- The Pentagon may require vendors certify their software is free of known flaws. Experts are split.on August 19, 2022 in Government, Policy, Threats, Department of Defense, National Institute of Standards and Technology (NIST), software, vulnerability disclosure
The debate is over whether the provision is unrealistic or if it's a game changing move to cut down on software vulnerabilities. The post The Pentagon may require vendors certify their software is free of known flaws. Experts are split. appeared first on CyberScoop.
- FAA awards $2.7 million for emergency response drone researchon August 19, 2022
Universities around the United States are researching drone implementations in emergency response and disaster preparedness with the aid of $2.7 million in research grants from the Federal Aviation Administration (FAA).
- Opinion: Why doctrinal arguments continue to stymie effective cyber policieson August 19, 2022 in Geopolitics, Government, Policy, China, Cyber Command, Department of Defense (DOD), foreign policy, hacking, National Security Agency (NSA), Pentagon, ransomware, Russia
U.S. cyberspace policymakers view military principles with a dangerous disregard of what it actually takes to make American networks secure. The post Opinion: Why doctrinal arguments continue to stymie effective cyber policies appeared first on CyberScoop.
- Angela Harris joins IFPO UK & Ireland Advisory Boardon August 19, 2022
Baroness Angela Harris has joined the Advisory Board of the International Foundation for Protection Officers (IFPO) U.K. and Ireland, bringing experience in government, law enforcement and the justice system.
- Apple warns of cybersecurity vulnerabilities affecting millions of deviceson August 19, 2022
Apple has disclosed security vulnerabilities affecting iPhones, Macs and iPads and released cybersecurity software updates for affected devices.
- iPhone Users Urged to Update to Patch 2 Zero-Dayson August 19, 2022 in Hacks, Mobile Security, News, Vulnerabilities, Apple iPhone, Apple vulnerabilities
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- 7 ways push-to-talk (PTT) improves physical security operationson August 19, 2022
How can security teams and physical security staff benefit from push to talk security technology?
- Drone security technology for indoor zoneson August 19, 2022
As interior unmanned aerial drone technology develops, security executives can consider a number of applications for the security technology within their organization.
- Don't underestimate mail security during the hybrid work eraon August 19, 2022
Enterprises must be better prepared with a full-scale mail security program that can adapt to an increasingly porous attack surface.
- Cyber Command's rotation 'problem' exacerbates talent shortage amid growing digital threaton August 18, 2022 in Government, Policy, Threats, Congress, Gen. Paul Nakasone, National Security Agency (NSA), Senate Armed Services Committee, U.S. Cyber Command
Many former Cyber Command and NSA officials say the military's rotation system and approach to retirement robs the military of cyber talent. The post Cyber Command's rotation 'problem' exacerbates talent shortage amid growing digital threat appeared first on CyberScoop.
- Cybersecurity workforce diversity efforts lag in the C-suiteon August 18, 2022
While women make up 24% of the cybersecurity workforce, they only hold 10% of leadership positions, according to results from the 2022 Global Chief Information Security Officer (CISO) Survey from Heidrick & Struggles.
- Energy department makes $45m investment in cybersecurityon August 18, 2022
The U.S. Department of Energy will allocate $45 million to protect the electric grid from cyberattacks.
- Cloud attacks on the supply chain are a huge concernon August 18, 2022
Organizations are concerned about third-party security breaches, with 48% concerned about potential data loss as a result of such risks, according to Proofpoint.
- Meta releases election security plan ahead of 2022 midtermson August 18, 2022
After concerns about misinformation spread via social media affecting the 2020 presidential election, Meta details their policies for voting information ahead of the 2022 U.S. midterm elections.
- Google Patches Chrome’s Fifth Zero-Day of the Yearon August 18, 2022 in Vulnerabilities, Web Security, Google Chrome, zero-day vulnerabilities
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
- Key questions to ask when building a cloud security strategyon August 18, 2022
Data privacy and security, and a lack of in-house cybersecurity expertise, and controlling costs — what are some of the top cloud obstacles?
- U.S. Cyber Command completes defensive cyber mission in Croatiaon August 18, 2022 in Geopolitics, Government, Threats, Cyber Command, international, National Security Agency (NSA)
Cyber National Mission Force deployed to Croatia recently, the latest example of a so-called "hunt forward" operation. The post U.S. Cyber Command completes defensive cyber mission in Croatia appeared first on CyberScoop.
- Getting ahead of certificate-related outages with automation and visibilityon August 18, 2022
The State of Machine Identity Management report from Keyfactor examined the role of public key infrastructure (PKI) and machine identities in securing modern enterprises.
- Best practices for protecting elected officialson August 18, 2022
By focusing on risk in elected official protection, security leaders can stay aware of emerging threats and prevent violent incidents from occurring.
