Want to know what’s the latest and greatest in SecOps for 2024? Gartner’s recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year’s report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial
When Convenience Costs: CISOs Struggle With SaaS Security Oversight
SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to, nor oversight from, the security team.
The post When Convenience Costs: CISOs Struggle With SaaS Security Oversight appeared first on SecurityWeek.
Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident
Microsoft has called together cybersecurity firms and government representatives for its Windows Endpoint Security Ecosystem Summit.
The post Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident appeared first on SecurityWeek.
Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024
Cisco to Acquire AI Security Firm Robust Intelligence
Cisco intends to acquire Robust Intelligence, a California-based company that specializes in securing AI applications.
The post Cisco to Acquire AI Security Firm Robust Intelligence appeared first on SecurityWeek.
Seattle Airport Blames Outages on Potential Cyberattack
The Port of Seattle, including the SEA Airport, is experiencing system outages likely caused by a cyberattack.
The post Seattle Airport Blames Outages on Potential Cyberattack appeared first on SecurityWeek.
Identity of Notorious Hacker USDoD Revealed
USDoD, the hacker known for high-profile data leaks, is a man from Brazil, according to CrowdStrike and others.
The post Identity of Notorious Hacker USDoD Revealed appeared first on SecurityWeek.
Google Warns of Exploited Chrome Vulnerability
Google flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild.
The post Google Warns of Exploited Chrome Vulnerability appeared first on SecurityWeek.
Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot
Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling.
“ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface,” security researcher Johann Rehberger said.
“This means that an attacker
“ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface,” security researcher Johann Rehberger said.
“This means that an attacker
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation
Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome prior to
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome prior to