SC Media arms information security professionals with the in-depth, unbiased business and technical The official page for all things IT security.
Operating as usual
Organizations must have security checks for containers in place as attacks on the software supply chain continue to grow, says Veracode's Brian Roche in this commentary.
Why continued flaws in code development has made container security a national security issue.
It's the final countdown for the ! Don't wait, submit your completed entries today for cybersecurity's most prestigious honor: https://bit.ly/3DhJDbK
Be the first to receive weekly access to research from CRA about the latest threats – from ransomware to supply chain, and email attacks – based upon input from CRA’s community of professional and leaders: https://bit.ly/3cV2IGa
To get ahead of proposed U.S. Securities and Exchange Commission cyber incident reporting regulations, companies must fortify their cyber defenses to reduce the likelihood of a breach by testing their systems to failure, says SimSpace Corporation's Lee Rossey in this commentary.
Under the proposed regs, public companies may have to report a cyber incident within 72 hours; here are four ways to get ready.
The LastPass breach revealed the little-discussed problem that is the "soft underbelly" of the software development world: collaborative environments with other entities, says Anomali's Steve Benton in this commentary.
Organizations need to insist that partners use least privilege access and work with companies that take teaching users about social engineering and overall security posture seriously.
The recent United States Marshals Service cyber incident is an example of a "not if, but when" scenario, and highlights several recurring lessons, says Rubrik Inc. Zero Labs' Steve Stone in this commentary.
Prepare now for the inevitable cyberattack, because the bad guys are coming.
The SC Awards is ending soon. Don't miss your chance to compete for cybersecurity's most prestigious honor. Take advantage of our extended entry deadline and submit your entry now through Monday, March 20. https://bit.ly/3DhJDbK
The U.S. Securities and Exchange Commission announced new proposed regulations requiring broker-dealers to notify customers within 30 days of a data breach, immediately inform the government, and expand the type of information protected by data privacy regulations.
Among the proposed rules are requirements for broker-dealers to notify their customers about the data breach within 30 days, while immediately informing the SEC of cyber incidents.
The SC Awards is ending soon. Don't miss your chance to compete for cybersecurity's most prestigious honor. Take advantage of our extended entry deadline and submit your entry now through Monday, March 20. https://bit.ly/3DhJDbK
Having adequate zero trust in place is essential for CEOs and their teams to protect their revenue streams. Unfortunately, our recent 2023 Zero Trust Survey found that nearly three in four respondents (73%) claimed to not have a high level of confidence in their overall understanding of zero trust. 🙅♂️
With zero trust quickly becoming a flywheel of revenue growth, it’s incredibly important for more organizations to familiarize themselves with zero trust. Give your organization a fighting chance to achieve success with zero trust by reading our full 2023 CRA Zero Trust Survey findings!
Register here: https://bit.ly/3l5iin2
The failure of Silicon Valley Bank highlights the importance of having contingency plans in place for any unexpected events, says Rain Capital's Chenxi Wang in this commentary.
Rain Capital’s Chenxi Wang offers three pointers for how cybersecurity start-ups can more effectively manage their companies in the wake of SVB’s sudden collapse.
Quick take: What is zero trust?
A short primer on zero trust, the security discipline that's bucking years of accepted convention.
Over a dozen zero-day bugs rooted in Samsung's Exynos chipsets and used in a bevy of devices ranging from Android handsets, wearables and in-car infotainment systems are vulnerable to attack, according to Google's Project Zero.
Four of the zero-day bugs allow adversaries to remotely compromise a targeted phone with just a phone number - no user interaction required.
Have you subscribed to our new SC Ransomware newsletter yet? Gain insight into best practices to lock down threat vectors, strategic approaches to incident response to promote business continuity amid a attack, and more. Sign up now: https://bit.ly/3cV2IGa
“Small and rural facilities are currently devastated by the pandemic with staffing shortages. They’ve seen significant increases in cost with supply chain and technical costs skyrocketing,” said Kate Pierce, Fortified Health Security's senior virtual information security officer. standards.
Bogged down by financial issues and staffing shortages, rural hospitals are in dire need for federal assistance for cybersecurity.
