How to Red Team GenAI: Challenges, Best Practices, and Learnings
Red teaming is a crucial part of proactive GenAI security that helps map and measure AI risks.
Addressing Risk Caused by Innovation
By embracing a proactive approach to cyber-risk management, companies can better detect, prevent, and mitigate cyber threats while integrating the latest state-of-the-art technology.
https://www.darkreading.com/cyber-risk/addressing-risk-caused-by-innovation
MITRE's Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert
New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare
Jason Haddix Joins Flare As Field CISO
https://www.darkreading.com/cybersecurity-operations/jason-haddix-joins-flare-as-field-ciso
Thousands of Qlik Sense Servers Open to Cactus Ransomware
The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.
Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities
The semiconductor manufacturing giant's security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities.
Palo Alto Updates Remediation for Max-Critical Firewall Bug
Though PAN originally described the attacks exploiting the vulnerability as being limited, they are increasingly growing in volume, with more exploits disclosed by outside parties.
Held Back: What Exclusion Looks Like in Cybersecurity
You can't thinking about inclusion in the workplace without first understanding what kinds of exclusive behaviors prevent people from advancing in their careers.
CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti Issue
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day r...
Philippines Pummeled by Assortment of Cyberattacks & Misinformation Tied to China
The volume of malicious cyber activity against the Philippines quadrupled in the first quarter of 2024 compared to the same period in 2023.
Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software
Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws.
https://www.darkreading.com/application-security/cyberattack-gold-sboms-census-vulnerable-software
Minimum Viable Compliance: What You Should Care About and Why
Understand what security measures you have in place, what you need to keep secure, and what rules you have to show compliance with.
https://www.darkreading.com/cyber-risk/minimum-viable-compliance-what-you-should-care-about-and-why
Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyberattack
The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.
J&J Spin-Off CISO on Maximizing Cybersecurity
How the CISO of Kenvue, a consumer healthcare company spun out from Johnson & Johnson, combined tools and new ideas to build out the security program.
Chip Giants Finalize Specs Baking Security into Silicon
Caliptra 1.0 offers a blueprint for integrating security features directly into microprocessors.
PCI Launches Payment Card Cybersecurity Effort in the Middle East
The payment card industry pushes for more security in financial transactions to help combat increasing fraud in the region.
https://www.darkreading.com/cyber-risk/pci-launches-payment-card-cybersecurity-effort-in-middle-east
Chinese Keyboard Apps Open 1B People to Eavesdropping
Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.
https://www.darkreading.com/endpoint-security/most-chinese-keyboard-apps-vulnerable-to-eavesdropping
5 Attack Trends Organizations of All Sizes Should Be Monitoring
Recent trends in breaches and attack methods offer a valuable road map to cybersecurity professionals tasked with detecting and preventing the next big thing.
FTC Issues $5.6M in Refunds to Customers After Ring Privacy Settlement
The refunds will be made to individual affected customers through thousands of PayPal payments, available to be redeemed for a limited time.