Top 15 exploited security vulnerabilities in 2021

Cybersecurity agencies detail the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021.

from Cyber Security News https://ift.tt/qoswSVt

The 20 most common passwords leaked on the dark web

Learn about the top 20 most common leaked passwords on the dark web, according to Lookout. 

from Cyber Security News https://ift.tt/KA1Nshx

Log4Shell a huge wake-up call for 95% of security leaders

Security leaders are still dealing with the impact of Log4Shell. New Valtix research found cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell. 

from Cyber Security News https://ift.tt/wZ8y1oq

Citing cyberthreats: Why we should be worried

In the wake of global conflicts, only a comprehensive security strategy will boost cybersecurity readiness and mitigate corporate espionage, ransomware & supply chain and data breaches. 

from Cyber Security News https://ift.tt/akLB5ZM

6 ways to improve access and authentication protocols

Enterprise cybersecurity leaders can follow these six network security tips to improve access and authentication protocols at their organizations.

from Cyber Security News https://ift.tt/9cEafhX

Insider risk: Are you monitoring employees working outside your network?

With updated communication, management, and security technology in place, companies can stop insider risk and embrace the positives of remote work. 

from Cyber Security News https://ift.tt/aJl81KA

Bob Lord named Senior Technical Advisor at CISA

Bob Lord, former Chief Security Officer of the Democratic National Committee (DNC), has been named as the new Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency (CISA).

from Cyber Security News https://ift.tt/aXsTdb6

Penetration testing: A needed defense against cyber threats

For organizations looking to use pen testing as part of cybersecurity defense tactics to improve security, consider the practice in three steps. 

from Cyber Security News https://ift.tt/A3vgW7K

Musk’s Twitter takeover and its security implications

Much of the focus around Elon Musks’ Twitter takeover has centered around how he will treat free speech on the platform. But, two of his promises may have bigger implications for cybersecurity.

from Cyber Security News https://ift.tt/MU8lEx0

Microsoft discovers Nimbuspwn security vulnerability in Lunix service

Microsoft has discovered Nimbuspwn — several security vulnerabilities that could allow an attacker to elevate privileges, deploy malware, or carry out other malicious activities.

from Cyber Security News https://ift.tt/u6EOp4g

How to protect physical security systems from cyber risk

Physical security systems can protect organizations from security threats, but they also open up cyberattack vectors. These four security tips can help leaders harden their security technology.

from Cyber Security News https://ift.tt/NuCrlZ5

Proactive threat hunting is vital to zero-day vulnerability management

A proactive approach to zero-day vulnerabilities is conducting threat hunting based on the assumption that the organization has been breached using one or more security vulnerabilities. 

from Cyber Security News https://ift.tt/0PabzHc

74% of companies experienced a security incident in the past year

Vectra’s Security Leaders Research Report reveals that 74% of organizations experienced a significant security event that required incident response. 

from Cyber Security News https://ift.tt/gYax6CJ

Tom Patterson joins Board of Directors at Secured Communications

Tom Patterson, cybersecurity expert and author, has joined the Board of Directors at Secured Communications.

from Cyber Security News https://ift.tt/D2o7Qlq

4 phishing trends observed in Q1 2022

From IRS impersonations to cryptocurrency scams taking advantage of the Russian invasion of Ukraine, phishing has evolved since the start of 2022.

from Cyber Security News https://ift.tt/s3I5K7U

Nominate the Most Influential People in Security

Nominate a security leader to be named one of Security magazine's 2022 Most Influential People in Security! Find out who would make a good nominee.

from Cyber Security News https://ift.tt/BTQvCo0

Implement NIST IoT cybersecurity guidelines early

The National Institute of Standards and Technology (NIST) created guidelines for labeling Internet of Things (IoT) devices to ensure cybersecurity across the supply chain.

from Cyber Security News https://ift.tt/eUO8rWo

T-Mobile is latest Lapsus$ breach victim

T-Mobile has confirmed that it is the latest victim of the Lapsus$ ransomware group.

