Securing 5G cloud infrastructures

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. 

from Cyber Security News https://ift.tt/3Er12g6

U.S. water and wastewater systems targeted by cybercrime

Water and wastewater (WWS) facilities are under cyberattack, along with the recent increase in critical infrastructure cyberattacks. A joint statement from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA) and the National Security Agency (NSA) details recent attacks and what WWS systems can do to bolster their cyber defense.

from Cyber Security News https://ift.tt/3GzGuny

WordPress plugin bug can lead to complete loss of site content

Researchers have helped patch a high-severity-rated security flaw in a popular WordPress plugin, which could be exploited to completely wipe and reset any vulnerable WordPress website.

from Cyber Security News https://ift.tt/3w0poui

Georgia State founds Trustworthy AI certificate program

The new Georgia State University online graduate certificate program in Trustworthy Artificial Intelligence Systems can be completed in 21 weeks via virtual coursework.

from Cyber Security News https://ift.tt/3Br8JRD

40% of organizations have suffered a cloud-based data breach

A new Thales Global Cloud Security Study reports that 40% of organizations have experienced a cloud-based data breach in the past 12 months.  

from Cyber Security News https://ift.tt/3pMDM87

5 minutes with Emily Frolick - Trust in the digital age

Trust is the ultimate business enabler. When enterprises inspire trust in all their stakeholders, they create a platform for better business performance. But not all brands are starting from a level playing field, says Emily Frolick, KPMG’s  Partner, IT Audit and Assurance.

from Cyber Security News https://ift.tt/3mpO1Nw

Poor security threatens Internet of Things hypergrowth

In a world replete with endless cyberattacks, IoT devices have minimal security, in part because cybersecurity stewards and their bosses are busy with other things and aren’t demanding improvement. 

from Cyber Security News https://ift.tt/2ZyqrVQ

Over 800 million medical records exposed in data breach

Security researcher Jeremiah Fowler and the Website Planet team discovered an unsecured database belonging to Deep6.ai, an American medical artificial intelligence platform, containing 886,521,320 records.

from Cyber Security News https://ift.tt/3mvjBK9

83% of companies suffer business damage when down for 24 hours

A Netenrich survey found that 83% of companies would suffer business damage during the first 24 hours of an outage and thereafter.

from Cyber Security News https://ift.tt/2XSyCvN

Supply chain security must include cyber resilience

In the Leadership Keynote speech at the Security Industry Association (SIA) Securing New Ground conference, Intel Vice President and General Manager for Client Security Strategy and Initiatives Tom Garrison outlined how and why supply chain security needs to be seen as both a physical and cybersecurity priority.

from Cyber Security News https://ift.tt/3GtUYFx

Overcoming roadblocks to accelerate IT/OT convergence

IT and OT convergence can present many challenges for an enterprise organization. Explore case studies of convergence to help the process along at your own business.

from Cyber Security News https://ift.tt/3Bo55b2

Kim Wyman to join Biden Administration as CISA’s Senior Election Security Lead

Washington Secretary of State Kim Wyman will join the Biden Administration as CISA’s Senior Election Security Lead. 

from Cyber Security News https://ift.tt/3vTjivo

5 minutes with Claudia Rast - Focusing on basic cybersecurity principles

The latest and greatest technology will not always protect a company. Instead, focus on the basics of cybersecurity: leadership, training and security monitoring, says Claudia Rast, Practice Department Chair for the IP, Cyber and Emerging Technology Group for ButzelLong. 

from Cyber Security News https://ift.tt/3jHKQPO

Toss your standard crisis communications plan for cyberattacks. Five questions to ensure your company’s preparedness

Cyberattacks are distinct from other types of corporate crises, especially in how, when and why an organization communicates with its stakeholders during and in the aftermath of an attack. Here are five questions boards should ask the C-suite before a cyberattack occurs.

from Cyber Security News https://ift.tt/2ZxJ254

University of Nebraska wins DOD grant for bridge monitoring research

University of Nebraska researchers will study the implementation of smart monitoring technology at various bridges in the state, evaluating the cybersecurity risks of the new instruments and their effects on bridge safety. The Department of Defense will fund the project, which is a collaboration between the University of Nebraska at Omaha and the University of Nebraska-Lincoln.

