Clicky

SC Media

SC Media SC Media arms information security professionals with the in-depth, unbiased business and technical The official page for all things IT security.

Operating as usual

Organizations must have security checks for containers in place as attacks on the software supply chain continue to grow...
03/20/2023
Container security must integrate into the developer environment

Organizations must have security checks for containers in place as attacks on the software supply chain continue to grow, says Veracode's Brian Roche in this commentary.

Why continued flaws in code development has made container security a national security issue.

It's the final countdown for the ! Don't wait, submit your completed entries today for cybersecurity's most prestigious ...
03/20/2023

It's the final countdown for the ! Don't wait, submit your completed entries today for cybersecurity's most prestigious honor: https://bit.ly/3DhJDbK

Be the first to receive weekly access to research from CRA  about the latest threats – from ransomware to supply chain, ...
03/19/2023

Be the first to receive weekly access to research from CRA about the latest threats – from ransomware to supply chain, and email attacks – based upon input from CRA’s community of professional and leaders: https://bit.ly/3cV2IGa

To get ahead of proposed U.S. Securities and Exchange Commission cyber incident reporting regulations, companies must fo...
03/19/2023
Here’s how to prepare for the SEC’s proposed breach regulations

To get ahead of proposed U.S. Securities and Exchange Commission cyber incident reporting regulations, companies must fortify their cyber defenses to reduce the likelihood of a breach by testing their systems to failure, says SimSpace Corporation's Lee Rossey in this commentary.

Under the proposed regs, public companies may have to report a cyber incident within 72 hours; here are four ways to get ready.

The LastPass breach revealed the little-discussed problem that is the "soft underbelly" of the software development worl...
03/18/2023
Time to make it tougher for attackers to use social engineering to enter DevOps environments

The LastPass breach revealed the little-discussed problem that is the "soft underbelly" of the software development world: collaborative environments with other entities, says Anomali's Steve Benton in this commentary.

Organizations need to insist that partners use least privilege access and work with companies that take teaching users about social engineering and overall security posture seriously.

The SC Awards is ending soon. Don't miss your chance to compete for cybersecurity's most prestigious honor. Take advanta...
03/17/2023

The SC Awards is ending soon. Don't miss your chance to compete for cybersecurity's most prestigious honor. Take advantage of our extended entry deadline and submit your entry now through Monday, March 20. https://bit.ly/3DhJDbK

The U.S. Securities and Exchange Commission announced new proposed regulations requiring broker-dealers to notify custom...
03/17/2023
SEC proposes new cyber rules to secure financial sector

The U.S. Securities and Exchange Commission announced new proposed regulations requiring broker-dealers to notify customers within 30 days of a data breach, immediately inform the government, and expand the type of information protected by data privacy regulations.

Among the proposed rules are requirements for broker-dealers to notify their customers about the data breach within 30 days, while immediately informing the SEC of cyber incidents.

The SC Awards is ending soon. Don't miss your chance to compete for cybersecurity's most prestigious honor. Take advanta...
03/17/2023

The SC Awards is ending soon. Don't miss your chance to compete for cybersecurity's most prestigious honor. Take advantage of our extended entry deadline and submit your entry now through Monday, March 20. https://bit.ly/3DhJDbK

Having adequate zero trust in place is essential for CEOs and their teams to protect their revenue streams. Unfortunatel...
03/17/2023

Having adequate zero trust in place is essential for CEOs and their teams to protect their revenue streams. Unfortunately, our recent 2023 Zero Trust Survey found that nearly three in four respondents (73%) claimed to not have a high level of confidence in their overall understanding of zero trust. 🙅‍♂️

With zero trust quickly becoming a flywheel of revenue growth, it’s incredibly important for more organizations to familiarize themselves with zero trust. Give your organization a fighting chance to achieve success with zero trust by reading our full 2023 CRA Zero Trust Survey findings!

Register here: https://bit.ly/3l5iin2

The failure of Silicon Valley Bank highlights the importance of having contingency plans in place for any unexpected eve...
03/17/2023
A venture capitalist’s view of the Silicon Valley Bank failure

The failure of Silicon Valley Bank highlights the importance of having contingency plans in place for any unexpected events, says Rain Capital's Chenxi Wang in this commentary.

Rain Capital’s Chenxi Wang offers three pointers for how cybersecurity start-ups can more effectively manage their companies in the wake of SVB’s sudden collapse.

Quick take: What is zero trust?
03/17/2023
Zero trust 101

Quick take: What is zero trust?

A short primer on zero trust, the security discipline that's bucking years of accepted convention.

