The authors told SC Media for five of the 11 systems, they wound up mistakenly testing the vendors' endpoint protection platforms instead of their EDR systems.

Who in the business world should be worried about these types of tools? If you hold or manage data that is valuable to foreign governments, you may be an attractive target.

Acquisitions by Cybereason and Sophos highlight the growing maturity of the XDR market as businesses look to translate mountains of telemetry and threat data into real-time detection.

A credit ratings agency warned that industries that rely on a single IT or security provider who gets hit with ransomware could see their own credit postures threatened if it leads to significant outages, downtime or service disruption.

As more countries and businesses enter the domain in the coming years, it will increase the potential dangers not only from debris but also from targeted cyber against satellites, ships and other assets.

A joint security advisory by the U.S., U.K. and Australia serves as a reminder that threat actors can and do ride unpatched vulnerabilities for years and can still find plenty of victims.

Chief information security officers are enjoying a heightened profile and surging pay in the wake of the coronavirus pandemic, but they still have little to no presence on most corporate boards, according to a new survey of 354 CISOs conducted by executive recruiting firm Heidrick and Struggles.

CISA said the departments of Homeland Security, Labor and Interior will be the first federal agencies to participate in a program that will allow outside security researchers to legally test selected federal systems for security weaknesses.

VirusTotal is seeking to curb the scourge of security alert fatigue by rolling out a new feature called Known Distributors, which allows developers to identify the provenance of submitted files back to their original company or product line.

A report identifies three distinct clusters of activity that resemble the technique’s employed by Hafnium. Like Hafnium, all three are believed or suspected to have ties to the Chinese government.

Defendants in a class action lawsuit against SolarWinds following the hack of their Orion management software pressed a Texas judge to throw out the case, alleging the plaintiffs have not alleged or proven any malicious intent by the accused parties to mislead or deceive investors.

Attackers have traditionally shied away from attempts to compromise huge numbers of targets in a single attack. The incentives for doing so may be changing.

The researchers are holding back on technical details because there are currently no patches and the vulnerabilities may extend beyond one company.

A technology-based hedge fund outlined how they were able to save millions of dollars, ingest exponentially more data and cut down on the avalanche of false positives by building their own custom SIEM.

A bug in Amazon’s Kindle e-books, since patched, can allow an attacker to smuggle malware and gain root access to a victim’s device, steal tokens, steal or delete other sensitive data and even turn your internet-connected Kindle against your own network.

Researchers have identified thousands of vulnerable, unpatched servers thus far across government and industry, while a former Microsoft security employee was sharply critical of the way the company has handled disclosure and remediation.

The deals reflect how the U.S. sees better information sharing as key to addressing larger issues – like attributing cyberattacks – that are increasingly driving domestic and international cybersecurity problems.

Bennie Thompson, D-Miss., is worried three pending bills that would compel the Department of Energy to engage with companies and critical infrastructure on cyber issues could end up exacerbating silos in federal cybersecurity coordination and spread budgets and resources thinner.

Ultimately, the system is designed to create a separate track for cybersecurity candidates to hire faster, pay more and sidestep box-checking requirements around qualifications and skillsets that don't translate to cybersecurity.

“Recent events, including the SolarWinds incident, underscore the importance of increased government visibility before, during, and after a cybersecurity incident,” Acting OMB Director Shalanda Young wrote in a memo to agencies.

A document released by the agency this week provides insight into how national security organizations responsible for keeping sensitive classified or unclassified data safe from hackers and foreign intelligence services should approach replacing their classical encryption protocols with new quantum-resistant ones.

The latest defense authorization bill moving through Congress has a proposal designed to reset cyber threat information sharing relationships between government agencies and industry. Whether it pans out or join a growing graveyard of past government efforts remains to be seen.

Committee Chair Adam Smith, D-Wash., said requesting more documents from the inspector general would only reopen old political wounds and further delay DoD's cloud and security plans.

