Infosecurity News
Americans Receive Two Billion Spam Calls Per Month
Truecaller warns malicious calls make up the majority
DarkReading
General Electric, DARPA Hack Claims Raise National Security Concerns
Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.
Infosecurity News
UK Publishes First Guidelines on Safe AI Development
NCSC and CISA effort endorsed by 18 countries
SecurityWeek
Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons
The U.S. military is increasing use of artificial intelligence (AI) technology that will fundamentally alter the nature of war.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Infosecurity News
Cyber-Attack Disrupts UK Property Deals
A legal sector specialist infrastructure service provider has experienced a service outage that is impacting up to 200 conveyancing firms across the UK
CyberNews
Spotify’s new royalties scheme angers indie musicians
Tech has waded into another feud with artists – and for once, it’s not related to the use of AI. Musicians aren’t happy with Spotify’s new royalty scheme.
SecurityWeek
Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OK
Broadcom has cleared all regulatory hurdles and will complete its $69 billion acquisition of cloud technology company VMware.
Infosecurity News
British Library: Ransomware Attack Led to Data Breach
Reports suggest employee data is up for sale
CyberNews
Exclusive-OpenAI researchers warned board of AI breakthrough ahead of CEO ouster -sources
Ahead of OpenAI CEO Sam Altman’s firing, staff researchers sent the Board a letter warning of a powerful artificial intelligence discovery that could threaten humanity.
CyberNews
Former OpenAI staffers slam CEO Sam Altman in new tell-all letter
Elon Musk is sent an anonymous letter dissing OpenAI’s Sam Altman - allegedly written by former OpenAI employees - and released hours before Altman is reinstated as CEO.
SecurityWeek
Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board
OpenAI reached an agreement for Sam Altman to return to OpenAI as CEO with a new initial board of directors, after he was fired a week prior.
CyberNews
OpenAI reinstates Sam Altman as CEO
Sam Altman to return as CEO of OpenAI.
CyberNews
Judge finds evidence that Tesla, Musk knew about Autopilot defect
According to a ruling, there is a "reasonable evidence" that Tesla Chief Executive Elon Musk and other managers knew vehicles had a defective Autopilot system but still allowed the cars to be driven unsafely.
The Record
Rebel offensive in Myanmar takes aim at online scam industry
An alliance of rebel groups in northern Myanmar is preparing to lay siege to the city of Laukkaing — a hub of the country’s flourishing cyber-scamming industry that has drawn criticism from Beijing.
CyberNews
OpenAI board, Altman in talks for return of former CEO
Sam Altman and OpenAI's board have opened up discussions to bring back the former CEO and founder of the AI startup, while investors seek legal action.
SecurityWeek
LLM Security Startup Lasso Emerges From Stealth Mode
Lasso Security raises $6 million in seed funding to tackle cyber threats to secure generative AI and large language model algorithms.
Ars Technica
95% of OpenAI employees have threatened to quit in standoff with board
OpenAI's future hangs in the balance as staff says they'll join former CEO at Microsoft.
CyberNews
The Grinch stole the Holidays: how bots affect Black Friday
Bot use in online shopping is driving prices far above the rate of inflation. During the busiest shopping season of the year, bots are causing headaches for both shoppers and retailers.
Infosecurity News
US Cybersecurity Lab Suffers Major Data Breach
Idaho National Laboratory is also a center for nuclear research
CyberNews
Salesforce and other rivals want to recruit unhappy OpenAI researchers
The recruitment drive has begun. Marc Benioff, CEO of software company Salesforce, has said that he will match the salary of any researcher who resigns from OpenAI.
The Record
Binance agrees to pay $4.3 billion for money laundering violations, CEO steps down
Binance, the largest cryptocurrency exchange in the world, agreed to pay more than $4 billion in settlements with several U.S. law enforcement agencies after years of investigations uncovered widespread criminal use of the platform.
Ars Technica
OpenAI employees revolt after board names new CEO and Altman heads to Microsoft
Ilya Sutskever announces regret; 505 OpenAI employees sign letter asking board to resign.
CyberNews
Hundreds of OpenAI staff threaten to resign and join Altman at Microsoft
After OpenAI's board confirmed that Sam Altman would not return as the firm’s CEO, most of its employees said they would resign en masse if the decision wasn't reversed.
SecurityWeek
Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing
Microsoft hired ex-Open AI chief Sam Altman and another architect of OpenAI for a new venture after their sudden departures.
