Women in Security 2022: Diana Pan, The Museum of Modern Art (MoMA)

Diana Pan, Chief Technology Officer at The Museum of Modern Art (MoMA), develops and oversees cybersecurity solutions to protect MoMA’s assets from threats.

from Cyber Security News https://ift.tt/N0kKPSW

Auston Davis named CISO at Versant Health

Auston Davis has been named the new Chief Information Security Officer (CISO) at Versant Health.

from Cyber Security News https://ift.tt/XVjRcKi

Lessons learned from slew of recent data breaches

Privileged access management (PAM) is vital for enterprise security. With proper PAM tools, procedures and processes in place, organizations can lessen the risk of being the next data breach victim.

from Cyber Security News https://ift.tt/9uNIEnx

Cybersecurity from the inside out — Guarding against insider threats

As new members join, security management teams must get ahead of the insider threat. What steps can be taken to protect the organization's crown jewels, or known and unknown assets?

from Cyber Security News https://ift.tt/6IedZAy

We need the Foreign Intelligence Surveillance Act more than ever

Lone offenders, the internet and social media are the biggest correlations between domestic and international terrorism. So why have Foreign Intelligence Surveillance Act (FISA) orders dropped by more than half in the last two years? 

from Cyber Security News https://ift.tt/i25tvQ3

IC3 issues warning on deepfake use in remote work applications

The FBI's Internet Crime Complaint Center (IC3) has warned about fraudulent job applications using deepfakes and stolen PII to attempt to earn IT and software development roles.

from Cyber Security News https://ift.tt/Y01d6FA

Kurt John named Chief Security Officer at Expedia

Kurt John, former Siemens cybersecurity executive, has been named Chief Security Officer at Expedia.

from Cyber Security News https://ift.tt/emagWvO

Why insider threats pose unique risks to national security

Insider threats can cause extensive damage to national security. To combat this threat, the U.S. must update and adapt current security practices, including the background check process.

from Cyber Security News https://ift.tt/suFN6YH

Does AI materially impact cybersecurity strategies?

Despite the appeal of stories that pitch artificial intelligence (AI) cyberattacks versus AI cyber defense, the reality is that humans are still at the heart of any complicated cyberattack and cybersecurity efforts.

from Cyber Security News https://ift.tt/rdyjS3N

Ransomware in Q1 2022 doubled total 2021 volume

The WatchGuard Technologies Threat Lab Q1 2022 Internet Security Report detected more than double the volume of ransomware in the first quarter of 2022 compared to full year 2021.

from Cyber Security News https://ift.tt/MlgDBEj

Lithuania hit by DDoS cyberattack

Russian hacker group Killnet has claimed responsibility for a distributed denial of service (DDoS) cyberattack on Lithuania.

from Cyber Security News https://ift.tt/xGaktVD

Hybrid work transition reveals low enterprise cybersecurity confidence

The shift to hybrid and remote work rapidly increased enterprise attack surfaces. According to a survey from Oomnitza, 60% of cybersecurity leaders have low levels of confidence in their attack surface risk management.

from Cyber Security News https://ift.tt/YrJca6H

2 out of 3 European citizens welcome digital ID wallet

Despite widespread support for the EU-backed Digital ID Wallet, security and data privacy concerns will need to be addressed, according to a new Thales survey.

from Cyber Security News https://ift.tt/IGlnx9O

CISA releases cloud security reference

CISA published the second version of Cloud Security Technical Reference Architecture (TRA), which seeks to guide agencies’ secure migration to the cloud by defining and clarifying considerations for shared services, cloud migration and cloud security posture management. 

from Cyber Security News https://ift.tt/l9MhjA2

Colin Ahern named New York's Chief Cyber Officer

A leading expert in cybersecurity, cyber resilience and intelligence, Ahern will lead cross-agency efforts to protect New York State from cyber threats. 

from Cyber Security News https://ift.tt/q8PQSJg

87% of executives have no cybersecurity tools on personal devices

Business executives are targets of cyberattacks, and their personal devices represent possible attack vectors for cybercriminals. A report from BlackCloak discusses the state of C-suite device cybersecurity.

from Cyber Security News https://ift.tt/hC0PoxJ

Contractors don’t have to increase your risk profile

Chief information security officers (CISOs) can safely embrace a modern security strategy to govern contractor access.

from Cyber Security News https://ift.tt/pIm9kwS

Pharmaceutical company secures network with AppSec compliance tools

Sanofi, a global biopharmaceutical company based in France, protects its network security with the Security Platform & Compliance Monitor from SecurityBridge. Learn more in this case study.

from Cyber Security News https://ift.tt/Wv2jUhe

How secure is your digital supply chain?

