Security News > 2023 > July

In this Help Net Security interview, Arthur Hu, SVP, Global CIO and Services & Solutions Group CTO at Lenovo, discusses how AI/ML is optimizing tech stacks, the hurdles anticipated in its integration, the role of AI in enterprise resilience and agility, and strategic approaches to innovation despite budget constraints. We'll touch on the evolving role of CIOs and the potential for 'as-a-service' offerings to ease tech stack management.

Every time a breach occurs, the impacted organization's response differs from the last. In this Help Net Security video, Rodman Ramezanian, Global Cloud Threat Lead at Skyhigh Security, discusses what we should do - and not do - in the wake of a data breach.

Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller and Gateway that it said is being actively exploited in the wild.The company did not give further details on the flaw tied to CVE-2023-3519 other than to say that exploits for the flaw have been observed on "Unmitigated appliances." However, successful exploitation requires the device to be configured as a Gateway or authorization and accounting virtual server.

Supply chain executives significantly overestimate stakeholder trust in their supply chain capabilities and intentions, according to Deloitte. Of more than 1,000 executives from large global organizations surveyed, 89% on average who self-identified as leading suppliers said customers trust their supply chain operations, compared to just 68% on average of roughly 500 customers who said the same.

Improve your cloud security with these 9 proven strategies. Uptycs, alongside renowned expert Lee Atchison, share their list of comprehensive tactics to mitigate risks facing modern development teams.

A new cybersecurity certification and labeling program called U.S. Cyber Trust Mark is being shaped to help U.S. consumers choose connected devices that are more secure and resilient to hacker attacks. NIST-level security for IoT. The U.S. Cyber Trust Mark program aims to recognize smart products that meet cybersecurity criteria from the National Institute of Standards and Technology, which include the use of unique and strong default passwords, data protection, software updates, and incident detection capabilities.

The US government on Tuesday added commercial spyware makers Intellexa and Cytrox to its Entity List, saying the duo are a possible threat to national security. Adding Intellexa and Cytrox to the Entity List places export restrictions on the software vendors as part of the Biden administration's ongoing crackdown against commercial surveillance technology.

Another way, which is apparently what Microsoft originally investigated, is that the attackers were able to steal enough data from the authentication servers to generate fraudulent but valid-looking authentication tokens for themselves. Microsoft ultimately determined that although the rogue access tokens in the Storm-0558 attack were legitimately signed, which seemed to suggest that someone had indeed pinched a company singing key.

Discover how HealthEdge deals with security and data privacy in the face of rapid expansion. "Healthcare is beset by ransomware gangs and this led to an increase in confirmed data breaches in 2022," said Suzanne Widup, a researcher for the Verizon Data Breach Investigation Report.

Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation. Discovered yesterday by MalwareHunterTeam, the ransomware was initially thought to be part of a red team exercise by Sophos.