News
ISMG Editors: AI Phishing Kits Go Mainstream
2+ hour, 57+ min ago (177+ words) 3rd Party Risk Management, Agentic AI, AI-Based Attacks In this week's panel, four ISMG editors discussed the rise of artificial intelligence-powered phishing toolkits, potential fallout from the U.S. government's decision to delay a major overhaul of the HIPAA Security Rule and what…...
Lessons Learned: US Cybersecurity Agency Leaked Secrets
5+ hour, 14+ min ago (598+ words) Lock down public code repositories, monitor those repos for secrets, and if they get exposed, have a well-tested incident response playbook at the ready. See Also: Beat the Breach: Outsmart Attackers and Secure the Cloud Those are among the "lessons…...
Breaches From Lost or Stolen Devices Hit All-Time Low
22+ hour, 57+ min ago (1238+ words) Artificial Intelligence & Machine Learning, Cloud Security, Data Privacy Good news about progress in cybersecurity in healthcare is rare, but this year reports of breaches lost or stolen unencrypted laptops, desktop computers, servers or other computing devices may hit an all-time…...
Why an AI Harness May Matter More Than the Latest Model
21+ hour, 56+ min ago (180+ words) See Also: Beat the Breach: Outsmart Attackers and Secure the Cloud Schneier said security leaders should look beyond model brands and focus on the software harness surrounding each system. Harnesses manage prompts, outputs, context, guardrails and coordination among multiple models....
HHS Wants Input on Cyber, AI for Regulations on Clinical Labs
23+ hour, 25+ min ago (512+ words) The Department of Health and Human Services is asking for public feedback on cybersecurity practices and the use of artificial intelligence for a possible update to decades-old rules-of-the-road regulations for U.S. clinical laboratories. See Also: Beat the Breach: Outsmart Attackers and…...
Breach Roundup: Extortionists Annoyed by Waning Ransomware
1+ day, 7+ min ago (1564+ words) Cybercrime, Fraud Management & Cybercrime, Incident & Breach Response See Also: Know Thy Enemy: Threats to Cyber Resilience Ransomware victims are shelling out less to cybercriminals, leading attackers to seek new strategies reshape the extortion industry. Perhaps not coincidentally, The Gentlemen for…...
Why AI in Healthcare Demands Stronger Data Oversight
1+ day, 23+ hour ago (230+ words) As healthcare organizations and their vendors develop and implement agentic artificial intelligence and other AI technology, they should conduct a thorough data inventory and have a solid understanding of what data can and cannot be used under HIPAA and other…...
AI Adds a Human Oversight Tax to Cybersecurity
2+ day, 23+ hour ago (794+ words) Artificial intelligence is reshaping cybersecurity work, but not necessarily reducing it, as professionals spend more time determining whether AI-generated recommendations can be trusted, according to new ISC2 research. See Also: AI Is Transforming the Chief Data Officer Role The findings suggest…...
US Government Launches AI Vulnerability Clearinghouse
2+ day, 22+ hour ago (388+ words) The U.S. government launched an clearinghouse on July 2 to coordinate artificial intelligence-assisted vulnerability discovery, the White House said Tuesday. See Also: Edge Transformation: Top 5 SASE Predictions and Trends The information sharing effort, called Gold Eagle, is built by the Departments of…...
Microsoft-Signed Legacy Shims Undermine Secure Boot
2+ day, 23+ hour ago (556+ words) Governance & Risk Management, Patch Management, Vulnerability Assessment & Penetration Testing (VA/PT) Some Microsoft-signed first-stage bootloaders have grown vulnerable with age. Their entire job to establish trust can be exploited to bypass Secure Boot protections, researchers found. See Also: OnDemand I…...