from Cyber Security News https://ift.tt/s2ZLjho

Cybersecurity scholarships help veterans' career development

A cybersecurity education partnership between Infosec Institute and charity organization VetJobs can help military veterans and spouses build their security and information technology (IT) careers.

from Cyber Security News https://ift.tt/P1yadjt

BlackCat/ALPHV ransomware breaches 60+ organizations

BlackCat/ALPHV ransomware as a service (RaaS) has compromised at least 60 entities worldwide, according to a new report.

from Cyber Security News https://ift.tt/21J3k4W

Balancing privacy, compliance, security and systems

How can organizations best leverage a data-centric approach to ensure data privacy and compliance? John Wilson, Chief Information Security Officer (CISO) at HaystackID, offers some tips.

from Cyber Security News https://ift.tt/Lzb9cZt

Threat actors exploited more zero-day vulnerabilities in 2021

Mandiant and Google identified a significant jump in 2021 in security vulnerabilities that threat actors exploited before a patch became available.

from Cyber Security News https://ift.tt/QuUlIq4

Retail sector named top target of phishing attacks

Retail organizations saw a 400% increase in phishing attacks, according to the 2022 ThreatLabz Phishing Report from Zscaler.

from Cyber Security News https://ift.tt/N2Eey71

Third-party identity risk increases vulnerability to cyberattacks

Organizations are not taking the necessary steps to manage lifecycle of their third-party identities, making them more vulnerable to cyber incidents, a SecZetta survey found. 

from Cyber Security News https://ift.tt/TrqwVQ9

Russian state-sponsored groups threaten cybersecurity

Organizations should invest in a cybersecurity incident response plan and test security resilience to prepare for Russian state-sponsored threat groups, according to a new cyber advisory. 

from Cyber Security News https://ift.tt/ONcQfiT

David Cass named President of CISOs Connect

GSR Chief Information Security Officer David Cass has been appointed President of CISOs Connect, an exclusive community of cybersecurity leaders. 

from Cyber Security News https://ift.tt/g2cIzGS

Cybersecurity threats facing enterprise email accounts

An email security report from Cyren found common threats facing business email accounts at U.S. and U.K. organizations.

from Cyber Security News https://ift.tt/ks406Or

Charles Miller named CISO at Blackbaud

Charles "Chuck" Miller, former SVP of Cybersecurity at Truist and SunTrust, has been named the new Chief Information Security Officer (CISO) at Blackbaud, a cloud software company.

from Cyber Security News https://ift.tt/9x8LbaK

Cybersecurity, physical security checklist for employee offboarding

Overtaxed security teams can keep up with offboarding employees securely by developing a combination of cybersecurity & physical security best practices. 




from Cyber Security News https://ift.tt/omjniI9

Data security across multi-clouds requires unified identity orchestration

As organizations move to the cloud, they must ensure their IT infrastructure and data are covered by robust security and privacy solutions.

from Cyber Security News https://ift.tt/SqVF6oc

Social networks most likely to be imitated by criminal groups

Social media networks have now overtaken shipping, retail and technology as the category most likely to be targeted by criminal groups, according to Check Point.

from Cyber Security News https://ift.tt/ATjPa2F

CISA's Joint Cyber Defense Collaborative to include industrial control systems leaders

Several Industrial Control Systems (ICS) leaders will now be part of CISA's Joint Cyber Defense Collaborative to help increase cybersecurity and resilience of industrial control systems and operational technology (ICS/OT). 

from Cyber Security News https://ift.tt/mFRlBPO

How companies face risk to security operations derived from the Ukrainian crisis

As the world watches the Russia-Ukraine crisis, corporate security needs to activate security operations, resilience, and business continuity plans to mitigate risks.

from Cyber Security News https://ift.tt/tUk68Dy

The ins and outs of cyber insurance

From reducing the risk of ransomware to defining what security incidents are and aren’t covered, Rich Gatz explores the ins and outs of cyber insurance.

