Geek-Guy.com

Category: Cybersecurity

Auto Added by WPeMatico

House investigation into DeepSeek teases out funding, security realities around Chinese AI tool

A House panel has concluded that the U.S. government should double down on export controls and other tools to slow down the progress of Chinese AI companies like DeepSeek, while also preparing for a future where those efforts fail. In a report released Wednesday, the House Select Committee on the Chinese Communist Party further fleshes…

Trump’s Retaliation Against Chris Krebs — and the Cybersecurity Industry’s Deafening Silence

Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), was fired by Donald Trump in 2020 for publicly affirming that the presidential election was secure and free from widespread fraud. Fast-forward to April 2025: Trump, now back in the White House, issued an executive order revoking Krebs’ security clearances and ordering…

What’s happening with MITRE and the CVE program uncertainty

Yesterday’s headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today. Overnight, the CVE Foundation emerged with a plan to maintain the program before the Critical Infrastructure and Security Agency (CISA) announced it has…

CISA reverses course, extends MITRE CVE contract

In a last-minute switch, the Cybersecurity and Infrastructure Security Agency said it will continue funding a contract for MITRE to manage the CVE program and other vulnerability databases. In a statement sent to CyberScoop, a spokesperson said the agency executed an option to extend the contract and avoid a potential lapse in a program that…

How Safe Are Your Non-Human Identities?

Are Your Non-Human Identities Secure? Where interactions between software, applications, and API components are crucial for seamless processes, Non-Human Identifies (NHIs) and their security cannot be overlooked. NHIs are machine identities that perform sessions, transactions, and process automation. But, are they well-protected against potential security threats? Understanding the Criticality of NHI Security Expanding digital, coupled…

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any…

Reasoning in the Age of Artificial Intelligence

Lately, I often hear people asking: “Will Artificial Intelligence replace my job?” Perhaps you’ve had this thought too. More than just a matter of the job market or salary expectations, this question challenges our role in society and our ability to remain relevant over time. It’s worth addressing this doubt once and for all, especially…

Free to Innovate with Secure Machine Identity Management

Why does Machine Identity Management matter for Secure Innovation? Understanding Non-Human Identities (NHIs) Do you know the vast number of operations carried out on the cloud today are managed by non-human entities? That’s right. Non-Human Identities or NHIs make up the majority of individuals making calls to your servers, databases, APIs, and other sensitive resources.…

Gaining Ground with Advanced NHIs Analysis

Why is Advanced NHIs Analysis the Key to Climbing the Cybersecurity Mountain? You likely find yourself climbing a steep mountain of intricate challenges every day. Standing at the pinnacle, striking a balance between operational efficiency and security mindfulness often remains elusive. Dealing with non-human identities (NHIs) introduces another wrinkle. But what if you could leverage…

Judges strike skeptical note of NSO Group’s argument to dismiss case from El Salvadoran journos

A panel of U.S. judges considering an appeal of a ruling that went against El Salvadoran journalists suing NSO Group over alleged infections of their phone by the company’s Pegasus spyware appeared more skeptical Thursday of the vendor’s arguments than those of the reporters. Judge James Donato of the District Court for the Northern District…

Guidepoint Security & Enzoic: Taking on the Password Problem

Compromised passwords remain one of the most common—and preventable—ways attackers gain access to systems. Despite advancements in security tools, weak and reused credentials still leave organizations wide open to phishing, credential stuffing, and account takeovers. To tackle this head-on, password monitoring and threat intelligence firm Enzoic has partnered with GuidePoint Security, a top cybersecurity services…

Guidepoint Security & Enzoic: Taking on the Password Problem

Compromised passwords remain one of the most common—and preventable—ways attackers gain access to systems. Despite advancements in security tools, weak and reused credentials still leave organizations wide open to phishing, credential stuffing, and account takeovers. To tackle this head-on, password monitoring and threat intelligence firm Enzoic has partnered with GuidePoint Security, a top cybersecurity services…

Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident

The Office of the Comptroller of the Currency has notified Congress that a February breach of its email system is classified as a major cybersecurity incident. The incident was first disclosed Feb. 26, though the OCC provided virtually no details at the time, only saying that it had resolved a security incident “involving an administrative…

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft addressed 126 vulnerabilities affecting its systems and core products, including a zero-day in the Windows Common Log File System (CLFS) that’s been actively exploited in a series of ransomware attacks, the company said in its latest security update Tuesday. A group Microsoft tracks as Storm-2460 has exploited CVE-2025-29824 to initiate ransomware attacks “against a…

Are Your NHIs Truly Secure in the Cloud?

Is Your Organization Recognizing the Importance of NHI Security? The intricacies of cybersecurity have only just begun to unveil their complexity. Have you ever paused to ponder the security of your non-human identities (NHIs) within your cloud? NHIs, an often overlooked component of cybersecurity, influence a major role in protecting sensitive data and reducing broad-spectrum…

Arguing Against CALEA

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that…

Google addresses 2 actively exploited vulnerabilities in security update

Google addressed 62 vulnerabilities affecting Android devices in its April security update, including a pair of actively exploited software defects that were first disclosed in December. Google said the two vulnerabilities — CVE-2024-53197 and CVE-2024-53150 — “may be under limited, targeted exploitation.” The pair of flaws under active exploitation are high-severity and affect the Linux…

Video: Proofpoint Simplifies Security Solutions Sales For Partners Through Ingram Micro Xvantage Platform

In this episode of Partner POV, host Katie Bavoso speaks with Chari Rhoades, Vice President of Americas Channel and Partner Sales at Proofpoint, and Eric Kohl, Vice President of Global Vendor Engagement, Security and Networking at Ingram Micro, about a major milestone in the channel:  For the first time ever, partners can quote, sell, and…

The 23andMe Collapse, Signal Gate Fallout

In this episode, we discuss the urgent need to delete your DNA data from 23andMe amid concerns about the company’s potential collapse and lack of federal protections for your personal information. Kevin joins the show to give his thoughts on the Signal Gate scandal involving top government officials, emphasizing the potential risks and lack of…

Ensuring Your NHIs Remain Free From Threats

How Can You Secure Your Organization’s NHIs? You may be pondering about the best practices for protecting your company’s Non-Human Identities (NHIs) and their secrets. To ensure your NHIs are free from threats, it’s essential to understand what NHIs are, why they’re critical, and how to manage them effectively. Unlocking the Mystery Behind NHIs NHIs…

Crafting Impenetrable Defenses for Your NHIs

Why the Buzz about Impenetrable NHIs? You might have heard quite the buzz around impenetrable Non-Human Identities (NHIs). It’s the cornerstone of next-generation cybersecurity. So, is this truly the game-changing approach toward secure defenses we have been looking for? Mastering the Art of Securing Non-Human Identities Seamlessly managing Non-Human Identities is akin to playing a…

Smart Strategies for Managing Machine Identities

Why is Smart Machine Identity Management Crucial? What comes to your mind when you think about cybersecurity? Most often, we conceptualize cybersecurity as a measure to protect user data, financial information, and other forms of human-associated identities. While these are certainly significant, there is an underlying and often underestimated area of cybersecurity – the management…

Are You Certain Your Secrets Are Safe?

Is Your Organization Fully Protected Against Security Breaches? Non-Human Identities (NHIs) have emerged as key players in fortifying the security of cloud environments. When an amalgamation of encrypted keys, these machine identities function as formidable barriers against unauthorized access, ensuring your sensitive data remains uncompromised. Unmasking the Role of Non-Human Identities (NHIs) NHIs are essentially…

North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds

The attackers pose as legitimate remote IT workers, looking to both generate revenue and access sensitive company data through employment. “Europe needs to wake up fast,” according to Google’s Jamie Collier.

