Security News > 2022 > July

The event focused on building the cyber workforce, improving skills-based pathways to cyber jobs, educating Americans so that they have the skills they need to thrive in a digital society, and improving Diversity, Equity, Inclusion, and Accessibility in the cyber field. These funds will be used to double the annual number of graduates of The Beacom College of Computer and Cyber Sciences over the next 5 years, launch a statewide Governor's Cyber Academy accessible to all high school students, and build and operate an applied research laboratory facility in Sioux Falls, South Dakota.

Companies with small security teams continue to face a number of distinctive challenges that place these organizations at greater risk than larger enterprises, according to Cynet. This Help Net Security video highlights how a lack of staff, skills, and resources drives smaller teams to shift their approach to security.

Two notorious characters from the British security services have published a paper that once again suggests breaking end-to-end encryption would be a good thing for society. Nearly four years ago Ian Levy, technical director of the UK National Cyber Security Centre, along with technical director for cryptanalysis at the British spy agency GCHQ Crispin Robinson, published a paper arguing for "Virtual crocodile clips" on encrypted communications that could be used to keep us all safe from harm.

The DCMS helped fund the roll out of assurance schemes leading to IASME launching its IoT Security Assured Scheme in 2021. The theory is that the product assurance scheme will spur compliance ahead of the PSTI, making the transition that much easier for the IoT industry, and the fact that many have aimed high suggests the approach is working.

As the popularity of Buy Now, Pay Later grows, organizations and consumers must remain vigilant or risk becoming a victim of fraud, as account takeover attacks - where cybercriminals take ownership of online accounts using stolen passwords and usernames - surged by 148% last year. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses how organizations need to prepare for fraudulent BNPL activity.

Detectree, developed by WithSecure, is a detection visualization tool for cyber security defense teams. "Time is always working against incident responders. And looking through rows of text data and making connections between them and the suspicious activity under investigation is time spent not remediating the problem, which is a real waste when you're under pressure to stop an attack."

A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "Uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network.

Iran's Communications Ministry joined in a pledge with Russian state-owned defence and technology conglomerate Rostec to explore future collaboration in e-government, information security, and other areas. News of the collaboration came in a statement published on Friday by Iran's Information Technology Organization - a government agency charged with developing policy related to data networks and digital services.

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. Poor visibility into security threats against mobile apps.

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. While this account, Atlassian says, is to help administrators migrate data from the app to Confluence Cloud, it's also created with a hard-coded password, effectively allowing viewing and editing all non-restricted pages within Confluence by default.