Tag: technology
-
2025 CSO Hall of Fame: Laura Deaner on AI, quantum threats, and cyber leadership
Tags: ai, attack, automation, breach, business, ciso, compliance, conference, cyber, cybersecurity, india, ml, ransomware, risk, skills, strategy, tactics, technology, threat, tool, vulnerabilityHow has the CISO role changed during your career, and what do you see as the biggest cybersecurity challenges for the next generation of CISOs?: Laura Deaner: “When the CISO role first emerged, security was treated as an IT compliance checkbox. Over the years, high-profile breaches”, such as the Code Red incident at Microsoft”, forced…
-
Cybersecurity Snapshot: Security Lags Cloud and AI Adoption, Tenable Report Finds, as CISA Lays Out Vision for CVE Program’s Future
Tags: access, ai, api, attack, automation, best-practice, breach, bug-bounty, business, cisa, cloud, communications, computer, control, cve, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, framework, google, governance, government, identity, infrastructure, intelligence, international, Internet, linkedin, mitre, network, nist, office, open-source, privacy, programming, RedTeam, resilience, risk, risk-management, service, skills, software, strategy, tactics, technology, threat, tool, update, vulnerabilityCheck out Tenable’s report detailing challenges and best practices for cloud and AI security. Plus, CISA rolled out a roadmap for the CVE Program, while NIST updated its guidelines for secure software patches. And get the latest on TLS/SSL security and AI attack disclosures! Here are five things you need to know for the week…
-
12 digital forensics certifications to accelerate your cyber career
Tags: access, apt, attack, browser, chrome, cloud, computer, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, email, endpoint, exploit, google, government, group, hacker, hacking, Hardware, incident response, international, jobs, law, malicious, malware, microsoft, mobile, network, phone, service, skills, soc, technology, threat, tool, training, windowsCellebrite Certified Mobile Examiner (CCME)Certified Computer Examiner (CCE)CyberSecurity Forensic Analyst (CSFA)EC-Council Computer Hacking Forensic Investigator (CHFI)EnCase Certified Examiner (EnCE)Exterro AccessData Certified Examiner (ACE)GIAC Advanced Smartphone Forensics Certification (GASF)GIAC Certified Forensics Analyst (GCFA)GIAC Certified Forensic Examiner (GCFE)GIAC Cloud Forensic Responder (GCFR)GIAC Network Forensic Analysis (GNFA)Magnet Certified Forensics Examiner (MCFE) Cellebrite Certified Mobile Examiner (CCME) Out of…
-
M&S parts ways with CTO after cyber attack
M&S chief digital and technology officer Rachel Higham steps back from her role in the wake of the April 2025 cyber attack on the retailer’s systems. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630565/MS-parts-ways-with-CTO-after-cyber-attack
-
Chat Control: EU to decide on requirement for tech firms to scan encrypted messages
Law enforcement and police experts meet on Friday to decide on proposals to require technology companies to scan encrypted messages for possible child abuse images amid growing opposition from security experts First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630597/Chat-Control-EU-to-decide-on-requirement-for-tech-firms-to-scan-encrypted-messages
-
How China’s Propaganda and Surveillance Systems Really Operate
A series of corporate leaks show that Chinese technology companies function far more like their Western peers than one might imagine. First seen on wired.com Jump to article: www.wired.com/story/made-in-china-how-chinas-surveillance-industry-actually-works/
-
Closing OT Blind Spots With Asset Visibility, Culture
Merck’s Luis Contasti Aguirre on Building Resilient OT Security Programs. Luis Contasti Aguirre from Merck shares how visibility into OT assets, clear processes and a strong risk-aware culture help secure critical systems. He explains how aligning people, process and technology strengthens compliance, reduces false positives and ensures operational resilience. First seen on govinfosecurity.com Jump to…
-
Microsoft under fire: Senator demands FTC investigation into ‘arsonist selling firefighting services’
Tags: access, attack, authentication, breach, business, cio, ciso, computer, corporate, cyber, cybersecurity, email, encryption, finance, government, hacker, mfa, microsoft, network, password, ransomware, service, software, technology, threat, updateThe technical reality behind the failures: Security experts have long criticized Microsoft’s reliance on outdated encryption standards. “RC4 should have been retired long ago, yet it still lurks in Active Directory and continues to enable attacks like Kerberoasting,” Gogia noted.Microsoft’s justification centered on backward compatibility concerns. “Microsoft’s line has been that switching it off overnight…
