Cybersecurity startups are wary of the public markets following a hard economic reset that made profitability more important than growth and performance more important than potential. Due to this dramatic shift, lots of cybersecurity startups want to file for an IPO, but nobody wants to go first.
Researchers at security firm Salt Security have uncovered multiple vulnerabilities in third-party plug-ins used in ChatGPT, including a zero-click account takeover flaw that was triggered when users attempted to install the plug-in using their ChatGPT accounts.
Researchers have created a zero-click, self-spreading worm that can steal personal data through applications that use chatbots powered by generative artificial intelligence. Dubbed Morris II, the malware uses a prompt injection attack vector to trick AI-powered email assistant apps.
A new report from the Office of the National Cyber Director calls for the universal adoption of memory-safe programming languages, but experts warned ISMG the process of overhauling legacy information technology and high-impact code can be daunting, costly and risky.
In most organizations, the privacy team plays an important role in artificial intelligence implementation and governance. Tarun Samtani, DPO and privacy program director at International SOS, said privacy principles inherently align with the demand for responsible data use of AI technology.
Federal authorities are warning of attacks on healthcare sector firms that use ConnectWise's remote access tool ScreenConnect. Hackers compromised a locally hosted version of the tool used by a large national pharmacy supply chain and managed services provider in 2023.
Robert Blumofe, executive vice president and CTO at Akamai, expects social engineering, phishing, extortion and AI-driven attacks to dominate the threat landscape. He advised enterprises to use FIDO2-based MFA, zero trust, microsegmentation and API security to reduce risks.
In the latest weekly update, ISMG editors discussed how the surge in API usage poses challenges for organizations, why good governance is so crucial to solving API issues and how The New York Times' legal action against OpenAI and Microsoft highlights copyright concerns.
Sharan Hiremath, senior product manager at JFrog, delved into the escalating challenge of supply chain attacks. With a focus on the surge in open-source vulnerabilities, he outlined key factors contributing to the rise of attacks and offered insights into threat mitigation strategies.
Forrester analyst Sandy Carielli highlights key API security aspects in Forrester's report titled The Eight Components of API Security," which covers governance, discovery, testing, authentication and protection from API breaches as many organizations are grappling with the maturity of these areas.
Looking ahead to 2024, cybersecurity professionals and experts in artificial intelligence shared with ISMG their hopes for strong, responsible regulations and new partnerships with private sector stakeholders and international collaborators to keep pace with the evolving threat landscape.
In conjunction with a new report from CyberEd.io, Information Security Media Group asked some of the industry's leading cybersecurity and privacy experts about 10 top trends to watch in 2024. Ransomware, emerging AI technology and nation-state campaigns are among the top threats.
Hacks on healthcare sector entities reached record levels in 2023 in terms of data breaches. But the impact of hacks on hospital chains, doctors' offices and other medical providers - or their critical vendors - goes much deeper than the exposure of millions of health records.
The DFIR landscape is constantly evolving, driven by technological advancements and new cyberthreats. "Tsurugi," developed by Giovanni Rattaro, senior cybersecurity expert, and Marco Giorgi, senior DFIR analyst, is an open-source Linux distribution project designed for blue teams.
A recently spotted hacking group with a penchant for using open-source tools has been using a less-than-novel tactic: exploiting SQL injection flaws. So warn researchers who recently detected attacks by the group, which has the codename GambleForce and appears to focus on gambling and retail firms.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.