The way forward with Risk Operations Centers

In recent years, Enterprise Risk Management has become increasingly focused on cybersecurity risks. While this focus on cyber is understandable, the current COVID crisis has demonstrated that the unpredictable nature of cascading risks requires viewing risk through a much wider risk aperture. One way forward to successfully navigate this new risk frontier is the establishment of a Risk Operations Center (ROC). The ROC enables enterprise and technology leaders to have the continuous monitoring they require to proactively mitigate all cyber issues. Additionally, it fully supports the CISO/cybersecurity leader's principal responsibilities identified by the HBR survey.

from Cyber Security News https://ift.tt/2XgW8iu

Salesforce policy change poses grave security implications

COVID-19 has completely changed our world from six months ago, as we continue to battle the grave health implications, face extended stay at home orders, and grapple with the insurmountable ramifications on our economy. The pandemic has also forever changed the cyber threat landscape, with our workforce becoming more dispersed, and potentially more vulnerable, than ever as organizations switch out of the confines of their offices and move entire data streams to their laptops and home offices. On top of this, Salesforce has announced it is ending its Data Recovery service on July 31st, which is putting all of the data protection responsibilities, and the dire consequences that comes along with it, on the backs of the customer. 

from Cyber Security News https://ift.tt/30geFh5

The failing approach of managing cybersecurity

To address this current losing war with cyberattackers, the future of cybersecurity requires augmenting the current focus of “indicators of compromise” with “indicators of exposure & warning” in real-time. Where the measure would be to gauge the shift of incident management that would tilt on managing more incidents at warning stages than on compromise stages. It is imperative to build an AI engine to perform this very task as that would be the only way to perform in real-time, scale with the growing nature of cloud as well as to cover the evolving nature to attack scenarios.

from Cyber Security News https://ift.tt/2XbNRfZ

COVID-19's impact on dark web travel agencies

Digital Shadows has published an updated blog which examines the state of the dark web travel industry. 

from Cyber Security News https://ift.tt/3fjTOgN

CISA adds top cybersecurity experts to join COVID-19 response efforts

The Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of two leading cybersecurity experts to support the agency’s COVID-19 response efforts. Josh Corman is joining CISA as a Visiting Researcher, and Rob Arnold will join CISA’s National Risk Management Center as a Senior Cybersecurity and Risk Management Advisor.

from Cyber Security News https://ift.tt/3jQHTe9

CISA to host 3rd Annual National Cybersecurity Summit

The Cybersecurity and Infrastructure Security Agency (CISA) announced that it will host its 3rd annual National Cybersecurity Summit.

from Cyber Security News https://ift.tt/30ewzkd

Security flaws found on OkCupid threaten user data and information

Check Point researchers discovered major security vulnerabilities on popular OkCupid dating app. 

from Cyber Security News https://ift.tt/2PaRE8Q

Cybersecurity skills crisis worsens for fourth year in a row, impacting 70% of organizations

The cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted nearly three quarters (70 percent) of organizations, as revealed in the fourth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG).

from Cyber Security News https://ift.tt/33br9bw

CISA announces second annual President’s Cup Cybersecurity competition

The Cybersecurity and Infrastructure Security Agency (CISA) announced the opening of individual and team registration for the second annual President’s Cup Cybersecurity Competition, which is open to any Federal Executive branch employee, including the Department of Defense and uniformed service members, with a knack for cybersecurity.  

from Cyber Security News https://ift.tt/2D0P174

Survey shows increase in cyber attacks on consumers

A survey by HSB, part of Munich Re, shows a continuing increase in identity theft, cyberattacks and online fraud as criminals steal personal information and millions of dollars.

from Cyber Security News https://ift.tt/3jWb8vV

Continued influx of COVID-19 lures, cyberattacks and APT group activity

Cyberattacks exploiting the pandemic showed no sign of slowing down in Q2 2020, according to new ESET Threat Report Q2 2020.

from Cyber Security News https://ift.tt/2CY8Vj2

Maritime and port security agencies join forces to advance maritime security resilience

Multiple maritime and port security agencies announced a collaborative initiative, the “Maritime Security Resilience Alliance” that has unified advancing global Maritime security resilience (physical, cyber, cognitive – disinformation and misinformation) by accelerating information sharing, coordinated response and adoption of best practices supported by education.

from Cyber Security News https://ift.tt/2EnEDGG

NCSC vows to improve diversity and inclusion in the cybersecurity workforce

The National Cyber Security Centre (NCSC) and KPMG UK have jointly published the first annual Decrypting Diversity: Diversity and Inclusion in Cyber Security report, which aims to set a benchmark for improving the experiences and opportunities for existing and future staff working in the industry.

from Cyber Security News https://ift.tt/33iJiV5

How to enforce security protocols when your workforce has gone remote

As the head of information security for a technology company with more than a thousand (now mostly-remote) employees, the COVID-19 pandemic has been — among other adjectives — an educational experience. And while it hasn’t been completely smooth sailing, I believe one of the reasons we were able to transition so quickly to remote work with relatively few hiccups is that we established practices to withstand precisely this type of scenario long before the virus swept through our community. 

from Cyber Security News https://ift.tt/3gac5i4

Compromised employee accounts led to most expensive data breaches over past year

The results of a global study examining the financial impact of data breaches reveals that the incidents cost companies $3.86 million per breach on average, and that compromised employee accounts were the most expensive root cause.

