Krebs on Security

MAY 12, 2022

On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of esp.usdoj.gov , which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA. The DEA declined to comment on the validity of the claims, issuing only a brief statement in response.

Government 268

Government Authentication Passwords Mobile 268

Cisco Security

JUNE 23, 2021

When we consider that many people use as many as four devices to connect to the internet, this expands the threat landscape. Resilience is also the key to effective cybersecurity. . We can get there with the right technology, the right approach, and investing in people.”. The Right People . The Right Technology .

Artificial Intelligence 87

Artificial Intelligence Technology Cybercrime CISO 87

Jane Frankland

JUNE 20, 2023

But although burnout is a prevalent issue, many people still feel uncomfortable discussing it openly. Since 2011, I’ve consistently spoken, and written about the dangers of burnout in cybersecurity, and proposed leadership strategies for employee wellbeing. The stakes are simply too high to neglect this.

Cybersecurity 130

Cybersecurity Risk InfoSec CISO 130

SecureList

NOVEMBER 9, 2022

Every year, Kaspersky experts prepare forecasts for different industries, helping them to build a strong defense against any cybersecurity threats they might face in the foreseeable future. While supply-chain is a big challenge for business right now, its cybersecurity is not merely an issue, it’s a major problem.

Cybersecurity 121

Cybersecurity Cyber Insurance Cybercrime IoT 121

SecureWorld News

MARCH 1, 2021

As the global pandemic continues to run rampant, CISOs are not only struggling to solve traditional cybersecurity challenges, but are faced with a new surge of pandemic themed phishing scams intended to deceive users and infiltrate organizations. Of these, credential phishing still remains one of the most common tactics used by threat actors.

Phishing 97

Phishing CISO Scams Social Engineering 97

Jane Frankland

APRIL 4, 2024

Recently, a friend of mine who’s just started her own cybersecurity business asked me what I wished I’d known before starting my own business, two decades ago. But beneath this glossy veneer lies a reality that’s bloody harsh, unforgiving, and saturated with trials that grow more complex as you scale your business.

Cybersecurity 130

Cybersecurity Banking Marketing Technology 130

SecureWorld News

MAY 22, 2023

Jordan Fischer , Partner at Constangy and frequent instructor and speaker for SecureWorld, said the USPS incident shows that attacks are not always sophisticated or technical, and that humans are still the weakest link when it comes to cybersecurity. This was a not an incredibly technical attack.

Scams 80

Scams Password Management Passwords Authentication 80

Jane Frankland

JULY 13, 2020

Last year, the world’s largest non-profit membership association of certified cybersecurity professionals, (ISC)², announced the findings of its Cybersecurity Workforce Study. The latest figures depict a shortage of cybersecurity professionals at a time when protecting the world’s operating systems has never been as important.

Cybersecurity 100

Cybersecurity Government Engineering Technology 100

SC Magazine

MAY 28, 2021

The shutdown of operations of Colonial Pipeline captured the attention of the security community, government and consumers that suddenly couldn’t fill their gas tanks. No, this was not an infection of the operational technology for Colonial Pipeline… but a shutdown resulted nonetheless. Production requires business operations.”.

Insurance 117

Insurance Government Ransomware Risk 117

SecureList

OCTOBER 20, 2021

This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. This report attempts to shed light on the changes in cybercriminals’ operations that we deem important — and actionable. Incident analysis.

Cybercrime 137

Cybercrime Banking Malware Ransomware 137

SC Magazine

MAY 25, 2021

But it’s hard to deny that the last year-and-a-half has been perhaps the most stressful and challenging period in the history of cybersecurity. The SolarWinds supply chain attack, escalating ransomware incidents, and the ProxyLogon Microsoft Exchange exploits only further compounded matters. But how have they been managing?

InfoSec 113

InfoSec CISO Media Cybersecurity 113

The Last Watchdog

JUNE 4, 2019

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” There’s oil in the state of Maryland – “cyber oil.” Two notable examples are Sourcefire, acquired by Cisco for $2.7B

Cybersecurity 194

Cybersecurity Computers and Electronics Technology Marketing 194

CyberSecurity Insiders

MAY 3, 2023

Some data has a lengthy shelf-life, and the nefarious organizations are betting these encrypted items will become available in the future while the data still has a great deal of value. Solutions are available that enable post-quantum cryptography that operates on-premise and through a multi-cloud environment.

