Elastic Expands Cloud Security Capabilities for AWShttps://www.darkreading.com/cloud/elastic-expands-cloud-security-capabilities-for-awsLaunching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.The FDA's Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Sayhttps://www.darkreading.com/cloud/the-fda-medical-device-cybersecurity-overhaul-real-teethThe physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spendinghttps://www.darkreading.com/operations/mimecast-report-reveals-nearly-60-of-companies-in-uae-and-saudi-arabia-need-to-increase-cybersecurity-spendingThe State of Email Security Report reveals cyber risk commands the C-suite's focus.Pro-Islam 'Anonymous Sudan' Hacktivists Likely a Front for Russia's Killnet Operationhttps://www.darkreading.com/attacks-breaches/pro-islam-anonymous-sudan-hacktivists-front-russia-killnet-operation"Anonymous Sudan" has been claiming that its DDoS attacks are in retaliation for anti-Islamic activities, but at least one security vendor is suspicious about its true motives.Adaptive Access Technologies Gaining Traction for Security, Agilityhttps://www.darkreading.com/emerging-tech/adaptive-access-technologies-gaining-traction-for-security-agilityWith companies pushing to adopt zero-trust frameworks, adaptive authentication and access — once languishing — looks finally ready to move out of the doldrums.Student Loan Breach Exposes 2.5M Recordshttps://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/2.5 million people were affected, in a breach that could spell more trouble down the line.Watering Hole Attacks Push ScanBox Keyloggerhttps://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmshttps://threatpost.com/0ktapus-victimize-130-firms/180487/Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.Ransomware Attacks are on the Risehttps://threatpost.com/ransomware-attacks-are-on-the-rise/180481/Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.Cybercriminals Are Selling Access to Chinese Surveillance Camerashttps://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.World Backup Day is here again – 5 tips to keep your precious data safehttps://nakedsecurity.sophos.com/2023/03/31/world-backup-day-is-here-again-5-tips-to-keep-your-precious-data-safe/The only backup you will ever regret is the one you didn't make...Supply chain blunder puts 3CX telephone app users at riskhttps://nakedsecurity.sophos.com/2023/03/30/supply-chain-blunder-puts-3cx-telephone-app-users-at-risk/Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.S3 Ep128: So you want to be a cyber­criminal? [Audio + Text]https://nakedsecurity.sophos.com/2023/03/30/s3-ep128-so-you-want-to-be-a-cybercriminal-audio-text/Latest episode - listen now!Cops use fake DDoS services to take aim at wannabe cybercriminalshttps://nakedsecurity.sophos.com/2023/03/28/cops-use-fake-ddos-services-to-take-aim-at-wannabe-cybercriminals/Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don't do it!Apple patches everything, including a zero-day fix for iOS 15 usershttps://nakedsecurity.sophos.com/2023/03/28/apple-patches-everything-including-a-zero-day-fix-for-ios-15-users/Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too. The best travel VPNs of 2023: Expert testedhttps://www.zdnet.com/article/best-travel-vpn/#ftag=RSSbaffb68The best travel VPN should provide a secure and reliable connection for your laptop and mobile devices. If you have a trip planned soon, here are your top travel VPN choices.Glitch in system upgrade identified as cause of delays at Singapore immigrationhttps://www.zdnet.com/article/glitch-in-system-upgrade-identified-as-cause-of-delays-at-singapore-immigration/#ftag=RSSbaffb68Technical glitch during a scheduled upgrade affected all automated immigration clearance systems and led to rare delays at Singapore's Changi Airport, which recently was again named the world's best airport.The best home security systems of 2023: Expert reviewedhttps://www.zdnet.com/home-and-office/smart-home/best-security-system/#ftag=RSSbaffb68To give you peace of mind, the best home security systems come with security