The US Securities and Exchange Commission's (SEC) cybersecurity rule, released last year, requires public companies to disclose material cybersecurity incidents and information about their cybersecurity risk management, strategy, and governance. All 440 of the S&P 500 companies, surveyed in the third annual report on disclosures released in November 2023 by the global consulting firm Deloitte and the Peter Arkley Institute for Risk Management, mentioned cybersecurity risk. Almost 50 companies revealed that it would be unlikely for them to get cyber insurance on acceptable terms.

The Cybersecurity and Infrastructure Security Agency (CISA) conducted the federal government's inaugural tabletop exercise with the private sector to improve responses to Artificial Intelligence (AI) security incidents. The exercise, led by the Joint Cyber Defense Collaborative (JCDC), simulated a cybersecurity incident involving an AI-enabled system. It required operational collaboration and information sharing across the represented organizations. This exercise helps develop an AI Security Incident Collaboration Playbook.

According to the insurance broker Marsh, cyber insurance claims reached all-time highs in 2023, with over 1,800 claims coming from the US and Canada. The growth in sophisticated cyberattacks, privacy claims, and organizations buying cyber insurance, as well as the MOVEit file transfer supply chain breach contributed to this rise. Healthcare led claims with 17 percent, followed by communications (16 percent), education (9 percent), retail/wholesale (8 percent), and financial institutions (8 percent). In 2023, 282 clients reported cyber extortion, up from 172 in 2022.

Microsoft has a new plan to emphasize cybersecurity. For high-level execs, their cybersecurity work will make up a third of their performance. And other employees will also be evaluated on their cybersecurity efforts in their six-month reviews. Performance will impact company bonuses and other compensation. The major move comes in light of shortfalls in how Microsoft has responded to major security issues as outlined in a Homeland Security report about China’s breach of government email accounts. Brad Smith, Microsoft vice chair and president, testified on Thursday at the U.S.

A hybrid biometric access system from the Chinese manufacturer ZKTeco has two dozen security vulnerabilities that attackers could use to bypass authentication, steal biometric data, and install malicious backdoors. A malicious actor can bypass verification and gain access by adding random user data to the database or using a fake QR code. Attackers can steal biometric data, remotely manipulate devices, and install backdoors. This article continues to discuss findings regarding the critical security flaws impacting the ZKTeco biometric system.

Researchers at ESET discovered five cyber espionage campaigns targeting Android users in Egypt and Palestine with trojanized apps. The campaigns have been attributed to the "Arid Viper" hacking group with medium confidence. ESET researchers named the spyware used to infect target Android apps "AridSpy." The malicious apps impersonate NortirChat, LapizaChat, ReblyChat, PariberyChat, and RenatChat. This article continues to discuss cyber espionage campaigns targeting Android users in Egypt and Palestine with trojanized apps.

In a recent Bitdefender survey, 96 percent of participating cybersecurity professionals agreed that generative Artificial Intelligence (AI) technology threatens overall cybersecurity. More than 36 percent said its use for manipulating or creating deceptive content, such as deepfakes, is a significant threat. This article continues to discuss key findings from Bitdefender's 2024 Cybersecurity Assessment Report.

Help Net Security reports "GenAI Keeps Cybersecurity Pros on High Alert"

In summer 2023, Microsoft President Brad Smith admitted that security failings enabled Chinese state hackers to access US government officials' emails. Microsoft was blamed for a "cascade of security failures" that allowed the Chinese threat actor "Storm-0558" to access 25 organizations' email accounts, including those belonging to US government officials, according to an April 2024 Cyber Safety Review Board (CSRB) report.

The US Cybersecurity and Infrastructure Security Agency (CISA) warns federal agencies of the ongoing exploitation of a patched authentication bypass vulnerability in Progress Software's Telerik Report Server. The vulnerability exists because the current installation setup was not properly validated in version 2024 Q1 (10.0.24.305) and earlier iterations. The flaw enables an attacker to supply specific parameters and create a new administrator user. They can then log in to the server.

Cisco Talos and Volexity warn that Pakistan-based threat actors have targeted Indian government entities in two espionage campaigns. Since 2018, "Operation Celestial Force" has targeted Indian defense, government, and technology employees with Android and Windows malware.