NIST Releases 'Critical Software' Definition for US Agencies
The National Institute of Standards and Technology has published its definition of what "critical software" means for the U.S. federal government, as the standards agency begins fulfilling some of the requirements laid out in President Joe Biden's executive order on cybersecurity.
Cisco ASA Bug Now Actively Exploited as PoC Drops
Researchers have dropped a proof-of-concept (PoC) exploit on Twitter for a known cross-site scripting (XSS) vulnerability in the Cisco Adaptive Security Appliance (ASA). The move comes as reports surface of in-the-wild exploitation of the bug.
Bipartisan Legislation Would Establish Cybersecurity Literacy Campaign
A bipartisan group of U.S. House members introduced legislation to establish a cybersecurity literacy and public awareness campaign. The cybersecurity literacy bill comes amid the increasing onslaught of cyberattacks. These include headline-grabbing attacks on SolarWinds and Microsoft Exchange, and ransomware attacks such as Colonial Pipeline and JBS USA.
Sécuriser Microsoft Office 365 face à la nouvelle normalité…
Autrefois considéré comme un avantage stratégique, le cloud est rapidement devenu indispensable au sein des entreprises. Son adoption, ainsi que l’efficacité et l’agilité qu’il procure, figurent en bonne place de l’ordre du jour des conseils d’administration depuis plusieurs années maintenant.
Vectra launches Detect for AWS
Detect for AWS is a cloud-native SaaS solution that provides continuous, scalable agentless threat detection, prioritisation, investigation, and response to attacks targeting applications running on AWS, as well as users, compute, and storage instances, including the use on AWS of the control plane itself. Detect for AWS works both at runtime and holistically across all AWS regions and does not require packet mirroring.
SEC Reportedly Probing SolarWinds Breach
Clients of SolarWinds, which experienced a high-profile data breach last year, are being targeted in a probe by the U.S. Securities and Exchange Commission, according to a Reuters report. The investigation is focusing on whether some of the companies doing business with the network management software maker failed to disclose they were affected by the attack, Reuters reported Monday, citing two anonymous sources familiar with the investigation.
CISA Believes SolarWinds Attack Could Have Been Prevented with Simple Countermeasure
The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) says the 2020 SolarWinds supply chain cybersecurity compromise could have been prevented with a decade-old security recommendation.
Could Better Cyber Hygiene Have Prevented the SolarWinds Attack?
The Cybersecurity and Infrastructure Security Agency confirmed this week in a letter that better cyber hygiene – specifically, blocking SolarWinds Orion servers from outbound internet traffic – could have helped prevent the supply chain attack. But cybersecurity experts say that alone would not have protected organizations from being infiltrated.
Ukraine arrests ransomware gang in global cyber criminal crackdown
Ukranian police have raided the headquarters of the notorious Cl0p ransomware gang, seizing computer hardware used in its operations along with the equivalent of $184,000, which is most likely ransom money.
From AI to Teamwork: 7 Key Skills for Data Scientists
The Bureau of Labor Statistics lists jobs in data science in the top 15 fastest growing occupations with projected 31 percent job growth over the next 10 years. With data increasingly becoming the lifeblood of all organizations, data scientists need to be equipped not only with the right technical skills, but a robust dose of business acumen as well.
Wegmans Notifies Customers of Data Leak
The Wegmans data leak appears to have exposed customers’ names, addresses, phone numbers, birth dates, Shoppers Club numbers, and Wegmans.com account e-mail addresses and (salted) passwords. However, no payment information was leaked. Wegmans warned customers of a potential credential stuffing attack some months earlier.
Wegmans Reports Misconfigurations on Two Cloud Databases
Another company was caught in a cloud misconfiguration issue as Wegmans Food Markets notified its customers that two of its cloud databases were left open to potential outside access. In a notice released to its customers, Wegmans said the type of customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, and email addresses and passwords for access to Wegmans.com accounts.