cameras, door and window sensors, as well as smart home integration and cloud storage.Singapore bank faces regulatory action over 'unacceptable' digital service outagehttps://www.zdnet.com/article/singapore-bank-faces-regulatory-action-over-unacceptable-digital-service-outage/#ftag=RSSbaffb68Hours-long disruption to DBS' online banking services is the second such incident in just over a year, notes Singapore's industry regulator, which says the bank has "fallen short" in ensuring system availability and quick recovery.The new AI boom could increase data breaches, if companies aren't held responsiblehttps://www.zdnet.com/article/amid-ai-craze-what-will-it-take-for-firms-to-take-data-security-seriously/#ftag=RSSbaffb68With ChatGPT and its rivals likely to accelerate data collection, can we get businesses to collect only the data they need and protect it?Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystemhttps://www.csoonline.com/article/3692354/spyware-vendors-use-exploit-chains-to-take-advantage-of-patch-delays-in-mobile-ecosystem.html#tk.rss_all<article> <section class="page"> <p>Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches.</p><p>"The zero-day exploits were used alongside n-day exploits and took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices," researchers with Google's Threat Analysis Group (TAG) said in <a href="https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/" rel="nofollow noopener" target="_blank">a report</a> detailing the attack campaigns. "Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits."</p><p class="jumpTag"><a href="/article/3692354/spyware-vendors-use-exploit-chains-to-take-advantage-of-patch-delays-in-mobile-ecosystem.html#jump">To read this article in full, please click here</a></p></section></article>Italian privacy regulator bans ChatGPT over collection, storage of personal datahttps://www.csoonline.com/article/3692432/italian-privacy-regulator-bans-chatgpt-over-collection-storage-of-personal-data.html#tk.rss_all<article> <section class="page"> <p>Italy’s data privacy regulator has banned ChatGPT over alleged privacy violations relating to the chatbot’s collection and storage of personal data. With immediate effect, the Guarantor for the protection of personal data has <a href="https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/9870847" rel="nofollow noopener" target="_blank">ordered</a> the temporary limitation of the processing of data of Italian users by ChatGPT parent firm OpenAI until it complies with EU General Data Protection Regulation (GDPR) privacy laws. It has also launched an investigation into ChatGPT, the Guarantor said. The ban comes in the wake of an <a href="https://futureoflife.org/open-letter/pause-giant-ai-experiments/" rel="nofollow noopener" target="_blank">open letter</a> in which Twitter owner Elon Musk and a group AI industry executives called for a six-month pause in developing systems more powerful than OpenAI's newly launched GPT-4, citing potential risks to society.</p><p class="jumpTag"><a href="/article/3692432/italian-privacy-regulator-bans-chatgpt-over-collection-storage-of-personal-data.html#jump">To read this article in full, please click here</a></p></section></article>New CISO appointments, February 2023https://www.csoonline.com/article/3204008/new-ciso-appointments.html#tk.rss_all<article> <section class="page"> <p>The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (<a href="https://www.csoonline.com/article/2122505/the-cso-role-today-responsibilities-and-requirements-for-the-top-security-job.html">CSO</a>) or chief information security officer (<a href="https://www.csoonline.com/article/3332026/what-is-a-ciso-responsibilities-and-requirements-for-this-vital-leadership-role.html">CISO</a>) for the first time to support a deeper commitment to information security.</p><p>Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact <a href="mailto:aflynn@foundryco.com" rel="nofollow">Andrew Flynn</a>, regional executive editor.