A team of researchers from the University of California San Diego has published a paper detailing a novel attack method targeting Intel CPUs. The chip giant says no new mitigations are required to address it. The new attack, named Indirector, is similar to the well-known Spectre v2 or Spectre Branch Target Injection (BTI) attack. These methods typically allow…
Santosh Sheshware has assumed the roles of Chief Information Security Officer and Head of Information Security at Aditya Birla Sun Life Insurance. This is a significant step towards enhancing the company’s cybersecurity framework. With over 17 years of experience in information security across prominent organizations like Bharti AXA Life, PNB MetLife, India Infoline group, HSBC,…
Cybersecurity researchers uncovered a sophisticated attack campaign by the Water Sigbin (aka 8220 Gang) threat actor that exploited vulnerabilities in the Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839, to deploy the XMRig cryptocurrency miner on compromised systems. The attack begins with the threat actor exploiting the WebLogic vulnerabilities to execute a malicious PowerShell script on the victim…
Deal Integrates Lacework’s CNAPP into Fortinet’s Security Fabric and SASE Platform Fortinet extended a lifeline to troubled cloud security vendor Lacework, agreeing to purchase the late-stage startup that once earned the largest funding round in cybersecurity history. The Silicon Valley-based platform security vendor said the proposed acquisition of San Jose, California-based Lacework will enhance Fortinet’s…
Companies in the market for cybersecurity professionals could face a new method of attack, made harder to spot because of artificial intelligence: Hackers posing as job applicants. As cyber threats targeting U.S. companies multiply, some security leaders have increased scrutiny during hiring to weed out bad actors—or simply applicants with over-embellished resumes. Globally, the cyber…
The Indian Computer Emergency Response Team has found multiple vulnerabilities in the Microsoft Edge browser. As per the agency, these vulnerabilities could potentially be exploited by an attacker to compromise the targeted system. After warning Android users of vulnerability, the Indian Computer Emergency Response Team (CERT-In), which operates under the Ministry of Electronics & Information…
Santa Barbara Systems, a General Dynamics (GD.N) subsidiary in Spain that is refurbishing Leopard tanks for delivery to Ukraine, suffered a cyberattack on its website, a pro-Russia hacker group said. A spokesperson for General Dynamics confirmed that the defence contractor’s Spanish unit had been targeted in an attempted cyberattack “that was detected immediately and has not…
SANS-GIAC Workforce research report for the year 2024 is based on a first-of-its-kind survey that analyzed the cybersecurity workforce with the goal of identifying the key factors to successfully build high-performing cybersecurity teams. The report focuses on efforts to hire and retain mid-level cyber security professionals The survey results analysed in this report zero in…
Tata group chairman N Chandrasekaran on Friday said companies in the diversified group are executing over 100 generative artificial intelligence projects. AI can also have negative impacts, Chandrasekaran said, flagging potential job losses and privacy concerns as the areas we need to focus on. Addressing the group’s information technology (IT) services arm TCS’ 29th annual…
On Sunday, Trend Micro announced its collaboration with Nvidia to develop new cybersecurity tools utilizing artificial intelligence, aimed at securing the data centers where AI operations occur. These tools, showcased at the Computex conference in Taiwan, are designed to run on Nvidia’s chips, detecting intruders and ensuring that only authorized personnel can access sensitive data….
