Saturday, January 16, 2021

BrandPost: Creating a Zero Trust Foundation

To prevent security breaches and data loss, organizations have directed a lot of time, effort, and capital spend toward security initiatives. Even the most advanced “next generation” application layer firewalls filtering malicious traffic at the network perimeter have only revealed...

Security Recruiter Directory

Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and...

The biggest data breach fines, penalties and settlements so far

Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a...

17 types of Trojans and how to defend against them

Computer Trojans received their name from the infamous mythological horse. The Trojan’s basic mission is to mislead people of its real goal. A Trojan is malicious software that usually needs to be launched by the user or another malicious program. To...

5 things to look for in an XDR solution

About 18 months ago, I first wrote about XDR (eXtended Detection and Response) in this post on CSO.  Since then, it seems every security vendor—major security vendors and small companies alike—has jumped on the XDR bandwagon and embraced the...

BrandPost: Public Agencies Uncover Numerous Opportunities With Fortinet’s Fabric Management Center

State and local governments and educational (SLED) institutions face many of the same security challenges as other organizations, but often with less man power and budget, and more regulations that must be closely followed. For example, a local government...

Top SolarWinds risk assessment resources for Microsoft 365 and Azure

One silver lining that has come out of the SolarWinds (Solorigate) incident is the huge amount of new security blogs and content that Microsoft and other vendors have published. Even if your organization was not directly affected by the...

Hashing explained: Why it's your best bet to protect stored passwords

What is hashing? Hashing is a cryptographic process that can be used to validate the authenticity and integrity of various types of input. It is widely used in authentication systems to avoid storing plaintext passwords in databases, but is also...

BrandPost: Ransomware Attacks: Don't Think It Can Happen to You?

Just a few weeks ago several federal agencies, including the HHS and the FBI, issued a joint cybersecurity advisory warning healthcare organizations about an increased and imminent cybercrime threat from Russian criminal groups targeting hospitals with Ryuk ransomware. We...

3 security career lessons from <i>Back to the Future</i>

The security industry had a terrible year in 2020—some even think the worst ever. You can point to failures in working from home after COVID-19 struck, various election narratives, the SolarWinds breach, foreign nation-state cyberattacks, new ransomware, the global...

Lack of clarity hampers new regulation's ability to stop SolarWinds-type attack on power grid

One of the most pernicious aspects of the far-reaching and potentially devastating SolarWinds supply chain hack is that it successfully evaded detection for at least ten months by hiding inside seemingly normal software operations. The hack of SolarWinds’ Orion...

US bulk energy providers must now report attempted breaches

One of the most pernicious aspects of the far-reaching and potentially devastating SolarWinds supply chain hack is that it successfully evaded detection for at least ten months by hiding inside seemingly normal software operations. The hack of SolarWinds’ Orion...

What IT leadership looks like in 2021

As IT leaders meet the challenges of the COVID era, only one thing is assured – more change is coming sooner than you think.

Top 7 security mistakes when migrating to cloud-based apps

With the pandemic, many businesses have moved to more cloud-based applications out of necessity because more of us are working remotely. In a survey by Menlo Security of 200 IT managers, 40% of respondents said they are facing increasing...

BrandPost: Episode 1: Balancing act

In this episode of the Strengthen and Streamline Your Security podcast, we look at how an identity-based security framework can help organizations let users work from anywhere while securing them seamlessly. We’ll hear fresh insights from three experts: Joy...

The 15 biggest data breaches of the 21st century

Not long ago, a breach that compromised the data of a few million people would have been big news. Now, breaches that affect hundreds of millions or even billions of people are far too common. About 3.5 billion people...

BrandPost: How to Create a Security-first Mindset

Cybersecurity is first and foremost a business challenge. Many companies began recognizing this as digital transformation initiatives accelerated last year due to the pandemic, expanding the attack surface and associated cyber risks. For businesses uncertain about how to create...

33 hardware and firmware vulnerabilities: A guide to the threats

In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory. The flaws stemmed from a performance...

4 ways attackers exploit hosted services: What admins need to know

Experienced IT professionals are believed to be well protected from online scammers who profit mostly from gullible home users. However, a huge number of cyber attackers are targeting virtual server administrators and the services they manage. Here are some...

How to prepare for and respond to a SolarWinds-type attack

If you use the recently compromised SolarWinds Orion monitoring products, you are already reviewing your infrastructure and possibly blocking network access to the servers in your domain. For those of you who do not use the SolarWinds software, this...
The Hacker News

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of...
ZDNet

Iconic BugTraq security mailing list shuts down after 27 years

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.

Weekly Update 226

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
SC Magazine

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several...
ZDNet

Joker's Stash, the internet's largest carding forum, is shutting down

Joker's Stash to shut down on February 15, 2021.