The Kimsuky APT group, which is closely linked to the North Korean military intelligence organization, has been deploying a newly discovered Linux backdoor in attacks against organizations in South Korea. The backdoor is known as Gomir and is closely related to another piece of malware called GoBear, which is built for Windows targets. Researchers from … Read more
SAN FRANCISCO–Trying to figure out where the field of AI is going and how attackers and defenders will be using it is no one’s idea of a good time. AI usage is still in its very early stages, but some of the people working on and thinking about the safety and security of AI systems … Read more
SAN FRANCISCO–Measuring risk is one of the more difficult tasks that enterprise GRC teams face, as risk itself is a notoriously difficult thing to actually define and pin down. But perhaps fixing the fixable problems that contribute to risk, rather than measuring risk in absolute terms, should be the goal. The concept of risk is … Read more
It’s hard to separate the signal from the noise at the RSA Conference, so we asked a group of experts which topics they wish people were discussing more, including security metrics, applying engineering concepts to security, and more. Go to Source Author:
F5 has released updates to fix two vulnerabilities that can allow an unauthenticated remote attacker to gain complete control of the company’s BIG-IP Next Central Manager console. The attacker could then take advantage of three separate bugs to add invisible accounts on other BIG-IP devices controlled by the Next Central Manager. The flaws affect versions … Read more
SAN FRANCISCO – The streamlining of incident reporting is a large part of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), and at RSA Conference this week, a CISA official outlined how it is laying the groundwork for the backend processes related to collecting and analyzing the information in these reports. In the weeks … Read more
SAN FRANCISCO–On the long and ever-growing list of security priorities for enterprises and SMBs, IoT devices tend to fall somewhere near the bottom, something that attackers of all stripes have gladly taken advantage of for many years. But government and private sector experts alike are working to change that through regulatory efforts, advocacy, and technical … Read more
SAN FRANCISCO – Businesses navigating cybersecurity risks are dealing with the dual challenge of an exploding threat actor landscape, and technology that’s inherently not secure and that by design must be deployed in an extremely complex way. The overarching concern on the backend of these issues is the increasingly intertwined nature of business risk and … Read more
Senators this week introduced a new bill that would update cybersecurity information-sharing programs to better incorporate AI systems, in an effort to improve the tracking and processing of security incidents and risks associated with AI. With both private sector companies and U.S. government agencies trying to better understand the security risks and threats associated with … Read more
In this special episode, Dennis Fisher and Lindsey O’Donnell-Welch are joined by Brian Donohue of Red Canary to preview the RSA conference talks they’re excited about and to try to make sense of some of the session titles that are maybe a little indecipherable. Go to Source Author:
Thanks to the emergence of significant flaws in widely deployed products such as the MOVEit Transfer, Barracuda ESG, Atlassian Confluence, and others, the past year has seen a nearly 200 percent increase in the usage of vulnerability exploits as the initial access vector for data breaches around the world, according to statistical analysis of more … Read more