The Hacker News
Why Defenders Should Embrace a Hacker Mindset
Prioritizing cybersecurity is key. Learn how to prioritize remediation based on impact and protect your organization's crown jewels.
CyberNews
Tech whiz kid Sam Altman is out of OpenAI for good: what happened?
Sam Altman, the ousted CEO of ChatGPT creator OpenAI, will definitely not return to the company he co-founded. It’s time to ask what happened.
CyberNews
Microsoft hires Sam Altman as OpenAI announces his replacement
OpenAI has appointed ex-Twitch boss Emmett Shear to lead the startup, replacing Sam Altman who will join the company's top backer Microsoft to lead a new advanced AI research team, the CEO of the software giant said.
Security Affairs
Security Affairs newsletter Round 446 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Ars Technica
OpenAI board attempts to hit “Ctrl-Z” in talks with Altman to return as CEO
Cleared of malfeasance, Altman's unpopular firing may be undone—if he's interested.
Ars Technica
Details emerge of surprise board coup that ousted CEO Sam Altman at OpenAI
Microsoft CEO Nadella "furious"; OpenAI President and three senior researchers resign.
SecurityWeek
ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company
Open AI fired CEO Sam Altman, Mira Murati, OpenAI’s chief technology officer, will take over as interim CEO effective immediately.
Ars Technica
OpenAI President Greg Brockman quits as nervous employees hold all-hands meeting
After Altman firing, Microsoft has "utmost confidence" in partner OpenAI.
Security Affairs
The board of directors of OpenAI fired Sam Altman
OpenAI fired its CEO Sam Altman, and the Chief technology officer Mira Murati appointed interim CEO to lead the company.
CyberNews
OpenAI CEO Sam Altman asked to step down
OpenAI has announced that its CEO Sam Altman is leaving the company after board members determined he was no longer fit for the role.
CyberNews
European Commission, IBM pull ads from Elon Musk’s X
The EU’s executive branch said advertising on X posed “reputational damage” while IBM pulled ads after they were displayed next to Nazi content.
Infosecurity News
CSA Launches First Zero Trust Certification
The CCZT program incorporates foundational principles from leading sources such as CISA and NIST
SecurityWeek
Bad Bots Account for 73% of Internet Traffic: Analysis
A new report estimates that 73% of all internet traffic currently (Q3, 2023) comprises bad bots and related fraud farm traffic.
Infosecurity News
Sandworm Linked to Attack on Danish Critical Infrastructure
A report described the coordinated attack, in which 22 critical infrastructure firms were targeted
CyberSecurity Dive
Clorox CISO departs months after cyberattack
The C-suite change comes in the aftermath of a cyberattack that damaged IT infrastructure, led to widespread disruption and negatively impacted earnings.
CyberSecurity Dive
Cisco looks to Splunk for security business growth
Security remains a small part of Cisco’s business, but Splunk could bolster the company’s ability to grow and improve other offerings.
The Record
MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC
Ransomware group AlphV claimed on its leak site that it reported MeridianLink to the Securities and Exchange Commission (SEC) for not informing the regulator of a cyberattack.
The Record
Customs and Border Protection acquired ‘huge amount of surveillance power’
LexisNexis Risk Solutions provided CBP with capabilities such as collecting geolocation data, monitoring social media accounts and tracking cell phone call histories for non-U.S. and U.S. residents alike, according to documents obtained by an advocacy group.
SecurityWeek
Application Security Startup Aikido Security Raises €5 Million
Aikido Security has raised €5 million (~$5.4 million) in seed funding for an all-in-one application security platform.
CyberNews
X kept 98% of posts reported for hate against Israelis and Palestinians
The Center for Countering Digital Hate (CCDH) published a study claiming that X continued to host 98% of 200 hate posts that were reported by researchers.
CyberNews
Singapore to build nationwide quantum-safe network
Singapore picks two local companies that will collaborate with Toshiba to build Southeast Asia’s first quantum-safe network to future-proof its systems.
SecurityWeek
RADICL Adds $9 Million in Funding to Fortify Cyber Defenses of SMBs in Defense Industrial Base
RADICL, a cybersecurity firm providing threat protection to SMBs operating in the DIB, announced $9M of additional early-stage funding.
CyberNews
Alien Illuminati Lizard stirs skepticism in its newly launched conspiracy test
Academics have launched an interactive game to promote critical thinking and debunk some of the most prominent conspiracy theories.
