Infosecurity Magazine

As AI becomes an integral part of organisational operations, the challenges of managing associated risks are growing exponentially. Our upcoming webinar with AuditBoard will explore the evolving risk landscape of AI, focusing on key concerns such as ethics, compliance, and vulnerabilities, with a specific emphasis on European organisations Join us on January 23rd to learn strategies for evaluating AI-driven risks and implementing robust governance practices: https://bit.ly/3ZssHuz

Lookout has discovered three new surveillance tools developed and deployed by Russia and China. BoneSpy and PlainGnome are Android spyware implants developed by Gamaredon, an APT group associated with the FSB. They have been active since 2021 and 2024, respectively. EagleMsgSpy is a lawful surveillance tool likely developed by Wuhan Chinasoft Token Information Technology and used by many government agencies in mainland China since at least 2017. Find out more about these newly discovered surveillance tools here: https://bit.ly/4fFUXih #spyware #surveillance #mobile #Android #iOS #Gamaredon #FSB #APT #APTgroup #BoneSpy #PlainGnome #EagleMsgSpy #Russia #China #cyberespionage #espionage

The Infosecurity team wishes you a very merry Christmas and happy holidays! May your season be filled with joy, warmth, and cherished moments with loved ones. Thank you for being a part of our community—we look forward to connecting with you in the new year!

Leadership training and skills are severely lacking in the cybersecurity industry, especially as cybersecurity continues to evolve as a critical business issue. Findings from ISC2’s latest Cybersecurity Leadership Survey are concerning, according to the accreditation body’s CISO, Jon France CISSP, ChCSP. Only 63% of cybersecurity professionals have received formal leadership training, and 81% primarily learn by observing other leaders. Read our article to discover how these gaps in leadership skills could impact the future of cybersecurity: https://bit.ly/41Fhvw8 #cybersecurity #skills #skillsgap #talentgap #ISC2 #certification #CISO #CISOs #workforce #leadership #survey

Security analysts face endless alerts from firewalls, IDS, servers, and logs—making it difficult to spot real threats. And with rising storage and compliance costs, and smaller teams are more likely to feel the pressure. Watch our on-demand Centripetal webinar to see how to tackle alert fatigue, and stay ahead of evolving cyber threats: https://bit.ly/4fo1lv2

With cyberattacks growing in sophistication and frequency, a survey by Gartner highlighted that 87% of CISOs and tech executives are planning to increase security spending by 2025. To optimize investments and meet these challenges, organizations are focusing on simplifying security strategies through innovations in identity and access management. Learn more about how 2025 trend predictions for the frontline workforce are shaping the future of security in the latest article by Imprivata: https://bit.ly/3ZAyux1

The Federal Communications Commission is looking to expand cybersecurity requirements for US telecommunications firms following the Salt Typhoon 🇨🇳 cyber-attack which impacted at least 8 US communications firms. The FCC has proposed a rule requiring communications firms to annually certify their cybersecurity risk management plans. Additionally, the Commission is seeking to clarify that telecommunications carriers have a legal obligation to protect their networks from unauthorized access and interception. These measures aim to strengthen the security of the nation's communications infrastructure. Read the full story here: https://bit.ly/4iy5w9E #FCC #China #US #SaltTyphoon #Cyberattack #cyberespionage #telcos #telecoms #Verizon #Lumen

In recent years, cyber risks in the energy sector have surged. Nation-state actors and cybercriminal groups are increasingly targeting Industrial Control Systems (ICS), many of which are Internet-connected and vulnerable to threats like unauthorized access, manipulation, and ransomware. Join us for a 30-minute webinar on December 19 and gain insights from a Censys expert on: ✅The current trends in internet-facing ICS device exposures ✅How to gain visibility into different types of ICS exposures today ✅Strategies to mitigate cyber risks in these devices Register today: https://bit.ly/4gj9od1

The Federal Bureau of Investigation (FBI) has issued new guidance for the public to protect themselves from criminals who are using generative AI to enhance financial fraud schemes. A new alert from the US government agency’s Internet Crime Complaint Center (IC3) highlighted how these tools enable malicious actors to commit fraud on a larger scale and increase the believability of their schemes. Read the full article: https://bit.ly/4fn6Hpw

A recent survey by Red-Button: DDoS Experts found that only 25% of organizations feel fully prepared to respond to DDoS attacks. Despite having protection technologies in place, many businesses remain uncertain about their defenses, often due to a lack of actionable insights from proper testing. Testing is the only way to uncover potential vulnerabilities, but effective testing requires knowing what to look for and challenging common misconceptions. Redbutton’s latest feature explores how organizations can gain clarity and confidence in their DDoS defenses. Read more here: https://bit.ly/4fnazGV