Cybersecurity authorities issued a road map Thursday detailing how software manufacturers should go about baking security into their design processes. The document details how manufacturers should adjust their design and development programs to ensure software is secure.
Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.
Companies have rapidly adopted digital strategies to fuel growth and profitability, yet many of these changes have inadvertently accelerated the risk of cyberattacks. As evidenced by the recently released 2023 OpenText Cybersecurity Threat Report, cybercriminals are taking advantage of these gaps.
The launch of Microsoft's Security Copilot may have attracted the most attention in the market since it was developed by the company that brought generative AI chatbots to the masses, but it's neither the first nor the only security product to incorporate OpenAI's ChatGPT into its design.
Federal regulators have issued proposed changes to the HIPAA privacy rule aimed at protecting reproductive healthcare information from disclosures or uses involving law enforcement and related purposes in the wake of the Supreme Court last year overturning Roe v. Wade.
The cybercrime economy appears to remain alive and well: Compared to last year, researchers report seeing an increase in the number of known ransomware victims as well as initial access listings, which facilitate such attacks. The impact the takedowns of BreachForums and Genesis remains to be seen.
Further punishment of Moscow-based Kaspersky by the Biden administration could be the final nail in the coffin of the company's deeply wounded North American business. The U.S. Commerce Department is weighing enforcement action against the Russian cybersecurity giant under its online security rules.
Apple issued security updates to address two zero-day vulnerabilities being actively exploited in the wild and targeting iPads, Macs and iPhones. Both vulnerabilities can lead to arbitrary code execution, but Apple said it found no exploits related to cybercrime or nation-state groups.
Regulators are scrutinizing the use of website tracking codes and analytics such as Meta Pixel and Google Analytics. Health entities must carefully assess how those tools are being used on their health-related websites, say privacy attorneys Cory Brennan of Taft and Mark Swearingen of Hall Render.
Warning to criminals: Could that cybercrime service you're about to access really be a sting by law enforcement agents who are waiting to identify and arrest you? That's the message from British law enforcement agents, who say they're running multiple DDoS-for-hire sites as criminal honeypots.
OpenText, Varonis and Forcepoint joined Google and Microsoft atop Forrester's data security rankings, while Trellix and Broadcom fell from the leaders category. Data protection historically focused on delivering security controls, but firms are increasingly looking to address adjacent use cases.
Before he became a chief technical security officer at Qualys, Josh Hankins was a cybersecurity leader in financial services. He learned how security audit failures are increasingly costly, and he devised new strategies for audit preparation. He shares his insights here.
The sheer volume of federal regulations in place makes it almost impossible for agencies to monitor and comply with all of them, much less understand the impact of new ones. Nick Graham of Skyhigh Security explores the many compliance challenges - and how to overcome them.
More threat actors are dedicated to attacking industrial organizations, and that increasing volume and sophistication of attacks has left organizations clamoring for suppliers with expertise in safeguarding OT infrastructure, said Rockwell Automation's Mark Cristiano.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.