Over a dozen zero-day bugs rooted in Samsung's Exynos chipsets and used in a bevy of devices ranging from Android handse...
03/17/2023
18 zero-day flaws impact Samsung Android handsets, wearables and telematics

Over a dozen zero-day bugs rooted in Samsung's Exynos chipsets and used in a bevy of devices ranging from Android handsets, wearables and in-car infotainment systems are vulnerable to attack, according to Google's Project Zero.

Four of the zero-day bugs allow adversaries to remotely compromise a targeted phone with just a phone number - no user interaction required.

Have you subscribed to our new SC Ransomware newsletter yet? Gain insight into best practices to lock down threat vector...
03/17/2023

Have you subscribed to our new SC Ransomware newsletter yet? Gain insight into best practices to lock down threat vectors, strategic approaches to incident response to promote business continuity amid a attack, and more. Sign up now: https://bit.ly/3cV2IGa

“Small and rural facilities are currently devastated by the pandemic with staffing shortages. They’ve seen significant i...
03/17/2023
Health leaders push feds for cybersecurity requirements

“Small and rural facilities are currently devastated by the pandemic with staffing shortages. They’ve seen significant increases in cost with supply chain and technical costs skyrocketing,” said Kate Pierce, Fortified Health Security's senior virtual information security officer. standards.

Bogged down by financial issues and staffing shortages, rural hospitals are in dire need for federal assistance for cybersecurity.

The Cybersecurity and Infrastructure Security Agency added a vulnerability targeting Adobe ColdFusion to its catalog of ...
03/17/2023
Adobe ColdFusion bug exploited; CISA adds RCE to vulnerability catalog

The Cybersecurity and Infrastructure Security Agency added a vulnerability targeting Adobe ColdFusion to its catalog of known exploits after the software maker issued a patch the day before.

The U.S. agency tasked with protecting the nation’s cybersecurity and infrastructure added a vulnerability targeting Adobe ColdFusion to its catalog of known exploits after the software maker issued a patch the day before.

Google is partnering with the Financial Services Information Security and Analysis Center's (FS-ISAC) Critical Provider ...
03/16/2023
Google Cloud doubles down on security in financial services

Google is partnering with the Financial Services Information Security and Analysis Center's (FS-ISAC) Critical Provider Program, becoming the first and only major cloud provider to join the group.

Google to join FS-ISAC as first cloud provider, enhance supply chain security in financial services.

According to researchers at Cado Security, a file uploaded to VirusTotal on Feb. 25 has similar tactics, techniques and ...
03/16/2023
New malware sample of defunct TeamTNT threat group raises concerns

According to researchers at Cado Security, a file uploaded to VirusTotal on Feb. 25 has similar tactics, techniques and procedures (TTPs) to those exhibited by defunct and notorious threat actor TeamTNT.

Cado researchers find malware sample that has the same behaviors as the TeamTNT group best known for attacking AWS environments.

Be the first to receive daily access to research from the CyberRisk Alliance Business Intelligence, based upon input fro...
03/16/2023

Be the first to receive daily access to research from the CyberRisk Alliance Business Intelligence, based upon input from CRA’s community of cybersecurity professional and leaders eager to share perspective on the industry’s most critical challenges and opportunities: https://bit.ly/3cV2IGa

Multiple cyber threat actors exploited a vulnerability that was first documented in 2019 that allows remote code ex*****...
03/16/2023
Bad actors exploited RCE in Progress Telerik to hack US agency server

Multiple cyber threat actors exploited a vulnerability that was first documented in 2019 that allows remote code ex*****on (RCE) to access a federal agency’s web server over a roughly three-month period, the Cybersecurity and Infrastructure Security Agency reported.

Multiple cyber threat actors exploited a vulnerability that was first documented in 2019 allowed them to access a federal agency’s web server, CISA reported.

A former employee at MKS Instruments is leading a class action lawsuit following a  attack against the semiconductor chi...
03/16/2023
MKS Instruments hit with lawsuit following ransomware attack

A former employee at MKS Instruments is leading a class action lawsuit following a attack against the semiconductor chipmaker in February.

A former employee at the semiconductor chipmaker claims the firm's cybersecurity negligence led to the ransomware attack.

Human red teamers significantly outperformed ChatGPT when it comes to socially engineering humans to click on malicious ...
03/16/2023
Research indicates humans are still better than ChatGPT at phishing - for now

Human red teamers significantly outperformed ChatGPT when it comes to socially engineering humans to click on malicious email links, researchers at Hoxhunt reported.

A study sampling 53,000 email users in more than 100 countries found that professional red teamers crafted phishing emails that generated a click rate of 4.2%, while ChatGPT-generated emails induced just a 2.9% click rate.