from Cyber Security News https://ift.tt/3GrPScY

Karen Evans named Managing Director at the Cyber Readiness Institute

Cybersecurity policy leader Karen Evans has been named the new Managing Director of the Cyber Readiness Institute (CRI). In her role at CRI, Evans will lead the public-private partnerships developed by CRI.

from Cyber Security News https://ift.tt/2Zq3Nzc

Five new trends in healthcare cybersecurity

Defending the medical device supply chain, cracking down on ransomware and monitoring new technology are all priorities for cybersecurity professionals in the healthcare field. In a panel hosted by BD, Eric Decker, William Landry, Inhel Rekik and Scott Shindledecker discuss top of mind issues for healthcare cybersecurity professionals.

from Cyber Security News https://ift.tt/3EoVNxE

6 common mistakes that lead to ransomware infections

Let’s take a look at six of the most common mistakes that lead to ransomware infections. 

from Cyber Security News https://ift.tt/3vQTOiz

14% of C-suite executives say organizations have no cyber threat defense plans

Nearly all U.S. executives (98%) report that their organizations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-U.S. executives, according to Deloitte’s 2021 Future of Cyber Survey. 

from Cyber Security News https://ift.tt/3jHKmsO

The three V’s of SaaS security

By focusing on the three V’s — volume, velocity and visibility — of Software as a Service (SaaS) security, organizations can streamline and improve their security team’s efficiency, reducing their workload and increasing protection for the company against any potential exposure or data breach.

from Cyber Security News https://ift.tt/3mnrq4x

SolarWinds hackers, Nobelium, targeting global IT supply chain

from Cyber Security News https://ift.tt/3bcpqFD

National Governors Association works with 4 states on exercise to improve energy emergency preparedness

The National Governors Association (NGA) will support four states —  California, Connecticut, Illinois and Utah — as they participate in the nationwide GridEx VI exercise, which reviews and tests energy emergency preparedness through a simulated coordinated cyber and physical incident on the electrical grid.

from Cyber Security News https://ift.tt/3bawgLR

Closing the cybersecurity workforce gap

The 2021 Cybersecurity Workforce Study from (ICS)² revealed global and national trends in the cybersecurity profession, with 700,000 professionals joining the industry since 2020.

from Cyber Security News https://ift.tt/2Zqd1Lx

More than half of healthcare applications currently open to attack

from Cyber Security News https://ift.tt/3mhaMmS

Nevada, North Dakota top cybercrime lists in the US

A new report studied the per capita rate of cybercrime in each U.S. state, finding that the national average of victims per capita is 240. Find out more about this state-by-state breakdown here.

from Cyber Security News https://ift.tt/3nlsOna

Biometrics lead passwordless authentication methods

As major organizations integrate passwordless solutions into their products, the FIDO Alliance's new Online Authentication Barometer finds that biometrics are gaining in use and popularity.

from Cyber Security News https://ift.tt/3GmUctK

Ransomware payments shrank from 44% to 12%

Data shows a rise in ransomware claims from Q2 2020 through Q1 2021 (0.25% to 0.58% increase in frequency) but then a drop by 50% in Q2 2021 that largely sustained through Q3 2021, according to the Corvus Risk Insights Index.

from Cyber Security News https://ift.tt/3B7AGxv

The urgent need for the healthcare industry to develop cyber-resiliency

Healthcare is disproportionately targeted: 34% of all data breaches in the U.S. involve a healthcare organization. Yes, healthcare is a large industry, but we’re not that large. Here’s why security is such an issue for our critically important but increasingly fragile industry.

from Cyber Security News https://ift.tt/30YZbkh

How to protect businesses against the threat of ransomware attacks and the role of cyber insurance

Cyber insurance can still play a critical role in protecting a business during the interruption of a ransomware attack, as well as help cover potential ransom payments and/or associated legal fees.

from Cyber Security News https://ift.tt/3nuwoM3

Gigabyte victim to ransomware again

Gigabyte Technology, a Taiwanese manufacturer and distributor of computer hardware, has allegedly suffered a massive data breach as a result of a ransomware attack. 