from Cyber Security News https://ift.tt/40bA6mS

Texas launches regional SOC for local cybersecurity support

The Regional Security Operations Center (RSOC), launched via a partnership between Angelo State University (ASU) and the Texas Department of Information Resources (DBIR), aims to serve local governments in need of cybersecurity assistance.

from Cyber Security News https://ift.tt/beRownk

Electric vehicles are taking over. Hackers are waiting

Without a heavy emphasis on cybersecurity, electric vehicle charging stations could become a hacker superhighway. How can electric vehicle charging infrastructure be protected from cyberattacks?

from Cyber Security News https://ift.tt/ZCHJsoB

Cybersecurity advisory: Nation-state hackers target crypto

The Cybersecurity and Infrastructure Security Agency (CISA), the The Federal Bureau of Investigation (FBI) and the U.S. Treasury Department have released a joint cybersecurity advisory on an advanced persistent threat (APT) group sponsored by the North Korean state.

from Cyber Security News https://ift.tt/yIPDpfz

Stan Black named Chief Information Security Officer at Delinea

Seasoned industry leader Stan Black has joined Delinea as Chief Information Security Officer (CISO).

from Cyber Security News https://ift.tt/o3BMd9c

7 universities win FAA drone security research grants

The FAA has awarded seven U.S. universities with grants to pursue drone and drone security research, covering drone cybersecurity, risk management and detection.

from Cyber Security News https://ift.tt/xOBXabQ

41% of organizations suffered API security incidents in the past year

Forty-one percent (41%) of organizations had an API security incident in the last 12 months; 63% of those incidents involved a data breach or data loss, according to new Noname Security research.

from Cyber Security News https://ift.tt/FdbWTzi

Best practices for securing voice networks

Security teams can build in necessary security protections and hold training to promote greater awareness about the threats to voice networks.

from Cyber Security News https://ift.tt/nucDEwG

Stanley Lowe named CISO at Synchronoss Technologies

Stanley Lowe, a cybersecurity and enterprise security leader, has been named Chief Information Security Officer (CISO) at Synchronoss.

from Cyber Security News https://ift.tt/BVIShU9

8 best practices to harden identity and access management permissions

Organizations can follow eight best practices to harden identity and access management (IAM) permissions.

from Cyber Security News https://ift.tt/7h0NopU

Marcia Calleja-Matsko named CIO at OneDigital

As Chief Information Officer at OneDigital, Marcia Calleja-Matsko will ensure the internal IT organization is a strategic influencer within the business. 

from Cyber Security News https://ift.tt/LpnCZcK

83% of cybersecurity teams affected by talent shortages

Talent shortages have negative effects on cybersecurity, according to the State of Pentesting 2022 report from Cobalt. To avoid talent gaps, employers can focus on proactive retention.

from Cyber Security News https://ift.tt/IEiSgJB

Can AI help cyber-proof public safety systems?

Government agencies now have advancements in artificial intelligence to strengthen the security posture of public safety systems used by first responders 

from Cyber Security News https://ift.tt/fNcYaEp

Eliminate threat intelligence false positives with SASE

Threat intelligence feeds are a staple for today’s enterprise security solutions. How can organizations mitigate false positives with secure access service edge? 

from Cyber Security News https://ift.tt/ZdV2IPm

Inside Security's April 2022 issue: Preparing global security operations centers for remote connectivity

Get ready: Security magazine's April 2022 issue is here! This month, Security explores how to bring a virtual global security operations center (GSOC) to life. In addition, security leaders discuss de-escalation strategies, loss prevention, access control and more!

from Cyber Security News https://ift.tt/XFUHsPg

Digital transformation introduces security tradeoffs

The 2022 State of Application Strategy Report from F5 explores the effects of digital transformation on business operations and cybersecurity.

from Cyber Security News https://ift.tt/hlzCmgO

Hardening physical security solutions to protect against cyberattacks

Security leaders can take seven steps to develop a coordinated strategy to harden physical security systems that are at risk of cyberattacks. 

