Article: RevengeRAT and AysncRAT target aerospace and travel sectors - published over 3 years ago.
Content:
American Airlines flight 718, a Boeing 737 Max, is seen parked at its gate at Miami International Airport as passengers board for a flight to New York on December 29, 2020 in Miami, Florida. A campaign of remote access trojans is targeting the aerospace and travel industries. (Photo by Joe Raedle/Getty Images)
Microsoft Security Intelligence earlier this...
https://www.scmagazine.com/home/security-news/phishing/revengerat-and-aysncrat-target-aerospace-and-travel-sectors/
Article: In executive order, federal security provides impetus for far reaching cyber implications - published over 3 years ago.
Content:
Cyber warfare operators configure a threat intelligence feed for daily watch at Warfield Air National Guard Base, Middle River, Md. The Biden Administration has focused a lot of efforts on security federal systems, but many of the efforts have potential for trickle down impact.(U.S. Air Force photo by J.M. Eddins Jr.)
Pitched as a response to SolarWinds...
https://www.scmagazine.com/home/government/in-eo-federal-security-provides-impetus-for-far-reaching-cyber-implications/
Article: Arkose Labs looks to hit cybercriminals where it hurts with $70 million cash infusion - published over 3 years ago.
Content:
Arkose Labs CEO Kevin Gosschalk described the company’s end game as incentivizing cybercriminals to “get a job that’s legitimate.”
His words come as the online fraud and abuse prevention technology company announced this week $70 million in Series C funding, led by SoftBank Vision Fund 2. Wells Fargo Strategic Capital, as well as previous investors in M1...
https://www.scmagazine.com/home/security-news/arkose-labs-looks-to-hit-cybercriminals-where-it-hurts-with-70-million-cash-infusion/
Article: Biden’s executive order aims to improve threat sharing by revising language in federal contracts - published over 3 years ago.
Content:
President Biden last February speaks publicly prior to signing an executive order on the economy. Three months later, he would sign yet another EO designed to improve the nation’s cyber posture. (Photo by Doug Mills-Pool/Getty Images)
President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity proposes many ambitious goals, but among th...
https://www.scmagazine.com/home/government/bidens-executive-order-aims-to-improve-threat-sharing-by-revising-language-in-federal-contracts/
Article: Colonial Pipeline paying the ransom shows that only better security can stop this vicious cycle - published over 3 years ago.
Content:
Today’s special columnist, Lior Div of Cybereason, says Colonial Pipeline reportedly paying a $5 million ransom could up the ransomware game with even more attacks on networks and higher ransom demands. peripathetic CreativeCommons CC BY-NC-SA 2.0
Getting hit with ransomware puts every company in a tough spot – and there are no clear cut best practices t...
https://www.scmagazine.com/perspectives/what-colonial-pipeline-paying-the-ransom-means-moving-forward/
Article: BluBracket raises $12 million to expand operations and support a shift left in code testing - published over 3 years ago.
Content:
BluBracket got a congratulations by NASDAQ after its Series A funding, which the company will use to expand operations. (BlueBracket)
Code automation company BluBracket on Thursday said it raised $12 million in Series A funding so it can continue to work with DevSecOps teams to build security into products from the start and shift code development left.
...
https://www.scmagazine.com/home/security-news/blubracket-raises-12-million-to-expand-operations-and-support-a-shift-left-in-code-testing/
Article: The Mayo Clinic’s team approach saved my life; now I use it to build great software - published over 3 years ago.
Content:
Today’s columnist, Keith Ibarguen of Cofense, drew from the lifesaving cancer treatment he received at the Mayo Clinic to go on and apply the multidisciplinary approach used by the medical staff at Mayo to his work as a security software developer. alasam CreativeCommons CC BY-NC-ND 2.0
In 2017 I was diagnosed with liver cancer. I’ll spare you all the de...
https://www.scmagazine.com/perspectives/multidisciplinary-teams-saved-my-life-now-i-use-them-to-build-great-software/
Article: Developers knowingly push flawed code, doubt build environments are secure - published over 3 years ago.
