SC Media

SC Media SC Media arms information security professionals with the in-depth, unbiased business and technical information they need. The official page for all things IT security.

Operating as usual

Dubbed Vermilion Strike, the ELF-formatted malware follows in the footsteps of geacon, an open-source Golang-based versi...
09/17/2021
Linux-based Cobalt Strike tool takes advantage of threat detection difficulties

Dubbed Vermilion Strike, the ELF-formatted malware follows in the footsteps of geacon, an open-source Golang-based version of Beacon. #malware #cybersecurity

Infosec teams struggle to detect Linux-based threats such as Vermillion Strike due to an overemphasis on Windows malware, a lack of effective solutions for protecting data centers, and the immaturity of sandboxes.

Both Microsoft and industry researchers say security teams should prioritize the four OMIGOD vulnerabilities discovered ...
09/17/2021
Security teams advised to patch ‘OMIGOD’ vulnerabilities in Azure

Both Microsoft and industry researchers say security teams should prioritize the four OMIGOD vulnerabilities discovered in Azure. #cybersecurity #cloudsecurity #patchtuesday

Both Microsoft and industry researchers say security teams should prioritize the four OMIGOD vulnerabilities discovered in Azure.

#Breaking: In a joint advisory, the agencies said the flaw, which affects Zoho ManageEngine ADSelfService, can bypass au...
09/16/2021
US warns APT groups ‘likely’ among groups exploiting flaw in Zoho password manager

#Breaking: In a joint advisory, the agencies said the flaw, which affects Zoho ManageEngine ADSelfService, can bypass authentication protocols and lead to remote code ex*****on. They warned that a wide range of targets and sectors who use the software are vulnerable.

“The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software,” the advisory notes.

https://www.scmagazine.com/analysis/apt/u-s-warns-apt-groups-likely-among-groups-exploiting-flaw-in-zoho-password-manager

Critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities were listed among the targeted or vulnerable sectors.

A decade in the making, Federal Trade Commission is ready to play hard ball with health app developers  https://www.scma...
09/16/2021
Health app developers be warned: FTC ready to hand down fines for failure to report breaches

A decade in the making, Federal Trade Commission is ready to play hard ball with health app developers https://www.scmagazine.com/analysis/application-security/health-app-developers-be-warned-ftc-ready-to-hand-down-fines-for-failure-to-report-breaches

The FTC Health Breach Notification Rule was enacted 10 years ago to protect the privacy and security of consumer health data not covered by HIPAA, but it was never enforced. A policy decision enacted on Sept. 15 will change that.

"There's so much choice out there, so many versions out there. The pace of the new supply outpaces the developers' abili...
09/16/2021
Coders update to the wrong version 69% of the time

"There's so much choice out there, so many versions out there. The pace of the new supply outpaces the developers' ability to consume the supply intelligently," said Matt Howard, Sonatype executive vice president. #cybersecurity

In an analysis of 100,000 deployed applications, Sonatype found coders updating open-source dependencies in their wares to a suboptimal version of the library the vast majority of the time.

From Cowbell Cyber, the new marketplace is meant to  provide a destination where prospective and current policyholders c...
09/15/2021
New online marketplace helps companies improve their eligibility for cyber insurance

From Cowbell Cyber, the new marketplace is meant to provide a destination where prospective and current policyholders can find solutions to fill holes in their security that make them a potentially risky proposition for insurance providers. https://www.scmagazine.com/analysis/network-security/new-online-marketplace-helps-companies-improve-their-eligibility-for-cyber-insurance/

MFA is among the biggest areas of need for prospective and current cyber insurance policyholders that are looking to reduce their risk, and perhaps their premiums.

Use of intelligent snapshot technology delivers a significant one-two punch against ransomware and other forms of malwar...
09/15/2021
Immutable storage to the ransomware rescue

Use of intelligent snapshot technology delivers a significant one-two punch against ransomware and other forms of malware: data protection and rapid recovery, says the author of this commentary. #cybersecurity #ransomware #malware

IBM's Denis Kennelly offers a strategy for immutable storage that can help companies mitigate ransomware attacks.

Of the 34% of financial services organizations who said they were hit by ransomware, more than half (51%) said the attac...
09/15/2021
Recovering from a ransomware attack costs financial services $2 million

Of the 34% of financial services organizations who said they were hit by ransomware, more than half (51%) said the attackers succeeded in encrypting their data.

A new report by Sophos showed financial services organizations paid about $2.1 million on average to recover from a ransomware attack, about a quarter of a million dollars more than the global average of $1.85 million.