from Cyber Security News https://ift.tt/jsrA356

Industrial control systems virtual meeting to take place April 26-27

The Industrial Control Systems Joint Working Group will hold its Spring 2022 Virtual Meeting on April 26–27 to exchange ideas regarding critical issues affecting ICS cybersecurity. 

from Cyber Security News https://ift.tt/BWCk7nj

Cyber warfare: How to empower your defense strategy with threat intelligence

An effective cybersecurity defense strategy requires a multi-layered approach that considers threat intelligence, security solutions, and a security-first culture.

from Cyber Security News https://ift.tt/265g9ac

92% of data breaches in Q1 2022 due to cyberattacks

Year-over-year results indicate a fast start to data breaches in 2022 after a record-setting 2021, as more than 90% of data breaches are cyberattack-related, the Identity Theft Resource Center found.

from Cyber Security News https://ift.tt/0Mg8k9F

Russia, US among most-breached countries in Q1 2022

Russian identities were breached to the highest level in Q1 2022, followed by the United States and Poland. A study from Surfshark examines data breach statistics in early 2022.

from Cyber Security News https://ift.tt/xGjp54X

Robin Bell named Egress Chief Information Security Officer

Robin Bell is the new Chief Information Security Officer (CISO) at Egress to focus on expanding security operations and promoting information security across the organization.

from Cyber Security News https://ift.tt/SExlYf2

What makes an identity?

By keeping the power of biometric enrollment, companies can stop data breaches or leaks, improve identity and access management, and trust the identity of users.

from Cyber Security News https://ift.tt/aQj0MWr

Oki Mek named CISO at Equideum Health

Military veteran and former federal cybersecurity official, Oki Mek has been named Chief Information Security Officer (CISO) at Equideum Health.

from Cyber Security News https://ift.tt/JGlNxOY

Overcoming 4 enterprise cloud security challenges

Identity management is a challenge for cybersecurity leaders, especially in terms of cloud security. Learn from these security challenges and find solutions to the complexities of the cloud.

from Cyber Security News https://ift.tt/12sFzDp

Why did ransomware claims drop 30% in Q1 2022?

According to the Q1 2022 Corvus Risk Insights Index, ransomware claims made to cyber insurance providers have dropped by 30%, compared to Q4 2021. This could be connected to the Russian invasion of Ukraine, according to the report.

from Cyber Security News https://ift.tt/qDhXYzj

Chris Inglis, John Sherman, William Burns, Gen. James Dickinson to headline Billington CyberSecurity Summit

The Billington Summit will convene leading senior cybersecurity government decision-makers to examine key security trends and topics while fostering deeper dialogue between government leaders and private industry. 

from Cyber Security News https://ift.tt/tn3JiEq

Russia and Ukraine are weaponizing cloud technology amid conflict

Cloud technology has been used as a dangerous weapon in the Russian invasion of Ukraine. How can organizations and their security leaders protect the cloud?

from Cyber Security News https://ift.tt/3PWy2nL

RSA Conference 2022 product preview

From security policy building to automated cybersecurity defense, Security magazine spotlights solutions from the 2022 RSA Conference.

from Cyber Security News https://ift.tt/zgVdUmy

Developing an effective cybersecurity workforce

Security magazine highlights the latest evolutions in enterprise cybersecurity, from cyber workforce development to best practices for implementing zero trust initiatives.

from Cyber Security News https://ift.tt/BYbGmZK

4 must-have SaaS security posture management capabilities

Software as a Service (SaaS) has become a critical business tool. With hundreds of SaaS applications, large enterprise organizations need to protect themselves from cyberattacks.

from Cyber Security News https://ift.tt/yOMUd1R

Panasonic Canadian operations suffer data breach

Panasonic confirmed its Canadian operations were hit by a cyberattack that impacted internal systems, processes and networks.

from Cyber Security News https://ift.tt/hXeczEQ

Data privacy, security top challenges for cloud implementation

Security leaders are running into challenges such as controlling cloud costs, data privacy and security challenges, and lack of cloud security skills/expertise, according to Foundry research.