The Cybersecurity and Infrastructure Security Agency added a vulnerability targeting Adobe ColdFusion to its catalog of known exploits after the software maker issued a patch the day before.
The U.S. agency tasked with protecting the nation’s cybersecurity and infrastructure added a vulnerability targeting Adobe ColdFusion to its catalog of known exploits after the software maker issued a patch the day before.
Healthcare leaders pressed lawmakers for federal incentives and new mandates for base-level standards. https://bit.ly/3mVlemS
Bogged down by financial issues and staffing shortages, rural hospitals are in dire need for federal assistance for cybersecurity.
Google is partnering with the Financial Services Information Security and Analysis Center's (FS-ISAC) Critical Provider Program, becoming the first and only major cloud provider to join the group.
Google to join FS-ISAC as first cloud provider, enhance supply chain security in financial services.
According to researchers at Cado Security, a file uploaded to VirusTotal on Feb. 25 has similar tactics, techniques and procedures (TTPs) to those exhibited by defunct and notorious threat actor TeamTNT.
Cado researchers find malware sample that has the same behaviors as the TeamTNT group best known for attacking AWS environments.
Be the first to receive daily access to research from the CyberRisk Alliance Business Intelligence, based upon input from CRA’s community of cybersecurity professional and leaders eager to share perspective on the industry’s most critical challenges and opportunities: https://bit.ly/3cV2IGa
Multiple cyber threat actors exploited a vulnerability that was first documented in 2019 that allows remote code ex*****on (RCE) to access a federal agency’s web server over a roughly three-month period, the Cybersecurity and Infrastructure Security Agency reported.
Multiple cyber threat actors exploited a vulnerability that was first documented in 2019 allowed them to access a federal agency’s web server, CISA reported.
A former employee at MKS Instruments is leading a class action lawsuit following a attack against the semiconductor chipmaker in February.
A former employee at the semiconductor chipmaker claims the firm's cybersecurity negligence led to the ransomware attack.
Human red teamers significantly outperformed ChatGPT when it comes to socially engineering humans to click on malicious email links, researchers at Hoxhunt reported.
A study sampling 53,000 email users in more than 100 countries found that professional red teamers crafted phishing emails that generated a click rate of 4.2%, while ChatGPT-generated emails induced just a 2.9% click rate.
An Enterprise Management Associates (EMA) survey says while the vast majority of companies are confident in their security and API strategies, only a small group does the stringent documentation needed in today’s threat environment.
EMA survey says while the vast majority of companies are confident in their security and API strategies, only a small group does the stringent documentation needed in today’s threat environment.
Jelly Bean Communications Design reached a $293,771 settlement to resolve False Claims Act allegations of a seven-year hack directly caused by Jelly Bean failing to patch multiple website vulnerabilities.
Jelly Bean Communications didn’t patch known flaws in its website, which led to the hacking of over 500,000 applications of a Florida children's health insurance site, DoJ argued.
While the number of complaints the FBI – Federal Bureau of Investigation's Internet Crime Complaint Center received fell slightly to 800,944 from 847,376 in 2021, the total financial losses jumped by over $3 billion from 2021 to 2022.
The potential total loss from cybercrime in 2022 increased to over $10.2 billion from $6.9 billion in 2021, despite a 5% decrease in the number of complaints reported to the FBI.
Microsoft fixed 74 security flaws Tuesday, two of which are actively exploited zero-day vulnerabilities. Six of the bugs are rated critical, 67 are rated important, and one is rated moderate in severity.
Microsoft patches fixes two zero-day bugs as part of March Patch Tuesday roundup.
The SC Awards is where the cybersecurity community comes together to recognize and put the spotlight on outstanding solutions, organizations and leaders. Take advantage of our extended entry deadline now through Monday, March 20. Submit your SC Awards entry today. https://bit.ly/3DhJDbK
DC Health Link confirmed threat actors leaked personal and health information of its health plan members, including House and Senate members, according to an official update.
An update by DC Health Link confirmed some of the stolen congressional members’ data was leaked.
gangs have never been shy about leaking victim data, but experts say a recent wave of extortions targeting especially vulnerable populations in the healthcare and education sectors marks a new low.