A bill introduced in the House this week would create a program within the Cybersecurity and Infrastructure Security Agency to retrain military veterans and members of the armed forces.

The move comes the same day the Investigations and Threat Management Service, which tracked online Census disinformation and conducted insider threat investigations, was hammered in a watchdog report for abusing and overstepping its authorities.

 A new draft memo seeks to build out the federal government’s underlying zero trust architecture in order to smooth the path for a coterie of recent cybersecurity related executive orders, initiatives and mandates from President Joe Biden.

National Cyber Director Chris Inglis sketched out how the Biden administration intends to divvy up cybersecurity responsibilities to an increasingly crowded room of federal agencies and officials.

The relationship between the Russian government and ransomware groups within its borders are indirect, amorphous and “based on spoken and unspoken agreements” as well as “fluid associations” where the interests of Moscow and the cybercriminal underworld align.

Congressional legislation would set aside a billion dollars for a new Data Security Bureau, but the bill offers little in the way of details.

Chris Krebs said he has recommended Congress establish "enhanced requirements" around how federal contractors – and perhaps publicly traded companies – are set up to respond to insider threats and communicate with the government in the wake of the incident.

The breach perpetrated by two “rogue employees” who worked on the e-commerce platform’s support team illustrates how certain roles within an organization may require more stringent monitoring.

Said Rep. Michael Gallagher, R-Wis., co-chair of the Cyber Solarium Commission: “The private sector is at the front lines of cybersecurity – the main effort. Right now, who do they look to in a crisis?"

A recent rash of cyberattacks against web commerce sites relying on Adobe's Magento 1 platform underscores the criticality of having a strategy in place for securing technology no longer supported by the vendor.

Bugcrowd CEO Ashish Gupta spoke with SC Media about his company's support for Zoom's bug bounty program and the strides he believes the teleconferencing platform has made to protect data and privacy.

The problem is that mechanisms for law enforcement to circumvent encryption inherently weaken security by adding an additional layer of access.

Cloud computing can be the greatest enabler, but also a critical security challenge. Join us starting at 10:30 a.m. on Wednesday, Oct. 21, to hear how to strike the proper balance.

It’s critical for an organization to prepare for a ransomware attack, now more than ever as reports about ransomware attacks on hospitals have dominated the tech news.

Trying to break into the largest company in the world leaves a lot of ground to cover.

Keri Pearlson has invested in “changing attitudes, values and beliefs” to establish a cybersecurity culture, an initiative she says can draw from marketing principles and managerial tools to be successful.

As a respected cybersecurity strategist, Caroline Wong believes in the power of data and metrics to gauge the effectiveness of a company’s security program.

Runa Sandvik, who left the New York Times about a year ago to return to her consultancy, attributes heightened awareness “to the experts who track threats and the journalists who write about them.” 

said one analyst, COVID-19 has brought the perfect distraction for threat actors to leverage and exploit, and they have not been shy about targeting pharmaceutical companies throughout the pandemic.

Supporting organizations that stretched from Colorado to China, security leaders detail COVID tech response.

CTI co-founder Alexander Niejelow, senior vice president of cybersecurity coordination and advocacy at Mastercard, shared the latest developments of this new program with SC Media as it prepares to review its next set of incoming applications.

The company said in a recent quarterly filing that it had contained the attack and although some business functions were temporarily impacted, the security team restored its operations.

All three vulnerabilities were used as part of an exploit chain that lets attackers compromise iOS devices and potentially turn users' devices against them.

Two recent reports reiterate that even with progress, the skills gap continues to pose a significant threat to organizations.

Join us for an event Nov. 18-19, where experts from the cybersecurity community, across sectors, will examine today's endpoint security challenge. And the challenges are many.

Because the attacker never actually sends an email over the internet, the email essentially bypasses certain email security solutions that would ordinarily detect and filter out the malicious message while en route.