from Cyber Security News https://ift.tt/3gmnwU5

5 Minutes with James Carder, CSO of LogRhythm

Get to know James Carder, CSO at LogRhythm, who has more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. Government. At LogRhythm, he develops and maintains the company’s security governance model and risk strategies; protects the confidentiality, integrity and availability of information assets; and oversees both threat and vulnerability management as well as the security operations center (SOC). Carder previously led criminal and national security related investigations at the city, state and federal levels, including those involving the theft of credit card information and Advanced Persistent Threats (APT).

from Cyber Security News https://ift.tt/39FGUsn

A call for industry coordination around DLT security

As the financial services industry moves toward an ever-greater dependence on technology, we must always keep an eye on the future to ensure that any new technological advancement or implementation delivers the same, if not better, benefits and risk management capabilities. One emerging area that has garnered a lot of attention in recent years is Distributed Ledger Technology (DLT). While DLT holds great promise, there is currently no clear path around how to implement the technology in a way that addresses documented and evolving security risks.  

from Cyber Security News https://ift.tt/30U3ARQ

Lindy Cameron named CEO of the UK National Cyber Security Centre

The National Cyber Security Centre – a part of GCHQ – has announced that Lindy Cameron will become its new Chief Executive Officer (CEO). Her role will include overseeing the organization’s response to hundreds of cyber incidents each year, improving the cyber resilience of the UK’s critical national infrastructure, identifying the risks and opportunities for the UK in emerging technologies and leading the NCSC’s ongoing response to the coronavirus pandemic.

from Cyber Security News https://ift.tt/3hIDDv9

DHS establishes China Working Group to address intensifying threat

Acting Secretary of Homeland Security Chad F. Wolf recently hosted the inaugural meeting of the Department’s China Working Group. The Group’s purpose is to holistically articulate, prioritize and coordinate the Department’s response to evolving threats to the Homeland posed by the Chinese Communist Party (CCP).

from Cyber Security News https://ift.tt/3342ntQ

95% of businesses concerned about ethical risks of artificial intelligence initiatives

Deloitte’s third edition of the “State of AI in the Enterprise” survey finds businesses are entering a new chapter in AI implementation where early adopters may have to work harder to preserve an edge over their industry peers.

from Cyber Security News https://ift.tt/2X3SUyM

EDPB issues guidance for cross-border data transfers in wake of Schrems II judgment

In the wake of the Court of Justice of the European Union’s Schrems II judgment, on July 23, 2020, the European Data Protection Board (EDPB) adopted a Frequently Asked Questions document to “provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S.” The EDPB stated that the document will be updated, and further guidance provided, as it continues to examine and consider the judgment. The six-page FAQs provides the following guidance.

from Cyber Security News https://ift.tt/2OY6LlQ

Joyce Flinn appointed to the Cyber Risk Institute Board of Directors

Joyce Flinn, Vice President and Information Security & Disaster Recovery Officer at First United Bank & Trust, has been appointed to the Cyber Risk Institute Board of Directors.

from Cyber Security News https://ift.tt/2Enootf

Colorado Secretary of State announces new Rapid Response Election Security Team

Colorado Secretary of State Jena Griswold announced the creation of a new Rapid Response Election Security Cyber Unit (RESCU), a highly-trained team of election security experts who will help protect Colorado’s elections from cyber-attacks, foreign interference, and disinformation campaigns.

from Cyber Security News https://ift.tt/3g5xOrv

New York DFS charges title insurer with cybersecurity violation

The New York State Department of Financial Services (DFS) filed charges against First American Title Insurance Company for exposing customer bank account numbers, mortgage and tax records, Social Security Numbers, wire transaction receipts, and drivers’ license images. 

from Cyber Security News https://ift.tt/332vii6

Andrew Daniels joins Druva as CIO and CISO

Cloud data protection and management company Druva has named Andrew Daniels as its new chief information officer (CIO) and chief information security officer (CISO).

from Cyber Security News https://ift.tt/2EnoocJ

Andrew Daniels joins Druva as CIO and CISO

 Druva, Inc. announced the appointment of Andrew Daniels as the company’s new Chief Information Officer (CIO) and Chief Information Security Officer (CISO). Daniels will be responsible for enhancing and scaling out Druva’s security operations, incident response and global IT infrastructure.

from Cyber Security News https://ift.tt/30PQHrY

Nearly 3 out of 4 business leaders see cybersecurity as a top priority in COVID-19 recovery

Though organizations have changed their IT environments to accommodate remote workers, 39 percent of respondents have not changed their security programs as a result of COVID-19, potentially exposing their organizations to cyber risks from new and more sophisticated attacks, reveals a new Crowdstrike report. 

from Cyber Security News https://ift.tt/305N7uK

U.S. State and local election administrators remain vulnerable to phishing

With fewer than 100 days left until Election Day, the report reveals US states and local election administrators are still in widely varying stages of cybersecurity readiness, according to a new Area 1 Security study.

from Cyber Security News https://ift.tt/2D8aomz

US Senate approves amendment to bolster cybersecurity in FY 2021 NDAA

The US Senate passed a bipartisan amendment to the FY 2021 National Defense Authorization Act (NDAA) to require the Department of Homeland Security to establish a Cybersecurity State Coordinator position in every state.

from Cyber Security News https://ift.tt/3f3liYe

Implementing Zero Trust with FIM and SCM

Zero Trust model creator John Kindervag puts it like this: “The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.” He came up with the model in 2010, at a time when many businesses were just beginning to put foundational cybersecurity controls in place and over-relied on the assumed security inside their enterprise-owned network boundaries.