Krebs: “When you’re talking about companies that are providing a service to the federal government – not just the Depart...
09/14/2021
Former CISA head calls for new legislation to crack down on insider threats

Krebs: “When you’re talking about companies that are providing a service to the federal government – not just the Department of Defense but the civilian agencies as well – I would expect to see enhanced requirements not just on the external threat management but also insider threat management."

https://www.scmagazine.com/analysis/insider-threat/former-cisa-head-calls-for-new-legislation-to-crack-down-on-insider-threats

Chris Krebs said he has recommended Congress establish enhanced requirements around how federal contractors – and perhaps publicly traded companies – are set up to respond to insider threats and communicate with the government in the wake of the incident.

The database belonged to GetHealth, a New York-based unified solution for health and wellness apps, including FitBit, Go...
09/14/2021
Unsecured fitness app database leaks 61M records, highlights health app privacy risks

The database belonged to GetHealth, a New York-based unified solution for health and wellness apps, including FitBit, GoogleFit, 23andMe, and a host of others. #cybersecurity #healthIT

WebsitePlanet and Jeremiah Fowler discovered an unsecured GetHealth database containing nearly 17 GB of health and fitness tracking data in more than 61 million records. It's unclear of the immediate impact of the data compromise, but it demonstrates the ongoing challenges to securing consumer data....

We’re kicking off our free, one-day Secure Cloud Migration virtual event shortly with keynote speaker James Kaplan and h...
09/14/2021

We’re kicking off our free, one-day Secure Cloud Migration virtual event shortly with keynote speaker James Kaplan and his session “Security as code: The only way to protect your business in the cloud”. There’s still time to register but if you can’t attend live, you can still sign up and we’ll send you the recorded content once it’s available. #cybersecurity #cloudmigration #virtualevent
https://fb.me/e/1604olHNG

We’re kicking off our free, one-day Secure Cloud Migration virtual event shortly with keynote speaker James Kaplan and his session “Security as code: The only way to protect your business in the cloud”. There’s still time to register but if you can’t attend live, you can still sign up and we’ll send you the recorded content once it’s available. #cybersecurity #cloudmigration #virtualevent
https://fb.me/e/1604olHNG

Industry needs to focus on a collaborative and scalable approach to making attacks costly to the adversary, whether it’s...
09/14/2021
Raise the cost of cybercrime to defend against the delta variant of ransomware

Industry needs to focus on a collaborative and scalable approach to making attacks costly to the adversary, whether it’s from organized cybercrime groups or nation-state sanctioned groups, says the author of this commentary.

As part of a strategy to mitigate ransomware, governments around the world must start taxing the cryptocurrency exchanges.

With Accurics acquisition, Tenable aims to focus on solving the misconfigurations that have plagued many cloud deploymen...
09/14/2021
Tenable to focus on cloud misconfigurations with Accurics acquisition

With Accurics acquisition, Tenable aims to focus on solving the misconfigurations that have plagued many cloud deployments. #cybersecurity #cloudsecurity

With Accurics acquisition, Tenable aims to focus on solving the misconfigurations that have plagued many cloud deployments.

The House Energy and Commerce Committee teed up legislation Monday as part of the Democrats’ $3.5 trillion reconciliatio...
09/14/2021
House committee tees up new FTC data security bureau

The House Energy and Commerce Committee teed up legislation Monday as part of the Democrats’ $3.5 trillion reconciliation bill that would include $1 billion for the Federal Trade Commission over the next decade to build a new Data Security Bureau.

Congressional legislation would set aside a billion dollars for a new Data Security Bureau, but the bill offers little in the way of details.

Approximately 115,448 patients of LifeLong Medical are just now being notified that their data was accessed and stolen d...
09/13/2021
LifeLong Medical informs 115K patients of Netgain data breach 6 months later

Approximately 115,448 patients of LifeLong Medical are just now being notified that their data was accessed and stolen during a series of ransomware-related intrusions at one of its third-party vendors, Netgain. #cybersecurity #ransomware #healthIT

LifeLong Medical is just now notifying 115,448 patients that their data was compromised during a ransomware attack against one of its vendors, Netgain. However, the initial breach reports were first released more than six months ago, putting the notice far outside the 60-day HIPAA requirement.

Todt most recently was the managing director of the Cyber Readiness Institute, a small-business-focused cybersecurity ad...
09/13/2021
CISA names Kiersten Todt chief of staff

Todt most recently was the managing director of the Cyber Readiness Institute, a small-business-focused cybersecurity advocacy non-profit, and has collaborated with CISA on CRI projects.

Todt most recently was the managing director of the Cyber Readiness Institute, a small-business-focused cybersecurity advocacy non-profit, and has collaborated with CISA on CRI projects.