Here are five ways cybersecurity leaders can secure the digital supply chains in which they operate.

from Cyber Security News https://ift.tt/pDahEJb

Lockbit 2.0 accounts for 40% of May ransomware attacks

The number of ransomware attack victims decreased in May, according to NCC Group.

from Cyber Security News https://ift.tt/9206RV7

Technical teams are struggling with access issues that impact productivity and security

For organizations looking to streamline access without compromising security, a people first approach may be the answer, a strongDM survey reveals.

from Cyber Security News https://ift.tt/WF1qpVC

US passes bills to foreground national cybersecurity

The Federal Rotational Cyber Workforce Program Act of 2021 and the State and Local Government Cybersecurity Act of 2021 will promote cybersecurity on the national, state and local levels.

from Cyber Security News https://ift.tt/H5AcyXi

Are organizations prepared for the shifting data privacy landscape?

Five U.S. states will enact data privacy laws in 2023 — are organizations prepared to maintain compliance in the new year? The Womble Bond Dickinson 2022 State of U.S. Data Privacy Law Compliance Survey Report explores data privacy readiness across U.S. organizations.

from Cyber Security News https://ift.tt/w1ecqL8

Cyber insurers are starting to require lateral movement defense. Here’s why

Cyber insurance providers are raising premiums and starting to require users to defend against lateral movement with tools like multi-factor authentication and endpoint detection and response.  

from Cyber Security News https://ift.tt/dThE6JD

Maintaining cybersecurity as digital identities expand

A report from the Identity Defined Security Alliance (IDSA) found that 84% of organizations have experienced an identity-related breach within the last year.

from Cyber Security News https://ift.tt/GzPjrfn

API insecurity costing the US billions annually

An analysis of nearly 117,000 unique cybersecurity incidents estimates that API insecurity results in $41-75 billion of losses annually, according to Imperva.

from Cyber Security News https://ift.tt/vklud0K

Before, during and after a cyberattack

What steps, processes and procedures should security leaders take before, during and after a cyberattack? 

from Cyber Security News https://ift.tt/7Ia5tl1

Jean-Paul Calabio named Vice President, Chief Information Security Officer at SpartanNash

As Vice President and CISO, JP Calabio will lead information security strategies, ensuring compliance with regulatory requirements and enhancing security posture.

from Cyber Security News https://ift.tt/Bcy3PQK

Overconfidence in API security posture leaves enterprises at high risk

Security leaders across North America, EMEA and APAC may have a false sense of security when it comes to API protection, a new Radware survey shows.

from Cyber Security News https://ift.tt/ojPC5Bi

6 steps to improve healthcare cybersecurity

Healthcare cybersecurity leaders should follow these six steps from the U.S. Department of Health and Human Services to improve IT security.

from Cyber Security News https://ift.tt/gmStO16

Lowering cybersecurity insurance premiums with managed security services

While cyber insurance is a must-have in today's business climate, it does come with a cost. However, security leaders can implement best practices to reduce cyber insurance premiums.

from Cyber Security News https://ift.tt/ziDMK3O

How higher ed can prepare the next generation of IT

As colleges update their curriculum and add cybersecurity training and degrees, here are some tactics they should implement to prepare students to be professionals in this field.

from Cyber Security News https://ift.tt/GlZVYRz

David Appel named VP of National Security at AWS

David Appel, former VP of Raytheon Intelligence & Space, has been named Vice President, National Security at Amazon Web Services (AWS).

from Cyber Security News https://ift.tt/UHGTnyN

Five benefits of industrial cybersecurity implementation

Security leaders in the industrial space identified five benefits to cybersecurity implementation, according to a report from Kaspersky.

from Cyber Security News https://ift.tt/kfQWrT4

QNAP investigating new Deadbolt ransomware attacks

QNAP has once again warned consumers and organizations using their network-attached storage (NAS) solution of a recently detected Deadbolt ransomware campaign. 

from Cyber Security News https://ift.tt/qd42nGi

CYBER.ORG joins Microsoft's TEALS program

The nationwide cybersecurity partnership will offer free cyber curriculum and development support to help train volunteers and teachers.

from Cyber Security News https://ift.tt/sarLt5S

How hackable is your WiFi network?

