SecureWorld News

JULY 31, 2023

Cybersecurity professionals have various views on last week's news from the United States Securities and Exchange Commission (SEC) when it surprised the InfoSec community and the C-suites of corporate America. Management is required to connect the dots of cybersecurity impacts on the business.

CISO 98

CISO InfoSec Risk Cybersecurity 98

Notice Bored

JUNE 21, 2022

Thinking about the principles underpinning information risk and security, here's a tidy little stack of "Hinson tips" - one-liners to set the old brain cells working this chilly mid-Winter morning: Address information confidentiality, integrity and availability, broadly Address internal and external threats, both deliberate and accidental/natural Celebrate (..)

InfoSec 63

InfoSec Risk Engineering Accountability 63

Security Affairs

OCTOBER 4, 2020

The vulnerabilities have been reported to HP by the infosec researchers Nick Bloor, an attacker could chain the three issues to achieve SYSTEM privileges on targeted devices and potentially take over them. The issue does not impact customers who use Active Directory authenticated accounts. ” reads the HP’s advisory.

Hacking 143

Hacking Accountability Passwords Advertising 143

SC Magazine

APRIL 19, 2021

By some accounts, ransomware attacks increased nearly 150% in the past year, and insurance claims and costs of payments skyrocketed after having already jumped approximately 230% between 2018-19. The NY DFS Cyber Insurance Risk Framework outlines a 7-point program for insurers to manage their cyber insurance risk.

Insurance 113

Insurance Cyber Insurance Ransomware InfoSec 113

The Last Watchdog

JANUARY 28, 2019

Yet it’s my experience that most people don’t fully appreciate the profound risks they face online and all too many still do not practice simple behaviors that can dramatically reduce their chances of being victimized by malicious parties. And once they do, they swiftly try to gain access to accounts on other popular services.

Passwords 196

Passwords Password Management Internet Internet 196

Malwarebytes

JULY 10, 2023

The other vulnerabilities included cross-site scripting (XSS), potentially used to hijack accounts or impersonate others (CVE-2023-36459), and a technique used for phishing through “verified profile links” (CVE-2023-36462). could be at risk. Until you update, anything above Mastodon version 3.5.0 Happy Tooting!

InfoSec 91

InfoSec Penetration Testing Media Risk 91

SecureWorld News

JUNE 24, 2024

Additionally, there sectoral privacy regulations in the United States, such as the Health Insurance Portability and Accountability Act (HIPAA), and state level regulations like the California Consumer Privacy Act (CCPA). Facilitate continuous monitoring of data risks and threats. Classify data assets by business value and risk.

IoT 108

IoT InfoSec Artificial Intelligence Risk 108

SecureWorld News

SEPTEMBER 12, 2023

On June 14, 2019, Taylor Swift posted a seemingly random string of text to her social media accounts: gxgjxkhdkdkydkhdkhfjvjfj!!! These skills also happen to apply to information security (infosec) and cyber threat intelligence and research. And you'll leave your first infosec conference with an armful of them.

Cybersecurity 104

Cybersecurity InfoSec Threat Detection Accountability 104

Notice Bored

JUNE 23, 2022

ISO/IEC 27003 offers a page of 'guidance on formulating an information security risk treatment plan (6.1.3 Plus there's the added question of whether even fully implemented controls are in fact effectively mitigating the risks as intended: are they in use, active, working properly, generating value for the organisation and earning their keep?

Risk 63

Risk Architecture Accountability InfoSec 63

Notice Bored

JULY 23, 2020

For the next phase of SecAware ISMS , I'm documenting the management process for determining and allocating information risk and security responsibilities. It turns out there may be several corporate functions, teams and individuals, each performing numerous activities relating to information risk and security.

InfoSec 52

InfoSec Risk Accountability Government 52

CyberSecurity Insiders

JUNE 18, 2022

Last week the infosec community was hit with news about a new Windows 0-day vulnerability, Follina. The attacker can then install programs; view, change, or delete data; or create new accounts in the context allowed by the user’s rights. Therefore, mitigating the risk from this vulnerability requires a comprehensive approach.

