100 day cybersecurity resilience plan for water and wastewater sector

A new collaborative effort will focus on developing high-impact cybersecurity resilience strategies within 100 days to safeguard the water and wastewater sector.

from Cyber Security News https://ift.tt/JozOart1f

Security firm Securitas exposed airport employees in data breach

Securitas, a leading security services provider, suffered a data breach which exposed 1.5 million files.

from Cyber Security News https://ift.tt/imxKsYHLU

4 cybersecurity risks of web 3.0

Web 3.0, the anticipated next iteration of the internet, seeks to further decentralize information via artificial intelligence. This presents certain cyber risks for security professionals to watch.

from Cyber Security News https://ift.tt/jLhXPy9Kp

Security and accessibility are not mutually exclusive in the modern data stack

It’s time to re-evaluate the modern data stack to relieve friction points and ensure both accessibility and compliance. By automating security workflows and controls across data stores and integrating into self-service access, productivity and innovation will thrive. 

from Cyber Security News https://ift.tt/Kdi7On5fZ

Data Privacy Week: Raising awareness and encouraging compliance

from Cyber Security News https://ift.tt/3u2X6Ai

7 ways K-12 cybersecurity leaders can secure school data

This Data Privacy Day, Security connected with two leaders in the K-12 school cybersecurity field to uncover the challenges of data privacy in the education sector and industry strategies to maintain the security of student and staff information.

from Cyber Security News https://ift.tt/3r93lRf

A blueprint for cyber supply chain risk management

One challenge for supply chain security practitioners is choosing which of the multitude of guidance documents and best practice frameworks to use when building a cyber supply chain risk management (C-SCRM) program. Let's explore each framework. 

from Cyber Security News https://ift.tt/3G3AHVX

DHS memo warns of potential Russian cyberattack

The Department of Homeland Security sent a memo warning of a potential Russian cyberattack on U.S. entities as the situation with Ukraine escalates. Cybersecurity experts weigh in on how enterprise security leaders should prepare.

from Cyber Security News https://ift.tt/3s1W7gY

Chris Lugo joins Blue Cross Blue Shield as CISO

Chris Lugo has been named the new Chief Information Security Officer (CISO) at the Blue Cross Blue Shield Association.

from Cyber Security News https://ift.tt/3Gd5K1o

Cybersecurity considerations for electric vehicle chargers

As public officials and enterprise leaders work to build electric vehicle (EV) charging infrastructure across the United States, cybersecurity professionals in the energy and transportation sectors should consider how best to secure the technology.

from Cyber Security News https://ift.tt/3o30OG4

Peter Liebert named CISO at LifeOmic

Peter Liebert, former Chief Information Security Officer (CISO) of the State of California, has been named CISO at LifeOmic.

from Cyber Security News https://ift.tt/3KHInk2

White House instructs agencies to adopt zero trust approach to cybersecurity

The White House has instructed federal agencies to officially move towards a zero trust approach to cybersecurity to reduce the risk of cyberattacks against the government's digital infrastructure.

from Cyber Security News https://ift.tt/3H99WAL

Twitter makes key changes to security team

Twitter has announced that its head of security is no longer at the company, and its chief information security officer (CISO) will depart in the coming weeks. 

from Cyber Security News https://ift.tt/3rStbbq

Implementing strong cybersecurity hygiene standards

Implementing strong cyber hygiene will sharpen standardization throughout your organization will in turn bring about an increase in security and efficiency. 

from Cyber Security News https://ift.tt/3g1hDgn

Howard Whyte named CISO at Truist

Former Boeing Company and NASA CISO Howard Whyte has joined Truist as the new Chief Information Security Officer.

from Cyber Security News https://ift.tt/3IVVg8H

Securing business email accounts from malware threats

The Global Threat Report from Zix highlighted the significance of business email security, detailing the status of malware delivered via email in 2021.

from Cyber Security News https://ift.tt/3u3pLFu

Merck wins $1.4B lawsuit over NotPetya attack

Global biopharmaceutical company Merck has won a $1.4B legal dispute against its insurer for the NotPetya attacks. 

from Cyber Security News https://ift.tt/3G3wiCb

Security leaders must proactively remediate vulnerabilities to combat modern threats

With multi-million-dollar ransoms and threats to public safety, the stakes are high. Security leaders can no longer afford to leave vulnerabilities unaddressed for five months or five years.

from Cyber Security News https://ift.tt/3fWfjao

Canada's foreign ministry hacked

Canada’s foreign ministry has been hacked, and some services are still experiencing disruption. 

from Cyber Security News https://ift.tt/3rW2Edk

Top 3 quarterly trends in internet security

The Q3 Internet Security Report from WatchGuard Technologies found trends relating to ransomware, network attacks and zero-day malware.

