USCellular suffers data breach; hackers accessed its CRM software

UScellular, the fourth-largest wireless carrier in the U.S. with 4.9 million customers, has been hacked. 

from Cyber Security News https://ift.tt/3ouu2LI

Best practices in applying MITRE ATT&CK to your organizational security

The cybersecurity industry has embraced MITRE ATT&CK for good reason: it provides security leaders and practitioners an objective, third-party standard with which to evaluate their own detection coverage and EDR solutions. But even while they recognize the value, many organizations are unsure about what specific steps they should take to fully benefit from MITRE ATT&CK.

from Cyber Security News https://ift.tt/39sAu1b

SOC experts report cyber skilling obstacles

In the fourth quarter of 2020, Cyberbit surveyed hundreds of Security Operations Center (SOC) Managers, Analysts, and Incident Responders participating in training sessions on their opinions and observances within the current cyber skilling climate. The culminating report reveals how organizations are currently building the human element of their InfoSec organization—shedding light on current practices including job requirements, the recruiting process, current skills levels, training impacts, and integration of industry best practices.

from Cyber Security News https://ift.tt/3cnZQ2q

Adoption of passwordless security takes off amid COVID-19

Enterprises worldwide are accelerating the adoption of passwordless authentication technologies in response to the increase in cybersecurity threats in 2020, according to a new report released by HYPR, The Passwordless Company and Cybersecurity Insiders.

from Cyber Security News https://ift.tt/3puQJ3J

Security researchers find Azure Functions vulnerability

Intezer researchers discovered a new vulnerability in Azure Functions, which would allow an attacker to escalate privileges and escape the Azure Functions Docker container to the Docker host.

from Cyber Security News https://ift.tt/3j0qj7a

The world of the 46th President

This is not to get myself off the hook when predicting the security challenges President Biden will face, but rather a reminder that we all need to think widely and openly about possibilities in a volatile, uncertain, complex, and ambiguous world. It is certainly much more of all these things now than in 2016! Still, there are certain things that one can reasonably expect to be on the President’s agenda early on.

from Cyber Security News https://ift.tt/3j07AsK

Top 10 cybersecurity predictions for 2021

In the past year, COVID-19 has had a larger impact on work habits and security environments than any other health emergency in memory. That combined with technological advances such as 5G has led to several trends we expect to see in this New Year. Here then are our top ten:

from Cyber Security News https://ift.tt/3pu0Rtq

Combating extortionware in 2021: A rising attack method for the modern day hacker

As the headlines showed, ransomware continued to be the weapon of choice in 2020, and extortionware is on the rise. While ransomware has become a tried and true method at this point, extortionware tactics are raising the stakes by threatening to expose sensitive information if the ransom is not paid.

from Cyber Security News https://ift.tt/2L4gQQ0

Data detoxing in the New Year

Companies hold more data on us today than ever before, and many of us are left in the dark on just where our personal, often sensitive, information lives. The daily headlines on data breaches and the mainstream attention in the form of documentaries like Netflix’s “The Great Hack” and “The Social Dilemma” have made clear to the public: it’s time we all do a data detox.

from Cyber Security News https://ift.tt/3t5POZr

How educators can secure their online learning environments

Cybercriminals can take advantage of human weaknesses in one place and use them in other places where they can get financial or other gains. Email addresses, real names, real addresses, phone numbers, date of birth, etc., all are valuable information for cybercriminals. They can build their database with this personal information and use them in future attacks. This is why practicing good cybersecurity habits as users and as administrators is critical for all of us for all systems we use.

from Cyber Security News https://ift.tt/3cmgf7e

5 minutes with Tal Ben-David - IoT fleet management

We talk to Tal Ben-David, VP R&D and Co-Founder at Karamba Security, to learn about the role of the Internet of Things (IoT) in fleet management. 

from Cyber Security News https://ift.tt/3otJasB

“Ghost” account credentials facilitate ransomware attacks

The Sophos Rapid Response team published findings from its investigations into recent ransomware attacks that reveal a failure to keep close tabs on “ghost” account credentials of recently deceased employees can give cybercriminals a discreet foothold to launch an attack.

from Cyber Security News https://ift.tt/36ggQnl

Europol takes down one of the most significant botnets in the past decade: EMOTET

Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action. 

from Cyber Security News https://ift.tt/39sDHhA

What to prioritize this Data Privacy Day

Data Privacy Day is a global effort — taking place annually on January 28th — that generates awareness about the importance of privacy, highlights easy ways to protect personal information and reminds organizations that privacy is good for business. Here, Security magazine compiled advice, tips and best practices for safeguarding data from many security executives.

from Cyber Security News https://ift.tt/2McM0VN

If IoT devices are being cyber-certified, why aren’t mobile applications?

