Tag: technology
-
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
-
Cybersecurity leaders’ top seven takeaways from 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, deep-fake, defense, detection, email, exploit, framework, governance, government, grc, identity, international, malicious, network, nist, phishing, regulation, resilience, risk, saas, service, software, strategy, supply-chain, technology, threat, tool, vulnerability2. AI forced companies to rethink their security strategies: At the same time, Abousselham notes how the rapid rollout of AI forced companies to shift their resources to keep pace with the change, while maintaining safe product releases. He calls 2025 the “chaotic introduction of agentic AI”.”I don’t think the industry was ready or expected…
-
Cybersecurity leaders’ top seven takeaways from 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, deep-fake, defense, detection, email, exploit, framework, governance, government, grc, identity, international, malicious, network, nist, phishing, regulation, resilience, risk, saas, service, software, strategy, supply-chain, technology, threat, tool, vulnerability2. AI forced companies to rethink their security strategies: At the same time, Abousselham notes how the rapid rollout of AI forced companies to shift their resources to keep pace with the change, while maintaining safe product releases. He calls 2025 the “chaotic introduction of agentic AI”.”I don’t think the industry was ready or expected…
-
AI in OT Sparks Cascade of Complex Challenges
Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/ai-ot-too-incompatible-work-securely
-
How to feel assured about cloud-native security with AI?
Are Non-Human Identities (NHIs) the Missing Link in Your Cloud Security Strategy? Where technology is reshaping industries, the concept of Non-Human Identities (NHIs) has emerged as a critical component in cloud-native security strategies. But what exactly are NHIs, and why are they essential in achieving security assurance? Decoding Non-Human Identities in Cybersecurity The term Non-Human……
-
How to justify your security investments
Tags: ai, attack, automation, breach, business, ciso, cloud, computing, cyber, cyberattack, cybersecurity, data, encryption, finance, Hardware, incident, infrastructure, resilience, risk, saas, service, strategy, technology, tool, vulnerabilityThe language of risks and returns: Boards of directors make decisions considering concepts such as risk and return. These include financial risks, operational risks, and reputational risks for the company. Board members assess the probability, exposure, and impact of incidents in each of these areas. Accordingly, the CISO’s role is to clarify how a proposed…
-
How to justify your security investments
Tags: ai, attack, automation, breach, business, ciso, cloud, computing, cyber, cyberattack, cybersecurity, data, encryption, finance, Hardware, incident, infrastructure, resilience, risk, saas, service, strategy, technology, tool, vulnerabilityThe language of risks and returns: Boards of directors make decisions considering concepts such as risk and return. These include financial risks, operational risks, and reputational risks for the company. Board members assess the probability, exposure, and impact of incidents in each of these areas. Accordingly, the CISO’s role is to clarify how a proposed…
-
Preparing for Cisco Vulnerability Management (formerly Kenna) EndLife: How Tenable Can Help
Tags: application-security, attack, business, cisco, cve, cybersecurity, data, data-breach, flaw, identity, intelligence, Internet, risk, service, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCisco Vulnerability Management (formerly Kenna) has long been a valuable partner for security teams. With its end-of-life now underway, Tenable One offers a clear path forward, delivering end-to-end unified exposure management for the future of risk management. Key takeaways: Tenable’s strong partnership with Cisco helps customers with a natural path forward and easy transition to…
-
Preparing for Cisco Vulnerability Management (formerly Kenna) EndLife: How Tenable Can Help
Tags: application-security, attack, business, cisco, cve, cybersecurity, data, data-breach, flaw, identity, intelligence, Internet, risk, service, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCisco Vulnerability Management (formerly Kenna) has long been a valuable partner for security teams. With its end-of-life now underway, Tenable One offers a clear path forward, delivering end-to-end unified exposure management for the future of risk management. Key takeaways: Tenable’s strong partnership with Cisco helps customers with a natural path forward and easy transition to…
-
New York City CTO Shares Blueprint for Lasting AI Governance
CTO Matthew Fraser Says Administrations May Change But AI Program Is Built to Last. New York City gets a new mayor on Jan. 1, and while no one knows Zohran Mamdani’s plans for using artificial intelligence, the city’s AI Action Plan will ensure a strong foundation for innovation, city Chief Technology Officer Matthew Fraser told…
-
New York City CTO Shares Blueprint for Lasting AI Governance
CTO Matthew Fraser Says Administrations May Change But AI Program Is Built to Last. New York City gets a new mayor on Jan. 1, and while no one knows Zohran Mamdani’s plans for using artificial intelligence, the city’s AI Action Plan will ensure a strong foundation for innovation, city Chief Technology Officer Matthew Fraser told…
-
How does Agentic AI empower cybersecurity teams?
