Blog - Cyber Security Informer

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

FEBRUARY 11, 2024

Related: The case for augmented reality training Because of this, cybersecurity investments and regulatory oversight are increasing at an astounding rate , especially for those in the financial services industry, bringing an overwhelming feeling to chief compliance officers without dedicated security teams. The list goes on.

Cyber Risk

Cyber Risk Risk Financial Services Cyber threats

Breaking Barriers, Building Bridges: Cultivating Female Belonging in the Cybersecurity Landscape

Jane Frankland

JANUARY 12, 2024

I knew it was a crazy act, and perhaps it was unfair of me to subject him to it, but I wanted him to understand a pressing need in cybersecurity. My intention was to physically manifest the dire state of gender diversity for cybersecurity; to make him truly feel the weight of it all. It’s declined. For example, Byrnes et al.

Cybersecurity

Cybersecurity Risk Banking CISO

Cybersecurity Awareness Month Blog Series: Leading the cybersecurity jobs of the future

Thales Cloud Protection & Licensing

OCTOBER 2, 2018

This October marks the 15 th annual National Cybersecurity Awareness Month (NCSAM) – an initiative to raise awareness around the importance of cybersecurity. 8-12): Millions of Rewarding Jobs: Educating for a Career in Cybersecurity. 1-5): Make Your Home a Haven for Online Safety. Week 2 (Oct. Week 3 (Oct.

Cybersecurity

Cybersecurity Education Risk

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

The Last Watchdog

AUGUST 29, 2022

Web application attacks directed at organizations’ web and mail servers continue to take the lead in cybersecurity incidents. In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches. This year, these were the top reasons for web breaches. Shifting exposures.

Hacking

Hacking Passwords Password Management Data breaches

GUEST ESSAY: A call to blur the lines between cybersecurity training, up-skilling and higher ed

The Last Watchdog

APRIL 26, 2022

In a recent survey of US-based CEOs, talent shortages and cybersecurity were listed as two of the top five business concerns in 2022. The bottom line: organizations with unfilled cybersecurity roles are leaving themselves vulnerable to the growing number of cyber threats. Today, there are more paths into cybersecurity than ever.

Cybersecurity

Cybersecurity Education InfoSec Cyber threats

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

The Last Watchdog

OCTOBER 5, 2023

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.) Erin: So, let’s get started.

Cyber threats

Cyber threats Cyber Insurance Cybersecurity Threat Detection

Attackers Continue to Leverage Signed Microsoft Drivers

eSecurity Planet

APRIL 21, 2023

” And SentinelOne researchers pointed out that this wasn’t the first time Microsoft had dealt with this issue, writing, “In June 2021, GData published a blog on a malicious Netfilter rootkit signed through the same process.” Malicious driver signed by Microsoft.

Accountability

Accountability Malware Antivirus Software

6 Business functions that will benefit from cybersecurity automation

CyberSecurity Insiders

OCTOBER 28, 2021

This blog was written by an independent guest blogger. Enterprises and small businesses alike are facing challenges that impact their ability to maintain adequate cybersecurity. Cybersecurity automation trained with machine learning and powered by AI is helping to close vulnerability gaps and lower the cost of cybersecurity incidents.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

How your business can benefit from Cybersecurity automation

CyberSecurity Insiders

NOVEMBER 24, 2021

This blog was written by an independent guest blogger. Enterprises and small businesses alike are facing challenges that impact their ability to maintain adequate cybersecurity. Cybersecurity automation trained with machine learning and powered by AI is helping to close vulnerability gaps and lower the cost of cybersecurity incidents.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

SEPTEMBER 21, 2022

Cybersecurity is a top concern for individuals and businesses in the increasingly digital world. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Many modern organizations know the basics of online safety and follow the best cybersecurity practices.

Phishing

Phishing Artificial Intelligence Cybercrime Social Engineering

A week in security (January 30 - February 5)

Malwarebytes

FEBRUARY 5, 2023

Riot Games refuses to pay ransom to avoid League of Legends leak Analyzing and remediating a malware infested T95 TV box from Amazon Google sponsored ads malvertising targets password manager 40% of online shops tricking users with "dark patterns" How to protect your business from supply chain attacks Up to 10 million people potentially impacted by (..)

