Tuesday, August 3, 2021

The Kaseya ransomware attack: A timeline

The attack on US-based software provider Kaseya by notorious Russia-linked ransomware group REvil in July 2021 is estimated to have affected up to 2,000 global organizations. REvil targeted a vulnerability (CVE-2021-30116) in a Kaseya remote computer management tool to...

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

The US General Accountability Office (GAO) issued the 19-page report, “Cybersecurity and Information Technology: Federal Agencies need to Strengthen Efforts to Address High-Risk Areas” on July 29. It was preceded by President Biden’s comments made to the Office of...

BrandPost: Improving Cybersecurity as a Team

No matter an organization's size or complexity, cybersecurity is a team sport. Departments and individuals across the board have a stake in ensuring that assets and data remain secure. Just like a successful sports team, collaboration among the players...

BrandPost: Cyberattacks Escalate, Putting Pressure on the Defensive

How serious is the threat to enterprises from cyberattacks? Look no further than Colonial Pipeline, whose 5,500-mile-long pipeline carries 45 percent of the U.S. East Coast’s fuel supplies. This vital fuel supplier was forced to temporarily shut down after...

Basic flaws put pneumatic tube transport systems in hospitals at risk

Researchers have identified several high-risk vulnerabilities in a popular model of pneumatic tube systems (PTS) that are used by many hospitals to transport sensitive materials including lab specimens, blood products, tests and medications between different departments. The flaws could...

CompTIA Security+: Prerequisites, obectives, and cost

CompTIA Security+ is a security certification offered by the Computing Technology Industry Association (CompTIA), a U.S.-based trade and industry nonprofit. Security+ is one of a suite of certifications that CompTIA offers across multiple IT disciplines; it's focused on entry-level...

5 riskiest mobile apps

Unsanctioned software and applications running on corporate mobile devices is a security nightmare. These can range from meeting genuine business needs—commonly referred to as Shadow IT—such as efficient, remote communication with colleagues or corporate document management via downloadable messaging...

BrandPost: Application whitelisting – an underutilized component of Zero Trust

From Colonial Pipeline, to JBS (the world’s largest meatpacker), to the recent hack on software company Kaseya, high-profile ransomware attacks are on the rise, with little sign of letting up. These crippling attacks lock access to systems and data...

BrandPost: Zero trust’s missing link: application whitelisting

From Colonial Pipeline, to JBS (the world’s largest meatpacker), to the recent hack on software company Kaseya, high-profile ransomware attacks are on the rise, with little sign of letting up. These crippling attacks lock access to systems and data...

CSO Global Intelligence Report: The State of Cybersecurity in 2021

Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats, and the challenges of securing remote workers. That’s the clear message of CSO’s Global Intelligence Report: The State of Cybersecurity...

BrandPost: Lessons in Security: School District Shares Pandemic Experiences

The education sector is a top target for cybercriminals, and faces “an unusually large percentage” of social engineering attacks, according to the 2021 Verizon Data Breach Investigations Report.The coronavirus pandemic, which spurred many individuals to study and work remotely,...

Biden memo, infrastructure deal deliver cybersecurity performance goals and money

Both the Biden administration and the Congress continued their frenetic pace this week to beef up the country's digital infrastructure protections through two highly consequential and unprecedented initiatives. Both efforts aim to prepare the nation for the next significant...

Security Recruiter Directory

Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in...

CSO's guide to the worst and most notable ransomware

Ransomware has a long history, dating back to the late 1980s. Today, it’s generating billions of dollars in revenue for the criminal groups behind it. Victims incur recovery costs even if they pay the ransom. Sophos reports that the...

BrandPost: Securing the Digital Infrastructure with Integrated Security Services

Many organizations are challenged with the evolving threat landscape, which continues to become much more sophisticated and harder to manage with isolated point products and disparate services. With the proliferation of new devices and billions of edges, customers are...

BrandPost: Securing Hybrid Data Centers and Preventing Ransomware

As more organizations reopen their offices to employees, many are still offering remote work as an option, with a new ‘work from anywhere’ model becoming the reality for the foreseeable future. The nature of flexibility in this work model...

BrandPost: Defend Against Ransomware With Relationship-Driven Incident Response

Cyberattacks are so sophisticated these days that even with the best education and training, employees inadvertently click links or download documents that look all too real.Furthermore, systems are often configured to allow downloads or macros that contain malicious files...

New US CISO appointments, July 2021

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for...

10 security tools all remote employees should have

It’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email...

BrandPost: Cloud Workload Security: The Importance of Network Data

Cloud workloads, deployed into highly dynamic environments, typically use and coexist with a wide range of cloud providers and third-party platforms and services. The workloads themselves can be built for cloud platforms, consist of serverless applications, or be designed...
The Register

Do you have a grip on the lifecycle security of your AWS-deployed applications?

Learn how to manage the risks of cloud native environments with Aqua and AWS Promo  There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your application development and...
TechRepublic

Beef up security in Firefox with Fission

Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.
TechRepublic

Cybersecurity professionals: Positive reinforcement works wonders with users

The blame game is not working; experts suggest using positive reinforcement to improve employee attitude and performance.
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...

Awful transaction and timing: AT&T finally ditches DirecTV

Enlarge (credit: Getty Images | Ronald Martinez) AT&T has completed its spinoff of DirecTV after six years of mismanagement in which nearly 10 million customers ditched the company's pay-TV services. AT&T bought DirecTV for $49 billion ($67 billion including...