720-891-1663

Security News for the Week Ending September 15, 2023

Ex-NSA Director General Alexander’s Security Company (IronNet) Near Bankruptcy It just goes to show that just because you are famous and people invest $78 million in you, doesn’t mean you know how to run a business. How, exactly, do you blow almost $80 million and realize you are over the edge of the cliff before […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Two Major Hotel Chains Hit by Cyberattacks – Two Different Outcomes

Caesars Entertainment, which calls itself the U.S.’s largest casino chain, sort of says it paid a ransom to avoid the online leak of customer data stolen in a recent cyberattack. The attack compromised the chain’s loyalty database, which, according to them, includes driver’s license numbers and social security numbers of many customers. Caesar’s 8-K filed […]

Continue reading → [DISPLAY_ACURAX_ICONS]

CxOs and Directors Growing Wary of Generative AI

73 percent of survey respondents (659 board members from companies with over 5,000 employees) fear a material cyberattack on their organization this year, up from 65 percent last year. 59 percent said that generative AI presents a high risk to their organizations because it can be used by hackers to create and deliver malware with […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Microsoft Explains Most Recent Chinese Email Hack – Humans

As is often the case, humans and process represent the biggest failure window. Microsoft, to its credit, is being public about its own failures and pretty quickly. The Chinese hackers, Storm-0558, obtained a “golden cryptographic key” which allowed them to generate tokens so that they could masquerade as other users. I don’t know why you […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News for the Week Ending September 8, 2023

Want a .US Domain? Just Lie About It. The .US top level domains are a hotbed for phishing attacks. Apparently, this is due to lax oversight. In theory, the .US is managed by the US government, but the government outsources that to GoDaddy – who doesn’t have a stellar cybersecurity reputation to be polite. See […]

Continue reading → [DISPLAY_ACURAX_ICONS]

California Releases Draft Audit and Risk Assessment Regs

The California Privacy Protection Agency, the government agency that enforces the California Privacy Rights Act, has released two DRAFT documents recently. They are going to discuss the drafts at their meeting tomorrow but they have not yet started the rulemaking process. The two regulations are the cybersecurity audit regulations and the cyber risk assessment regulations. […]

Continue reading → [DISPLAY_ACURAX_ICONS]