Content:
Apple CEO Tim Cook delivers the keynote address during the 2019 Apple Worldwide Developer Conference (WWDC) at the San Jose Convention Center on June 03, 2019 in San Jose, California. New research found that most development teams, 81%, had knowingly pushed flawed code live.(Photo by Justin Sullivan/Getty Images)
Overwhelmed and resource-starved app deve...
https://www.scmagazine.com/application-security/developers-knowingly-push-flawed-code-doubt-build-environments-are-secure/
Article: Rapid7: Attackers got ‘limited access’ to source code, customer data after Codecov breach - published over 3 years ago.
Content:
A view of the entrance into the Rapid7 offices. The company confirmed that “a small subset” of its source code repositories and some customer credentials and other data were accessed by an unauthorized party. (Rapid7)
Security vendor Rapid7 confirmed that “a small subset” of its source code repositories and some customer credentials and other data were a...
https://www.scmagazine.com/home/security-news/data-breach/rapid7-attackers-got-limited-access-to-source-code-customer-data-after-codecov-breach/
Article: Biden signs massive cyber order, using federal buying power to influence broader private sector practices - published over 3 years ago.
Content:
President Joe Biden salutes as he walks along the Colonnade of the White House on Friday, March 12, 2021, en route to the Oval Office. (Official White House Photo by Adam Schultz)
Dating back to SolarWinds — the fallout to which started a few months before his administration — and continuing through the Microsoft Exchange hacking and the Colonial Pipelin...
https://www.scmagazine.com/home/government/biden-signs-massive-order-on-cybersecurity/
Article: What we’ve learned from the Colonial Pipeline cyberattack, and what to do about it - published over 3 years ago.
Content:
Today’s columnist, Grant Geyer of Claroty, offers some actionable advice in the wake of the Colonial Pipeline cyberattack. OrbitalJoe CreativeCommons CC BY-NC-ND 2.0
Last year a friend was preparing for a cybersecurity roundtable and asked me a thought-provoking question: What “black swan” event will make the world take stock of cybersecurity as an exist...
https://www.scmagazine.com/perspectives/what-weve-learned-from-the-colonial-pipeline-cyberattack-and-what-to-do-about-it/
Article: H&R Block seeks out open-source expertise to stock up on SOC talent - published over 3 years ago.
Content:
An H&R Block location in Gillette, Wyoming. (Mr. Satterly, CC0, via Wikimedia Commons)
College graduates and cert-holders certainly make for valuable hiring candidates. But dig a little deeper and you’ll find that contributors to open source projects constitute an overlooked pool of talent who can bring diversity of thought and experience to your sec...
https://www.scmagazine.com/home/security-news/network-security/hr-block-seeks-out-open-source-expertise-to-stock-up-on-soc-talent/
Article: Publishing exploits early doesn’t encourage patching or help defense, data shows - published over 3 years ago.
Content:
Inside New York City’s Cyber Command. Despite debate in the threat intel community, a new study finds that publishing exploits before patches are available does more harm than good. (New York University)
A new study quantifying the benefits and dangers to security when exploits are published before patches found a lot of the latter and little of the form...
https://www.scmagazine.com/home/patch-management/publishing-exploits-early-doesnt-encourage-patching-or-help-defense-data-shows/
Article: SMBs increasingly face same cyber threats as large enterprises - published over 3 years ago.
Content:
For the first time since the Verizon Data Breach Investigations Report began tracking cyberattack techniques, threat patterns affecting small and medium businesses began to closely align with the patterns affecting large firms. (Photo by Scott Olson/Getty Images)
For the first time since the Verizon Data Breach Investigations Report began tracking cybera...
https://www.scmagazine.com/home/security-news/network-security/smbs-increasingly-face-same-cyber-threats-as-large-enterprises/
Article: Microsoft fixes four critical vulnerabilities that pose risk to both data and infrastructure - published over 3 years ago.