from Cyber Security News https://ift.tt/3b32oks

US senators urge FCC to address surveillance threats to telecom networks

U.S. senators urged the Federal Communications Commission (FCC) to address surveillance threats posed by foreign corporations managing U.S. telecommunications providers.

from Cyber Security News https://ift.tt/3vy2Pgc

Employers increase cybersecurity budgets as workplaces go hybrid

A new survey from Nexor shows the knowledge gap when it comes to cybersecurity, with 23% of employers not knowing where to begin protecting their businesses from cyber threats or being able to afford adequate protection.

from Cyber Security News https://ift.tt/3G5hLqS

Strengthening IT to help withstand cyberattacks

Employees and non-employee contractors continue representing the most critical weak link in the IT chain. Too many employees, and vendors using corporate networks, are still falling for phishing attacks. Enhanced worker training on cyber risks helps, but training coupled with stronger systems offers the best protection against cyber threats.

from Cyber Security News https://ift.tt/3E6PfDv

Ed Skoudis named President of SANS Technology Institute

Ed Skoudis, a cybersecurity leader and educator, has been named the new President of the SANS Technology Institute, according to a statement. Ed will lead the institute's degree programs and Internet Storm Center.

from Cyber Security News https://ift.tt/3vyxIRH

The five W's of third-party incident management

When it comes to cyber incident management of third-party risks, enterprise security professionals can follow a simplified task list to cover their bases by answering the questions "who, what, where, when, why and how."

from Cyber Security News https://ift.tt/3GctcgA

Congress passes DHS software supply chain bill

The new bill, the DHS Software Supply Chain Risk Management Act of 2021 (H.R. 4611), will secure the supply chains involved in Department of Homeland Security software contracts by requiring a new certification.

from Cyber Security News https://ift.tt/3aYSuR6

Shirin Hamid named CIO and Director of IT at IMF

Shirin Hamid, an experienced cybersecurity and IT professional, is expected to begin as the CIO and Director of the IT Department at the International Monetary Fund (IMF) in January 2022.

from Cyber Security News https://ift.tt/3E3JeHO

Bugs in malware creating backdoors for security researchers

Malware authors often take advantage of vulnerabilities in popular software. But, malware is also prone to bugs and coding errors, causing it to crash and serve as backdoors — any method by which authorized and unauthorized users can get around normal security measures and gain high-level user access — for white hat hackers. 

from Cyber Security News https://ift.tt/3B56e7j

Does your communication platform guarantee data security – and data privacy?

How often, when sending messages via a communication platform, are you thinking about your sensitive and private user information being exploited?

from Cyber Security News https://ift.tt/3aYWIIk

Insider risk, slow cyberattack response among worries for security professionals

The second Voice of SecOps report from Deep Instinct revealed that the average time elapsed before a company responded to a cyberattack was 20.9 hours globally. The report surveyed 1,500 cybersecurity professionals about their top cyber concerns.

from Cyber Security News https://ift.tt/3G4KMmu

Frank Russo named CISO at Calendly

Calendly announced the appointment of Frank Russo as its first chief information security officer. Russo will oversee application security, infrastructure security, corporate security, privacy and compliance to protect customers, partners, employees, systems and assets.

from Cyber Security News https://ift.tt/3AXxPHt

80% of executives will consider paying the ransom

A new Report, “Ransomware in Focus,” based on a survey of more than 250 Chief Information Security Officers (CISOs), cited ransomware as the #1 threat facing businesses and one of the primary CISO concerns for the next 12 months, with many believing an attack is inevitable. 

from Cyber Security News https://ift.tt/3n6rTXM

Cory Simpson named EVP at Resolute Strategic Services

Cory Simpson, former Senior Director at the U.S. Cyberspace Solarium Commission and international expert on national security and emerging technology, has joined Resolute Strategic Services as an Executive Vice President.

from Cyber Security News https://ift.tt/3BYYLIk

4 stages of a zero trust self-assessment

You want to begin implementing zero trust security at your organization, but where do you start? Let's walk through clear stages to build a zero trust framework that serves as the roadmap for your organization’s journey to better security and greater efficiency.  

