- 5 steps to ward off zero-day exploitson July 5, 2022
Organizations must take a proactive and comprehensive security approach to warding off zero-day exploits. That strategy should include five parts.
- Latest Cyberattack Against Iran Part of Ongoing Campaignon July 5, 2022 in Critical Infrastructure, Government, Malware
Iran's steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country's rail system.
- Google Patches Actively Exploited Chrome Bugon July 5, 2022 in Vulnerabilities, Web Security
The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.
- Tips to bolster cybersecurity, incident response this 4th of July weekendon July 1, 2022
Cyber threat actors don't take holidays off. This Fourth of July weekend, take steps to ensure the right people, processes and tools are in place to reduce the risk of cyberattacks, or respond to a ransomware attack.
- Video management system secures global biopharmaceutical companyon July 1, 2022
Boehringer Ingelheim, one of the largest biopharmaceutical companies in the world, bolstered video surveillance with a video management system from Qognify. Learn more in this case study.
- Jon Raper named CISO at Costcoon July 1, 2022
Cybersecurity leader Jon Raper has been named the new Chief Information Security Officer (CISO) at Costco Wholesale.
- 3 security lessons we haven’t learned from the Kaseya breachon July 1, 2022
The massive Kaseya security breach that impacted thousands forced the industry to re-evaluate their software supply chain security practices. Here we break down the cybersecurity lessons that still need to be learned.
- Cybersecurity experts question Microsoft's Ukraine reporton July 1, 2022 in Geopolitics, Policy, Threats, cyberthreats, cyberwarfare, Microsoft, Russia, Ukraine
Critics said claims of a combined cyber and battlefield attack against a Ukrainian nuclear power plant are particularly irresponsible. The post Cybersecurity experts question Microsoft's Ukraine report appeared first on CyberScoop.
- 2022 RSAC takeaways: Risk management vs complianceon July 1, 2022
Compliance is vital. But when it justifies the status quo, a compliance-only approach to cybersecurity can be counterproductive. However, the adoption of a risk management approach can be the most useful to enterprise cybersecurity teams.
- Texas requires access control; school safety improvements this summeron July 1, 2022
The Texas Education Agency (TEA) and the Texas School Safety Center (TxSSC) released safety requirements for Texas schools after the school shooting in Uvalde that claimed 21 lives.
- Women in Security 2022: Bridget Guerrero, GoDaddyon July 1, 2022
At GoDaddy, Bridget Guerrero has been a critical partner in helping the company build a safety, security and resilience program.
- Women in Security 2022: Nicole Schmitt, Wireless Visionon July 1, 2022
As an asset protection leader, Nicole Schmitt, Director of Asset Protection at Wireless Vision, has built fraud prevention and crisis management programs from the ground up.
- Women in Security 2022: Joy Harris, Hunts Point Department of Public Safetyon July 1, 2022
Joy Harris leads by example as the Chief of the Hunts Point Department of Public Safety. She promotes food safety at the Hunts Point Produce Market, New York City’s produce hub.
- Women in Security 2022: Medha Bhalodkar, Columbia Universityon July 1, 2022
Medha Bhalodkar, CISO at Columbia University, has built cybersecurity and IT risk management programs that support security at the institution.
- Women in Security 2022: Natalie Willis, Nuclear Fuel Services (NFS)on July 1, 2022
Natalie Willis ensures the highest levels of security at Nuclear Fuel Services as Director of Security.
- Women in Security 2022: Julia Sanya, Capital Oneon July 1, 2022
Julia Sanya, Senior Manager, Enterprise Safety & Security at Capital One, built security in from the ground floor during a large-scale corporate construction project.
- Security’s 2022 Women in Securityon July 1, 2022
Security magazine presents its annual Women in Security awards program, honoring women who have shaped the security function at their organizations and the industry as a whole. These professionals represent the depth, breadth and diversity that make up women across all functions, roles and responsibilities within the security industry.
- Women in Security 2022: Michelle La Plante, Deere & Companyon July 1, 2022
Michelle La Plante, Global Security Manager at Deere & Company has a unique, well-rounded, holistic view of risk and intelligence thanks to her career journey thus far.
- Women in Security 2022: Diana Pan, The Museum of Modern Art (MoMA)on July 1, 2022
Diana Pan, Chief Technology Officer at The Museum of Modern Art (MoMA), develops and oversees cybersecurity solutions to protect MoMA’s assets from threats.
- Women in Security 2022: Paulette Henderson, Delta Air Lineson July 1, 2022
Delta Air Lines’ General Manager of Corporate Security/Revenue Protection Unit Paulette Henderson has spent more than 35 years combatting fraud and protecting her employer’s assets.
- Women in Security 2022: Kimberly Cheatle, PepsiCoon July 1, 2022
Kimberly Cheatle, Senior Director, Global Security at PepsiCo, thrives on helping to protect and support others, while providing risk mitigation strategies to ensure business continuity.