</p><p class="jumpTag"><a href="/article/3204008/new-ciso-appointments.html#jump">To read this article in full, please click here</a></p></section></article>Kyndryl lays off staff in search of efficiencyhttps://www.networkworld.com/article/3692251/kyndryl-lays-off-staff-in-search-of-efficiency.html#tk.rss_allThe layoffs are part of a restructuring initiative aimed at improving efficiency and customer service, Kyndryl says.3CX DesktopApp compromised by supply chain attack https://www.csoonline.com/article/3692250/3cx-desktopapp-compromised-by-supply-chain-attack.html#tk.rss_all<article> <section class="page"> <p>3CX is working on a software update for its 3CX DesktopApp, after multiple security researchers alerted the company of an active supply chain attack in it. The update will be released in the next few hours; meanwhile the company urges customers to use its PWA (progressive web application) client instead. </p><p>“As many of you have noticed the 3CX DesktopApp has a malware in it. It affects the Windows Electron client for customers running update 7,” Nick Galea, CEO at 3CX said in a <a href="https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/" rel="nofollow">security alert</a> on Thursday. As an immediate response, the company advised users to uninstall and reinstall the app. </p><p class="jumpTag"><a href="/article/3692250/3cx-desktopapp-compromised-by-supply-chain-attack.html#jump">To read this article in full, please click here</a></p></section></article>‘Vulkan’ Leak Offers a Peek at Russia’s Cyberwar Playbookhttps://www.wired.com/story/vulkan-files-russia-security-roundup/Plus: A major new supply chain attack, Biden’s spyware executive order, and a hacking campaign against Exxon’s critics.Apple's iOS 16.4: Security Updates Are Better Than New Emojihttps://www.wired.com/story/ios-16-4-outlook-android-critical-update-march-2023/Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.Trump’s Indictment Marks a Historic Reckoninghttps://www.wired.com/story/trump-indictment-historical-reckoning/A Manhattan grand jury has issued the first-ever indictment of a former US president. Buckle up for whatever happens next.Porn ID Laws: Your State or Country May Soon Require Age Verificationhttps://www.wired.com/story/porn-age-checks-id-laws/An increasing number of states are passing age-verification laws. It’s not clear how they’ll work.The US Is Sending Money to Countries Devastated by Cyberattackshttps://www.wired.com/story/white-house-costa-rica-albania-ransomware-aid/The White House is providing $25 million to Costa Rica, after giving Albania similar aid following aggression by hackers linked to Iran.CloudBees integrates with Argo to enhance cloud-native software deliveryhttps://www.helpnetsecurity.com/2023/04/02/cloudbees-argo/<p>CloudBees has unveiled the integration of CloudBees’ continuous delivery and release orchestration solution, CloudBees CD/RO, with Argo Rollouts. The integration will enhance customers&#8217; ability to deliver software faster, with higher quality, and at scale in cloud-native environments. This latest integration for CloudBees furthers its ability to support customers to deploy applications with confidence in their desired format. “This integration of CloudBees CD/RO with Argo Rollouts is a continuation of our commitment to best-in-class open-source tools &#8230; <a href="https://www.helpnetsecurity.com/2023/04/02/cloudbees-argo/" rel="nofollow">More <span class="meta-nav">&#8594;</span></a></p> <p>The post <a rel="nofollow" href="https://www.helpnetsecurity.com/2023/04/02/cloudbees-argo/">CloudBees integrates with Argo to enhance cloud-native software delivery</a> appeared first on <a rel="nofollow" href="https://www.helpnetsecurity.com">Help Net Security</a>.