Tag: technology
-
5 Actions Critical for Cybersecurity Leadership During International Conflicts
Tags: attack, backup, business, cloud, corporate, cyber, cybersecurity, data, exploit, government, incident response, infrastructure, international, iran, middle-east, military, network, resilience, risk, risk-assessment, russia, saas, service, supply-chain, technology, threat, ukraine, update, vulnerability, warfareThe recent military attacks involving Iran in the Middle East are a stark reminder that cybersecurity leadership must continually incorporate geopolitical risk into their enterprise cyber risk posture and preparedness. Every crisis that elevates to military engagements between cyber-active participants, changes the risk landscape of businesses, for people, operations, and data. This includes the…
-
Anthropic and the Pentagon
OpenAI is in and Anthropic is out as a supplier of AI technology for the US defense department. This news caps a week of bluster by the highest officials in the US government towards some of the wealthiest titans of the big tech industry, and the overhanging specter of the existential risks posed by a…
-
The Multi-Billion Dollar AI Bet: Who Owns the Outcome?
Growing AI Investments Push Enterprises to Demand Accountability From Tech Vendors Companies spent over $300 billion on artificial intelligence last year, yet most initiatives produced little measurable value. As skepticism grows, a new debate is emerging around accountability in enterprise technology contracts and whether vendors should share responsibility for outcomes. First seen on govinfosecurity.com Jump…
-
North Korean agents using AI to trick western firms into hiring them, Microsoft says
Firm says AI tools are masking identities of false applicants, who then funnel wages from remote IT jobs to North KoreaFake IT workers deployed by North Korea are using AI technology, including voice-changing tools, to trick western companies into hiring them, Microsoft has said.The US tech firm said a signature Pyongyang money-raising ruse is being…
-
Nearly half of exploited zero-day flaws target enterprise-grade technology
A report by Google Threat Intelligence Group warns that AI will be used to speed and scale attacks in 2026. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/half-exploited-zero-day-flaws-enterprise-grade-technology/814021/
-
The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale.Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and…
-
Teenage hacker myth primed for a middle-age criminal makeover
Tags: access, breach, business, corporate, crypto, cyber, cybercrime, cybersecurity, data, detection, extortion, finance, group, hacker, hacking, infrastructure, jobs, malware, network, penetration-testing, programming, ransomware, service, skills, software, technology, threat, vulnerabilityCybercrime cartels: Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.””While young people may still engage in digital vandalism…
-
Challenges and projects for the CISO in 2026
Tags: access, ai, authentication, automation, awareness, cisco, ciso, cloud, communications, control, credentials, cybersecurity, data, defense, detection, edr, email, encryption, endpoint, finance, framework, group, identity, intelligence, leak, mobile, network, service, soc, sophos, strategy, technology, trainingHazel DÃez (Banco Santander), Roberto Lara (Vodafone), Marijus Briedis (NordVPN), Ãlvaro Fernández (Sophos), and Ãngel Ortiz (Cisco). Banco Santander, Vodafone, NordVPN, Sophos y Cisco. Montaje: Foundry Against this backdrop, Cisco defines AI as “the fundamental technology that will set the cybersecurity agenda in 2026,” in the words of Ortiz, who refers to the company’s Integrated…
-
Zero-day exploits hit enterprises faster and harder
Tags: access, apple, attack, backdoor, business, china, cisco, cve, data, detection, endpoint, espionage, exploit, firewall, flaw, fortinet, google, group, hacker, infrastructure, ivanti, least-privilege, mobile, network, oracle, radius, ransomware, risk, router, russia, service, software, technology, threat, update, vpn, vulnerability, zero-dayEnterprise environments under siege: Chinese threat actors continued to display a preference for targets that are difficult to monitor and allow persistent access to strategic networks. Notable examples include the groups that GTIG tracks as UNC5221, which exploited a flaw in Ivanti Connect Secure (CVE-2025-0282) and UNC3886, which exploited a vulnerability in Juniper routers (CVE-2025-21590).Another…
-
Should Cloud Be Classed as Critical Infrastructure?