The Record
Google to distribute 100,000 Titan Security Keys to high-risk users
The company said it would hand out the keys at no cost to people working in governments around the world, particularly those involved in the administration of elections.
SecurityWeek
Zip Raises $7.7 Million to Expand SMB Cybersecurity Business
Zip Security raised $7.7 million in funding led by General Catalyst, co-led by Human Capital, and with participation from Box Group.
CSO
Cohesity taps Amazon for generative AI, cloud-based security
: The cloud-based data management provider said today that its many of its generative AI features will soon be available on Amazon Bedrock.
CyberSecurity Dive
Henry Schein says customer data breached in cyber incident
The company lowered its 2023 sales and earnings forecasts in response to the incident, which took some of its distribution systems offline.
CyberNews
Hacking the sky: planes need patching, too – interview
Cyber assaults on the aviation sector carry more serious repercussions than mere data theft or DDoS attacks.
Cyber Security News
SentinelOne Set to Acquire a Cybersecurity Consulting Firm, Krebs Stamos Group
In a strategic move aimed at addressing the escalating challenges posed by cyber threats in today's interconnected world, SentinelOne, a global leader in AI security, has unveiled the PinnacleOne Strategic Advisory Group.
SecurityWeek
Cavelo Raises CA$5 Million for Attack Surface Management Platform
Cavelo has raised CA$5 million (~US$3.6 million USD) to help organizations comply with data protection regulations.
CyberSecurity Dive
As Congress weighs budget priorities, top cyber execs urge CISA funding support
The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.
Infosecurity News
ICBC and Allen & Overy Hit By Ransomware
Multinationals believed to have been targeted by LockBit
CyberNews
Apple co-founder Wozniak suffers possible stroke in Mexico
Apple co-founder Steve Wozniak was hospitalized in Mexico City due to a possible stroke.
CyberSecurity Dive
MGM Resorts anticipates no further disruptions from September cyberattack
The company expects insurance to cover more than $100 million in losses stemming from lost bookings and disruptions at its Las Vegas properties.
Infosecurity News
OpenAI Reveals ChatGPT Is Being DDoS-ed
OpenAI has admitted DDoS attacks are the cause of intermittent ChatGPT outages since November 8
The Record
Industrial and Commercial Bank of China dealing with LockBit ransomware attack
The ransomware attack on China's largest bank impacted trading on the U.S. Treasury market.
CyberNews
Despite pledges not to pay, ransoms are here to stay
Cybernews asked more than 30 experts from various fields if they’d be willing to pay a ransom in the event of a cybersecurity breach.
CSO
Eclypsium launches supply chain security guide to track risks and incidents
The guide offers supply chain risk intelligence for IT infrastructure including endpoints, servers, network devices, and cloud infrastructure products.
The Hacker News
Offensive and Defensive AI: Let’s Chat(GPT) About It
Get the full story on the dangers of the rapidly growing consumer application, ChatGPT, and learn how to resist cyber crime.
Ars Technica
OpenAI introduces GPT-4 Turbo: Larger memory, lower cost, new knowledge
Novel-sized context window, DALL-E 3 API, more announced on OpenAI DevDay 2023.
The Record
Data brokers are selling US service members’ secrets, researchers find
Vast amounts of highly sensitive data on American military service members are up for sale by data brokers — with possible national security implications.
CyberNews
Sam Bankman-Fried convicted of multi-billion dollar FTX fraud
Bankman-Fried has been jailed since August after Kaplan revoked his bail, having concluded he likely tampered with witnesses.
The Record
Cyber experts and officials raise alarms about exploits against Citrix and Apache products
The zero-day bugs affecting products from Citrix and Apache have critical severity scores and require immediate attention, experts warned.
CyberNews
TikTok responds to charges of antisemitism as it battles misinformation
A TikTok blog post, released Thursday, aims to dispel accusations that the social app is pushing a political agenda regarding the still unfolding Israel-Hamas conflict.
Bleeping Computer
Ace Hardware says 1,202 devices were hit during cyberattack
Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers.
SecurityWeek
FusionAuth Snags $65 Million Investment for Customer Identity Tech
Colorado startup raises new capital from Updata Partners to build out its customer authentication and authorization technology.
