With the US government now tying security clearances to the support of specific political positions, many in the security community fear it may tar US vendors with the same brush as their Russian and Chinese counterparts. Will enterprise CISOs now have to worry about whether they can rely on American threat intel? More broadly, will security vendors, many of whom absolutely need security clearances for financial survival, take problematic positions to retain or obtain those clearances?  “The reality is that I don’t think CISOs are cognizant of the implications here. The fact that Trump cozies up to Russia is problematic at best,” said serial enterprise security chief Jim Routh. Routh has held CISO and other senior cybersecurity roles at MassMutual (CISO), CVS (CSO), Aetna (at different times, both CSO and CISO), KPMG (CISO), American Express (CISO) and JP Morgan Chase (Global Head of Application, Mobile and Internet Security). Today he serves as the chief trust officer at security vendor Saviynt. Routh argued that threats from Russia, China, North Korea, and Iran are much more important today than a few years ago. With government intelligence resources being sharply cut back, that means that enterprises must rely far more on commercial cybersecurity intelligence and services. Those are the firms that need security clearances, and what the White House did is politicize the process, Routh said.  “This is an issue that CISOs need to worry about, and I don’t think they are,” Routh said.  Risk that CISOs will lose faith in US firms The risk with the politicization of security clearances is that CISOs around the world, including CISOs representing American enterprises, are going to start losing faith in the integrity of information coming from US cybersecurity companies.  Routh said that he believes that, because he did it himself. When he was the CISO at Aetna, the team was evaluating Russian cybersecurity firm Kaspersky.  Even though the technology was excellent and the group had heard nothing specifically bad about Kaspersky, they knew that it was tightly integrated with the Russian government, and they simply didn’t trust the Russian government. “I remember bouncing Kaspersky from everything in our enterprise,” Routh said. “[Kaspersky] had some good capabilities but it was simply not worth it. We made a tradeoff decision,” Routh said, describing the relationship between Kaspersky and Russia as “cloudy and uncertain, very similar to China and ByteDance.” Beauceron Security CEO David Shipley echoed and extended Routh’s concerns. “What happens if [the Trump administration] asks you to look the other way on something?” such as the deletion of Russian state actor cyber attacks from threat intel files, Shipley asked. “Let’s say that certain exploits are being designed by [now friendly governments] and they say, ‘Don’t report this in your EDR.’” He said that Trump’s actions are, perhaps unintentionally, a massive gift to cybersecurity firms elsewhere — from Canada, Australia, Israel, India, Germany and Japan, places that would love to displace US cybersecurity firms. “The American tech brand itself just suffered a brutal beating. If I was a global CISO, I would be re-evaluating where I am sourcing my technology from to make sure that they are not being interfered with by their government,” Shipley said. “People have to start planning to switch technology vendors to those based in countries where the rule of law still exists and democratic norms still exist. The damage to the American technology brand will be incalculable. CISOs need [cybersecurity vendors] that are not following the political whims of whoever is in office.” Other than Kaspersky, Shipley, and others, referred to Chinese security equipment maker Nuctech as another good example of a security company tainted by its relationship with its government.  What brought this on This is mostly a reaction to a White House order on Wednesday that tied security clearances to supporting political concepts.  The order chastised Chris Krebs, the former head of Trump’s Cybersecurity and Infrastructure Security Agency (CISA).  “Krebs’ misconduct involved the censorship of disfavored speech implicating the 2020 election and COVID-19 pandemic. CISA, under Krebs’ leadership, suppressed conservative viewpoints under the guise of combatting supposed disinformation, and recruited and coerced major social media platforms to further its partisan mission,” it read. Trump then announced the punishment: “Those who engage in or support such conduct must not have continued access to our Nation’s secrets. Accordingly, I hereby direct the heads of executive departments and agencies (agencies) to immediately take steps consistent with existing law to revoke any active security clearance held by Christopher Krebs. I further direct the Attorney General, the Director of National Intelligence, and all other relevant agencies to immediately take all action as necessary and consistent with existing law to suspend any active security clearances held by individuals at entities associated with Krebs, including SentinelOne, pending a review of whether such clearances are consistent with the national interest.” On Thursday, Krebs resigned from SentinelOne, presumably hoping that Trump would then spare the company and not remove its employees’ security clearances.  The current status of the security clearances for both Krebs and SentinelOne is unclear. The White House statement said the agency heads should revoke Krebs’ credentials, but it never said if that had happened yet. The same situation exists with SentinelOne. Neither the White House press office nor the media relations contact at SentinelOne commented on the clearance’s current status.  Kurtis Minder, the CEO of GroupSense, a Virginia company that sells threat intel to enterprises, said that the kind of wholesale switching of cybersecurity companies described is difficult, but it may ultimately happen. “When CISOs have to start taking into account the pedigree of the [security vendor’s] leadership and the political positions that they have held in the past, in my mind that becomes untenable,” Minder said. “It may have to happen, and that is a bad thing.” “US CISOs would have to start wondering if those companies were safe bets,” he said, and “it would resurface concerns” about governments asking for spyware and backdoors.  Minder was one of several cybersecurity executives who are waiting to see if the SentinelOne incident proves to be isolated, or the beginning of a trend. “Depending on how this one is pushed, and if it happens to another cybersecurity company for any reason,” Minder said, “this is the first volley and we’ll have to wait and see where it lands.” Minder was candid when asked what his firm would do if a government asked them to do something that he felt would hurt their customers, and threatened to yank security clearances if they refused.  He said that he would bring it to the company’s board, and all options would be evaluated in line with fiduciary obligations.  Could just be payback But not everyone interpreted the security clearance order as especially problematic. “I think this is primarily an issue with Trump and Chris specifically. It has to do with the election issue. SentinelOne is just temporary collateral damage,” said Steve Zalewski, the former CISO at Levis Strauss. He has held senior cybersecurity roles at both Pacific Gas & Electric and Kaiser Permanente; today he is a cybersecurity advisor for S3 Consulting. “Trump is just being a New Yorker who does not forget a slight. Chris crossed him and this is payback,” Zalewski said. “What if he does it to other security companies? I don’t think that is in [Trump’s] mind. I don’t think he’s trying to make a deal. He’s just doing a little payback.” Most analysts declined to comment on the Trump efforts, but Will Townsend, a principal analyst with Moor Insights & Strategy, said he doubts that the order will have much of an impact on the industry. “The US boasts the most cybersecurity companies in the world, led by Microsoft, Cisco, CrowdStrike, Palo Alto Networks, and Zscaler, among many others including SentinelOne. I don’t foresee CISOs moving their business to other regions based on what’s materialized with Krebs resignation,” Townsend said. “Many may speculate that the pressure on Krebs was politically motivated, since he led CISA, but only those with security clearances will know the truth, and if SentinelOne truly poses any risks as a security provider to the US federal government.”