Content:
Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windows 10. (Microsoft)
Microsoft fixed four critical vulnerabilities Tuesday, none of which to date are being exploited in the wild.
Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windo...
https://www.scmagazine.com/home/security-news/vulnerabilities/microsoft-fixes-four-critical-vulnerabilities-that-pose-risk-to-both-data-and-infrastructure/
Article: Biden signs massive order on cybersecurity - published over 3 years ago.
Content:
President Joe Biden salutes as he walks along the Colonnade of the White House on Friday, March 12, 2021, en route to the Oval Office. (Official White House Photo by Adam Schultz)
Dating back to SolarWinds — the fallout to which started a few months before his administration — and continuing through the Microsoft Exchange hacking and the Colonial Pipelin...
https://www.scmagazine.com/home/government/biden-signs-massive-order-on-cybersecurity/
Article: Issues with configuration of AWS service lead to exposure of 5 million records - published over 3 years ago.
Content:
Visitors arrive at the cloud pavilion of Amazon Web Services at the 2016 CeBIT digital technology trade fair in Hanover, Germany. AWS System Manager (SSM) misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents. (Photo by Sean Gal...
https://www.scmagazine.com/home/security-news/cloud-security/aws-configuration-issues-lead-to-exposure-of-5-million-records/
Article: 167 counterfeit apps used for financial scams against Android and iOS users - published over 3 years ago.
Content:
A pedestrian uses his cell phone by a sign outside of the JPMorgan Chase headquarters in New York City. Researchers found 167 counterfeit Android and iOS apps that attackers used to steal money from victims who believed they installed a financial trading, banking or cryptocurrency app. (Photo by Justin Sullivan/Getty Images)
Researchers on Wednesday rep...
https://www.scmagazine.com/home/security-news/mobile-security/167-counterfeit-apps-used-for-financial-scams-against-android-and-ios-users/
Article: Report finds old misconfiguration woes continue to hammer corporate clouds - published over 3 years ago.
Content:
Visitors crowd a cloud computing presentation at the CeBIT technology trade fair on March 2, 2011 in Hanover, Germany. Misconfigured buckets and leaky APIs continue to be the biggest and most impactful cloud security holes for businesses. (Sean Gallup/Getty Images)
Misconfigured buckets and leaky APIs continue to be the biggest and most impactful cloud s...
https://www.scmagazine.com/home/security-news/cloud-security/report-finds-old-misconfiguration-woes-continue-to-hammer-corporate-clouds/
Article: Microvirtualization at the heart of new HP hardware line - published over 3 years ago.
Content:
The Hewlett Packard (HP) logo is displayed in front of the office complex on October 04, 2019 in Palo Alto, California. HP announced Wolf Security, its new line of PCs, printers and a consolidated security platform that takes a hardware-centric approach to endpoint security. (Photo by Justin Sullivan/Getty Images)
Shifts to enable remote working amid the...
https://www.scmagazine.com/virtualization/microvirtualization-at-the-heart-of-new-hp-hardware-line/
Article: Embracing mainframe pen tests in the new normal - published over 3 years ago.
Content:
Today’s columnist, Mark Wilson of BMC Mainframe Services, writes about how the pandemic has finally shifted the culture and remote pen tests on mainframes are now acceptable. Agiorgio CreativeCommons CC BY-SA 4.0
Until recently, mainframe penetration testing was performed onsite for no other reason than “it’s a mainframe.” Yet the majority of non-mainfr...
https://www.scmagazine.com/perspectives/embracing-mainframe-pen-tests-in-the-new-normal/
Article: ‘Everyone had to rethink security’: What Microsoft learned from a chaotic year - published over 3 years ago.
Content:
Corporate Vice President of Security, Compliance and Identity Vasu Jakkal spoke to SC Media about lessons from a tumultuous year. (Microsoft)
The last year brought rapid growth shifts to remote work, combined with a frantic pace of mega-vulnerabilities that called into question fundamental approaches to supply chain and patch management.