</p> Socura releases Managed SASE service to secure the hybrid workforcehttps://www.helpnetsecurity.com/2023/04/01/socura-managed-sase/<p>Socura has launched its Managed SASE (Secure Access Service Edge) service in partnership with Palo Alto Networks&#8216; Prisma. Market industry researchers expect SASE to be a $60bn industry by 2027 fuelled by the rise of flexible working, which was enshrined into UK law in December 2022, whereby millions of UK employees were granted the right to request flexible working hours throughout their employment. By combining SASE with its Managed SOC (Security Operations Centre) service, Socura &#8230; <a href="https://www.helpnetsecurity.com/2023/04/01/socura-managed-sase/" rel="nofollow">More <span class="meta-nav">&#8594;</span></a></p> <p>The post <a rel="nofollow" href="https://www.helpnetsecurity.com/2023/04/01/socura-managed-sase/">Socura releases Managed SASE service to secure the hybrid workforce</a> appeared first on <a rel="nofollow" href="https://www.helpnetsecurity.com">Help Net Security</a>.</p> Zenoss introduces monitoring capabilities for Kuberneteshttps://www.helpnetsecurity.com/2023/04/01/zenoss-kubernetes-monitoring/<p>Zenoss has launched a free trial for monitoring Kubernetes, the de facto standard platform for running containers in production at scale, including in on-prem and cloud environments. This real-time monitoring of Kubernetes streaming data is another advancement of the Zenoss unified monitoring vision. The Zenoss monitoring capabilities for Kubernetes enable customers to: Begin monitoring in minutes with no training required for operations personnel. Leverage secure, cloud-based monitoring with zero install. Gain insights for Kubernetes clusters &#8230; <a href="https://www.helpnetsecurity.com/2023/04/01/zenoss-kubernetes-monitoring/" rel="nofollow">More <span class="meta-nav">&#8594;</span></a></p> <p>The post <a rel="nofollow" href="https://www.helpnetsecurity.com/2023/04/01/zenoss-kubernetes-monitoring/">Zenoss introduces monitoring capabilities for Kubernetes</a> appeared first on <a rel="nofollow" href="https://www.helpnetsecurity.com">Help Net Security</a>.</p> New infosec products of the week: March 31, 2023https://www.helpnetsecurity.com/2023/03/31/new-infosec-products-of-the-week-march-31-2023/<p>Here’s a look at the most interesting products from the past week, featuring releases from BreachLock, HackNotice, LOKKER, Nile, and Tausight. HackNotice Actions helps people to understand the extent of their data exposure HackNotice is offering additional tailored protection via its new service, HackNotice Actions. Further empowering employees, HackNotice Actions reaches out to any company where a person’s PII or other data has been compromised, and asks for a full report on or erasure of &#8230; <a href="https://www.helpnetsecurity.com/2023/03/31/new-infosec-products-of-the-week-march-31-2023/" rel="nofollow">More <span class="meta-nav">&#8594;</span></a></p> <p>The post <a rel="nofollow" href="https://www.helpnetsecurity.com/2023/03/31/new-infosec-products-of-the-week-march-31-2023/">New infosec products of the week: March 31, 2023</a> appeared first on <a rel="nofollow" href="https://www.helpnetsecurity.com">Help Net Security</a>.</p> Overcoming obstacles to introduce zero-trust security in established systemshttps://www.helpnetsecurity.com/2023/03/31/michal-cizek-goodaccess-introduce-zero-trust-security/<p>In this Help Net Security interview, Michal Cizek, CEO at GoodAccess, discusses the crucial balance between leveraging distributed resources and maintaining top-notch security measures. With the growing remote work trend, Cizek highlights the importance of implementing a zero-trust security model, emphasizing the complexities and challenges of such an endeavor. How can organizations make the most of distributed IT resources while simultaneously keeping them secure? It has become a standard that an organization runs only a &#8230; <a href="https://www.helpnetsecurity.com/2023/03/31/michal-cizek-goodaccess-introduce-zero-trust-security/" rel="nofollow">More <span class="meta-nav">&#8594;</span></a></p> <p>The post <a rel="nofollow" href="https://www.helpnetsecurity.com/2023/03/31/michal-cizek-goodaccess-introduce-zero-trust-security/">Overcoming obstacles to introduce zero-trust security in established systems</a> appeared first on <a rel="nofollow" href="https://www.helpnetsecurity.com">Help Net Security</a>.