On World WiFi Day, it's time to determine the level of risk at your enterprise organization, especially in the new era of hybrid work.

from Cyber Security News https://ift.tt/QFC7DJH

The hacker stole my homework — the education industry faces its greatest test

From geography to geometry, what is it about schools that all of a sudden has threat actors circling like sharks, and how can educators and administrators guard against becoming the next cyberattack victim?

from Cyber Security News https://ift.tt/ZUWHBdz

FTC issues warning on enterprise AI use

The Federal Trade Commission (FTC) issued a warning to Congress regarding the enterprise use of artificial intelligence (AI). Large companies and those in the tech industry using AI could be opening up users to risk, according to the report.

from Cyber Security News https://ift.tt/epPAliq

C-suites feeling the strain of war in Ukraine

Recession. Cyberattacks. Inflation. What more do CEO's expect for 2022 and 2023? 

from Cyber Security News https://ift.tt/v84ga7n

Federal task force will fight online harassment and abuse

The White House has launched a federal task force to combat the effects of online harassment and abuse, which disproportionately targets people of color, women and LGBTQ individuals.

from Cyber Security News https://ift.tt/Xd0xMkD

Overcoming the cybersecurity skills gap with hiring practices

Hiring entry- and junior-level employees in cybersecurity roles can help security leaders overcome the cyber skills gap, according to new research from (ISC)².

from Cyber Security News https://ift.tt/f9RgtwW

Remote work lacks IAM & cybersecurity oversight

The State of Enterprise Identity report from the Ponemon Institute and Saviynt found that 28% of organizations monitor aspects of remote work cybersecurity.

from Cyber Security News https://ift.tt/UrC9Mq8

US defense contractor in talks to buy NSO Group's spyware

United States defense contractor L3Harris is in talks with NSO Group, a blacklisted Israeli spyware company, to purchase the firm’s spyware tools. 

from Cyber Security News https://ift.tt/E4w98W7

Android spyware deployed in Kazakhstan

Lookout Inc. has discovered an enterprise-grade Android surveillanceware currently used by the government of Kazakhstan within its borders. 

from Cyber Security News https://ift.tt/BQ6c7yZ

The Global Cyber Conference to take place in Zurich this September

The Global Cyber Conference (GCC) will take place in Zurich, Switzerland this September 22-23, 2022. 

from Cyber Security News https://ift.tt/qjhdtUl

University of Pisa suffers ransomware attack

The University of Pisa in Italy is allegedly being held to ransom for $4.5 million, according to Cybersecurity360 and other European news sources.

from Cyber Security News https://ift.tt/vQp0LCn

What is a CISO responsible for?

The State of the CISO 2022 whitepaper from BARR Advisory lists traditional and new responsibilities of chief information security officers (CISOs).

from Cyber Security News https://ift.tt/4EhITCu

24 billion usernames, passwords available on the dark web

There are more than 24 billion usernames and password combinations in circulation in cybercriminal marketplaces, many on the dark web, according to new Digital Shadows research.

from Cyber Security News https://ift.tt/jGDp7Qs

Understanding the patchwork of US data privacy laws

From the California Consumer Privacy Act (CCPA) to the latest bills introduced across the country, legislative and compliance expert Bill Tolson explores the ins and outs of U.S. data privacy laws and how they affect enterprise organizations.

from Cyber Security News https://ift.tt/NBvihbY

Fraud rings: Detecting and defeating cybercriminal networks

Opportunities for fraud rings to do their nefarious deeds are high. Still, there are ways for businesses to fight back.

from Cyber Security News https://ift.tt/jUVK01d

Kaiser Permanente data breach exposed 700,000 patient records

Kaiser Permanente suffered a data breach in April that affected 700,000 patient records and 69,000 patients. 

from Cyber Security News https://ift.tt/u6jDeEU

Public Travis CI logs expose users to cyberattacks

An unpatched security flaw in Travis CI could expose thousands of users to supply chain attacks, according to Aqua Security.

from Cyber Security News https://ift.tt/LD98Yrq

Security leaders rank cyber priorities for 2022

Security and tech executives weighed in on their security priorities for the rest of 2022 in a survey from Forgepoint Capital.

from Cyber Security News https://ift.tt/zOpEYSD

CISA launches Cyber Innovation Fellow initiative

CISA is now accepting nominations for the new Cyber Innovation Fellows program, who will lend their expertise to CISA's technical teams on threat hunting, incident response and vulnerability management.