from Cyber Security News https://ift.tt/3vsksxY

The real-world impacts of cyberattacks

Assessing cyber risk is essential to a business and is a key contributor to its overall reputational risk. Businesses need to take cyber risk into account in overall business strategy and planning. 

from Cyber Security News https://ift.tt/3jk9422

Companies lack basic cybersecurity practices to combat ransomware

Axio's 2021 State of Ransomware Preparedness report reveals that organizations are not equipped to defend against ransomware due to deficiencies in implementing and sustaining basic cybersecurity practices, including managing privileged administrator credentials and ensuring visibility of supply chain risk.

from Cyber Security News https://ift.tt/3AWYGDE

Bridging the gender gap in cybersecurity

Women make up only 24% of the cybersecurity field, according to an ISC² study. Cybersecurity leaders Sharon Smith, Lori Ross O'Neill, Aanchal Gupta and Meg West discussed how to solve the problem of underrepresentation in the industry at the ISC² Security Congress 2021.

from Cyber Security News https://ift.tt/3phjzXP

83% of ransomware victims paid to get data restored

ThycoticCentrify released new research confirming that ransomware has become a preferred method for cyberattacks, with nearly two out of three companies (64%) surveyed admitting to be victims of a ransomware attack in the last 12 months.

from Cyber Security News https://ift.tt/3vp1Kau

CISA issues advisory on BlackMatter ransomware

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory regarding BlackMatter ransomware cyber intrusions targeting multiple U.S. critical infrastructure entities, including two U.S. food and agriculture sector organizations.

from Cyber Security News https://ift.tt/3G2U2ru

The dos and don'ts of advocating for cybersecurity in the boardroom

Chris Jacquet, VP and Chief Information Security Officer (CISO) at Hitachi Vantara, explains how best to approach cybersecurity in the boardroom. Being prepared, honest and concise can help a CISO secure much-needed funding for their department.

from Cyber Security News https://ift.tt/3jgpJDK

Security in the flexible working world

Whether remote, in the office or in a co-working space, all employees must be sensitized to cyber threats. It is important not only to provide training for employees but also to give IT security a permanent place in the corporate culture. 

from Cyber Security News https://ift.tt/3BW3N8q

Every company should have access to a bitcoin account

Despite a company’s belief on how it would respond in the event of a ransomware attack, companies should consider opening a bitcoin account with a nominal amount of bitcoin in it so that it is at least is prepared to timely make the tough decision should the need arise. 

from Cyber Security News https://ift.tt/3vmQf36

Sukumar Reddy Saddi hired as new CTO for Global Integrity Finance

Sukumar Reddy Saddi has been named Global Integrity Finance's Chief Technology Officer. Saddi will lead the company's end-to-end information technology strategy and development of financial applications.

from Cyber Security News https://ift.tt/3voeuOm

Challenges associated with diversity, equity and inclusion in cybersecurity teams

(ISC)² published a new research study highlighting the unique challenges diverse cybersecurity professionals worldwide face and provides recommendations to create positive change.

from Cyber Security News https://ift.tt/2Z9AQYe

Carrie Weber named CRO at LendingHome

LendingHome, a real estate loan provider, has named Carrie Weber their new Chief Risk Officer. Weber will develop a risk management strategy for the firm and oversee risk and compliance issues.

from Cyber Security News https://ift.tt/3BW1nqd

Cloud-based computing – Data collection and forensic investigation challenges

The recent pandemic accelerated a trend towards remote work that has been ongoing for years and, as a result, accelerated usage of cloud-based collaboration platforms and their impact on the field of digital forensics. This article will discuss the trends and challenges associated with these platforms as they pertain to cloud-based data collection and its use in forensic investigations.

from Cyber Security News https://ift.tt/3j84STd

Countering the fog of war in cybersecurity

We spend a lot of time and effort so we can spot attackers — and for a good reason! But without visibility into our own organizations, we’re left with too much uncertainty. So how can you use more visibility to counter the fog of war?

