Security researchers have uncovered more evidence that the North Korean Lazarus group is responsible for the software supply chain attack on 3CX, a voice and video calling desktop client used by major multinational companies. Tools and code samples match previous Lazarus hacks.
Italian regulators announced Friday an effective ban on ChatGPT after determining that artificial intelligence firm OpenAI likely engaged in a massive illegal collection of personal data. The agency gave OpenAI until April 19 to address its concerns or potentially face fines.
Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In focus between March 24 and 30: SafeMoon, an update on Euler Finance, crypto-stealing Clipper malware, BitKeep, theft fail at Swerve Finance, THORChain, APT43 and an update on ParaSpace.
A slew of top tech executives and artificial intelligence researchers called for a minimum half-year pause on advanced artificial intelligence systems. Tech giants already have fallen into a race to see who can be the quickest to incorporate AI into their products.
Airbus has halted efforts to buy a 29.9% stake in Atos' $5.76 billion Evidian cybersecurity, big data and digital business. The aircraft manufacturer walked away from the transaction after determining it "does not meet the company's objectives in the current context and under the current structure."
"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.
North Korean hackers are stealing cryptocurrency to fund operations under an apparent mandate from Pyongyang to be self-sufficient, threat intel firm Mandiant says. The regime probably expected its hackers to pay their own way before 2020, but the novel coronavirus pandemic exacerbated its demands.
Recent high-profile breaches resulting from API attacks are "just the tip of the iceberg," said Gartner analyst Dionisio Zumerle. "What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating."
Studies indicate that on average most enterprises use 25 to 49 security tools sourced from up to 10 different vendors. To make this environment easier to manage, CISOs should adopt an integrated approach driven by consolidation and automation, says Microsoft's Terence Gomes.
OT and SCADA security must be designed around protecting system availability, understanding OT-specific protocols and blocking attacks that target legacy systems commonly used in OT environments. CISO Hitesh Mulani of Mahindra & Mahindra shares advice on implementing OT security.
The business world is going through a phase of hyper transformation and hyper digitalization. So, the building blocks of a cybersecurity strategy are quite different from what they were a few years ago. CISOs now need to prioritize threats in the context of their businesses.
The increasing volume, frequency and sophistication of cyberattacks has made cyber resiliency a top priority for security leaders. But there are certain roadblocks to overcome before an organization can be cyber resilient, advise Samir Mishra and Navin Mehra of Cisco.
Prior to the COVID-19 pandemic, the roles and responsibilities of CISOs were centered around protecting IT infrastructure. Today, however, the role has changed and is closely aligned with the business and its associated risks. A CISO is also the custodian of digital trust and privacy.