A new twist on “Parental consent”

An independent guest blogger wrote this blog. I was at breakfast the other day with some family friends, and the topic of genealogy came up.  Over the past few years, various sites have sprouted up that offer to trace your origins all the way back in time; in some cases, all the way back to the eras of early human development.  One of my favorite authors has actually...

Read More

Google trending Cyber Attack news headlines

Greenville Water Utility of South Carolina reportedly became a recent victim of a cyber attack where hackers were either trying to lock down the database through malware or were interested in transmitting the data and then selling the info on the dark web. Spokeswoman Emerald Clark said that the disruption could have impacted over 500,000 customers. But she assured that no data was compromised in the incident. As the servers of Greenville Utility never store the credit card info of its customers, the question of hackers accessing that data is ruled...

Read More

Cloud Security vulnerability detected on Microsoft Azure

Check Point security researchers seem to be taking their job seriously as every week a study made by them discloses to the world vulnerability or the detection of malware in the cyberspace.   The latest flaw happens to be with Microsoft’s Prestigious Azure Cloud Platform as Check Point’s research says that their study has found not one by two flaws on a recent note.   While the first happens to be with the Azure Stack, the second is found hidden in Azure App Services. In both cases, the Israel based Cybersecurity company found that hackers...

Read More

Facebook to pay $550 million as Privacy Concerns settlement

As Facebook (FB) has failed to comply with the Illinois Biometric Information Privacy Act, it has agreed to pay $550 million as a penalty settlement over a lawsuit. This was disclosed by Facebook’s Chief Financial Officer who called it the largest currency settlement in the history of social media over privacy fears. Reports are in that the web services company had to shell out the said amount as it failed to prove before the law that it legally collected the biometric data of users with their full consent. As the current data protection laws suggest...

Read More

Cloud Workload Security – Part 1: Introducing the Forrester Wave Report

An independent evaluation published by leading global research and advisory firm Forrester provides an excellent overview of the security challenges posed by the transition to cloud-based environments—and discusses the cloud workload security solutions best poised to address them. Why is this important? As the shift to cloud-based technology progresses, a growing number of organizations are exposed to the widening gap between traditional security coverage, and the unique needs of the cloud environment. The enterprise of today faces a dual challenge:...

Read More

Security pros hampered by burnout, lack of diversity – how do we fix this?

The cybersecurity profession is in a somewhat precarious state. Not only are cyber pros faced with increasing threats from insiders, but threats from external adversaries also continue to rise and are becoming more sophisticated. At the same time, companies are challenged by a crippling cybersecurity skills shortage: ESG/ISSG recently found that a whopping 74% of organizations have been affected by it. These conditions are combining to take a toll on the cybersecurity profession and the industry. The most obvious and immediate impact is burnout....

Read More

Ransomware Attack on US DOD Contractor

RYUK Ransomware is reported to have targeted the servers of a DOD Contractor last week and news is out that the contractor might take some to recover its data from this incident. The contractor in the discussion is Electronic Warfare Associates (EWA) which is a 40 years old company serving the Department of Defense of the United States from the past 13 years. News is out that EWA websites related to EWA Technologies, EWA Government Systems Inc and Simplicikey along with Homeland Protection Institute were completely disrupted by the invasion of...

Read More

Cyber Attack on UN offices in Geneva and Vienna

A statement released by United Nations yesterday says that its offices in Geneva and Vienna fell prey to a cyber attack which was caused in the middle of last year. Sources say that the hackers managed to access the database storing user accounts, but then after establishing their position went dormant for reasons.   UN’s Geneva Office has clarified that the cyber incident was discovered on August 30th, 2019 and Prima Facie confirmed that the infiltration could have been possibly taken place a month ago i.e. in July’19.   It is confirmed...

Read More

Largest Airports in the world are vulnerable to Cyber Attacks

Almost all large airports in the world are said to be vulnerable to cyber attacks says research compiled by Web Security Company ImmuniWeb. It was discovered in the study that only three airports in the world were found without any single major IT issue and those are as follows- Amsterdam Airport Schiphol (EU), Helsinki Vantaa Airport (EU) and Dublin Airport (EU). Some of the highlights of the ImmuniWeb’s report are 97% of the websites were found to be using outdated software, 24% of websites had security vulnerabilities, 24% of websites had no...