from Cyber Security News https://ift.tt/w7NfYXF

Clear and present danger: SaaS supply chain attacks

The Okta, GitHub and MailChimp supply chain breaches illustrate the inherent risks of leaving your supply chain in the dark. What can be done to mitigate these risks?

from Cyber Security News https://ift.tt/huD0G9X

APT group used pornographic lure to spy on organizations for 10 years

SentinelLabs uncovered Aoqin Dragon, an active cyberespionage group that has been operating for nearly a decade. 

from Cyber Security News https://ift.tt/BAKSjve

Marvin Evans named Director of Security at RhinoXR

Cybersecurity specialist Marvin Evans has been named Director of Security and Technology at Rhino XR Studios.

from Cyber Security News https://ift.tt/B2G1w5E

Public-private partnerships can increase cyber readiness

Six cybersecurity organizations released recommendations for cybersecurity collaboration, building off of the Joint Cyber Defense Collaborative from CISA.

from Cyber Security News https://ift.tt/01miaoK

BlackBerry discovers Symbiote malware, a highly evasive Linux threat

There's a new Linux threat: the Symbiote malware. Its main objective is to harvest credentials and facilitate backdoor access to infected machines, according to new BlackBerry and Intezer research.

from Cyber Security News https://ift.tt/uHA2lbL

5 cyber threats facing the education sector

The Threat Intelligence Report from Avertium analyzed Black Kite cybersecurity findings to rank the top five cybersecurity threats facing the education sector, including ransomware, data breaches and more.

from Cyber Security News https://ift.tt/v8jXYJc

Cybersecurity named top driver of legal disputes

Cybersecurity and data protection are likely to become top drivers of legal disputes in 2022 and beyond.

from Cyber Security News https://ift.tt/aTUcZ3w

Do software vendors care as much about security as you do?

Any comprehensive approach to cybersecurity must include a detailed third-party risk assessment, covering an assessment of how partners view governance, risk, and compliance within their own organizations.
 

from Cyber Security News https://ift.tt/depzFb0

Don’t break the chain: How to secure the supply chain from cyberattacks

Given the increase of attacks on critical infrastructure and third-party suppliers and supply chain partners, let's address security concerns for supply chains and provide quick fixes/considerations for solutions.  

from Cyber Security News https://ift.tt/xBE4bYq

A focus on risk in software supply chain security

Security leaders should focus on risk management principles when tackling software supply chain security, according to the Center for Internet Security SVP and Chief Evangelist Tony Sager.

from Cyber Security News https://ift.tt/vy5nLNm

Phishing at all-time high; 1 million attacks in Q1 2022

Phishing has reached a record high, with APWG observing one million attacks in the first quarter of 2022. 

from Cyber Security News https://ift.tt/UdWzNh2

Guy Rosen named CISO at Meta

Guy Rosen has been named Chief Information Security Officer (CISO) at Meta.

from Cyber Security News https://ift.tt/dzCGMTV

Preparing for the unexpected: 5 benefits of cloud disaster recovery

Let's explore the importance of disaster recovery and five advantages of cloud disaster recovery for regulated institutions. 

from Cyber Security News https://ift.tt/3WpmE8V

Key privacy notice disclosures under comprehensive California, Colorado and Virginia laws effective 2023

Discover several approaches companies can take to meet compliance with website privacy notice requirements under new California, Colorado and Virginia privacy laws.

from Cyber Security News https://ift.tt/5l1yw70

APIs and cloud applications are CISOs’ greatest threats

Chief information security officers (CISOs) are grappling with a wide range of risks and challenges, especially with cloud-based applications and Application Programming Interfaces (APIs). 

from Cyber Security News https://ift.tt/SuxICMX

Cybersecurity hiring momentum ramps up

Companies and government entities across the U.S. are in hiring mode for cybersecurity professionals: the supply-demand ratio for cybersecurity workers nationwide is 66%, according to new CyberSeek data. 

from Cyber Security News https://ift.tt/T9kMR2e

How to mitigate employee risk in remote work environments

The Apricorn 2022 Global IT Security Survey identified cybersecurity risks posed by remote work and a lack of employee security compliance and awareness.

from Cyber Security News https://ift.tt/XyzQohb

Nada Noaman named SVP, CISO at The Estée Lauder Companies

Cybersecurity leader Nada Noaman has been named Senior Vice President and Chief Information Security Officer (CISO) at The Estée Lauder Companies.