Risk 96

Risk Phishing InfoSec Antivirus 96

Notice Bored

APRIL 20, 2022

When you acquire or provide professional services, how do you address the associated information risks? In theory, clients and providers should proactively identify, evaluate and address information risks relating to or arising from professional services in order to avoid, reduce or limit the damage arising from such incidents.

Risk 72

Risk Energy and Utilities Computers and Electronics Telecommunications 72

Notice Bored

SEPTEMBER 26, 2020

The decision to go for ISO/IEC 27001 certification, for instance, flows largely from management's appreciation of the business value of investing in information risk and security management good practices. Taking it all into account, the benefits are overwhelming. but there's more to it.

InfoSec 52

InfoSec Information Security Manufacturing Risk 52

Webroot

MAY 3, 2022

Think of all the accounts you have with different providers. Your password for each of your accounts needs to be difficult to guess and unpredictable. That’s why maintaining password integrity helps protect our online lives and reduces the risk of becoming a victim of identity theft or data loss. What is password integrity?

Passwords 131

Passwords Identity Theft Password Management Antivirus 131

Troy Hunt

JANUARY 10, 2018

It's the address on Aadhaar's Twitter account , it's the first result on a Google search and time and time again, it's promoted as the site people should go to before doing anything else Aadhaar related. The fix for this risk is HTTP Strict Transport Security or HSTS for short. We've had it for years and it works in every browser.

Hacking 279

Hacking Government Encryption Risk 279

The Falcon's View

JANUARY 3, 2019

Consider, if you will, that fundamentally we in infosec want people to make better decisions. However, when people are empowered to make their own decisions and are held accountable for the lasting impacting , then and only then will they start adopting more of a caretaker mentality and start considering long-term impacts.

InfoSec 40

InfoSec Engineering Digital transformation CISO 40

SecureWorld News

DECEMBER 11, 2023

We covered the new rules on July 31, with some thoughts from InfoSec leaders. Public companies will also have to share details about their "cybersecurity risk management, strategy, and governance" on an annual basis. The threat of cyber disruption is material and represents a risk to businesses. Immediately or not, Dec.

CISO 104

CISO Risk Cybersecurity Government 104

Security Boulevard

JUNE 22, 2021

The global research reveals the disconnect between business decision makers and security teams, even as new risks from remote working and ransomware grow. The post More than a third of organizations hold no one accountable for cyberattacks, according to research from LogRhythm appeared first on LogRhythm. London, UK.

Accountability 64

Accountability Ransomware Risk InfoSec 64

CyberSecurity Insiders

JUNE 16, 2023

However, sensitive data is transmitted freely across internal and external APIs, increasing the risk of accidental or malicious exposure of different sensitive data types. Leading analysts and research firms have sounded the alarm about growing data security risks via API.

Risk 131

Risk Firewall Data breaches InfoSec 131

Security Boulevard

FEBRUARY 27, 2023

So, if we apply this to our analogy, we could class this data as low risk. However, would you react the same way if a single piece of low-risk data is affected (i.e. If supermarkets can apply this type of thinking and control, how does this align with infosec & cybersecurity? a quick start guide for customers)?

InfoSec 52

InfoSec Cybersecurity Risk Technology 52

Security Affairs

MARCH 13, 2023

More at: [link] #cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/hNwDHFaPtt — CISA Cyber (@CISACyber) March 10, 2023 “This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

Media 98

Media InfoSec Password Management Engineering 98

SecureWorld News

NOVEMBER 28, 2022

Require the CISO to report, in a timely manner, to the board on material cybersecurity issues, including updates to a company's risk assessment or major cybersecurity events. Have Infosec certifications and passion for #cyber and #dataprivacy. It's a core responsibility of the board and management team.".

Financial Services 97

Financial Services Cybersecurity CISO InfoSec 97

SecureWorld News

MARCH 17, 2022

Key takeaway #2: Collaborative platforms are at heightened risk for security breaches due to WFH. In these types of collaborative platforms, like Slack for example, when some user account credentials get phished, someone else's credentials could be phished. And you know, that can cause a potential loss for that organization.".

InfoSec 97

InfoSec Social Engineering Phishing Cybercrime 97

Notice Bored

AUGUST 7, 2020

Aside from those that are literally unworkable and unenforceable, an unenforced policy can be a liability, a risk at least. In a disciplinary situation, management's failure to enforce compliance with any policy (by themselves or others) might be a viable defence for a worker accused of policy noncompliance.