Read More

Cyber attack headlines trending on Google

Finally what we did not expect is happening as a British court has ordered Bitfinex to freeze a Bitcoins payments as it was leading to the wallets of those distributing ransomware.   Yes, you have read it right! As most of the cryptocurrency variants can easily be tracked now, an England and Wales High Court has asked Bitfinex to lock down the bitcoins worth $860,000 stored in one of its user wallets until it submits the KYC form details of the customer.   As some of the amounts have been converted to fiat currency and only the left out...

Read More

China could Cyber Attack UK without Huawei 5G

All these days we have heard from cyber experts that China could launch cyber attacks if in case 5G equipment from Huawei is used in their network upgrades. But now, experts suggest that Beijing could find easier ways to attack the critical infrastructure of the UK, rather than using Huawei equipment.   In the meantime, Downing Street which houses the current Prime Minister of Britain Boris Johnson has given a ‘green signal’ for Huawei to use its 5G network equipment for the network upgrades.   And this solely happened after the National...

Read More

Microsoft wants to curb the growing menace of Cyber Threats in the following way

Microsoft made it official on Tuesday that it has ways to curb the growing menace of cyber threats on government infrastructures across the world. The American tech giant says that the threats can be curbed by collaborating with governments, tech companies, and 3rd party Cybersecurity agencies who in-turn will share data afterward.   According to Rob Lefferts, the Program Manager of 365 Security, Microsoft; the company has taken a strategic stand against cyber-attacks hitting around the world by collecting information on the nations which...

Read More

Avast antivirus caught selling user data

According to a report published in Motherboard, a science & technology blog belonging to VICE, Anti-Virus software offering firm Avast software has been caught selling its users’ web browsing data and other sensitive information to those interested.   However, the fact to be notified here is that the firm is not doing it directly, but is indulging in the sales activities through a subsidiary company called Jumpshot.   Security researchers from Motherboard say that the Avast software can track users and google searches and collects...

Read More

Do you need certifications to get an InfoSec job?

I’ve seen Tweets and heard many discussions about certifications, like CISSP, CEH, OSCP  and so on, in InfoSec. No doubt certifications have value – in many situations hiring managers are quickly going through resumes and certifications are symbolic of at least book-learning, and some degree of dedication to InfoSec. Certifications can be expensive and time consuming...

Read More

World Data Privacy Day on January 28

Every year, January 28th stands as International Data Privacy Day which is being celebrated as said since 2007. The objective of celebrating this day is to promote data protection practices across the world and to raise awareness related to it. However, this day is being celebrated only in the United States, Canada and Israel and 47 other European Countries from the past 13 years or so and the Indian subcontinent from Asia happens to be the only nation celebrating it since 2014.   Historically speaking, the Convention for the Protection of...

Read More

No more Ransomware payments from Taxpayers funds says, New York

State Senators of New York have proposed two new bills that would disallow usage of taxpayers’ funds to pay ransom payments when government agencies fall prey to ransomware attacks. S7246 happens to be the first bill that was proposed by Senator Phil Boyle on January 14th, 2020. And it simply restricts the usage of tax money when it comes to paying a ransom to free up the database of small cities or towns from the file-encrypting malware. However, the bill implies only when the population of the city/town is less than 1 million. If the bill is...

Read More

How Smart Cards Work

An independent guest blogger wrote this blog. In this modern age, there’s been a significant improvement in the digitization of traditional payment methods. We live in a technologically advanced era, and as such, advancements in payment infrastructures makes life easier, transactions faster, swifter, and smoother. Almost all countries in the world are adopting the cashless...

Read More

Solving Public Cloud Security Challenges with Automation

As enterprise workloads move to the cloud, more cybersecurity professionals are experiencing the complications of protecting their workloads in these faster and more dynamic environments. These are  typical public cloud security challenges. Part of the reason is because cloud infrastructure is very easy to set up, so more and more people are now able to do it, even without the help of IT.  With almost anyone having the ability to spin-up cloud services, the rise of net new public cloud security challenges was inevitable. You can...

Read More

Securing Kubernetes Master and Workers

Monolithic applications are outdated. We are now solidly in a development revolution as rapid software development and deployment have become standard. Microservices and containers are key to enabling this new way of working driven by DevOps practices such as Continuous Integration and Continuous Delivery. As a result, securing Kubernetes master and worker nodes has become...