In spite of the fact that mobile apps live on IoT-enabled devices, collect user data, and continuously loop communication between Internet, cloud services and companies (even when not “in use”), there is a limited view that they are different entities altogether. We see this particularly when it comes to security – or lack-there-of – regarding security standards in place to continuously protect users from detrimental application hacks. 

from Cyber Security News https://ift.tt/39mt3c0

Google: North Korean hackers target security researchers

Google has announced that a North Korean government hacking group has targeted members of the cybersecurity community engaging in vulnerability research. The attacks have been spotted by the Google Threat Analysis Group (TAG), a Google security team specialized in hunting advanced persistent threat (APT) groups.

from Cyber Security News https://ift.tt/3chR8To

World Economic Forum ranks cybersecurity failure as a significant global risk

The 16th edition of the World Economic Forum’s Global Risks Report analyses the risks from societal fractures—manifested through persistent and emerging risks to human health, rising unemployment, widening digital divides, youth disillusionment, and geopolitical fragmentation. Among the highest impact risks of the next decade, infectious diseases are in the top spot, followed by climate action failure and other environmental risks; as well as weapons of mass destruction, livelihood crises, debt crises and IT infrastructure breakdown, the World Economic Forum says.  The report also ranked cybersecurity failure as a critical threat to the world. 

from Cyber Security News https://ift.tt/3iP6r7f

Claroty finds critical flaws in OPC protocol implementations

Due to its popularity as an embedded protocol operating in devices across the industrial control systems (ICS) domain, the Claroty Research Team decided to analyze the Open Platform Communications (OPC) for security vulnerabilities and implementation issues. In a blog, they shared some details about a number of vulnerabilities that emerged from their intensive investigation of the protocol.

from Cyber Security News https://ift.tt/2MuLNNC

Threat group abuses cloud services, targets semiconductor companies, airline industry

NCC Group and Fox-IT have been tracking a threat group - Chimera -  with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry.

from Cyber Security News https://ift.tt/3omEKDT

Preventing the next Malwarebytes breach: Get rid of passwords?

U.S. cybersecurity company Malwarebytes is the latest victim in a string of attacks targeting top security firms including FireEye, Microsoft, and CrowdStrike. In a statement from the company, the hackers breached the internal systems by way of a dormant email protection product within their Office 365 tenant that allowed access to a limited subset of internal company emails. 

from Cyber Security News https://ift.tt/3okXHqp

How to shut down bad bots once and for all

Most bot mitigation solutions rely on rules and risk scores, which use information from the past, even when paired with advanced machine learning or AI capabilities. Since bot operators are continually inventing new ways to evade detection, using historical data fails to detect and stop bots never seen before. As a result, retailers and e-commerce companies can’t keep up with the evolving nature of bot operators’ techniques, tools, and tactics. This is evidenced by the record volume of “Grinch” bots that we saw over the holidays.

from Cyber Security News https://ift.tt/2KVHaf2

ISACA reports on privacy trends, obstacles and predictions ahead of Data Privacy Day

As Data Privacy Day approaches this week, new research conducted by ISACA reveals critical skills gaps and insufficient training. The survey report, Privacy in Practice 2021: Data Privacy Trends, Forecasts and Challenges, also explores past and future trends in privacy, offering insights into privacy workforce and skills, the use of privacy by design, and the organizational structure and composition of privacy teams.

from Cyber Security News https://ift.tt/2Ytz9Bj

New ransomware variants emerged in late 2020

According to Digital Shadows’ Photon Research Team in Q4 2020, six groups made up 84% of alerts —Maze, Egregor, Conti, Sodinokibi, DoppelPaymer, and NetWalker— from the ransomware data leak sites Digital Shadows monitors.

from Cyber Security News https://ift.tt/3sXzCcG

Predictions for 2021: Budget increases and continued remote work

Untangle Inc. announced the results for its annual Voice of the Channel and 2021 Predictions Report. The report surveyed Untangle’s global network of Channel Partners to better understand current trends and barriers faced when protecting clients against emerging cybersecurity threats and other customer barriers within the market. 

from Cyber Security News https://ift.tt/3ceq3jY

Cisco study reveals critical role of privacy emerging from global pandemic

Cisco published the 2021 Data Privacy Benchmark Study, its fourth annual look into corporate privacy practices worldwide, which found enhanced importance of privacy protections during the pandemic and increasing benefits for businesses that adopt strong privacy measures.

from Cyber Security News https://ift.tt/3iUAXMT

Your password could be hacked in under one hour

In order to report on how secure the average American’s password is, the Safety.com research team conducted a survey of 1,210 US residents about the length and complexity of their passwords: 67.3% of survey respondents said their average password was equal to or less than eight characters long; 7.8% of respondents said their average password was less than five characters long; 19.3% of respondents said their average password was fifteen characters or more; Adults younger than 25 and older than 55 were amongst the groups with the shortest passwords.