SecurityWeek
Former SpaceX Engineers Get $8 Million in Funding for AI Security Firm Wraithwatch
Former SpaceX cybersecurity engineers launch Wraithwatch, an AI-based security firm that received $8 million in seed funding.
Ars Technica
This tiny device is sending updated iPhones into a never-ending DoS loop
No cure yet for a popular iPhone attack, except for turning off Bluetooth.
Infosecurity News
AI Safety Summit: OWASP Urges Governments to Agree on AI Standards
The OWASP Foundation has released a call to action ahead of the UK’s AI Safety Summit
CyberSecurity Dive
For the SEC, the fraud case against SolarWinds is a cybersecurity warning shot
Legal, risk management and cybersecurity experts say companies are now on notice to prioritize internal controls, investor transparency and material disclosure requirements.
Cyber Security News
Next Generation CVSS v4.0 Vulnerability Scoring System Released: What's New!
FIRST, the Forum of Incident Response and Security Teams has recently unveiled the latest version of their Common Vulnerability Scoring System (CVSS).
Bleeping Computer
New CVSS 4.0 vulnerability severity rating standard released
The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.
SecurityWeek
Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks
The AI Safety Summit focused on cutting-edge “frontier” AI that some scientists warn could pose a risk to humanity’s very existence.
Computerworld
Splunk cuts 7% of workforce ahead of Cisco acquisition
The layoffs are happening in the wake of a market retraction, Splunk CEO Gary Steele said.
Computerworld
New Jamf CEO John Strosahl on Apple in the enterprise, Jamf's future
John Strosahl became CEO in September when he took over from Dean Hager. We caught up with him to discuss Apple's growing role in the enterprise and the future of his company.
CyberSecurity Dive
Splunk to cut 7% of staff in latest layoff round this year
CEO Gary Steele said the cuts, which largely impact employees in the U.S., are not related to Cisco's deal to acquire the company.
CyberSecurity Dive
Caesars shakes off cyberattack with strong Q3 Las Vegas demand
The casino operator, however, faces extensive litigation and government inquiries following theft of its customer rewards database.
SecurityWeek
Cutting-Edge AI Raises Fears About Risks to Humanity. Are Tech and Political Leaders Doing Enough?
Many people are raising the alarm about AI’s as-yet-unknown dangers and calling for safeguards to protect people from its existential threats.
SecurityWeek
SIEM and Log Management Provider Graylog Raises $39 Million
Graylog secured $39 million in funding to accelerate product development and scale its go-to-market operations.
CSO
Cybersecurity workforce shortage reaches 4 million despite significant recruitment drive
A new study suggests cybersecurity skills gaps can be worse than total workforce shortages.
CyberSecurity Dive
Global cybersecurity workforce grows, but still confronts shortfall of 4M people
Despite growing to 5.5 million professionals worldwide, a study by ISC2 shows the industry still needs millions of qualified workers to defend against rising digital threats.
Infosecurity News
Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
ISC2’s CEO says the c-suite appears to be more concerned with economic risk than cyber risk
Infosecurity News
SEC Charges SolarWinds and CISO With Misleading Investors
Complaint alleges company overstated security posture and understated risks
CSO
SEC sues SolarWinds and its CISO for fraudulent cybersecurity disclosures
SEC has accused SolarWinds and its CISO of understating cybersecurity risks to stakeholders and said the company missed numerous red flags.
Computerworld
What exactly will the UK government's global AI Safety Summit achieve?
With the first global AI Safety Summit beginning in the UK on Nov. 1, questions remain over whether the event will facilitate a meaningful outcome and if there will ever be a global consensus on AI regulation.
Bleeping Computer
LastPass breach linked to theft of $4.4 million in crypto
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents.
Ars Technica
Windows CE, Microsoft’s stunted middle child, reaches end of support at 26 years
From netbooks and PDAs to ATMs, voting kiosks, and ungainly presidential phones.
CyberSecurity Dive
SEC charges SolarWinds, its CISO with fraud
The company allegedly misled investors regarding its cybersecurity practices and failed to disclose known risks, according to a complaint.
Infosecurity News
Report Links ChatGPT to 1,265% Rise in Phishing Emails
The SlashNext report also found a noteworthy 967% increase in credential phishing attacks
SecurityWeek
Whistleblowers: Should CISOs Consider Them a Friend or Foe?
Are whistleblowers a danger to corporate brand image, and an insider threat? Or can they be used to strengthen cybersecurity and compliance?