A number of factors have come together to make it increasingly difficult for banks to comply with evolving regulations that require them to integrate data sources so they can report a clear risk picture.

Those interested in providing their input can complete the judging form, no later than December 11 to be considered.

The first priority for CISOs has become building cyber resilience. This means migrating to the cloud, enforcing cloud security, and enabling a “work from anywhere” workforce. We’ll see this play out through investment in three distinct areas.

The plot: identify and capture an insider threat within your organization before he or she is able to divert payroll funds.

The comments come on the heels of IBM's discovery that hackers had targeted the cold storage suppliers for COVID-19 vaccine distribution.

The World Economic Forum's Tal Goldstein and Derek Manky of Fortinet spoke to SC Media about the Partnership against Cybercrime Working Group’s recommendations for organizations facing cybercrime challenges.

This technique – called a known partner compromise – started with a malicious actor impersonating a vendor and sending what appeared to be an encrypted message.

The Microsoft bug is a zero-click remote code execution vulnerability for macOS, Windows and Linux, which means the recipient of a Teams message does not need to perform any sort of action to be infected.

In an interview with SC Media, the former leaders and founders of Tenable explained why they believe cybersecurity nonprofits have long been overlooked for funding, despite playing a key role in creating a more secure world.

Happy shopping: Beyond standard skimming techniques that focus on the client-side, attackers are increasingly focusing on back-end applications.

In the U.S. alone, some 6,000 companies and organizations run Dell Wyse thin clients inside their networks, many of which are health care providers.

For U.S. firms, whose home nation already has different privacy laws state by state, a new U.K. regime might be one more for the pile.

The poor record raises questions about whether the mobile carrier's massive merger with Sprint left the combined company more vulnerable.

The Chinese espionage group APT27 has moved into more financially-motivated cybercrimes, using ransomware to encrypt core servers at major gaming companies worldwide.

A new remote access trojan (RAT) lures cryptocurrency users to download trojanized apps by promoting the apps in dedicated online forums and on social media.

The agency has found evidence of authentication token abuse in networks infected with corrupted versions of Orion software and say restoring integrity will require a full network rebuild in certain cases.

NSA's Anne Neuberger will assume her new role on the heels of some other shifts among cyber leaders: John Costello resigned as deputy assistant secretary for intelligence and security at the Commerce Department, and ousted CISA director Chris Krebs is heading to SolarWinds.

News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.

Google’s Project Zero this week introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.

The number of SolarWinds victims will likely grow in the upcoming months, but direct insured costs should remain close to the current estimate since many of the organizations hit – particularly federal agencies – do not carry insurance against cyber risks.

New complimentary offerings are helping current, aspiring and unemployed infosec professionals gain an upper hand in a down economy, while aiding an industry facing a growing skills gap.

While Teardrop was delivered by the original Sunburst backdoor in early July 2020, Raindrop was used just under two weeks later for spreading laterally across the victim’s network, Symantec said in a report.

Based on the malware features, the researchers said the attackers use the compromised systems for further attacks, spreading laterally across the victim company’s network, or launching attacks on outside targets while masquerading as the compromised company.

While the threat actor’s motives are not fully apparent, researchers believe it was an effort to conduct reconnaissance for future campaigns.

Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell all provided fixes for their respective products after security firm Claroty privately disclosed them during 2020.

The information leaked was prime for exploitation by other threat actors, especially for insurance scams.

The attacks have been spread out between the U.S., Europe, and Asia, and have included HPC clusters as well as university systems, a large internet service provider, personal systems, and marketing and hosting firms.

Out-of-office email messages serve an important business communications function, and a strong social media profile is a great way to network with your peers and brand yourself. So the question becomes: Where do you draw the line? What constitutes TMI?

The findings highlight a troubling habit that software developers can sometimes fall into: hastily scramble to issue an urgent vulnerability patch, only to move on to the next issue without fully grasping the underlying cause or crafting a wholistic fix.