China-backed espionage group hits Ivanti customers again

Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company’s VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, CVE-2025-22457, since mid-March. The threat group, which Google Threat Intelligence Group tracks as UNC5221, has a knack for exploiting Ivanti…

International intelligence agencies raise the alarm on fast flux

International intelligence and cybersecurity agencies jointly issued a warning Thursday about “fast flux,” an advanced technique used by cybercriminals and state-sponsored actors to evade detection and maintain resilient command and control infrastructure. Fast flux involves rapidly changing or swapping out IP addresses linked to a particular domain. These quick changes render malicious activity nearly invisible…

Protecting Users: Prevent and Stop Cyberthreats Before They Start With Kaseya 365 User

Discover how Kaseya 365 User enhances end-user protection and prevents threats before they cause damage. The post Protecting Users: Prevent and Stop Cyberthreats Before They Start With Kaseya 365 User appeared first on Kaseya. The post Protecting Users: Prevent and Stop Cyberthreats Before They Start With Kaseya 365 User appeared first on Security Boulevard.

Cyber Command touts AI-driven gains in cybersecurity, network monitoring

A top Cyber Command official said the agency has been able to use generative AI tools to dramatically cut down the time spent analyzing network traffic for malicious activity. Executive Director Morgan Adamski said Wednesday that as Cybercom has worked to build AI capabilities across different missions, the agency is already seeing a return on…

Proactively Managing NHIs to Prevent Breaches

Why is Proactive NHI Management Essential to Prevent Breaches? One might often ponder, how can organizations significantly strengthen their cybersecurity postures? The answer lies in the proactive management of Non Human Identities (NHIs) to prevent breaches. This strategic approach in NHI management serves as a robust framework for organizations to safeguard their sensitive data and…

Independent tests show why orgs should use third-party cloud security services

Businesses don’t always get what they pay for in cybersecurity. Some of the most expensive cloud network firewall vendors are among the worst performers against exploits and evasions, according to the most comprehensive, independent testing CyberRatings.org has conducted to date. Cisco, by far the most expensive cloud network firewall offering across the top 10 vendors…

Unhealthy Cybersecurity Postures

Updates from Enzoic’s Threat Research Team In the last Enzoic research update, we briefly discussed the travails of the healthcare industry and their challenges in establishing a successful cybersecurity posture in the face of a salivating cadre of identity thieves and ransomware operators. In the intervening few weeks, more analyses have been published, including the…

Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity

Witnesses at a House hearing on medical device cybersecurity Tuesday called out the need for more proactive tracking of products used across the country, saying the status quo leaves many health system owners and operators in the dark about vulnerabilities, exploitation and patching updates. Testifying before the House Energy and Commerce Subcommittee on Oversight and…

Driving Innovation with Robust NHIDR Strategies

Are You Incorporating Robust NHIDR Strategies into Your Cybersecurity Approach? This evolutionary process, has spurred an exponential increase in cybersecurity risks. When businesses across multidisciplinary sectors increasingly migrate to the cloud, managing Non-Human Identities (NHIs) and their associated secrets has emerged as a critical approach. Understanding Non-Human Identities and Their Role in Cybersecurity NHIs, or…

Can You Confidently Handle NHI Threats?

Can You Confidently Handle NHI Threats? Why do breaches persist despite the increased attention and budget allocated to cybersecurity? I have noticed a recurring issue – organizations are underestimating the importance of Non-Human Identities (NHIs) in their security frameworks. How can you confidently manage NHI threats and ensure that your security strategy is comprehensive and…

Apple issues fixes for vulnerabilities in both old and new OS versions

Apple released security updates Monday to address software defects in the latest version of the company’s Safari browser and other applications across iOS, iPadOS and macOS.  The security issues addressed across the latest versions of Apple’s most popular platforms include 62 vulnerabilities affecting iOS 18.4 and iPadOS 18.4, 131 vulnerabilities affecting macOS Sequoia 15.4 and…

WordPress Appliance - Powered by TurnKey Linux