</p> LockBit leaks data stolen from the South Korean National Tax Servicehttps://securityaffairs.com/144342/cyber-crime/lockbit-south-korean-national-tax-service.html<p>The LockBit ransomware gang announced the publishing of data stolen from the South Korean National Tax Service. On March 29, 2023, The Lock Bit ransomware gang announced the hack of the South Korean National Tax Service. The group added the South Korean agency to its Tor leak site and announced the release of stolen data [&#8230;]</p> <p>The post <a rel="nofollow" href="https://securityaffairs.com/144342/cyber-crime/lockbit-south-korean-national-tax-service.html">LockBit leaks data stolen from the South Korean National Tax Service</a> appeared first on <a rel="nofollow" href="https://securityaffairs.com">Security Affairs</a>.</p> Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concernshttps://securityaffairs.com/144325/laws-and-regulations/italy-blocks-chatgpt.html<p>Italy’s data protection agency is temporarily blocking the popular chatbot ChatGPT due to a possible violation of the European data privacy regulation. The Italian Data Protection Authority, Garante Privacy, has temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors. The Authority pointed out that [&#8230;]</p> <p>The post <a rel="nofollow" href="https://securityaffairs.com/144325/laws-and-regulations/italy-blocks-chatgpt.html">Italy&#8217;s Data Protection Authority temporarily blocks ChatGPT over privacy concerns</a> appeared first on <a rel="nofollow" href="https://securityaffairs.com">Security Affairs</a>.</p> CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities cataloghttps://securityaffairs.com/144315/breaking-news/cisa-known-exploited-vulnerabilities-catalog-spyware-bugs.html<p>CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its&#160;Known Exploited Vulnerabilities Catalog. Five of the issues added by CISA to its catalog are part of the exploits used by surveillance [&#8230;]</p> <p>The post <a rel="nofollow" href="https://securityaffairs.com/144315/breaking-news/cisa-known-exploited-vulnerabilities-catalog-spyware-bugs.html">CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog</a> appeared first on <a rel="nofollow" href="https://securityaffairs.com">Security Affairs</a>.</p> Hackers are actively exploiting a flaw in the Elementor Pro WordPress pluginhttps://securityaffairs.com/144290/hacking/elementor-pro-wordpress-plugin-critical-bug.html<p>Threat actors are actively exploiting a high-severity flaw in the Elementor Pro WordPress plugin used by more than eleven million websites WordPress security firm&#160;PatchStack&#160;warns of a high-severity vulnerability in the Elementor Pro WordPress plugin that is currently being exploited by threat actors in the wild. Elementor Pro is a paid plugin that is currently installed on [&#8230;]</p> <p>The post <a rel="nofollow" href="https://securityaffairs.com/144290/hacking/elementor-pro-wordpress-plugin-critical-bug.html">Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin</a> appeared first on <a rel="nofollow" href="https://securityaffairs.com">Security Affairs</a>.</p> Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33Mhttps://securityaffairs.com/144279/cyber-crime/cyber-police-of-ukraine-cybercrime-gang.html<p>The Cyber Police of Ukraine, with law enforcement officials from Czechia, has arrested several members of a gang responsible for $4.33 million scam. The Cyber Police of Ukraine, with the support of law enforcement officials from the Czech Republic, has arrested several members of a cybercriminal ring that defrauded EU citizens of $4.33 million with [&#8230;]</p> <p>The post <a rel="nofollow" href="https://securityaffairs.com/144279/cyber-crime/cyber-police-of-ukraine-cybercrime-gang.html">Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M</a> appeared first on <a rel="nofollow" href="https://securityaffairs.com">Security Affairs</a>.</p> White House talks with TikTok stall after blistering congressional hearinghttps://cyberscoop.com/white-house-tiktok-negotiations-congress-china/<p>TikTok's general counsel said Friday the company hasn't heard from the Biden administration since CEO Shou Zi Chew appeared before Congress.