from Cyber Security News https://ift.tt/3jftOIn

US expected to break data breach record in 2021

The Identity Theft Resource Center's data breach analysis for the third quarter of 2021 has been released, highlighting an uptick in breaches compared to the first half of the year. The U.S. is set to break its own record for most data breaches in a year in 2021.

from Cyber Security News https://ift.tt/2YTSQ8t

CISA warns of ongoing cyber threats to US water and wastewater systems sector facilities

CISA, the Federal Bureau of Investigation, the Environmental Protection Agency, and the National Security Agency have released a joint Cybersecurity Advisory that details ongoing cyber threats to U.S. Water and Wastewater Systems  Sector.

from Cyber Security News https://ift.tt/3lJDAnO

Shoring up cybersecurity in critical infrastructure and the nation's defense supply chain

A recent surge in cyberattacks, including SolarWinds and Colonial Pipeline, has intensified a focus on cybersecurity across industrial sectors and critical infrastructure. As a result, the U.S. government and other organizations within the nation’s defense supply chain have taken action to protect the critical assets and organizations that ensure the security and prosperity of our country. 

from Cyber Security News https://ift.tt/3j3jUcK

Pen testing vs. threat hunting: What’s the difference?

With all the security strategies, architectures, automation tools and activities present, it can be mind-boggling to distinguish one from the other. Like many other security processes, penetration testing and threat hunting are often incorrectly equated. However, the difference between the two is that between prevention and detection. 

from Cyber Security News https://ift.tt/3DPv117

Software engineers and developers among most in-demand cybersecurity roles

A new report from Veriff analyzes data about the cybersecurity workforce, finding strong cybersecurity industries in the United States, Brazil and Mexico. The report also details which jobs are the most in-demand, having researched global job boards and roles at cybersecurity companies.

from Cyber Security News https://ift.tt/3BITDb7

Biometric authentication sees increase in adoption during the pandemic

More than 50% of organizations are considering a passwordless authentication strategy, according to the 2021 Duo Trusted Access Report. The study, released by Cisco's Duo Security, measured authentication trends across more than 36 million devices.

from Cyber Security News https://ift.tt/3FLYVou

The critical role of a CISO means advocating for cybersecurity

At the Raines Cybersecurity Leadership webinar, cyber expert Elad Yoran discussed the essential traits of a CISO and why businesses should incorporate a security voice in their boardroom.

from Cyber Security News https://ift.tt/3lH8PQp

Attackers exploiting zero-day vulnerability before enterprises can patch

HP Wolf Security threat research team sees cybercriminals using legitimate cloud providers to host malware, and switching up file and script types to evade detection tools.

from Cyber Security News https://ift.tt/3azXmvA

Protecting schools in hybrid and remote learning environments

School budgets have been set for the 2021/2022 school year, policies and procedures have been updated, staffing levels have been established, and security solutions have been deployed into this dynamic environment. Here, we consider adjustments that can be made to deployed controls so that children and school staff remain safe in both hybrid and remote learning environments.

from Cyber Security News https://ift.tt/3j2AXvt

Supply chain cybersecurity trends: What professionals should be aware of and how to prepare for 2022

Throughout the past two years, supply chain professionals have experienced the national and international disruptions that can occur as a result of cyberattacks, with some threats completely halting certain sectors. 

from Cyber Security News https://ift.tt/2YHrLp7

Account takeover named top fraud risk for businesses

A new study from BioCatch, the "2021 Fraud Transformation Survey: Detecting and Preventing Emerging Schemes," asked security leaders at global financial institutions about their perceptions of fraud and risk management.

from Cyber Security News https://ift.tt/3vajXYY

Bill Shields named CISO at TransUnion

Bill Shields brings over a decade of information security leadership experience to his Chief Information Security Officer (CISO) at TransUnion.

from Cyber Security News https://ift.tt/3mN21A9

1/15 enterprises still vulnerable to SolarWinds

Randori released a report that identifies the most tempting internet-exposed assets that an attacker is likely to go after.

from Cyber Security News https://ift.tt/3azV5AI

Why mobile app developers need to prioritize user data privacy and security — and what they can do to ensure it