Read More

Citrix Server Vulnerability leads to Ransomware Attack

Citrix Server which allows centrally hosted applications to be delivered to mobile and desktop clients is found to be vulnerable to cyber-attacks which when exploited by hackers can lead to ransomware infections and bitcoins mining.   Citrix has however released a patch for CVE-2019-19781 bug infecting its Application Delivery Controller (ADC) systems and Gateways last week in a hope that all its users will patch their systems to keep away their servers from malware attacks.   Security researchers from FireEye have warned that attackers...

Read More

UK PM Boris Johnson phone hacked by Saudi Prince Salman

Just when the reports are emerging that Amazon founder Jeff Bezos phone was hacked by Saudi Ruler Mohammad Bin Salman in 2018 to access sensitive information, here comes a piece of information from a source from Daily Mail that the Saudi ruler might also have access to UK Prime Minister Boris Johnson’s mobile phone as the latter had exchanged his number with the former during his regime as a foreign secretary of UK in 2016-18. Last Wednesday, some of the media resources alleged the Saudi Prince had hacked the Amazon Chief’s mobile phone in 2018...

Read More

Deloitte acquires Cybersecurity consulting firm SecurePath

New York-based Professional Services firm Deloitte has made it official that it is going to acquire Malaysian Cybersecurity Consulting firm SecurePath. The objective is to strengthen the services of blockchain technology-based Deloitte’s Cyber Risk Services with SecurePath’s Risk Advisory practices such as data loss prevention, cyber threat defense and such. Founded in the year 2011, SecurePath is known to offer cyber threat defense-line to governments and private entities that need Risk & Compliance and Information Management & Protection....

Read More

Ransomware payments and downtime grew in 2019

Ransomware which is a file-encrypting malware has been tagged as the most disruptive cyber-attack of 2019. And this was confirmed by a study carried out by Connecticut based Cybersecurity firm Coverware. In a recent Ransomware Marketplace report released by Coverware, the downtime caused by the malware is reported to have grown by 60% in the last 3Q of 2019 i.e from an average of 12.1 days in 2018 to 16.2 days in 2019. Security researchers who conducted the research say that the rise in the downtime was because hackers were seen targeting mostly...

Read More

SO YOU HAVE DECIDED TO BECOME CYBER SECURITY CERTIFIED, NOW WHAT?

This post was originally published by (ISC)² Management. Toward the end of 2019, I met many aspiring women and men who approached me and said, “Tony, I want to become cyber security certified, how do I do it?” Read more here: https://blog.isc2.org/isc2_blog/2020/01/so-you-have-decided-to-become-cyber-security-certified-now-what-.html Photo:www.mcvts.org The post SO YOU HAVE DECIDED TO BECOME CYBER SECURITY CERTIFIED, NOW WHAT? appeared first on Cybersecurity Insiders. January 24, 2020 at 08:31...

Read More

MOST EMPLOYERS DON’T PAY FULL COST OF CERTIFICATIONS

This post was originally published by  (ISC)² Management. One of the most common complaints cybersecurity professionals voice about their employers is that they have to pay for certifications out of their own pockets. It’s not a trivial issue, since workers consider certifications their number one career hurdle, according the (ISC)2 Cybersecurity Workforce Study 2019. Read more here: https://blog.isc2.org/isc2_blog/2020/01/most-employers-dont-pay-full-cost-of-certifications.html The post MOST EMPLOYERS DON’T PAY FULL COST OF...

Read More

SWITCHING FROM OTHER FIELDS TO CYBERSECURITY IS PROFITABLE

This post was originally published by (ISC)² Management. Here’s a bit of good news for anyone contemplating a career in cybersecurity: Cybersecurity workers who started their careers in other fields tend to get paid more than career-long cybersecurity professionals, according to new research. Read more here: https://blog.isc2.org/isc2_blog/2020/01/switching-from-other-fields-to-cybersecurity-is-profitable.html Photo:blog.eccouncil.org The post SWITCHING FROM OTHER FIELDS TO CYBERSECURITY IS PROFITABLE appeared first on Cybersecurity Insiders. January...

Read More