-
FTC should investigate Microsoft after Ascension ransomware attack, senator says
Tags: access, attack, encryption, finance, hacker, healthcare, microsoft, network, ransomware, technologyHackers leveraged insecure Microsoft encryption technology known as RC4 to gain access to the network of the hospital chain Ascension, Sen. Ron Wyden said in a letter asking the Federal Trade Commission to investigate. First seen on therecord.media Jump to article: therecord.media/ascension-ransomware-attack-wyden-seeks-ftc-microsoft-investigation
-
Shift from Reactive to Proactive: Leveraging Tenable Exposure Management for MSSP Success
Tags: access, ai, api, application-security, attack, best-practice, breach, business, cloud, compliance, control, cyber, cybersecurity, data, endpoint, exploit, framework, guide, identity, infrastructure, iot, mitre, mssp, risk, risk-management, service, technology, threat, tool, vulnerability, vulnerability-managementAn Exposure Management as a Service offering allows MSSPs to unify security visibility, insight and action across the attack surface to prioritize exposure and enable innovation that is secure and compliant. Whether you’re already leveraging Tenable Vulnerability Management as a Service or you’re just starting a service offering, we’ve got guidance for you. Key takeaways…
-
Three states team up in investigative sweep of companies flouting data opt-out laws
California, Colorado and Connecticut are contacting businesses that aren’t using legally mandated technology to provide consumers with universal opt-out rights. First seen on cyberscoop.com Jump to article: cyberscoop.com/states-investigative-sweep-global-privacy-control-data-privacy/
-
UNC6395 Hackers Accessed Systems via a GitHub Account, Salesloft Says
Security investigators from Google said UNC6395 hackers spent several months running through Salesloft and Drift systems before launching a data breach campaign that some security researchers say has targeted hundreds of technology and other companies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/unc6395-hackers-accessed-systems-via-a-github-account-salesloft-says/
-
The Agentic Identity Sandbox, Your flight simulator for AI agent identity
We’ve all heard the promises about agentic AI transforming business operations. The reality? Most enterprise AI agent projects never make it past the pilot stage, and it’s not because the technology doesn’t work. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-agentic-identity-sandbox-your-flight-simulator-for-ai-agent-identity/
-
What the Salesloft Drift breaches reveal about 4th-party risk
Tags: access, ai, api, attack, breach, control, data, data-breach, email, exploit, google, hacker, incident response, intelligence, monitoring, risk, risk-assessment, saas, soc, software, startup, supply-chain, technology, threat, tool, zero-trustFebruary 2024: SalesLoft acquires Drift, an AI-powered chatbot companyThe hidden legacy: Drift’s existing OAuth tokens to thousands of Salesforce and Google Workspace instances probably remained activeTime passes: Tokens and app permissions remain valid unless explicitly rotated or revoked.August 2025: Attackers abuse OAuth tokens associated with the Drift application to enumerate and exfiltrate Salesforce data; a…
-
UK contactless card payment limits could be unlimited
The UK Financial Conduct Authority says contactless payment technology technology and fraud protections have advanced enough for firms to adjust the limit First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630556/UK-contactless-card-payment-limits-could-be-unlimited
-
SMARTinfeld zeigt erprobte IoT-Lösungen für Dörfer, Regionen und Städte
Auf der Smart Country Convention zeigen Alpha-Omega Technology und drei Partner des iot-shop auf 30 Quadratmetern beispielhaft aktuell gefragte Produkte und Lösungen für IoT-Projekte: First seen on infopoint-security.de Jump to article: www.infopoint-security.de/smartinfeld-zeigt-erprobte-iot-loesungen-fuer-doerfer-regionen-und-staedte/a41949/
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
AI powered autonomous ransomware campaigns are coming, say experts
CSO, “it is entirely possible that criminals beat them to it. I have already seen AIs that can do scans, write malware, identify which resources are most valuable, [and more]. It is no surprise that someone found a way to have an AI automate such functions.”Grossman advised CISOs to continue implementing security controls under frameworks…
