Not so long ago, security organizations rallied behind best of breed security solutions. But now, trying to reduce tech debt, rationalize tools and consolidate vendors, there is a push for the platform approach. Cisco's Amilcar Alfaro talks about how to tap into the platform advantage.
This week: A crackdown on Hamas' cryptocurrency accounts, more revelations from the trial of Sam Bankman-Fried, Voyager Capital settles with the U.S. Federal Trade Commission - while former CEO Stephen Ehrlich does not - and Elliptic says hackers have cumulatively laundered $7 billion to date.
Attackers have been actively exploiting vulnerabilities in the HTTP/2 protocol via so-called rapid request attacks, which Amazon Web Services, Cloudflare and Google report have led to record-breaking distributed-denial-of-service attacks. Experts recommend immediate patching or mitigation.
As organizations face the constant threat of ransomware attacks, it's essential to understand the nature of this pervasive threat and how organizations can respond effectively, said Angus Clarke, vice president, BSO, Mastercard. The obvious answer is never pay a ransom - most of the time.
The violent surprise attack on Israel by Hamas and the region's escalating war spotlights the critical importance of situational awareness, and especially for healthcare organizations that rely on medical or tech products from Israeli technology firms, said Denise Anderson, president of the H-ISAC.
Pentera got through the attacks on Israel with no injuries among its 180 local employees, and now 20 workers have been called up to serve in infantry or intelligence units. The automated security validation firm's CEO now only wants to do business with people who support Israel's right to defend itself.
The Ukrainian government says it will regulate AI, a step it portrays as a way to draw closer to the European Union, where rules for AI systems are close to approval. New rules will enable access to global markets and closer integration with the EU, the Ministry of Digital Transformation said.
Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers' location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder software, opening a permanent backdoor for unauthenticated attackers.
Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Firms using large language models that power gen AI-powered tools must consider security and privacy aspects such as data access, output monitoring and model security before jumping on the bandwagon, said Troy Leach of Cloud Security Alliance. "Everything is going to be AI as a service," Leach predicted.
More than five dozen British lawmakers across political parties and privacy organizations called for an "immediate stop" to real-time facial recognition in the United Kingdom. Live facial recognition faces a ban in Europe and its use by police is banned in a handful of U.S. jurisdictions.
How did Israeli intelligence fail to spot and stop the deadly assault on Saturday by Hamas militants? Experts suggest planners used offline tactics and extreme compartmentalization to prevent leaks and evade well-known Israeli cyberespionage and digital surveillance capabilities.
The use of generative AI is being "highly explored" in healthcare and has great promise for a variety of applications, but it needs to be scrutinized closely, said Erik Decker, vice president and CISO of Intermountain Health and a cybersecurity adviser to the federal government.
Veracode, Synopsys and Checkmarx remain atop Forrester's static application security testing list, while Micro Focus fell from the leaderboard after the OpenText buy. Firms have gone beyond evaluating the security of code itself and now assess the safety of the infrastructure the code is running on.
Being an independent firm under TPG's ownership will allow Forcepoint G2CI to invest in defense-grade cyber tools such as insider threats and content disarm and reconstruction. Separating Forcepoint's government security practice will allow it to focus on secure remote access to classified networks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.