</p> <p>The post <a rel="nofollow" href="https://cyberscoop.com/white-house-tiktok-negotiations-congress-china/">White House talks with TikTok stall after blistering congressional hearing</a> appeared first on <a rel="nofollow" href="https://cyberscoop.com">CyberScoop</a>.</p> Can a White House initiative compel tech companies to write safer code?https://cyberscoop.com/software-liability-biden-microsoft-vulnerabilities/<p>Software liability reform is a centerpiece of the Biden's recent national cybersecurity strategy. Implementing it will be a challenge. </p> <p>The post <a rel="nofollow" href="https://cyberscoop.com/software-liability-biden-microsoft-vulnerabilities/">Can a White House initiative compel tech companies to write safer code?</a> appeared first on <a rel="nofollow" href="https://cyberscoop.com">CyberScoop</a>.</p> How a computer scientist talks to her daughter about TikTok https://cyberscoop.com/tiktok-conversation-parents-national-security/<p>The debate over TikTok's national security risk is lost on many young users, except if your mom is a technologist focused on global threats.</p> <p>The post <a rel="nofollow" href="https://cyberscoop.com/tiktok-conversation-parents-national-security/">How a computer scientist talks to her daughter about TikTok </a> appeared first on <a rel="nofollow" href="https://cyberscoop.com">CyberScoop</a>.</p> ‘They outsmarted us.’ 3CX CEO acknowledges mistakes handling potential supply chain cyberattackhttps://cyberscoop.com/3cx-supply-chain-attack/<p>"We have a security team, we do our own pentesting, we've got software scanners, we got a CSO ... Nonetheless, they outsmarted us."</p> <p>The post <a rel="nofollow" href="https://cyberscoop.com/3cx-supply-chain-attack/">&#8216;They outsmarted us.&#8217; 3CX CEO acknowledges mistakes handling potential supply chain cyberattack</a> appeared first on <a rel="nofollow" href="https://cyberscoop.com">CyberScoop</a>.</p> Biden administration goes global in effort to constrain spyware usehttps://cyberscoop.com/spyware-biden-administration-democracy-summit/<p>Eleven nations agreed on Thursday to responsible use of commercial spyware. Israel, a key spyware exporter, is not part of the deal.</p> <p>The post <a rel="nofollow" href="https://cyberscoop.com/spyware-biden-administration-democracy-summit/">Biden administration goes global in effort to constrain spyware use</a> appeared first on <a rel="nofollow" href="https://cyberscoop.com">CyberScoop</a>.</p> Italy's Privacy Watchdog Blocks ChatGPT Amid Privacy Concernshttps://www.infosecurity-magazine.com/news/italys-privacy-watchdog-chatgpt/GPDP probe is due to allegations that ChatGPT failed to comply with data collection rulesModular "AlienFox" Toolkit Used to Steal Cloud Service Credentialshttps://www.infosecurity-magazine.com/news/alienfox-toolkit-steal-cloud/Harvesting API keys and secrets from AWS SES, Microsoft Office 365 and other servicesNew Azure Flaw "Super FabriXss" Enables Remote Code Execution Attackshttps://www.infosecurity-magazine.com/news/new-azure-flaw-fabrixss-enables-rce/The cross-site scripting flaw affects SFX version 9.1.1436.9590 or earlier and has a CVSS of 8.2UK Regulator: HIV Data Protection Must Improvehttps://www.infosecurity-magazine.com/news/regulator-hiv-data-protection-must/ICO issues call after reprimanding NHS HighlandGCHQ Updates Security Guidance for Boardshttps://www.infosecurity-magazine.com/news/gchq-updates-security-guidance/Agency wants business leaders to get serious about cyber63,341 customers impacted in Blue Shield of California data breachhttps://www.securitymagazine.com/articles/99139-63-341-customers-impacted-in-blue-shield-of-california-data-breach <p> U.S. healthcare giant Blue Shield of California confirmed more than 63,000 customers may have been affected by a recent ransomware attack.