While offering incredible conveniences, mobile apps are also a vehicle for malicious hackers to obtain sensitive data and personal information. But before we dive into the work of hackers, it is important to understand user privacy.

from Cyber Security News https://ift.tt/3mSGGVI

Why hack back is still wack: 5 causes for concern

While the appeal of taking action against an attacker is easy to see, private sector hack back is a very bad idea. We encourage organizations to employ active defense techniques, but limit these to assets you own or operate. Hack back raises a number of concerns, as detailed here..

from Cyber Security News https://ift.tt/2YMXHIw

President Biden signs K-12 Cybersecurity Act

President Joe Biden has signed the K-12 Cybersecurity Act into law to enhance the cybersecurity of K-12 educational institutions.

from Cyber Security News https://ift.tt/3mJIn8c

BrewDog exposed PII details of more than 200,000 shareholders and customers

Pen Test Partners shared news that BrewDog exposed the details of more than 200,000 ‘Equity for Punks’ shareholders for over 18 months, along with many more customers. 

from Cyber Security News https://ift.tt/3lyoKQY

Formula for success: How to determine the optimal investment in cybersecurity protection

Decision-makers need to strike a balance when it comes to spending on cybersecurity technology in a way that still enables corporate growth without leaving the organization overly vulnerable to an attack. Invest too little, and there could be gaps in your cyber defenses. Invest too much, and there could be a false sense of security.

from Cyber Security News https://ift.tt/3ALiRo5

Four trends for the future of US privacy law

Existing privacy laws in California, Colorado, Virginia and the European Union reveal common trends that are likely to extend to future U.S. privacy legislation.

from Cyber Security News https://ift.tt/3FCfq6r

Protections fall short in mitigating online wildlife trafficking

The "Digital Markets: Wildlife Trafficking Hidden in Plain Sight" report from the International Fund for Animal Welfare identified over 1,100 advertisements for illegal wildlife trade and analyzed trends in the demand for and online sale of endangered species.

from Cyber Security News https://ift.tt/3iT4IyR

Human error, psychology and specificity: The power of spear phishing

Let's dive into what spear phishing is and how security teams can effectively tackle this very targeted method of digital attack, especially now that hackers are picking up their pace.

from Cyber Security News https://ift.tt/2YCtVGu

Emerging technology, evolving threats — Part III: 5G and the new surfaces and strategies

5G is here and redefining network architecture. Taking responsibility for its advancement in a secure manner has never been more important. Who ultimately is responsible for its associated security?

from Cyber Security News https://ift.tt/3mBasyi

US military bases add biometrics to visitor passes

The biometrics technology was developed by the Air Force for use in visitor control centers at U.S. military bases.

from Cyber Security News https://ift.tt/3Fr5jBv

David Zambri named CISO, Associate VP at UCF

David Zambri brings 28 years of law enforcement experience to his new role at the University of Central Florida, where he previously served as Deputy Chief of Police.

from Cyber Security News https://ift.tt/3BwgFly

US security must start with zero trust

As the United States continues to face attacks across critical sectors — energy and infrastructure, healthcare, and operational technology (OT) — a cultural shift in cybersecurity is taking place.  

from Cyber Security News https://ift.tt/2YprW8p

What are the DoD's top four priorities in the next year?

Dr. Kelly Fletcher, Performing the Duties of the Department of Defense (DoD) Chief Information Officer, talks about the department's cybersecurity priorities in a rapidly changing technology landscape.

from Cyber Security News https://ift.tt/3oIELFN

Novel RAT attacks global aerospace and telecommunications firms

Operation GhostShell, a highly targeted cyber espionage campaign, attacks the aerospace and telecommunications industries mainly in the Middle East, with additional victims in the U.S., Russia and Europe. 

from Cyber Security News https://ift.tt/3mBLQ8H

Ransom Disclosure Act would require victims to disclose ransom payments within 48 hours

The “Ransom Disclosure Act would require ransomware victims to disclose ransom payments within 48 hours of payment — including the amount of ransom demanded and paid the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom.

