{"id":3073,"date":"2024-04-12T14:20:08","date_gmt":"2024-04-12T19:20:08","guid":{"rendered":"https:\/\/www.darkreading.com\/cybersecurity-operations\/ciso-corner-securing-ai-supply-chain-ai-powered-security-platforms-cyber-awareness"},"modified":"2024-04-12T14:20:08","modified_gmt":"2024-04-12T19:20:08","slug":"ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/04\/12\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness\/","title":{"rendered":"CISO Corner: Securing the AI Supply Chain; AI-Powered Security Platforms; Fighting for Cyber Awareness"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt8a677640db2d710f\/6619822c507b52026be5f00d\/robot_race_Chroma_Craft_Media_Group_Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Welcome to CISO Corner, Dark Reading&#8217;s weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We&#8217;re committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.<\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"In this issue of CISO Corner\">In this issue of CISO Corner<\/h2>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The Race for AI-Powered Security Platforms Heats Up<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Why MLBOMs Are Useful for Securing the AI\/ML Supply Chain<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The Fight for Cybersecurity Awareness<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Ambitious Training Initiative Taps Talents of Blind and Visually Impaired<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Vietnamese Cybercrime Group CoralRaider Nets Financial Data<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">XZ Utils Scare Exposes Hard Truths About Software Security<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">NSA Updates Zero-Trust Advice to Reduce Attack Surfaces<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"The Race for AI-Powered Security Platforms Heats Up\">The Race for AI-Powered Security Platforms Heats Up<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Robert Lemos, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Microsoft, Google, and Simbian each offers generative AI systems that allow security operations teams to use natural language to automate cybersecurity tasks.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Both Google and Microsoft have committed massive resources to developing generative artificial intelligence (AI) tools for cybersecurity. Security Copilot from Microsoft can find breaches, gather, and analyze data with help from generative AI. <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/google-gemini-vulnerable-to-content-manipulation-researchers-say\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">Google&#8217;s Gemini in Security<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> is a similar rival service.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Now a startup has entered the fray, Simbian, with its own system that leverages generative AI as well as large language models (LLMs) to help security teams by automating configuring event management systems (SIEM) or security orchestration, automation, and response (SOAR).<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">While each offering has its own set of benefits, they all strive to streamline processes for strained cybersecurity teams. The question that has yet to be answered is whether teams will ultimately trust the automated systems to operate as intended.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/race-ai-powered-platforms-security-platforms\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">The Race for AI-Powered Security Platforms Heats Up<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/how-ai-and-automation-can-help-bridge-the-cybersecurity-talent-gap\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">How AI and Automation Can Help Bridge the Cybersecurity Talent Gap<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Why MLBOMs Are Useful for Securing the AI\/ML Supply Chain\">Why MLBOMs Are Useful for Securing the AI\/ML Supply Chain<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Commentary By Diana Kelley, CISO, Protect AI<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">A machine learning bill of materials (MLBOM) framework can bring transparency, auditability, control, and forensic insight into AI and ML supply chains.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/ics-ot-security\/southern-company-builds-a-power-substation-sbom\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">software bill of materials<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> (SBOM) has become an essential tool for identifying the code that makes up an application, but in the age of artificial intelligence (AI) the SBOM has some limitations in machine learning frameworks.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">A machine learning software bill of materials, or MLBOM, could fill the gaps left in a traditional SBOM and add protections to data and assets.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read More: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/mlboms-are-useful-for-securing-ai-ml-supply-chain\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Why MLBOMs Are Useful for Securing the AI\/ML Supply Chain<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/where-sboms-stand-today\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Where SBOMs Stand Today<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\">The Fight for Cybersecurity Awareness<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Commentary By Erik Gross, CISO, QAD<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Investing in cybersecurity skills creates a safer digital world for everyone.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Spreading awareness of risk is the best way to mitigate cybersecurity risk, but the task of constantly training and re-training people on the latest threats can be daunting. The age of artificial intelligence is making it even more difficult.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Building a culture of security is paramount, and it can be achieved with thoughtful <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/4-ways-organizations-drive-demand-for-software-security-training\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">cybersecurity training<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> with a focus on a personal approach, storytelling, and helping people feel comfortable talking openly about cybersecurity. Humans are unpredictable, and a cybersecurity training process that accepts that humans are complex creatures have had the most success.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read More: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/fight-for-cybersecurity-awareness\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">The Fight for Cybersecurity Awareness<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: Q&amp;A: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/ics-ot-security\/q-a-learning-secure-ot-environments\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">The Cybersecurity Training Gap in Industrial Networks<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Ambitious Training Initiative Taps Talents of Blind and Visually Impaired\">Ambitious Training Initiative Taps Talents of Blind and Visually Impaired<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Jennifer Lawinski, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Novacoast&#8217;s Apex Program prepares individuals with visual impairments for cybersecurity careers.