</p> Experts weigh in on CIRCIA one year laterhttps://www.securitymagazine.com/articles/99138-experts-weigh-in-on-circia-one-year-later <p>It has been a year since CIRCIA was signed into law by President Biden and security leaders are sharing their thoughts on the legislation.</p> Biden Administration addresses potential commercial spyware riskshttps://www.securitymagazine.com/articles/99129-biden-administration-addresses-potential-commercial-spyware-risks <p>An executive order was signed by President Biden prohibiting the use of commercial spyware that pose risks to national security or human rights. </p> CISA MTS Guide may enhance critical infrastructure resiliencehttps://www.securitymagazine.com/articles/99135-cisa-mts-guide-may-enhance-critical-infrastructure-resilience <p><span style="color: rgb(65, 65, 65); letter-spacing: normal; orphans: 2; text-align: left; white-space: normal; widows: 2; word-spacing: 0px; display: inline !important; float: none;">A CISA guide may improve relationships between stakeholders and partners who may not traditionally be involved in a port resilience assessment. </span> </p> U.S. announces $25M to bolster Costa Rica’s cybersecurityhttps://www.securitymagazine.com/articles/99134-us-announces-25m-to-bolster-costa-ricas-cybersecurity <p>The U.S. and Costa Rica will collaborate on cybersecurity with the U.S. planning to provide $25M to strengthen Costa Rica’s digital infrastructure.</p> Study: Women in cybersecurity feel excluded, disrespectedhttps://www.techrepublic.com/article/women-cybersecurity-excluded-disrespected/<p>Feelings of exclusion and being disrespected impacts hiring opportunities and retention for women, according to a new report.</p> <p>The post <a rel="nofollow" href="https://www.techrepublic.com/article/women-cybersecurity-excluded-disrespected/">Study: Women in cybersecurity feel excluded, disrespected</a> appeared first on <a rel="nofollow" href="https://www.techrepublic.com">TechRepublic</a>.</p> Microsoft adds GPT-4 to its defensive suite in Security Copilothttps://www.techrepublic.com/article/microsoft-security-copilot-gpt-4/<p>The new AI security tool, which can answer questions about vulnerabilities and reverse-engineer problems, is now in preview. </p> <p>The post <a rel="nofollow" href="https://www.techrepublic.com/article/microsoft-security-copilot-gpt-4/">Microsoft adds GPT-4 to its defensive suite in Security Copilot</a> appeared first on <a rel="nofollow" href="https://www.techrepublic.com">TechRepublic</a>.</p> Report: Terrible employee passwords at world’s largest companieshttps://www.techrepublic.com/article/employees-worlds-largest-companies-terrible-passwords/<p>Find out the most commonly used weak passwords by industry and country, according to NordPass. Plus, get tips on creating strong passwords.</p> <p>The post <a rel="nofollow" href="https://www.techrepublic.com/article/employees-worlds-largest-companies-terrible-passwords/">Report: Terrible employee passwords at world&#8217;s largest companies</a> appeared first on <a rel="nofollow" href="https://www.techrepublic.com">TechRepublic</a>.</p> Ransomware attacks skyrocket as threat actors double down on U.S., global attackshttps://www.techrepublic.com/article/nccgroup-ransomware-attacks-up-february/<p>New studies by NCC Group and Barracuda Networks show threat actors are increasing ransomware exploits, with consumer goods and services receiving the brunt of attacks and a large percentage of victims being hit multiple times.</p> <p>The post <a rel="nofollow" href="https://www.techrepublic.com/article/nccgroup-ransomware-attacks-up-february/">Ransomware attacks skyrocket as threat actors double down on U.S., global attacks</a> appeared first on <a rel="nofollow" href="https://www.techrepublic.com">TechRepublic</a>.</p> Media disposal policyhttps://www.techrepublic.com/resource-library/whitepapers/media-disposal-policy/<p>PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, ...</p> <p>The post <a rel="nofollow" href="https://www.techrepublic.com/resource-library/whitepapers/media-disposal-policy/">Media disposal policy</a> appeared first on <a rel="nofollow" href="https://www.techrepublic.com">TechRepublic</a>.</p>