An Enterprise Management Associates (EMA) survey says while the vast majority of companies are confident in their securi...
03/15/2023
Fewer than 10% of IT organizations fully document their APIs

An Enterprise Management Associates (EMA) survey says while the vast majority of companies are confident in their security and API strategies, only a small group does the stringent documentation needed in today’s threat environment.

EMA survey says while the vast majority of companies are confident in their security and API strategies, only a small group does the stringent documentation needed in today’s threat environment.

Jelly Bean Communications Design reached a $293,771 settlement to resolve False Claims Act allegations of a seven-year h...
03/15/2023
Feds fine Florida children's health insurance site for massive 2020 hack

Jelly Bean Communications Design reached a $293,771 settlement to resolve False Claims Act allegations of a seven-year hack directly caused by Jelly Bean failing to patch multiple website vulnerabilities.

Jelly Bean Communications didn’t patch known flaws in its website, which led to the hacking of over 500,000 applications of a Florida children's health insurance site, DoJ argued.

While the number of complaints the FBI – Federal Bureau of Investigation's Internet Crime Complaint Center received fell...
03/15/2023
Three takeaways for cyber pros from the FBI’s 2022 Internet Crime Report

While the number of complaints the FBI – Federal Bureau of Investigation's Internet Crime Complaint Center received fell slightly to 800,944 from 847,376 in 2021, the total financial losses jumped by over $3 billion from 2021 to 2022.

The potential total loss from cybercrime in 2022 increased to over $10.2 billion from $6.9 billion in 2021, despite a 5% decrease in the number of complaints reported to the FBI.

Microsoft fixed 74 security flaws Tuesday, two of which are actively exploited zero-day vulnerabilities. Six of the bugs...
03/15/2023
Microsoft March Patch Tuesday fixes two zero-day bugs

Microsoft fixed 74 security flaws Tuesday, two of which are actively exploited zero-day vulnerabilities. Six of the bugs are rated critical, 67 are rated important, and one is rated moderate in severity.

Microsoft patches fixes two zero-day bugs as part of March Patch Tuesday roundup.

The SC Awards is where the cybersecurity community comes together to recognize and put the spotlight on outstanding solu...
03/15/2023

The SC Awards is where the cybersecurity community comes together to recognize and put the spotlight on outstanding solutions, organizations and leaders. Take advantage of our extended entry deadline now through Monday, March 20. Submit your SC Awards entry today. https://bit.ly/3DhJDbK

DC Health Link confirmed threat actors leaked personal and health information of its health plan members, including Hous...
03/15/2023
DC Health Link confirms leak of congressional members' health data

DC Health Link confirmed threat actors leaked personal and health information of its health plan members, including House and Senate members, according to an official update.

An update by DC Health Link confirmed some of the stolen congressional members’ data was leaked.

 gangs have never been shy about leaking victim data, but experts say a recent wave of extortions targeting especially v...
03/15/2023
Ransomware groups take extortion tactics to new heights in attacks against hospitals, schools

gangs have never been shy about leaking victim data, but experts say a recent wave of extortions targeting especially vulnerable populations in the healthcare and education sectors marks a new low.

While the education and healthcare sectors have been regular targets of ransomware, experts say recent incidents are reflecting increasingly aggressive extortion tactics as well as a more heightened – and crueler – focus on exploiting weak or vulnerable groups as a means of upping the pressure o...

Be the first to receive weekly access to research from the CRA  on cloud technologies and threat response to help shape ...
03/15/2023

Be the first to receive weekly access to research from the CRA on cloud technologies and threat response to help shape strategies and avoid cloud misconfigurations, data breaches or API attacks: https://bit.ly/3cV2IGa

ZOLL Medical confirmed a data breach was tied to current and former patients who use its LifeVest device, but stressed t...
03/14/2023
Zoll Medical notifies 1M patients of data breach tied to LifeVest device

ZOLL Medical confirmed a data breach was tied to current and former patients who use its LifeVest device, but stressed that the “ incident does not affect the safety or operation of the LifeVest device ..."

This week’s healthcare data breach roundup includes hackers demanding $4.5 million from Barcelona hospital ransomware attack after claiming to steal 4.5TB of patient data.

Google’s Threat Analysis Group uncovered a previously unknown bug that allows an attacker to bypass security features in...
03/14/2023
Google flags (another) ransomware bypass bug in Microsoft SmartScreen

Google’s Threat Analysis Group uncovered a previously unknown bug that allows an attacker to bypass security features in Microsoft's SmartScreen and deploy Magniber without triggering security warnings.