Password Management

Password Management Ransomware Passwords Malware

Risks to Your Network from Insecure Code Signing Processes

Security Boulevard

JULY 7, 2022

Attackers are extremely clever and the code they use may even be signed by an entity similar to or exactly the same as your own certificate authority (CA). Improperly configured code signing keys and certificates. Code signing certificates are issued for a given period of time. The OWASP Top 10 Cryptographic Failures in 2021.

Risk

Risk InfoSec Software Digital transformation

GUEST ESSAY: ‘Cybersecurity specialist’ tops list of work-from-home IT jobs that need filling

The Last Watchdog

MARCH 29, 2021

Many universities offer massive open online courses (MOOC) in cybersecurity. However, you can request a certificate of completion for a fee. While you’ll need a bachelor’s degree (not necessarily in cybersecurity specifically) for most of these jobs, the median pay is a very solid $47.95/hr. Median pay is $26.33/hr.

Cybersecurity

Cybersecurity Education Internet Internet

FBI warns of ransomware gang – What you need to know about the OnePercent group

CyberSecurity Insiders

OCTOBER 14, 2021

This blog was written by an independent guest blogger. In fact, a recent survey indicated that over 60% of executives cited phishing and ransomware as their top concerns. Managed cybersecurity solutions are a great asset for organizations that lack IT security professionals. Encrypt all sensitive company data.

Social Engineering

Social Engineering Ransomware Engineering Phishing

A week in security (July 19 – August 1)

Malwarebytes

AUGUST 2, 2021

Other cybersecurity news: QR codes are here to stay. Source: Edward Snowden) The Northern Ireland COVID Certification Service was temporarily interrupted due to privacy issue. Source: Microsoft Security blog) Solarmarker malware campaign actors are focusing their energy on credential and residual information theft.

Wireless

Wireless Password Management Firmware Passwords

A week in security (Sept 13 – Sept 19)

Malwarebytes

SEPTEMBER 20, 2021

PrintNightmare over, MSHTML fixed, a new horror appears … OMIGOD What are SSL certificates ? Other cybersecurity news. Source: The Register) A top FBI official said that there is “no indication” that Russia has cracked down ransomware gangs. What are computer cookies ? What is the Dark Web ?

DDOS

DDOS Ransomware Backups Marketing

Endangered data in online transactions and how to safeguard company information

CyberSecurity Insiders

JANUARY 6, 2022

This blog was written by an independent guest blogger. On top of that, new cybersecurity threats keep popping up constantly. No cybersecurity experts. Cybersecurity is a complex issue that requires comprehensive knowledge. Sadly, most companies don’t hire any cybersecurity experts. Source; Pexels.

Encryption

Encryption Identity Theft Authentication Data breaches

Cyber Security Roundup for February 2021

Security Boulevard

FEBRUARY 1, 2021

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, January 2021. Mimecast confirmed a related certificate compromise after they were informed by Microsoft as part of their investigative efforts. The Top Cybersecurity Certifications in 2021.

Artificial Intelligence

Artificial Intelligence Ransomware Education Cybersecurity

Cisco Salutes the League of Cybersecurity Heroes

Cisco Security

JULY 25, 2022

Within this new frontier, cybersecurity has become even more challenging. However, some cybersecurity professionals have stood out, using their unique skills and resourcefulness to protect the integrity of their businesses, and to withstand unpredictable and dynamically changing threats. Blair Anderson. Kevin Brown. Steve Cruse.

Cybersecurity

Cybersecurity Technology Threat Detection Digital transformation

State of API Security: API Attack Traffic Grew 681% in 2021

Security Boulevard

MAY 16, 2022

The OWASP API Top 10 list identifies authentication and authorization attacks as the top two risks for API Security. APIs need a verified identity using digital certificates and cryptographic keys. The impact of poor machine identity management can become damaging: Service outages caused by expired certificates.

