Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers' location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder software, opening a permanent backdoor for unauthenticated attackers.
Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Firms using large language models that power gen AI-powered tools must consider security and privacy aspects such as data access, output monitoring and model security before jumping on the bandwagon, said Troy Leach of Cloud Security Alliance. "Everything is going to be AI as a service," Leach predicted.
More than five dozen British lawmakers across political parties and privacy organizations called for an "immediate stop" to real-time facial recognition in the United Kingdom. Live facial recognition faces a ban in Europe and its use by police is banned in a handful of U.S. jurisdictions.
How did Israeli intelligence fail to spot and stop the deadly assault on Saturday by Hamas militants? Experts suggest planners used offline tactics and extreme compartmentalization to prevent leaks and evade well-known Israeli cyberespionage and digital surveillance capabilities.
The use of generative AI is being "highly explored" in healthcare and has great promise for a variety of applications, but it needs to be scrutinized closely, said Erik Decker, vice president and CISO of Intermountain Health and a cybersecurity adviser to the federal government.
Veracode, Synopsys and Checkmarx remain atop Forrester's static application security testing list, while Micro Focus fell from the leaderboard after the OpenText buy. Firms have gone beyond evaluating the security of code itself and now assess the safety of the infrastructure the code is running on.
Being an independent firm under TPG's ownership will allow Forcepoint G2CI to invest in defense-grade cyber tools such as insider threats and content disarm and reconstruction. Separating Forcepoint's government security practice will allow it to focus on secure remote access to classified networks.
What kinds of training do security professionals need? The biggest skills gaps are soft skills - 55%, cloud computing - 47%, security controls - 35%, coding skills and software development - both at 30%, says ISACA's State of Cybersecurity 2023 survey of more than 2,000 security leaders globally.
In the latest weekly update, ISMG editors examine policies in the U.S. and Europe that could regulate AI, recent developments within the EU cybersecurity and privacy policy arena, and the disparities between the perspectives of business leaders and cybersecurity leaders on the security landscape.
This week, the FTX hacker moved more than $100 million of funds as the trial of the company's former CEO begins; crypto losses in the third quarter of this year were $685.5 million; and the DOJ said that China uses crypto to hide funds and identities in its illicit drug operations.
BlackBerry will split its $418 million cybersecurity business and $206 million IoT business into separate, independently operated entities following a strategic review that lasted five months. The split will help shareholders clearly evaluate the performance and future potential of each business.
What do "bank transfer request.lnk" and "URGENT-Invoice-27-August.docx.lnk" have in common? Both are the names of malicious files being sent as part of a phishing campaign attributed to the Qakbot botnet group that has continued despite law enforcement disrupting Qakbot's operations in late August.
Trick question for CSOs: When does a security incident qualify as being a data breach? The answer is that it's "a very complicated question" best left to the legal team, said former Uber CSO Joe Sullivan, sharing lessons learned from the U.S. Department of Justice's case against him.
A clutch of vulnerabilities in an open-source tool used by major corporations to scale up machine learning models could lead to remote takeover, says a cybersecurity firm in a warning downplayed by Meta, which co-manages the open-source project.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.