from Cyber Security News https://ift.tt/36cdK3K

82% of companies give third parties access to all cloud data

The Wiz Research team conducted extensive research of permissions provided to 3rd party vendors in cloud environments and the results should be a wake-up call: 82% of companies provide 3rd party vendors highly privileged roles. This is a major risk to sensitive data leakage and may pose both a security risk, as well as serious privacy risk.

from Cyber Security News https://ift.tt/3om9mVU

5 minutes with Wade Lance - Ransomware and lateral movement

According to Kroll, a Division of Duff & Phelps, ransomware was the most observed threat in 2020, accounting for over one-third of all cases as of September 1, 2020. Notably, Kroll found that Ryuk and Sodinokibi, perennially the most observed variants in Kroll’s cases, were joined by Maze as the top three ransomware variants so far in 2020. To get some insight on ransomware trends in 2021, as well as how cybercriminals execute this type of attack, we spoke to Wade Lance, Field CTO of Illusive Networks.

from Cyber Security News https://ift.tt/3iNHyJ0

Five reasons every CISO needs SOAR

Having a central location to integrate your security tools and processes to allow your people to collaborate and work together across teams is absolutely critical in today’s threat landscape. But there are five more important reasons why CISOs are prioritizing the adoption of a SOAR platform.

from Cyber Security News https://ift.tt/3of62Mb

5 minutes with Curt Dalton - Embedding cybersecurity into the organization

To effectively reduce enterprise risk, cybersecurity leaders argue it's critical to fully embed cybersecurity in the enterprise-risk management framework and into the whole organization. Here, we talk to Curt Dalton, Managing Director and Global Leader of Protiviti's security and privacy practice, about the importance and the benefits of this practice.

from Cyber Security News https://ift.tt/3pljlfI

323,277 Cook County, Illinois records exposed

The WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 323,277 court related records. Upon further investigation, the researchers discovered that the records were all related to Cook County, Ill., the second most populous county in the United States after Los Angeles County. 

from Cyber Security News https://ift.tt/36cupE9

New research: P2P vulnerabilities show IoT security camera risks

Nozomi Networks published research about vulnerabilities found in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras - Reolink. The most critical vulnerability, assigned a CVSS score of 9.1, allows attackers to access sensitive information such as audio/video streams across the internet.

from Cyber Security News https://ift.tt/2Mmt4DI

DDoS extortions making its way back

Radware recently published a cybersecurity alert, warning users were once again being targeted by DDoS extortionists for a second time by a global ransom DDoS campaign that initially started in August 2020. Organizations received new letter that said, "Maybe you forgot us, but we didn’t forget you. We were busy working on more profitable projects, but now we are back.”

from Cyber Security News https://ift.tt/36b1FvA

ADT technician hacked hundreds of customers' security cameras

A former security technician for home security company ADT admitted he secretly accessed customers' home security cameras more than 9,600 times over more than four years, particularly in homes of women to spy on them.

from Cyber Security News https://ift.tt/2M2hjCv

Security without borders: Protecting cloud apps

While applications are a key part of many cloud deployments, rapid adoption of the cloud and the ongoing evolution of apps both create new risks. Careful attention must be given to secure the growing application threat vector. New strategies and solutions, including Web Application Firewalls specifically designed to protect apps from advanced threats, are required to help mitigate these risks.

from Cyber Security News https://ift.tt/39chYKo

ODNI welcomes Avril Haines as Director of National Intelligence

Director of National Intelligence Avril Haines yesterday took the oath of office to serve as the seventh DNI in the U.S.'s history. Haines is the first woman to lead the U.S. Intelligence Community, and will oversee the nation's 18 intelligence agencies

from Cyber Security News https://ift.tt/39cNWqd

Implications of the Sunburst cybersecurity attack for transit agencies

In December 2020, the cybersecurity firm FireEye discovered one of the worst cyberattack in the U.S.'s history. The new Mineta Transportation Institute (MTI) perspective Implications of the Sunburst Cybersecurity Attack addresses the damage caused by this attack and what public and private organizations, including transit agencies, can do to mitigate future attacks.

from Cyber Security News https://ift.tt/365S3Cp

A look into the pricing of stolen identities for sale on dark web

Comparitech researchers analyzed listings across 40+ dark web marketplaces gathering data on how much stolen identities, credit cards and hacked PayPal accounts are worth to cybercriminals. 

from Cyber Security News https://ift.tt/3o87SP8

Connected and protected: Identity management for enterprises in an era of zero trust

With millions of people working from home at present, and likely into the future, the enterprise perimeter has all but dissolved. In the process, organizations are struggling to ensure security in this "zero-trust" and remote era.

from Cyber Security News https://ift.tt/2Y4jBU8

2020’s top 5 phishing scams exposing hackers’ questionable morals – And how to hold strong against them

In this piece, we will explore the top five most surprising phishing attacks in 2020 to date and how individuals and organizations can not only identify these types of threats but protect their networks against them.

