CSO Online

"UK Parliament follows government by banning TikTok over cybersecurity concerns."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 24 March 2023, 1354 UTC.  Content provided by "CSO Online."

Source:  https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.csoonline.com%2Findex.rss ("CSO Online").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

CSO Online

17K followers29 articles per week#security#ciso#tech


The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and the wider parliamentary network,” a move that TikTok has described as “misguided” and “based on fundamental misconceptions” about the company. The lates
Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (Ma
The furor surrounding ChatGPT remains at a fever pitch as the ins and outs of the AI chatbot’s potential continue to make headlines. One issue that has caught the attention of many in the security field is whether the technology’s ingestion of sensitive business data puts organizations at risk. There is some fear that if one inputs sensitive information — quarterly reports, materials for an inter


Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software. Security researchers from threat intelligence firm Intel 471 first spotted Are
The mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks. Does the evidence corroborate the theory that the ongoing conflict in Europe is to blame for the rise in wipers? Indeed. Furthermore, given that Russia is the main source of wiper activity, one can anticipate an increase in the use of wipers against countries and organizations that provide aid,
Intel has introduced its 13 th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise a 70% reduction in attack surface compared to four-year-old PCs. Windows 11 systems can also take advantage of vPro’s memory encryption
The ongoing cybersecurity talent shortage presents challenges for organizations everywhere. As critical roles remain vacant far too long, already overburdened IT and security teams are grappling with a long list of responsibilities to safeguard their corporate networks, and that’s just the tip of the iceberg. Meanwhile, cybercriminals show no signs of slowing, launching new, more sophisticated at
MLflow, an open-source framework that's used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn't implement authentication by defau
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors. The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight. To read this a

MAR 22

Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility and are subject to long hours of work and high pressure in an unpredictable and constantly shifting landscape. Many secu
Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. With threats coming from every direction—emails on company computers, text, and voice messages on mobile devices and in personal communications channels, malicious typosquatting sites, phony marketing QR codes, and more—it’s only a matter of time before someone trips up and opens or clicks on s
Most companies now recognize the serious and insidious nature of cybersecurity threats. But many fail to grasp that the digital transformation, remote work, automation, and cloud migration activities of the last few years have turbocharged the number of identities seeking access to data and critical business systems. This surge in identities has exponentially increased the likelihood of cyberatta
In recent years, cybersecurity has become a board-level issue resulting in several executives taking greater responsibility in cybersecurity-related decisions. As a result, the CISO is no longer a technical subject matter expert but an executive risk manager who shares a responsibility matrix with the board of directors, CEOs, and other executives to make informed risk decisions. At the highest l
New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.
It wasn’t too long ago that using a single cloud for some business operations was cutting-edge technology. Now the cloud is essential for accelerating growth, improving efficiency, and remaining competitive. Most organizations have multiple cloud environments deployed, in addition to private cloud and on-premises environments. In fact, in a soon-to-release CyberArk survey, 85% of respondents said
Organizations are experiencing explosive growth in identities—both machine and human. In fact, machine identities now outnumber human identities 45:1. And in 2023, the total number of identities is expected to at least double. With new norms such as hybrid work, public cloud adoption and rapid innovation, the reality is that organizations are facing a constant onslaught of identity-related attack
Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available -- the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don't have a patch available -- the zero-day flaws -- requ
The UK and Israeli governments have signed a landmark agreement to define bilateral relations between the two countries and boost mutual cybersecurity advancement until 2030. The 2030 Roadmap for Israel-UK Bilateral Relations is the culmination of efforts that began with the signing of a Memorandum of Understanding in November 2021 to work more closely over the next decade on security, technology


Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.