- Women in Security 2022: Theresa Bentch, Garmin Internationalon July 1, 2022
Theresa Bentch, Director of Security, Environmental Health & Safety and IT Risk Assurance, is responsible for the safety and security of thousands of associates and visitors throughout 116 global sites at Garmin.
- 6 enterprise data breach and cybersecurity defenseson July 1, 2022
Lost files and records may cost more than you think. From encryption to insider threats, review these cyber defense tactics to protect against data breaches.
- Women in Security 2022: Laureen Stephens-Rice, US Department of Stateon July 1, 2022
Laureen Stephens-Rice, Site Security Administrator and Advisor within the Department of State’s Overseas Buildings Operations, is focused on professional development and training, as well as championing diversity, equity and inclusion in national security.
- Mark Zuckerberg tells employees Facebook's 'encryption' will protect abortion-seeking userson June 30, 2022 in Privacy, Technology, abortion, encryption, Facebook, Mark Zuckerberg, Meta, privacy
Facebook has said it plans to fully roll out end-to-end encryption across its services by mid-2023. The post Mark Zuckerberg tells employees Facebook's 'encryption' will protect abortion-seeking users appeared first on CyberScoop.
- Post-Roe reproductive privacy goes beyond period trackers, experts sayon June 30, 2022 in Government, Privacy, abortion, Biden administration, data privacy, Department of Health and Human Services (HHS), U.S. Supreme Court
The Biden administration is also scrambling to figure out how to secure reproductive data. The post Post-Roe reproductive privacy goes beyond period trackers, experts say appeared first on CyberScoop.
- White House joins industry leaders to double down on commitment to zero truston June 30, 2022 in Government, Sponsored Content, Chris Inglis, Google Cloud, White House
U.S. National Cyber Director and top leaders from Google and Citibank promote public-private partnerships to increase critical cyber defenses at the recent Google Cloud Security Summit. The post White House joins industry leaders to double down on commitment to zero trust appeared first on CyberScoop.
- ZuoRAT Can Take Over Widely Used SOHO Routerson June 30, 2022 in Malware, Vulnerabilities
Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.
- Auston Davis named CISO at Versant Healthon June 30, 2022
Auston Davis has been named the new Chief Information Security Officer (CISO) at Versant Health.
- Lessons learned from slew of recent data breacheson June 30, 2022
Privileged access management (PAM) is vital for enterprise security. With proper PAM tools, procedures and processes in place, organizations can lessen the risk of being the next data breach victim.
- Michael Paterson named Chief Risk & Resilience Officer at PwC Canadaon June 30, 2022
Michael Paterson has been promoted to Chief Risk & Resilience Officer at PwC Canada.
- Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraineon June 30, 2022 in Geopolitics, Threats, Belarus, disinformation, Ghostwriter, Mandiant, Poland, Russia, Ukraine
Pro-Russian hacktivist channels amplified the Belarusian disinformation campaign, marking an interesting development, researchers said. The post Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine appeared first on CyberScoop.
- Keys to a successful security awareness programon June 30, 2022
With an increasingly dispersed workforce, security awareness has become both more critical and more challenging. The 2022 SANS Security Awareness Report discovered the top three signs of a successful security awareness program.
- Cybersecurity from the inside out — Guarding against insider threatson June 30, 2022
As new members join, security management teams must get ahead of the insider threat. What steps can be taken to protect the organization's crown jewels, or known and unknown assets?
- A Guide to Surviving a Ransomware Attackon June 30, 2022 in InfoSec Insider, Malware
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.
- We need the Foreign Intelligence Surveillance Act more than everon June 30, 2022
Lone offenders, the internet and social media are the biggest correlations between domestic and international terrorism. So why have Foreign Intelligence Surveillance Act (FISA) orders dropped by more than half in the last two years?
- Leaky Access Tokens Exposed Amazon Photos of Userson June 29, 2022 in Mobile Security, Privacy
Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.
- IC3 issues warning on deepfake use in remote work applicationson June 29, 2022
The FBI's Internet Crime Complaint Center (IC3) has warned about fraudulent job applications using deepfakes and stolen PII to attempt to earn IT and software development roles.
- NATO to create cyber rapid response force, increase cyber defense aid to Ukraineon June 29, 2022 in Geopolitics, Government, Threats, China, cyberthreats, cyberwarfare, NATO, Ukraine
The references the NATO declaration makes to cybersecurity depart from the past and reflect the increasing importance of cyberdefense to overall security, experts said. The post NATO to create cyber rapid response force, increase cyber defense aid to Ukraine appeared first on CyberScoop.
- Kurt John named Chief Security Officer at Expediaon June 29, 2022
Kurt John, former Siemens cybersecurity executive, has been named Chief Security Officer at Expedia.