from Cyber Security News https://ift.tt/3jJq9Bj

NSA and CISA recommend immediate actions to reduce exposure across operational technologies and control systems

The Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency (NSA) have issued an activity alert due to the recent malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operational technology (OT) assets.

from Cyber Security News https://ift.tt/3eYNPhx

DISA outlines new cybersecurity model at Army Signal Conference

Navy Vice Adm. Nancy A. Norton, the director of Defense Information Systems Agency (DISA) and commander of Joint Force Headquarters-Department of Defense Information Network, outlined the way ahead for a cybersecurity paradigm shift that will help the U.S. military maintain information superiority on the digital battlefield.

from Cyber Security News https://ift.tt/3jDnmJK

Security of the internet is improving, but there is work to be done

A new Rapid7 research found that the security of the internet overall is improving. The number of insecure services such as SMB, Telnet, rsync, and the core email protocols, decreased from the levels seen in 2019. However, vulnerabilities and exposures still plague the modern internet even with the increasing adoption of  more secure alternatives to insecure protocols, like Secure Shell (SSH) and DNS-over-TLS (DoT). 

from Cyber Security News https://ift.tt/2Bs6rc1

Collaborative Imaging announces new CISO

Collaborative Imaging has appointed senior informational technology professional Greg Floyd as its new Chief Information Security Officer.

from Cyber Security News https://ift.tt/3eSpwBT

The risky door that telecommuting can open to your network

With telecommuting here to stay, now is the perfect time to re-examine just how much network access you are giving your users and machines. You might be shocked to see how open your network really is. Most organizations allow more access than their users or machines will ever need or should ever have – this excessive trust is what allows attackers who get into the network to spread and cause a lot of damage.

from Cyber Security News https://ift.tt/30Fm9ZL

Goodbye, honeypots – Hello, true deception technology

Honeypots were the first form of deception technology. IT security researchers started using them in the 1990s, with the intent to deceive malicious actors who had made it onto the network into interacting with a false system. In this way, honeypots could gather and assess the behavior of the malicious actors. They were not created for threat detection. However, things have changed a great deal in the years since honeypots were created – including deception technology.

from Cyber Security News https://ift.tt/3htv5sc

US accuses Chinese hackers of targeting confidential COVID-19 research

The United States Department of Justice charged two Chinese hackers with global computer intrusion campaign to target intellectual property and confidential business information, including COVID-19 research. 

from Cyber Security News https://ift.tt/2WMEbZ0

FundtheFirst.com launches online fundraising platform to benefit first responders

FundtheFirst.com enables anyone to host a contribution campaign for first responders – fire, EMS, law enforcement, military and medical – in need.

from Cyber Security News https://ift.tt/3eSZHBA

Penn State Lehigh Valley launches new degree in cybersecurity

Penn State Lehigh Valley (PSU-LV) is offering a bachelor of science degree in cybersecurity analytics and operations (CYAOP) starting fall 2020.

from Cyber Security News https://ift.tt/2BlUogb

Applications open for ESET’s fifth annual Women in Cybersecurity Scholarship

ESET announced that applications are open for the fifth annual ESET Women in Cybersecurity Scholarship. This year, ESET will award $5,000 each to three(3) young women currently enrolled as undergraduates and who major in a STEM (science, technology, engineering and mathematics) field.

from Cyber Security News https://ift.tt/39qJ8vO

John A. Wilson named Chief Information and Security Officer at MITRE

John A. Wilson is now vice president and Chief Information and Security Officer at MITRE, leading the Enterprise Computing, Information, and Security organization. 

from Cyber Security News https://ift.tt/3fPuAIw

COVID-19 pandemic sparks 72% ransomware growth, mobile vulnerabilities grow 50%

A new Skybox® Security 2020 Vulnerability and Threat Trends Report reveals there has been a 50 percent increase in mobile vulnerabilities and an increase of 72 percent in ransomware incidents since the COVID-19 pandemic. 

from Cyber Security News https://ift.tt/32EtRpM

No lock is unbreakable – how history has strengthened data security

Security has been and always will be important to humans. At the deepest level, all humans have an innate desire for security and protection and this desire now extends to our digital footprint. 

from Cyber Security News https://ift.tt/3ePN7Ty

Survey explores path to closing skills gap for SOC effectiveness

CISOs who can reduce or close their critical skills gaps have the highest probability of minimizing the business impact of cyberattacks – even when budgets and staffing are constrained, says a new SANS Institute survey, "Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs),

from Cyber Security News https://ift.tt/2WKI4Oa

The top digital COVID-19 scams

New research from TransUnion’s  Consumer Financial Hardship studies found that phishing is the top digital fraud scheme worldwide related to the COVID-19 pandemic. 

from Cyber Security News https://ift.tt/39s3pBf

Ryan Rubin joins Ankura's cybersecurity and data practice as Senior Managing Director

Ryan Rubin has joined Ankura, a global business advisory and services firm, as Senior Managing Director. Based in the London office, Mr. Rubin will leverage his more than 23 years of industry, global "Big 4" and boutique experience to help clients holistically manage complex cybersecurity and information technology challenges from the boardroom to the network.

from Cyber Security News https://ift.tt/2Cp74Uj

(ISC)² survey shows women increasingly embracing cybersecurity as a career path

Women in the cybersecurity profession are committed to their roles for the long term, according to research data from (ISC)2.