from Cyber Security News https://ift.tt/3rP0snH

Elias Oxendine named CISO of Yum! Brands

Elias Oxendine has been named Chief Information Security Officer (CISO) at Yum! Brands, a fast food provider operating Pizza Hut, Taco Bell and other restaurants around the globe.

from Cyber Security News https://ift.tt/33KglE7

(ISC)² entry-level cybersecurity certification exam program now open

Registration is now open for the (ISC)² entry-level cybersecurity certification exam pilot program, which aims to help close the cyber skills gap. 

from Cyber Security News https://ift.tt/3tXo3Fq

Ransomware accounted for 27% of third-party attacks in 2021

Ransomware was the most common attack method behind third-party breaches in 2021, initiating more than one out of four incidents.

from Cyber Security News https://ift.tt/3GZM8z2

Amendments proposed to Virginia Consumer Data Protection Act

Virginia lawmakers will consider multiple amendments to the Virginia Consumer Data Protection Act in advance of its January 1, 2023 effective date.

from Cyber Security News https://ift.tt/3tY9Yru

Registration opens for FAST golf event ahead of ISC West

Raise funds for security workforce development and register for a morning of golf with other security executives in Las Vegas ahead of the ISC West conference in March.

from Cyber Security News https://ift.tt/33N6nSj

Top global security business risks in the next year

Business interruptions, cyberattacks, natural catastrophes and more will likely remain the key underlying risk themes in 2022. How can businesses prepare?

from Cyber Security News https://ift.tt/3qWYFhl

33% of third-party data breaches in 2021 targeted healthcare orgs

One-third of cyberattacks in 2021 targeted healthcare organizations, according to the Third-Party Breach Report from Black Kite.

from Cyber Security News https://ift.tt/3qWpUIJ

The new narrative: Cybersecurity in 2022

Threat actors are like the weather: regardless of your desires, they will continue, and that is completely outside of anyone’s control. In response to this, we have to be as proactive as we possibly can. Here are the cybersecurity trends we will see heading into 2022. 

from Cyber Security News https://ift.tt/3FYjQnj

Over 40 billion records were exposed in 2021

Research by Tenable reveals at least 40,417,167,937 records were exposed worldwide in 2021.

from Cyber Security News https://ift.tt/3tV75rs

Top 4 fraud predictions for 2022

As we enter the new year, and with our world only becoming more connected, we’ve gathered the top 4 emerging fraud threats that we will see companies facing in 2022 and beyond. 

from Cyber Security News https://ift.tt/3Iu5blu

Cybersecurity institute trains Texas cyber talent

The North East Independent School District in San Antonio, Texas (NEISD)'s Institute of CyberSecurity and Innovation (iCSI) has created new opportunities for students interested in entering the cyber field.

from Cyber Security News https://ift.tt/3Iov8Tj

Red Cross cyberattack compromises 515,000 people

The Red Cross was hit by a sophisticated cyberattack, which has affected the sensitive information of over 515,00 vulnerable people. 

from Cyber Security News https://ift.tt/3GRHVgX

Jon France named CISO at (ISC)²

(ISC)² appointed Jon France, CISSP, as its first chief information security officer.

from Cyber Security News https://ift.tt/3GQm9tZ

Cybersecurity memo standardizes federal incident response

National Security Agency Chief of Cybersecurity Policy and Strategy Greg Bednarski offers insight into the implications of President Biden's latest cybersecurity memorandum.

from Cyber Security News https://ift.tt/3KshaSk

Moncler confirms data breach

Moncler, an Italian luxury brand, confirmed that they suffered a data breach. 

from Cyber Security News https://ift.tt/33W7DCp

Europol takes down VPN service used by cybercriminals

Law enforcement authorities took action against the criminal misuse of VPN services as they targeted the users and infrastructure of VPNLab.net.

from Cyber Security News https://ift.tt/3KoOda5

Defense strategies for ransomware

What are some defense strategies, key considerations and best practices cybersecurity leaders should have in place in order to minimize the potential damage of ransomware attacks?

from Cyber Security News https://ift.tt/3Ajn9EA

7 trends shaping cybersecurity communications in 2022

How do you communicate with consumers, employees, shareholders and business partners during a cyberattack? 

from Cyber Security News https://ift.tt/33Sg29E

How to recover from a cyberattack

Equifax Chief Information Security Officer (CISO) Jamil Farshchi outlines his priorities for organizations recovering from a data breach.

from Cyber Security News https://ift.tt/32hq9og

South Carolina cyber center will train new security talent

The South Coast Cyber Center will open in Beaufort, South Carolina, thanks to a partnership between the city government, the University of South Carolina Beaufort and the center.

from Cyber Security News https://ift.tt/3rQgxd1

3 growing trends in cybersecurity

Ransomware, API attack vectors and social engineering are prominent cyber trends that security leaders should consider throughout 2022.

