The Department of Know: GitHub drama, AI deletes production data, Claude Security Beta

This week's Department of Know is hosted by Rich Stroffolino, with guests Janet Heins, CISO, ChenMed, and TC Niedzialkowski, Head of IT & Security, Opendoor. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Get the show notes here: https://cisoseries.com/cybersecurity-news-critical-cpanel-zero-day-swiss-black-axe-arrests-hhs-data-center-questions/ Thanks to our episode sponsor, Guardsqaure Attackers are treating your mobile app like an open book. Sixty-three percent of security leaders recently detected app tampering, cloning, or unauthorized modifications. When your code runs in an untrusted environment, you need runtime self-protection and code hardening to keep attackers out. Address tampering before it starts. Learn more at Guardsquare.com. 

Critical cPanel and WHM bug exploited as zero-day Swiss police arrest suspected members of Black Axe group HHS ponders government posture for protecting data centers Get the show notes here: https://cisoseries.com/cybersecurity-news-critical-cpanel-zero-day-swiss-black-axe-arrests-hhs-data-center-questions/ Thanks to our episode sponsor, Guardsqaure Attackers are treating your mobile app like an open book. Sixty-three percent of security leaders recently detected app tampering, cloning, or unauthorized modifications. When your code runs in an untrusted environment, you need runtime self-protection and code hardening to keep attackers out. Address tampering before it starts. Learn more at Guardsquare.com. 

Hackers arrested for selling Roblox accounts Microsoft's patch for a 0-day falls short US & China partner on Dubai scam takedown Get the show notes here: https://cisoseries.com/cybersecurity-news-roblox-hackers-arrested-microsoft-0-day-falls-short-dubai-scam-takedown/ Thanks to our episode sponsor, Guardsqaure AI is speeding up development, but at what cost? While ninety-six percent of teams now use AI tools, eighty-one percent report that AI-generated code has introduced new vulnerabilities into their mobile apps. In a world with automated threats, you need multi-layered, polymorphic security to stay ahead of the curve. Learn more at Guardsquare.com.

FIDO Alliance working on securing AI agent payments Germany suspects Russia in Signal phishing RCE flaw in open-source robotics platform Get the show notes here: https://cisoseries.com/cybersecurity-news-agent-payments-russian-phishing-lerobot-rce-flaw/  Thanks to our episode sponsor, Guardsqaure Is your mobile app truly protected? Relying on the OS isn't enough. A global study of thirteen-hundred security and developer leaders found that ninety-six percent of teams using layered protection reported significantly fewer security incidents. Don't wait for a breach to harden your defenses. Get the protection needed for modern secuirty risks. Learn more at Guardsquare.com.

PhantomRPC flaw enables privilege escalation Checkmarx confirms GitHub data hit dark web PyPI package hacked to push infostealer Get the show notes here: https://cisoseries.com/cybersecurity-news-phantomrpc-flaw-checkmarx-github-dark-web-data-pypi-package-infostealer/ Thanks to our episode sponsor, Guardsqaure Your backend is only as secure as your frontend. Research shows that client-side compromise is now a primary driver of API risk. With sixty-three percent of leaders detecting mobile app tampering or cloning last year, don't leave your mobile app security to chance. Get multilayered protection for your entire mobile app ecosystem from the outside in. Learn more at Guardsquare.com.

ADT says customer data stolen in cyberattack SMS blasting comes to Toronto Researchers find pre-Stuxnet malware targeting engineering software Get the show notes here: https://cisoseries.com/cybersecurity-news-adt-data-breach-toronto-sms-blasting-pre-stuxnet-malware-discovery/ Thanks to our episode sponsor, Guardsquare Mobile app security isn't just a tech issue; it's a revenue issue. A recent global study found that seventy-two percent of organizations experienced a mobile app security incident last year. Even worse? Sixty-five percent saw customer churn or uninstalls as a result. Protect your brand and your bottom line with layered mobile app protection. Learn more at Guardsquare.com.

Link to episode This week's Department of Know is hosted by Rich Stroffolino, with guests Brett Conlon, CISO, American Century Investments, and Michael Bickford, former CISO, New York State Gaming Commission.  Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.

Cosmetics giant Rituals discloses data breach Apple fixes iOS flaw exploited by the FBI Microsoft Teams Helpdesk impersonation Get the show notes here: https://cisoseries.com/cybersecurity-news-rituals-cosmetics-breach-fbi-ios-flaw-fixed-teams-helpdesk-malware-impersonation/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.

OpenAI shares cyber product with government orgs Unauthorized Mythos access, Firebox bugs fixed by Mythos Insurers move to cap LLMjacking cyber payouts Get the show notes here: https://cisoseries.com/cybersecurity-news-new-openai-cyber-product-unauthorized-mythos-access-insurers-to-cap-llmjacking-payouts/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.

CISA lacks Mythos access Lovable denies data leak YouTube opens up deepfake detection tool Get the show notes here: https://cisoseries.com/cybersecurity-news-cisa-lacks-mythos-lovables-leak-by-design-youtubes-deepfake-detection/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.