In what could have been the dystopian future envisioned by sci-fi author William Gibson or just another bad day for CD Projekt Red, the company was hit with a 48-hour ransom demand by an undetermined hacking group.

The National Industries of the Blind's efforts have primarily been tied to government programs and contracts. But through a new spinoff, the blind and visually impaired can take advantage of workforce development opportunities in the private sector, in such sectors as cybersecurity, banking and energy.

Pseudonymous authors published more than 150 copycat packages just three days after research revealed a software supply chain flaw, attempting to exploit the vulnerabilities in the brief window before a patch.

Why would a company choose to relocate to a country with more stringent standards? As a proof point to customers. But other companies in the privacy community argue that building trust is more complicated than hopping a plane to Geneva.

Most organizations, 72 percent, plan to ditch VPNs, according to Zscaler's 2021 VPN Risk Report, which found that 67 percent of organizations are considering remote access alternatives.

The Cuba ransomware gang launched assaults in February on a payment processor widely used by many state and municipal agencies across the United States to manage utility bills and driver’s license data.

The threat actors are “quite clever” in using Google Alerts as an attack vector to prompt users to "update" Adobe Flash Player.

Here's what the television show got right, and what it got wrong, from the role of cyber insurance, to response and recovery timelines.

As Black History Month drew to a close and Women’s Month began, BlackGirlsHack founder Tennisha Martin discussed with SC Media the barriers to diversity in the cybersecurity workforce and how a recent partnership with RangeForce will help the non-profit contribute to change.

The program is designed to be an educational tool for testing anti-virus protections; however, it’s possible that cybercriminals could adopt and modify the code in order to launch their own attacks.

The lesson here: malicious actors continue to leverage the combination of automated scanners and scripts to strategically rack up high victim counts, especially when they sense time to inflict damage before patching is running out.

Security pros need to prioritize patching a memory corruption vulnerability flaw found in Internet Explorer 11 and 9, and Edge browsers.

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada. Now experts are weighing in on the potential ramifications that can befall an organization if security footage is leaked or falls into the wrong hands.

Deep Instinct announced that it would back its product with a performance guarantee that delivers false positivity rates of less than 1 percent, plus a ransomware warranty of up to $3 million per company for a single breach.

The backdoor is able to record the victim’s microphone, camera and keyboard entries, plus can upload and download files.

Leadership awards recognize the individuals within organizations large and small, ensuring cybersecurity remains a priority and that challenges and cultural hurdles receive the attention they deserve.

The vulnerability was actively exploited in the wild – the company’s seventh such announcement of a zero-day patch in the past five months.

A new study found that one in five files in health care are visible to all employees – including one in eight containing sensitive information. And more than three-quarters of organizations in the sector had at least 500 accounts that expire, and even more than that had at least a thousand "ghost accounts" of former employees that were never closed.

Coca-Cola had a serious insider breach in 2018 when a former employee was found to have PII on some 8,000 employees. Today’s columnist, Neel Lukka of CurrentWare, offers eight security tips for offboarding employees when they leave the company.

Challenges include avoiding false-positive alerts, understanding a complex blend of IT and OT, and establishing policies on attack response.

In Episode 7 of the CISO Stories podcast, Paul Hypki, CISO at Children's Hospitals and Clinics of Minnesota, talks to the Cybersecurity Collaborative's Todd Fitzgerald about allocating funds to those places where organizations can achieve the maximum risk reduction.

Any disruption to Greyware’s Domain Time II could make it virtually impossible to track a security incident – and any sequence of events that are important to the business or regulators.

Collaboration tools that have become more central to how organizations operate since the pandemic are poorly understood by infosec teams and are relatively immature in terms of accompanying security protections provided by third parties.

The financial burden of compliance with piling security standards could force some device manufacturers to walk away from highly regulated buyers like the Pentagon.

