ISMG Editors: Call for Cooperation at Black Hat Europe 2023

Anna Delaney • December 8, 2023

In this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies and the private sector, regulatory trends, and the cautionary tale of ex-Uber CISO Joe Sullivan.

Cybercrime

API Flaws Put AI Models at Risk of Data Poisoning

Latest

Artificial Intelligence & Machine Learning

Europe Reaches Deal on AI Act, Marking a Regulatory First

David Perera • December 8, 2023

EU officials announced a compromise over a regulation on artificial intelligence in the works since 2021, making the trading bloc first in the world to comprehensively regulate the nascent technology. Europe understands "the importance of its role as global standard setter,” said Thierry Breton.

Finance & Banking

AI Threats to Authentication Lead 2024 Fraud Trends

Suparna Goswami • December 8, 2023

In the future, deepfake technology will have a significant impact on newer forms of authentication such as voice and facial recognition and pose new challenges to defenders, said Ofer Friedman, chief business development officer at AU10TIX, an Israel-headquartered identity verification company.

Cybercrime

ISMG Editors: Ugly Health Data Breach Trends in 2023

Anna Delaney • December 8, 2023

In the latest weekly update, editors at ISMG discuss the rampant rise in healthcare sector attacks and breaches in 2023, the most common vulnerabilities and targets, and remember the life of the Steve Katz, the world's first CISO who inspired generations of security leaders.

3rd Party Risk Management

Proof of Concept: A Guide to Navigating Software Liability

Anna Delaney • December 8, 2023

In the latest "Proof of Concept," Chris Hughes, co-founder and CISO of Aquia, join editors at ISMG to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.

Standards, Regulations & Compliance

FBI to Evaluate Bids to Delay Reporting Cybersecurity Events

David Perera • December 8, 2023

The FBI outlined procedures for publicly traded companies to invoke a delay in reporting material cybersecurity incidents to investors as required under a U.S. SEC rule. Regulators allow companies a pause of up to 60 business days and up to 120 business days for a substantial national security risk.

Cybercrime

Ukrainian, Polish Authorities Latest Phishing Wave Targets

Mihir Bagwe • December 8, 2023

A threat actor with a history of sending Trojan-laced phishing emails targeted Ukrainian and Polish authorities with emails with the subject lines "judicial claims" and "debts," Ukrainian cyber defenders said Thursday. CERT-UA tracks the threat actor as UAC-0050.

3rd Party Risk Management

Feds Warn Health Sector to Watch for Open-Source Threats

Marianne Kolbasuk McGee • December 8, 2023

Open-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.

Next-Generation Technologies & Secure Development

'Krasue' Linux RAT Targets Organizations in Thailand

Prajeet Nair • December 8, 2023

Hackers targeted telecommunications companies in Thailand with a Linux remote access Trojan designed to attack different versions of the open-source kernel, researchers say. Dubbed "Krasue," the malware poses a "severe risk to critical systems and sensitive data," says Group-IB researchers.

Artificial Intelligence & Machine Learning

UK Market Regulator Reviews Microsoft's Interest in OpenAI

David Perera • December 8, 2023

The British antitrust authority is conducting a preliminary review of Microsoft's interest in OpenAI. The agency will examine whether the companies' partnership means Microsoft has material influence or whether it in effect controls more than half of OpenAI voting rights.

Artificial Intelligence & Machine Learning

How a CEO Runs a Company in Wartime

Steve King • December 8, 2023

Yossi Appleboum, CEO of Sepio Systems in Israel, discusses the international support for Israel in the Israel-Hamas war and what his employees are doing to support the war effort, how the war is affecting Sepio Systems' performance and how generative AI can be "not a tool but a member of your team."

Governance & Risk Management

The Joint Commission Unveils New Data Privacy Certification

Marianne Kolbasuk McGee • December 7, 2023

The Joint Commission is kicking off a new voluntary certification program for hospitals' "responsible use" of health data. The effort aims to help address growing privacy concerns over the secondary use of patient data by third parties for artificial intelligence initiatives and other activities.

Training & Security Leadership

Microsoft CISO, Deputy CISO Reassigned in Management Shakeup

Cal Harrison • December 7, 2023

Microsoft has demoted its CISO after 14 years on the job, reassigned its deputy CISO and named Igor Tsyganskiy - a former CTO at Bridgewater Associates who just joined Microsoft four months ago as chief strategy officer - as its new chief information security officer.