from Cyber Security News https://ift.tt/2WFFucj

5 Minutes with Chris Kennedy, CISO at AttackIQ

Get to know Chris Kennedy, CISO at AttackIQ, who previously lead the initial development of the US Marine Corps’ global incident response organization. He also held various roles in defense contracting including delivering the US Department of Treasury’s Cybersecurity Operations program, driving cybersecurity R&D, and products and services, and M&A, and most recently helped Bridgewater Associates secure their enterprise.

from Cyber Security News https://ift.tt/2ZLZoEk

Beyond the padlock: Essential steps for protecting websites

Here are the five most essential cybersecurity capabilities required to protect and maintain a website.

from Cyber Security News https://ift.tt/30v5Ej5

Major concerns and risks hindering CISOs ability to strengthen security posture

A new Balbix report revealed that 9 out of 10 security professionals cite phishing and ransomware as top risks, yet only half report sufficient visibility into such threats

from Cyber Security News https://ift.tt/30z3NcL

APT29 targets COVID-19 vaccine development

Russian cyber actors are targeting organizations involved in coronavirus vaccine development, UK security officials have revealed.

from Cyber Security News https://ift.tt/39c1H6A

Protecting endpoints in the age of hybrid work environments

As companies begin to strategize how their employee office structure will look over the next several months – be it phasing in a portion of the workforce into the office or considering a fully remote workforce -  top of mind will be the organization’s security posture and that IT teams can support the needs of employees and the business in a capacity that ensures a smooth, secure transition.

from Cyber Security News https://ift.tt/2WFaOYx

Adapting online security to the ways we work, remotely and post-coronavirus

Organizations and their employees have always faced cyber vulnerabilities. However, with remote working, companies need to address the many layers of cybersecurity risks. The recent number of 'zoom bombing' incidents is a perfect example showing that the use of remote technologies at scale is causing new headaches and challenges for IT.

from Cyber Security News https://ift.tt/32Bpqfl

NSWC Crane partners with Purdue University to offer cybersecurity apprenticeships

Purdue University’s Cyber Apprenticeship Program (P-CAP) has launched at Naval Surface Warfare Center Crane Division (NSWC Crane) to advance cybersecurity capabilities. 

from Cyber Security News https://ift.tt/30r7LnS

Surge in remote work propels network visibility to top concern for NetOps and SecOps

A new VIAVI study revealed that 73 percent of respondents said security professionals need comprehensive visibility into network infrastructure to enhance cybersecurity efforts and speed remediation.

from Cyber Security News https://ift.tt/30qHfuV

ASIS announces education program for GSX+

ASIS Internationa announced its educational lineup for Global Security Exchange Plus (GSX+) 2020, taking place September 21-24.

from Cyber Security News https://ift.tt/3fLHlUe

Cyberattack campaigns exploiting COVID-19 with global impact

The current COVID-19 pandemic is changing the business landscape. The most immediate being the sudden increase in the amount of people working from home. It is no surprise that this change has significantly increased the attack surface, forcing companies to strengthen their cybersecurity measures to ensure they do not become the next victim of cybercriminals.

from Cyber Security News https://ift.tt/2B5xwkX

CDSE launches Insider Threat mobile app

The US Center for Development of Security Excellence, a provider of training and education within DCSA, announced the launch of its first app for iOS and Android mobile devices.

from Cyber Security News https://ift.tt/32sBBLo

EU court invalidates Privacy Shield pact with the US

The European Union’s top court ruled that an agreement that allows thousands of companies — from tech giants to small financial firms — to transfer data to the United States is invalid because the American government can snoop on people’s data, according to an AP News report. The ruling could impact how companies transfer European users’ data to the United States and other countries, such as the U.K,  and could require regulators to vet any new data transfers to make sure Europeans’ personal information remains protected according to the EU’s stringent standards, says AP News. 

from Cyber Security News https://ift.tt/391zTlw

Digital Shadows research: Inside CryptBB, the dark web forum for the hacker elite

Digital Shadows released a new dark web research blog on CryptBB, an exclusive online community for elite hackers and cybercriminals.

from Cyber Security News https://ift.tt/3961hie

CSU launches online Bachelors degree in cybersecurity

Colorado State University Global (CSU Global) announces its new Bachelor’s Degree in Cybersecurity.

from Cyber Security News https://ift.tt/32xNVd8

UWF partners with Escambia County elections staff to enhance cybersecurity preparations

In preparation for the 2020 general election, the University of West Florida Center for Cybersecurity recently provided virtual training for the Escambia County Supervisor of Elections staff. 

from Cyber Security News https://ift.tt/39fYovv

CJEU invalidates EU-U.S. Privacy Shield; Upholds standard contractual clauses

In a ground-breaking opinion issued today, the Court of Justice of the European Union invalidated the EU-US Privacy Shield Decision as a method for transferring personal data from the EU to the US. In short, the Decision was invalidated over Privacy Shield’s failure to adequately address US government surveillance activities.

from Cyber Security News https://ift.tt/3h4kZO6

Black Hat USA 2020 announces keynote lineup

Black Hat announces that Matt Blaze, McDevitt Chair in Computer Science and Law at Georgetown University, and Renée DiResta, Research Manager at Stanford Internet Observatory, will keynote Black Hat USA 2020, taking place virtually August 1-6. 