The popular social news site and community forum platform has run a private program with HackerOne for the past three years, but hopes that by going public, it can more quickly address vulnerabilities, improve its defenses and keep the platform secure.

The move is being hailed as a landmark use of a new authority. But some in the cybersecurity community point to a lack of any clear standard for when and how government may hack private systems.

At a pair of hearings on Wednesday and Thursday, the National Security Agency and U.S. Cyber Command director again pushed back against a brewing Senate plan for the NSA to monitor domestic networks for foreign hackers.

The latest fallout of ransomware attacks may involve stock manipulation, with one group openly coaxing stock traders to reach out and receive the inside scoop on the gang’s latest corporate victims, so they can short sell their stock before data is leaked and the news goes public.

Okta Identity Cloud serves as the independent and neutral identity layer of an organization’s technology stack, securely connecting users to any technology.

Is cyber a hurdle to success, or might it be an enabler? In this SC Awards Winners Circle roundtable, cybersecurity leaders, and award recipients, share how organizations can shift the mindset and understand how a culture of security may be good for business.

More than 60 stakeholders contributed to a ransomware framework released Thursday morning, which advocates for nearly 50 interlocking government and private sector strategies to tackle the criminal scourge.

Led by threat intelligence program lead Filip Stokovski, the Adobe Security Coordination Center created a new framework that breaks analysis down into four steps: collect information that’s relevant, be efficient, make your findings analyst-driven and make your intelligence deliverable to other parties.

Sounil Yu, who recently took a new position as CISO and senior vice president for research at for JuniperOne, developed the Cybersecurity Matrix, giving security decision-makers a clear, one-page visual representation of all the vendors they rely on, which cybersecurity function they fulfill and where there may be gaps in coverage.

If Camille Francois of Graphika isn’t a rising star in a traditional sense, she is a rising star because the sky is moving around her. The importance of disinformation research became clear in the 2020 elections – the first time technological solutions were deemed a means of rooting out disinformation networks in media res.

This year’s awards feel quite different because – clearly – this was no ordinary year. The demands placed upon both cybersecurity professionals and vendors were profound, inching on extraordinary. But for all the challenges, these were inspiring times.

Researchers found 21 unique vulnerabilities in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges.

Cloud malware can be used to conduct reconnaissance, launch employee-to-employee attacks, and steal files and emails from cloud platforms.

Average quarterly exposure to phishing attacks on mobile devices in the financial sector rose by 125% – and malware and app risk exposure increased by more than five times.

Herb Stapleton, cyber division section chief at the FBI detailed lessons that emerged during 2020 in how to fight back against ransomware crime groups, and how those influence efforts in 2021 to respond to attacks.

For the first time since the Verizon Data Breach Investigations Report began tracking cyberattack techniques, threat patterns affecting small and medium businesses began to closely align with the patterns affecting large firms.

Ahead of his session at the RSA Conference, SC Media spoke to Bernard Brantley, CISO at Corelight, as well as Carraig Stanwyck, H&R Block's manager of global security operations, to understand the potential benefit of open source expertise.

Code automation company BluBracket on Thursday said it raised $12 million in Series A funding so it can continue to work with DevSecOps teams to build security into products from the start and shift code development left.

Today’s columnist, Rick Holland of Digital Shadows, says companies should start moving forward on President Biden’s Executive Order and work to develop more thorough software bills of materials.

Informal chats via text or business communications platforms could be used against an individual or the company to prove mishandling of a security incident, even if the organization may have acted responsibly.

According to the FBI, these health care and first responder networks are among the more than 400 organizations worldwide victimized by Conti – and over 290 are located in the U.S.

The TSA order marks the first mandatory cybersecurity practices for pipelines, and what some expect will be the first of more standards that the government puts in place to regulate how critical infrastructure operators protect networks and systems.