This added ...
https://www.scmagazine.com/remote-access/everyone-had-to-rethink-how-they-think-about-security-what-microsoft-learned-from-a-chaotic-year/
Article: Colonial Pipeline attack underscores the need for vigilance - published over 3 years ago.
Content:
Today’s special columnist, Scott Register of Keysight Technologies, says government and industry must come together to secure the nation’s critical infrastructure in the wake of the Colonial Pipeline hack. Credit: Colonial Pipeline
For the past several days the cyberworld has focused on the May 7 ransomware attack on Colonial Pipeline that shut down t...
https://www.scmagazine.com/perspectives/colonial-pipeline-attack-underscores-the-need-for-vigilance/
Article: AWS configuration issues lead to exposure of 5 million records - published over 3 years ago.
Content:
Visitors arrive at the cloud pavilion of Amazon Web Services at the 2016 CeBIT digital technology trade fair in Hanover, Germany. AWS System Manager (SSM) misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents. (Photo by Sean Gal...
https://www.scmagazine.com/home/security-news/cloud-security/aws-configuration-issues-lead-to-exposure-of-5-million-records/
Article: Listen: Cybercrime investigator turned CISO, Petri Kuivala, talks evolution of security culture - published over 3 years ago.
Content:
Petri Kuivala got his start in cybersecurity on the force. He joined to do normal police work, never imagining that he’d end up in cybersecurity. Yet, after a few years, he joined a team that was among one of the first to develop IT-based crime analysis.
Today, Kuivala is the CISO at NXP Conductors based in Eindhoven, Holland but working remotely fro...
https://www.scmagazine.com/home/from-the-collaborative/listen-cybercrime-investigator-turned-ciso-petri-kuivala-talks-evolution-of-security-culture/
Article: Zix tricks: Phishing campaign creates false illusion that emails are safe - published over 3 years ago.
Content:
An Office 365 retail pack. (Raysonho @ Open Grid Scheduler / Grid Engine, CC0, via Wikimedia Commons)
Researchers last week spotted a phishing campaign that they say was designed to exploit users’ trust in Zix’s online email authentication solution, in hopes that potential victims would be lulled into a false sense of security.
The attack reached 5,00...
https://www.scmagazine.com/home/email-security/zix-tricks-phishing-campaign-creates-false-illusion-that-emails-are-safe/
Article: WATCH: FBI cyber division chief details support for businesses in the ransomware battle - published over 3 years ago.
Content:
As Colonial Pipeline struggles to return to operations amid a crippling ransomware attack, public and private sector alike want to know how law enforcement is leveraging technology, partnership with industry, and policy to manage the threat.
During a SC Media eSummit on ransomware at the end of 2020, Herb Stapleton, cyber division section chief at the F...
https://www.scmagazine.com/home/security-news/ransomware/watch-fbi-cyber-division-chief-details-how-his-team-will-support-businesses-in-the-ransomware-battle/
Article: WATCH: FBI cyber division chief details how his team will support businesses in the ransomware battle - published over 3 years ago.
Content:
As Colonial Pipeline struggles to return to operations amid a crippling ransomware attack, public and private sector alike want to know how law enforcement is leveraging technology, partnership with industry, and policy to manage the threat.
During a SC Media eSummit on ransomware at the end of 2020, Herb Stapleton, cyber division section chief at the F...
https://www.scmagazine.com/home/security-news/ransomware/watch-fbi-cyber-division-chief-details-how-his-team-will-support-businesses-in-the-ransomware-battle/
Article: Vulnerability attacks weakness in Microsoft Azure virtual machine extensions - published over 3 years ago.
