Information and Information Security - Cyber Security Informer

What Exactly is CyberSecurity?

Joseph Steinberg

JULY 22, 2022

Technically speaking, cybersecurity is the subset of information security that addresses information and information systems that store and process data in electronic form, whereas information security encompasses the security of all forms of data (for example, securing a paper file and a physical filing cabinet).

Cybersecurity

Cybersecurity Artificial Intelligence Information Security

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Joseph Steinberg

NOVEMBER 17, 2021

He is also the inventor of several information-security technologies widely used today; his work is cited in over 500 published patents. His opinions are also frequently cited in books, law journals, security publications, and general interest periodicals.

Cybersecurity

Cybersecurity Artificial Intelligence Government Information Security

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

SEPTEMBER 6, 2021

Today, I'm very happy to welcome the Czech Republic's National Cyber and Information Security Agency who can now query their government domains along with the 26 other nations that have come before them. Data breaches impact all of us in one way or another, and government agencies are no exception.

Government

Government Data breaches Internet Internet

On the Irish Health Services Executive Hack

Schneier on Security

FEBRUARY 11, 2022

Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system.

Antivirus

Antivirus Hacking Ransomware CISO

On the Cybersecurity Jobs Shortage

Schneier on Security

SEPTEMBER 20, 2023

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

Cybersecurity

Cybersecurity CISO Engineering Architecture

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

APRIL 21, 2022

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information.

Encryption

Encryption Cybersecurity Artificial Intelligence Backups

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. city administrators that at least five different public DC Health websites were leaking sensitive information.

Banking

Banking Government Information Security Authentication

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

JUNE 10, 2022

While “ zero trust ” has been a buzzword for some time, the principle of zero trust, and expenditures toward getting organizational policies, procedures, and infrastructure closer to delivering it, is gaining acceptance as constituting a fundamental component of information security programs.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Wireless

The Presenting Vendor Paradox

Daniel Miessler

JULY 21, 2021

There’s a paradox in information security where the community wants two things at once: High quality research and talks, and. Unbiased research and talks. I’ve personally been one of these affiliated speakers countless times. Many conference schedules, however, are full of talks from people who work at vendors.

Mobile

Mobile Marketing Information Security

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Joseph Steinberg

DECEMBER 11, 2023

Veteran cybersecurity expert witness executive will help strengthen law enforcement capabilities to prevent, investigate, and prosecute information-age crimes. His opinions are frequently cited in books, law journals, security publications, and general interest periodicals; his cybersecurity-related inventions appear in over 500 U.S.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Technology

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

NOVEMBER 17, 2022

Since then, engineers, operations specialists, IT staff, and security teams have been stretched thin attempting to adapt Twitter’s offerings and build new features per new owner Elon Musk’s agenda. “Your phone has been removed and SMS 2FA has been disabled from all accounts,” is the automated response.

Authentication

Authentication Passwords Accountability Media

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series.

Password Management

Password Management Passwords Encryption Architecture

Ben Rothke’s Review of A Hacker’s Mind

Schneier on Security

DECEMBER 22, 2023

Ben Rothke chose A Hacker’s Mind as “the best information security book of 2023.”

Information Security

Montenegro is the Victim of a Cyberattack

Schneier on Security

SEPTEMBER 2, 2022

Government officials in the country of just over 600,000 people said certain government services remained temporarily disabled for security reasons and that the data of citizens and businesses were not endangered.

Retail

Retail Government Ransomware Information Security

How to Study Ethical Hacking as a Beginner

Tech Republic Security

JUNE 21, 2024

Immersing yourself in best practices for ethical hacking, pen-testing and information security can set you up for a career or better-protected business.

Hacking

Hacking Information Security

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

” Those third-party reports came in late June 2024 from Michael Horka , senior lead information security engineer at Black Lotus Labs , the security research arm of Lumen Technologies , which operates one of the global Internet’s largest backbones. victims and one non-U.S. ”

Internet

Internet Internet Technology Engineering

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

CISO

CISO Encryption Telecommunications Financial Services

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. If you were confused at this point, you might ask Google who it thinks is the current Chief Information Security Officer of Chevron. of spam and scam.”