from Cyber Security News https://ift.tt/3oftoBH

Looking ahead to 2021– Healthcare security predictions for the upcoming year

In the midst of this confusion, we’ve continued to witness significant changes in the processes and operations that companies traditionally rely on to conduct business – with a majority of organizations relying on remote work to safely continue operations. Considering this, it’s no wonder that attackers have realized that there is a significant incentive to take advantage of already vulnerable personnel, and further, the confusion and panic that workers are rightfully experiencing during the pandemic.

from Cyber Security News https://ift.tt/2LKEnG1

‘Classiscam’ scheme targeting marketplace users through Telegram bot

Threat hunting company Group-IB published a report on a new scam scheme that they named “Classiscam.” The report reveals 40 or more groups currently running this scheme across Russia and Europe. The scheme involves a hierarchy of administrators, workers, and callers, who organize their activities through a Telegram bot.

from Cyber Security News https://ift.tt/3sNUx1J

5 minutes with Chris Wysopal – Trends in software security

One of the most important realities for enterprises to accept is that software security can only happen if developers have both the tools and the training to code securely. Here, we speak to Chris Wysopal, Chief Technology Officer and co-founder at Veracode about trends in software security and what organizations can do to make developers better at secure coding.

from Cyber Security News https://ift.tt/3o4bstz

Asset management and wealth security threats in 2021

New research from Digital Shadows shows how cybercriminals are increasingly setting their sights on asset and wealth management companies (AWM).

from Cyber Security News https://ift.tt/3p5Obsw

Business documents are the most exposed type of data

Code42 pulled some anonymized, aggregated data from Incydr, a SaaS data risk detection and response solution, showing how users move and exfiltrate data and files. The most exposed type? Business documents.

from Cyber Security News https://ift.tt/3qDbeeA

New AppSec podcast and statistics report available to security leaders

WhiteHat Security, a San Jose, Calif.-based provider of application security, announced the launch of AppSec Stats Flash, a monthly podcast and statistics report aimed at providing a more accurate view of the current state of application security.

from Cyber Security News https://ift.tt/360kama

Kroll adds three seasoned cybersecurity experts to Cyber Risk practice

Kroll, a division of Duff & Phelps, announced the hiring of three seasoned cyber experts in North America: John (Jack) Bennett, a managing director in the San Francisco office; Steve Bergman, a managing director in the Washington D.C. office; and John deCraen, an associate managing director in the Dallas office.

from Cyber Security News https://ift.tt/2NolMQt

Executive protection has gone digital

The field of executive protection has been expanding and redefining itself in real-time. Today, executive protection has advanced far beyond securing locations and bodies in the physical realm to also safeguarding online identities and reputations in the digital realm.

from Cyber Security News https://ift.tt/3oa4e7u

Ushering in cybersecurity’s new era with zero trust 2.0

Just as you would imagine based on its name, Zero Trust requires authentication of each touchpoint connecting to an organization’s network, aiming to transform it into an impenetrable fortress. Regardless of its benefits, even Zero Trust has its limitations and can create friction unnecessarily, which could have a lasting effect on employee productivity and an overextension of security resources. Are there any alternatives? Is there another remedy that can provide a similar level of security as Zero Trust without the friction? Zero Trust 2.0 is the answer.

from Cyber Security News https://ift.tt/3iuOieN

5 minutes with Alan Duric – Security, privacy and more

We talk to Alan Duric, co-founder and CTO/COO of Wire, a secure collaboration platform, about the various threats facing enterprises today, as well as how organizations can protect their employees and assets, and why organizations (and vendors) need to make a fundamental change to how they operate by implementing better security, technology, and approaches to build a security-first infrastructure.

from Cyber Security News https://ift.tt/3ivWcof

Noah Beddome named CISO at Opendoor

Noah Beddome will join Opendoor as Chief Information Security Officer (CISO). Beddome will be responsible for protecting the data and technology infrastructure that is core to Opendoor business. He will oversee Opendoor’s information security program and IT, and will help to maintain trust with customers by ensuring the integrity of data systems.

from Cyber Security News https://ift.tt/3p1PiJJ

New malware discovered in SolarWinds investigation

Symantec's Threat Hunter Team, a group of security experts, have uncovered an additional piece of malware used in the SolarWinds attacks which was used against a select number of victims that were of interest to the attackers.  According to Symantec, the malware, Raindrop is a loader which delivers a payload of Cobalt Strike. Raindrop is very similar to the already documented Teardrop tool, but there are some key differences between the two.

from Cyber Security News https://ift.tt/3isodwS

API abuse is a leading cyber threat

Radware's new 2020-2021 State of Web Application Security Report revealed that global organizations are struggling to maintain consistent application security across multiple platforms, and they are also losing visibility with the emergence of new architectures and the adoption of Application Program Interfaces (APIs).

