Infosecurity Magazine

As AI becomes an integral part of organisational operations, the challenges of managing associated risks are growing exponentially. Our upcoming webinar with AuditBoard will explore the evolving risk landscape of AI, focusing on key concerns such as ethics, compliance, and vulnerabilities, with a specific emphasis on European organisations Join us on January 23rd to learn strategies for evaluating AI-driven risks and implementing robust governance practices: https://bit.ly/3ZssHuz

The UK Government, in collaboration with SANS Institute, has launched a nationwide competition to uncover young cybersecurity talent through a challenging Capture-the-Flag series. The top performers will form the first UK Cyber Team and represent the nation in international cyber competitions. Read more about this exciting initiative in the article by SANS Institute: https://bit.ly/4iFlAXb

Security researchers have identified dozens of compromised Google Chrome extensions, potentially exposing the data of up to 2.6 million end users. The malicious versions of the extensions are designed to steal users’ passwords, cookies and other information that could enable account takeovers. According to ExtensionTotal, the data theft campaign was caused when a Cyberhaven admin was phished on December 24. This led to the admin unwittingly give the attacker the ability to upload new versions of Cyberhaven’s Chrome extension to the Web Store. Read the full story on this ongoing campaign here: https://bit.ly/3Wa6y22 #browser #datatheft #compromise #google #chrome

Protecting applications from cyber threats is a critical priority for businesses today. However, the methods for securing applications can vary significantly depending on the approach. Two key concepts—Application Security (#AppSec) and Application Security Posture Management (#ASPM)—are often discussed, but they differ in a variety of ways. In this article, BreachLock, Inc. explores these differences, highlighting the benefits, challenges, and how enterprises can choose the most effective strategy for their needs: https://bit.ly/4foViFF

Chinese state-backed hackers have comprised US Treasury computers and accessed unclassified information. The incident occurred after the hackers targeted a third-party cybersecurity vendor, BeyondTrust, allowing them to remotely access Treasury workstations. The story is another example of Chinese hackers successfully infiltrating the systems of US government agencies and critical infrastructure entities over the past year for espionage and destructive purposes. Read the full story here: https://bit.ly/40kXCt9 #supplychain #china #treasury #databreach

Cyber risks in critical energy sectors—power, oil and gas, water, and renewables—have surged due to nation-state and cybercriminal activity. Many Industrial Control System devices are now internet-connected, exposing them to unauthorized access, manipulation, and ransomware. Catch up with our 30 minute webinar with Censys to explore the latest ICS exposure trends and learn actionable defense strategies: https://bit.ly/4gj9od1

As AI becomes central to operations, managing its risks is increasingly complex. With vulnerabilities in AI systems and software dependencies, effective auditing is essential for IT and compliance leaders. With the EU AI Act and other regulations shaping AI governance, businesses must adapt their compliance frameworks. Register for AuditBoard's webinar on January 23 to learn how to audit AI systems, ensure compliance, and mitigate risks: https://bit.ly/3ZssHuz

Ransomware attacks, data breaches, supply chain vulnerabilities and news from the US Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology (NIST). Discover the 10 most read stories on Infosecurity Magazine last year. Spoiler alert : North Korean IT Workers and Nigerian 'Yahoo Boys' also made the list. 🔗 https://bit.ly/3DnpsvT

Happy New Year from the Infosecurity team! 🎉 Here's to a successful and secure 2025! We look forward to continuing to bring you the latest insights and updates in the year ahead

Is 2025 the Year of Mandatory MFA? 🤔 With companies like Snowflake, Microsoft Azure and Google Cloud making MFA mandatory and others addressing critical MFA flaws, the push for stronger security measures is clear. As we move into 2025, will we see a widespread adoption of mandatory MFA across industries? Read more about recent developments: ▪️ Snowflake Makes MFA Mandatory: https://bit.ly/4gZA4zF ▪️ Microsoft Azure MFA Flaw: https://bit.ly/3Dh6wyE #MFA #2FA #Google #GoogleCloud #Microsoft #Azure #Snowflake #authentication #IAM #SSO #passkeys #passwords