from Cyber Security News https://ift.tt/3ew8ERf

Apple, Gates, Biden, Musk and other high-profile Twitter accounts hacked

Twitter accounts belonging to Joe Biden, Bill Gates, Elon Musk and Apple, and other high-profile accounts, were compromised in what Twitter said it believes to be an attack on some of its employees with access to the company's internal tools, says a CNN news report. 

from Cyber Security News https://ift.tt/32nZXWt

Rep. John Katko unveils comprehensive national cybersecurity improvement package

U.S. Rep. John Katko unveiled a comprehensive national cybersecurity improvement package, including the Cybersecurity and Infrastructure Security Agency Director and Assistant Directors Act, Strengthening the Cybersecurity and Infrastructure Security Agency Act of 2020, and the CISA Public-Private Talent Exchange Act. Together, these measures enhance national cybersecurity through the creation of a public-private workforce exchange program and empower CISA through increased stability in leadership positions and appropriate funding and resources.

from Cyber Security News https://ift.tt/3fDvuaQ

United Community Bank welcomes Bob Brown as Chief Information Security Officer

United Community Bank has announced the addition of Bob Brown as Chief Information Security Officer. Bob, who has more than two decades of experience managing business technologies, will now work closely with the bank’s executive team to monitor risk and implement security processes to help minimize threats.

from Cyber Security News https://ift.tt/32lQG1b

Enjoy the silence - overcoming noisy IDSs

What are some steps Security Operations Center (SOC) teams and security professionals can take to improve the performance of their Intrusion Detection Systems (IDS) tools, and lower the noise?

from Cyber Security News https://ift.tt/3j7mH38

UK bans Huawei from its 5G network

The UK has banned Huawei from its 5G telecom network, reversing a January decision to allow the embattled Chinese tech company a limited role in building the country's super-fast wireless infrastructure.

from Cyber Security News https://ift.tt/3fBaqSk

John Parlee named CISO for Park Place Technologies

Park Place Technologies, a global IT leader focused on optimizing data centers and IT infrastructure, announced that John Parlee has joined the company as Chief Information Security Officer.

from Cyber Security News https://ift.tt/3h3lR5M

New research shows US cybersecurity talent shortage

New research released by Emsi reveals that the US has less than half of the cybersecurity candidates it needs to keep up with ever-intensifying demand. The research says the answer to this challenge is a Build (Don’t Buy) strategy.

from Cyber Security News https://ift.tt/2CeZNpL

University of Southern California establishes an Intelligence Community Center for Academic Excellence

The Intelligence Community Center for Academic Excellence (IC-CAE), a new center at the University of Southern California will bring together students to study the fields of national security and intelligence.

from Cyber Security News https://ift.tt/3fyfpTY

Southern State and the University of Cincinnati join forces in cybersecurity degree

A new partnership between Southern State Community College and the University of Cincinnati School of Information Technology will allow students to obtain a Bachelor of Science in Information Technology – Cyber Security from UC.

from Cyber Security News https://ift.tt/2Ono27T

New COBIT resource from ISACA offers guidance for governance and management of information security

ISACA's new COBIT guidance builds upon best practices shared for the governance and management of information and technology aimed at the whole enterprise through the lens of information security, and details additional metrics and activities that should be considered when implementing or assessing COBIT in the context of information security.

from Cyber Security News https://ift.tt/3epTLQ9

92% of top websites provide attackers with access to customer data

Despite increasing numbers of high-profile data breaches, forms found on 92 percent of websites expose customer data to an average of 17 domains, according to Tala Security's Global Data at Risk - 2020 State of the Web Report

from Cyber Security News https://ift.tt/30bIRs6

Dr. Allen Harper joins T-Rex Solutions as Executive Vice President of Cybersecurity

T-Rex Solutions, LLC announced Marine Corps veteran, entrepreneur and cybersecurity executive Dr. Allen Harper joined the organization as Executive Vice President of Cybersecurity. Dr. Harper will lead the company’s delivery of secure cloud services to the Federal government.

from Cyber Security News https://ift.tt/3esMn6D

FTC launches new online tool for exploring military consumer data

The Federal Trade Commission launched a new tool that explores data about problems military consumers may experience in the marketplace. For the first time, data about reports the FTC has received from active duty service members and veterans will be available online in an interactive dashboard at ftc.gov/explore data.

from Cyber Security News https://ift.tt/391h1TK

5 Minutes with Charles Blauner, CISO in Residence, Team8

Charles Blauner is CISO in Residence for Team8, a venture group focused on cyber, data and AI technologies with roots in Israel’s elite military intelligence unit 8200. With an information security career primarily in financial services spanning over 30 years, Blauner held senior security executive roles for Citigroup since 2005. Prior to that, Blauner held several roles, including CISO at JP Morgan and Deutsche Bank.

from Cyber Security News https://ift.tt/3h2moox

Biden campaign hires cybersecurity experts to defend against potential threats

The presidential campaign of former Vice President Joe Biden announced that it had filled the positions of chief information security officer (CISO) and chief technology officer (CTO) in order to address potential cybersecurity threats to the campaign. 

from Cyber Security News https://ift.tt/3iU3Zfn

General Stan McChrystal to deliver keynote address at GSX+ on Military & Law Enforcement Appreciation Day

ASIS International has announced that General Stan McChrystal, US Army (RET), will present a Global Security Exchange Plus (GSX+) keynote address on Military & Law Enforcement Appreciation Day at GSX+.