Using a hijacked Constant Contact email marketing account of USAID, the adversaries sent phishing emails to roughly 3,000 accounts at more than 150 different organizations. About 25 percent of these targets were international development, humanitarian and human rights organizations.

Though contracts would not require remediation of vulnerabilities brought in through the programs, the government would be able to not renew contracts with companies whose handling of vulnerabilities raised researchers' ire.

Today’s columnist, Greg Higham of Malwarebytes, says ransomware groups like REvil have proliferated during the pandemic, most recently hitting meat packing plant JBS. Increased ransomware attacks coupled with the need to secure remote workers has led to corporate acceptance of zero trust.

Today’s columnist, Louis Evans of Arctic Wolf, says ransomware gets the headlines, but the Verizon DBIR study points out that security teams still need to lookout for business email compromises. A major BEC by the Russian group RedCurl last summer hit 14 companies in six countries, including construction companies, financial firms, retailers, insurance businesses, law firms, and travel.

Developed by the CSA’s Health Information Management Working Group, the Telehealth Risk Management publication offers best practices for the creation, storage, use, sharing, archiving, and potential destruction of data in three specific domains: governance, privacy, and security.

The U.S. Federal Trade Commission released guidance on AI in April. Today’s columnist, David Balaban of Privacy-PC, says government regulation could likely hold back the technology’s progress.

Said Mohit Tiwari, the company’s co-founder and CEO: “Given that so many organizations are moving to the cloud, this is a once in a generation opportunity to reset security so it’s answering questions about data. Our goal is to map data and track data flows – at scale."

Newly emergent Grief ransomware is another example of how cybercriminal groups change names and coding to confuse victims and circumvent federal restrictions.

Today’s columnist, Tim Erlin of Tripwire, says while Amazon may change some default security configurations now that Adam Selipsky has taken the top job at AWS, companies looking to boost cloud security need to align to industry standards, leverage automation to limit cloud misconfigurations and don't rely solely on cloud service providers for security.

Most providers are aware of the importance of medical device security. But that acknowledgement hasn’t translated into stronger processes for inventory or response.

Failure to patch could lead to what one researcher described as "a catastrophic security incident such as data theft, financial fraud, or ransomware.”

APIs have been around for years, but the adoption of cloud and cloud services are leading drivers behind explosive use recently, enabling attackers to elevate privileges and move laterally throughout networks.

This month’s Patch Tuesday from Microsoft comes just days after out-of-band updates were released to address PrintNightmare and other vulnerabilities.

Said the vice president of global security and privacy risk management role at Reinsurance Group: "I’ve always organically wanted growth in my career to happen, so every two to three years, I would find myself in conversations with my boss about what’s next? What opportunities, what challenges, what can I help with?”

The cybersecurity investor who sits on multiple boards and advises the Defense Department and Congress calls the amount of money flowing into the industry unprecedented. “It used to be that when we had five, six billion a year flowing into the market from a venture capital perspective that was a good year for us. We’re headed towards somewhere between 15 to 20 billion coming into the cybersecurity industry."

“The biggest way that I’ve confronted self-doubt is by finding people who believe in me and will kind of hype me up when I need it, to the point where I believe in myself."

Critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities were listed among the targeted or vulnerable sectors.

Women, cybersecurity and power: for decades it's been a rare brew. While the status quo is still rife with inequality and injustice, female leaders driving the decision making in corporate board rooms, the halls of government and policy and in the investment arena are becoming a more common sight.

The Federal Energy Regulatory Commission is asking input on information collection regulations for how energy companies secure bulk electric systems while its CIO speculated earlier this month that regulated energy utilities will likely need to follow recent government actions around implementing zero trust architectures.

Said the chief security officer at Elevate Credits: "As complex as security is, one wrong change could be that one time you think ‘I shouldn’t have done that’ and then it could be an entry point for a threat actor.”

The input will feed into a report government is developing on cybersecurity and other risks affecting critical sectors and subsectors of the information and communications technology industrial base.