Government 52

Government InfoSec Information Security Accountability 52

Security Boulevard

JUNE 9, 2022

How to Overcome Common SSH Machine Identity Risks with Automation. Collecting Risk Intelligence. Prevent breaches by automating the collection of risk intelligence required to quickly identify and respond to SSH machine identity risks, weaknesses or security events. Better visibility for InfoSec teams. UTM Medium.

Risk 52

Risk Digital transformation InfoSec System Administration 52

SC Magazine

MARCH 2, 2021

But infosec thought leaders say that blaming an intern ignores the true roots of the problem, including insufficient credentials policies and access management practices – as evidenced in part by the simplicity of the password itself: “solarwinds123”. Infosec experts similarly chided the company for a lack of strong credentials.

Passwords 129

Passwords Password Management CISO InfoSec 129

Malwarebytes

FEBRUARY 22, 2023

According to the investigation, an attacker logged into the old VPN (virtual private network) that DDC used before migrating to a new one using a compromised employee account. Weeks after, the attacker used a test account with administrator privileges to establish persistence in the now-compromised environment.

Penetration Testing 97

Penetration Testing InfoSec Accountability Authentication 97

SC Magazine

MARCH 29, 2021

Distractions and diversions are all too frequently stealing time away from security awareness professionals, forcing them to tend to non-critical tasks while setting aside their core responsibilities of developing a strong internal infosec culture. Candy Alexander, NeuEon.

Security Awareness 104

Security Awareness InfoSec CISO Media 104

SC Magazine

APRIL 14, 2021

For the first time in its 60-year history, the OECD offered policy guidelines for risk reduction through vulnerability management. For the first time in its history this past February, the Organization for Economic Cooperation and Development (OECD) offered policy guidelines for digital risk reduction through vulnerability management.

Government 107

Government Risk Information Security InfoSec 107

Digital Shadows

OCTOBER 23, 2024

The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS 128

DDOS VPN Data breaches Cybercrime 128

CyberSecurity Insiders

FEBRUARY 2, 2022

–( BUSINESS WIRE )–Orca Security, the cloud security innovation leader, today launched the Orca Cloud Risk Encyclopedia to serve as a global resource for practitioners and researchers throughout the InfoSec community. Cloud Security and Transparency in Cybersecurity Resources: About the Orca Cloud Risk Encyclopedia.

Education 52

Education Risk InfoSec Cybersecurity 52

Notice Bored

JULY 4, 2022

I feel more confident about the underlying generic principles of risk, compliance, conformity, obligations, accountabilities, assurance and controls though, and have the breadth of work and life experience to appreciate the next point. The possibility of being held personally to account (perhaps even sacked or prosecuted!)

Risk 72

Risk Accountability InfoSec CISO 72

Thales Cloud Protection & Licensing

NOVEMBER 25, 2021

Seasonal Workers Come with Perennial Security Risks. But those same employees also pose a security risk. Indeed, Security Roundtable clarified that instances where seasonal employees still maintain access to protected systems and relevant data after leaving a company constitute “a major cybersecurity risk.”.

Retail 71

Retail Authentication InfoSec Risk 71

Herjavec Group

APRIL 26, 2021

Third-party risk is a hot topic in the world of cybersecurity. The recent SolarWinds breach was a tough reminder that technological advancement will always carry inherent risks. former CEO of RSA Security) for a virtual fireside chat last week to chat about third-party risk. I joined Art Coviello, board member at SecZetta Inc.

Risk 52

Risk Government InfoSec Cybersecurity 52

eSecurity Planet

JUNE 18, 2021

“AI can help understand where your infosec program has strengths and where it has gaps.” By extension, SOAR platforms also minimize the risk of human error. This means cybersecurity automation helps with productivity as well as risk reduction. Related: How AI is Mishandled to Become a Cybersecurity Risk.

Artificial Intelligence 145

Artificial Intelligence Cybersecurity Engineering Risk 145

Security Affairs

MARCH 7, 2021

“The attacker only needs to know the server running Exchange and the account from which they want to extract e-mail.” CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.”.

Hacking 116

Hacking Accountability Government Small Business 116