Tag: technology
-
OT Security: The New Attack Surface of AI-Powered Robots
AI-powered humanoid robots are introducing a new cyber-physical attack surface that blends operational technology with enterprise IT. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/ot-security-the-new-attack-surface-of-ai-powered-robots/
-
Iran-Linked Hacktivists Claim Destructive Cyberattack on Medtech Firm Stryker
A hacktivist group with alleged links to Iran’s intelligence agencies has claimed responsibility for a destructive cyberattack against Stryker, the Michigan-based global medical technology company, in an incident that reportedly disrupted operations across the company’s international network. News reports from Ireland, Stryker’s largest hub outside the United States, said the company sent more than 5,000…
-
Understanding SOC 2 Controls for SaaS Providers
For SaaS providers, trust is a core part of the offering. Customers rely on software platforms to process data, support business operations, and integrate with wider technology ecosystems. As a result, demonstrating effective security and governance controls using frameworks like SOC 2 has become an increasingly important requirement when selling to enterprise customers. SOC 2″¦…
-
The Cyber Express Weekly Roundup: Global Cyberattacks, Espionage, Malware, and Critical Security Updates
This week’s The Cyber Express weekly roundup highlights major cybersecurity developments affecting organizations, governments, and individuals worldwide. Key stories include destructive cyberattacks, such as system-wide wipes and targeted breaches, as well as state-backed cyber espionage targeting technology and research sectors. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/the-cyber-express-weekly-roundup-march/
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
What optimization can be expected from AI-driven audits
How Are Non-Human Identities Redefining Cybersecurity? What are the implications of Non-Human Identities (NHIs) on contemporary cybersecurity strategies? Where increasingly reliant on digital, NHIs stand as crucial elements. These machine identities, which are becoming pivotal in securing environments, represent a sound intersection of technology and security strategies. Understanding Non-Human Identities NHIs are more than mere……
-
US sanctions North Korea IT worker networks in Laos, Vietnam
The latest round of sanctions targeted Amnokgang Technology Development Company, a North Korean company that manages delegations of IT workers, and Quangvietdnbg International Services Company, a Vietnamese firm used by North Korean actors for currency conversion services. First seen on therecord.media Jump to article: therecord.media/us-sanctions-north-korea-it-worker-networks-laos-vietnam
-
Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks
On March 11th, medical technology company Stryker disclosed that a cyberattack had disrupted portions of its global network infrastructure, affecting Microsoft systems used across the organization. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/destructive-activity-targeting-stryker-highlights-emerging-supply-chain-risks/
-
Reuse, Reward: How Banks Can Safely Unlock the Value of Their Data
<div cla The financial world is awash with data. But too few organizations are able to use it effectively. In Bank Director’s 2025 Technology Survey, one-third of US banking leaders cite an inability to harness data as a top technology challenge facing their institution. They run the risk of falling behind their peers. For instance,…
-
Payment Giant Verifone Disputes Iranian Hacking Group Hit
Tehran-Linked Handala Hackers Disrupt Medtech Giant Stryker, Claim Verifone Breach. As the United States and Israel continue their war with Iran, Tehran-linked hacking group Handala has entered the fray, claiming credit for wiping systems at medical technology firm Stryker, which confirmed the attack, as well as breaching payment device maker Verifone, which denied being breached.…
-
Iran-Linked Hacktivists Claim Wiper Attack on Stryker Systems
Iran-linked hacktivists claim responsibility for a cyberattack that disrupted global operations at medical technology company Stryker. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iran-linked-hacktivists-claim-wiper-attack-on-stryker-systems/
-
RSAC 2026 Innovation Sandbox Glide Identity: Building a Next-Generation AI Passwordless Authentication Platform