Tags: access, authentication, banking, breach, business, cloud, compliance, computing, container, control, cyber, cybersecurity, data, dora, encryption, fido, finance, framework, governance, Hardware, healthcare, identity, incident, infrastructure, mfa, network, nis-2, radius, regulation, resilience, risk, saas, service, strategy, supply-chain, technologyShould Cloud Be Classed as Critical Infrastructure? madhav Thu, 03/05/2026 – 09:53 Over the past few years, large-scale cloud outages have demonstrated just how deeply digital services are woven into the fabric of modern society. When widely used cloud platforms experience disruption, the impact extends far beyond individual applications; banking services stall, transport systems falter,…
-
Operational Technology (OT) penetration testing: Defining, Process and Tools
Operational penetration testing is a process of simulating real-world attacks on OT systems to identify vulnerabilities before cybercriminals can exploit them, either physically or remotely. OT penetration testing is a proactive approach to identifying vulnerabilities in OT systems before adversaries exploit them. OT penetration testing is performed by penetration testers, ethical hackers, and industrial cybersecurity……
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
An OT Incident Scoring System Inspired by Natural Disasters
System Meant to Dispel FUD Faces Uphill Climb to Widespread Adoption. Hurricanes, tornados, earthquakes – and now operational technology cyber incidents – all can receive a numerical score based on their severity, although a new effort promoting an OT Incident Impact Score faces an uphill climb to get the traction it needs to succeed. First…
-
An OT Incident Scoring Systems Inspired by Natural Disasters
System Meant to Dispel FUD Faces Uphill Climb to Widespread Adoption. Hurricanes, tornados, earthquakes – and now operational technology cyber incidents – all can receive a score based on their severity, although a new effort promoting an OT Incident Impact Score across critical infrastructure sectors faces an uphill climb to get the traction it needs…
-
NDSS 2025 Detecting Server-Induced Client Vulnerabilities In Windows Remote IPC
Tags: china, computing, conference, cve, data, detection, Internet, network, technology, tool, vulnerability, windowsSession 14C: Vulnerability Detection Authors, Creators & Presenters: (Except Where Noted – The Following Authors Are From The Institute of Information Engineering, Chinese Academy Of Sciences) Fangming Gu, Qingli Guo, Jie Lu (Institute of Computing Technology, Chinese Academy of Sciences), Qinghe Xie , Beibei Zhao, Kangjie Lu (University of Minnesota), Hong Li, Xiaorui Gong PAPER…
-
Iranian cyberattacks fail to materialize but threat remains acute
Tags: ai, application-security, attack, ceo, control, country, cyber, cyberattack, cybercrime, cybersecurity, defense, endpoint, finance, government, group, healthcare, infrastructure, intelligence, Internet, iran, malware, mfa, monitoring, phishing, risk, service, supply-chain, technology, threat, tool, update, vpnTargeting and response: According to Adrian Cheek, a senior cybercrime researcher at Canadian threat intelligence company Flare, the most at-risk sectors are critical infrastructure, including the defense and government supply chain, financial services, energy, and healthcare.”Water, energy, and healthcare sectors are currently the most exposed. These sectors combine high targeting priority with weak baseline security,…
-
Hybride Kriegsführung im digitalen Zeitalter Warum Systeme der künstlichen Intelligenz und Lieferketten zur strategischen Angriffsfläche werden
Was wir derzeit beobachten, ist hybride Kriegsführung in großem Maßstab: koordinierte kinetische Operationen gegen den Iran, vorbereitende Cyberaktivitäten sowie eine zu erwartende Welle iranischer und durch Stellvertreter geführter Einflusskampagnen, die die Grenzen zwischen militärischem Konflikt und zivilem Umfeld zunehmend verschwimmen lassen. Organisationen weltweit müssen davon ausgehen, dass ihre Operational-Technology (OT), Rechenzentren, KI-Integrationsschichten und Informationsökosysteme Teil…
-
Zero Trust Implementation Roadmap: 5 Stages from Legacy to Modern Security
Most Zero Trust initiatives stall not because the technology is wrong but because the approach is. A successful implementation follows a deliberate sequence”, starting with identity, not the network”, and builds momentum incrementally. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/zero-trust-implementation-roadmap-5-stages-from-legacy-to-modern-security/
-
