How to talk to board members about cyber – NCSC Blog
New guidance helps CISOs communicate with Boards to improve oversight of cyber risk. – Read More
Cyber
Chief risk storyteller: How CISOs are developing yet another skill – CSO Online
Mastering the art of risk storytelling is essential for CISOs not just for engagement, but for driving meaningful action across the organization. The right story should emphasize cybersecurity risks with…
How ‘perfctl’ malware infected Linux servers undetected for years – CSO Online
Security researchers warn that a malware campaign dubbed perfctl has infected millions of Linux servers over the past three to four years by attempting to exploit around 20,000 misconfigurations that…
How ‘perfctl’ malware infected Linux servers undetected for years – CSO Online
Security researchers warn that a malware campaign dubbed perfctl has targeted millions of Linux servers over the past three to four years by attempting to exploit around 20,000 misconfigurations that…
E.U. Court Limits Meta’s Use of Personal Facebook Data for Targeted Ads – The Hacker News
Europe’s top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being…
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability – The Hacker News
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive…
MITRE Launches AI Incident Sharing Initiative – Dark Reading
The collaboration with industry partners will improve collective AI defenses. Trusted contributors receive protected and anonymized data on real-world AI incidents. – Read More
Malicious Chrome Extensions Skate Past Google’s Updated Security – Dark Reading
Google’s Manifest V3 offers better privacy and security controls for browser extensions than the previous M2, but too many lax permissions and gaps remain. – Read More
iPhone ‘VoiceOver’ Feature Could Read Passwords Aloud – Dark Reading
CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features. – Read More
Insider Threat Damage Balloons as Visibility Gaps Widen – Dark Reading
A growing number of organizations are taking longer to get back on their feet after an attack, and they’re paying high price tags to do so — up to $2M…
Microsoft, DOJ Dismantle Russian Hacker Group Star Blizzard – Dark Reading
The successful disruption of notorious Russian hacker group Star Blizzard’s operations arrives one month out from the US presidential election — one of the APT’s prime targets. – Read More
Cybersecurity Is Serious — but It Doesn’t Have to Be Boring – Dark Reading
Thoughtfully applied, humor breaks through security fatigue, increases engagement, and fosters a culture of security awareness. – Read More
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown – The Hacker News
Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud…
Criminals Are Testing Their Ransomware Campaigns in Africa – Dark Reading
The booming economies of Africa, rich in natural resources and brimming with potential, are attracting not just investors, but also cybercriminals. Here’s why. – Read More
Hackers steal sensitive customer data from thousands of online stores that use Adobe tools – CSO Online
Distinct groups of cybercriminals have been exploiting the CosmicSting flaw in Adobe’s Commerce and Magento software to steal customers’ payment information. According to research by Sansec, miscreants have used the…