from Cyber Security News https://ift.tt/3rzpx5N

Active archiving boosts cybersecurity protection

Ransomware continues to be a major threat to organizations around the world. Cybersecurity leaders can turn to active archiving strategies to mitigate this business risk.

from Cyber Security News https://ift.tt/34VfW1D

185% increase in high-risk vulnerabilities within financial sector

Financial services companies experienced a 185% increase in high-risk critical vulnerabilities.

from Cyber Security News https://ift.tt/3qDv4Jz

Industrial security posturers are improving – but still struggle to keep up with growing threats

OT security and Industrial Control System Security (ICS), while improving, has not kept up with their evolving ecosystem, leaving systems exposed — as seen by attacks on critical infrastructure.

from Cyber Security News https://ift.tt/3rrasDw

Doug Lucktaylor named Head of Information Security at CSS Assure

Doug Lucktaylor joins CSS Assure, a cybersecurity firm, as the first Head of Information Security.

from Cyber Security News https://ift.tt/3qx1PYO

Russian government arrests REvil ransomware gang members

Russian internal intelligence agency Federal Security Service (FSB) says that it shut down the REvil ransomware group.

from Cyber Security News https://ift.tt/3254xLA

10 cognitive biases that can derail cybersecurity programs

Most security breaches aren’t a consequence of inadequate security controls but are a direct result of human failure. So why do humans make mistakes? What triggers our behavior, and why are we so susceptible to manipulation? Understanding these triggers will greatly help organizations change their approach to information security.

from Cyber Security News https://ift.tt/3KjUyDC

Even the most experienced cyber professionals agree: We can’t prevent all breaches

Instead of focusing on preventing breaches, cybersecurity professionals should focus on improving security hygiene and resilience. More important than building up walls, organizations should prioritize minimizing costs, downtime and disruption in the case of an eventual cyberattack.

from Cyber Security News https://ift.tt/3KhVhF5

Maryland Dept. of Health confirms ransomware attack

A recent ransomware attack disrupted Maryland Department of Health (MDH) operations. 

from Cyber Security News https://ift.tt/3FtAx9R

Massive cyberattack hits Ukrainian government

Ukraine has suffered a massive cyberattack that has affected Ukrainian foreign ministry, the cabinet of ministers and the security and defense council. 

from Cyber Security News https://ift.tt/3nr5dlQ

Pegasus used to target El Salvador activists, journalists

El Salvador is the latest country to register numerous victims of Pegasus spyware.

from Cyber Security News https://ift.tt/321OLBk

Lenny Maly named Granicus CISO

Lenny Maly has been tapped by Granicus to serve as Chief Information Security Officer (CISO). In this role, Maly will lead the company’s dedicated security organization, helping set new cloud-security standards that enable accelerated government digital transformation.

from Cyber Security News https://ift.tt/3tlwWIF

Hackers buying space from major cloud providers to distribute malware

Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting users’ information. 

from Cyber Security News https://ift.tt/3rg6QnJ

Neda Pitt appointed CISO of Globality

Cybersecurity executive Neda Pitt has been appointed the new Chief Information Security Officer (CISO) at Globality, a vendor sourcing platform for enterprise organizations.

from Cyber Security News https://ift.tt/3zTxQ0a

Cyberattack forces Albuquerque schools to close

The Albuquerque Public Schools student information system has been compromised in a cyberattack, prompting the closure of schools serving over 85,000 students in New Mexico.

from Cyber Security News https://ift.tt/3zXxg1G

Iran-linked APT35 group exploits Log4Shell flaw

APT35 (aka Charming Kitten, TA453, or Phosphorus) started widespread scanning and attempted to leverage Log4j flaw in publicly facing systems only four days after the vulnerability was disclosed, according to new Check Point research. 

from Cyber Security News https://ift.tt/3qmOmma

Mitigating Russian state-sponsored cyber threats to US critical infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) are asking critical infrastructure network defenders to adopt a heightened state of awareness to mitigate attacks from Russian-state sponsored threat actors.

from Cyber Security News https://ift.tt/3nGM2F9

10 tips for small businesses to prevent cyberattacks

From multi-factor authentication to annual penetration testing, there are always more methods to implement in order to better secure small businesses from cyberattacks.

from Cyber Security News https://ift.tt/3FfFNhm

Attackers accessed Panasonic's job candidates PII

In a recent update, Panasonic has verified that hackers accessed personal information belonging to job candidates and interns during a November cyberattack. 

from Cyber Security News https://ift.tt/33rYYr9

Security shortfalls ranked top roadblock to IT modernization

The 2022 Insight Intelligent Technology Report found that security is a top priority for IT leaders in multiple facets of their work, including taking on new responsibilities and integrating cloud technology.

from Cyber Security News https://ift.tt/3r5Tf2o

City of Grass Valley, California, suffers data breach

Grass Valley, California has suffered a data breach.