The Record
White House prepares broad AI order including security and safety rules
“The actions that President Biden directed today are vital steps forward in the U.S.’s approach on safe, secure, and trustworthy AI,” the White House said.
SecurityWeek
In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Noteworthy stories that might have slipped under the radar: Ex-NSA employee spying for Russia, EU threat landscape, cyber education funding
SecurityWeek
AI Security Firm Cranium Raises $25 Million
AI cybersecurity firm Cranium has raised $25 million in Series A funding, which brings the total investment in the company to $32 million.
Infosecurity News
CISOs Can Elevate Their Role with New Cyber Regulations
New regulations, such as the recent SEC incident reporting requirements, offer huge opportunities for CISOs to boost their influence
SecurityWeek
Day 3 of SecurityWeek's 2023 ICS Cybersecurity Conference — Challenges and Solutions
SecurityWeek’s 2023 ICS Cybersecurity Conference continues in Atlanta, with challenges and solutions the focus of Day 3.
Computerworld
White House to issue AI rules for federal employees
President Biden is expected to announce new rules requiring government agencies to more fully assess AI tools to ensure they're safe and don't expose sensitive information. The government is also expected to loosen immigration policies for tech-savvy workers.
Infosecurity News
Seiko “BlackCat” Data Breach: 60,000 Records on the Line
The breach exposed Seiko Watch Corporation customer, employment and personnel information
SecurityWeek
New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding
A new project aims to make it easier for PLC programmers to implement secure coding practices by cataloging useful files and functions
CyberSecurity Dive
Microsoft touts demand for its security services in fiscal Q1, driven by AI appetite
The company said it is gaining market share in the cybersecurity segment and is opening access to its AI-based Security Copilot after an early preview.
Infosecurity News
Purchase Scams Surge as Fraud Losses Hit £580m
APP fraud remains a major challenge for UK banking sector
CyberSecurity Dive
LastPass working through ‘systemic’ security overhaul
“We didn’t just address the issues that were the cause of the breach,” CEO Karim Toubba said. Still, nearly 1 in 10 customers are fleeing the password manager.
Infosecurity News
AI to Create Demand for Digital Trust Professionals, ISACA Survey Find
Most digital trust professionals believe AI will have a positive impact on their jobs, and 23% think the number of jobs could increase because of AI
Computerworld
Android’s new biometric spec for 'strong security' is anything but
When Google rolled out its latest biometrics specs for Android devices, its top-level 'strong security' option allowed “a spoof and imposter acceptance rate not higher than 7%.” Most biometrics specialists argue that's much too high; a target of 1% is far more realistic.
The Record
Delete-your-data laws have a perennial problem: Data brokers who fail to register
Laws requiring data brokers to register with state governments are not protecting the public the way they should, experts say, because enforcement has been inadequate.
Bleeping Computer
Cisco patches IOS XE zero-days used to hack over 50,000 devices
Cisco has addressed the two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise tens of thousands of IOS XE devices over the past week.
Bleeping Computer
Number of hacked Cisco IOS XE devices plummets from 50K to hundreds
The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline.
SecurityWeek
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
SecurityWeek
Fraud Detection Firm Spec Raises $15 Million
Silicon Valley fraud detection startup attracts $15 million in new financing from SignalFire, Legion Capital and Rally Ventures.
Bleeping Computer
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day
More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198.
Infosecurity News
US Charge Man with Running Stolen Credentials Marketplace
Authorities believe the E-Root marketplace listed more than 350,000 computer credentials for sale
Ars Technica
At TED AI 2023, experts debate whether we’ve created “the new electricity”
Is AI going to replace us all, or is it just humanity's newest tool?
Infosecurity News
ISACA CEO Hails Europe as a Lighthouse of Capability
ISACA's new CEO highlights growth of its European membership as the Association works on an aggressive growth strategy
SecurityWeek
Fraud Prevention Firm Fingerprint Raises $33 Million
Fingerprint has raised $33 million in a Series C funding round to expand presence into the enterprise market.
Infosecurity News
Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats
The Five Eyes intelligence agencies want start-ups dealing with cutting-edge technology to bolster their protections against nation-state threats
Bleeping Computer
D-Link confirms data breach after employee phishing attack
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month.
CyberScoop
Mandia: China replaces Russia as top cyber threat
Beijing's growing sophistication in cyberspace is making China an increasingly potent adversary, according to Kevin Mandia.