Tags: access, ai, authentication, conference, control, cyber, identity, intelligence, network, startup, technologyCompany Profile With the rapid development of artificial intelligence technology today, identity and access control have leapt from a simple security component to the core control plane of the digital world. Against this backdrop, Glide Identity, a startup shortlisted for the 2026 RSA Conference Innovation Sandbox, stands out. The company is committed to breaking down…The…
-
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at…
-
Medtech Firm Stryker Disrupted by Pro-Iran Hackers
Iran Expands Targeting, Including AWS, Google and Microsoft Infrastructure. Michigan-based medical technology giant Stryker appears to have been hacked by a pro-Iranian group called Handala, leading to global operations being disrupted, IT devices remotely wiped and terabytes of data being stolen. Experts said Handala appears to be a faketivist group run by Tehran. First seen…
-
Medtech giant Stryker offline after Iran-linked wiper malware attack
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/medtech-giant-stryker-offline-after-iran-linked-wiper-malware-attack/
-
KnowBe4 launches AI agent to tailor security awareness assessments
KnowBe4 has expanded its Artificial Intelligence Defense Agents (AIDA) suite with the launch of a new AI-powered assessment tool designed to help organisations measure human cyber risk more accurately. The company has introduced the Custom SAPA (Security Awareness Proficiency Assessment) AI Agent, which generates tailored security awareness assessments based on an organisation’s own technology environment,…
-
A 5-step approach to taming shadow AI
Tags: ai, api, business, communications, compliance, control, data, defense, finance, framework, governance, incident response, monitoring, network, nist, risk, risk-assessment, risk-management, service, strategy, technology, toolthought work happened and how it actually does today.Here’s a five-step approach to put a robust AI-risk management framework in place: Employees often use public model APIs, browser-based prompt tools and unsanctioned or ungoverned internal chatbots to boost productivity without considering the risk of exposing sensitive data.AI usage is not difficult to identify; you just need…
-
Announcing the 2026 CSO Hall of Fame honorees
Tags: ai, ceo, cio, ciso, corporate, cyber, cybersecurity, finance, google, group, infrastructure, international, jobs, resilience, risk, risk-management, sans, technologySelim Aissi, CEO & CSO, AGARobert S. Allen, Global CISO & Responsible AI Officer, GallagherMohit Chanana, CISO, Chevron Phillips ChemicalEdna Conway, Chief Operations & Risk Officer, TPO GroupJuan Gomez-Sanchez, VP, Cyber Resilience, McLane Company, Inc.Gary Harbison, Global CISO, Johnson & JohnsonMalcolm Harkins, Chief Security & Trust Officer, HiddenLayerBarry Hensley, CSO, Brown & BrownShaun Khalfan, SVP,…
-
OpenClaw Security Issues: Add a “Security Guardrail” to Your AI Application
In 2026, AI intelligent agent technology will usher in a full-scale explosion. As a representative project, OpenClaw (formerly known as Clawdbot and Moltbot) is highly favored for its powerful capabilities-it can integrate multi-channel communication capabilities with large language models to build customized AI assistants with persistent memory and active execution capabilities, supporting local private deployment….The…
-
How can enterprises be reassured by advanced AI measures
The Role of Non-Human Identities in Enhancing Enterprise Security How do organizations maintain trust in technology where machine interactions are increasingly prevalent? Non-human identities (NHIs) play a pivotal role in keeping systems secure and efficient. For enterprises utilizing advanced AI measures, understanding and managing these identities is crucial for ensuring a resilient cybersecurity framework. Understanding……
-
Can AI-driven cloud security fully protect data
How Can Non-Human Identities Transform AI-Driven Cloud Security? Have you ever pondered the pivotal role machine identities, or Non-Human Identities (NHIs), play in enhancing AI-driven cloud security and data protection? With technology evolves, the intersection between cybersecurity and artificial intelligence becomes increasingly critical. NHIs are often the unsung heroes in securing the cloud environment, ensuring……
-
Fake LinkedIn Interview Used by Lazarus Hackers to Target AllSecure CEO
Researchers at AllSecure have revealed how North Korean hackers from the Lazarus Group used a fake LinkedIn job interview and deepfake technology to target their CEO. First seen on hackread.com Jump to article: hackread.com/fake-linkedin-interview-lazarus-hackers-allsecure-ceo/