Cybersecurity
Teen on Musk’s DOGE Team Graduated from ‘The Com’ – Krebs on Security
Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today’s story explores, the DOGE teen is a…
How to communicate clearly (and legally) during a cybersecurity crisis
What do a CISO handling a data breach and a 10-year-old who just accidentally broke his neighbor’s window have in common? Each has a difficult choice about what to communicate next – and how. As more and more enterprise leaders are learning, a failure to communicate honestly and own your mistakes could come back to…
What is Information Security Management System (ISMS)? | Definition from TechTarget
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by proactively limiting the impact of a security breach. An ISMS typically addresses employee behavior and processes as well as data and…
How These Decentralized AI Solutions Secure Their Services in a Disruptive Industry
Artificial intelligence is changing industries from finance and healthcare to entertainment and cybersecurity. As AI adoption grows so do the risks to its integrity. AI models are being targeted by cybercriminals to manipulate, steal or exploit sensitive data. From adversarial attacks that mess with AI decision-making to large-scale data breaches the security landscape is more…
Arvest Bank CISO on building a strong cybersecurity culture in banking – Help Net Security
In this Help Net Security interview, Mike Calvi, CISO at Arvest Bank, discusses building a strong cybersecurity culture within the banking sector. He explains how leadership, effective reporting, and proactive engagement with associates are key in strengthening security. Calvi also touches on how banks can measure success and balance accountability while fostering a collaborative environment….
Scalable Vector Graphics files pose a novel phishing threat
Criminals who conduct phishing attacks over email have ramped up their abuse of a new threat vector designed to bypass existing anti-spam and anti-phishing protection: The use of a graphics file format called SVG. The attacks, which begin with email messages that have .svg file attachments, started to spread late last year, and have ramped…
Google’s DMARC Push Pays Off, but Challenges Remain
A year after Google and Yahoo forced bulk email senders to implement the Domain-based Message Authentication, Reporting, and Conformance (DMARC) standard, the rate of the adoption of DMARC among domains has doubled, although many of the same email threats continue to successfully deliver payloads or redirect unwary users to phishing sites. The increase in adoption…
Patch or perish: How organizations can master vulnerability management
Business Security Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching 05 Feb 2025 • , 5 min. read Vulnerability exploitation has long been a popular tactic for threat actors. But it’s becoming increasingly so – a fact that should alarm every network defender. Observed cases…
AI-Powered Social Engineering: Reinvented Threats
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution. This article explores how these changes are impacting business, and how cybersecurity leaders…
Blending in with the Cloud – Krebs on Security
Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and…