Mon.Nov 29, 2021

Intel is Maintaining Legacy Technology for Security Research

Schneier on Security

Interesting : Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace.

GUEST ESSAY: The shock waves of mental illness have begun exacerbating cybersecurity exposures

The Last Watchdog

Mental health at work is undergoing a rapid transformation. Even before the COVID-19 pandemic, which has caused an increase in feelings of loneliness and isolation, workers’ mental health was under pressure. Related: Capital One hacker demonstrated ‘erratic behavior’ According to a recent workforce health survey, 40% of workers experienced mental health issues this past year , double the year before.

CISO 153
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Your engine doesn’t matter

Javvad Malik

I have flown many times in my life, but I’ve never really known the difference between a Boeing 747, 787, or whatever the numbers are. It’s not that I’m not interested in planes. I still look up in the sky when I see one flying overhead and ask myself where it’s coming from and going to. Flying is really a marvel of engineering, and it blows my mind every time I get on a flight. You can enjoy flying without being an aeroplane nerd. Airlines understand this too.

Phishing Remains the Most Common Cause of Data Breaches, Survey Says

Dark Reading

Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Debunking Myths About CMMC 2.0

Security Boulevard

The cybersecurity world remains dynamic. On November 4, 2021, the Department of Defense (DoD) posted an update to its Cybersecurity Maturity Model Certification (CMMC) initiative, announcing program changes dubbed CMMC 2.0.

CISO 114

CISA issues Mobile Security Checklist and plans for Secure Email Service

CyberSecurity Insiders

All federal agencies and private sector organizations operating in United States are being urged to follow a checklist meant to protect mobile devices and was issued by the Cybersecurity and Infrastructure Security Agency (CISA).

Mobile 113

More Trending

13 traits of a security-conscious board of directors

CSO Magazine

CISO turnover rates are legendary, so let’s say you’re one of the many job-hunting CISOs, and you have two or three targets on your short list. Or maybe you’re being recruited by a prospective employer to be their next CISO. Or you’re a security exec looking to move up to the CISO level.

CISO 112

Rising volume of email fatigue opens doors for Cybercriminals

CyberSecurity Insiders

This blog was written by an independent guest blogger. While remote work has many benefits, it can increase the risk of employees suffering from directed attention fatigue (DAF) , where they find themselves unable to focus due to constant distractions.

Avery Dennison overhauls DLP program in enterprise-wide effort

CSO Magazine

Avery Dennison had to confront a typical challenge: how to best protect its significant, and quickly growing, volume of data. To read this article in full, please click here (Insider Story

110
110

Google experts found 2 flaws in video conferencing software Zoom

Security Affairs

Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Paving the Road to Zero Trust With Adaptive Authentication

Dark Reading

A gradual transition to a world beyond passwords predisposes zero-trust projects to success

Experts warn of attacks exploiting CVE-2021-40438 flaw in Apache HTTP Server

Security Affairs

Threat actors are exploiting the recently patched CVE-2021-40438 flaw in Apache HTTP servers, warns German Cybersecurity Agency and Cisco. Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-40438, in Apache HTTP servers.

BrandPost: Women in Cybersecurity—Advancing the Conversation

CSO Magazine

NETSCOUT's Chief Security Officer, Debby Briggs, was joined by Tyler Cohen Wood for an insightful conversation with Lisa Martin from theCUBE. Tyler is a nationally recognized cyber security, intelligence, national security expert, and former Director of Cyber Risk Management for AT&T.

Data leak on Panasonic Corporation servers

CyberSecurity Insiders

Panasonic Corporation, known as Matsushita Electric Industrial LTD, previously has reported that it has become a victim of a sophisticated cyber attack in which some of the critical data might have compromised.

Media 107

BrandPost: IT's New Cyber Threat Landscape

CSO Magazine

NETSCOUT protects digital business services against disruptions in availability, performance, and security.

WFH security: How to protect your remote endpoints from vulnerabilities

Tech Republic Security

Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1

145
145

BrandPost: Cultivating a New Generation of Cyber Professionals

CSO Magazine

Many of us in cybersecurity have a chance every day to make a difference in the security of the organizations and people around us. Cybersecurity has a role for everyone and it affects us all.

