CISA to Improve Vulnerability Disclosure Practices

The Cybersecurity and Infrastructure Security Agency (CISA) issued a draft binding operational directive, BOD 20-01, which will require federal civilian executive branch agencies to publish a vulnerability disclosure policy (VDP).

from Cyber Security News https://ift.tt/2L3pNWs

MITRE, CISA, DHS Announce 25 Most Dangerous Software Errors

The Common Weakness Enumeration (CWE™) released its Top 25 Most Dangerous Software Errors (CWE Top 25), a demonstrative list of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software.

from Cyber Security News https://ift.tt/37MUrxa

Government Agencies Remind Citizens: if you "See Something, Say Something"

Local government agencies are reminding citizens to take necessary precautions to be safe this holiday season, such as "See Something, Say Something," to report any terrorism-related behavior and to be aware that scammers, online and in-store, are targeting shoppers this holiday season.

from Cyber Security News https://ift.tt/35FIAPr

U.S. Senators Introduce the Consumer Online Privacy Acts

U.S. Senators unveiled comprehensive federal online privacy legislation to establish privacy rights, outlaw harmful and deceptive practices and improve data security safeguards.

from Cyber Security News https://ift.tt/2OnLzGu

The Need for Speed

Why are mid-sized organizations increasingly putting their hope in Managed Detection and Response providers who focus on real-time triage and investigation into data breach signals as they happen?

from Cyber Security News https://ift.tt/2XQfhH4

Close to 17,000 New Computer Vulnerabilities Disclosed During 2019

There were 16,738 newly-disclosed vulnerabilities during the first three quarters of 2019. 

from Cyber Security News https://ift.tt/2DgnpHy

SIA Identifies 2020 Security Megatrends

The Security Industry Association (SIA) has identified and forecasted the 2020 Security Megatrends,  the top forces at play in security, expected to have far-reaching impacts on businesses across the industry.

from Cyber Security News https://ift.tt/33kBkXF

Stanford University Wins Collegiate Penetration Testing Competition

Students at Stanford University won the Collegiate Penetration Testing Competition, which took place Nov. 22–24 at the Rochester Institute of Technology.

from Cyber Security News https://ift.tt/35vjKBM

New Cyberattack Tactics Against Businesses Require Advanced Network Defenses

The cybersecurity skills shortage has reached an all-time-high, with 53 percent of organizations agreeing they have suffered from this gap.

from Cyber Security News https://ift.tt/35wSItG

Sen. Udall, Heinrich Urge Increase in Funding for Election Security Grants in New Mexico

U.S. Senator Tom Udall and Martin Heinrich are urging the Senate to increase the funding for election security grants to help secure upcoming elections in New Mexico and across the country.

from Cyber Security News https://ift.tt/37vodq3

2019 Homeland Security Today Awards Honorees

Homeland Security Today announced selections for the 2019 Holiday Homeland Security Awards, including Federal Homeland Security Person of the Year Kevin McAleenan, former Acting Secretary of the U.S. Department of Homeland Security.

from Cyber Security News https://ift.tt/37o0tnH

U.S. Senators Raise Concerns Over Funding Shortfall for Cybersecurity Support

Multiple U.S. Senators called on the DHS to resolve the shortfall in funding to the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC).

from Cyber Security News https://ift.tt/346mbdS

Small DDoS Attacks on the Rise: Why These Supersized Assaults Are Going Tiny

Despite their reputation as brute force attacks, Distributed Denial-of-Service incursions are increasingly diversifying as hackers learn that smaller, more targeted attacks often deliver the anticipated outcomes while going under the radar.

from Cyber Security News https://ift.tt/2r9uGGu

New Data Predicts Unprecedented Levels of Holiday Hacking

A new report from Tala Security predicts unprecedented levels of online data theft this holiday season due to a lack of deployed client-side security measures.

 

from Cyber Security News https://ift.tt/2D3k9z7

Government Sector the Most Popular Target for Domain Name Systems Attacks

Government organizations were hit by the highest number of Domain Name Systems (DNS) attacks per year, says the Global DNS Threat Report.

from Cyber Security News https://ift.tt/35ld9Ke

Information Security Forum Releases Guide to Securing Cloud Services

The Information Security Forum (ISF) released its Using Cloud Services Securely: Harnessing Core Controls, which provides a comprehensive approach to securing cloud services for organizations that are considering using, or already actively use, one or multiple cloud service providers (CSPs).

from Cyber Security News https://ift.tt/2KTYbTN

The Future of Security is Converged

Businesses commonly divide their security teams into two silos: physical and cyber/IT, with industrial organizations even dividing their teams across three: physical, operational (OT) and cyber/IT.

from Cyber Security News https://ift.tt/2rTu4VB

Taking Stock of Your Data Security to Deliver a Happy Holiday Shopping Season

Retailers will be particularly susceptible to cyber crime during the most lucrative shopping weekend of the year: Black Friday and Cyber Monday.

