“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-
Cybersecurity governance: A guide for businesses to follow
Cybersecurity governance is now critical, with NIST CSF 2.0 recently adding it as a dedicated function. Learn why governance is core to an effective cyber strategy.Read More
-
Between Buzz and Reality: The CTEM Conversation We All Need [email protected] (The Hacker News)
I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn’t have asked for a better kickoff panel: three cybersecurity leaders who don’t just talk security, they live it. Let me introduce them. Alex Delay, CISO at IDB Bank, knows what it means to defend…
-
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network [email protected] (The Hacker News)
Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. “Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activities while deploying crypto miners,” Trend Micro researchers Sunil Bharti and Shubham Singh said in…
-
U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues [email protected] (The Hacker News)
The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app’s security. “The Office of Cybersecurity has deemed WhatsApp a high-risk to…
-
Multifactor authentication: 5 examples and strategic use cases
Before implementing MFA, conduct a careful study to determine which security factors offer the strongest protection. Passwords and PINs aren’t cutting it any longer.Read More
-
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine [email protected] (The Hacker News)
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT. BEARDSHELL, per CERT-UA, is written in C++ and offers the ability to download and execute PowerShell scripts,…
-
What is risk avoidance?
Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets.Read More
-
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom [email protected] (The Hacker News)
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0)…
-
22 free cybersecurity tools you should know about
Cybersecurity products can get pricy, but there are many excellent open source tools to help secure your systems and data. Here’s a list of some of the most popular.Read More
-
Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content [email protected] (The Hacker News)
Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place. “Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirect references, semanticRead More
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova