Ho Ka Terrance Yung wanted to go to Georgetown University School of Law. He had good grades and good LSAT scores and arranged for an “alumni” interview—an interview with a former Hoya to accelerate his application process. The interview did not go wel…
Tag: Governance, Risk & Compliance
Europe, Global Security News, North America
High Availability and Security for Cloud-Based Systems
by Dave Bermingham •
IT organizations striving to ensure compliance with HIPAA, Sarbanes-Oxley, BASEL II and similar regulations generally have a good grasp of the security considerations that apply to key hardware and software systems running in the cloud. They need to m…
Europe, Global Security News, North America
GAO: CISA, Treasury Must Assess Critical Infrastructure Risks
by George V. Hulme •
When attackers breached Colonial Pipeline using a stolen password, it took a lot of people by surprise. But the reality is such attacks against critical infrastructure were brewing for some time. Last week, the U.S. Government Accountability Office (G…
Europe, Global Security News, North America, Vulnerabilities
Russian Hackers Declare War on Lithuania — Killnet DDoS Panic
by Richi Jennings •
NATO member Lithuania is under attack from Russian hacking group Killnet. It raises serious concerns over Russia’s use of cyber warfare against NATO states.
The post Russian Hackers Declare War on Lithuania — Killnet DDoS Panic appeared first on Secur…
Europe, Global Security News, North America
How to Integrate Cyber Risk Management with ERM – RiskLens Presents to PRMIA
by Jeff B. Copeland •
RiskLens CEO Nick Sanna and Risk Transformation Adviser Rob Eslinger appeared at the recent event of the Professional Risk Managers’ International Association, “Cyber Risk in a Turbulent World,” and encouraged risk managers to rise up against the…
Europe, Global Security News, North America
ADPPA US Privacy Law: Coming Soon in Wake of Roe v. Wade Redo
by Richi Jennings •
We could soon have a federal GDPR. But the American Data Privacy and Protection Act wasn’t the only privacy related issue on Capitol Hill last week.
The post ADPPA US Privacy Law: Coming Soon in Wake of Roe v. Wade Redo appeared first on Security Boul…
Europe, Global Security News, North America, Vulnerabilities
NSA Wants To Help you Lock Down MS Windows in PowerShell
by Richi Jennings •
A new cheatsheet from four infosec agencies tells us how to use PowerShell for good, rather than let scrotes misuse it to “live off the land.”
The post NSA Wants To Help you Lock Down MS Windows in PowerShell appeared first on Security Boulevard.
Europe, Global Security News, North America
Managing risk in blockchain deployments
by Trail of Bits •
Do you need a blockchain? And if so, what kind? Trail of Bits has released an operational risk assessment report on blockchain technology. As more businesses consider the innovative advantages of blockchains and, more generally, distributed ledger tech…
Europe, Global Security News, North America
NIST Sets SSE Framework in Final SP 800-160 Guidance
by Nathan Eddy •
The National Institute of Standards and Technology (NIST) published a final version of updated standards for systems security engineering (SSE) with significant content and design changes, including a renewed emphasis on the importance of systems engi…
Europe, Global Security News, North America
On the Dangers of Cryptocurrencies and the Uselessness of Blockchain
by Bruce Schneier •
Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wro…
Europe, Global Security News, North America
AWS Security Best Practices
by Editor •
Discover AWS security best practices to follow while hardenign your cloud environment. Amazon Web Services is a cloud computing platform that offers computing power, storage space, content delivery and other functionalities.
The post AWS Security Best …
Europe, Global Security News, North America
The Million-Dollar Question: To Pay or Not to Pay Ransom?
by Aamir Lakhani •
Ransomware is one of the most serious threats to businesses today. In fact, a recent survey found that 85% of enterprises are more concerned about the prospect of ransomware attacks than any other kind of attack. The decision of whether or not to pay …
Europe, Global Security News, North America, Vulnerabilities
Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’
by Richi Jennings •
Capital One hacker Paige A. Thompson has been found guilty. But it has to be said that Capital One’s security design was absolutely awful.
The post Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’ appeared first on S…
Europe, Global Security News, North America
Responding to PCI 11.6.1: When Do I Need to Know if Something Has Changed On My Payment Page?
by [email protected] •
We’re taking a closer look at PCI 11.6.1, what it entails, and how you can enhance your security strategy to meet this new guidance.
The post Responding to PCI 11.6.1: When Do I Need to Know if Something Has Changed On My Payment Page? appeared first …
Europe, Global Security News, North America
Crosspost: A Simple SOAR Adoption Maturity Model
by Anton Chuvakin •
Originally written for a new Chronicle blog.
As security orchestration, automation and response (SOAR) adoption continues at a rapid pace, security operations teams have a greater need for a structured planning approach.
My favorite approach has been a…
Europe, Global Security News, North America, Vulnerabilities
HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
by Richi Jennings •
A study shows many U.S. hospitals are leaking personal information to Facebook. Experts say it’s a HIPAA violation.
The post HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook appeared first on Security Boulevard.
Europe, Global Security News, North America
Surfshark Finds US is the Most-Breached Country
by Natan Solomon •
A recent study by cybersecurity company Surfshark showed that the U.S. is the most breached country—and has been since 2004, among other alarming findings. With cybersecurity threats on the rise, Surfshark’s latest project is the first-ever tool that…
Europe, Global Security News, North America
How to Build Cybersecurity Resilience
by A.N. Ananth •
Cybersecurity has been changing rapidly over the past couple of years, due in no small part to the COVID-19 pandemic. In response, organizations have digitized at an unprecedented rate and, in the process, created new opportunities for cybersecurity s…
Europe, Global Security News, North America
How to Build Cybersecurity Resilience
by A.N. Ananth •
Cybersecurity has been changing rapidly over the past couple of years, due in no small part to the COVID-19 pandemic. In response, organizations have digitized at an unprecedented rate and, in the process, created new opportunities for cybersecurity s…
Europe, Global Security News, North America
What is GDPR Privacy by Design and Default?
by Editor •
A detailed guide on what GDPR privacy by design and by default is, ways to achieve it and their foundational principles.
The post What is GDPR Privacy by Design and Default? appeared first on Cyphere | Securing Your Cyber Sphere.
The post What is …
Europe, Global Security News, North America
Koverse Unveils Zero-Trust Platform for Managing Data
by Michael Vizard •
Koverse, Inc., a unit of SAIC, has updated its software-as-a-service (SaaS) platform this week to provide customers with a zero-trust approach to managing data. Version 4.0 of the Koverse Data Platform (KDP) adds a set of granular controls that limit …
Europe, Global Security News, North America
How Risk Management Increases MSSP Value to Customers
by Cyber Insights Team •
How Risk Management Increases MSSP Value to Customers
Small and mid-sized businesses (SMBs) face a gamut of risks for daily operations, and unfortunately, many just don’t have the skilled staff, time, or resources to identify, mitigate, and mana…
Europe, Global Security News, North America
Attacks on Blockchain
by Abhishek Bhati •
WEB3 is the new buzzword in the town of tech, and blockchain is the core technology that is powering this seismic shift in the sea of internet. Cybersecurity and blockchain most often work in a complementary manner, and both are […]
The post Attacks on…
Europe, Global Security News, North America
Preventing Malicious Script Execution: Do I Need a Proprietary Script Management System? “Yes” If You Want to Meet PCI 6.4.3
by [email protected] •
PCI 6.4.3 gives a nod to proprietary script management systems which have been created to specifically handle malicious script execution.
The post Preventing Malicious Script Execution: Do I Need a Proprietary Script Management System? “Yes” If You Wa…
Europe, Global Security News, North America, Vulnerabilities
Tesla Fails Yet Again: Hackers can Steal Cars via NFC
by Richi Jennings •
Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time.
The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Bouleva…
Europe, Global Security News, North America
Arctic Wolf Aims to Accelerate Cyberinsurance Assessments
by Michael Vizard •
Arctic Wolf is making available a tailored benchmark framework for vulnerability and insurability assessments to help cyberinsurers speed up evaluations and quickly determine whether organizations qualify for cyberinsurance. The number of organization…
Europe, Global Security News, North America
Invasion of Privacy, Anomaly or New Ethical Abnormal Norm?
by Christopher Burgess •
Recent events threw into stark relief companies’ abilities to invade your privacy with a few lines of code—and outcomes that raise our eyebrows. Tim Hortons Tracked Users 24×7 In the case of Tim Hortons of Canada, the company ran afoul of t…
Europe, Global Security News, North America
DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’
by Richi Jennings •
Feds are gloating over their “seizure” of the notorious SSNDOB marketplace, which traded in stolen personal information. But the action seems too little, too late.
The post DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’ appeared first on Security Bou…
Europe, Global Security News, North America
PCI Acknowledges Danger in Client-Side Attacks, Signals Mitigation Needs to be a Priority
by [email protected] •
PCI’s latest guidance, 6.4.3 prompts security teams to prioritize managing and mitigating client-side web application attacks.
The post PCI Acknowledges Danger in Client-Side Attacks, Signals Mitigation Needs to be a Priority appeared first on Source …
Europe, Global Security News, North America
A Complete Guide to US Data Protection Laws
by Mandy Bachus •
Based in the US and looking to ensure you are complying with data privacy regulations? Unlike the EU’s GDPR there is no single overarching data privacy legislation in the US.
The post A Complete Guide to US Data Protection Laws appeared first on…
Europe, Global Security News, North America
Survey Surfaces Need For More Security Collaboration
by Michael Vizard •
A survey of more than 2,000 IT decision-makers and security operations (SecOps) professionals in the U.S., United Kingdom and Australia found lots of room for improvement when it comes to the way cybersecurity and IT operations teams collaborate. The …
Europe, Global Security News, North America, Vulnerabilities
Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS
by Richi Jennings •
A nasty zero-click, zero-day RCE bug remains unpatched in Windows. Dubbed “Follina,” Microsoft’s done diddly-squat about it.
The post Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS appeared first on Security Boulevard.
Europe, Global Security News, North America
Five Questions To Ask Your CISO About Training
by Ed Amoroso •
Cybersecurity has emerged as an important component of the conversations that occur at the senior executive and board levels. Furthermore, it is no longer uncommon for boards and leadership teams to include at least one member who has some experience …
Europe, Global Security News, North America, Vulnerabilities
Are Vendors Failing in the Face of Open Source Cyberthreats?
by Timothy Boles •
Software vendors must understand the implications a breach in open source software might have on their own product or service. In December 2021, for example, a vulnerability was discovered in Log4j, an open source logging library extensively used by a…
Europe, Global Security News, North America
How to Build a Cloud Security Strategy
by John Morton •
As the head of security at a cloud-forward organization, you are a security and risk expert with strong business acumen. On your shoulders falls the difficult task of detecting security issues as early as possible to reduce your organization’s risk po…
Europe, Global Security News, North America
Tim Hortons ‘Misled’ Customers on Location Privacy — ‘Poorly Designed’ App Tracked Users 24×7
by Richi Jennings •
Canadian coffee-and-doughnuts joint, Timmies, has been politely rebuked by The Office of the Privacy Commissioner: Tim’s app kept tabs on your location—even when it wasn’t open.
The post Tim Hortons ‘Misled’ Customers on Location Privacy — ‘Poorly Des…
Europe, Global Security News, North America
Two Tools from RiskLens for Defensive Cyber Insurance Shopping
by Jeff B. Copeland •
The Wall Street Journal recently reported that premiums collected by the largest U.S. cyber insurance carriers in 2021 rose 92% year-over-year, largely in response to a surge in ransomware. Cyber risk insurers are also declining coverage to compa…
Europe, Global Security News, North America
Planning a Digital Makeover For Your Business? LoginRadius CIAM Can Help!
by Rakesh Soni •
Incorporating a CIAM solution could be the best way to overcome security and challenges related to customer experience. Learn how LoginRadius can help businesses navigate their digital transformation journey and scale growth.
The post Planning a Digita…
Europe, Global Security News, North America, Vulnerabilities
Digital Driver’s License Fails Spectacularly — ‘Laughably Easy’ to Forge
by Richi Jennings •
Is your state implementing a digital driver’s license? You’d better hope it does better than the Australian state of New South Wales.
The post Digital Driver’s License Fails Spectacularly — ‘Laughably Easy’ to Forge appeared first on Security Boulevar…
Europe, Global Security News, North America
Threat Modeling Should Be A Team Sport
by John P. Gormally, SR •
Threat Modeling Should Be A Team Sport
Pen-tester, Vulnerability Scanning, Risk Management, and Threat Modeling should be one engagement.
Pen-tester, Vulnerability Scanning, Risk Management, and Threat Modeling should be one engagement.
In 2020, a gr…