At a time when consumers are demanding more personalised, seamless and responsive interactions with the brands they love, Artificial Intelligence (AI) is becoming an important cornerstone of the marketing industry. However, as the capabilities and uses of the technology expand, so do concerns about its ethical implications.
The transformative power of AI is undeniable, whether it is improving customer experiences or assisting marketers. From automating everyday administrative tasks and complex processes to delivering hyper-personalised content, AI is continuing to reshape a wealth of industries and redefine the way they operate. But with great power comes great responsibility.
In 2025, AI ethics will undoubtedly take centre stage, however with the potential for misuse and abuse, businesses will need to define and implement their own ethical frameworks to ensure responsible deployment of the technology. For marketers, making this ethical approach known to customers will be make or break in terms of building and maintaining brand trust. As many take a full steam ahead approach, organisations must consider weaving ethics in at the very beginning of their AI journeys, aligning with regulatory changes, and developing a long-term strategy for success.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
With ever-evolving technology, an increasingly fragmented media landscape, rapidly changing consumer behaviour and a multitude of other challenges, marketing just doesn’t seem to get any easier.
And, of course, there’s the risk of data overload and privacy concerns. Marketing teams have access to vast amounts of data – more than ever before – but effectively analysing and using it to personalise experiences without violating privacy regulations is a complex challenge.
Measurement is more important than ever but marketers will need to optimise in this era of privacy, warns Kate Bird, EMEA senior marketing director at Snap Inc.
She says: “Last year was a year of disruption for marketers – economic uncertainty and the prominence of Gen AI adoption stretched marketers’ energy and budgets. This climate will continue to proliferate in the new year.”
Economic pressures are forcing marketers to increasingly measure their success, and as such, they’re pushing budgets to the lower end of the funnel.
“But as a consequence, digital platforms are rising to the top, having captured 68.8% of the globe’s total ad spend market in 2024,” says Bird. “The platforms that can help marketers optimise their budgets by moving towards measurement like marketing mix modelling (MMM) whilst maintaining investment in awareness at the top of the funnel, will continue to hold influence and be rewarded with ad dollars and customer love.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Research has revealed that nearly a third of global consumer brands have no social commerce strategy in place despite the growing importance of social shopping platforms.
The study of senior marketers at 70 global consumer brands found that while 70% have implemented social commerce strategies, significant gaps remain in how businesses approach social selling and community engagement.
Instagram emerged as the dominant platform for social commerce, with 40% of brands using it as their primary channel – ahead of owned e-commerce platforms at 34%. The photo-sharing app’s influence extends beyond commerce, with one in four marketers planning to allocate at least 25% of their 2025 marketing budgets to the platform.
Patricia Aragón, Global Director of eCommerce Emerging Solutions & Innovation at SAMY Alliance, said: “The fact that nearly a third of consumer brands admit to lacking a social commerce strategy when you can see the growth of platforms like TikTok Shop is astounding.”
The research highlighted shifting consumer search behaviours, with social platforms gaining ground on traditional search engines. While Google remains the primary destination for brand searches at 86%, Instagram (70%) and TikTok (44%) are becoming increasingly important discovery channels.
Short-form video content appears central to marketers’ 2025 plans, with 69% believing Instagram Reels will gain prominence, closely followed by TikTok videos at 66%. These statistics reflect a broader trend towards ‘shoppertainment’ – the fusion of entertainment and commerce.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
The Digital Marketing World Forum (DMWF) Asia is set to return to Singapore’s Marina Bay Sands on February 26-27, 2025, bringing together the region’s most influential marketing leaders for a dive into the future of digital marketing and technology.
This year’s forum places a special emphasis on AI integration and automation, featuring an impressive lineup of speakers from global brands including Coca-Cola, Unilever, PepsiCo, and TikTok.
The two-day conference will run parallel tracks exploring more than 10 themes, from AI-driven marketing strategies to customer experience optimisation. Dr. Luke Soon from PwC Singapore will present ‘Humanising the future of marketing through AI and Automation’ as part of the conference’s focus on emerging technologies.