Content:
Researchers at Intezer released details behind a previously undisclosed vulnerability that could allow Microsoft Azure users with low-level privileges to leak private data from any virtual machine extension plugged into their cloud environment. (Photo by Jeenah Moon/Getty Images)
Researchers at Intezer released details behind a previously undisclosed vul...
https://www.scmagazine.com/home/security-news/cloud-security/vulnerability-attacks-weakness-in-microsoft-azure-virtual-machine-extensions/
Article: How to find, fund and fix cyber risk blind spots - published over 3 years ago.
Content:
Today’s columnist, Sean McDermott of RedMonocle, says that companies should use the NIST 800-53 security and privacy controls to help find cyber risk blind spots. After that, companies need to fund and then fix the security gaps. Credit: NIST
The FBI Internet Crime Complaint Center reports that cybercrime has risen 300% in the last 12 months and concerns...
https://www.scmagazine.com/perspectives/how-to-find-fund-and-fix-cyber-risk-blind-spots/
Article: Why companies need a chief product security officer - published over 3 years ago.
Content: Digital transformation has changed the way companies do business, which has in turn changed the way consumers interact with the products and services companies provide. Where once the concept of product security was a niche feature of paramount importance to those companies that had a tangible product, the world has changed. As a result, the need to secure t...
https://www.scmagazine.com/perspectives/why-companies-need-a-chief-product-security-officer/
Article: Colonial Pipeline attack: What government can do to deter critical infrastructure cybercriminals - published over 3 years ago.
Content:
An aerial view of a Colonial Pipeline tank farm. A cyberattack that forced company to pause operations has cybersecurity experts questioning what tactics the U.S. government can take to deter cybercriminals. (Colonial Pipeline)
The cyberattack on the Colonial Pipeline spurred a clear message from the White House Monday that the onus lies with critical in...
https://www.scmagazine.com/home/security-news/ransomware/the-colonial-pipeline-attack-what-government-can-do-to-deter-critical-infrastructure-attacks/
Article: The Colonial Pipeline attack: What government can do to deter critical infrastructure attacks - published over 3 years ago.
Content:
An aerial view of a Colonial Pipeline tank farm. A cyberattack that forced company to pause operations has cybersecurity experts questioning what tactics the U.S. government can take to deter cybercriminals. (Colonial Pipeline)
The cyberattack on the Colonial Pipeline spurred a clear message from the White House Monday that the onus lies with critical in...
https://www.scmagazine.com/home/security-news/ransomware/the-colonial-pipeline-attack-what-government-can-do-to-deter-critical-infrastructure-attacks/
Article: CrowdStrike, Google partnership aims to deliver defense-in-depth for hybrid cloud environments - published over 3 years ago.
Content:
Urs Holzle, Senior Vice President for Technical Infrastructure at Google, speaks on the Google Cloud Platform during a Google I/O Developers Conference in San Francisco, California. CrowdStrike and Google Cloud announced a series of product integrations. (Photo by Stephen Lam/Getty Images)
CrowdStrike and Google Cloud on Monday announced a series of prod...
https://www.scmagazine.com/home/security-news/cloud-security/crowdstrike-google-partnership-aims-to-deliver-defense-in-depth-for-hybrid-cloud-environments/
Article: Colonial Pipeline attack spotlights risks of geographically dispersed networks in an industry that is ‘far behind’ - published over 3 years ago.
Content:
Fuel holding tanks are seen at Colonial Pipeline’s Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. Alpharetta, Georgia-based Colonial Pipeline, which has the largest fuel pipeline, was forced to shut down its oil and gas pipeline system on Friday after a ransomware attack that has slowed down the transportation of oil in the eastern U.S...
https://www.scmagazine.com/home/security-news/ransomware/colonial-pipeline-attack-spotlights-risks-of-geographically-dispersed-networks/
Article: White House: Colonial should be its own ‘first line of defense’ against attacks - published over 3 years ago.
Content:
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger and Homeland Security Advisor and Deputy National Security Advisor Dr. Elizabeth Sherwood-Randall speak about the Colonial Pipeline cyber attack during the daily press briefing at the White House on May 10, 2021 in Washington, DC. According to news reports, a criminal group f...
https://www.scmagazine.com/home/security-news/white-house-colonial-should-be-its-own-first-line-of-defense-against-attacks/
Article: Why companies need a Chief Product Security Officer - published over 3 years ago.