from Cyber Security News https://ift.tt/3Df0oBC

80% of SMBs feel more secure, despite rise in cyberattacks

Despite the flurry of cyberattacks, an Untangle report finds that SMBs are expanding and embracing new work environments and investing in and investigating new technologies to secure their business.

from Cyber Security News https://ift.tt/3Fu7DrE

Joe Silva named CISO at JLL

In his new role as Chief Information Security Officer (CISO) at JLL, Joe Silva will oversee information security policies and threat management, among other responsibilities.

from Cyber Security News https://ift.tt/3BxO3be

The time to improve public safety cybersecurity is now

By understanding each of the bad actors, federal agencies, law enforcement and first responders — often victims of cyberhacktivism — can better prepare for, and prevent, cyberattacks from happening. Here are a few basic steps every public safety agency can take. 

from Cyber Security News https://ift.tt/3uNrJIe

Are you in the dark about dark data?

Dark data — masses of unstructured emails, social media posts, documents, photos and more — has bogged down companies for decades, yet it oftentimes remains overlooked. Extracting and eradicating non-value dark data will help make your organization less exposed to risks and liability in the event of a breach.

from Cyber Security News https://ift.tt/3uOqKYa

Why two-factor authentication messages should be branded

The debate around branding two-factor authentication (2FA) messages has heated arguments on both sides. Branding could provide both companies and end users with a more cohesive experience while using 2FA.

from Cyber Security News https://ift.tt/3lgJqg8

Twitch suffers massive data breach

Twitch has been hit by a massive leak after an anonymous hacker posted a torrent file containing a vast amount of data for the public to access.

from Cyber Security News https://ift.tt/3muEio3

CISA releases autonomous transit vehicle guidelines

The Cybersecurity and Infrastructure Security Agency (CISA) has identified several potential risks of autonomous vehicles in transit systems and supply chains. Along with these risks, CISA has introduced a set of guidelines for organizations who use autonomous vehicles in their operations.

from Cyber Security News https://ift.tt/3ldbbpY

Measuring the impact of multi-party security breaches

Cyentia Institute and RiskRecon released research that quantifies how a multi-party data breach impacts many other organizations in today’s interconnected digital world. 

from Cyber Security News https://ift.tt/3oD6Dex

Misconfigured airflows leak thousands of credentials from popular services

While researching a misconfiguration in the popular workflow platform Apache Airflow, Intezer discovered several unprotected instances. These unsecured instances expose companies’ sensitive information across various industries.

from Cyber Security News https://ift.tt/3oIGSK5

Arizona launches cybersecurity operations center

The new Cyber Command Center will facilitate information sharing and analysis between state organizations and protect Arizona residents from cyberattacks. Governor Doug Ducey opened the center alongside the Arizona Department of Homeland Security.

from Cyber Security News https://ift.tt/3lfsczG

NSA awards $500,000 cybersecurity grant to University of Missouri research

Cybersecurity researchers from the University of Missouri seek to develop a security tool that allows smart devices to learn from past cyberattacks with minimal user interaction. The cybersecurity feature would be functional across different types of smart devices and aim to prevent both small- and large-scale cyberattacks in the future.

from Cyber Security News https://ift.tt/3uL57YV

Unstructured data growth increases risk of ransomware and data breaches

The 2021 Data Governance Trends report from Egnyte ranked security leaders' concerns around unchecked data growth, citing the danger of dark data repositories like company email accounts, messaging sites and cloud-based storage.

from Cyber Security News https://ift.tt/3iEZy9s

How to convince the C-suite to buy in to active directory security

It’s difficult for security teams to get executive buy-in to address the problem because measuring and improving AD security is challenging. There are several reasons why.

from Cyber Security News https://ift.tt/3mst3fY

Flight Safety Foundation highlights need for digital health certificates

The Flight Safety Foundation recently released guidance on furthering COVID-19 protocols in the aviation industry, emphasizing risk mitigation and the need for standardized digital health certificates.

from Cyber Security News https://ift.tt/3BhHkCc

5 Steps to Building a Cyber-Aware Organization

Cyber-attacks are on the rise and organizations must be prepared to face the worst. Learn how you can build a cyber aware culture within your organization to keep your information and stakeholders protected.