from Cyber Security News https://ift.tt/35Xk6DI

5 minutes with Dmitriy Ayrapetov - K-12 cybersecurity challenges

In September 2020, a ransomware attack forced 6,000 elementary students to shutdown learning at the Newhall School District. Newhall isn't alone. In addition, Harford Public School, Miami Dade County, Haywood County School district in North Carolina are others that experienced similar circumstances.  With ransomware surging nearly 110% and no end in sight for remote learning, the environment is ripe for cyberattacks to escalate. To get some insight, we spoke to Dmitriy Ayrapetov, Vice President of Platform Architecture at SonicWall.

from Cyber Security News https://ift.tt/3oYGsfN

How to improve legal document security in six steps

In legal professions, safeguarding documents and paperwork is an essential office task. These papers may contain important, private information about a company’s operations, or they may include other privileged information shared by clients concerning their cases. In an increasingly digital world, the lock and key of the filing cabinet are no longer enough to guarantee document security. How can your practice better protect the digital files it stores? Take a moment to consider these six tips for implementing better security surrounding these important documents.

from Cyber Security News https://ift.tt/3bPKYJT

Healthcare security challenge: How cyberattacks are evolving

One thing that makes hospitals more vulnerable today than in the past is the extraordinary increase in connected medical devices (often known as IoMT or the “Internet of Medical Things”). Network-connected medical devices make healthcare more efficient and enable better patient care. They range from simple blood pressure devices and infusion pumps to more complex machines such as MRIs, CT scanners, and ultrasounds. The obvious problem is that these network connections also make these devices vulnerable to attack.

from Cyber Security News https://ift.tt/2XWAsrT

USDOT releases PNT and GPS Backup Technologies report

The U.S. Department of Transportation (USDOT) released the Complementary Positioning, Navigation, and Timing (PNT) and GPS Backup Technologies Demonstration Report to Congress final report.

from Cyber Security News https://ift.tt/3bTFBJu

NTIA releases national strategy to secure 5G implementation plan

The newly released National Strategy to Secure 5G plan by the NTIA details how the United States will lead global development, deployment, and management of secure and reliable 5G infrastructure.

from Cyber Security News https://ift.tt/3sMeiHl

Microsoft asks organizations to update systems to address Zerologon vulnerability

Microsoft has addressed companies who have not yet updated their systems to address the critical Zerologon flaw, a vulnerability in the cryptography of Microsoft's Netlogon process that allows an attack against Microsoft Active Directory domain controllers, making it possible for a hacker to impersonate any computer, including the root domain controller.

from Cyber Security News https://ift.tt/2NjuM9D

Biden-Harris American Rescue Plan includes more than $10b in cyber, IT funds

President-elect Joe Biden has announced the American Rescue Plan to "build a bridge towards economic recovery," during the coronavirus pandemic. The $1.9 trillion plan also aims to modernize federal information technology to protect against future cyberattacks. 

from Cyber Security News https://ift.tt/2LZ1FHZ

NSA releases guidance on encrypted DNS in enterprise environments

The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.

from Cyber Security News https://ift.tt/39zIsEA

5 minutes with Aamir Lakhani - Cybersecurity trends in 2021

What are some current trends in cybersecurity threat research? To get some insight, we spoke to Aamir Lakhani, cybersecurity researcher and practitioner with FortiGuard Labs. 

from Cyber Security News https://ift.tt/39C6wHa

New plug-in allows consumers to “Opt-Out Easy” of websites’ data collection

Consumers can easily identify opportunities to opt out of sharing personal data through the first-of-its-kind “Opt-Out Easy” browser plug-in developed by researchers from Carnegie Mellon’s CyLab Security and Privacy Institute. The plug-in makes opt-out choices more accessible to users, automatically extracting privacy information from websites’ policies and presenting it in a user-friendly way. 

from Cyber Security News https://ift.tt/38LhE5p

Telehealth’s emergence and the keys to security in 2021

Telehealth was an unexpected technology bright spot in 2020, as the Office for Civil Rights (OCR) relaxed enforcement of certain aspects of HIPAA, helping to reduce COVID exposure via virtual rounding and virtual visits. The following three high-level recommendations provide a basis for defense in depth for healthcare organizations in 2021.