Bleeping Computer
Fighting off cyberattacks? Make sure user credentials aren’t compromised
Login credential theft presents one of the biggest and most enduring cybersecurity problems. This article by Specops SOftware looks at the motivations driving credential theft and the tactics bad actors are likely to use.
Bleeping Computer
Over 10,000 Cisco devices hacked in IOS XE zero-day attacks
Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants.
The Hacker News
Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge
The cybersecurity world faces a new threat: malicious Generative AI, including FraudGPT & WormGPT. How do they impact our digital safety?
Infosecurity News
Signal Disputes Alleged Zero-Day Flaw
Reports emerged over the weekend regarding a zero-day exploit in the messaging app
The Record
Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach
Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats on Friday afternoon.
CyberNews
Voyager slapped with assets ban after $1B loss fiasco
Federal Trade Commission (FTC) reaches settlement with bankrupt cryptocurrency company Voyager after it lost $1 billion.
The Record
EPA says litigation from Republicans, water companies forced withdrawal of cybersecurity memo
The U.S. Environmental Protection Agency (EPA) has decided to rescind a memorandum establishing new cybersecurity guidelines for water systems across the country after Republican lawmakers and water companies filed a lawsuit against the measure.
CyberNews
EU: TikTok has 24 hrs to set disinformation plan in wake of Hamas attack
TikTok given 24 hours by EU Chief Thierry Breton to detail measures to counter the spread of disinformation following Palestinian Islamist group Hamas' attack on Israel.
DarkReading
Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach
Joe Sullivan's lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs.
Infosecurity News
Fifth of UK Cybersecurity Pros Work Excessive Hours
Workload is biggest concern for industry professionals
Infosecurity News
US Smashes Annual Data Breach Record With Three Months Left
Volume of data compromises already exceeds previous high by 14%
CyberScoop
Long-awaited curl vulnerability flops
The flaw in the widely used open source software package was expected to be the next great catastrophe in computer security.
CyberNews
"AI would've invented Bitcoin": is BTC and AI a match made in heaven?
AI and Bitcoin are a potentially perfect match as both technologies continue to scale
The Record
Exclusive: Inside Ukraine’s secret drone factories
The Click Here podcast team goes inside Ukraine’s military drone industry, where entrepreneurs are putting innovative weapons into the hands of soldiers in a matter of weeks, not months.
Ars Technica
So far, AI hasn’t been profitable for Big Tech
Microsoft loses around $20 per user per month on GitHub Copilot, according to the WSJ.
Infosecurity News
Half of CISOs Now Report to CEO as Influence Grows
Trend is more pronounced in Europe than America
CyberNews
Killnet’s attacks on Israel: an invitation to open fire
Killnet's attack on Israel after the country was infiltrated by Hamas is reckless at best.
CSO
Gutsy debuts with data-driven security governance tool
The SaaS offering listens into processes from security tools and their integrations to root out issues leading to vulnerabilities.
Ars Technica
Tired of shortages, OpenAI considers making its own AI chips
At an estimated 4 cents per ChatGPT query, OpenAI looks for cheaper AI chip solutions.
The Hacker News
Webinar: How vCISOs Can Navigating the Complex World of AI and LLM Security
Curious about AI and LLM security risks? Get answers from our panel discussion featuring David Primor and Elad Schulman.
Cyber Security News
OpenAI is reportedly developing its Own AI chips
The maker of ChatGPT, OpenAI, is looking at making its own artificial intelligence chips, which are necessary for operating the highly popular chatbot.
The Record
UK opposition leader targeted by AI-generated fake audio smear
Private sector analysts said an audio clip of Labour Party leader Keir Starmer was likely a deepfake. British government officials urged the public to ignore it.
Ars Technica
Private 23andMe user data is up for sale after online scraping spree
Records reportedly belong to millions of users who opted in to a relative-search feature.
CSO
MGM ransomware attack costs $100 million, in busy month for breaches
MGM said cyberinsurance will cover the $100 million impact on operations, but meanwhile experts expect the ransomware trend to continue, fueled by nation-state actors.
DarkReading
Too Rich To Ransomware? MGM Brushes Off $100M in Losses
MGM wins big bet that days of operations outages is better business than paying a ransom, following last month's data breach.
Bleeping Computer
Blackbaud agrees to $49.5 million settlement for ransomware data breach
Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach.
