Security News > 2024 > February

US President Joe Biden is expected to sign an executive order today that aims to prevent the sale or transfer of Americans' sensitive personal information and government-related data to adversarial countries including China and Russia. In addition to the executive order, the White House will propose regulations that prohibit companies from directly or indirectly transferring large amounts of certain types of data to so-called "Countries of concern" - China, Russia, North Korea, Iran, Cuba, and Venezuela - according to a senior administration official.

Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos,...

The EU's NIS Directive was established to create a higher level of cybersecurity and resilience within organizations across the member states. Robinson works with many companies currently planning their routes to compliance and believes many companies covered under NIS2 are still broadly unprepared.

In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet...

The findings from this year's report notably challenge the traditional belief that people take risky actions due to a lack of cybersecurity knowledge and that security awareness training alone can fully prevent unsafe behaviors. The conundrum extends to security professionals' belief that most employees know they are responsible for protecting the organization, signaling a gap between the limitations of individual security technology and user education.

In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. How is AI integrated into DevOps practices, and what are the most significant changes you've observed in software development processes?

Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers - in the form of a warning that Russia may try again, so owners of the devices should take precautions. Moobot allowed GRU and its minions to install and run scripts to build a 1,000-strong botnet, which it used for power phishing, spying, credential harvesting, and data theft.

88% of cybersecurity professionals believe that AI will significantly impact their jobs, now or in the near future, and 35% have already witnessed its effects, according to ISC2's AI study, AI Cyber 2024. The survey respondents are highly positive about the potential for AI. Overall, 82% agree that AI will improve their job efficiency as cybersecurity professionals.

Centralizing strategy, unifying risk and compliance data, and revamping the approach to cybersecurity are becoming more popular strategic objectives among respondents, especially with the rise of AI technology dismantling barriers and fostering collaboration among various GRC functions. It's no surprise that AI in cybersecurity presents a complex duality: AI simultaneously introduces new business risks while streamlining workflows for GRC professionals and helping stay abreast of innovative new cyberattacks, like deepfakes, more advanced phishing emails, better password guessing, neutralizing off-the-shelf security tools, and much more.

Pharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems.Cencora, previously known as AmerisourceBergen, specializes in pharmaceutical services, providing drug distribution and solutions for doctor's offices, pharmacies, and animal healthcare.