2002 and Information Security - Cyber Security Informer

Determining FedRAMP Risk Impact Levels and Data Security Categories

Security Boulevard

SEPTEMBER 8, 2022

The Federal Information Security Modernization Act of 2002 (FISMA) requires all federal agencies and their contractors to implement. The post Determining FedRAMP Risk Impact Levels and Data Security Categories appeared first on Hyperproof.

Risk

Risk Information Security Data privacy

FISMA basics: What federal agencies and contractors need to know

CSO Magazine

MARCH 12, 2021

FISMA, or the Federal Information Security Management Act, is a U.S. federal law passed in 2002 that seeks to establish guidelines and cybersecurity standards for government tech infrastructure, and in so doing protect government information and operations. FISMA defininition: What does FISMA stand for?

Government

Government Information Security Cybersecurity

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 4, 2022

The flaws added to the catalog impact several products, including Windows, Office, Cisco, Oracle, Adobe, Mozilla, Siemens, Apache, Exim, Linux, and Treck TCP/IP stack.

Authentication

Authentication Hacking Cybersecurity Risk

HelloKitty ransomware gang also targets victims with DDoS attacks

Security Affairs

NOVEMBER 1, 2021

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The group’s operators use several techniques to breach the targets’ networks, such as exploiting SonicWall flaws (e.g., ” continues the alert.

DDOS

DDOS Ransomware Cybercrime Encryption

CSO's ultimate guide to security and privacy laws, regulations, and compliance

CSO Magazine

JANUARY 28, 2021

Federal Information Security Management Act (FISMA). Purpose: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. Fair and Accurate Credit Transaction Act (FACTA) , including Red Flags Rule. NERC) standards.

CSO

CSO Financial Services Consumer Protection Data privacy

Should the CISO Report to the CIO?

Cisco Security

JULY 1, 2021

The Chief Information Security Officer (CISO) is the organization’s senior executive in charge of the cybersecurity and the information technology risk management posture of the enterprise. FISMA designates departmental and agencies CIOs as the primary official responsible for their organizations’ IT security.

CISO

CISO Technology Risk Government

International Criminal Court hit with a cyber attack

Security Affairs

SEPTEMBER 20, 2023

It was established by the Rome Statute, which entered into force on July 1, 2002. “At the end of last week, the International Criminal Court’s services detected anomalous activity affecting its information systems. The ICC is headquartered in The Hague, Netherlands.

Cyber Attacks

Cyber Attacks Hacking Technology Cybersecurity

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The group’s operators use several techniques to breach the targets’ networks, such as exploiting SonicWall flaws (e.g.,

Cybercrime

Cybercrime Ransomware DDOS Encryption

Grandson of FISMA: Why We Desperately Need New Cybsersecurity Legislation from the 117th Congress

Cisco Security

AUGUST 12, 2021

The 47-page report provided significant detail to support the conclusion that “According to agency inspectors general, the average grade of the agencies’ overall information security maturity is C-.”. The Risk Management Framework doesn’t take into account that the human is the new perimeter of the enterprise.

CISO

CISO Information Security Risk Government

The attack on the International Criminal Court was targeted and sophisticated

Security Affairs

OCTOBER 22, 2023

It was established by the Rome Statute, which entered into force on July 1, 2002. The ICC is headquartered in The Hague, Netherlands.

Hacking

Hacking Cybersecurity Information Security

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

The Security Ledger

NOVEMBER 3, 2021

Programs like iDefense Labs Vulnerability Contributor Program (VCP) (launched in 2002) and TippingPoint’s Zero Day Initiative (2005) were accused -at the time- of incentivizing the work of criminals and bad actors. . For those firms, bug bounty platforms have been a critical bridge to the global community of “white hat” security pros.

Software

Software Manufacturing IoT Cyber Attacks

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The name “Silent Night” Zbot is likely a reference to a weapon mentioned in the 2002 movie xXx, it was first spotted in November 2019 when a seller named “Axe” started offering it on the Russian underground forum forum.exploit[.]in.

Banking

Banking Advertising Malware Data collection

FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

Security Affairs

DECEMBER 15, 2021

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The group’s operators use several techniques to breach the targets’ networks, such as exploiting SonicWall flaws (e.g.,

Ransomware

Ransomware Data breaches DDOS Healthcare

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

MAY 8, 2024

The researchers speculate that the vulnerability existed in DHCP since 2002, when option 121 was implemented. The researchers explained that during the attack, the victim cannot notice any disconnection to the VPN, they also remarked that the flaw isn’t tied to a specific VPN provider or implementation.

VPN

VPN Firewall Marketing Encryption

Citrix Workspace flaw can allow remote hack of devices running vulnerable app

Security Affairs

JULY 22, 2020

This vulnerability affects the following supported versions of Citrix Workspace app for Windows: Citrix Workspace app for Windows 1912 LTSR Citrix Workspace app for Windows 2002. .” Pen Test Partners also shared video proof of concept for this vulnerability. Citric has released versions 1912 LTSR CU1 and 2006.1

Hacking

Hacking Advertising Accountability Technology

3.4 Million user records from LiveAuctioneers hack available for sale

Security Affairs

JULY 14, 2020

LiveAuctioneers is one of the world’s largest art, antiques & collectibles online marketplace that was founded in 2002. The company confirmed the security breach over the weekend, it revealed that unknown threat actors accessed a partner’s systems in June stealing user information. million users.

Hacking

Hacking Data breaches Advertising Identity Theft

MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’

The Last Watchdog

MAY 3, 2024

Org overhaul As Todd reports, not only is Microsoft basing a portion of senior executive compensation on progress toward security goals, it also will install deputy chief information security officers (CISOs) in each product group,and bring together teams from its major platforms and product teams in “engineering waves” to overhaul security.

Software

Software Engineering Internet Internet

How to Comply with the U.S. Federal Trade Commission’s (FTC) revised Safeguards Rule

CyberSecurity Insiders

MARCH 28, 2023

Understanding the FTC Safeguards Rule The FTC Safeguards Rule is a set of regulations that require covered financial institutions to develop, implement, and maintain an information security program designed to protect customer information. What is the FTC Safeguards Rule? Implementation of multi-factor authentication.

Data breaches

Data breaches Authentication Risk Phishing

FISMA vs. FedRAMP in Government Cybersecurity

Centraleyes

MAY 2, 2024

Doing business with Uncle Sam involves navigating the complex landscape of government compliance, including FISMA (Federal Information Security Management Act) and FedRAMP (Federal Risk and Authorization Management Program). Enacted in 2002, FISMA represented a shift in how the U.S. government approached information security.

Government

Government Cybersecurity Information Security Risk

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

In 2018, the FBI Internet Crime Complaint Center (IC3) received complaints for 1,611 SIM swapping attacks, while the number of complaints in the period between 2018 e 2002 was 320 causing a total of losses of $12 million.

Banking

Banking Accountability Mobile Cryptocurrency

A people counter that didn’t add up and the dangers of the COVID IoT boom

SC Magazine

FEBRUARY 4, 2021

But the rush to purchase these devices, and fly-by-night operators to bring them to market, means security can fall to the wayside. According to its website, the London-headquartered firm has been operating since 2002 and counts a wide range of users, from L’Occitane to Levis, casinos to libraries.

IoT

IoT Media Marketing Retail

2024 Cybersecurity Laws & Regulations

eSecurity Planet

SEPTEMBER 21, 2024

Each of these regulations addresses different aspects of cybersecurity and data protection, making it essential for businesses and organizations to stay informed and proactive. Healthcare cybersecurity regulations also include provisions for breach notification and risk management.

Cybersecurity

Cybersecurity Computers and Electronics Cyber threats Healthcare

Identity-based Cryptography

Thales Cloud Protection & Licensing

SEPTEMBER 26, 2019

Findings are shared publicly, whenever possible, to further the advancement of the information security community. In Advances in Cryptology – ASIACRYPT 2002, pages 548–566. In Advances in Cryptology – ASIACRYPT 2002, pages 548–566. Springer Verlag, 2002. Cryptology ePrint Archive, Report 2002/098.

Encryption

Encryption Government Authentication Accountability

Microsoft announces the launch of a bug bounty program for Xbox

Security Affairs

FEBRUARY 2, 2020

Since launching in 2002, the Xbox network has enabled millions of users to share their common love of gaming on a safe and secure service. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Hacking Information Security

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

In 2018, the FBI Internet Crime Complaint Center (IC3) received complaints for 1,611 SIM swapping attacks, while the number of complaints in the period between 2018 e 2002 was 320 causing a total of losses of $12 million. ” reads the Publish Service Announcement published by the IC3.

Mobile

Mobile Cryptocurrency Accountability Passwords

Preventing another Equifax breach: Sevco Security wants to transform asset management

SC Magazine

JULY 1, 2021

Sevco Security announced $15 million in Series A funding on Wednesday contributing to a vision from the founders to transform an emerging product category much in the same way they did endpoint detection and response (EDR) with Carbon Black in 2002.

Data breaches

Data breaches Media Information Security

How the FTC’s Amendments to the Safeguards Rule Affects Auto Dealerships

Duo's Security Blog

JUNE 28, 2022

In 1999, Congress passed the Gramm-Leach-Bliley Act (GBLA) that established the 2002 Safeguards Rule. But the Safeguards Act sets a national standard, outlining what a reasonable information security program looks like. How does MFA fit into an information security program?