Authentication

Authentication Risk Data breaches Malware

cert-manager Graduates to CNCF Incubating Project

Security Boulevard

OCTOBER 19, 2022

509 certificates to authenticate and secure communication between Kubernetes workloads, containers, clusters and microservices. Integration with multiple Certificate Authorities (CAs), and alignment with multiple open source projects, including Cilium, Knative, SPIRE, Isitio and Linkerd. health insurers; the top five U.S.

Retail

Retail Software Marketing Engineering

Top CVE List for Q1 2021: CloudPassage Vulnerability Report

CyberSecurity Insiders

APRIL 15, 2021

Here is the most recent vulnerability report, including the top CVE list for the first quarter of 2021. Top CVE List for Q1. #1 In a blog post , Microsoft attributes the exploitation of these flaws to a state-sponsored group HAFNIUM. OpenSSL non-CA certificates check bypass. the vulnerability trending quotient).

Engineering

Engineering Software Cybersecurity

5 API Vulnerabilities That Get Exploited by Criminals

Security Affairs

NOVEMBER 22, 2022

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). In its API Security Top 10 , the Open Web Application Security Project (OWASP) identifies the top ten threats to APIs. 5 Common API Vulnerabilities Explained. Pierluigi Paganini.

Authentication

Authentication B2B Accountability Digital transformation

The Best 10 Vendor Risk Management Tools

Centraleyes

MARCH 25, 2024

The Best Vendor Risk Management Tools in 2024 Selecting the top VRM vendors involves a rigorous evaluation process that assesses security features, user-friendliness, customer support, and overall effectiveness. We’ve identified the crème de la crème of the TPRM ecosystem and will discuss the top runners in just a second.

Risk

Risk Data collection Architecture Government

Cybersecurity and Data Protection lessons from a look back at 2021

BH Consulting

JANUARY 11, 2022

In that spirit, we’ve rounded up five of our most popular blogs from the past year. From ransomware and scams to security frameworks and employee privacy, our 2021 ‘greatest hits’ show how broad the areas of cybersecurity and data protection can be. You can read the full blog and recommendations here. Risk vs reward.

Cybersecurity

Cybersecurity Insurance Scams Cyber Risk

ISO 26262: The ISO Standard for Functional Safety

ForAllSecure

MARCH 3, 2022

In order to achieve ISO 26262 certification, companies must demonstrate that their products meet the required safety level for each application.d. What are the benefits of ISO 26262 certification? How can I achieve ISO 26262 certification? It is important to note that ISO 26262 certification is not a one-time certification.

Software

Software Technology Risk Marketing

NBlog Aug 26 - ISMS templates

Notice Bored

AUGUST 25, 2020

which can make it tricky to both comply with the standard and persuade the certification auditors of that. c) says (in part) "The organisation shall plan, establish, implement and maintain an audit programme(s)" - an explicit documentation requirement that the certification auditors will definitely check for compliance; Clause 9.3

Risk

Risk Information Security Cybersecurity InfoSec

The SOC 2 Compliance Checklist for 2023

Centraleyes

DECEMBER 10, 2023

SOC 2 is the gold standard in Information Security certifications and shows the world just how seriously your company takes Information Security. An incredible way to systematically evaluate and improve your company’s handling of customer data throughout its lifecycle, the SOC 2 certificate is equally challenging and worthwhile to attain.

Risk

Risk Data breaches Software Information Security

Ransomware Study: Two Thirds of Security Professionals Believe Ransomware and Terrorism Threats are Equal

CyberSecurity Insiders

DECEMBER 21, 2021

For more information, please read the report or visit the blog. Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications.

Ransomware

Ransomware IoT Mobile Retail

Security Roundup December 2023

BH Consulting

DECEMBER 11, 2023

Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants. Cloud security was also a theme in Microsoft’s ‘Cybersecurity Trends in Ireland 2023’ report. On the bright side, 74 per cent haven’t reduced their spend on cybersecurity in the last three years. Cloudy outlook for security?

