A CISO's Guide to Avoiding Jail After a Breach

Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit? [TechWeb]( Follow Dark Reading: [RSS]( July 05, 2024 LATEST SECURITY NEWS & COMMENTARY [A CISO's Guide to Avoiding Jail After a Breach]( Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit? [Any IoT Device Can Be Hacked, Even Grills]( Researchers uncover a way to hack the summer cookout — but firmware updates will stop that grilled meat (or tofu) from turning into an inedible mess. [Intel CPUs Face Spectre-Like 'Indirector' Attack That Leaks Data]( "Indirector" targets a speculative execution component in silicon that previous research has largely overlooked. [Friend or Foe? AI's Complicated Role in Cybersecurity]( Staying informed about the latest AI security solutions and best practices is critical in remaining a step ahead of increasingly clever cyberattacks. [(Sponsored Article) Are AI-Based Attacks Too Good for Security Awareness Training?]( With AI, traditional security awareness training faces an existential threat. To ensure its long-term effectiveness, we have to rethink what we train individuals to recognize. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Dark Reading Confidential: Meet the Ransomware Negotiators]( Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion." [Patch Now: Cisco Zero-Day Under Fire From Chinese APT]( Threat actor "Velvet Ant" has been exploiting a vulnerability in Cisco's NX-OS Software for managing a variety of switches, executing commands and dropping custom malware. [Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication]( Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials. [Fintech Frenzy: Affirm & Others Emerge as Victims in Evolve Breach]( A ransomware attack has become a supply chain issue, thanks to the victim's partnerships with other financial services companies. [Stress-Testing Our Security Assumptions in a World of New & Novel Risks]( Categorizing and stress-testing fundamental assumptions is a necessary exercise for any leader interested in ensuring long-term security and resilience in the face of an uncertain future. [MORE]( PRODUCTS & RELEASES [Bloom Health Centers Provides Notice of Data Security Incident]( [Human Technology Inc. — Notification of Data Breach]( [Implementing Zero Trust and Mitigating Risk: ISC2 Courses to Support Your Development]( [Interlock Launches ThreatSlayer Web3 Security Extension and Incentivized Crowdsourced Internet Security Community]( [Odaseva Raises $54M Series C Round to Expand Product Offerings and Continue Category Leadership]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Ransomware Eruption: Novel Locker Malware Flows From ‘Volcano Demon']( Attackers clear logs before exploitation and use "no caller ID" numbers to negotiate ransoms, complicating detection and forensics efforts. LATEST FROM THE EDGE [Networking Without the Hangover]( How Sober in Cyber is redefining professional connections in the security industry. LATEST FROM DR TECHNOLOGY [Apple's AI Moves Will Impact Future Chip, Cloud Security Plans]( Analysts say Apple's black-box approach provides a blueprint for rival chip makers and cloud providers. LATEST FROM DR GLOBAL [Software Productivity Tools Hijacked to Deliver Infostealers]( Innocuous little Windows programs were carrying cheap malware for weeks, exposing customers of the India-based software vendor to data theft. WEBINARS - [Search Capabilities with PostgreSQL: From Standard to Semantic]( In the digital age, the ability to sift through vast amounts of text data efficiently and effectively is crucial. PostgreSQL, a robust open-source relational database, offers various search functionalities that cater to multiple needs, from simple pattern matching to linguistic ... - [Enhance Cloud Security with Cloud-Native Security]( In this webinar, learn how your current cloud security measures may be falling short as you shift to cloud-native, and what new tools and processes you will need to put in place to stay ahead of attackers. [View More Dark Reading Webinars >>]( WHITE PAPERS - [Decode the New SEC Cybersecurity Disclosure Ruling]( - [Continuous Asset Discovery Do and Don'ts]( - [State of Enterprise Cloud Security]( - [A Year in Review of Zero-Days Exploited In-the-Wild in 2023]( - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [Purple AI Datasheet]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124388&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_07.05.24&sp_cid=54154&utm_content=DR_NL_Dark%20Reading%20Daily_07.05.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ea If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)