The SEC is requiring companies to provide standardized information about their cybersecurity risk management and incidents as part of new rules aimed at helping investors. The rules came into effect in September 2023, and companies must now disclose both significant cybersecurity incidents and their risk management processes, with subsequent reports supplementing initial disclosures if necessary. They must also outline their approach to identifying and managing cybersecurity risks in their annual reports. The rules are evidence of growing awareness that cybersecurity threats can significantly impact firms and influence investment decisions.
Hackers Upgraded ClickFix Attack With Cache Smuggling to Secretly Download Malicious Files
Cybersecurity researchers have uncovered a sophisticated evolution of the ClickFix attack methodology, where threat actors are leveraging cache smuggling techniques to avoid traditional file download