from Cyber Security News https://ift.tt/3epgADy

How to protect ERP data when access to corporate networks is both ubiquitous and for sale on the dark web

With a myriad of employees and contractors given ubiquitous access to business data, one thing is clear; identity has become the new security perimeter. Ensuring ERP data security, privacy, and compliance can no longer rely solely on network threat monitoring but requires using a layered identity defense to limit access to and within mission-critical applications.

from Cyber Security News https://ift.tt/2BV8N3u

US Secret Services creates Cyber Fraud Task Force

In recognition of the growing convergence of cyber and traditional financial crimes, the U.S. Secret Service is formally merging its Electronic Crimes Task Forces (ECTFs) and Financial Crimes Task Forces (FCTFs) into a single unified network, which will be known as the Cyber Fraud Task Forces (CFTFs).

from Cyber Security News https://ift.tt/302Jd4p

Steven Salar named Chief Risk Officer at Nonprofits Insurance Alliance

Nonprofits Insurance Alliance (NIA) announced that Steven Salar has joined NIA as Chief Risk Officer (CRO) responsible for compliance, risk management, internal audit, employment risk consulting, loss control and member support.

from Cyber Security News https://ift.tt/38HKL81

Wright State University designated as a National Center of Academic Excellence in Cyber Defense Education

The National Security Agency and Department of Homeland Security have designated Wright State University as a National Center of Academic Excellence in Cyber Defense Education.

from Cyber Security News https://ift.tt/3gR0Nzj

NIST kick-starts ‘threshold cryptography’ development effort

A new publication by cryptography experts at the National Institute of Standards and Technology (NIST) proposes the direction the technical agency will take to develop a more secure approach to encryption. This approach, called threshold cryptography, could overcome some of the limitations of conventional methods for protecting sensitive transactions and data.

from Cyber Security News https://ift.tt/2CkWblR

Russian Government May Be Utilizing Spyware To Gather Information

[dropcaps]I[/dropcaps]nstances of government sponsored malware are fairly rare, however according to security firm FireEye, the Russian government may be guilty.  FireEye cites a group they have dubbed as APT28, whom say they are behind a steady stream of common malware dating back almost 7 years.  The group does not seem to be harvesting data for economic gain (such as stealing credit card numbers, bank accounts, etc), but rather “APT28 focuses on collecting intelligence that would be most useful to a government. Specifically, FireEye found that since at least 2007, APT28 has been targeting privileged information related to governments, militaries and security organizations that would likely benefit the Russian government.”

The group already appears to be well known in the cyber security community, however it’s only recently that FireEye has linked the group back towards the Russian government.

Government sponsored malware has been in the news more and more, first with APT1 which was based in China.   Even the United States is involved, with the use of Stuxnet which targeted Iranian nuclear facilities.

Although government malware is still rather unusual, this is the second time that Russia has been accused.  Some readers may remember that Russia was in the news a few months ago when German security firm GData accused the nation of being behind the Uroboros malware.

FireEye has no direct evidence that the Russian government is behind the operation, however the circumstantial evidence appears to be strong enough.  For example, the code betrays that the creators speak Russian, and it also appears that the group operates during “business hours” in prime Russian cities such as Moscow and St. Petersberg.  FireEye has put all their evidence into a table with bullet points, as you can see here.

from We Hate Malware https://ift.tt/2ZgLry4

The current state of consumers' cybersecurity awareness

With the second anniversary of GDPR on the horizon, the topic of data security is as pertinent as ever. Despite the proliferation of connected devices and the personal information and sensitive data they harbor, many consumers are unaware of just how susceptible their pocket-sized computers are to cyberattack.

from Cyber Security News https://ift.tt/2Odv8LT

Don't fall victim to scammers hiding behind a movement

The Black Lives Matter movement is spurring record-breaking fundraising online. In fact, the Minnesota Freedom Fund pulled in more than $30 million in donations alone following the death of George Floyd. The outpouring of financial support is great for these grassroots movements; however, large numbers like these often catch the eye of opportunistic scammers, unfortunately. While Black Lives Matter supporters are advocating on the street for a cause, scammers are capitalizing on their movement for their own gain.

from Cyber Security News https://ift.tt/3gJ0A0L

University of Scranton to offer Cybercrime and Homeland Security major

Beginning in the fall 2020 semester, The University of Scranton will offer a new major in cybercrime and homeland security to address the growing needs to investigate and protect information in the realm of cyberspace for both government and private sectors.

from Cyber Security News https://ift.tt/2AONhwG

Is there really a cybersecurity skills shortage?

Companies are struggling to find cybersecurity talent, and roles remain unfilled for months at a time. But is there really a lack of qualified candidates on the market? Is the problem with the lack of skills - or are we inadvertently limiting the talent pool before we even post the job spec?

from Cyber Security News https://ift.tt/3ecuqt6

Three ways that cybersecurity companies can close the gender gap

At this point, it’s a truism that the tech industry needs more women. But one sector that holds incredible opportunity is cybersecurity. By next year, millions of cyber jobs will be available, but unfilled.

from Cyber Security News https://ift.tt/3gGUHBb

DHS announces grant allocations for FY2020 preparedness grants

As part of the U.S. Department of Homeland Security’s (DHS) ongoing efforts to support state, local, tribal, and territorial partners, Acting Secretary Chad F. Wolf announced final allocations of $385 million for seven Fiscal Year (FY) 2020 DHS competitive preparedness grant programs.