How to Prepare for CISSP Exam Day

CyberSecurity Insiders

By deciding to take the CISSP exam, you’ve chosen to further your education and showcase your knowledge and experience by achieving the world’s premier cybersecurity certification. Soon, you will join the ranks of more than 147,000 global leaders committed to a safe and secure cyber world.

Google Analyzes Methods Behind GCP Workload Attacks

Dark Reading

The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows

Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious

Security Boulevard

Google’s new Cybersecurity Action Team (CAT) would like you to know that insecure cloud instances can be hijacked by hackers. Stop the press. Did we really need to be told that? The post Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious appeared first on Security Boulevard.

IKEA servers hit by Qakbot Malware

CyberSecurity Insiders

IKEA, the furniture giant from Sweden, has disclosed that its servers were hit by a Qakbot malware that could have compromised its staff and partner accounts to a certain extent. However, as the investigation is still underway, compromise of accounts is yet to be determined.

BrandPost: Safeguarding your Connectivity Supply Chain

CSO Magazine

Although we generally tend to think of cyberattacks as being waged against specific entities such as enterprises or service providers, NETSCOUT has identified another massive target for attackers: the connectivity supply chain.

IoT Protocols and Standards (IPv6, 6LoWPAN, RPL, 6TiSCH, WoT, oneM2M, etc.)

Security Boulevard

Source: [link] 1. IPv6 Internet Protocol version 6 (Ipv6) is the newest version of the Internet Protocol (IP), which is the concept of communications protocol that provides an identification and location system for computers on networks.

IoT 97

BrandPost: Firewalls: Severely Limited in DDoS Attack Protection

CSO Magazine

Many cybersecurity companies rely on devices such as firewalls, virtual private networks (VPNs), load balancers, and other edge devices to protect enterprise networks from distributed denial-of-service (DDoS) attacks.

Armis Now Valued at $3.4B

Dark Reading

One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago

94

BrandPost: 5G Expanded Services: Blessing, Threat, or Both?

CSO Magazine

DDOS 96

Cyber Security Predictions for 2022

Security Boulevard

As we approach the end of 2021, we’d like to present our predictions for 2022 for the application security community.

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

Security Affairs

Experts found four Android banking trojans that were available on the official Google Play Store and that infected +300,000 devices. Researchers from ThreatFabric discovered four distinct Android banking trojans that were spread via the official Google Play Store between August and November 2021.

Securing Corporate Philanthropy on Giving Tuesday

Security Boulevard

Tomorrow, November 30, is Giving Tuesday, a day of emphasis on charitable giving both by individuals and organizations and enterprises. The Giving Tuesday movement came into being in 2012 to encourage generosity and charitable giving year-round; the Tuesday after the U.S.

Panasonic confirmed that its network was illegally accessed by attackers

Security Affairs

Panasonic disclosed a security breach after threat actors gained access to its servers storing potentially sensitive information. Japanese electronics giant Panasonic disclosed a security breach after threat actors gained access to some servers of the company containing sensitive data.

Panasonic Hit in Data Breach

Dark Reading

Tech firm reveals that data on one of its file servers was accessed by attackers

Israel cut cyber export list, excluding totalitarian regimes

Security Affairs

Israel’s Ministry of Defense bans the sale of surveillance software and offensive hacking tools to tens of countries. Israel’s Ministry of Defense has cut the list of countries to which Israeli surveillance and cybersecurity firms could sell their products and services.

Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation

Dark Reading

HAECHI-II initiative represents Interpol's stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks

Scams 84

A Hacking Spree Against Iran Spills Out Into the Real World

WIRED Threat Level

Hackers have targeted the country's trains, gas stations, and airline infrastructure, as cyber conflict with Israel continues to escalate. Security Security / Cyberattacks and Hacks

Another Day of Malware: Malicious ‘botaa3’ PyPI Package Taken Down

Security Boulevard

Sonatype’s automated malware detection systems have discovered yet another malicious package on the PyPI repository. The post Another Day of Malware: Malicious ‘botaa3’ PyPI Package Taken Down appeared first on Security Boulevard. Security Bloggers Network Vulnerabilities FEATURED