from Cyber Security News https://ift.tt/3K3jXkT

Researchers find critical RCE security vulnerability in H2 database console

The JFrog security research team has disclosed an issue in the H2 database console, which was issued a critical CVE — CVE-2021-42392. This issue has the same root cause as the Log4Shell vulnerability in Apache Log4j.

from Cyber Security News https://ift.tt/3FiXvjQ

John Mbuthia named CISO of Gore Mutual

John Mbuthia, cybersecurity and technology exec, has been named the first Chief Information Officer at Gore Mutual Insurance Company.

from Cyber Security News https://ift.tt/3zIuvkm

Attackers exploit Google Docs with malware, phishing

Attackers are exploiting Google Docs to conduct phishing and inject malware.

from Cyber Security News https://ift.tt/3HONGvQ

Security attack hits Illinois fertility centers

The Fertility Centers of Illinois (FCI) has notified nearly 80,000 current and former patients that their information may have been compromised. 

from Cyber Security News https://ift.tt/3F6RjeZ

New York OAG notifies 17 companies of security breaches

The New York Office of the Attorney General (OAG) notified 17 well-known online retailers, restaurant chains and food delivery services that have been the victims of credential stuffing attacks.

from Cyber Security News https://ift.tt/3qRwXBc

Albuquerque impacted by ransomware attack

A ransomware attack has impacted the Albuquerque Bernalillo County government offices. 

from Cyber Security News https://ift.tt/3G5Bk27

Skimmer supply chain attack targets 100 Sotheby’s real estate sites

A new web skimmer campaign has targeted real estate websites by attacking the cloud video distribution supply chain, according to Unit 42 research.

from Cyber Security News https://ift.tt/3F4dToq

Former Gartner analyst David Mahdi joins Sectigo as Chief Strategy Officer and CISO Advisor

David Mahdi, former VP analyst at Gartner, has been appointed the executive role of Chief Strategy Officer and CISO Advisor at Sectigo. 

from Cyber Security News https://ift.tt/3n7qfGh

5 minutes with James Turgal: Risk management, business continuity and succession plans

Security chats with James Turgal, Optiv VP of Cyber Risk, Strategy and Transformation, about risk management, business continuity and the importance of succession planning in 2022.

from Cyber Security News https://ift.tt/3eWACZ5

FTC to issue major fines to companies that fail to patch Log4j

The Federal Trade Commission (FTC) has issued a warning that it will pursue any company that fails to protect its customers’ data against ongoing Log4j attacks. 

from Cyber Security News https://ift.tt/3t1i55Q

Microsoft warns of continued Log4j attacks

Microsoft warns the security community that the Log4j vulnerabilities still represent a complex and high risk for companies across the globe, as this open-source component is widely used across many suppliers' software and services. 

from Cyber Security News https://ift.tt/3FXtqHQ

Simon Scully named VP, CISO at Venerable

Cybersecurity leader Simon Scully brings his security monitoring and vulnerability management experience to his Vice President and Chief Information Security Officer roles at Venerable.

from Cyber Security News https://ift.tt/3JMIuuf

SEGA Europe S3 bucket left unprotected

SEGA Europe allegedly left users' personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. 

from Cyber Security News https://ift.tt/3q2eS40

Paul Calatayud named CISO at Aqua Security

Paul Calatayud has been named the Chief Information Security Officer (CISO) at Aqua Security. Most recently, Calatayud served as Chief Security Officer at Palo Alto Networks and prior to that, he held various security, privacy and risk roles.

from Cyber Security News https://ift.tt/32Q5c40

Broward Health data breach affected 1.3m patients, staff

Broward Health, a healthcare system in South Florida, suffered a data breach in October 2021 that impacted patient and employee personal information.  

from Cyber Security News https://ift.tt/34cNM1J

Google acquires cybersecurity firm Siemplify

Google Cloud has acquired cybersecurity firm Siemplify in an effort to bolster threat detection and response offerings for users.

from Cyber Security News https://ift.tt/3t32aUV

How security leaders manage account fraud

Preventing account takeovers and mitigating phishing risks are top issues facing tech security leaders, according to a new report from Q5id. Here's how they are preventing online identity fraud.

from Cyber Security News https://ift.tt/34jDe0X

4 cybersecurity threats that organizations should prepare for in 2022

Cybersecurity leaders need to prepare for the top cyber threats of the future, with major world events and high-profile targets drawing cyberattacks in 2022.

from Cyber Security News https://ift.tt/3eLEAU5

LA County Metropolitan Transportation Authority launches mobile security app

The Los Angeles County Metropolitan Transportation Authority has teamed up with the city of Los Angeles to launch a free mobile security app to protect people in L.A. County from cybersecurity threats on public Wi-Fi systems.

from Cyber Security News https://ift.tt/32OSHFI