Ex-NSA Director General Alexander’s Security Company (IronNet) Near Bankruptcy It just goes to show that just because you are famous and people invest $78 million in you, doesn’t mean you know how to run a business. How, exactly, do you blow almost $80 million and realize you are over the edge of the cliff before […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Caesars Entertainment, which calls itself the U.S.’s largest casino chain, sort of says it paid a ransom to avoid the online leak of customer data stolen in a recent cyberattack. The attack compromised the chain’s loyalty database, which, according to them, includes driver’s license numbers and social security numbers of many customers. Caesar’s 8-K filed […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
73 percent of survey respondents (659 board members from companies with over 5,000 employees) fear a material cyberattack on their organization this year, up from 65 percent last year. 59 percent said that generative AI presents a high risk to their organizations because it can be used by hackers to create and deliver malware with […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
As is often the case, humans and process represent the biggest failure window. Microsoft, to its credit, is being public about its own failures and pretty quickly. The Chinese hackers, Storm-0558, obtained a “golden cryptographic key” which allowed them to generate tokens so that they could masquerade as other users. I don’t know why you […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Want a .US Domain? Just Lie About It. The .US top level domains are a hotbed for phishing attacks. Apparently, this is due to lax oversight. In theory, the .US is managed by the US government, but the government outsources that to GoDaddy – who doesn’t have a stellar cybersecurity reputation to be polite. See […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
The California Privacy Protection Agency, the government agency that enforces the California Privacy Rights Act, has released two DRAFT documents recently. They are going to discuss the drafts at their meeting tomorrow but they have not yet started the rulemaking process. The two regulations are the cybersecurity audit regulations and the cyber risk assessment regulations. […]
Continue reading →
[DISPLAY_ACURAX_ICONS]