 

from Cyber Security News https://ift.tt/3bFQr5H

CISA launches new effort to develop actionable metrics to quantify cyber risk

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new cybersecurity effort:  The Systemic Cyber Risk Reduction Venture on developing actionable metrics to quantify cyber risk. This information will be used to reduce shared risk to the nation's security. 

from Cyber Security News https://ift.tt/3su58ia

Why modernizing your mainframe is essential for enterprise security

What is the best path forward? Should companies upgrade their existing platforms or replace them entirely? What makes the most sense both financially and for the security of your data? 

from Cyber Security News https://ift.tt/3oKn85H

5 minutes with Ellen Benaim, CISO of Templafy: Security leadership and diversity

How do you lead a great security team to overall mitigate risks across the entire enterprise? To find out, we talk to Ellen Benaim, Chief Information Security Officer at Templafy. In her role, Benaim is responsible for overseeing company-wide information security and governance program and ensuring the entire organization follows necessary protocols to keep the enterprise secure.

from Cyber Security News https://ift.tt/2Lp1s0Q

3 tips on how to approach crypto ransomware

Ransomware attacks were on the rise long before the pandemic. Over the last two years, ransomware attacks have risen by 200%  – they are becoming more frequent, more expensive, and more sophisticated. This issue is anticipated to continue throughout 2021 and why businesses must be proactive to manage threats and other actionable steps to mitigate any damage.

from Cyber Security News https://ift.tt/3oIwqzm

CISA: Hackers bypassed MFA to access cloud service accounts

In a new alert, the Cybersecurity and Infrastructure Security Agency (CISA) announced that it is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration. 

from Cyber Security News https://ift.tt/2XHrIFX

New book Cybersecurity: The Expert Guide explains how to stop cybercrime in its tracks

How can you protect yourself and your business from digital dangers – and safeguard your privacy and data against a rising wave of online concerns?  Inside Scott Steinberg’s new book Cybersecurity: The Expert Guide, readers will discover how to defend against cybercrime – today’s fastest-growing form of criminal activity – and implement best practices and high-tech safeguards that can help them stay one step ahead of hacks, data breaches, phishing attempts, identity theft, online fraud, and other common high-tech threats.

from Cyber Security News https://ift.tt/3i9EtCN

ESET discovers Operation Spalax: Colombian government and industry sector under targeted attack

In 2020, ESET researchers observed several attacks exclusively targeting Colombian entities, which have collectively been dubbed Operation Spalax. These attacks are ongoing and are focused on both government institutions and private companies, especially in the energy and metallurgical industries. The attackers rely on the use of remote access trojans, most likely to conduct cyber-espionage activities.

from Cyber Security News https://ift.tt/3qhsx4x

Grappling with the onslaught of ransomware attacks

Security professionals need to protect themselves from attack fatigue, as well as a sense of helplessness. And, despite increased awareness of the need for improved cybersecurity, ransomware continues to plague many organizations. But there are ways to take the upper hand and succeed against this significant risk.

from Cyber Security News https://ift.tt/3oGZPcZ

Five cyber threats to watch in 2021

Throughout 2020, the COVID-19 pandemic created something of a new playground for hackers. In response, many institutions fortified cybersecurity systems and fast-tracked digital transformation initiatives. But what does the landscape for cybersecurity and the evolution of threats look like in 2021? We don’t have a crystal ball, but here are five cybersecurity trends to watch out for in the new year.

from Cyber Security News https://ift.tt/3nPtJuF

Ubiquiti suffers data breach and alerts customers to change passwords

Ubiquiti Networks has sent out notification emails to its customers informing them of a recent security breach. 

from Cyber Security News https://ift.tt/3oKubeW

Security researcher archives Parler content

A researcher has archived Parler user posts, photos and videos in the wake of the platform being accused of fueling the recent Capitol riots.

from Cyber Security News https://ift.tt/39t8klF

Mimecast certificate compromised by a threat actor

A Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor.

from Cyber Security News https://ift.tt/38EI9Jo

Don Freese appointed chief information security officer at Digital Realty

Don Freese has joined Digital Realty, provider of cloud- and carrier-neutral data center, colocation and interconnection solutions, as Chief Information Security Officer. Mr. Freese, who previously served as a Senior Executive with the FBI and a cybersecurity leader at PwC, brings more than 30 years of leadership experience advising large corporations and the highest ranks of the U.S. government on cybersecurity, cyber operations and IT risk management. 

from Cyber Security News https://ift.tt/3qfSbXz

5 minutes with Brian Harrell - Critical infrastructure protection and the power grid

In the U.S., critical infrastructure consists of sixteen essential sectors that make daily life possible. National critical functions are the functions of government and the private sector so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety. Here, we talk to Brian Harrell about the importance of protecting critical infrastructure, the threats and hazards that pose the greatest risks to critical infrastructure and more.

from Cyber Security News https://ift.tt/3i4hOaO

International Cyber League competition aims to find the world's best cyber defense team

Cyberbit announced the launch of the International Cyber League (ICL), a first-of-its-kind competition that will determine the world’s best cyber defense team. The League will begin with America’s Cyber Cup, with registration opening today and closing on Monday, February 22. To determine the world’s best team, qualifying teams will face off against simulated cyberattacks in Cyberbit’s hyper-realistic cyber range, crowning the winning team as North America’s best.