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Blind and visually impaired (BVI) people are an untapped talent resource for <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/filling-cybersecurity-talent-gap\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">cybersecurity companies struggling to attract talent<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">. With just a computer outfitted with a screen reader and Braille keyboard, BVI people can become valuable contributors. Two cyber CEOs have launched Apex Program, an online, on-demand course for BVI people who want to break into cybersecurity.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">So far, four students have completed the course and one has already landed a job as a SOC 1 Analyst. Now the White House is getting involved, and there&#8217;s even a short film in the works featuring the Apex Program.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read More: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-careers\/ambitious-training-initiatve-taps-talents-of-blind-visually-impaired\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Ambitious Training Initiative Taps Talents of Blind and Visually Impaired<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/3-ways-businesses-can-overcome-cybersecurity-skills-shortage\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Vietnamese Cybercrime Group CoralRaider Nets Financial Data\">Vietnamese Cybercrime Group CoralRaider Nets Financial Data<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Robert Lemos, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">With a complex attack chain and using Telegram for its command and control, CoralRaider targets victims in Asian countries \u2014 and appears to have accidentally infected itself as well.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">A newcomer on the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/vietnam-securities-broker-suffered-cyberattack-that-suspended-trading\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">Vietnamese cybercrime<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> scene, a group called CoralRaider is making moves \u2014 and rookie mistakes like infecting their own systems \u2014 along the way.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Security researchers at Cisco Talos have been tracking CoralRaider&#8217;s activities and found they are motivated by profit, even though the group is having trouble getting their operation off the ground. So far, Cisco Talos analysts haven&#8217;t seen any indication CoralRaider has yet successfully delivered a payload, but the group is actively working to improve their cybercrime skills.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read More: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/vietnamese-cybercrime-group-coralraider-nets-financial-data\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Vietnamese Cybercrime Group CoralRaider Nets Financial Data<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/ransomware-junk-bank-accounts-cyberthreats-proliferates-in-vietnam\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Ransomware, Junk Bank Accounts: Cyber Threats Proliferate in Vietnam<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\">XZ Utils Scare Exposes Hard Truths About Software Security<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Jai Vijayan, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The backdoor recently discovered in the XZ Utils tool should be a wake-up call for cyber teams that open source repositories are riddled with vulnerabilities.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">These projects are volunteer-run, under-resourced, and unable to keep up with the latest threats. XZ Utils is itself a one-person operation. Enterprises using code from these open sources do so at their own risk.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Organizations are advised to vet their use of <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/application-security\/how-to-ensure-open-source-pckages-are-not-landmines\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">code from public repositories<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> and determine whether they have appropriate security controls. Experts also recommend having engineering and cybersecurity teams define processes and roles for onboarding open source code.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read More: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/application-security\/xz-utils-scare-exposes-hard-truths-in-software-security\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">XZ Utils Scare Exposes Hard Truths About Software Security<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"NSA Updates Zero-Trust Advice to Reduce Attack Surfaces\">NSA Updates Zero-Trust Advice to Reduce Attack Surfaces<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Dark Reading Staff<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In its ongoing effort to provide both the public, as well as the private, sectors with support in getting on a <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/6-ciso-takeaways-nsa-zero-trust-guidance\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">path to zero trust<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, the National Security Administration has issued guidance related to data protection, or as NSA categorizes it, the &#8220;data pillar.&#8221; Recommendations from the agency include the use of encryption, tagging, labeling, and more.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Prior to this data security guidance, NSA provided a detailed guide to network macro- and micro-segmentation and its role in building up a zero-trust framework.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read More: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/nsa-updates-zero-trust-advice-to-reduce-attack-surfaces\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">NSA Updates Zero-Trust Advice to Reduce Attack Surfaces<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/remote-workforce\/nsa-s-zero-trust-guidelines-focus-on-segmentation\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">NSA&#8217;s Zero-Trust Guidelines Focus on Segmentation<\/a><\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/ciso-corner-securing-ai-supply-chain-ai-powered-security-platforms-cyber-awareness\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to CISO Corner, Dark Reading&#8217;s weekly digest of articles<\/p>\n","protected":false},"author":12,"featured_media":3074,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-3073","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?fit=2560%2C1376&ssl=1",2560,1376,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?fit=300%2C161&ssl=1",300,161,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?fit=640%2C344&ssl=1",640,344,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?fit=640%2C344&ssl=1",640,344,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?fit=1536%2C826&ssl=1",1536,826,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?fit=2048%2C1101&ssl=1",2048,1101,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?fit=1024%2C550&ssl=1",1024,550,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/ciso-corner-securing-the-ai-supply-chain-ai-powered-security-platforms-fighting-for-cyber-awareness-scaled.jpg?fit=2560%2C1376&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3073","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3073"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3073\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/3074"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}