Content: Digital transformation has changed the way companies do business, which has in turn changed the way consumers interact with the products and services companies provide. Where once the concept of product security was a niche feature of paramount importance to those companies that had a tangible product, the world has changed. As a result, the need to secure t...
https://www.scmagazine.com/perspectives/why-companies-need-a-chief-product-security-officer/
Article: Small and medium businesses need their own federal cyber policy, say advocates - published over 3 years ago.
Content:
A woman works in a coffee shop in New York’s Chinatown on February 13, 2020 in New York City. Small and medium businesses often have distinct challenges tied to cybersecurity. (Photo by Spencer Platt/Getty Images)
Small to medium-sized businesses have drastically different cybersecurity preparedness, capacity and overall posture than their king-sized bre...
https://www.scmagazine.com/home/government/small-and-medium-businesses-need-their-own-federal-cyber-policy-say-advocates/
Article: Beware the gold rush: The risk of a cyber investment surge - published over 3 years ago.
Content:
Co-founder and CEO at Cloudflare Matthew Prince, center right, shares the stage with venture capital leaders at TechCrunch Disrupt Berlin 2019. Investment in cyber companies is booming after a year of cyber wake-up calls. (Photo by Noam Galai/Getty Images for TechCrunch)
During a May interview, veteran cyber executive Dave Dewalt threw some big numbers m...
https://www.scmagazine.com/home/editorial/beware-the-gold-rush-the-risk-of-a-cyber-investment-surge/
Article: Security researchers applaud Google’s move towards multi-factor authentication - published over 3 years ago.
Content:
A sign is displayed at the Google outdoor booth during exhibitor setups for CES 2020 at the Las Vegas Convention Center in Las Vegas, Nevada. Google announced that it will automatically enroll users in multifactor authentication – what they are calling two-step verification. (Photo by Mario Tama/Getty Images)
Google took an important step on Thursday by ...
https://www.scmagazine.com/password-management/security-researchers-applaud-googles-move-towards-multi-factor-authentication/
Article: Buer malware rewritten in Rust language to curb detection - published over 3 years ago.
Content:
Ferris, the Rust mascot
Developers of the malicious downloader Buer have taken the unusual step of rewriting the malware in a lesser-known Rust programming language, presumably to avoid detection while also potentially slowing down investigative analysis.
While it’s fairly common to find malware written in C, C+, Python and Java, threat actors have a...
https://www.scmagazine.com/home/security-news/malware/buer-malware-rewritten-in-rust-language-to-curb-detection/
Article: Jumpstart your adoption of Zero Trust with these three steps - published over 3 years ago.
Content:
Today’s columnist, Michael Covington of Wandera, says many companies start on their Zero Trust journey by focusing on SaaS apps first. Cerillium CreativeCommons CC BY 2.0
Zero Trust requires that all users are authenticated, authorized, and continuously assessed for risk to access corporate applications and data.
Many organizations begin their Zero Tr...
https://www.scmagazine.com/perspectives/jumpstart-your-adoption-of-zero-trust-with-these-three-steps/
Article: Financial sector saw a 125% increase in mobile phishing attacks during 2020 - published over 3 years ago.
Content:
Finance is among the sectors that has struggled most in compliance with a standard for storing and transmitting credit card information. (Uris at English Wikipedia/CC BY-SA 3.0)
Researchers on Thursday reported that despite a 50% increase in mobile device management (MDM) adoption during the past year, average quarterly exposure to phishing attacks on mo...
https://www.scmagazine.com/home/security-news/mobile-security/financial-sector-saw-a-125-increase-in-mobile-phishing-attacks-during-2020/
Article: The business of cyber: How security defines (or derails) success - published over 3 years ago.