from Cyber Security News https://ift.tt/39tXOL7

200 million Facebook, Instagram, and Linkedin users' scraped data exposed

Chinese start-up Socialarks suffered a massive data breach, exposing more than 400GB of personal data, including several high-profile celebrities and social media influencers, according to Safety Detectives. 

from Cyber Security News https://ift.tt/39nyPsK

Adolph Barclift joins Five Star Bank as CISO

Adolph Barclift has joined the First Five Bank as Chief Information Security Officer (CISO). As CISO, Barclift serves as subject matter expert responsible for the development and delivery of a comprehensive information and cybersecurity program, ensuring that information is protected from external and internal threats. He also oversees compliance with statutory and regulatory requirements regarding information access, security and privacy.

from Cyber Security News https://ift.tt/35xONiG

New Zealand Central Bank reports cyberattack

The Reserve Bank of New Zealand (RBNZ) was hit by a cyber breach of one of its data systems, though it says the breach has been contained and main operations are secure.

from Cyber Security News https://ift.tt/3nyySqA

How small businesses and restaurants can protect themselves from cyber threats

From introducing contactless payment options to offering new virtual services, small businesses moved swiftly to expand their offerings and digital capabilities in light of social distancing guidelines. In the midst of these changes, however, it’s critical for small businesses and restaurants to make sure they’re guarding against potential cyber threats. Here are key steps they can take to help ensure that they stay protected.

from Cyber Security News https://ift.tt/3sdZO2v

3 key reasons why SOCs should implement policies over security standards

How do we respond to this increased focus on security? One option would be to simply increase the security standards being enforced. Unfortunately, it’s unlikely that this would create substantial improvements. Instead, we should be talking about restructuring security policies. In this post, we’ll examine how security standards look today and 5 ways they can be dramatically improved with new approaches and tooling.

from Cyber Security News https://ift.tt/2LIfOJ7

5 fraud predictions for 2021 and beyond

To help businesses prepare for fraudulent activity in 2021, Experian’s Future of Fraud Forecast highlights five fraud threats businesses should be aware of this year:

from Cyber Security News https://ift.tt/2XIdwgd

Anne Neuberger, NSA's director of cybersecurity, to join Joe Biden's National Security Council

President-elect Joe Biden has tapped Anne Neuberger for the cybersecurity slot on the National Security Council (NSC). Neuberger, who joined the NSA more than a decade ago and has been serving as the agency’s director of cybersecurity since 2019, will be named deputy national security adviser for cybersecurity in the incoming NSC, according to Politico. 

from Cyber Security News https://ift.tt/38ohXTs

Heather Hinton joins RingCentral as CISO

RingCentral announced that industry security veteran, Heather Hinton has joined as the company’s Chief Information Security Officer (CISO). Hinton joins RingCentral from IBM, where she spent 13 years in various leadership positions, most recently as vice president and IBM distinguished engineer, and CISO for the company’s Cloud and Cognitive Software business unit.

from Cyber Security News https://ift.tt/3oqDK2m

Considering the value of leveraging a virtual chief information security officer (vCISO)

A company’s in-house chief information security officer (CISO) is a key component to making sure the risk of a cyberattack or security breach is greatly reduced. The responsibilities of this position are critical for businesses working to protect themselves against cyberthreats, but the reality is, some companies can’t afford to add another member to the c-suite with an average salary of up to $250K. However, there’s another option: a virtual CISO or vCISO.

from Cyber Security News https://ift.tt/3hTefnV

People, processes, and tech: 2021’s top cybersecurity priorities

While the rough seas may be behind businesses, now is not the time to rest. It’s important for security leaders to remain diligent about their company’s security posture and adapt to the latest state of the world. Focusing on people, processes, and technology is not only the foundation to a solid cybersecurity strategy, but also absolutely critical at a time where workers have never been further from security teams’ protection.

from Cyber Security News https://ift.tt/2Xm9sSl

Companies need to enhance cybersecurity amid the continuation of COVID-19 in 2021

Is your company’s cybersecurity policy as effective as it should be amid these tumultuous times? And if you’re not an employee but the owner of a small business – typically someone with much less sophisticated cybersecurity protection – how does your online security stack up? The answer: Cybersecurity has improved, but markedly more has to be done to secure networks in 2021, the second year of the pandemic, as the number of cyberattacks has become staggering.

from Cyber Security News https://ift.tt/2L4hNb4

CISA updates emergency directive and activity alert on SolarWinds Orion compromise

CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2.

from Cyber Security News https://ift.tt/3nnFHv8

CISA, NASCAR, Daytona International Speedway and local partners conduct joint exercise to keep DAYTONA 500 fans safe

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), NASCAR, the Daytona International Speedway, state and local first responders, law enforcement officials, and local businesses held a tabletop exercise today to test response plans around hypothetical public safety incidents on the day of the DAYTONA 500. 