from Cyber Security News https://ift.tt/2ql2nou

Smartphone Users Warned About 'Juice Jacking'

The LA District Attorney's Office is warning smartphone users not to use public USB charging stations.

from Cyber Security News https://ift.tt/2O0nvJo

University of North Carolina at Chapel Hill School of Medicine Suffers Ransomware Incident

The University of North Carolina at Chapel Hill School of Medicine notified 3,716 persons whose information may have been affected in a cyber phishing incident. 

from Cyber Security News https://ift.tt/2NYfxAM

How to Achieve Cybersecurity with Patience, Love and Bribery

It’s time to make cybersecurity personal for your employees, train them on best practices and reward them for their success. 

from Cyber Security News https://ift.tt/2NTXiML

Google Will Restrict User's Data to Advertisers

Following scrutiny for its data protection practices, Google will be taking an additional step to further guard user privacy by restricting the amount of data advertisers have access to.

from Cyber Security News https://ift.tt/2rPELZt

Compliance Teams Struggle With Modern Electronic Communication Tech

Many compliance teams in the financial services industry are struggling with limited human resources to oversee the fast-changing electronic communications compliance landscape.

from Cyber Security News https://ift.tt/2qZEKBu

Facebook Glitch Shows Camera Is Activated in the Background

Multiple Facebook users have reported that their iPhone cameras are being secretly activated in the background while they are scrolling through their Facebook feed. 

from Cyber Security News https://ift.tt/377RgPZ

7.9 Billion Records Exposed So Far in 2019

There were 5,183 breaches reported in the first nine months of 2019, exposing a total of 7.9 billion records.

from Cyber Security News https://ift.tt/2KfR9Ij

90 Voice Fraud Attacks Occur Every Minute

Pindrop®'s annual Voice Intelligence Report has uncovered skyrocketing fraud rates, with 90 voice channel attacks occurring every minute in the U.S.

from Cyber Security News https://ift.tt/34OK0H0

Top Challenges When Securing Cloud Services Today

There are many unique challenges involved with securing cloud services. First, data and applications in the cloud are distributed across many services and platforms; each with its own unique set of capabilities, logs and users.

from Cyber Security News https://ift.tt/34TZbP6

Explained: Firewalls, Vulnerability Scans and Penetration Tests

The implementation of a secured perimeter and internal firewall network architecture and conducting Vulnerability Assessments and Penetration Tests (VAPT) are often seen as enough to protect critical business information and guard against unexpected cybersecurity threats. However, as we will discover and despite this approach being a good start, there is substantially more to information security than firewalls and VAPT.

from Cyber Security News https://ift.tt/2qJLa7U

Beyond Business Intelligence – Using AI to Gain Sharper Insights From Your Loss Prevention Data

The data analysis best practices from years past are not irrelevant; in the Loss Prevention world, we’re simply able to build on them to keep getting better at reducing fraud and shrinkage within operations. How can Artificial Intelligence take the efforts of your best talent and your Business Intelligence plan and help make them better?

from Cyber Security News https://ift.tt/2NEs9wH

Microsoft Will Honor California’s New Privacy Rights Throughout the U.S.

Microsoft has promised it will honor the California Consumer Privacy Act (CCPA) throughout the United States. 

from Cyber Security News https://ift.tt/34N05gm

The State of Healthcare Cybersecurity and the Dark Web Economy

There are few industries where the cybersecurity stakes are higher than in the healthcare space, with medical organizations running the risk of life-threatening disruptions at the hands of malicious actors.

from Cyber Security News https://ift.tt/33I5Yeq

Information Security Forum Releases Internet of Things Guide

The Information Security Forum (ISF) announced the release of Securing the IoT: Taming the Connected World, a report that helps security professionals better understand the security implications of the Internet of Things.

from Cyber Security News https://ift.tt/2CATNEr

Data, Privacy, Analytics are Top Concerns for Financial Enterprises

Data, privacy, analytics and customer service are top finance priorities, says a new Protivity report. 

from Cyber Security News https://ift.tt/33IikDu

U.S. Department of Energy to Hold Fifth CyberForce Competition™

The U.S. Department of Energy (DOE) will host its fifth CyberForce Competition™ on Nov. 16. 

from Cyber Security News https://ift.tt/32xDoLr

CISA Launches Cybersecurity Essentials for Small Enterprises

The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks.

from Cyber Security News https://ift.tt/2CAxpLi

DoJ Says Ex-Twitter Employees Acted as Agents for Saudi Arabia, Violated Twitter Users' Privacy

Ali Alzabarah, Ahmad Abouammo, and Ahmed Almutairi, aka Ahmed Aljbreen, were charged for their respective roles in accessing private information in the accounts of certain Twitter users and providing that information to officials of the Kingdom of Saudi Arabia.