from Cyber Security News https://ift.tt/3223Lgc

Mike Jones named Chief Information Security Officer of Zortrex

Zortrex has announced the appointment of ex-Anonymous hacker Mike Jones as CISO.

from Cyber Security News https://ift.tt/31ZnWew

CISA releases guide on securing industrial control systems

The Cybersecurity and Infrastructure Security Agency (CISA) has released its five-year industrial control systems (ICS) strategy: Securing Industrial Control Systems: A Unified Initiative.

from Cyber Security News https://ift.tt/2ZeHvOd

Qualys appoints Ben Carr as Chief Information Security Officer

Qualys, Inc., a provider of disruptive cloud-based IT, security and compliance solutions, announced the appointment of Ben Carr as Chief Information Security Officer (CISO).

from Cyber Security News https://ift.tt/3e9nLzH

Number of stolen and exposed credentials has risen 300% from 2018

A new study from Digital Shadows finds there are more than 15 billion credentials in circulation in cybercriminal marketplaces, many on the dark web – the equivalent of more than two for every person on the planet. The number of stolen and exposed credentials has risen 300 percent from 2018 as the result of more than 100,000 separate breaches.

from Cyber Security News https://ift.tt/2O67zVp

Steve Krameisen joins American Portfolios as CISO

American Portfolios Financial Services, Inc. announced that Steve Krameisen has joined the firm as chief information security officer (CISO).

from Cyber Security News https://ift.tt/2Cbqn2O

North Korean hackers are skimming US and European shoppers

North Korean state sponsored hackers are implicated in the interception of online payments from American and European shoppers, Sansec research shows.

from Cyber Security News https://ift.tt/3iFSV5a

NSA warns VPNs could be vulnerable to cyberattacks

The National Security Agency (NSA) has issued a new cybersecurity advisory warning that virtual private networks (VPNs) could be vulnerable to attacks if not properly secured.

from Cyber Security News https://ift.tt/2Ca3ahA

Washington man sentenced for role in developing “Mirai” successor botnets

U.S. Attorney Bryan Schroder announced that a Washington man has been sentenced to federal prison for his role in a long-running scheme in which he and his criminal associates developed distributed denial-of-service (DDoS) botnets. 

from Cyber Security News https://ift.tt/2BOA4UV

CISA releases Cyber Essential Toolkit #2 to improve cybersecurity readiness

The Cybersecurity and Infrastructure Security Agency (CISA) released its Cyber Essentials Toolkit, Chapter 2: Your Staff, The Users. This toolkit is the second in a series of six toolkits set to be released each month.

from Cyber Security News https://ift.tt/3gvkkVB

Knowing When Or If to Update Your computer Drivers

Since computer drivers are the software that helps all the other software programs to run, the computer user needs to make sure they are working correctly and current. How do you get computer drivers? Often when you purchase a new printer or other hardware for your computer, the company web site will be listed to go to and install the proper driver. New computers often come loaded with a lot of software including the needed drivers. These will often be generic drivers that perform the basic tasks you will need. If you want a driver that has extras needed for gaming and so on, you may want to find drivers with more features.

If the computer is all set up and running fine, don’t mess with the drivers. The saying “if it isn’t broke, don’t fix it” applies here. Sometimes downloading a different driver can affect the stability and functionality of your computer. If this happens, it takes a lot of effort to get the computer working perfectly again. If one is a computer novice, it may mean hiring a computer expert to fix everything and that costs money. A good practice is to wait until there is a problem before updating the drivers in a computer. Trouble signs can include a printer not working properly with the computer, everything slowing down including computer games, e-mail messages being dropped or internet connection being unstable.

Everyone who uses a computer experiences the messages that pop up about computer updates being available or having been automatically installed. When one presses the install button, programs are updated. When this happens it is important to make sure the affected driver is still in sync with the updated version of the program. This is one time it may be necessary to update a computer driver. Wanting increased speed and new features is another reason to update drivers. Video drivers need to be updated more often than many other drivers to get performance increases for new games.

Three places to look for new drivers to download:

• The chipset manufacturer’s website. This is the company that designed the program, game, video, or sound chip. They will have the newest drivers with the most features.
• The hardware manufacturer’s website. This is the company that manufactured your hardware.
• Windows. Going directly to Windows for generic drivers is good for basic things like printers.
• The CD that was included with the newly purchased device. This is not the best alternative because they may be outdated before the computer is purchased and hooked up. The exception would be the ethernet drivers which help one to connect to the Internet where one can download all the new drivers online.

from We Hate Malware https://ift.tt/2BGxxfx

Duke launches Master’s Program in cybersecurity

To help meet the need for specialized engineers who can design and defend secure systems, Duke University is launching a new Cybersecurity Master of Engineering degree program.

from Cyber Security News https://ift.tt/31MleZR

Protecting Industrial IoT Devices

The nature of IIoT devices and infrastructure makes them high-value cyber targets. This is because they are relatively easy to compromise and are often connected to internal networks with high-value content with links to other networks. Moreover, IIoT devices rarely have direct user interaction, and this unattended nature means that many types of device compromise are likely to go unnoticed and undetected – particularly when the malware does not disrupt the device’s primary functionality. Here are a dozen reasons why intelligent IIoT devices are attractive targets for hackers.