from Cyber Security News https://ift.tt/3q23EcX

Attacks on VPNs and health industry headline 2021’s biggest cyber risks

As we look ahead to 2021 and to defending against an ever-evolving variety of exploits and attacks, it’s important to consider the cybersecurity attack vectors that will be most prevalent in the upcoming year.

from Cyber Security News https://ift.tt/3hPBX4h

COVID-19’s impact on healthcare’s security infrastructure in 2020

Fortified Health Security, Healthcare’s Cybersecurity Partner released the 2021 Horizon Report, which details findings that illustrate how, as healthcare organizations continue to respond to the pandemic, cybercriminals have continued to persist in their attacks on providers, health plans and business associates – compromising sensitive patient data while impacting the delivery of care to patients.

from Cyber Security News https://ift.tt/3nmiREa

Poor-quality software costs US trillions

Synopsys, Inc.'s The Cost of Poor Software Quality In the US: A 2020 Report's findings reflect that the cost of poor software quality (CPSQ) in the US in 2020 was approximately $2.08 trillion. This includes poor software quality resulting from software failures, unsuccessful development projects, legacy system problems, technical debt and cybercrime enabled by exploitable weaknesses and vulnerabilities in software.

from Cyber Security News https://ift.tt/398ACSj

NSA releases cybersecurity guide on detecting and fixing outdated encryption protocol implementations

The National Security Agency released a cybersecurity product detailing how to detect and fix out-of-date encryption protocol implementations. Networks and systems that use deprecated forms of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) for traffic sessions are at risk of sensitive data exposure and decryption.

from Cyber Security News https://ift.tt/3njH4ej

A disturbing trend – Road to a cyber dark age

As global tensions continue to escalate, the Internet may find itself used as a weapon, something we are already starting to see happen, by nations attempting to exert their influence and enforce greater internal control over digital commerce and communication. Nations must recognize the threat of escalation beyond the point of no return and take steps to ensure that the interconnectivity of the open Internet remains intact long-term. This will prevent a “cyber dark age” in which governments implement national Internet protocols and stop the free flow of data across borders.

from Cyber Security News https://ift.tt/2Ms5J3t

Dr. Chase Cunningham joins Ericom as Chief Strategy Officer

Dr. Chase Cunningham, a recipient of Security magazine's Most Influential People in Security, has joined Ericom as its Chief Strategy Officer. In this role, he will shape the company's strategic vision, roadmap and key partnerships. Dr. Cunningham previously served as vice president and principal analyst at Forrester Research, providing strategic guidance on Zero Trust, artificial intelligence, machine learning and security architecture design for security leaders around the globe.

from Cyber Security News https://ift.tt/3bartLx

US intelligence agencies say Russian threat actors are likely behind SolarWinds hack

FBI, ODNI, CISA & NSA issue joint statement saying their investigation indicates an APT actor "likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks."

from Cyber Security News https://ift.tt/397TTmX

The top 10 Service exploits identified in 2020

Radware's Vulnerability Research Team explored 2020's top 10 most prevalent exploits targeting web services leveraged in large scale attacks or reconnaissance campaigns as seen by Radware’s Threat Research Center.

from Cyber Security News https://ift.tt/2XczsQ5

Three security trends to watch in 2021 and beyond

It’s within this expanded terrain for cyberattacks that the security trends of 2021 and beyond are taking shape. Workers are engaging with company resources from diverse locations. At the same time, businesses have ramped up their digitalization journeys to be more flexible and agile after COVID-19’s disruption of supply chains. The result is a dynamic tech environment where the continuity of business operations – and ultimately market competitiveness – will rely on robust cyber protections.

from Cyber Security News https://ift.tt/3b9pZBq

A look ahead to mobile security in 2021

As organizations continue to adapt to life in the age of COVID-19, smartphones are set to take on additional responsibilities – even as the security limitations of these devices become ever more evident. Below, I’ve highlighted five key trends that are set to shape mobile security in 2021.

from Cyber Security News https://ift.tt/2Lg9Hf3

T-Mobile hacked again; hackers accessed customer information

To close out the year, U.S. telecommunications giant T-Mobile announced it had been hacked. In a notice, the company said its cybersecurity team had discovered and shut down malicious, unauthorized access to some information related to T-Mobile accounts.

from Cyber Security News https://ift.tt/2X8Sg2F

Cybersecurity is broken, and it’s not for lack of trying

I have been in the cybersecurity industry for more than 20 years now. I have founded, operated, and exited several cybersecurity startups. I also advised, invested in, and even acquired a handful. Despite successful outcomes, my experience has left me perhaps a little jaded. Are we winning the battle? When I log into my various web accounts, I am so often reminded that my password had been stolen, sometimes alongside with my personal information. Even major financial institutions and government agencies have suffered a similar fate. Cybersecurity is broken, and here is why.

from Cyber Security News https://ift.tt/2X5Pjjz