Surveillance

Surveillance Cybersecurity DDOS Data breaches

Why Healthcare IoT Requires Strong Machine Identity Management

Security Boulevard

MAY 30, 2022

In November 2021, the Cybersecurity and Infrastructure Agency (CISA) and Philips issued advisories pertaining to several security vulnerabilities identified in certain patient monitoring and medical device interface products from the manufacturer. Top 4 Machine Identity Management Challenges PKI Teams Face. Related Posts.

Healthcare

Healthcare IoT Manufacturing Risk

Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

Security Boulevard

JUNE 23, 2022

27% say resilience is a top three priority. To implement a Zero Trust strategy , organizations with mature cybersecurity programs use machine identity management. 509 and code signing certificates, and SSH keys.” Top 10 Vulnerabilities that Make IoT Devices Insecure. 39% see malware and ransomware as their biggest risk.

IoT

IoT Social Engineering Firmware Risk

5 Tips to get Better Efficacy out of Your IT Security Stack

Webroot

MAY 25, 2021

Especially in terms of cybersecurity, efficacy is something of an amorphous term; everyone wants it to be better, but what exactly does that mean? Here are our top 5 tips for getting the best possible efficacy out of your IT security stack. And how do you properly measure it? But the tools aren’t everything. What else can you do?

Phishing

Phishing DNS Backups Cyber threats

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

. “A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” Liquid CEO Kayamori said in a blog post. Those results were then indexed against the top one million most popular websites according to Alexa.com.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Top 3 Takeaways: “Cloudflare TV’s Hacker Time"

ForAllSecure

APRIL 15, 2021

David Brumley joined Cloudflare’s Head of Product Security, Evan Johnson, to discuss all things software security, fuzz testing, capture-the-flags (CTFs), and cybersecurity certifications. We’ve also outlined below the top 3 takeaways from the episode. in cybersecurity or an industry certification?

Software

Software Hacking Marketing Engineering

Top 3 Takeaways: “Cloudflare TV’s Hacker Time"

ForAllSecure

APRIL 15, 2021

David Brumley joined Cloudflare’s Head of Product Security, Evan Johnson, to discuss all things software security, fuzz testing, capture-the-flags (CTFs), and cybersecurity certifications. We’ve also outlined below the top 3 takeaways from the episode. in cybersecurity or an industry certification?

Software

Software Hacking Marketing Engineering

Ways to Develop a Cybersecurity Training Program for Employees

Security Affairs

APRIL 15, 2022

Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s security initiatives. Developing a cybersecurity training program requires knowing where the blind spots are. Cover Cybersecurity Topics. Introduce Data Privacy Laws.

Cybersecurity

Cybersecurity Data privacy Data breaches Phishing

Cyber Warfare Future is ‘Machine on Machine’ With China, Says Biden Advisor

Security Boulevard

JULY 18, 2022

China’s road to the top is through the U.S. China has decided that the road to the top of the pile needs to be through being tough. ‘We I think the number is the 15 top leaders of the central party, at least 13 of them have PhDs, doctorate degrees, or are engineers. Get Quantum Ready with Hybrid Certificates. UTM Medium.

Computers and Electronics

Computers and Electronics CISO Engineering Marketing

Virtually Impossible to Miss McAfee at Black Hat 2020

McAfee

JULY 24, 2020

Also join us at the virtual booth to shift your cybersecurity left with new SOC solutions and check out McAfee’s advanced device-to-cloud security solutions. Also, get ready for more SOC options from McAfee with a unique solution that shifts cybersecurity left, as well as even more advanced device to cloud protection.”.

CISO

CISO Technology Hacking Cybersecurity

Domain of Thrones: Part I

Security Boulevard

OCTOBER 24, 2023

Written by Nico Shyne & Josh Prager The Game of Domain Dominance Just as in the political landscape of Westeros, defenders face a dynamic adversarial relationship…except instead of fighting rival families, defenders are locked into a struggle with innovators on the offensive side of cybersecurity.