from Cyber Security News https://ift.tt/xFsJvnS

3 cybersecurity challenges keeping CISOs up at night

Analysis from Veridium and TAG Cyber determined what keeps CISOs up at night in 2022, chronicling the latest cybersecurity threats facing businesses today.

from Cyber Security News https://ift.tt/8BHf3Kk

It’s time to adopt modern API security

Application Programming Interfaces (APIs) are a top cyberattack vector, but legacy cybersecurity strategies don’t do enough to protect them from threats.

from Cyber Security News https://ift.tt/lGSoBav

Over half of organizations not effectively defending against cyberattacks

According to new research study from Accenture, more than half (55%) of large companies are not effectively stopping cyberattacks, finding and fixing breaches quickly, or reducing the impact of breaches.

from Cyber Security News https://ift.tt/uPsw4V9

Investigating the effects of bot cyberattacks

Bot attacks can negatively affect organizational cybersecurity and business revenue, according to the Bot Management Review 2022 from Netacea.

from Cyber Security News https://ift.tt/qUWc10v

Cybersecurity advisory warns organizations of Karakurt cyber extortion

Karakurt is focused on stealing data from companies since at least June 2021 and forcing them into paying ransoms under the threat of publishing the information online, several U.S. federal agencies have warned.

from Cyber Security News https://ift.tt/HcjBDvd

7 deadly NFT scams that are targeting brands

Learn about seven significant non-fungible token (NFT) cybersecurity risks that security leaders must be aware of.

from Cyber Security News https://ift.tt/d4exzaV

Tyler Young named CISO at BigID

Cybersecurity leader Tyler Young has been named Chief Information Security Officer (CISO) at BigID.

from Cyber Security News https://ift.tt/43BXcel

Chris Krebs named Chair of Rubrik’s New CISO Advisory Board

As Chair of Rubrik's CISO Advisory Board, Chris Krebs will create and lead a strategic CISO advisory board to help private and public sector organizations tackle the unprecedented growth of cyberattacks, including ransomware. 

from Cyber Security News https://ift.tt/rGs25pe

Shields up & locked

In an interconnected world, ensuring that organizations come together to help one another fight cybersecurity adversaries ultimately protects everyone.

from Cyber Security News https://ift.tt/pbTNnUD

Hawaii unemployment insurance fraud scams increase via SMS phishing attacks

Exploiting pandemic-related stress and financial concern, remote work, and government “brand” trust, threat actors are preying on the vulnerabilities of millions of Hawaiians.

from Cyber Security News https://ift.tt/6wZG0Vj

Security researchers target bug bounties for cyber insights

Do security researchers and ethical hackers learn more about cybersecurity from their employer, schooling or bug bounty experience? The Ethical Hacker Insights Report 2022 surveyed 1,181 people with cybersecurity experience to learn more.

from Cyber Security News https://ift.tt/cj8ZbSO

One-third of defense contractors vulnerable to ransomware

Research from Black Kite, "Centralizing Supply Chain Cybersecurity: U.S. Federal Government Risk in 2022," found that 32% of defense contractors are vulnerable to ransomware.

from Cyber Security News https://ift.tt/aCsBNG5

Michael J. Ducsak new Chief Information Security Officer at Sourcepass

Michael J. Ducsak is the new Chief Information Security Officer (CISO) at Sourcepass, where he will oversee cybersecurity strategy, risk assessment and mitigation, compliance, cloud security and more.

from Cyber Security News https://ift.tt/pNzlFj0

Four ways cybercriminals can hack passwords

Learn about four techniques hackers usually employ to hack usernames and passwords, as well as tips to bolster password defense.

from Cyber Security News https://ift.tt/gXrvnSl

Secrets in code make passwords vulnerable to hackers

The “Secrets Insights Across the Software Supply Chain'' report from Apiiro discovered vulnerable personally identifiable information (PII) and passwords stored in private and public repositories.

from Cyber Security News https://ift.tt/sQMxuXc

Microsoft Office zero day vulnerability discovered

A new Microsoft Office zero-day security vulnerability allows adversaries to execute PowerShell commands via Microsoft Diagnostic Tool (MSDT) by opening a Word document. 

from Cyber Security News https://ift.tt/hQA0UDR

33% of cybersecurity leaders name zero trust their top priority

Zero trust has been named an important aspect of enterprise cybersecurity by security leaders across eight countries, according to the Zero Trust Impact Report from Illumio.

from Cyber Security News https://ift.tt/vTgidZF