- APT Lazarus Targets Engineers with macOS Malwareon August 17, 2022 in Government, Hacks
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
- 1044% increase in social media account hijackingon August 17, 2022
In 2021, the ITRC received the highest number of contacts in its history about identity crimes and requests for assistance to prevent identity misuse.
- Michael Register named Director of Georgia Bureau of Investigationon August 17, 2022
Law enforcement and public safety leader Michael "Mike" Register has been named the new Director of the Georgia Bureau of Investigation.
- Two-thirds of US businesses are targeted by security threats weeklyon August 17, 2022
The “2022 Mid-Year Outlook State of Protective Intelligence Report” by the Ontic Center for Protective Intelligence surveyed risk management & security professionals to determine enterprise threat levels.
- MSP burnout and cybersecurity — fight fire with fireon August 17, 2022
As much as cybersecurity is emblematic of Managed Service Providers (MSP) burnout, it can also provide relief. Here are a few ways to fight fire with fire.
- DEF CON Voting Village takes on election conspiracies, disinformationon August 17, 2022 in Government, Threats, DefCon, election security, Harri Hursti, Smartmatic
In the era of the "Big Lie," the Voting Village has another — and possibly more challenging — mission to fight conspiracy theories. The post DEF CON Voting Village takes on election conspiracies, disinformation appeared first on CyberScoop.
- Survey to explore gender diversity in Australian cybersecurity industryon August 17, 2022
A survey seeks to determine the gender diversity of the Australian cybersecurity sector and identify how to close the cyber skills gap.
- How security can support homeless populationson August 17, 2022
Strategies for supporting homeless people include training security officers in outreach and de-escalation, setting clear facility safety guidelines, and working with external partners.
- Global navigation in cyberspace: GPS and threats to national defenseon August 17, 2022
GPS is vulnerable to cyberattacks and other technical threats which could severely cripple the U.S. national defense systems and society as a whole.
- House leaders demand law enforcement agencies provide details on use of private dataon August 17, 2022 in Government, Privacy, Customs and Border Protection, data brokers, Department of Homeland Security (DHS), Department of Justice (DOJ), FBI, House Homeland Security Committee, House Judiciary Committee
Public records and reporting has revealed that federal agencies have spent millions of dollars on contracts with massive data brokers. The post House leaders demand law enforcement agencies provide details on use of private data appeared first on CyberScoop.
- 5 phases of zero trust in cloud adoptionon August 16, 2022
Organizations looking to expand their cloud adoption can incorporate zero trust principles to manage identity and access across their network.
- Pentagon put microgrid technology to the test at DEF CON, drawing on hackers' ingenuityon August 16, 2022 in Government, Technology, Threats, critical infrastructure, cyberthreats, Defense Digital Service, Department of Defense (DOD), electrical grid, U.S. Army
The collaboration unfolded at the cybersecurity conference in Las Vegas where more than 1,700 attendees attempted to outsmart DOD technology. The post Pentagon put microgrid technology to the test at DEF CON, drawing on hackers' ingenuity appeared first on CyberScoop.
- Applications open for SIA RISE young security professionals scholarshipon August 16, 2022
Young security professionals can win scholarships of up to $3,000 for security training and education, certification programs, industry events and more from the Security Industry Association (SIA).
- Rising to the challenge of modern data security and growing privacy regulationson August 16, 2022
A master data management approach can help organizations prepare today for tomorrow's data privacy, compliance and regulatory challenges.
- U.K. Water Supplier Hit with Clop Ransomware Attackon August 16, 2022 in Critical Infrastructure, Malware
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
- USB cyberattacks pose a threat to manufacturing & industrial sectoron August 16, 2022
The 2022 Honeywell Industrial Cybersecurity USB Threat Report found elevated threat levels regarding USB-borne cyberattacks on the industrial sector.
- Xiaomi Phone Bug Allowed Payment Forgeryon August 16, 2022 in Mobile Security, Vulnerabilities
Mobile transactions could’ve been disabled, created and signed by attackers.
- Key traits of security leaders in cyber resilienceon August 16, 2022
Learn about four levels of cybersecurity resilience that can be found in chief information security officers (CISOs).
- How to secure organizational SaaS and increase third-party visibilityon August 16, 2022
Unauthorized enterprise Software as a Service (SaaS) applications can present cybersecurity risks to a business. Gaining visibility into SaaS apps is key.
- Why Tornado Cash sanctions are drawing fierce criticism, potential court challenge from crypto groupon August 15, 2022 in Financial, Privacy, cryptocurrency, GitHub, Lazarus Group, sanctions, Treasury Department
Sanctions against the cryptocurrency mixer have ignited concern from industry stakeholders, privacy advocates and legal experts. The post Why Tornado Cash sanctions are drawing fierce criticism, potential court challenge from crypto group appeared first on CyberScoop.
- 6 areas to watch in the Software Bill of Materials evolutionon August 15, 2022
Software Bill of Materials (SBOM) are a critical tool in protecting enterprise and government organizations from software supply chain security threats.