CISO

CISO Cybercrime Accountability Cryptocurrency

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

DECEMBER 6, 2023

ICANN made the policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to gain affirmative consent for any personal information they collect on people within the European Union.

Phishing

Phishing Internet Internet Scams

Can CISOs Meet Expectations?

Lohrman on Security

SEPTEMBER 29, 2024

As we head toward 2025, are the duties and goals of a chief information security officer achievable? Are CISOs set up for failure? Should position descriptions be changed? Let’s explore.

CISO

CISO Information Security

Zero Trust Network Architecture vs Zero Trust: What Is the Difference?

Joseph Steinberg

JANUARY 4, 2023

The term Zero Trust refers to a concept, an approach to information security that dramatically deviates from the common approach of yesteryear; Zero Trust states that no request for service is trusted, even if it is issued by a device owned by the resource’s owner, and is made from an internal, private network belonging to the same party.

Architecture

Architecture Artificial Intelligence Encryption Cybersecurity

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

I had the chance to visit with , senior scientist at NTT Research’s Cryptography & Information Security (CIS) Lab , to learn more about the progress being made on a promising concept called “privacy preserving aggregate statistics.” Rising data privacy regulations underscores the need for such a capability, Boyle told me.

Data privacy

Data privacy Financial Services Healthcare Advertising

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. “These warnings will also give you the choice to report the content without letting the sender know.” A follow-up story on Oct.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

Security experts who reviewed the leaked data say they believe the information is legitimate, and that i-SOON works closely with China’s Ministry of State Security and the military. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

Ross Anderson

Schneier on Security

MARCH 31, 2024

Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. I can’t remember when I first met Ross. Okay, he created both—I helped.)

Surveillance

Surveillance Engineering Encryption Government

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. Image: Darkbeast, ke-la.com.

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

‘Trojan Source’ Bug Threatens the Security of All Code

Krebs on Security

OCTOBER 31, 2021

At issue is a component of the digital text encoding standard Unicode , which allows computers to exchange information regardless of the language used. “Such code copying is a significant source of real-world security exploits.” ” Image: XKCD.com/2347/.

Software

Software Information Security Encryption Government

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. A follow-up story on Oct.

Accountability

Accountability Cryptocurrency Scams CISO

CISOs Concerned Over Growing Demands of Role

Security Boulevard

OCTOBER 18, 2024

There are growing concerns among chief information security officers (CISOs) about the evolving demands of their role, with 84% advocating for a split into separate technical and business-focused positions.

CISO

CISO Information Security Cybersecurity Risk

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

Last week, KrebsOnSecurity examined a flood of inauthentic LinkedIn profiles all claiming Chief Information Security Officer (CISO) roles at various Fortune 500 companies, including Biogen , Chevron , ExxonMobil , and Hewlett Packard. “We’ll see 20-30 requests come in with the same type of information in the profiles.”

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

Breaking RSA with a Quantum Computer

Schneier on Security

JANUARY 3, 2023

“ Factoring integers with sublinear resources on a superconducting quantum processor ” Abstract: Shor’s algorithm has seriously challenged information security based on public key cryptosystems. But…wow…maybe…and yikes!

Encryption

Encryption Government Information Security

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

SEPTEMBER 15, 2021

TTEC immediately activated its information security incident response business continuity protocols, isolated the systems involved, and took other appropriate measures to contain the incident. This is all the information we have to share until our investigation is complete.

Ransomware

Ransomware Banking Cryptocurrency Media

The CISO Evolution: From Tactical Defender to Strategic Business Partner

Security Boulevard

NOVEMBER 8, 2024

The chief information security officer (CISO) role has changed dramatically from just a few short years ago. Once confined to technical security, CISOs have emerged as key strategic partners in the C-suite. The post The CISO Evolution: From Tactical Defender to Strategic Business Partner appeared first on Security Boulevard.

CISO

CISO Information Security Digital transformation Security Awareness

NIST’s Post-Quantum Cryptography Standards

Schneier on Security

AUGUST 8, 2022

Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force. Check NIST’s webpage on the project for the latest information. And they had a lot of trouble publishing, as the authors wanted to remain anonymous.).