Computerworld
Homeland Security confirms your privacy is no longer safe
The US Department of Homeland Security reports that multiple US government agencies illegally used smartphone location data, breaching privacy regulations as they did.
SecurityWeek
In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters
Noteworthy stories that might have slipped under the radar: cybersecurity funding increases and illegal use of smartphone location data.
CyberSecurity Dive
MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack
The Bellagio and Mandalay Bay casino operator said hotel occupancies are down and certain customer data up to March 2019 was stolen.
CyberSecurity Dive
Construction insurer hit in data breach
Builders Mutual disclosed the hack affected 64,761 individuals, per a filing with the state of Maine.
Computerworld
Are you looking forward to the new age of mobile app insecurity?
Every day, Apple’s online and physical stores handle thousands of inquiries that relate to issues with third-party products. Sideloading will make it worse.
CyberSecurity Dive
What to consider when choosing cybersecurity providers
While it might be easier for an organization to build its core cybersecurity system from one company, that may not provide the best option.
CyberSecurity Dive
Cyberattack against Johnson Controls sparks downstream concerns
Worries mounted quickly after the attack on the building automation and industrial control systems vendor, which works extensively with multiple federal agencies.
The Record
Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states
The agreement stems from a 2020 ransomware attack that ended up affecting dozens of the software company's customers in education, healthcare and other areas.
Ars Technica
Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits
With the ability to manage huge fleets of servers, BMCs are ideal places to stash malware.
SecurityWeek
Lyca Mobile Services Significantly Disrupted by Cyberattack
International mobile network operator Lyca Mobile says a cyberattack has significantly disrupted its services in many countries.
The Hacker News
Wing Disrupts the Market by Introducing Affordable SaaS Security
Wing Security's newest tier redefines SaaS security essentials! For just $1,500/year, unlock shadow IT discovery, automated risk assessments, and user
The Record
Coalition to give NGOs free access to cybersecurity services to protect against attacks
The CyberPeace Institute announced Wednesday it will set up a portal with a coalition of cyber response teams to help non-governmental organizations, or NGOs, in the Netherlands protect themselves from cyberattacks.
Ars Technica
Researchers show how easy it is to defeat AI watermarks
Adding fake watermarks to real images, evading current watermarking methods is not hard.
Infosecurity News
US and UK Lead Fight Against Civil Society Cyber-Threats
Joint meeting brings together eight like-minded countries
Cyber Security News
$20M Offered By Russian Zero-Day Seller To Hack Android And iPhone Devices
The Russian company Operation Zero is offering researchers $20 million for hacking tools to take control of Android & iPhone devices.
SecurityWeek
Generative AI Startup Nexusflow Raises $10.6 Million
Nexusflow scores funding to build an open-source LLM that can deliver high accuracy when retrieving data from multiple security sources.
CyberSecurity Dive
Progress Software discloses 8 vulnerabilities in one of its other file-transfer services
The company behind the beleaguered MOVEit service has another vulnerable tool — WS_FTP Server. While there are no known exploits, two of the CVEs are critical.
DarkReading
QR Code 101: What the Threats Look Like
Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them.
DarkReading
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.
Bleeping Computer
FBI: Dual ransomware attack victims now get hit within 48 hours
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days.
CSO
EchoMark releases watermarking solution to secure private communications, detect insider threats
Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks
SecurityWeek
Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
Verisoul, a company that has developed a SaaS platform for detecting and blocking fake users, has raised $3.25 million in seed funding.
SecurityWeek
Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains.
CyberSecurity Dive
Progress Software says business impact ‘minimal’ from MOVEit attack spree
While the company reported $951,000 in cyber incident and vulnerability response expenses for its third quarter, they represent just a sliver of its revenue.
Infosecurity News
UK Logistics Firm Forced to Close After Ransomware Breach
Kettering-based KNP Logistics Group was hit in June
The Record
Tech industry leaders and White House clash over plan for improved cloud security
A presidential advisory panel produced a report criticizing the Biden administration's push for Know Your Customer rules for cloud computing providers. The White House is sticking with the plan.
DarkReading
China APT Cracks Cisco Firmware in Attacks Against the US and Japan
Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.
Ars Technica
Jony Ive and OpenAI’s Altman reportedly collaborating on mysterious AI device
Despite total lack of specifics, rumored collaboration has everyone guessing.