While the education and healthcare sectors have been regular targets of ransomware, experts say recent incidents are reflecting increasingly aggressive extortion tactics as well as a more heightened – and crueler – focus on exploiting weak or vulnerable groups as a means of upping the pressure o...
Be the first to receive weekly access to research from the CRA on cloud technologies and threat response to help shape strategies and avoid cloud misconfigurations, data breaches or API attacks: https://bit.ly/3cV2IGa
ZOLL Medical confirmed a data breach was tied to current and former patients who use its LifeVest device, but stressed that the “ incident does not affect the safety or operation of the LifeVest device ..."
This week’s healthcare data breach roundup includes hackers demanding $4.5 million from Barcelona hospital ransomware attack after claiming to steal 4.5TB of patient data.
The Cybersecurity and Infrastructure Security Agency is beefing up its protection for U.S. critical infrastructure with a plan to proactively identify vulnerabilities in U.S. government agencies that are vulnerable to attack by cybercriminals.
Critical infrastructure entities gain CISA support to identify and patch known vulnerabilities.
Google’s Threat Analysis Group uncovered a previously unknown bug that allows an attacker to bypass security features in Microsoft's SmartScreen and deploy Magniber without triggering security warnings.
Google says threat actors can successfully evade detection in SmartScreen - a Microsoft browser security feature - by delivering MSI files with "an invalid but specifically crafted Authenticode signature" to deliver Magniber ransomware.
As woes continue, governance, risk and compliance regulations are changing - and adapting to try and keep up with shrinking IT teams becomes impossible, says TrustCloudAI's Sravish Sridhar in this commentary.
Modern compliance regulations are cumbersome, opaque, and expensive, so we need to make education more accessible and automate where possible.
In this commentary, Optiv's Curtis Fechner offers 10 tips for conducting tabletop exercises for incident response.
Here’s how to organize the company for a success IR tabletop exercise.
In this commentary, Horizon3ai's Snehal Antani shares his experience with the collapse of Silicon Valley Bank and recommends what start-ups can do in the aftermath.
When Silicon Valley Bank imploded last Friday, Horizon3.ai’s CEO put up $1 million of his own money to meet payroll.
CloudSek researchers observe new techniques using AI-generated human personas for the tried-and-true tactic of spreading malware via phishing campaigns.
CloudSEK researchers observe new technique uses AI-generated human personas for the tried-and-true tactic of spreading malware via phishing campaigns.
Zero trust may not be a perfect framework, but it's still superior to all other security models for the very reason that it seems tailor-made for today's digital challenges: the industry-wide shift to cloud services and Saas applications, the mass migration of the workforce to remote or hybrid work environments, the unprecedented spike in endpoints, and data sources operating beyond the traditional network perimeter.
Join SC Media Zero Trust eSummit to uncover insights that will help guide you towards creating value in your organization in the future!
Register here: https://bit.ly/3Jzirsv
In this commentary, Palo Alto Networks' Gonen Fink says introducing artificial intelligence to the SOC will relieve pressure on analysts to keep up with the massive amounts of data received daily.
Today’s SOCs are overloaded with data and compliance regulations – AI can ease the burden and let analysts focus on the big picture.
400 Madison Avenue
New York, NY
10017
| Monday | 9am - 5pm |
| Tuesday | 9am - 5pm |
| Wednesday | 9am - 5pm |
| Thursday | 9am - 5pm |
| Friday | 9am - 5pm |
Be the first to know and let us send you an email when SC Media posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.