The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users’ wallet addresses with their own.

The president revoked the former CISA director’s security clearance, half a decade after Krebs challenged right-wing election disinformation, prompting his eventual resignation.

A recent comprehensive security audit has revealed that 43% of the top 100 mobile applications used in enterprise environments contain critical vulnerabilities that could allow malicious actors to access sensitive corporate data. These vulnerabilities primarily exist in apps’ data storage mechanisms, authentication protocols, and network communication implementations, creating significant security risks for organizations worldwide. The The post 43% Top 100 Enterprise-Used Mobile Apps Opens Door for Hackers to Access Sensitive Data appeared first on Cyber Security News.

After threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute — extending its government contract for another 11 months. After that, it looks like it’s up to the private sector to find the cash to keep it going.

In today’s hyperconnected business environment, security teams face unprecedented challenges protecting organizational assets against increasingly sophisticated threats. Threat modeling stands out as a structured methodology that helps organizations systematically identify, evaluate, and prioritize potential security threats before they manifest. This proactive approach moves beyond reactive security measures, empowering leadership teams to make informed decisions about The post Why Threat Modeling Should Be Part of Every Security Program appeared first on Cyber Security News.

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement

The future of GRC (Governance, Risk, and Compliance) is being reshaped as organizations navigate complex challenges at the crossroads of sustainability, digital security, and regulatory oversight. Traditional GRC frameworks that treated these domains as separate functions are rapidly becoming obsolete. Forward-thinking leaders recognize that Environmental, Social, and Governance (ESG) considerations, cybersecurity threats, and evolving regulatory The post The Future of GRC – Integrating ESG, Cyber, and Regulatory Risk appeared first on Cyber Security News.