Authentication

Authentication Financial Services Technology Information Security

As market for cyber insurance booms, watchdog calls for better data

SC Magazine

MAY 24, 2021

In a report released May 20, the Government Accountability Office looked at how the private cybersecurity insurance market has developed over the past five yearsRich Baich is global chief information security officer for insurance giant AIG. Photo by Spencer Platt/Getty Images).

Cyber Insurance

Cyber Insurance Insurance Marketing Cyber Risk

How customers can improve product security (just ask)

SC Magazine

JUNE 25, 2021

The importance of product security isn’t a new idea. In 2002, Bill Gates announced Microsoft’s Trustworthy Computing (TwC) initiative after hearing concerns from major customers such as government agencies and financial corporations about the inherent threats lurking in software.

Software

Software Retail Cybersecurity IoT

Jeff Moss on the Evolution of Hacking at SecTor 2021

ForAllSecure

NOVEMBER 3, 2021

In the dot.com era, 1994-2002, this was the time of the commercial internet, the rise of search engines, and internet browsers. Moss noted that security people he'd known for years were started getting salaried jobs … and started using their legal names. Not really to steal, but to gain access to faster computers.

Hacking

Hacking InfoSec Internet Internet

FISMA Compliance: A Complete Guide to Navigating Low, Moderate, and High Levels

Centraleyes

APRIL 22, 2024

The Federal Information Security Modernization Act (FISMA) establishes a comprehensive strategy for enhancing the cybersecurity posture of federal agencies. FISMA Compliance FISMA, enacted in 2002, incorporated the principles outlined in FIPS-199 into its framework.

Risk

Risk Information Security Encryption Authentication

The Hacker Mind Podcast: Hacking Real World Criminals Online

ForAllSecure

MAY 2, 2023

VAMOSI: Here’s former US Attorney General John Ashcroft in 2002. the whole system and some of the FBI in general, you know, like, I think that the way that they treat people just in the information security community is a little I don't know, it's entitled. And so that's kind of my angst against that.

Hacking

Hacking Media InfoSec Internet

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

ForAllSecure

JANUARY 22, 2023

Having a common framework around vulnerabilities, around threats , helps us understand the information security landscape better. Literally, how the rebellion fighting the Empire has echoes in how we approach and mitigate information security threats. But in information security, it's not always true.

Engineering

Engineering Technology Information Security Authentication

ChatGPT: Cybersecurity friend or foe?

Malwarebytes

MAY 21, 2023

Why ChatGPT security concerns are both overblown and valid Artificial intelligence (AI) was once a science fiction cautionary tale—stories consistently warned against designing machines capable of surpassing human ingenuity. The program can help close the security knowledge gap by assisting in employee training.

Cybersecurity

Cybersecurity Artificial Intelligence Social Engineering Engineering

AI Regulation in Finance: Steering the Future with Consumer Protection at the Helm

Centraleyes

MAY 8, 2024

“The amount of digital data generated globally in 2002 (five terabytes) is now generated every two days, with 90% of the world’s information generated in just the past two years,” claims research by the Australian Government Productivity Commission.

Consumer Protection

Consumer Protection Banking Financial Services Government

Cyber Security Informer

Determining FedRAMP Risk Impact Levels and Data Security Categories

FISMA basics: What federal agencies and contractors need to know

Trending Sources

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

HelloKitty ransomware gang also targets victims with DDoS attacks

CSO's ultimate guide to security and privacy laws, regulations, and compliance

Should the CISO Report to the CIO?

International Criminal Court hit with a cyber attack

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Grandson of FISMA: Why We Desperately Need New Cybsersecurity Legislation from the 117th Congress

The attack on the International Criminal Court was targeted and sophisticated

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

Silent Night Zeus botnet available for sale in underground forums

FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

New TunnelVision technique can bypass the VPN encapsulation

Citrix Workspace flaw can allow remote hack of devices running vulnerable app

3.4 Million user records from LiveAuctioneers hack available for sale

MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’

How to Comply with the U.S. Federal Trade Commission’s (FTC) revised Safeguards Rule

FISMA vs. FedRAMP in Government Cybersecurity

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

A people counter that didn’t add up and the dangers of the COVID IoT boom

2024 Cybersecurity Laws & Regulations

Identity-based Cryptography

Microsoft announces the launch of a bug bounty program for Xbox

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Preventing another Equifax breach: Sevco Security wants to transform asset management

How the FTC’s Amendments to the Safeguards Rule Affects Auto Dealerships

As market for cyber insurance booms, watchdog calls for better data

How customers can improve product security (just ask)

Jeff Moss on the Evolution of Hacking at SecTor 2021

FISMA Compliance: A Complete Guide to Navigating Low, Moderate, and High Levels

The Hacker Mind Podcast: Hacking Real World Criminals Online

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

ChatGPT: Cybersecurity friend or foe?

AI Regulation in Finance: Steering the Future with Consumer Protection at the Helm

Stay Connected