The Securities and Exchange Commission is raising the bar for enterprise cybersecurity with new disclosure and management rules for public companies that will take effect next week. This is fantastic for the Cybersecurity community, as it will push companies that are publicly traded to do more to secure their assets, and in this author’s humble […]
Five Cybersecurity Predictions for 2024
The year 2023 saw heightened cybersecurity activity, with both security professionals and adversaries engaged in a constant cat-and-mouse game. The dynamic landscape of cyber threats and the ever-expanding digital attack surface have compelled organizations to refine and fortify their security architectures. Despite the collective hope for a reprieve from the onslaught of daily phishing, ransomware, […]
Gartner Survey Shows Third-Party Risk Management “Misses” Are Hurting Organizations
Enterprise risk management (ERM) teams are struggling to effectively mitigate third-party risk in an increasingly interconnected business environment, according to Gartner, Inc. In a Gartner survey of 100 executive risk committee members in September 2022, 84% of respondents said that third-party risk “misses” resulted in operations disruptions (see Figure 1). Gartner defines a third-party risk […]
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware
“Operation Triangulation” stole mic recordings, photos, geolocation, and more. Moscow-based security firm Kaspersky has been hit by an advanced cyberattack that used clickless exploits to infect the iPhones of several dozen employees with malware that collects microphone recordings, photos, geolocation, and other data, company officials said. Repost from ArsTechnica
SiFive Gives its WorldGuard Security Model to the RISC-V Community
SiFive hopes to strengthen the RISC-V community with the contribution of its WorldGuard model. The emergence of RISC-V has been a revolutionary and powerful movement in the computing industry. Open-sourced and license-free, RISC-V has removed barriers to entry for chip designers and enabled thousands to design more easily than otherwise possible. There’s no doubt that […]
Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
Point32Health, the second-largest health insurer in Massachusetts, is in the process of informing more than 2.5 million individuals that their personal and protected health information was stolen in a recent ransomware attack. Identified on April 17 and initially disclosed on April 20, the attack impacted systems related to Point32Health’s Harvard Pilgrim Health Care, and resulted […]
NIST Post-Quantum Algorithm Finalist Cracked Using a Classical PC
An algorithm submitted to the NIST post-quantum encryption competition – and one that made it to the fourth round – has been defeated. The algorithm, Supersingular Isogeny Key Encapsulation (SIKE), was broken by Wouter Castryck and Thomas Decru at KU Leuven, and the process described in a paper written at the end of July 2022. […]
China Police Database Was Left Open Online for Over a Year, Enabling Leak
What is likely one of history’s largest heists of personal data—and the largest known cybersecurity breach in China—occurred because of a common vulnerability that left the data open for the taking on the internet, say cybersecurity experts who discovered the security flaw earlier this year. The Shanghai police records—containing the names, government ID numbers, phone […]
5 pro-freedom technologies that could change the Internet
Posted: July 4, 2022 by Mark Stockley Last updated: June 29, 2022 In the digital era, freedom is inextricably linked to privacy. After a good start, the Internet-enabled, technological revolution we are living through has hit some bumps in the road. We have already lost a lot of control over who and what has access […]
Microsoft Confirms Exploitation of ‘Follina’ Zero-Day Vulnerability
Microsoft has confirmed that Windows is affected by a zero-day vulnerability after researchers warned of exploitation in the wild. The security hole, now tracked as CVE-2022-30190, came to light after a researcher who uses the online moniker “nao_sec” reported finding a malicious Word file designed to execute arbitrary PowerShell code. The file was uploaded to VirusTotal from […]