Send a message to SC Media:
How do companies balance innovation with the need to protect sensitive data? We’re pleased to share this session from our last event: https://bit.ly/3T27Rvw. Register now to join us at SC Finance eConference December 13th-14th: https://bit.ly/3fruR9D
Are you looking for ways to differentiate your vulnerability management solution in the cybersecurity space? Let us help you stand out. Our custom research will help add value to your technology solution by giving you a greater understanding into enterprise-level needs. Let’s talk. Email us at: [email protected] #randsomware #cyberattack #customresearch #businessintelligence #datandinsights #technology #cybersecurity
Are you looking for ways to differentiate your #technology solution in the #cybersecurity space? Let us help you stand out. Our custom research capabilities can help you develop authoritative thought leadership while aligning your solution to our calendar of research topics. Learn more: https://bit.ly/3w3SN8b #customresearch #businessintelligence #datandinsights
Have you nominated your top MSSP of 2022? Now’s your chance. Complete the survey and help influence our research and annual survey: https://bit.ly/3uVirLx #MSP #cybersecurity #managedsecurity #managedserviceprovider
Have you nominated your top MSSP of 2022? Now’s your chance. Complete the survey and help influence our research and annual survey: https://bit.ly/3uVirLx #MSP #cybersecurity #managedsecurity #managedserviceprovider
The process of examining ones own exposure to the #Log4j vulnerability is methodical and slow, said a panel of security leaders that spoke during the SC Finance eConference, only days after the world learned of the threat that emerged as pervasive across systems. http://ow.ly/NPXT50HhQng
Freddie Mac Chief Information Security Officer Betty Elliott and ProcessUnity CEO Sean Cronin spoke to SC Media Jill Aitoro about the critical response to the #Log4j vulnerability involving partners and suppliers. http://ow.ly/a9sq50HhPkv
The digital transformation triggered by the pandemic meant many organizations scrambled to enable employees to work from home. “Speed is the natural enemy of security,” Casey Ellis, the founder, chairman and CTO of Bugcrowd told SC Media Senior Reporter Joe Uchill during a virtual conference by CyberRisk Alliance. MORE: http://ow.ly/Xnbt50Gsef0
Larry Maccherone, who led DevSecOps transformation at Comcast, discusses how to ensure developers incorporate security into their work without diminishing creativity and innovation. Read more here: http://ow.ly/AiyD50GnPo9 #cybersecurity
As Microsoft’s director of identity security, Alex Weinert had a front-row seat into the SolarWinds investigation, which he called the most sophisticated attack he or anyone on his team had ever seen during an SC Media eSummit on zero trust. Learn more here: http://ow.ly/HdCO50G88F6
WATCH: Black Hills Information Security owner John Strand discusses how installing patches can help protect against ransomware during an SC Media eSummit. Learn more here: http://ow.ly/jkJJ50G53CW
We are officially one month out from #RiskSec Conference and this is our #MondayMood! Join us in Philly for a day of cybersecurity, networking, and a look at the future threat landscape: https://risksecconference.com/social
Tripwire researcher Craig Young said a series of flaws he recently found in Ruckus routers making them vulnerable to several security issues is representative of the security problems found in many consumer connected devices.
Ransomware is a brilliant attack because it hits the sweet spot - the value of what they're taking away from you is more than what they're asking for, Zscaler CSO Michael Sutton told SCMagazine.com.
At #BlackHat2016, SCMagazine.com caught up with Sophos's John Shier to discuss these "designer" attacks.
The cyber defenses offered up by many medical facilities are so poor that attackers are able to breach them using outdated hacking tools, according to a new study by ESET.
The cloud is creating numerous security challenges that Intel's Brian Dye said could be resolved by taking specific steps.
SC Magazine Associate Editor Teri Robinson talks cybersecurity with Dell Security Vice President of Product Management and Marketing Patrick Sweeney.
Check out our interview with Akamai's VP of Engineering Ohad Parush.
As cyber attacks increase, IT departments continue to be challenged by older techniques, such as targeted phishing attacks because the attacks bypass perimeter defenses and are difficult to prevent. Ray Rothrock, CEO of RedSeal Networks, spoke with SCMagazine.com on how to mitigate risks.
Malwarebytes received a $50 million Series B funding round from Fidelity Management and Research Co.
Find out why Bruce McCulley, senior information security specialist, U.S. Senate-Sergeant at Arms, says that combating social engineering doesn't need to hinder employees at SCMagazine.com
Check out the full version at SCMagazine.com | http://bit.ly/1M2Nfzn
In this interview, Harry Sverdlove, CTO of Bit9, describes to SC Magazine Executive Editor Dan Kaplan what the bring-your-own-device revolution means for organizations, and how they should best address the threat posed by endpoints such as the Android.