Content:
Is cyber a hurdle to success, or might it be an enabler? In this SC Awards Winners Circle roundtable, cybersecurity leaders, and award recipients, share how organizations can shift the mindset and understand how a culture of security may be good for business.
SC Media senior reporter Joe Uchill is joined for the discussion by Sounil Yu, chief informatio...
https://www.scmagazine.com/scawards/the-business-of-cyber-how-security-defines-or-derails-success/
Article: Here’s the breakdown of cybersecurity stats only law firms usually see - published over 3 years ago.
Content:
Image of the Washington, D.C. office of law firm BakerHostetler.
In a field where every contractor releases an annual infosec report, BakerHostetler’s is unique. BakerHostetler, a law firm with a massive data and privacy presence, compiles data from their client’s experiences to offer a rare lawyer’s perspective on cyber statistics. No amount of vendor ...
https://www.scmagazine.com/home/security-news/legal-security-news/heres-the-breakdown-of-cybersecurity-stats-only-law-firms-usually-see/
Article: Vulnerability in Qualcomm chips lets an attacker snoop on calls and texts - published over 3 years ago.
Content:
Seen here, Qualcomm CEO Steve Mollenkopf (Qualcomm)
Checkpoint researchers shed new light this week on a vulnerability affecting a cellular chip embedded in 40% of the world’s smartphones that allows attackers to inject malware and snoop on text and voice conversations.
Back in August 2020, the company unveiled research around 400 different vulnerable...
https://www.scmagazine.com/home/security-news/mobile-security/vulnerability-in-qualcomm-chips-lets-an-attacker-snoop-on-calls-and-texts/
Article: SolarWinds hires CISO from within, enabling a quicker security transformation - published over 3 years ago.
Content:
SolarWinds this week announced that its vice president of security Tim Brown has taken on the additional title of CISO, as part of the company’s ongoing efforts to institute a secure-by-design posture. (“SolarWinds letters” by sfoskett at is licensed under CC BY-NC-SA 2.0)
SolarWinds this week announced that its vice president of security Tim Brown has ...
https://www.scmagazine.com/home/security-news/solarwinds-hires-ciso-from-within-enabling-a-quicker-security-transformation/
Article: Software developers warm up to automated testing as security, cloud rise in importance - published over 3 years ago.
Content:
A GitLab employee workstation. The company recently released an annual survey on software development trends. (GitLab’s website)
Developers are frustrated about the sluggish pace of testing code for security and functionality and are increasingly incorporating automation and machine learning to ease workloads, according to results from an annual survey o...
https://www.scmagazine.com/home/security-news/cloud-security/software-developers-warm-up-to-automated-testing-as-security-cloud-rise-in-importance/
Article: Choose Your Own Adventure game animates security awareness training - published over 3 years ago.
Content:
Infosec’s Choose Your Own Adventure training game “Deep Space Danger” tests employees on their knowledge of social engineering.
The employees at your organization are badly in need of security awareness training. What do you do?
A. Bore them with dull content that feels like a lecture.B. Engage them with gamified, interactive lessons.
“B” is obviou...
https://www.scmagazine.com/home/security-news/phishing/choose-your-own-adventure-game-animates-security-awareness-training/
Article: 21 vulnerabilities in Exim mail server leave web, cloud operations exposed - published over 3 years ago.
Content:
Promotional item put out by the Digital Equipment Corporation to promote the UNIX operating system. Twenty-one vulnerabilities were discovered in Exim Internet Mailer, a popular mail transfer agent (MTA) that’s available for major Unix-like operating systems. (KHanger/CC BY 3.0/https://commons.wikimedia.org/wiki/File:UNIX-Licence-Plate.JPG)
Researchers ...
https://www.scmagazine.com/home/security-news/vulnerabilities/21-vulnerabilities-in-exim-mail-server-leave-web-cloud-operations-exposed/
Article: Five takeaways from the FBI 2020 Internet Crime Report - published over 3 years ago.
