcare’s Future. From discussions on health data explosion to the keynote on AI deployment, the Healthcare Security Summit: New York offered practical strategies to manage data risks, ensure continuity of patient care and prepare for a regulatory landscape that is rapidly reshaping cybersecurity priorities. First…
-
6 Ways CISOs Are Using AI to Prioritize Critical Vulnerabilities
Just like AI is transforming business operations, it’s revolutionizing how CISOs handle vulnerabilities. AI-powered vulnerability prioritization helps reduce alert noise, focus on high-risk issues, and automate remediation, enabling security teams to act faster, stay ahead of threats, and strengthen their organization’s overall security posture. The post 6 Ways CISOs Are Using AI to Prioritize Critical…
-
European airports continue to crawl after a cyberattack on Collins’ MUSE systems
Tags: access, breach, ceo, cyberattack, data, exploit, group, india, infrastructure, risk, service, threat, vulnerabilityShared infrastructure and systemic risk: Collins Aerospace’s MUSE platform serves many airports’ check-in and baggage drop systems, meaning a fault there ripples across multiple nations. Brussels, Heathrow, Berlin and Dublin all reported impacts. Frankfurt and Paris airports were relatively spared, showing that usage of the compromised system varies.”Although information is still limited, the disruption at…
-
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)
Tags: riskIf you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/22/fortra-goanywhere-vulnerability-cve-2025-10035/
-
Risiken für Großrechner und ein Angebot der Bewältigung – Darauf kommt es an, wenn sich Mainframe-Sicherheitsdienste entfalten dürfen
Tags: riskFirst seen on security-insider.de Jump to article: www.security-insider.de/darauf-kommt-es-an-wenn-sich-mainframe-sicherheitsdienste-entfalten-duerfen-a-216797058932d8caa5a7a29dd55e8eb5/
-
CSO Awards winners highlight security innovation and transformation
Tags: ai, attack, automation, awareness, best-practice, business, ciso, cloud, compliance, conference, control, cyber, cybersecurity, data, defense, detection, finance, flaw, framework, governance, group, guide, infrastructure, intelligence, login, malicious, metric, mitre, network, penetration-testing, phishing, privacy, programming, risk, risk-management, service, siem, skills, soc, software, technology, threat, tool, training, update, vulnerability, vulnerability-managementFSU tackles third-party risk with tighter vendor management program: Organization: Florida State UniversityProject: Third-Party Risk Management ProgramSecurity leader: Bill Hunkapiller, CISOOfficials at Florida State University wanted to ensure that data shared with outside entities was well protected. To achieve that, CISO Bill Hunkapiller and his team revamped its third-party risk management program so that the…
-
How Juventus protects fans, revenue, and reputation during matchdays
In this Help Net Security interview, Mirko Rinaldini, Head of ICT at Juventus Football Club, discusses the club’s approach to cyber risk strategy. Juventus has developed a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/22/mirko-rinaldini-juventus-juventus-cyber-risk-strategy/
-
Agentic AI der neue Horror für Sicherheitsentscheider?
Tags: ai, antivirus, api, breach, ciso, compliance, cyberattack, cybersecurity, cyersecurity, detection, governance, law, mail, malware, monitoring, risk, service, supply-chain, tool, vulnerabilityKI ist mittlerweile in den meisten Unternehmen gesetzt. Im Trend liegen aktuell vor allem Systeme mit autonomen Fähigkeiten bei denen die potenziellen Sicherheitsrisiken besonders ausgeprägt sind.KI-Agenten werden im Unternehmensumfeld immer beliebter und zunehmend in Workflows und Prozesse integriert. Etwa in den Bereichen Softwareentwicklung, Kundenservice und -Support, Prozessautomatisierung oder Employee Experience. Für CISOs und ihre Teams…
-
Cyberattacke legt europäische Flughäfen lahm
In den vergangenen Tagen haben Cyberangriffe auf zentrale Drehkreuze der europäischen Luftfahrt wie den Berliner Flughafen BER, London Heathrow und den Brüsseler Flughafen zu erheblichen Störungen geführt. Was auf den ersten Blick wie eine klassische IT-Panne wirkt, entpuppt sich als ein Paradebeispiel für die immer dramatischeren Risiken, die Cyberkriminalität für kritische Infrastrukturen mit sich bringt.…
-
Pentagon Bans China-Based Engineers Over Hacking Concerns
The Pentagon bans China-based staff from cloud work after reports warn of espionage risks and urge tighter supply chain security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/pentagon-bans-china-based-engineers-over-hacking-concerns/
-
Cybersecurity for Small Business: Protecting Growth in a High-Risk Landscape
Your small business is one of the estimated 350 to 450 million Micro, Small and Medium Enterprises (MSMEs) worldwide. There are 6.3+ crore enterprises in India alone. With SMBs being one of the easiest and the most preferred epicentre for the hackers ulterior motive, cybersecurity for small business should not be put forward as a……
-
ChatGPT Tricked Into Solving CAPTCHAs: Security Risks for AI and Enterprise Systems
Researchers showed ChatGPT can bypass CAPTCHAs, exposing major AI security gaps. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chatgpt-tricked-into-solving-captchas-security-risks-for-ai-and-enterprise-systems/
-
Here’s What Top CrowdStrike Partners Were Talking About At Fal.Con 2025
For top CrowdStrike solution provider partners, the opportunities with the cybersecurity giant are at no risk of slowing down any time soon, solution provider executives told CRN this week. First seen on crn.com Jump to article: www.crn.com/news/security/2025/here-s-what-top-crowdstrike-partners-were-talking-about-at-fal-con-2025
-
When Business Moves Fast, Security Gets Left Behind in MA
Mergers and acquisitions (M&A) often unfold at breakneck speed, driven by business opportunity and shareholder expectations. But as Dave Lewis, global advisory CISO at 1Password, explains, cybersecurity risks are still too often left as an afterthought. Lewis points to a recent example involving Salesforce apps and SalesLoft, where an acquired company carried unresolved security issues..…
-
Transforming Cyber Frameworks to Take Control of Cyber-Risk
Frameworks may seem daunting to implement, especially for government IT teams that may not have an abundance of resources and expertise. But beginning implementation is better than never starting. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/transforming-cyber-frameworks-cyber-risk
-
Transforming Cyber Frameworks to Take Control of Cyber-Risk
Frameworks may seem daunting to implement, especially for government IT teams that may not have an abundance of resources and expertise. But beginning implementation is better than never starting. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/transforming-cyber-frameworks-cyber-risk
-
Transforming Cyber Frameworks to Take Control of Cyber-Risk
Frameworks may seem daunting to implement, especially for government IT teams that may not have an abundance of resources and expertise. But beginning implementation is better than never starting. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/transforming-cyber-frameworks-cyber-risk