Can Agentic AI Revolutionize Cybersecurity Practices? Where digital threats consistently challenge organizations, how can cybersecurity teams leverage innovations to bolster their defenses? Enter the concept of Agentic AI”, a technology that could serve as a powerful ally in the ongoing battle against cyber threats. By enhancing the management of Non-Human Identities (NHIs) and secrets security…
-
Lawmaker calls facial recognition on doorbell cameras a ‘privacy nightmare’
Sen. Ed Markey (D-MA) asked Ring in October about its privacy policies and how it intends to protect individuals recorded by its new facial recognition technology feature called Familiar Faces. First seen on therecord.media Jump to article: therecord.media/lawmaker-calls-facial-recognition-doorbell-cameras-privacy-nightmare
-
NIST Plans to Build Threat and Mitigation Taxonomy for AI Agents
The U.S. National Institute of Standards and Technology (NIST) is building a taxonomy of attack and mitigations for securing artificial intelligence (AI) agents. Speaking at the AI Summit New York conference, Apostol Vassilev, a research team supervisor for NIST, told attendees that the arm of the U.S. Department of Commerce is working with industry partners..…
-
British government sanctions Russian and Chinese groups over information warfare
The U.K.’s foreign secretary announced sanctions on seven Russian individuals and influence networks, as well as the Chinese companies i-Soon and Integrity Technology Group. First seen on therecord.media Jump to article: therecord.media/uk-sanctions-russia-china-entities-information-warfare
-
CISA and FBI Warn of Pro-Russia Hacktivist Attacks on Critical Infrastructure Worldwide
Tags: advisory, attack, cisa, cyber, cybercrime, cybersecurity, infrastructure, international, russia, tactics, technologyThe Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and international partners from the European Cybercrime Centre (EC3) have released a joint cybersecurity advisory detailing the escalating activities of pro-Russia hacktivist groups. This new advisory highlights a shift in tactics, with hacktivists targeting Operational Technology (OT) and Industrial…
-
CISA and FBI Warn of Pro-Russia Hacktivist Attacks on Critical Infrastructure Worldwide
Tags: advisory, attack, cisa, cyber, cybercrime, cybersecurity, infrastructure, international, russia, tactics, technologyThe Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and international partners from the European Cybercrime Centre (EC3) have released a joint cybersecurity advisory detailing the escalating activities of pro-Russia hacktivist groups. This new advisory highlights a shift in tactics, with hacktivists targeting Operational Technology (OT) and Industrial…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Checkmarx Purchases Tromzo to Boost AI Security Automation
Tromzo Acquisition Adds AI Team and Technology for Automated Security Remediation. Checkmarx acquired AI security startup Tromzo to jumpstart its roadmap for agentic application security. The deal gives Checkmarx a ready-built platform and team focused on enterprise-grade triage and remediation agents designed to streamline vulnerability management. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/checkmarx-purchases-tromzo-to-boost-ai-security-automation-a-30226
-
Ignoring AI in the threat chain could be a costly mistake, experts warn
Tags: ai, attack, automation, ceo, ciso, cyber, cybersecurity, defense, exploit, government, hacker, skills, sophos, technology, threat, toolHow CISOs could cut through the confusion: The conflicting narratives around AI threats leave many CISOs struggling to reconcile hype with operational reality.Given the emergence of AI-enabled cyber threats amid pushback from some cyber experts who contend these threats are not real, Sophos CEO Joe Levy tells CSO that AI is becoming a “Rorschach test,…
-
KI schafft neue Sicherheitsrisiken für OT-Netzwerke
Sicherheitsbehörden sehen in der vermehrten Nutzung von KI eine Gefahr für die Sicherheit von OT-Systemen.Die Sicherheit der Betriebstechnik (Operational Technology OT) in kritischen Infrastrukturen ist seit Jahren ein immer wiederkehrendes Thema. Nach Ansicht von Sicherheitsorganisationen könnte die vermehrte Nutzung von KI in der OT die Lage noch verschlimmern.Die US-Cybersicherheitsbehörde CISA hat deshalb vor kurzem gemeinsam…
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims
A Home Office report has revealed racial bias in facial recognition technology used by police First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ico-demands-clarity-facial/
-
CISA Releases New AIOT Security Guidance: Key Principles Risks
CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cisa-releases-new-ai-in-ot-security-guidance-key-principles-risks/
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
CISA Releases New AIOT Security Guidance: Key Principles Risks
CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cisa-releases-new-ai-in-ot-security-guidance-key-principles-risks/