Security News > 2021 > September

Just a couple of years of IT experience is all that's necessary to break into the cybersecurity field with this self-paced training. Tech giant Cisco has such a significant share of networking technologies on the market, so the Cisco 210-260 IINS: Implementing Cisco Network Security course is a logical choice for anyone already familiar with the company's systems.

Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation. On September 16th, 2021, VoIP.ms became the victim of a distributed denial-of-service attack targeting their infrastructure, including DNS name servers.

While most of Azure Active Directory's security features require an enterprise Microsoft 365 account, an E3 or better, you can still get some benefit from Azure Active Directory from an Office 365 account. It's worth using these tools to see what exposure you have to drive-by attacks, where techniques like password dictionary sprays are used to break into poorly secured accounts.

The Republican Governors Association revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. Following an investigation started after March 10, "RGA determined that the threat actors accessed a small portion of RGA's email environment between February 2021 and March 2021, and that personal information may have been accessible to the threat actor(s) as a result."

EventBuilder is a software solution for creating virtual events using Microsoft technologies and integrates with Microsoft Teams and Teams Live Events extension. The platform is a member of the Microsoft Supplier Program and is used by Microsoft to host events for external audiences.

Shadow APIs can also be present when applications are not properly decommissioned, leaving APIs accessible and vulnerable to attack. Because you can't protect what you can't see, it is imperative that you discover, catalog, and bring your shadow APIs under governance before they are discovered by bad actors and exploited.

In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million last year alone. "The Spanish National Police, supported by the Italian National Police, Europol and Eurojust, dismantled an organised crime group linked to the Italian Mafia involved in online fraud, money laundering, drug trafficking and property crime," the Europol said today.

As a result, it's never been more important to attract and develop employees in cybersecurity - and here are a few best practices for doing so. Employee retention will never be a "One-size-fits-all" initiative, which means hiring managers and HR leaders must make the time and investment to understand their employees and the company at large.

In this interview with Help Net Security, Shauli Rozen, CEO at ARMO, talks about securing Kubernetes systems, what makes them susceptible to cyberattacks and what should organizations expect when deploying them. High value targets - as Kubernetes becomes more mainstream, used by more companies, in more environments, it is now placed in places with high value, it is no longer just in a small workload somewhere, a test application, or a "Software playground" - it is right there in the core of production environment and in an extremely fast rising number of organizations.

Data decay is the aging and obsolescence of data in such a way that makes it no longer usable due to loss of its integrity, completeness, and accuracy. Data decay is often a symptom of poor data management, and little or no data lifecycle processes in place.