Google says threat actors can successfully evade detection in SmartScreen - a Microsoft browser security feature - by delivering MSI files with "an invalid but specifically crafted Authenticode signature" to deliver Magniber ransomware.

As  woes continue, governance, risk and compliance regulations are changing - and adapting to try and keep up with shrin...
03/14/2023
Why we need to democratize governance, risk, and compliance

As woes continue, governance, risk and compliance regulations are changing - and adapting to try and keep up with shrinking IT teams becomes impossible, says TrustCloudAI's Sravish Sridhar in this commentary.

Modern compliance regulations are cumbersome, opaque, and expensive, so we need to make education more accessible and automate where possible.

CloudSek researchers observe new techniques using AI-generated human personas for the tried-and-true tactic of spreading...
03/14/2023
Threat actors turn to AI-generated YouTube videos to spread info stealers

CloudSek researchers observe new techniques using AI-generated human personas for the tried-and-true tactic of spreading malware via phishing campaigns.

CloudSEK researchers observe new technique uses AI-generated human personas for the tried-and-true tactic of spreading malware via phishing campaigns.

Zero trust may not be a perfect framework, but it's still superior to all other security models for the very reason that...
03/14/2023

Zero trust may not be a perfect framework, but it's still superior to all other security models for the very reason that it seems tailor-made for today's digital challenges: the industry-wide shift to cloud services and Saas applications, the mass migration of the workforce to remote or hybrid work environments, the unprecedented spike in endpoints, and data sources operating beyond the traditional network perimeter.

Join SC Media Zero Trust eSummit to uncover insights that will help guide you towards creating value in your organization in the future!
Register here: https://bit.ly/3Jzirsv

In this commentary, Palo Alto Networks' Gonen Fink says introducing artificial intelligence to the SOC will relieve pres...
03/14/2023
Six reasons why today’s SOCs don’t work – and why AI is the fix

In this commentary, Palo Alto Networks' Gonen Fink says introducing artificial intelligence to the SOC will relieve pressure on analysts to keep up with the massive amounts of data received daily.

Today’s SOCs are overloaded with data and compliance regulations – AI can ease the burden and let analysts focus on the big picture.

Address

400 Madison Avenue
New York, NY
10017

Opening Hours

Monday 9am - 5pm
Tuesday 9am - 5pm
Wednesday 9am - 5pm
Thursday 9am - 5pm
Friday 9am - 5pm

Alerts

Be the first to know and let us send you an email when SC Media posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to SC Media:

Videos

Nearby media companies


Comments

In addition to testing for accuracy and equity, the General Services Administration study will also look at how different vendor products perform and match up to NIST standards when it comes to the non-biometric aspects of identity assurance.
New report from ChannelE2E says much of the spending growth in the government market was driven by the American Rescue Plan Act of March 2021.
Proofpoint researchers say the Emotet botnet's use of low volume attacks via Microsoft OneDrive URLs may be the first round of larger campaigns to come.
Two-thirds of financial service institutions experienced attacks targeting their “market strategies ... [in a way that] aligns with economic espionage, according to a new report from VMware.
Here are five steps for locking down cloud environments, says Snyk's Josh Stella in this commentary.
Six officers from Russia's intelligence unit known as Sandworm are wanted for 2017 wiper malware attack that escaped Ukraine and damaged networks globally.
Two separate healthcare sector resources from HEALTH-ISAC and HSCC aim to support CISOs with communicating medical device vulnerabilities and understanding pharma supply chain risks.
Once you understand the problem to solve, sell them the outcome they want — just don’t call it security or cyber, says Michael Santarcangelo in this leadership column.
Leading managed service providers (MSPs) to work closely with the health care sector to meet the security requirements in HIPAA and Hitrust.
Red Hat Hat Application Foundation has been optimized for OpenShift, the vendor’s popular Kubernetes platform for developing clous apps.
A follow-up notice from Smile Brands about its 2021 ransomware attack and that initially reported 199,683 patients being affected leads this week’s healthcare data breach roundup.
One of the primary tensions within efforts by the U.S. Department of Defense (DoD) to raise the cybersecurity bar for its defense contractors is doing it in way that doesn’t further erode the military’s base of small business innovators. And yet, the current bottom up approach by most hackers makes small businesses a primary threat to federal security efforts. https://www.scmagazine.com/analysis/compliance/should-government-help-manage-cybersecurity-for-small-businesses/
x

Other Media/News Companies in New York (show all)

MediaVillage Smitten Films Adirondack Trail Magazine Wilkins Media Forrester Corporation Vsdbuzz AdLarge Media Astonish RVing Trends Momentum Media Prism Digital Media Central Park Films Enterate Media NBC 4 New York Brand Studio HolafutbolGol