Several high-impact panel discussions will address the industry’s most pressing challenges. A notable session, ‘From Productivity to Creativity – How to utilise AI in your Marketing Strategy’, brings together experts from Google, PwC Singapore, and First Page Digital to explore practical applications of AI in marketing operations.
Key highlights
- Data & AI innovation: Multiple sessions will explore how brands can harness AI for agile marketing insights, with Intel’s Sahaj Khunteta sharing strategies for driving marketing agility through AI-powered analytics.
- Customer experience focus: The conference features dedicated tracks on personalisation and customer-centric strategies, including a panel on ‘Shaping your digital strategy with Personalised Experiences’ featuring representatives from RBL Bank, Pearson, and AEON.
- Social media evolution: Alexander Lim from TikTok will present ‘Leveraging Gen AI to Create for Commerce’, while other sessions explore emerging social media trends and creator economy strategies.
- E-commerce & omnichannel: Industry leaders from ZALORA Group and MoneyHero will share insights on adapting to changing consumer behaviours in the digital commerce landscape.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Cybersecurity leaders CISOs share insight on a crucial but overlooked task after any security incident: rebuilding trust with the stakeholders that matter the most.
When incident response plans cover the aftermath, they typically focus solely on technical matters, such as root cause analysis or upgrading systems. The problem with this approach is that breaches are not only technical in nature — they can also undermine trust among various internal and external stakeholders of the business.
This loss of trust can be hard to measure, but it manifests concretely. For example, publicly traded companies may lose the enthusiasm of institutional and retail investors. Once popular organizations for tech talent may see their pipeline of applicants dry up. The morale of your cybersecurity team may wane, leading to retention issues and resignations.
In short, CISOs must prioritize rebuilding trust with stakeholders as an equal priority to any technical exercise. After all, no improvement or upgrade matters if stakeholders do not buy into your organization’s overall cybersecurity plan or execution.
Transparency across the incident lifecycle
Christopher Robinson, chief security architect of The Linux Foundation, says transparency is key to rebuilding stakeholder trust. Unfortunately, companies often take the opposite approach.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3825447/how-cisos-can-rebuild-trust-after-a-security-incident.html
The updated malware, which spreads via infected Xcode projects, introduces advanced evasion tactics and persistence mechanisms to bypass security defenses.
Microsoft has warned that a new variant of XCSSET malware is actively targeting macOS users, marking the first update to the malware since 2022.
This latest version has been observed in limited attacks but introduces stronger evasion tactics, updated persistence mechanisms, and new infection strategies that make it more difficult to detect and remove. The malware, which spreads through infected Xcode projects, continues to pose a significant threat to developers and enterprises relying on Apple’s software development ecosystem.
“The latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” Microsoft said in its report posted on X. The malware retains its previous capabilities, including stealing digital wallet data, collecting sensitive files, and exfiltrating user information.
Microsoft has urged macOS developers to remain vigilant and thoroughly inspect Xcode projects before use.
New stealth and persistence techniques
The new XCSSET variant employs advanced obfuscation techniques to evade detection. According to Microsoft, the malware randomizes encoding techniques and iterations, incorporating Base64 encoding alongside traditional xxd (hexdump) encoding to make analysis more difficult.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Stealthy C2 messages operated by the Golang backdoor could easily be mistaken for legitimate Telegram API communication.
Hackers have been found deploying an unfinished Russian malware, written in Golang, that leverages Telegram as its command-and-control (C2) channel.
Netskope Threat Labs, the research wing of the cybersecurity firm Netskope, discovered the malware. “As part of Netskope Threat Labs hunting activities, we came across an IoC being shared by other researchers and decided to take a closer look at it,” Netskope researchers said in a blog post.
The researchers added that the malware (Trojan.Generic.37477095), which presently seems to be under development yet is fully functional, acts like a backdoor on execution.
Abusing Telegram API for C2 communications
According to the researchers, C2 communication being established by the malware could easily be mistaken for legitimate Telegram API deployments, making its detection difficult.
