The NSA's zero-trust guidelines and the exposure of over 150,000 vulnerable devices in the UAE highlight the growing need for enhanced cybersecurity across industries, especially as misconfigurations and insecure services leave critical infrastructures at risk. Meanwhile, the rise of software-defined cars and the rapid adoption of AI models introduce …
Continue Reading
A China-linked APT known as "Evasive Panda" orchestrated sophisticated cyber-espionage campaigns by combining watering-hole tactics—compromising legitimate websites to infect visitors—with supply-chain attacks to deliver its modular malware framework, MgBot, which enables downloading additional payloads and data exfiltration. MgBot’s plug‑in architecture allows the actor to spy on …
Continue Reading
The National Institute of Standards and Technology (NIST) has revised the book on creating a comprehensive cybersecurity program that aims to help organizations of every size be more secure. Here's where to start putting the changes into action.
Convincing phishing emails, synthetic identities, and deepfakes all have been spotted in …
Continue Reading
The SEC’s new breach-disclosure rules empower regulators to impose steep civil penalties—potentially ranging from hundreds of thousands up to millions of dollars—for publicly traded companies that fail to report “material” cybersecurity incidents in a timely manner. Enforcement tools include injunctions, disgorgement, officer/director bans, and escalating per-violation …
Continue Reading
More than three-quarters of CISOs across the Middle East, Turkey, and Africa are planning to boost their cybersecurity budgets by at least 10% in 2024, driving total regional investment past $6.5 billion. Driving this growth are escalating cybercrimes — including state-sponsored threats and destructive 'wiper' malware — tighter data regulations, and …
Continue Reading