from Cyber Security News https://ift.tt/3leJNbi

Europol arrests ransomware operators in Ukraine

EUROPOL announced a successful joint law enforcement operation that led to the arrest of two prolific ransomware operators.

from Cyber Security News https://ift.tt/3Bja3GU

Congress requests briefing on FBI decision to withhold Kaseya decryption key

The U.S. House Committee on Oversight and Reform has requested a briefing with the Federal Bureau of Investigation (FBI) to determine whether it was justified in withholding the Kaseya ransomware decryption key.

from Cyber Security News https://ift.tt/3BcRQL2

NCS4 announces cybersecurity webinar series

The National Center for Spectator Sports Safety and Security (NCS⁴) will host three webinars discussing cybersecurity recommendations and best practices. Register here for the first webinar in the series, "An Overview of Cybersecurity Threats and Best Practices."

from Cyber Security News https://ift.tt/3FjaYtc

Tigran Gambaryan and Matthew Price added to Binance investigations team

Tigran Gambaryan and Matthew Price, two former special agents at the Internal Revenue Service, join the audit and investigations team at the cryptocurrency firm Binance and work to ensure cybersecurity in crypto transactions.

from Cyber Security News https://ift.tt/2Ysft43

The fight against ransomware

Understanding the threats at hand and the best practices for combatting them can help organizations better navigate today’s cybersecurity landscape.   

from Cyber Security News https://ift.tt/3ozbgWV

CMMC: An ounce of prevention is worth a pound of cure

To address the threat cybercriminals and foreign adversaries pose to DOD data, the department recently introduced the Cybersecurity Maturity Model Certification (CMMC). What is the CMMC, what does it consist of, and is it worth the expense? 

from Cyber Security News https://ift.tt/3a8jJbl

91.5% of malware arrived over encrypted connections

New research also shows dramatic increases in fileless malware, malware detections per appliance, and booming network and ransomware attacks.

from Cyber Security News https://ift.tt/3BbDU46

Marc Packler named President, CISO Advisory at Silent Quadrant

In his role as President of Chief Information Security Officer (CISO) Advisory, Marc Packler will support Silent Quadrant's advising services and digital risk and resilience framework.

from Cyber Security News https://ift.tt/3BgXJak

Widespread Elastic stack API security vulnerability

Salt Labs found that nearly every organization using Elastic Stack is affected by a new vulnerability, which makes users susceptible to injection attacks. Bad actors can use injection attacks to exfiltrate data and launch denial of service (DoS) events.  

from Cyber Security News https://ift.tt/3FcIXnn

Making the case to leave on-prem for better security

On-premises infrastructure has long been considered safer and more securable than its cloud counterpart. An increase in cyberattacks on on-premises systems is challenging this surety. 

from Cyber Security News https://ift.tt/3A8vDMZ

The hidden threat of business collaboration tools

Your organization risks compliance and disaster protection shortcomings unless your data management practices catch up with the evolution of information sharing.

from Cyber Security News https://ift.tt/2ZZFcl7

Nominate the top cybersecurity leaders in the security industry

Security magazine is now accepting nominations for its 2022 Top Cybersecurity Leaders program. Learn how to submit nominations here.

from Cyber Security News https://ift.tt/3FeTqyx

Hybrid workplaces need to update emergency communications

A new report examining workplace safety found that one-third of employees were unaware or unsure of one or more company emergency response plans in 2021. The survey asked full-time employees about emergency management and communication in their in-person, remote or hybrid workplaces.

from Cyber Security News https://ift.tt/3F9r0WM

Peter Hoff named VP of Cyber Security and Risk at Wursta

Information security leader Peter Hoff joins Wursta as the Vice President of Cyber Security and Risk, developing risk assessment and cybersecurity tools for the firm.

from Cyber Security News https://ift.tt/3D4fUjP

October marks Cybersecurity Awareness Month

National Cybersecurity Awareness Month (NCSAM) is now in its 18^th year. The theme for 2021 is ‘Do Your Part. #BeCyberSmart,’ helping to empower individuals and organizations to own their role in protecting their part of cyberspace.

from Cyber Security News https://ift.tt/3D8vGdH