Comcast says attackers stole personal information pertaining to 35.9 million customers of its Xfinity-branded TV, internet and home telephone services in an October attack that targeted a vulnerability - dubbed Citrix Bleed - present in NetScaler and Citrix networking equipment.
The Cybersecurity and Infrastructure Security Agency maintains an exhaustive list that the U.S. cyber agency describes as "the authoritative source of vulnerabilities that have been exploited in the wild," but a new report says it has failed to identify nearly 100 high-risk vulnerabilities in 2023.
The BlackCat ransomware-as-a-service operation's putative "unseizing" of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Tuesday. The stunt was a "tactical error" that could alienate affiliates.
OpenAI on Monday released a framework it says will help assess and protect against the "catastrophic risks" posed by the "increasingly powerful" AI models it develops. "We believe the scientific study of catastrophic risks from AI has fallen far short of where we need to be," the company said.
An Iowa medical center is among the latest healthcare entities reporting to federal regulators a breach tied to a data theft hack on medical transcription vendor Perry Johnson and Associates earlier this year. Meanwhile, stacks of federal lawsuits continue to pile up against the Nevada firm.
Okta finalized an agreement to acquire Spera Security, saying the purchase will expand its ability to track risky accounts and access misconfigurations. Spera, a Tel Aviv startup, touts itself as a tool for giving security teams "real-time visibility into their entire identity surface."
Fraudsters can now easily create fake driver's licenses to scam banks and merchants. Moving to electronic identification that can be stored on mobile devices has the potential to unlock innovation in the identity verification space, said Mary Ann Miller, vice president of client experience at Prove.
The recently released ISC2 workforce study highlights a staggering deficit of 4 million professionals needed in the cybersecurity industry. Despite the challenges, CISO Jon France sees room for optimism. "It's a great profession to come into - never a dull moment," he said.
Marta Rybczyńska, technical program manager at Eclipse Foundation, discussed best practices for reporting vulnerabilities, adopting AI and bridging the gap between developers and security researchers to adhere to cybersecurity best practices for open-source software.
U.S. authorities seized dark web infrastructure of the BlackCat ransomware-as-a-service group, also known as Alphv, although the Russian-speaking threat actor said it has reestablished operations. The group's data leak site and its Tox instant messaging account went offline Dec. 7.
Cybercriminals increasingly use malicious ads through search engines to deploy new malware targeting businesses, marking a rise in browser-based attacks. Researchers at Malwarebytes observed PikaBot, a malware family that appeared in early 2023, being distributed via malvertising.
U.S. regulators for the first time detailed the risks artificial intelligence poses to the financial system and classified the technology as an "emerging vulnerability." The Financial Stability Oversight Council in its annual report flagged AI's ability to introduce "certain risks."
Erhan Temurkan, technology and security director at Fleet Mortgages, shares his insights on the integration of generative AI into the multifaceted world of cybersecurity and the dynamic threat landscape. Organizations must find a balance between security and usability, he said.
Synthetic IDs and mule accounts will continue to be a huge problem in 2024 even though vendors and financial institutions now recognize the problem and are beginning to address these risks, according to Trace Fooshee, strategic adviser at Datos Insights.
Lobbyists for U.S. hospitals oppose a Biden administration proposal for mandatory cybersecurity requirements and possible financial disincentives for organizations that fail to meet those expectations. Industry experts contend that some type of government actions are needed.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.