CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw
Adobe patched CVE-2023-26360 in March amid active exploit activity targeting the flaw.
Microsoft Is Getting a New 'Outsider' CISO
Igor Tsyganskiy inherits the high-profile CISO spot in Redmond, while his predecessor, Bret Arsenault, is named chief security adviser.
https://www.darkreading.com/cybersecurity-operations/microsoft-is-getting-new-ciso-in-new-year
US Navy Ship Builder Says No Classified Info Leaked in Cyberattack
Austul USA, a military contractor, alerts law enforcement it quickly mitigated a recent cyberattack on its systems and that an investigation is ongoing.
Microsoft Is Getting a New 'Outsider' CISO
Igor Tsyganskiy inherits the high-profile CISO spot in Redmond, while his predecessor, Bret Arsenault, is named chief security advisor.
Vulns in Android WebView, Password Managers Can Leak User Credentials
Black Hat researchers show top password managers on Android mobiles are prone to leak passwords when using WebView autofill function.
UK Cyber CTO: Vendors' Security Failings Are Rampant
The NCSC's Ollie Whitehouse criticizes security vendors for actively working against organizations in their fight against breaches and ransomware.
https://www.darkreading.com/cyber-risk/uk-cyber-cto-vendors-security-failings-rampant
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover
Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard.
Middle East CISOs Fear Disruptive Cloud Breach
Increasingly, businesses are concerned about the speed of their cloud incident response times.
https://www.darkreading.com/cloud-security/middle-east-cisos-fear-disruptive-cloud-breach
Cracking Weak Cryptography Before Quantum Computing Does
Worries over crypto's defenselessness against quantum computing has inspired a project that automates the discovery of insecure cryptographic algorithms in open source software.
https://www.darkreading.com/application-security/cracking-weak-cryptography-quantum-computing
What the FDA and ONC Have Said About AI in Healthcare
US government organizations responsible for making sure healthcare products are safe and effective have proposed rules and are soliciting industry feedback regarding artificial intelligence and machin...
https://www.darkreading.com/cyber-risk/what-the-fda-and-onc-have-said-about-ai-in-healthcare
Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity
Despite a focus on the future, there's no indication of how well the cybersecurity basics needed to stay safe are being applied.
Internationalizing Efforts to Counter Tech Support Scams
Trusted relationships and global collaboration are essential to improve collective knowledge, drive resilience, and mitigate international security risks.
https://www.darkreading.com/cyber-risk/internationalizing-efforts-to-counter-tech-support-scams
Klarytee Raises $900k Pre-Seed Round to Make Data Secure by Default
Enveedo Closes $3.15M Seed Round to Help Businesses Build and Maintain Cyber Resiliency
Mine Secures $30M in Series B Funding
https://www.darkreading.com/data-privacy/mine-secures-30m-in-series-b-funding
Foresite Cybersecurity Partners With Crowdstrike
https://www.darkreading.com/cloud-security/foresite-cybersecurity-partners-with-crowdstrike
Keeper Security Survey Finds 82% of IT Leaders Want to Move Their On-Premises Privileged Access Management (PAM) Solution to the Cloud
LLMs Open to Manipulation Using Doctored Images, Audio
As LLMs begin to integrate multimodal capabilities, attackers could use hidden instructions in images and audio to get a chatbot to respond the way they want, say researchers at Black Hat Europe 2023.
Apple 'Lockdown Mode' Bypass Subverts Key iPhone Security Feature
Even the most severe security protections for mobile phones aren't all-encompassing or foolproof, as a tactic involving a spoof of lockdown mode shows.
SpyLoan Malicious App Downloaded 12M+ Times in Google Play
The fake financial app tricks users into signing up for high-interest payments, only to steal their information and blackmail them.
https://www.darkreading.com/cyber-risk/spyloan-malicious-app-downloaded-over-12m-times-in-googleplay