Security Magazine

Keep up to date on the latest news and information posted to Securitymagazine.com with our RSS feed.
  1. A 40-year security officer veteran at Tennessee's Lipscomb University, Maurice J. Conner passed away after contracting COVID-19.

  2. To effectively reduce enterprise risk, cybersecurity leaders argue it's critical to fully embed cybersecurity in the enterprise-risk management framework and into the whole organization. Here, we talk to Curt Dalton, Managing Director and Global Leader of Protiviti's security and privacy practice, about the importance and the benefits of this practice.
  3. The Scottish Environment Protection Agency (SEPA) has been dealing with an ongoing data breach and ransomware attack since Christmas Eve 2020. The agency says that it "will not engage with criminals."
  4. The WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 323,277 court related records. Upon further investigation, the researchers discovered that the records were all related to Cook County, Ill., the second most populous county in the United States after Los Angeles County. 

  5. A former security technician for home security company ADT admitted he secretly accessed customers' home security cameras more than 9,600 times over more than four years, particularly in homes of women to spy on them.
  6. Having a central location to integrate your security tools and processes to allow your people to collaborate and work together across teams is absolutely critical in today’s threat landscape. But there are five more important reasons why CISOs are prioritizing the adoption of a SOAR platform.
  7. Nozomi Networks published research about vulnerabilities found in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras - Reolink. The most critical vulnerability, assigned a CVSS score of 9.1, allows attackers to access sensitive information such as audio/video streams across the internet.
  8. Radware recently published a cybersecurity alert, warning users were once again being targeted by DDoS extortionists for a second time by a global ransom DDoS campaign that initially started in August 2020. Organizations received new letter that said, "Maybe you forgot us, but we didn’t forget you. We were busy working on more profitable projects, but now we are back.”
  9. According to a Cynet 2021 CISO survey, which focused on CISOs with five or fewer security staff members, a majority of these organizations are overwhelmed by the volume of cyberattacks.

  10. While applications are a key part of many cloud deployments, rapid adoption of the cloud and the ongoing evolution of apps both create new risks. Careful attention must be given to secure the growing application threat vector. New strategies and solutions, including Web Application Firewalls specifically designed to protect apps from advanced threats, are required to help mitigate these risks.
  11. In a letter, U.S. Rep. Robert C. Scott, chairman of the House Committee on Education and Labor, urged the acting federal education secretary to open a federal investigation into Florida's Pasco County school district's practice of sharing student data with law enforcement.

  12. The CoVID-19 pandemic is a gold-mine for lessons learned when it comes to security and cybersecurity at the enterprise level. Listen to Chris Jacquet, CISO at Hatachi Vantara, talk about the lessons he’s learned to keep his enterprise safer.

  13. Organizations are exposing their business to unnecessary risk by allowing employees to have residual access to systems and applications that they no longer need to have access to. Security teams need to evolve their current approach to better manage and control unauthorized user access.

  14. Director of National Intelligence Avril Haines yesterday took the oath of office to serve as the seventh DNI in the U.S.'s history. Haines is the first woman to lead the U.S. Intelligence Community, and will oversee the nation's 18 intelligence agencies
  15. The Second Annual Study on the Economics of Security Operations Centers: What is the True Cost for Effective Results? report from Ponemon Institute finds that organizations are spending more to account for widespread security operation center (SOC) challenges including growing security management complexity, increasing analyst salaries, security engineering and management outsourcing costs, yet are still dissatisfied with the outcomes. 

  16. The University of Kent announced its Institute of Advanced Studies in Cyber Security and Conflict, a University-wide hub promoting interdisciplinary research and educational activities in cybersecurity and conflict. The institute will extend cybersecurity research into wider areas such as international conflict, cyber influence and behavior, cybercrime, cyber law and digital financial technology.

  17. Casey Jessmon joins software company Ungerboeck as its Chief Information Security Officer (CISO).

  18. As healthcare organizations continue to respond to the pandemic, cybercriminals have continued to persist in their attacks on providers, health plans and business associates – compromising sensitive patient data while impacting the delivery of care to patients. Here, Jeff Horne, Chief Security Officer (CSO) at Ordr, discusses the top cybersecurity challenges for healthcare organizations, as well as mitigation strategies.

  19. Brian Nicholls, Special Assistant to the Chief Security Officer (Marlon C. Lynch), will coordinate community engagement initiatives with organizations across the University of Utah, as well as implement new response protocols developed by the Racist and Bias Incident Response Team. 

  20. In December 2020, the cybersecurity firm FireEye discovered one of the worst cyberattack in the U.S.'s history. The new Mineta Transportation Institute (MTI) perspective Implications of the Sunburst Cybersecurity Attack addresses the damage caused by this attack and what public and private organizations, including transit agencies, can do to mitigate future attacks.

  21. Comparitech researchers analyzed listings across 40+ dark web marketplaces gathering data on how much stolen identities, credit cards and hacked PayPal accounts are worth to cybercriminals. 
  22. With millions of people working from home at present, and likely into the future, the enterprise perimeter has all but dissolved. In the process, organizations are struggling to ensure security in this "zero-trust" and remote era.
  23. In this piece, we will explore the top five most surprising phishing attacks in 2020 to date and how individuals and organizations can not only identify these types of threats but protect their networks against them.
  24. In the midst of this confusion, we’ve continued to witness significant changes in the processes and operations that companies traditionally rely on to conduct business – with a majority of organizations relying on remote work to safely continue operations. Considering this, it’s no wonder that attackers have realized that there is a significant incentive to take advantage of already vulnerable personnel, and further, the confusion and panic that workers are rightfully experiencing during the pandemic.
  25. Threat hunting company Group-IB published a report on a new scam scheme that they named “Classiscam.” The report reveals 40 or more groups currently running this scheme across Russia and Europe. The scheme involves a hierarchy of administrators, workers, and callers, who organize their activities through a Telegram bot.