from Cyber Security News https://ift.tt/zFvtxXK

4 ways to innovate enterprise cybersecurity

The "Security Innovation: Secure Systems Start with Foundational Hardware" report from Intel and the Ponemon Institute explores how and why cybersecurity leaders drive security innovation.

from Cyber Security News https://ift.tt/nbl9kuq

Storage: An essential part of a corporate cybersecurity strategy

Chief information security officers (CISOs) will need to take an end-to-end approach to stay ahead of cybersecurity threats this year and beyond. This entails evaluating the relationship between cybersecurity, storage, and cyber resilience.

from Cyber Security News https://ift.tt/vg8buA7

How to recruit the right cybersecurity talent

From youth outreach to recruitment efforts in high schools, community colleges and universities, cybersecurity leaders can develop the cyber workforce and find talented candidates.

from Cyber Security News https://ift.tt/ezfKkjq

Protecting healthcare data during the COVID-19 pandemic

With an increase in healthcare-related data due to the COVID-19 pandemic, cybersecurity professionals can employ encryption, data anonymization and other techniques to ensure healthcare data security.

from Cyber Security News https://ift.tt/6EOj4wa

SuperCare Health discloses data breach affecting 300k individuals

California-based respiratory care provider SuperCare Health disclosed a data breach affecting more than 300,000 individuals.

from Cyber Security News https://ift.tt/a9LwmJC

Joyce Hunter appointed Advisory Board Chair at CyberArg

Security expert Joyce Hunter has been appointed as Chair of CyberAg’s newly established advisory board. 

from Cyber Security News https://ift.tt/4CHmbTt

API security vulnerability in FinTech platform could have enabled account takeover

An API security vulnerability discovered in a FinTech platform could have allowed administrative account takeover (ATO), according to Salt Security. 

from Cyber Security News https://ift.tt/AbGagXn

Alert fatigue crippling security operation centers

As the cybersecurity industry grapples with the ongoing talent shortage, security operations centers (SOCs) are already overwhelmed, and a constant stream of alerts doesn’t necessarily make their jobs any easier. 

from Cyber Security News https://ift.tt/syrQbCx

Ashley Devoto named CISO at Cerberus Sentinel

Ashley Devoto has been named Chief Information Security Officer (CISO) at Cerberus Cyber Sentinel Corporation, where she will guide the firm's global cybersecurity strategy.

from Cyber Security News https://ift.tt/75qg6YW

Who is responsible for supply chain security?

Managing third-party risk is integral to maintaining enterprise cybersecurity and supply chain security. Determining who in the enterprise is responsible for third-party vendor security can help reduce risk, according to NCC Group research.

from Cyber Security News https://ift.tt/lonC39S

67% of app developers have shipped code with known vulnerabilities

Securing the software supply chain is a monumental task for cybersecurity leaders. A survey from Secure Code Warrior investigated how application developers view security in their work.

from Cyber Security News https://ift.tt/Glh4bc1

Block confirms Cash app breach affecting 8m users

Block confirmed the data breach that affected 8.2 million users was the result of data theft by a former employee. 

from Cyber Security News https://ift.tt/iU9qJB0

Lucas Moody named SVP and CISO at Alteryx

Former Twitter security leader Lucas Moody has been named Chief Information Security Officer (CISO) and Senior Vice President at Alteryx.

from Cyber Security News https://ift.tt/yc9jHF8

Robin Andruss named Chief Privacy Officer at Skyflow

Robin Andruss has joined Skyflow as Chief Privacy Officer to oversee data privacy and data protection commitments for enterprise, fintech, and healthcare organizations.

from Cyber Security News https://ift.tt/3zDLXxJ

5 steps to strengthen cybersecurity defenses in wake of Ukraine-Russia crisis

Five practical steps to increase an organization's security posture and resilience to protect against potential attacks related to the Ukraine-Russia crisis.

from Cyber Security News https://ift.tt/O7KiLNu

It’s time for SMBs to protect against ransomware

Small and medium-sized business (SMB) security leaders must focus on tactics like encryption, cybersecurity awareness training and more to protect their enterprise data from cyberattacks. Learn the five common cyber mistakes made by SMBs and how to mitigate their effects.