Encryption

Encryption Architecture Engineering Information Security

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

“Our team quickly triaged the report and determined the risk to partners to be minimal,” said Patrick Beggs , ConnectWise’s chief information security officer. But that same architecture theoretically means that hackers who might break into LastPass’s networks can’t access that information either.

Phishing

Phishing Architecture Passwords Accountability

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Security Affairs

DECEMBER 8, 2024

The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. ” reads the notice of security incident shared with the Maine Attorney General.

Data breaches

Data breaches Insurance Healthcare Ransomware

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

The Last Watchdog

APRIL 30, 2024

But as cybersecurity threats evolve, it’s equally important to involve the chief information security officer (CISO) and their team in the due diligence process for any vendor an organization may consider using.Once again, the Unitronics attack offers a great example of why involving security teams early and often is a good idea.

Penetration Testing

Penetration Testing CISO Unstructured Data Technology

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

Conti makes international news headlines each week when it publishes to its dark web blog new information stolen from ransomware victims who refuse to pay an extortion demand. Rather, he said, the leaker is a Ukrainian security researcher who has chosen to stay in his country and fight. ” GAP #1.

Ransomware

Ransomware Healthcare Cybercrime Government

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. Exposed data did not include Social Security numbers or financial information.

Data breaches

Data breaches Hacking Technology Ransomware

CISOs Look to Establish Additional Leadership Roles

Security Boulevard

NOVEMBER 20, 2024

According to an IANS survey of more than 800 CISOs, roles such as business information security officers (BISOs), chiefs of staff and heads for privacy, program management and data protection are among the top positions being considered to support cybersecurity efforts.

CISO

CISO Information Security Cybersecurity

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

In 2023, cybercriminals put up information belonging to as many as seven million 23andMe customers for sale on criminal forums following a credential stuffing attack against the genomics company. This makes the information a treasure trove for advertisers, insurance companies, and Big Pharma.

Insurance

Insurance Accountability Risk Data breaches

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. million in revenue.

Cybercrime

Cybercrime Cryptocurrency Banking Accountability

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” “Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We

Cybercrime

Cybercrime Advertising IoT Malware

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Joseph Steinberg

JANUARY 20, 2022

Zero Trust is a concept, an approach to information security that dramatically deviates from the approach commonly taken at businesses worldwide by security professionals for many years. . • Zero Trust cannot be purchased off the shelf even from a combination of vendors. So, what is Zero Trust – in layman’s terms?

Cybersecurity

Cybersecurity Artificial Intelligence Ransomware Social Engineering

What Exactly is CyberSecurity?

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Trending Sources

Welcoming the Czech Republic Government to Have I Been Pwned

On the Irish Health Services Executive Hack

On the Cybersecurity Jobs Shortage

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Many Public Salesforce Sites are Leaking Private Data

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

The Presenting Vendor Paradox

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Failures in Twitter’s Two-Factor Authentication System

My Philosophy and Recommendations Around the LastPass Breaches

Ben Rothke’s Review of A Hacker’s Mind

Montenegro is the Victim of a Cyberattack

How to Study Ethical Hacking as a Beginner

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Why CISA is Warning CISOs About a Breach at Sisense

Fake CISO Profiles on LinkedIn Target Fortune 500s

ICANN Launches Service to Help With WHOIS Lookups

Can CISOs Meet Expectations?

Zero Trust Network Architecture vs Zero Trust: What Is the Difference?

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

LinkedIn Adds Verified Emails, Profile Creation Dates

New Leak Shows Business Side of China’s APT Menace

Ross Anderson

Change Healthcare Breach Hits 100M Americans

‘Trojan Source’ Bug Threatens the Security of All Code

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

CISOs Concerned Over Growing Demands of Role

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Breaking RSA with a Quantum Computer

Customer Care Giant TTEC Hit By Ransomware

The CISO Evolution: From Tactical Defender to Strategic Business Partner

NIST’s Post-Quantum Cryptography Standards

ConnectWise Quietly Patches Flaw That Helps Phishers

2023 Anna Jaques Hospital data breach impacted over 310,000 people

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

Conti Ransomware Group Diaries, Part I: Evasion

Amazon discloses employee data breach after May 2023 MOVEit attacks

CISOs Look to Establish Additional Leadership Roles

DNA testing company vanishes along with its customers’ genetic data

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Stay Connected