CISO - The Stack (Page 3)

UK nuclear waste firm Sellafield Ltd. prosecuted over cyber failings

Prosecution follows allegations of extensive pwnage, desperately poor hygiene, and as CISO falls on his sword.

The Stack March 28, 2024

Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim

cybersecurity

AI

News

Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim

"The entire analysis from the original post is wrong. It shows only the negative value of using LLM in such cases..."

Edward Targett March 12, 2024

Microsoft

cybersecurity

Microsoft customers are being targeted after Redmond's source code, secrets were stolen

A raid by Russian hackers penetrated deeper than first thought: "Some of these secrets were shared between customers and Microsoft..."

Edward Targett March 08, 2024

Less talk, more action on CNI cyber resilience, say White House advisors

operational technology

News

Less talk, more action on CNI cyber resilience, say White House advisors

"Almost no information is currently available to indicate how an organization is preparing for future cyber-physical challenges. This has to change."

Edward Targett February 28, 2024

Fortinet patches MORE pre-auth RCEs, with exploits reported. Ivanti also slips out a fresh VPN fix...

"Disable SSL VPN (disable webmode is NOT a valid workaround..."

Edward Targett February 09, 2024

How Russian spooks hacked Microsoft, the gap in its “morally indefensible” response, and what CISOs can learn from the attack

Expect to start hearing more about MS Graph...

Edward Targett January 29, 2024

vCenter Server vulnerability went exploited for two years unnoticed. Attacks are ongoing

vulnerabilities

vmware

News

vCenter Server vulnerability went exploited for two years unnoticed. Attacks are ongoing

There are no workarounds that remove the vulnerability, which allows unauthenticated remote command execution on vulnerable systems. A patch is available.

Edward Targett January 19, 2024

OpenAI, TikTok, X hunt insider threat specialists -- on widely diverging salary bands

"In every insider threat case, there is a combination of network activity and employee behaviour. The malicious activity crosses both physical and electronic modalities..."

Edward Targett January 15, 2024

UK nuclear waste firm Sellafield Ltd. prosecuted over cyber failings

Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim

Microsoft customers are being targeted after Redmond's source code, secrets were stolen

Less talk, more action on CNI cyber resilience, say White House advisors

Fortinet patches MORE pre-auth RCEs, with exploits reported. Ivanti also slips out a fresh VPN fix...

How Russian spooks hacked Microsoft, the gap in its “morally indefensible” response, and what CISOs can learn from the attack

vCenter Server vulnerability went exploited for two years unnoticed. Attacks are ongoing

OpenAI, TikTok, X hunt insider threat specialists -- on widely diverging salary bands