Krebs on Security
FEBRUARY 26, 2023
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.
Schneier on Security
MARCH 3, 2023
Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space—with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space has grown over the past decade with very little regulatory oversight.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Anton on Security
MARCH 1, 2023
Hey, it is 2023, let’s debate SIEM again! Debate SIEM? In 2023? This is so 1997! Or perhaps 2017. Anyhow, Security Information and Event Management (SIEM) is a growing $4+B market that is proving remarkably resilient, and, actually, interesting again. Let’s start with an obligatory AI response: (source: Bard ) Let’s proceed with a just-as-obligatory Gartner quote: “The SIEM market is maturing at a rapid pace and continues to be extremely competitive.
Troy Hunt
MARCH 2, 2023
Guns! You know, the things you kinda want to keep pretty well protected and out of the hands of nefarious parties, like the kinds of folks that following their data breach could match firearms to an individual at an address on a phone number of a gender and specific age. But don't worry, no financial information was compromised! 🤦♂️ All that and more in the 337th addition of my weekly update, enjoy!
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
Krebs on Security
FEBRUARY 28, 2023
Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.
Schneier on Security
FEBRUARY 28, 2023
CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack. The algorithm is not “broken” or “cracked”—despite headlines to the contrary—this is just a side-channel attack.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
FEBRUARY 27, 2023
LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems.
Dark Reading
FEBRUARY 27, 2023
The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China.
Schneier on Security
MARCH 1, 2023
A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank.
Tech Republic Security
FEBRUARY 28, 2023
With nearly 90% of companies reporting cyberattacks, pen testing budgets are on the rise, with cloud infrastructure and services a key focus area, according to a new report. The post Pen testing report: IT budgets should focus on entire security stack appeared first on TechRepublic.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
The Hacker News
MARCH 1, 2023
A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET said in a report shared with The Hacker News.
CSO Magazine
FEBRUARY 27, 2023
Whenever shells rain down on Ukraine, Yuriy Gatupov's colleagues put a '+' sign in a chat room. Then, the pluses are counted. "We check if everybody is alive," he says. Gatupov, the owner of two cybersecurity companies, says it is vital to stay connected during a time of war. With Russia now controlling around 18% of Ukraine's territory including Donbas and Crimea, tech workers face formidable challenges.
CyberSecurity Insiders
MARCH 2, 2023
By Amit Shaked, CEO and co-founder, Laminar Out of the total reported data breaches in 2022 in the U.S., nearly half (45%) happened in the cloud and cost organizations over $9 million. While the statistics paint a bleak picture, the good news is that as adversaries have evolved, so have security technologies. In its 2022 Hype Cycle for Data Security, Gartner announced a new category of solutions titled “Data Security Posture Management,” or DSPM.
Tech Republic Security
MARCH 2, 2023
Organizations subject to government regulations can gain more control over their own security. The post Google Workspace admins can now use client-side encryption on Gmail and Calendar appeared first on TechRepublic.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
Security Boulevard
MARCH 3, 2023
The vast majority—92% of companies across all verticals, states and business sizes—are still unprepared for compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), while a similar percentage (91%) are unprepared for GDPR compliance. A report from Cytrio revealed these organizations are still using time-consuming and error-prone manual processes to.
CSO Magazine
MARCH 1, 2023
In 2022, I started a podcast aimed at converting more Gen Z to seek careers in cybersecurity. In doing so, I had to educate myself on what they value and realized the many differences between Gen Z and previous generations. Gen Z refers to those born between mid-to-late 1990s and 2010, making them between the ages of 11 and 28. This means they grew up experiencing a much faster rate in which technology evolves.
CyberSecurity Insiders
FEBRUARY 28, 2023
No one likes to think their company might be hit by a cyber attack or breach, but the truth is cybercrime is one of the biggest threats your organization can face. If you suffer a breach, the loss of data is only the first of many issues you will be facing. You also have to navigate reputational damage, lost revenue, and the potential for fines and sanctions from regulatory agencies.
Tech Republic Security
MARCH 2, 2023
With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely. The post 1Password is looking to a password-free future. Here’s why appeared first on TechRepublic.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
Naked Security
FEBRUARY 26, 2023
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.
CSO Magazine
FEBRUARY 28, 2023
Password management company LastPass, which was hit by two data breaches last year , has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches infected the engineer's home computer with a keylogger , which recorded information that enabled a cyberattack that exfiltrated sensitive inform
Graham Cluley
MARCH 2, 2023
Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, "Why do you keep robbing banks?" His answer? "Because that's where the money is." However, today there's a better target for robbers today than banks, which are typically well-defended against theft. Cryptocurrency wallets. Read more in my article on the Tripwire State of Security blog.
SecureWorld News
MARCH 2, 2023
Cybersecurity is one of the most pressing challenges in the 21st century. As cyber threats grow more sophisticated and diverse, countries need a robust and coordinated strategy to defend their interests and values in cyberspace. Which is why the Biden Administration has released its first National Cybersecurity Strategy. The strategy was crafted by the Office of the National Cyber Director (ONCD), a new agency created by Congress in 2021 to oversee and coordinate federal cybersecurity efforts.
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.
CyberSecurity Insiders
FEBRUARY 27, 2023
Ransomware attacks seem to surge day by day on the servers belonging to government agencies and the latest to fall as the victim is the computer network of the US Marshals Service, aka USMS. According to the update provided by the Department of Justice, the incident occurred on February 17th of this year and sensitive details such as PII of employees, administrative data, returns from legal procedures, third party documents and some information related to private detectives was accessed and poss
CSO Magazine
FEBRUARY 28, 2023
Predictions on whether or when the global economy will fall into a recession continue to swirl. Even if one doesn’t hit anytime soon, economic volatility, more cautious corporate spending plans, and employee layoffs are already in play. For security chiefs, such news portends a tougher road ahead. CISOs have never had an easy time — they’ve certainly faced inordinate challenges in recent years working to secure an ever-expanding and more distributed technology and data landscape.
Security Boulevard
FEBRUARY 28, 2023
The U.S. Marshals Service (USMS) has been hacked (again). Scrotes stole sensitive stuff (supposedly). The post US Marshals Ransomware Hack is ‘Major Incident’ appeared first on Security Boulevard.
Dark Reading
MARCH 1, 2023
The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.
Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association
PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.
CyberSecurity Insiders
MARCH 3, 2023
CISA of the United States has issued a warning to all public and private entities to stay away from the Royal Ransomware group. They issued an advisory as a part of StopRansomware Campaign and issued some tips that help raise the defense-line against such cyber threats. Royal Ransomware gang has been active since September 2022 and demands a sum ranging between $1m to $11 million that needs to be paid in Bitcoins.
CSO Magazine
FEBRUARY 28, 2023
Multilayered, well-funded cybersecurity systems are unable to protect enterprises in the US and Europe from cyberattacks, according to a report by automated security validation firm Pentera. The report, which was based on a survey of 300 CIOs, CISOs and security executives to get insights on their current IT and security budgets and cybersecurity validation practices, noted that the financial slowdown has had a minimal impact on cybersecurity budgets.
Security Boulevard
MARCH 3, 2023
Time for the gloves to come off, the U.S. government said on Thursday in a newly aggressive policy on cybersecurity that has — mostly — thrilled cybersecurity experts. The post National Cybersecurity Strategy | Contrast Security appeared first on Security Boulevard.
Dark Reading
FEBRUARY 28, 2023
The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed.
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.
Expert insights. Personalized for you.
270 
Let's personalize your content