Leveraging Knowledge to Manage Your Data Risks
There is a lot of chatter out there around the uses of artificial intelligence (AI) for cybersecurity. For example, Applied Sciences published a paper on how AI can be used for mobile malware detection, and Gartner has published on AI Security Management.
According to an article published in Forbes, entitled “A Primer on Artificial Intelligence…
I have the pleasure to present an advanced session on cybersecurity to tax preparers at the IRS’ National Tax Preparers Forum each year. The sessions are well attended, and I enjoy meeting attendees and talking about the craziness of new techniques threat actors are using to attack small businesses. This year was no exception.
One…
In its continued effort to keep the industry apprised of threats facing companies in the U.S., CISA recently issued a Cybersecurity Advisory: 2022 Top Routinely Exploited Vulnerabilities that is helpful to get up to speed on top threats, emerging threats, and intelligence of vulnerabilities being exploited by threat actors. It also provides recommendations to…
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public companies.
The rules, which will become effective thirty days after publication in the Federal Register, require public companies to “disclose material cybersecurity incidents they experience and to disclose on an annual basis material information…
Amid growing concern of the use of AI tools, Congressional questioning and hearings, and the lack of regulation around its use, at least seven technology firms have signed on to follow voluntary commitments to oversee how AI technology is used. The commitments include oversight of thorny issues such as AI safety, privacy, cybersecurity, and public…
On Monday, July 24, 2023, Apple issued a security update to address vulnerabilities that have been linked to a spyware campaign. iOS 16.6 fixes 25 iPhone security flaws, several of which are being exploited by threat actors in the wild.
Apple says “This update provides important bug fixes and security updates and is recommended for…
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched vulnerability.
TechRadar is reporting that the firewalls are vulnerable to CVE-2023-27997, and a patch has been issued by Fortinet to address…
Researchers at WithSecure cybersecurity firm have seen two malware attacks against Veeam Backup and Replication servers believed to be initiated by cybercrime group FIN7, also known as Carbon Spider, which has also been linked to Darkside, BlackMatter, and BlackCat/ALPHV ransomware variants.
The WithSecure investigators believe that the attacks may be part of a larger campaign…
The Foundation for Defense of Democracies issued a Report late last week entitled Time to Designate Space Systems as Critical Infrastructure which cogently outlines the risks associated with space systems (which are basically the same as any other electronic system) in order to designate space systems as the seventeenth critical infrastructure sector.
Space systems are…
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing data from those organizations. The vulnerability is CVE-2023-0669, which allows attackers to execute remote code execution.
The manufacturer of GoAnywhere MFT notified…
