Tag: technology
-
Lawmaker calls facial recognition on doorbell cameras a ‘privacy nightmare’
Sen. Ed Markey (D-MA) asked Ring in October about its privacy policies and how it intends to protect individuals recorded by its new facial recognition technology feature called Familiar Faces. First seen on therecord.media Jump to article: therecord.media/lawmaker-calls-facial-recognition-doorbell-cameras-privacy-nightmare
-
NIST Plans to Build Threat and Mitigation Taxonomy for AI Agents
The U.S. National Institute of Standards and Technology (NIST) is building a taxonomy of attack and mitigations for securing artificial intelligence (AI) agents. Speaking at the AI Summit New York conference, Apostol Vassilev, a research team supervisor for NIST, told attendees that the arm of the U.S. Department of Commerce is working with industry partners..…
-
CISA and FBI Warn of Pro-Russia Hacktivist Attacks on Critical Infrastructure Worldwide
Tags: advisory, attack, cisa, cyber, cybercrime, cybersecurity, infrastructure, international, russia, tactics, technologyThe Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and international partners from the European Cybercrime Centre (EC3) have released a joint cybersecurity advisory detailing the escalating activities of pro-Russia hacktivist groups. This new advisory highlights a shift in tactics, with hacktivists targeting Operational Technology (OT) and Industrial…
-
British government sanctions Russian and Chinese groups over information warfare
The U.K.’s foreign secretary announced sanctions on seven Russian individuals and influence networks, as well as the Chinese companies i-Soon and Integrity Technology Group. First seen on therecord.media Jump to article: therecord.media/uk-sanctions-russia-china-entities-information-warfare
-
CISA and FBI Warn of Pro-Russia Hacktivist Attacks on Critical Infrastructure Worldwide
Tags: advisory, attack, cisa, cyber, cybercrime, cybersecurity, infrastructure, international, russia, tactics, technologyThe Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and international partners from the European Cybercrime Centre (EC3) have released a joint cybersecurity advisory detailing the escalating activities of pro-Russia hacktivist groups. This new advisory highlights a shift in tactics, with hacktivists targeting Operational Technology (OT) and Industrial…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Checkmarx Purchases Tromzo to Boost AI Security Automation
Tromzo Acquisition Adds AI Team and Technology for Automated Security Remediation. Checkmarx acquired AI security startup Tromzo to jumpstart its roadmap for agentic application security. The deal gives Checkmarx a ready-built platform and team focused on enterprise-grade triage and remediation agents designed to streamline vulnerability management. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/checkmarx-purchases-tromzo-to-boost-ai-security-automation-a-30226
-
Ignoring AI in the threat chain could be a costly mistake, experts warn
Tags: ai, attack, automation, ceo, ciso, cyber, cybersecurity, defense, exploit, government, hacker, skills, sophos, technology, threat, toolHow CISOs could cut through the confusion: The conflicting narratives around AI threats leave many CISOs struggling to reconcile hype with operational reality.Given the emergence of AI-enabled cyber threats amid pushback from some cyber experts who contend these threats are not real, Sophos CEO Joe Levy tells CSO that AI is becoming a “Rorschach test,…
-
KI schafft neue Sicherheitsrisiken für OT-Netzwerke
Sicherheitsbehörden sehen in der vermehrten Nutzung von KI eine Gefahr für die Sicherheit von OT-Systemen.Die Sicherheit der Betriebstechnik (Operational Technology OT) in kritischen Infrastrukturen ist seit Jahren ein immer wiederkehrendes Thema. Nach Ansicht von Sicherheitsorganisationen könnte die vermehrte Nutzung von KI in der OT die Lage noch verschlimmern.Die US-Cybersicherheitsbehörde CISA hat deshalb vor kurzem gemeinsam…
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims
A Home Office report has revealed racial bias in facial recognition technology used by police First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ico-demands-clarity-facial/
-
CISA Releases New AIOT Security Guidance: Key Principles Risks
CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cisa-releases-new-ai-in-ot-security-guidance-key-principles-risks/
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
CISA Releases New AIOT Security Guidance: Key Principles Risks
CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cisa-releases-new-ai-in-ot-security-guidance-key-principles-risks/
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
MIT-Studie: ChatGPT- bzw. LLM-Nutzung und Gehirn-Aktivitäten
Es ist eine Studie des Massachussets Institutes of Technology (MIT) zur Frage “wie beeinflusst die LLM-Nutzung unsere Gehirn-Aktivitäten, die im Sommer erschienen ist und Debatten auslöste. Das Ergebnis in einem Satz: “ChatGPT & Co. machen das Gehirn fauler und lassen … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/07/mit-studie-chatgpt-bzw-llm-nutzung-und-gehirn-aktivitaeten/
-
15 years in, zero trust remains elusive, with AI rising to complicate the challenge
Legacy systems that weren’t designed for zero trust principles,Fragmented identity and access tools that make unified enforcement difficult, andCultural and organizational resistance to changing long-standing trust models.Kyle Wickert, field CTO at AlgoSec, says zero trust remains one of the most misunderstood transformations in cybersecurity.”Many organizations still hesitate to pursue it because they associate zero trust…
-
CISA Warns of ‘Ongoing’ Brickstorm Backdoor Attacks
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-ongoing-brickstorm-backdoor-attacks
-
AI creates new security risks for OT networks, warns NSA
Tags: ai, cisa, compliance, control, cyber, data, data-breach, government, healthcare, infrastructure, injection, intelligence, LLM, network, risk, technology, trainingPrinciples for the Secure Integration of Artificial Intelligence in Operational Technology, authored by the NSA in conjunction with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and a global alliance of national security agencies.While the use of AI in critical infrastructure OT is in its early days, the guidance reads like an attempt…
-
CISA Publishes Security Guidance for Using AI in OT
Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisa-publishes-security-guidance-ai-ot
-
AI creates new security risks for OT networks, warns NSA
Tags: ai, cisa, compliance, control, cyber, data, data-breach, government, healthcare, infrastructure, injection, intelligence, LLM, network, risk, technology, trainingPrinciples for the Secure Integration of Artificial Intelligence in Operational Technology, authored by the NSA in conjunction with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and a global alliance of national security agencies.While the use of AI in critical infrastructure OT is in its early days, the guidance reads like an attempt…
-
British officials seek to expand facial recognition technology use
Tags: technologyPolice have used facial recognition in Britain since 2017 and controversy has mounted as more aggressive deployments have been undertaken, including live facial recognition which involves processing real-time video footage of people passing a camera. First seen on therecord.media Jump to article: therecord.media/british-officials-seek-to-expand-facial-recognition-tech-use
-
Coach or mentor: What you need depends on where you are as a cyber leader
Tags: access, ai, business, ciso, cloud, compliance, control, cyber, cybersecurity, defense, government, jobs, network, programming, risk, risk-management, skills, technologyA good technical base can last decades: While mentees need the most help with aligning to the business, some argue that a technical baseline is equally as important to the role for managing technical staff and enabling business operations, particularly through innovative technologies like cloud and AI.One of those is Cynthia Madden, founder of Artemis…