RSS_Virtulization

Russian state cyber-actor Seashell Blizzard has engaged a specialist initial access subgroup to increase its ability to compromise high-value targets globally, according to a new Microsoft report. The multiyear operation has enabled Seashell Blizzard to expand its reach and achieve persistent access in global targets across sensitive sectors. These target sectors include energy, oil and gas, telecommunications, shipping, arms manufacturing and governments. Previously, initial access efforts by Seashell Blizzard have predominantly focused on Ukraine and…

The Electronic Frontier Foundation (EFF) is leading a coalition to attempt to block Elon Musk’s Department of Government Efficiency (DOGE) from accessing the data of millions of government workers in the US. On February 11, the NGO, alongside individual US federal employees and several employee unions, including the American Federation of Government Employees and the Association of Administrative Law Judges, filed a lawsuit against DOGE and the US Office of Personnel Management (OPM). In the complaint,…

Researchers have uncovered a highly sophisticated North Korean campaign to covertly distribute crypto-stealing malware via open source components. SecurityScorecard said in a blog post published this morning that it suspects the infamous Lazarus Group of being behind the live campaign, dubbed Operation Marstech Mayhem. It has already claimed over 230 victims in the US, Europe and Asia. It traced a new “Marstech1” implant back to the “SuccessFriend” GitHub profile, which has been committing malicious as…

Modern factories are increasingly relying on Industrial Internet of Things (IIoT) solutions. This shift is beneficial in many regards, including higher efficiency and transparency, but it also introduces unique cybersecurity concerns. Better vulnerability management for IIoT systems is essential if companies hope to make the most of this technology. The White House’s 2024 cybersecurity report named critical infrastructure risks and supply chain exploits as two of the top threats facing the U.S. today. Notably, IIoT…

For over 20 years, Jim Fowler has built an impressive leadership track record across multiple industries, countries, and companies, turning his love of technology into a powerful driver of business growth. During his six years at Nationwide, where he serves as executive vice president and CTO, the company has grown from $42 billion to $60 billion in revenue, and Fowler’s technology organization has played a critical role in that trajectory. On a recent episode of…

The open-source LLM known as DeepSeek has attracted much attention in recent weeks with the release of DeepSeek V3 and DeepSeek R1, and in this blog, The Tenable Security Response Team answers some of the frequently asked questions (FAQ) about it. Background The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding DeepSeek. FAQ What is DeepSeek? DeepSeek typically refers to the large language model (LLM) produced by…

AI 스타트업인 로스 인텔리전스와 톰슨 로이터 간의 AI 훈련 소송에서 톰슨 로이터가 승소했다. 이번 소식을 보도한 더 버지에 따르면 톰슨 로이터는 2020년에 로스 인텔리전스가 로이터의 법률 연구 플랫폼인 웨스트로(Westlaw)를 무단으로 사용해 로스 인텔리전스의 AI를 훈련시켰다고 주장하며 소송을 제기했다. 웨스트로는 저작 권이 없는 자료를 대거 색인하지만, 그러한 자료를 자체 콘텐츠를 혼합한다. 로스 인텔리전스는 자사의 훈련이 ‘공정 사용’(fair use) 관행에 해당한다고 주장했지만, 사법부는 이에 동의하지 않았다. 대신, 법원은 로스 인텔리전스가 저작권이 있는 자료를 사용함으로써 원래의 가치에 영향을…

지역별 문화적 차이와 맞춤형 접근 필요 버지는 동기 부여 방식과 리더십 스타일이 지역별로 다를 수 있다는 점도 강조했다. 예를 들어, 호주의 경우 사이버보안 전문가 중 상당수가 STEM(과학, 기술, 공학, 수학) 분야 외의 배경을 가지고 있어 리더십 스타일이 더 다양하다는 특징이 있다. 반면, 인도와 같은 지역은 STEM 전공자 비율이 높아 경력 개발 경로가 다르게 형성되는 경향이 있다. 또한, 각국의 데이터 보호 규제 수준에 따라 사이버보안 문제를 인식하고 해결하는 방식도 다르다. 데이터 보호 규제가 오래전부터 확립된 국가에서는…