RSS Cyber Security

  • NSF grant funds cybersecurity training and mentorship program at Georgia State University August 3, 2020
    The National Science Foundation has awarded Georgia State’s Evidence-Based Cybersecurity Research Group (EBCS) nearly $300,000 for a pilot program to teach students advanced cybersecurity research skills and match them with CISOs, with whom they will test tools to improve organizations’ security.
  • John "JT" Mendoza joins CGI as Director of Global Security August 3, 2020
    Congratulations to John "JT" Mendoza, one of our 2019 Most Influential People in Security awardees, who is retiring from federal government service after 22 years. He will be joining CGI as Director of Global Security, primarily responsible for establishing a global insider risk management program.
  • Phone spear phishing allowed hackers to gain Twitter employee credentials August 3, 2020
    Twitter has released additional information on their investigation into the compromise that occurred on July 15, 2020.  The attack, says the company, started with a spear phishing attack on a select group of employees that "relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to [Twitter's] internal systems." 
  • Securing our Democracy: The case for robust campaign cybersecurity August 1, 2020
    Sun Tzu famously said, “all warfare is based on deception.” He could hardly have anticipated how his words would ultimately be substantiated—particularly in the tactics of today’s cybercriminals.
  • Cyber skills in traditional security management careers August 1, 2020
    When I speak with candidates who are either leaving government roles or actively looking for a new role, I am often asked what programs or courses related to cybersecurity they could take to improve their marketability.
  • The way forward with Risk Operations Centers July 31, 2020
    In recent years, Enterprise Risk Management has become increasingly focused on cybersecurity risks. While this focus on cyber is understandable, the current COVID crisis has demonstrated that the unpredictable nature of cascading risks requires viewing risk through a much wider risk aperture. One way forward to successfully navigate this new risk frontier is the establishment […]
  • Salesforce policy change poses grave security implications July 31, 2020
    COVID-19 has completely changed our world from six months ago, as we continue to battle the grave health implications, face extended stay at home orders, and grapple with the insurmountable ramifications on our economy. The pandemic has also forever changed the cyber threat landscape, with our workforce becoming more dispersed, and potentially more vulnerable, than ever […]
  • CISA adds top cybersecurity experts to join COVID-19 response efforts July 31, 2020
    The Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of two leading cybersecurity experts to support the agency’s COVID-19 response efforts. Josh Corman is joining CISA as a Visiting Researcher, and Rob Arnold will join CISA’s National Risk Management Center as a Senior Cybersecurity and Risk Management Advisor.
  • COVID-19's impact on dark web travel agencies July 31, 2020
    Digital Shadows has published an updated blog which examines the state of the dark web travel industry. 
  • The failing approach of managing cybersecurity July 31, 2020
    To address this current losing war with cyberattackers, the future of cybersecurity requires augmenting the current focus of “indicators of compromise” with “indicators of exposure & warning” in real-time. Where the measure would be to gauge the shift of incident management that would tilt on managing more incidents at warning stages than on compromise stages. […]

RSS HelpNet

  • New Open Source Security Foundation wants to improve open source software security August 3, 2020
    The Linux Foundation announced the formation of the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community with targeted initiatives and best practices. It combines efforts from the Core Infrastructure Initiative, GitHub’s Open Source Security Coalition and other […]
    Industry News
  • Meetup vulnerabilities enabled group takeovers, payment redirections August 3, 2020
    Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over any Meetup group, access all group functions and assets, and redirect all Meetup payments/financial transactions to their PayPal account (some Meetup events are free, but some are not). What’s more, […]
    Zeljka Zorz
  • Granting employees admin status is convenient but risky August 3, 2020
    One of your employees needs access to part of your customer database so he can fulfill an urgent reporting request. You’re busy and this employee is trustworthy, so you grant him administrative status. Simple solution, right? You’ll revoke it later when you’re done with the other 600 critical things you’re working on right now. Right? […]
    Help Net Security
  • How AI can alleviate data lifecycle risks and challenges August 3, 2020
    The volume of business data worldwide is growing at an astounding pace, with some estimates showing the figure doubling every year. Over time, every company generates and accumulates a massive trove of data, files and content – some inconsequential and some highly sensitive and confidential in nature. Throughout the data lifecycle there are a variety […]
    Help Net Security
  • How privacy can decrease safety August 3, 2020
    As a software company founder, I spent the majority of 2017 collecting feedback from teens, pediatricians, church leaders, and school administrators of the trends they are seeing in the United States related to sexting and sextortion. Bark Technologies, which monitors over 5M teens text, email, school, and social media accounts, says that “texting is the […]
    Help Net Security
  • The COVID-19 pandemic and its impact on cybersecurity August 3, 2020
    The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for hackers and online scammers, and cybersecurity pros saw a 63 percent increase in cyber-attacks related to the pandemic, according to a survey by ISSA and ESG. Organizations were fairly prepared for the global pandemic Thirty-nine percent of respondents claim that they were very prepared to secure […]
    Help Net Security
  • IT skills shortage forces organizations to prioritize education August 3, 2020
    Netwrix conducted studies to understand how the pandemic and ensuing work-from-home initiatives has forced organizations to change their IT priorities since a similar survey at the end of 2019. IT skills shortage and increasing education At the end of 2019, data security was the #1 priority and it remains there now, with a whopping 76% […]
    Help Net Security
  • IoT data management services to reach $42.9 billion by 2026 August 3, 2020
    As the IoT data-enabled services continue to expand, the market is approaching the stage of data democratization, where real-time analytics is very sought after. Currently, data integration, real-time stream processing, and analytics services are falling under the umbrella of data management services within the IoT value chain, where each component has also seen economic growth. […]
    Help Net Security
  • Week in review: BootHole, RCEs in industrial VPNs, the cybersecurity profession crisis August 2, 2020
    Here’s an overview of some of last week’s most interesting news, articles, interviews and reviews: Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by attackers in the wild. Researchers find critical […]
    Help Net Security
  • Twitter employees were spear-phished over the phone July 31, 2020
    Twitter has finally shared more details about how the perpetrators of the recent hijacking of high-profile accounts to push a Bitcoin scam managed to pull it off. The way in To pull off the attack, attackers had to obtain access to Twitter’s internal network AND specific employee credentials that granted them access to internal support […]
    Zeljka Zorz