In today’s rapidly evolving digital landscape, Chief Information Security Officers (CISOs) face unprecedented challenges as cyber threats grow in sophistication and frequency. The year 2025 has witnessed a significant shift in how organizations approach cybersecurity, with CISOs stepping out of traditional IT departments to join executive leadership teams. This evolution reflects the strategic importance of The post Top Security Frameworks Used by CISOs in 2025 appeared first on Cyber Security News.

A sophisticated cyberespionage campaign leveraging malicious Microsoft Management Console (MMC) scripts to deploy the stealthy MysterySnail remote access trojan (RAT).  First identified in 2021 during an investigation into the CVE-2021-40449 zero-day vulnerability, MysterySnail RAT had seemingly disappeared from the cyber threat landscape.  Attributed to the Chinese-speaking threat actor known as IronHusky, which has operated since The post Hackers Weaponize MMC Script to Deploy MysterySnail RAT Malware appeared first on Cyber Security News.

Chinese Ambassador to Russia Zhang Hanhui has officially announced Beijing’s intention to strengthen strategic cooperation with Moscow in cybersecurity, signaling a significant expansion of the two nations’ digital partnership.  The announcement comes as both countries seek to counter what they describe as Western digital hegemony while developing a shared framework for cyber governance. Strategic Partnership The post China Plans to Strengthen Its Cybersecurity Cooperation With Russia appeared first on Cyber Security News.

Although MITRE’s contact has been extended for 11 more months, uncertainty remains un the cyber community. 

LummaStealer, a sophisticated information-stealing malware distributed as Malware-as-a-Service (MaaS), has evolved with new evasion techniques that abuse legitimate Windows utilities. Originally observed in 2022 and developed by Russian-speaking adversaries, this malware has demonstrated remarkable agility in evading detection while targeting a wide range of Windows systems. Its primary function is to collect sensitive data including The post LummaStealer Abuses Windows Utility to Execute Remote Code Mimic as .mp4 File appeared first on Cyber Security News.

If security tools are challenging to use, people will look for workarounds to get around the restrictions.

