CISOs Rethink Data Security With Info-Centric Framework | Malware-Free Cyberattacks Are on the Rise

The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy. [TechWeb]( Follow Dark Reading: [RSS]( April 27, 2023 LATEST SECURITY NEWS & COMMENTARY [CISOs Rethink Data Security With Info-Centric Framework]( The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy. [Malware-Free Cyberattacks Are on the Rise; Here's How to Detect Them]( Last year, 71% of enterprise breaches were pulled off quietly, with legitimate tools, research shows. ['Good' AI Is the Only Path to True Zero-Trust Architecture]( Ultimately, AI will protect the enterprise, but it's up to the cybersecurity community to protect "good" AI in order to get there, RSA's Rohit Ghai says. [Millions of Artifacts, Misconfigured Enterprise Software Registries Are Ripe for Pwning]( Researchers find 250 million artifacts and 65,000 container images exposed in registries and repositories scattered across the Internet. [Rethinking Safer AI: Can There Really Be a 'TruthGPT'?]( Is Elon Musk's "maximum truth-seeking AI" achievable? Overcoming bias in artificial technologies is crucial for cybersecurity, but doing it could be a challenge. [North Korea's Kimsuky APT Keeps Growing, Despite Public Outing]( Kim Jong Un's Swiss Army knife APT continues to spread its tendrils around the world, showing it's not intimidated by the researchers closing in. [3CX Supply Chain Attack Tied to Financial Trading App Breach]( Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies. [Expert Insight: Dangers of Using Large Language Models Before They Are Baked]( Today's LLMs pose too many trust and security risks. [Effects of the Hive Ransomware Group Takedown]( Despite some success in limiting damage from Hive, there's no time to relax security vigilance. [Building a Better SBOM]( Generating an SBOM is easy. It's generating one that's comprehensive and accurate that's hard. [Cybersecurity Survival: Hide From Adversarial AI]( Consider adding some security-through-obscurity tactics to your organization's protection arsenal to boost protection. Mask your attack surface behind additional zero-trust layers to remove AI's predictive advantage. [GPT-4 Provides Improved Answers While Posing New Questions]( As is typical with emerging technologies, both innovators and regulators struggle with developments in generative AI, much less the rules that should govern its use. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Twitter's 2FA Policy Is a Call for Passkey Disruption]( Overcoming the limitations of consumer MFA with a new flavor of passwordless. [The Tangled Web of IR Strategies]( Attackers have their methods timed to the second, and they know they have to get in, do their damage, and get out quickly. CISOs today must detect and block in even less time. [MORE]( EDITORS' CHOICE [Metaverse Version of the Dark Web Could be Nearly Impenetrable]( Law enforcement will likely find it much harder to take down criminal activities on the "deepverse." LATEST FROM THE EDGE [New Policy Group Wants to Improve Cybersecurity Disclosure, Support Researchers]( The new Security Legal Research Fund and Hacking Policy Council are aimed at protecting "good faith" security researchers from legal threats and giving them a voice in policy discussions. LATEST FROM DR TECHNOLOGY [Bot Management Aims to Tame Attacker Automation]( Websites, cloud services, and API servers are seeing ever more automated traffic — aka bots — forcing companies to find ways to separate the digital wheat from the chaff. WEBINARS - [Why Threat Modeling Is Critical for Enterprise Cyber Defense]( As enterprises deal with multiple threats coming in different forms, security teams are shifting to a risk-based security to handle these challenges. One of the key tools is threat modeling, a process intended to help identify potential weaknesses and prioritize ... - [How to Launch a Threat Hunting Program]( Security teams need to be more proactive about finding threats before they can cause too much damage. How do these enterprises build threat hunting programs? What stakeholders needs to be involved? What skills are necessary for the threat hunting team? ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Ultimate Guide to the CISSP]( - [ESG Report: Automated Application Security Testing for Faster Development]( - [AppSec Best Practices: Where Speed, Security, and Innovation Meet in the Middle]( - [Adopting a Defense-in-Depth Approach to IT Security]( - [The Big Business Of Cybercrime: A Deep Dive Guide]( - [The Cloud Security Workflow Handbook]( - [Rediscovering Your Identity]( [View More White Papers >>]( FEATURED REPORTS - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [BigID and Thales Collaborate to Deliver Comprehensive Data Protection and Privacy Compliance]( [Akamai Introduces Prolexic Network Cloud Firewall]( [CyberGRX Announces Winners of the Inaugural Cyber Risk Nation Awards]( [BlackBerry Extends Partnership With Managed Security Services Provider (MSSP) to Ensure SMBs are Set Up for Cyber Success]( [Vantage Travel Experiences Data Security Incident]( [Datadog's 2023 State of Application Security Report Presents Top AppSec Trends]( [ReliaQuest Adds AI Capabilities to GreyMatter Intelligent Analysis]( [NetWitness Partners With Palo Alto Networks, Broadcom to Launch SASE Packet Integrations at RSA Conference 2023]( [Forcepoint Delivers Data Security Everywhere, Extending DLP Policies From Endpoints to the Cloud]( [Dig Security Announces New Integration With CrowdStrike]( [Google Workspace Extends Enterprise-Grade Security and Device Management for Hybrid Work With Okta and VMware]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)