Security Magazine
-
Lipscomb University security officer dies from COVID-19
A 40-year security officer veteran at Tennessee's Lipscomb University, Maurice J. Conner passed away after contracting COVID-19.
-
5 minutes with Curt Dalton - Embedding cybersecurity into the organization
To effectively reduce enterprise risk, cybersecurity leaders argue it's critical to fully embed cybersecurity in the enterprise-risk management framework and into the whole organization. Here, we talk to Curt Dalton, Managing Director and Global Leader of Protiviti's security and privacy practice, about the importance and the benefits of this practice. -
Scottish Environment Protection Agency says it will not use public funds in ransomware attack
The Scottish Environment Protection Agency (SEPA) has been dealing with an ongoing data breach and ransomware attack since Christmas Eve 2020. The agency says that it "will not engage with criminals." -
323,277 Cook County, Illinois records exposed
The WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 323,277 court related records. Upon further investigation, the researchers discovered that the records were all related to Cook County, Ill., the second most populous county in the United States after Los Angeles County.
-
ADT technician hacked hundreds of customers' security cameras
A former security technician for home security company ADT admitted he secretly accessed customers' home security cameras more than 9,600 times over more than four years, particularly in homes of women to spy on them. -
Five reasons every CISO needs SOAR
Having a central location to integrate your security tools and processes to allow your people to collaborate and work together across teams is absolutely critical in today’s threat landscape. But there are five more important reasons why CISOs are prioritizing the adoption of a SOAR platform. -
New research: P2P vulnerabilities show IoT security camera risks
Nozomi Networks published research about vulnerabilities found in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras - Reolink. The most critical vulnerability, assigned a CVSS score of 9.1, allows attackers to access sensitive information such as audio/video streams across the internet. -
DDoS extortions making its way back
Radware recently published a cybersecurity alert, warning users were once again being targeted by DDoS extortionists for a second time by a global ransom DDoS campaign that initially started in August 2020. Organizations received new letter that said, "Maybe you forgot us, but we didn’t forget you. We were busy working on more profitable projects, but now we are back.” -
CISOs of small and medium enterprises need to rethink cybersecurity strategy
According to a Cynet 2021 CISO survey, which focused on CISOs with five or fewer security staff members, a majority of these organizations are overwhelmed by the volume of cyberattacks.
-
Security without borders: Protecting cloud apps
While applications are a key part of many cloud deployments, rapid adoption of the cloud and the ongoing evolution of apps both create new risks. Careful attention must be given to secure the growing application threat vector. New strategies and solutions, including Web Application Firewalls specifically designed to protect apps from advanced threats, are required to help mitigate these risks. -
U.S. Congressman asks federal education secretary to open a probe into a Florida school district's sharing of student data with law enforcement
In a letter, U.S. Rep. Robert C. Scott, chairman of the House Committee on Education and Labor, urged the acting federal education secretary to open a federal investigation into Florida's Pasco County school district's practice of sharing student data with law enforcement.
-
Lessons learned: Six COVID-19 takeaways for CISOs from a CISO
The CoVID-19 pandemic is a gold-mine for lessons learned when it comes to security and cybersecurity at the enterprise level. Listen to Chris Jacquet, CISO at Hatachi Vantara, talk about the lessons he’s learned to keep his enterprise safer.
-
Entitlement creep: What you should know about it
Organizations are exposing their business to unnecessary risk by allowing employees to have residual access to systems and applications that they no longer need to have access to. Security teams need to evolve their current approach to better manage and control unauthorized user access.
-
ODNI welcomes Avril Haines as Director of National Intelligence
Director of National Intelligence Avril Haines yesterday took the oath of office to serve as the seventh DNI in the U.S.'s history. Haines is the first woman to lead the U.S. Intelligence Community, and will oversee the nation's 18 intelligence agencies -
The economics of the security operations center: What's the true cost?
The Second Annual Study on the Economics of Security Operations Centers: What is the True Cost for Effective Results? report from Ponemon Institute finds that organizations are spending more to account for widespread security operation center (SOC) challenges including growing security management complexity, increasing analyst salaries, security engineering and management outsourcing costs, yet are still dissatisfied with the outcomes.
-
U.K.'s University of Kent establishes cybersecurity and conflict institute
The University of Kent announced its Institute of Advanced Studies in Cyber Security and Conflict, a University-wide hub promoting interdisciplinary research and educational activities in cybersecurity and conflict. The institute will extend cybersecurity research into wider areas such as international conflict, cyber influence and behavior, cybercrime, cyber law and digital financial technology.
-
Ungerboeck hires Casey Jessmon as CISO
Casey Jessmon joins software company Ungerboeck as its Chief Information Security Officer (CISO).
-
5 minutes with Jeff Horne – Top healthcare cybersecurity challenges and mitigation strategies
As healthcare organizations continue to respond to the pandemic, cybercriminals have continued to persist in their attacks on providers, health plans and business associates – compromising sensitive patient data while impacting the delivery of care to patients. Here, Jeff Horne, Chief Security Officer (CSO) at Ordr, discusses the top cybersecurity challenges for healthcare organizations, as well as mitigation strategies.
-
Brian Nicholls to coordinate community engagement and safety initiatives at University of Utah
Brian Nicholls, Special Assistant to the Chief Security Officer (Marlon C. Lynch), will coordinate community engagement initiatives with organizations across the University of Utah, as well as implement new response protocols developed by the Racist and Bias Incident Response Team.
-
Implications of the Sunburst cybersecurity attack for transit agencies
In December 2020, the cybersecurity firm FireEye discovered one of the worst cyberattack in the U.S.'s history. The new Mineta Transportation Institute (MTI) perspective Implications of the Sunburst Cybersecurity Attack addresses the damage caused by this attack and what public and private organizations, including transit agencies, can do to mitigate future attacks.
-
A look into the pricing of stolen identities for sale on dark web
Comparitech researchers analyzed listings across 40+ dark web marketplaces gathering data on how much stolen identities, credit cards and hacked PayPal accounts are worth to cybercriminals. -
Connected and protected: Identity management for enterprises in an era of zero trust
With millions of people working from home at present, and likely into the future, the enterprise perimeter has all but dissolved. In the process, organizations are struggling to ensure security in this "zero-trust" and remote era. -
2020’s top 5 phishing scams exposing hackers’ questionable morals – And how to hold strong against them
In this piece, we will explore the top five most surprising phishing attacks in 2020 to date and how individuals and organizations can not only identify these types of threats but protect their networks against them. -
Looking ahead to 2021– Healthcare security predictions for the upcoming year
In the midst of this confusion, we’ve continued to witness significant changes in the processes and operations that companies traditionally rely on to conduct business – with a majority of organizations relying on remote work to safely continue operations. Considering this, it’s no wonder that attackers have realized that there is a significant incentive to take advantage of already vulnerable personnel, and further, the confusion and panic that workers are rightfully experiencing during the pandemic. -
‘Classiscam’ scheme targeting marketplace users through Telegram bot
Threat hunting company Group-IB published a report on a new scam scheme that they named “Classiscam.” The report reveals 40 or more groups currently running this scheme across Russia and Europe. The scheme involves a hierarchy of administrators, workers, and callers, who organize their activities through a Telegram bot.