from Cyber Security News https://ift.tt/2p57it2

State of Calif. Investigating Facebook for Privacy Practices

California Attorney General Xavier Becerra filed a petition in the San Francisco Superior Court requesting that the court order Facebook Inc. to comply with an outstanding subpoena and investigative interrogatories issued by the Attorney General on behalf of the People of California. 

from Cyber Security News https://ift.tt/2K3oLco

Cybersecurity: A View From the Middle

Cybersecurity can be a scary beast for any organization of any size. The stakes are high. The adversaries are sly. The landscape is always shifting.These challenges can be especially significant for small and medium-sized businesses that have limited resources in capital and specialized expertise.

from Cyber Security News https://ift.tt/33vErwQ

How to Increase Collaboration Between IT and Executive Leadership Teams

For enterprises to implement cloud technology successfully, the C-Suite and IT teams need to work closely to coordinate and deliver a wide range of as-a-service technical offerings. How can enterprises increase the relationship between the board and tech teams and help to develop a prosperous, collaborative partnership?

from Cyber Security News https://ift.tt/2NrY9UP

Orchestrating Cybersecurity Across the Business Ecosystem

Increasing a business’ digital competence is a need that’ll never go away; continual transformation is required to be competitive in the market. So much hinges on getting digital right that entire new disciplines and executive roles are springing up, including the Chief Digital Officer and Chief Transformation Officer. Change makes many people uncomfortable, but it’s a necessity.

from Cyber Security News https://ift.tt/32lBbTm

Research Center's Failure to Encrypt Mobile Devices Leads to $3 Million HIPAA Settlement

The University of Rochester Medical Center has agreed to pay $3 million to the Office for Civil Rights at the U.S. Department of Health and Human Services for the data breaches it suffered during 2013-2017. 

from Cyber Security News https://ift.tt/2rp30xv

Election Security Is Top Priority for U.S. Government, Officials Say

Federal agencies and government officials have released a joint statement affirming that election security is a top priority for the U.S. Government.

from Cyber Security News https://ift.tt/2PVe7rX

Fraud Attacks Increase 30% in Q3 2019

Fraud increased 30 percent overall in Q3 2019 and bot-driven account registration fraud is up 70 percent as cybercriminals test stolen credentials in advance of the holiday retail season.

from Cyber Security News https://ift.tt/2Cp2hOM

Cybersecurity Workforce Needs to Grow 145% to Close Skills Gap

A new study from ISC² estimates the current cybersecurity workforce at 2.8 million professionals and estimates that 4.07 professionals will be needed to close the skills gap (4.07 million professionals).

from Cyber Security News https://ift.tt/2NMobkh

AsusWRT and Amazon Alexa Products Compromised in Data Breach

AsusWRT, a web-based app from Asus that allows users to manage their wifi network and works with smart devices, such as Amazon Alexa products, has been compromised in a data breach, giving hackers access to an user's home network and the ability to hijack smart devices.

from Cyber Security News https://ift.tt/2WMdr9Z

ISC East Keynote Speakers Announced

Security and public safety leaders Deanne Criswell, commissioner of the New York Cirty Emergency Management Department, and Angela Stubblefield, deputy associate administrator for security and hazardoues materials safety at the Federal Aviation Administration (FAA), will headline the 2019 SIA Education@ISC East Keynote Series.

from Cyber Security News https://ift.tt/2JTX8lY

NATO to Update Cybersecurity Services and Systems

The NATO Communications and Information (NCI) Agency released a Request for Quotation (RFQ) valued at 20 million EUR ($22,148,300) to refresh NATO's cybersecurity services.

from Cyber Security News https://ift.tt/36EDi83

Number of Data Breach Reports Skyrocket in Canada Since Privacy Law Came Into Effect

Since November 1st, 2018, The Office of the Privacy Commissioner of Canada has received 680 security breach reports, which is six times the volume received during the same period one year earlier.

from Cyber Security News https://ift.tt/2NRkXfJ

N.J. Cybersecurity Awareness Poster Contest Announced

The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) invites public, private and home-schooled students in grades kindergarten through twelfth to participate in the state of New Jersey’s annual Cybersecurity Awareness poster contest.

from Cyber Security News https://ift.tt/2C9U2Gf

Healthcare Data Breaches Will Cost $4 Billion by Year's End

According to new research, 96 percent of IT professionals agreed that data attackers are outpacing their medical enterprises, holding providers at a disadvantage in responding to vulnerabilities.

from Cyber Security News https://ift.tt/2JMOl5x

American Civil Liberties Union Sues FBI, DEA for Facial Recognition Records

The American Civil Liberties Union and its Massachusetts chapter filed a lawsuit in Boston, Mass. federal court suing the Federal Bureau of Investigation (FBI) and the Drug Enforcement Administration (DEA). 

from Cyber Security News https://ift.tt/2JGPH1q

World's First Domain Registrar Network Solutions Suffers Data Breach

Domain registrar Network Solutions has disclosed a data breach, after a third-party gained unauthorized access to the company's computing systems.

from Cyber Security News https://ift.tt/2r6cM7z