Western allies form 6G security coalition amid tech rivalry with China
The Global Coalition on Telecoms (GCOT), comprising the United Kingdom, United States, Canada, Japan and Australia, with Sweden and Finland joining at the launch, unveiled voluntary security and resilience principles for the technology at the Mobile World Congress trade show in Barcelona. First seen on therecord.media Jump to article: therecord.media/western-allies-form-6g-security-coalition
-
On Moltbook
The MIT Technology Review has a good article on Moltbook, the supposed AI-only social network: Many people have pointed out that a lot of the viral comments were in fact posted by people posing as bots. But even the bot-written posts are ultimately the result of people pulling the strings, more puppetry than autonomy. “Despite…
-
Quantum-Resistant Data Diode Secures Sensitive Data on Edge Devices, Critical Systems
Forward Edge-AI’s new Isidore Quantum is a compact, low-power hardware device designed to defend sensitive operational technology endpoints against future quantum attacks. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/quantum-resistant-data-diode-secures-sensitive-data-on-edge-devices-critical-systems
-
Epic Fury introduces new layer of enterprise risk
Tags: access, apt, attack, business, cisa, ciso, communications, country, credentials, cyber, cybersecurity, data-breach, disinformation, exploit, group, infrastructure, intelligence, international, Internet, iran, malware, middle-east, network, ransomware, resilience, risk, rust, service, software, technology, tool, ukrainePhysical attacks on US-linked locations through direct action or partner groups. We are already seeing Iranian missile launches into a variety of nations in the region.Cyber operations that include disruptive activity, targeted intrusions, credential and access harvesting, destructive malware deployment, and the use of compromised infrastructure to support broader influence or operational objectives.Proxy networks across…
-
7 factors impacting the cyber skills gap
Tags: ai, attack, automation, breach, business, ciso, control, cyber, cybercrime, cybersecurity, data, defense, detection, group, incident response, intelligence, jobs, risk, service, skills, strategy, technology, threat, tool, training, vulnerability2. Emerging technologies: New technologies, particularly AI, are contributing to a cyber landscape that’s evolving so quickly it’s hard for even highly skilled cybersecurity professionals to pace, says Dan Lohrmann, CISO at enterprise strategy and consulting firm Presidio.AI-driven threats keep moving the target, allowing cybercriminals to attack with unprecedented levels of speed and agility, Lohrmann…
-
How does AI contribute to cybersecurity stability
Is AI the Key to Cybersecurity Stability? Where digital threats are becoming increasingly sophisticated, one might ask: can artificial intelligence be the linchpin in fortifying our defenses and achieving cybersecurity stability? With industries like financial services, healthcare, travel, and technology double down on using innovative systems, including DevOps and security operations centers (SOC), it becomes……
-
Zurich to Acquire Beazley in $11B European Insurance Deal
Cyber Insurance Expansion Drives Insurance Industry Consolidation. Zurich Insurance Group has agreed to acquire U.K.-based Beazley in an $11 billion deal that would create a $15 billion global insurance powerhouse. The transaction strengthens Zurich’s cyber insurance portfolio as demand surges for coverage tied to cyber and technology risks. First seen on govinfosecurity.com Jump to article:…
-
Quantum’s Uncertain Arrival Leaves CIOs With a Strategic Choice
The Quantum Clock Is Ticking, But Is the C-Suite Ready?. Quantum computing has been hovering just out of reach of the enterprise technology world for years and it’s still right around the corner now, said Nick Kathmann, CISO at LogicGate. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/quantums-uncertain-arrival-leaves-cios-strategic-choice-a-30895
-
Vulnerability monitoring service secures public-sector websites faster
Tags: business, ceo, cyber, dns, government, Internet, monitoring, office, resilience, risk, service, skills, technology, threat, tool, update, vulnerabilityTools good, talk better: The UK government’s VMS uses a combination of commercial and proprietary scanning tools to detect vulnerabilities in internet-facing assets.But McKay cautions against drawing the wrong conclusion from the results.”Process, accountability and taking ownership for explaining why this matters to the resilience of the business is far more important than the technical…