CISO 133

CISO Identity Theft Encryption Social Engineering 133

SecureWorld News

APRIL 6, 2023

Malware generation: ChatGPT's ability to generate malware can be misused to create malware that can infect an organization's systems, disrupt operations, or steal sensitive data. You need to break that risk down into at least four categories: technical, operational, legal and managerial. Some Legal Perspectives." Westby, Esq.,

Cyber Risk 72

Cyber Risk Risk Phishing Malware 72

Jane Frankland

AUGUST 18, 2020

Cybersecurity is big business. That’s businesses that believe they’ve invested enough in cybersecurity (but haven’t) and/or are overconfident and think they won’t be targeted (but are). It impacts industry and individuals alike and doesn’t discriminate. billion by 2022. Furthermore, from 2019–2023E, approximately USD 5.2

Cyber Risk 100

Cyber Risk Risk Cybersecurity Technology 100

CyberSecurity Insiders

MAY 22, 2021

DENVER–( BUSINESS WIRE )–Optiv Security, an end-to-end cybersecurity solutions partner, today announced it has been named a Microsoft Security 20/20 award winner for the Security System Integrator of the Year category for its demonstrated excellence in innovation, integration and customer implementation with Microsoft technology. “In

IoT 40

IoT Digital transformation Cybersecurity Government 40

The Last Watchdog

AUGUST 19, 2021

Last Watchdog convened a roundtable of cybersecurity experts to discuss the ramifications, which seem all too familiar. The data that was stolen included personal identifiers that can’t be changed, the stuff identity thieves use to obtain and spend credit under other people’s names. We all know security is hard.

Mobile 307

Mobile Data breaches Authentication Accountability 307

CyberSecurity Insiders

OCTOBER 24, 2022

No matter how airtight a university’s cybersecurity system is when operating in a vacuum, the best-laid plans begin to crumble as soon as third parties less concerned with maintaining that security get involved. Many found out what was happening from a third-party cybersecurity firm via Twitter.

Education 58

Education Cyber Attacks Cyber Insurance Insurance 58

Malwarebytes

SEPTEMBER 30, 2022

The first is that they handle troves of sensitive data, especially personally identifiable information (PII) , and the second is that they operate on shoestring budgets with little to no cybersecurity staff or leadership buy-in. We’ll break down five best practices for local government cybersecurity in this post.

Government 58

Government Cybersecurity Cyber Insurance Insurance 58

SecureWorld News

OCTOBER 25, 2022

With people relying so heavily on their mobile devices for their work and personal lives, and with how much crossover there can be, it's good that Apple addressed these faults.". Follow SecureWorld News for more stories related to cybersecurity. Zero-Day vulnerabilities patched by Apple this year.

Software 78

Software Mobile Engineering Cybersecurity 78

SecureWorld News

DECEMBER 11, 2023

We expect that emergency services will use their technologies to reliably provide us with services, that they will protect the private information we give them, and that the operators of their systems will act responsibly; but residents were failed in this sense. Let's start with a quick story.

Technology 88

Technology Artificial Intelligence Cybercrime Government 88

SC Magazine

JUNE 16, 2021

“If it was that easy, it just wouldn’t be an issue,” said Riley Stauffer, security and incident response analyst at managed detection and response firm Pondurance. Resolving a ransomware attack isn’t just a matter of the files any more than resolving a flooded basement is just a matter of pumping out the water.

Backups 141

Backups Ransomware DDOS Encryption 141

CyberSecurity Insiders

JANUARY 12, 2022

And as a CISO, you have the ongoing struggle of understanding the scope of the issue yet managing the finite and appropriate resources to secure web applications. The most obvious cybersecurity strategy is to take a people-centric approach, with a 70-80% focus on staff awareness. Protecting your web apps in the real-world.

CISO 126

CISO Cybercrime Risk Healthcare 126

CyberSecurity Insiders

JANUARY 16, 2022

OPSWAT is a global leader in IT, OT and ICS critical infrastructure cybersecurity solutions. One of his positions was Assistant Director of Community Directorate of Information Management (CDOIM) while serving his country as a Staff Sergeant in the United States Army in Rheinberg, Germany, in the late 1980s. Vince is an avid traveler.

Engineering 124

Engineering Cybersecurity Energy and Utilities Software 124

SiteLock

AUGUST 27, 2021

No matter what industry you’re in, there’s a good chance that you conduct a lot of your business online. For this reason, cybersecurity should be a top priority, especially for small businesses. In fact, 60% of small businesses will shutter operations post-attack due to the staggering cost of recovery.