-
AI in Government
Just a few months after Elon Musk’s retreat from his unofficial role leading the Department of Government Efficiency (DOGE), we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Even so, we must not lose sight…
-
AI in Government
Just a few months after Elon Musk’s retreat from his unofficial role leading the Department of Government Efficiency (DOGE), we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Even so, we must not lose sight…
-
ICYMI: Exposure Management Academy on Attack Surface Management, Proactive Security and More
Tags: ai, attack, best-practice, business, cio, cloud, cybersecurity, data, data-breach, group, Internet, jobs, office, risk, skills, technology, threat, update, vulnerability, vulnerability-management, zero-dayEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we look back on the guidance and best practices shared in the past several months. You can read the entire Exposure Management Academy series here. Let’s look back at key…
-
ICYMI: Exposure Management Academy on Attack Surface Management, Proactive Security and More
Tags: ai, attack, best-practice, business, cio, cloud, cybersecurity, data, data-breach, group, Internet, jobs, office, risk, skills, technology, threat, update, vulnerability, vulnerability-management, zero-dayEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we look back on the guidance and best practices shared in the past several months. You can read the entire Exposure Management Academy series here. Let’s look back at key…
-
How to Secure Grants for Technology and Data Security Projects
Learn how to secure grants for technology and data security projects by aligning mission impact, funder priorities, and building strong project plans. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-to-secure-grants-for-technology-and-data-security-projects/
-
How to Secure Grants for Technology and Data Security Projects
Learn how to secure grants for technology and data security projects by aligning mission impact, funder priorities, and building strong project plans. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-to-secure-grants-for-technology-and-data-security-projects/
-
10 security leadership career-killers, and how to avoid them
Tags: ai, breach, business, ciso, control, cybersecurity, incident response, intelligence, jobs, resilience, risk, security-incident, service, skills, strategy, technology, threat, tool2. Being just a technologist rather than a business executive, too: To align security with enterprise strategy, security professionals need to be business leaders, too, says Ryan Knisley, former CISO of The Walt Disney Co. and Costco Wholesale.That remains a struggle for many CISOs, who still tend to ascend through the security organization and not…
-
Wealthsimple Data Breach User Information Leaked Online
Canadian financial technology company Wealthsimple disclosed a data security incident on September 5, 2025, revealing that personal information belonging to less than one percent of its clients was accessed without authorization. The breach, which was detected on August 30, has prompted the company to implement enhanced security measures and offer comprehensive support to affected customers.…
-
Czech cyber agency warns against Chinese tech in critical infrastructure
The Czech Republic’s National Cyber and Information Security Agency (NUKIB) is instructing critical infrastructure organizations in the country to avoid using Chinese technology or transferring user data to servers located in China. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/czech-cyber-agency-warns-against-chinese-tech-in-critical-infrastructure/
-
ID.me Gets $340M in Series E to Scale, Tackle Deepfake Fraud
Series E Funding at $2B Valuation Fuels Fraud Defense, Identity Tech Buildout. Washington D.C.-area identity verification provider ID.me has raised $340 million to develop fraud-fighting technology and prepare for long-term expansion. The investment supports product innovation to stop AI threats such as deepfakes and fake businesses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/idme-gets-340m-in-series-e-to-scale-tackle-deepfake-fraud-a-29381
-
Catalog the Crown Jewels: First Step in Breach Readiness
Yes, our worst nightmares are probably about to happen. WIRED has just reported that “The Era of AI-Generated Ransomware Has Arrived.” What’s more, the U.S.-based artificial intelligence (AI) company Anthropic admitted that its technology has been weaponized by hackers to carry out sophisticated cyberattacks. Let’s face it. If you thought being breach-ready was something you……