Infosecurity News
BEC Attacks Increase By 279% in Healthcare
Abnormal Security also found a 167% increase in advanced email attacks
The Record
Dallas: Royal ransomware gang infiltrated networks weeks before striking
A post-mortem of the incident shows that over nearly a month hackers exfiltrated about 1.17 terabytes of data from the city of Dallas before deploying ransomware.
SecurityWeek
The CISO Carousel and its Effect on Enterprise Cybersecurity
CISO churn is a threat, as security initiatives can take longer than the residency of a CISO, and constant churn can leave gaps in security.
CyberSecurity Dive
AWS bets on accuracy in generative AI deployment race
The cloud giant is taking a full-stack approach to generative AI, which doubles down on security and reliable results.
The Record
Philippines state health org struggling to recover from ransomware attack
The government organization that manages the universal healthcare system of the Philippines has struggled to recover from a ransomware incident that forced it to take several websites and portals offline.
CSO
Baffle releases encryption solution to secure data for generative AI
Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline.
The Record
Court ruling on California’s online child safety law could put similar bills on hold
The decision by a federal judge on Monday to strike down a California law designed to reduce children’s exposure to harmful content online could have far-reaching implications, according to privacy and technology experts, setting up debate over how to define harm and determining at what point it overrides the First Amendment.
Cyber Security News
Cisco Announced Acquisition of Splunk for a whopping $28B Mega Deal
Cisco is one of the largest and most successful tech companies in the world, with a market capitalization of $225 billion. Its net income of $12.6 billion in the last fiscal year further solidifies its position as a top leader in the industry.
DarkReading
Hikvision Intercoms Allow Snooping on Neighbors
The intercoms are used in thousands of apartments and offices across the world, and they can be used to spy on targets through the other devices they connect to.
SecurityWeek
Legit Security Raises $40 Million in Series B Financing
Legit Security raises $40 million in a Series B funding round led by CRV to help organizations protect the software supply chain from attacks
SecurityWeek
Cisco to Acquire Splunk for $28 Billion
Cisco to acquire Splunk a deal valued at $28 billion to bolster its cybersecurity business and drive AI-enabled security and observability.
SecurityWeek
Cisco Boosting Cybersecurity Capabilities With $28 Billion Splunk Acquisition
Cisco has entered into a definitive agreement to acquire data analysis and security company Splunk in a deal valued at $28 billion.
CyberSecurity Dive
Cisco to buy Splunk for $28B
Forrester's Allie Mellen calls it a massive win for Cisco's security business, but said security leaders are concerned about potential SIEM quality degradation.
Infosecurity News
US Government in Snatch Ransomware Warning
Experts believe attacks have ramped up recently
The Record
Cisco looks to expand its ‘AI-enabled security’ with $28 billion Splunk deal
Analytics and security software company Splunk is being acquired by networking-equipment giant Cisco for an estimated $28 billion in a deal announced Thursday.
The Record
FTC official attacks data brokers at industry conference
Samuel Levine, director of the FTC's Bureau of Consumer Protection, said the power of data brokers “should concern all of us,” given how much information they compile about individuals.
DarkReading
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service
The group's use of malware that forces Windows computers to reboot into Safe Mode before encrypting files is noteworthy, advisory says.
Cyber Security News
CrowdStrike to Acquire Cloud-Native App Security Startup Bionic for $350 Million
CrowdStrike, a leading name in cloud security, has announced its agreement to acquire Bionic, the pioneer of Application Security Posture Management (ASPM).
SecurityWeek
Discern Security Emerges From Stealth Mode With $3 Million in Funding
Policy management cybersecurity startup Discern Security on Tuesday emerged from stealth mode with $3 million in funding.
Infosecurity News
Brits Lose $9.3bn to Scams in a Year
One in 10 have suffered from fraud in past 12 months
SecurityWeek
Alcion Raises $21 Million for Backup-as-a-Service Platform
Data management startup Alcion has raised $21 million in a Series A funding round led by Veeam to expand its market presence.
The Hacker News
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.
The Hacker News
Live Webinar: Overcoming Generative AI Data Leakage Risks
The rise of generative AI like ChatGPT brings new risks. Join our webinar featuring industry experts to learn how to protect your data from exposure.
Infosecurity News
Clorox Struggling to Recover From August Cyber-Attack
US manufacturer can’t say when operations will return to normal
The Hacker News
Over 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
Nearly 12,000 Juniper firewall devices exposed on the internet are vulnerable to a recently disclosed remote code execution flaw.