Cybersecurity 98

Cybersecurity Small Business Backups Phishing 98

eSecurity Planet

AUGUST 9, 2022

For “grave” violations, such employees face fines between ¥100,000 and ¥1,000,000 – and may be prohibited from holding supervisory/management positions or a personal-information protection officer job. Type of Data Matters More Than Type of Enterprise. Location Matters. Geography matters just as much as data type.

Data privacy 145

Data privacy Encryption Data breaches Insurance 145

NopSec

JULY 19, 2022

Focused on making a profit, the leadership doesn’t worry excessively about cybersecurity or vulnerability prioritization. And those CVEs that seemed so manageable when the company started have multiplied nearly five-fold, reaching 20,149 in 2021. As such, Patch Management is an integral part of your Vulnerability Management program.

Cybersecurity 40

Cybersecurity Risk Cybercrime Software 40

Malwarebytes

DECEMBER 29, 2023

It doesn’t matter how small they are or how big they are.” As the holidays put people closer to family and friends (and ransomware gangs closer to attacking— seriously, watch out for that ), Malwarebytes Labs is sharing some of the brighter moments of 2023 in which ransomware gangs didn’t get what they wanted.

Ransomware 85

Ransomware Malware Backups Encryption 85

DoublePulsar

APRIL 20, 2023

Russian hackers exfiltrated data from from Capita over a week before outage Capita have finally admitted a data breach , but still do not think they need to disclose key details of the incident to customers, regulators, impacted parties and investors. Why does this matter? Capita handle £6.5billion of UK government contracts.

Ransomware 124

Ransomware Government Data breaches Media 124

CyberSecurity Insiders

OCTOBER 11, 2022

Whilst it’s easy to assume cybersecurity breaches are a technology issue, the main culprit is human error. Even with an increase in security investment over the past decade, companies still face an onslaught of cyberattacks. No matter what anybody tells you, nobody is perfect (yes, even you George Clooney!).

Cybersecurity 52

Cybersecurity Passwords Scams Phishing 52

SC Magazine

JANUARY 26, 2021

The scheme highlights the role and responsibility upper management plays in ensuring the security of their own company’s assets. But this one was “very deliberate” in that it “only sent to really a few people in that organization.”. The next most frequently targeted titles were managing director (9.7%) and CFO (4.8%).

Phishing 118

Phishing Passwords Security Awareness Social Engineering 118

McAfee

FEBRUARY 16, 2021

As XDR capabilities become available , organizations need to think through how to embrace the new security operations technology destined to empower detection and response capabilities. XDR is a jou rney for people and organizations. . It removes the multiple data sets to manage and the cognitive strain to make sense of it.

Technology 92

Technology Phishing Cybersecurity 92

SC Magazine

MARCH 31, 2021

A newly launched training and certification program could finally provide the much-needed guidance security professionals need to more effectively and comprehensively integrate the respected MITRE ATT&CK framework into their SOC assessments and threat intelligence operations. Count Brandon Hoffman, CISO at Netenrich, among the believers.

Media 64

Media Engineering CISO Cybersecurity 64

NetSpi Executives

SEPTEMBER 28, 2023

But at a high level, AI is still in its infancy. With this in mind, we wanted to understand how our cybersecurity partners have approached AI so far and where they see opportunities to utilize it going forward. Read on to hear perspectives on AI in cybersecurity from several security experts. Systems, Inc.

Cybersecurity 64

Cybersecurity Artificial Intelligence Risk Technology 64

SC Magazine

MARCH 1, 2021

Security pros face great challenges in managing all the products and tools they use to handle the cyber risks they face. Security pros face great challenges in managing all the products and tools they use to handle the cyber risks they face. How should they split the budget between tools and people?

Energy and Utilities 111

Energy and Utilities Marketing Firewall Risk 111

eSecurity Planet

DECEMBER 9, 2021

Or as is often the case with security, what costs can we skip and still escape big penalties later? Dealing with an incident is a matter of “when and how bad,” not “if.” For cybersecurity personnel, our scope of responsibility may be limited to cyberattacks on IT systems, such as ransomware attacks, phishing attacks, and DDoS attacks.

Insurance 125

Insurance Backups Data breaches Ransomware 125

eSecurity Planet

AUGUST 12, 2021

11 sent out a series of Tweets noting that the group had posted on the Dark Web that it was proposing selling insider information from Accenture to interested parties and apparently taunting the company, writing that “these people are beyond privacy and security. We immediately contained the matter and isolated the affected servers.

Ransomware 104

Ransomware Backups Cybercrime Artificial Intelligence 104