from Cyber Security News https://ift.tt/3f64Oz2

Back up your cloud data

My favorite definition of the (public) cloud is “It’s someone else’s computer.” That is really what any external cloud service is. And if your services, data and other assets are located on someone else’s equipment, you are at their mercy on whether you can access those assets and data at any time. It isn’t up to you. It’s solely determined by them, and any service level agreement you agreed to. And you can lose everything stored there permanently. You should have multiple backups of your data no matter where it is stored, especially including if it is stored using a cloud service.

from Cyber Security News https://ift.tt/2VFdeWt

4 barriers to teaching employees good cybersecurity habits — and how to overcome them

Obstacles including budget concerns, time constraints, stubborn company culture, or a lack of cybersecurity best practices can seem overwhelming, especially to a smaller organization with limited resources. Fortunately, there are reasonable solutions to each of these roadblocks that can help all organizations be more secure.

from Cyber Security News https://ift.tt/3ipAy4s

Lookout research: mobile APT surveillance campaigns targeting Uyghurs

The Lookout Threat Intelligence team has discovered four Android surveillanceware tools, which they named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle. These four interconnected malware tools are elements of much larger mAPT (mobile advanced persistent threat) campaigns originating in China, and primarily targeting the Uyghur ethnic minority, says the team.

from Cyber Security News https://ift.tt/38mm5S5

IBM: security response planning on the rise, but containing attacks remains an issue

IBM Security announced the results of a global report examining businesses' effectiveness in preparing for and responding to cyberattacks.

from Cyber Security News https://ift.tt/31ArYtJ

DDoS attacks increase 542% quarter-over-quarter amid pandemic

In the first quarter of the year, DDoS attacks rose more than 278 percent compared to Q1 2019 and more than 542 percent compared to the last quarter, according to Nexusguard’s Q1 2020 Threat Report.

from Cyber Security News https://ift.tt/3gk3GZ6

CCPA enforcement deadline has arrived - are you prepared?

Yesterday (July 1, 2020) marked the official deadline to achieve compliance of the California Consumer Privacy Act (CCPA).

from Cyber Security News https://ift.tt/2BZpA4K

72% of remote workers have gained cybersecurity awareness during lockdown

A new Trend Micro study reveals how remote workers address cybersecurity -- 72% say they are more conscious of their organization’s cybersecurity policies since lockdown began, but many are breaking the rules anyway due to limited understanding or resource constraints.

from Cyber Security News https://ift.tt/2VCZxaS

Security 500 survey -- deadline extended to July 31, 2020

The deadline to complete this year's Security 500 survey has been extended to July 31, 2020! 

from Cyber Security News https://ift.tt/3erQ7Gu

Why identity and access management is critical to securing a remote workforce

Identity and access management (IAM) protects the business while keeping employees securely connected, but were organizations prepared for their employees to work from anywhere? LastPass ran a study with IT decision makers, in partnership with IDG, to discover the impacts of remote work to IAM and found that IAM is critical to securing a remote workforce, but almost all organizations have had to adjust their IAM strategy to securely enable employees to work from anywhere.

from Cyber Security News https://ift.tt/3gjLf6W

(ISC)2 Security Congress 2020 now a virtual conference

(ISC)² announced that its 10th annual (ISC)² Security Congress will take place as a virtual conference, November 16-18.

from Cyber Security News https://ift.tt/2YMpDKq

US Senators introduce the Lawful Access to Encrypted Data Act

U.S. Senators introduced the Lawful Access to Encrypted Data Act, a bill to bolster national security interests and better protect communities across the country by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior.

from Cyber Security News https://ift.tt/38gNxRn

Keep Your Online Identity Safe

With consumers conducting more and more business online, the opportunities for identity theft are increasing exponentially. Identity thieves target those who are less than vigilant with their online security. To avoid being victimized, security experts recommend taking specific steps to minimize the risk of online identity theft. Here are a few of the most commonly cited identity theft tips.

Use strong passwords and change them often.

Remembering complex passwords is difficult, which leads many consumers to use the same password for all the sites they visit. Hackers know people tend to be lazy with passwords and, when one site is compromised, the passwords stolen will often work for banking and shopping sites. To thwart hackers, security experts strongly recommend users not use the same, or even similar, passwords.

Because remembering multiple complex passwords is almost impossible, password managers are becoming popular. Management software keeps track of all passwords. Users only have to remember one complex password. Password managers also make it easier to routinely change individual site passwords often, further reducing the potential for online identity theft.

Don’t fall for phishing schemes.

The Internet is rife with scammers masquerading as banks and credit card companies. Some are quite sophisticated, with pages mirroring authentic sites. Identity theft avoidance experts point out the credit card issuers and banks do not send messages asking customers to update sensitive information online. When any suspicious message is received, computer experts recommend not even opening the message, as it could contain malicious software. However, it is a good idea to notify the company or bank to let them know the message was received.

Keep security software updated.

Security software and firewalls are the first line of defense for minimizing online threats. Online reviewers frequently test security software and report on the effectiveness of popular security software offerings. Some of the best security software is even free, which makes it easy to download and install the software currently regarded as the best for protecting home computers and other devices. Make sure the software is updated automatically whenever that option is available.

Even the best security may not always be effective.

Because hackers are always looking for new ways to circumvent security software, the potential for online identity theft will always be there. Keep track of all bank accounts and monitor credit card use frequently. Report any issues discovered and take immediate steps to freeze your credit if any problems are noted.

from We Hate Malware https://ift.tt/3ijn2PN