During M&A, how does the IT security team inventory, catalog and assess the risks of all the new assets it’s just inheri...
09/13/2021
Complexity of asset management brings unexpected risk into M&A process

During M&A, how does the IT security team inventory, catalog and assess the risks of all the new assets it’s just inherited? According to asset management experts, the answer is: as comprehensively and early in the process as possible. But the challenges often pile, introducing significant risk to an already complex process of integration. https://www.scmagazine.com/feature/asset-management/complexity-of-asset-management-brings-unexpected-risk-into-ma-process

Experts reveal the challenges of inheriting new systems and data, and how to get IT security teams involved earlier in the process.

Third-party threats are real and now. That’s according to a Cybersecurity Collaborative task force of chief information ...
09/13/2021
Watch: Task force briefing on third-party threats

Third-party threats are real and now. That’s according to a Cybersecurity Collaborative task force of chief information security officers who developed a framework with supporting tools to build, manage and scale a management program covering third-party risk. WATCH:

Members of the Cybersecurity Collaboration presented a brief on its Third-Party Risk Management Program 2021 Implementation Guide and Toolkit by its task force of CISOs.

WATCH: Cybersecurity and IT teams want systems to operate securely, but their missions begin to diverge when things brea...
09/12/2021
Avoiding the ‘ready, fire, aim approach’ to security

WATCH: Cybersecurity and IT teams want systems to operate securely, but their missions begin to diverge when things break down, said Brendan Williams, #cybersecurity adjunct professor at the University of Dallas, in an SC Media eSummit.

An enterprise’s IT and cybersecurity departments want the same thing: for systems to operate efficiently and securely. However, they begin to diverge when things break down, said the University of Dallas's Brendan Williams.

"Rather than just worried about onesie-twosie computers, it was more about the full attack chain and leveraging that as ...
09/12/2021
Listen: How ransomware put the health sector on notice

"Rather than just worried about onesie-twosie computers, it was more about the full attack chain and leveraging that as a weaponized tool to push through your environment and lock up your environment," Eric Decker, a chief information security officer in the health care industry.

Eric Decker, a CISO in health care, discusses how forging relationships and having the appropriate risk-based discussions to address challenges facing the industry.

A conversation with Benjamin Corll, vice president of cybersecurity and data protection at Coats. One of a series of sec...
09/11/2021
Benjamin Corll: ‘Focus on your people’

A conversation with Benjamin Corll, vice president of cybersecurity and data protection at Coats. One of a series of security leadership profiles prepared by Cybersecurity Collaborative in conjunction with SC Media.

Benjamin Corll of Coats noted that a security leader's primary role is is getting their teams the tools and support that they need in order to be successful. As he put it, we may run the organization, yet we truly work for them.

Google described Private Compute Core as an open source, secure environment isolated from the rest of the operating syst...
09/11/2021
Google separates the OS from the apps for Android 12; will rely on APIs for secure networking

Google described Private Compute Core as an open source, secure environment isolated from the rest of the operating system and applications — a move security researchers view as a potentially effective way to foil hackers.

Google described Private Compute Core as an open source, secure environment isolated from the rest of the operating system and applications — a move security researchers view as a potentially effective way to foil hackers.

Nearly 43% of all websites use WordPress, one of the main reasons the Cybersecurity Infrastructure and Security Agency (...
09/11/2021
WordPress 5.8.1 update features 60 bug fixes, three security updates

Nearly 43% of all websites use WordPress, one of the main reasons the Cybersecurity Infrastructure and Security Agency (CISA) posted a notice for WordPress users to move quickly and update.

Nearly 43% of all websites use WordPress, one of the main reasons the Cybersecurity Infrastructure and Security Agency (CISA) posted a notice for WordPress users to move quickly and update.

These relationships between the Russian government and the #ransomware criminal ecosystem are, the report by Recorded Fu...
09/11/2021
New research solidifies case for symbiotic relationship between Russia and its ransomware ecosystem

These relationships between the Russian government and the #ransomware criminal ecosystem are, the report by Recorded Future notes, indirect, amorphous and “based on spoken and unspoken agreements” as well as “fluid associations.”

The relationship between the Russian government and ransomware groups within its borders are indirect, amorphous and “based on spoken and unspoken agreements” as well as “fluid associations” where the interests of Moscow and the cybercriminal underworld align.

Address

400 Madison Ave
New York, NY
10017

Opening Hours

Monday 9am - 5pm
Tuesday 9am - 5pm
Wednesday 9am - 5pm
Thursday 9am - 5pm
Friday 9am - 5pm

Products

SC Magazine US, SCMedia.com; SC Media Awards

Alerts

Be the first to know and let us send you an email when SC Media posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to SC Media:

Videos

Nearby media companies


Other Media/News Companies in New York

Show All