Content:
FBI Director Christopher Wray speaks in Washington, D.C. Today’s columnist, Brian Johnson of Armorblox, offers five takeaways from the FBI’s 2020 Internet Crime Report. Credit: FBI
The FBI Internet Crime Complaint Center (IC3) in March released its 2020 Internet Crime Report with updated statistics on Business Email Compromise (BEC), Email Account Compro...
https://www.scmagazine.com/perspectives/five-takeaways-from-the-fbi-2020-internet-crime-report/
Article: Next gen tech: Most promising areas of emerging technology and innovation in cyber - published over 3 years ago.
Content:
As adversaries evolve their technique, so must the cyber industry. In this SC Awards Winners Circle roundtable discussion, SC Media speaks to cybersecurity leaders, and SC Award recipients, about the most compelling areas of technology for ensuring the protection of sensitive data and networks.
Joining SC Media’s Derek Johnson for the discussion is TJ J...
https://www.scmagazine.com/scawards/next-gen-tech-most-promising-areas-of-emerging-technology-and-innovation-in-cyber/
Article: IP or just generic tech? Palo Alto argues Centripetal patent claims are overly broad - published over 3 years ago.
Content:
Signage with logo at the Silicon Valley headquarters of computer security and firewall company Palo Alto Networks, Santa Clara, California, August 17, 2017. Palo Alto Networks asked a Virginia judge to dismiss a patent lawsuit filed against them by Centripetal Networks. (Photo via Smith Collection/Gado/Getty Images).
Palo Alto Networks asked a Virginia j...
https://www.scmagazine.com/firewalls-ipsec-vpns/ip-or-just-generic-tech-palo-alto-argues-centripetal-patent-claims-are-overly-broad/
Article: 180+ OAuth 2.0 cloud malware apps detected - published over 3 years ago.
Content:
Proofpoint offices in Toronto, Canada. (Raysonho @ Open Grid Scheduler / Scalable Grid Engine, CC0, via Wikimedia Commons)
Researchers issued a warning on Wednesday to any company running cloud apps, reporting that in 2020 they detected more than 180 different malicious open authorization (OAuth) applications attacking 55% of their customers with a succe...
https://www.scmagazine.com/home/security-news/cloud-security/180-oauth-2-0-cloud-malware-apps-detected/
Article: BazarBackdoor phishing campaign eschews links and files to avoid raising red flags - published over 3 years ago.
Content:
A pair of related phishing campaigns this year took the unusual step of intentionally avoiding malicious links or attachments in its emails – a sign that threat actors may recognize the need to come up with new tactics. Here, workers prepare a presentation the day before the CeBIT 2012 technology trade fair. (Sean Gallup/Getty Images)
A pair of related ...
https://www.scmagazine.com/home/security-news/phishing/bazarbackdoor-phishing-campaign-eschews-links-and-files-to-avoid-raising-red-flags/
Article: Chart a course to the passwordless future on World Password Day - published over 3 years ago.
Content:
Today’s columnist, Jasson Casey of Beyond Identity, offers a path for security teams to move off shared secrets and embrace a passwordless world. WorldsDirection CreativeCommons CCO 1.0
It’s World Password Day, do the company’s users still rely on passwords? Has the security team replaced them? Passwords are no longer considered a secure way to log in, s...
https://www.scmagazine.com/perspectives/chart-a-course-to-the-passwordless-future-on-world-password-day/
Article: Listen: CEO of Novel Security, Lee Parrish, on why compliance is not security - published over 3 years ago.
Content:
In an article for CISO Compass, CEO and CISO, Lee Parrish, deftly uses a colonoscopy metaphor to illustrate the difference between security and compliance.
This isn’t his first foray into thinking outside the box to explain cybersecurity. Parrish has published numerous articles and even written a children’s book on security, entitled, “Cyber Sam, Th...
https://www.scmagazine.com/home/from-the-collaborative/listen-ceo-of-novel-security-lee-parrish-on-why-compliance-is-not-security/