from Cyber Security News https://ift.tt/6BeciNF

Martin Nystrom named VP, Security Development at Lumen Technologies

As Vice President of Security Development at Lumen, Martin Nystrom will oversee threat intelligence and product development. 

from Cyber Security News https://ift.tt/DGyob0n

Greg Notch named CISO at Expel

Former NHL Chief Information Security Officer Greg Notch has been named CISO at security firm Expel.

from Cyber Security News https://ift.tt/PoXG9vS

Inside Conti ransomware group’s leaked chat logs

New Digital Shadows cybersecurity research reveals a great deal about how the Conti ransomware group operates, including schedules, activity timelines, message content and volume, and even leaders.

from Cyber Security News https://ift.tt/CLiuko1

Motion Picture Association fights piracy with cloud security

New initiatives from the Motion Picture Association's Trusted Partner Network (TPN) aim to use cloud security to prevent video content piracy, securing streaming services from cyber threats.

from Cyber Security News https://ift.tt/kErd48w

Hydra Darknet Market shut down by law enforcement

Germany’s Federal Criminal Police Office (BKA) announced that the world’s largest illegal dark web marketplace, Hydra Darknet Market, has been taken down. The BKA confiscated 543 bitcoins with a total value of around 23 million euros.

from Cyber Security News https://ift.tt/3uGg2YM

3 steps for CISOs to ensure third-party vendor security

Cybersecurity leaders Karen Habercoss, Chief Privacy Officer at the University of Chicago Medicine; Ashley Huntington, Compliance Officer and Interim Privacy Officer at Cook County Health; and Shefali Mookencherry, Chief Information Security Officer (CISO) and System Director of Information Security at Edward-Elmhurst Health discuss the importance of third-party vendor risk management.

from Cyber Security News https://ift.tt/DOTy02x

Dustin Webber named Chief Security Officer at NetAbstraction

Cloud security innovator and information security expert Dustin Webber has been appointed Chief Security Officer at NetAbstraction. 

from Cyber Security News https://ift.tt/5x8Bhdj

Not just another threat report!

Take a look at the BlackBerry 2022 Threat Report, which aims to allow security leaders to perform a thoughtful analysis shaping their security environment.

from Cyber Security News https://ift.tt/9UNoO7E

Securing information and communications technology supply chain

During National Supply Chain Integrity Month, how can organizations strengthen the security and resilience of their information and communications technology (ICT) supply chain?

from Cyber Security News https://ift.tt/bURT21o

Sustainable cybersecurity starts with protecting both sides of the entry point

Organizations can bolster their cybersecurity resilience and prepare for cyberattacks by shoring up both sides of endpoint security.

from Cyber Security News https://ift.tt/agsdoqO

How to develop an engaging cybersecurity awareness program

Cybersecurity awareness training is paramount to mitigating employee cyber risk. Incorporating strategies like incentives and ongoing training programs can help increase security awareness.

from Cyber Security News https://ift.tt/8U5go1D

Delivery app breach exposes Russian military data

Russian food delivery app Yandex Food has reported a data breach found to contain location and contact data for Russian military and security agencies.

from Cyber Security News https://ift.tt/4a1Qq6c

FBI disrupts $51 million business email compromise schemes

Operation Eagle Sweep, conducted by the FBI, targeted business email compromise (BEC) scammers believed responsible for targeting over 500 U.S. victims and causing losses exceeding $51 million

from Cyber Security News https://ift.tt/S6qTDgr

81% of esports firms see an increased need for security

Esports are a growing industry, with online video game competitions presenting new attack vectors for cybercrime and fraud. A report from Verimatrix and Omdia outlines the top esports security challenges.

from Cyber Security News https://ift.tt/B0vem6Y

Top reasons why cybersecurity professionals leave their jobs

New ISACA cybersecurity research shows highest retention difficulties in years. What are the top reasons that cybersecurity professionals are leaving their jobs?

from Cyber Security News https://ift.tt/ITDxjgf