Backups

Backups Passwords Authentication Accountability

5 Criteria for Evaluating External Attack Surface Management Vendors

NetSpi Executives

JANUARY 30, 2024

As part of this research, Forrester included NetSPI in its External Attack Surface Management Landscape Report featuring top EASM vendors, and Gartner featured NetSPI in its EASM Competitive Landscape Report. The team also helps by answering any questions that come up related to findings and providing guidance for remediation.

Technology

Technology Penetration Testing Risk Internet

Where Exactly Are Code Signing Machine Identities Used?

Security Boulevard

APRIL 13, 2022

Code signing approved third-party software with your own private code signing certificate is a great way to protect it against intrusion or abuse. . When you digitally sign your scripts and other IT infrastructure with a trusted code signing certificate, you can protect them against inappropriate modification. Alexa Cardenas.

Software

Software Firmware IoT Internet

SHARED INTEL: Here’s why CEOs who’ve quit Tweeting are very smart to do so

The Last Watchdog

MARCH 6, 2020

Corporate consultancy PwC’s recent poll of 1,600 CEOs worldwide found that cyber attacks are now considered the top hinderance to corporate performance, followed by the shortage of skilled workers and the inability to keep up with rapid tech advances. A handful of states have imposed business certification requirements on top of that.

CISO

CISO VPN Digital transformation Internet

Is Your MDR Actually MDA?

Security Boulevard

JULY 13, 2022

Threat detection and response are top priorities for reducing an organization’s critical mean-time-to-detect (MTTD). This blog can help. give your cybersecurity provider full visibility into your distributed environment – including logs that show both ingress/egress as well as lateral movement.

Threat Detection

Threat Detection Firewall Healthcare Cybersecurity

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

Breaking Barriers, Building Bridges: Cultivating Female Belonging in the Cybersecurity Landscape

Trending Sources

Cybersecurity Awareness Month Blog Series: Leading the cybersecurity jobs of the future

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

GUEST ESSAY: A call to blur the lines between cybersecurity training, up-skilling and higher ed

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

Attackers Continue to Leverage Signed Microsoft Drivers

6 Business functions that will benefit from cybersecurity automation

How your business can benefit from Cybersecurity automation

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

A week in security (January 30 - February 5)

Risks to Your Network from Insecure Code Signing Processes

GUEST ESSAY: ‘Cybersecurity specialist’ tops list of work-from-home IT jobs that need filling

FBI warns of ransomware gang – What you need to know about the OnePercent group

A week in security (July 19 – August 1)

A week in security (Sept 13 – Sept 19)

Endangered data in online transactions and how to safeguard company information

Cyber Security Roundup for February 2021

Cisco Salutes the League of Cybersecurity Heroes

State of API Security: API Attack Traffic Grew 681% in 2021

cert-manager Graduates to CNCF Incubating Project

Top CVE List for Q1 2021: CloudPassage Vulnerability Report

5 API Vulnerabilities That Get Exploited by Criminals

The Best 10 Vendor Risk Management Tools

Cybersecurity and Data Protection lessons from a look back at 2021

ISO 26262: The ISO Standard for Functional Safety

NBlog Aug 26 - ISMS templates

The SOC 2 Compliance Checklist for 2023

Ransomware Study: Two Thirds of Security Professionals Believe Ransomware and Terrorism Threats are Equal

Security Roundup December 2023

Why Healthcare IoT Requires Strong Machine Identity Management

Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

5 Tips to get Better Efficacy out of Your IT Security Stack

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Top 3 Takeaways: “Cloudflare TV’s Hacker Time"

Top 3 Takeaways: “Cloudflare TV’s Hacker Time"

Ways to Develop a Cybersecurity Training Program for Employees

Cyber Warfare Future is ‘Machine on Machine’ With China, Says Biden Advisor

Virtually Impossible to Miss McAfee at Black Hat 2020

Domain of Thrones: Part I

5 Criteria for Evaluating External Attack Surface Management Vendors

Where Exactly Are Code Signing Machine Identities Used?

SHARED INTEL: Here’s why CEOs who’ve quit Tweeting are very smart to do so

Is Your MDR Actually MDA?

Stay Connected