Security News > 2023 > January

Linor spends her days working with cybersecurity founders at her Venture Capital firm. In this spirit, I sat down with successful cybersecurity founders at different points of their company-building and scaling journeys to gain insight into their subjective experiences of carrying the weight of their companies on their shoulders.

The European Union Agency for Cybersecurity has made available Awareness Raising in a Box, a "Do it yourself" toolbox to help organizations in their quest to create and implement a custom security awareness raising program.A guideline on creating an awareness campaign targeted at external stakeholders.

In brief Nearly 3,000 immigrants seeking asylum in the United States have been released from custody after Immigration and Customs Enforcement officials inadvertently published their personal information online. Now, the Los Angeles Times reports that ICE has promised not to deport anyone affected by the breach until they have an opportunity to raise the issue in immigration court.

IoT remains the biggest hurdle in achieving an effective zero-trust security posture across an organization. In this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies fail when applied to IoT. More about.

The sheer volume of reported ICS vulnerabilities and CVEs may cause critical infrastructure asset owners to feel overwhelmed, or need help knowing where to begin, according to SynSaber. There is a deluge of vulnerability disclosures in industrial control systems, often creating anxiety as the security community attempts to patch or remediate each point of exposure - an impossible feat," said Ron Fabela, CTO of SynSaber.

An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security for over 60% of organizations that adopted it. "Awareness is a primer for knowledge, but to truly shift the paradigm and solve the AppSec dilemma, the focus must change from 'awareness' of AppSec to 'in-depth knowledge' and training developers on secure coding practices is the next step in security awareness programs. Vulnerabilities detected earlier in development are easier to resolve and far less costly. And this requires a programmatic and continuous approach to application security education and specifically secure coding training for developers," Baker continued.

In remarks made to Indian outlet The Economic Times, minister of state for electronics and IT Rajeev Chandrasekhar said the government's plan was to "Crack down on enemies of India, state actors, those with vested interests, child sexual abuse, and religious incitement" - but not on general news or comment. Over the weekend, the minister also raised the topic of having Big Tech pay to link to news stories published by India's media.

"Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its clients like FanDuel that they had experienced a security breach within their system that impacted several of their clients," reads a FanDuel 'Notice of Third-Party Vendor Security Incident' seen by BleepingComputer. "On Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were acquired by an unauthorized actor. No customer passwords, financial account information, or other personal information was acquired in this incident."

Last Thursday, FanDuel emailed customers to warn them that the threat actors acquired their names and email addresses during the MailChimp breach. "Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its clients like FanDuel that they had experienced a security breach within their system that impacted several of their clients," reads a FanDuel 'Notice of Third-Party Vendor Security Incident' seen by BleepingComputer.

The Irish Data Protection Commission has fined WhatsApp Ireland €5.5 million after confirming that the messaging service violated the General Data Protection Regulation. On May 25, 2018, the DPC initiated an inquiry into a potential violation of the regulation by WhatsApp following a complaint from a German data subject.