width=”5000″ height=”2812″ sizes=”(max-width: 5000px) 100vw, 5000px”>Übernahmeaktivitäten bergen auch mit Blick auf die Security Risiken.NESPIX – shutterstock.com Im Rahmen ihrer Arbeit an dem kürzlich veröffentlichten Report „2025 Data Security Incidcent Response“ (PDF) haben Security-Experten der US-Anwaltskanzlei BakerHostetler den gefährlichsten Zeitraum für die Unternehmenssicherheit ermittelt. Wie Übernahmen Cyberrisiken treiben Demnach ist der Zeitabschnitt unmittelbar nach Abschluss einer Übernahme besonders erfolgversprechend für Cyberangriffe. Dafür gibt es mehrere Gründe: Angst vor Upgrades: Weil die Manager nicht wissen, was die neue Muttergesellschaft vorhat und kein Budget verschwenden wollen, zögern sie, in Upgrades oder neue Sicherheitstechnologien zu investieren. Talentflucht: Bei einer Übernahme verlassen häufig viele gute Mitarbeiter das Unternehmen – etwa, weil sieAngst haben, entlassen zu werden. Erschwerend kommt hinzu, dass das Management meistens zögert, die Abgänge auszugleichen – solange keine Entscheidungen hinsichtlich der Integration getroffen wurden. Ablenkungen: Bis Layoff- oder Integrationsentscheidungen getroffen werden, ist damit zu rechnen, dass die Belegschaft abgelenkt und nervös ist. Das macht sie anfällig für die Taktiken krimineller Hacker. Eine zentrale Erkenntnis des Reports von BakerHostetler ist, dass die Zahl der Betrugsfälle mit elektronischen Überweisungen in Unternehmen stark zugenommen hat: Laut der Studie stieg das Schadensvolumen von 35 Millionen Dollar im Jahr 2023 auf satte 109 Millionen Dollar im Jahr 2024. Craig Hoffman, Co-Leiter des Teams für digitale Risikoberatung und Cybersicherheit bei BakerHostetler, führt diesen rasanten Anstieg insbesondere auf die massiven Security-Probleme zurück, die im Rahmen von Übernahmen mit Blick auf Wartefristen entstehen. Diesen Zeitraum nutzten Cyberkriminelle inzwischen ganz gezielt aus, so der Experte. „Dabei machen die Angreifer sich auch KI zunutze in Form von Deep-Fake-Attacken und profitieren davon, dass die Mitarbeiter noch nicht mit dem Management des neuen Eigentümers vertraut sind. Das steigert das Potenzial erheblich, Teile der Belegschaft dazu zu verleiten, auf betrügerische Maschen hereinzufallen, beispielsweise mit Überweisungen“, so Hoffman. M&A-Risiken – das raten Experten Die Erkenntnisse des Reports decken sich mit den Erfahrungen und Beobachtungen diverser Cybersicherheitsexperten und -entscheidern. Fritz Jean-Louis, Principal Cybersecurity Advisor bei der Info-Tech Research Group, rät seinen Kunden beispielsweise regelmäßig dazu, die Integration eines Unternehmens, das übernommen wurde, so weit wie möglich zu beschleunigen: „Bei einem Merger können Sie es sich nicht leisten, sich Zeit zu lassen. Nach der Due-Diligence-Prüfung sollte das Onboarding so schnell wie möglich erfolgen. Denn Sie müssen damit rechnen, kein vollständiges Bild zu haben.“ Steve Zalewski, ehemaliger CISO von Levi Strauss und Security-Berater, setzt in solchen Situationen hingegen auf eine „harte Firewall“ zwischen dem Unternehmen und seinem Übernahmeziel: „Nur wenn diese Trennung aufrechterhalten wird, ist es möglich, Pläne und Budgets aufzustellen – und herauszufinden, wie sich die Übernahme tatsächlich gestalten lässt.“ Michael Lines ist als ehemaliger CISO von PwC und Geschäftsführer des Sicherheitsanbieters Heuristic Security ebenfalls vertraut mit erhöhten Sicherheitsrisiken nach Übernahmen: „Allzu oft bildet die Informationssicherheit das Schlusslicht bei Firmenübernahmen und wird erst spät in den Prozess einbezogen. Dazu kommt, dass bei M&A-Aktivitäten oft die unausgesprochene Erwartung vorherrscht, keine großen Wellen zu schlagen, um den Deal nicht zu gefährden. Anders ausgedrückt: Geschäftsinteressen entscheiden darüber, ob ein Deal zustande kommt – Security ist in der Regel nur ein Kästchen zum Ankreuzen.“ David Shipley, CEO von Beauceron Security, sieht eine optimierte Kommunikation als bestes Mittel gegen die Übernahmerisiken: „Es ist wichtig, dass Klarheit über die Erwartungen herrscht. Setzen Sie Standards und beseitigen Sie Unsicherheiten – denn die sind es, die erfolgreiche Cyberangriffe erst ermöglichen. Eine Kommunikationsstrategie für den Zeitraum nach Firmenübernahmen, der sich auf Menschen, Prozesse und Kultur konzentriert, kann an dieser Stelle helfen.“ Verzichten sollten Unternehmen nach Meinung des Managers hingegen auf „Flickschusterei“. Aus guten Gründen: „Eine überstürzte IT-Umstellung birgt mehr Risiken als fast alles, was ein Cyberangreifer möglicherweise anrichten könnte.“ (fm) Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox.

Ghost Ransomware, also known as Cring, has emerged as a formidable cyber threat targeting organizations across more than 70 countries. Since its first appearance in 2021, this malware variant has rapidly evolved into one of the most dangerous ransomware strains, combining sophisticated encryption with aggressive extortion tactics. In February 2025, the FBI and CISA issued The post Ghost Ransomware Breaching Organizations in Over 70+ Countries appeared first on Cyber Security News.

In today’s hyper-connected business world, cybersecurity audits are not just a regulatory requirement but a vital component of organizational risk management and digital trust. The frequency and sophistication of cyber threats are rising, as are customers’, partners’, and regulators’ expectations. Many organizations, however, still treat audits as last-minute hurdles, leading to unnecessary stress, missed vulnerabilities, The post How to Prepare for Your Next Cybersecurity Audit appeared first on Cyber Security News.