“Although the use of cloud apps as C2 channels is not something we see every day, it’s a very effective method used by attackers not only because there’s no need to implement a whole infrastructure for it, making attackers’ lives easier, but also because it’s very difficult, from defender perspective, to differentiate what is a normal user using an API and what is a C2 communication,” researchers noted.
The backdoor uses Telegram as its C2 mechanism by using an open-source Go package to interact with it, the blog post added. It initially creates a bot instance using Telegram’s BotFather feature which enables creating, managing, and configuring Telegram Bots.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Security experts warn of surge in malware targeting credentials stored in password vaults and managers as adversarial focus and tactics shift. ‘Like hitting the jackpot.’
Security watchers warn of a three-fold increase in malware that targets credential stores, such as password managers and browser-stored login data.
The study by Picus Security, which was based on analysis of 1 million real-world malware samples, also found that 93% of all malicious actions mapped to just 10 MITRE ATT&CK techniques.
Password store security trade-offs
Password stores are secure repositories designed to manage and protect sensitive authentication data, including usernames, passwords, encryption keys, and other credentials. Stores come in various forms, tailored to use cases and resident operating systems.
The main types of password stores include Keychain (for macOS and iOS), built-in password managers in browsers such as Chrome and Firefox, Windows Credential Manager, and dedicated password managers such as LastPass, 1Password, and Bitwarden. The category also includes cloud secrets management stores, like AWS Secrets Manager and Azure Key Vault, and caches and memory of third-party software.
Password stores aim to enhance security by providing encrypted storage and convenient access to credentials, reducing the risk of password reuse and simplifying the management of multiple complex passwords. Unfortunately, the centralized nature also makes them attractive targets for cybercriminals who target them through various strains of malware.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Anomaly detection can be powerful in spotting cyber incidents, but experts say CISOs should balance traditional signature-based detection with more bespoke methods that can identify malicious activity based on outlier signals.
Anomaly detection is an analytic process for identifying points of data or events that deviate significantly from established patterns of behavior. In cybersecurity, anomaly detection is one of the top defensive skills organizations should consider fine-tuning to ensure they can detect and remedy adverse cyber events quickly before they take root and proliferate.
The concept of anomaly detection in cybersecurity was introduced by mathematician Dorothy Denning — who also pioneered the idea of encryption lattices — in a landmark 1987 paper entitled “An Intrusion-Detection Model.” Since then, infosec practitioners and cybersecurity vendors have incorporated Denning’s concepts into their defense techniques, practices, and products.
“Anomaly detection is the holy grail of cyber detection where, if you do it right, you don’t need to know a priori the bad thing that you’re looking for,” Bruce Potter, CEO and founder of Turngate, tells CSO. “It’ll just show up because it doesn’t look like anything else or doesn’t look like it’s supposed to. People have been tilting at that windmill for a long time, since the 1980s, trying to figure out what normal is so they can look for deviations from it to find all the bad things happening in their enterprises.”
The challenge for CISOs now is to know and understand where adverse events are already getting detected in their existing mix of security vendor products. Then, if appropriate, CISOs should consider elevating their anomaly detection game to give their security teams even greater power to detect troubling trends, all while shielding them from alert fatigue.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Thousands of active AWS accounts are vulnerable to a cloud image name confusion attack that could allow attackers to execute codes within those accounts.
According to DataDog research, vulnerable patterns exist in the way multiple software projects retrieve Amazon Machine Image (AMIs) IDs to create Amazon elastic compute cloud (EC2) instances.
“The vulnerable pattern allows anyone that publishes an AMI with a specially crafted name to gain code execution within the vulnerable AWS account,” the researchers said in a blog post. “If executed at scale, this attack could be used to gain access to thousands of accounts.”
The whoAMI attack
Researchers have demonstrated that the attack vector “whoAMI” can impact many private and open-source code repositories. Over 10,000 AWS accounts are vulnerable to this attack, about 1% of the reported one million active AWS deployments.
The whoAMI attack is a name confusion exploit, a type of supply chain attack where misconfigured software is tricked into using a malicious resource. Unlike the dependency confusion attacks, which targets software dependency like pip packages, whoAMI involves a rogue virtual machine image impersonating a legitimate one.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
