Microsoft Is Getting a New 'Outsider' CISO

Igor Tsyganskiy inherits the high-profile CISO spot in Redmond, while his predecessor, Bret Arsenault, is named chief security adviser [TechWeb]( Follow Dark Reading: [RSS]( December 07, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Is Getting a New 'Outsider' CISO]( Igor Tsyganskiy inherits the high-profile CISO spot in Redmond, while his predecessor, Bret Arsenault, is named chief security adviser. [Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps]( Four RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation. [CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw]( Adobe patched CVE-2023-26360 in March amid active exploit activity targeting the flaw. [Vulns in Android WebView, Password Managers Can Leak User Credentials]( Black Hat researchers show top password managers on Android mobiles are prone to leak passwords when using WebView autofill function. [Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover]( Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard. [Cracking Weak Cryptography Before Quantum Computing Does]( Worries over crypto's defenselessness against quantum computing has inspired a project that automates the discovery of insecure cryptographic algorithms in open source software. [UK Cyber CTO: Vendors' Security Failings Are Rampant]( The NCSC's Ollie Whitehouse criticizes security vendors for actively working against organizations in their fight against breaches and ransomware. [Embrace Generative AI for Security, but Heed Caution]( AI could be a net positive for security, with a caveat: It could make security teams dangerously complacent. [US Navy Ship Builder Says No Classified Info Leaked in Cyberattack]( Austul USA, a military contractor, alerts law enforcement it quickly mitigated a recent cyberattack on its systems and that an investigation is ongoing. [(Sponsored Article) A Detection and Response Benchmark Designed for the Cloud]( Does your security operation center's performance meet the 5/5/5 benchmark for cloud threat detection and incident response? [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [WordPress Bug 'Patch' Installs Backdoor for Full Site Takeover]( A faux security alert purports to provide a fix for an RCE flaw, but instead creates a user with admin privileges and spreads a backdoor to infected sites. [Embrace Generative AI for Security, but Heed Caution]( AI could be a net positive for security, with a caveat: It could make security teams dangerously complacent. ['AeroBlade' Group Hacks US Aerospace Company]( Aeroblade flew under the radar, slicing through detection checks on a quest to steal sensitive commercial data. [MORE]( PRODUCTS & RELEASES [DTEX Systems Appoints Mandiant Global CTO Marshall Heilman As CEO]( [Cloudbrink Presents Firewall-As-Service for the Hybrid Workplace]( [Keeper Security Survey Finds 82% of IT Leaders Want to Move Their On-Premises Privileged Access Management (PAM) Solution to the Cloud]( [Foresite Cybersecurity Partners With Crowdstrike]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Apple 'Lockdown Mode' Bypass Subverts Key iPhone Security Feature]( Even the most severe security protections for mobile phones aren't all-encompassing or foolproof, as a tactic involving a spoof of lockdown mode shows. LATEST FROM THE EDGE [Name That Edge Toon: On Your Mark...]( Come up with a clever cybersecurity-related caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Enhancing Incident Response Playbooks With Machine Learning]( Cybersecurity analysts use playbooks as a guide to quickly investigate and respond to incidents, but they regularly neglect to keep the process documents up to date. LATEST FROM DR GLOBAL [Middle East CISOs Fear Disruptive Cloud Breach]( Increasingly, businesses are concerned about the speed of their cloud incident response times. WEBINARS - [How to Combat the Latest Cloud Security Threats]( More businesses have shifted critical assets and operations to the cloud, as service providers enhance their security capabilities and companies adapt to more remote workforces. In this webinar, experts outline the top ways that attackers are exploiting cloud services, applications ... - [Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven]( In this session, you'll learn what a holistic approach to SSCS requires, including a comprehensive inventory of your supply chain, connecting risks across the development lifecycle, and leveraging code-to-runtime context to prioritize risks. We'll provide examples of "toxic combinations" between ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119785&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_12.07.23&sp_cid=50878&utm_content=DR_NL_Dark%20Reading%20Daily_12.07.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#1c If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)