NSA Offers Tips on Securing Unified Communication Channels
The U.S. National Security Agency has released guidance to help federal agencies and business enterprises protect their unified communications channels and voice/video over IP calls from cyberthreats.
6 Clop Ransomware Operation Suspects Arrested in Ukraine
With the assistance and coordination of Interpol and law enforcement officers from the Republic of Korea and the United States, Ukrainian police have arrested six alleged members of the Clop ransomware gang.
Dear Enterprise IT: Cybercriminals Use AI Too
In a 2017 Deloitte survey, only 42% of respondents considered their institutions to be extremely or very effective at managing cybersecurity risk. The pandemic has certainly done nothing to alleviate these concerns. Despite increased IT security investments companies made in 2020 to deal with distributed IT and work-from-home challenges, nearly 80% of senior IT workers and IT security leaders believe their organizations lack sufficient defenses against cyberattacks, according to IDG.
Clop Raid: A Big Win in the War on Ransomware?
The noisy raid of the Clop ransomware gang in Ukraine was a major win according to most experts throughout the cybersecurity community, who said the moment marks a shift in the international war on ransomware.
Ukrainian Police Partner with US, South Korea for Raid on Clop Ransomware Members
The Ukrainian National Police announced a series of raids that ended with the arrest of six people allegedly part of the group behind the Clop ransomware.
Le plan de gestion du Cloud est-il un nouveau front pour la cybersécurité ?
Le plan de gestion assure la gestion et l’orchestration du déploiement du Cloud dans une entreprise. C’est à ce niveau que les configurations de référence sont définies, que l’accès des utilisateurs et des rôles est fourni, ainsi que l’emplacement des applications afin qu’elles puissent s’exécuter avec les services associés— on peut le comparer au contrôle du trafic aérien dans le cadre des applications.
Nurturing a Relationship between AI and the Security Team
No matter the industry, adding AI technologies to work processes has made a lot of employees nervous. There is fear that automation is taking over and that robots will eventually push out the human workforce. To quell these fears, it’s the responsibility of business decision makers to instead nurture the relationship between humans and AI/ML technologies and show how technology can help make the worker more productive and decrease burnout.
Vision and Visibility: The Intersection Between the Adversary and Defender
If adversaries were attacking the Microsoft Exchange servers at your company, could your team detect and block it? Today’s columnist, Tim Wade of Vectra AI, offers strategies for improving visibility so you can.
The Cybersecurity Outlook for 2021 and Beyond
Cyberattacks in the first half of 2021 have escalated globally to affect virtually every industry. Earlier this year TechNewsWorld spoke with cybersecurity experts about the expanding threat landscape, imminent threats, and what can be done to counter the ongoing offensives against the IT systems of companies, organizations, and government agencies.
White House Pushes Private Sector to Address Ransomware
The White House put the private sector on notice Thursday, June 3, 2021, demanding that organizations bolster security to meet increasingly aggressive and disruptive cybersecurity threats and urged them to “immediately convene their leadership teams” to “review corporate security posture and business continuity plans.”
First Gas, Now Meat: Latest Cybersecurity Attack Shows Criminals Are Expanding Their Scope
The good news from the JBS Foods ransomware attack is that it seems to have followed one of the basic tenets of cybersecurity — make back-ups. The bad news is that cybercriminals have expanded their scope beyond stealing business data to sabotaging consumer supply chains.
93% of Fraud Attacks Occur Online
Feedzai has announced its Quarterly Financial Crime Report, an analysis of over 12 billion global banking transactions from January – March 2021. The report identifies trends in spending and in fraud attempts to show that this past quarter, as consumer activities increased, fraudsters attempted to hide their fraudulent transactions in legitimate banking.
White House Urges US Companies to Take Ransomware Seriously
Following recent cyberattacks against key operations in the U.S., the White House is pushing companies to take ransomware seriously and beef up their defenses against it.