Security News

The Council explored the state of Chinese infosec research in the context of the 2021 introduction of "Regulations on the Management of Security Vulnerabilities of Network Products" that require local researchers to report any vulns they find to local authorities. A ban on Chinese researchers participating in international infosec competitions is thought to have been imposed for similar reasons.

LabMD, the embattled and now defunct cancer-testing company, will get another chance at suing security firm Tiversa for defamation following an appeals court ruling. The testing laboratory has long alleged that: Tiversa illegally obtained a 1,178-page computer file containing confidential data on more than 9,000 LabMD patients back in 2008; lied about the file being publicly available on a peer-to-peer file-sharing network and that it was downloaded by miscreants; and tried to use this alleged privacy fiasco to bully the medical company into paying for Tiversa's incident response services to the tune of $475 an hour.

Scrut Risk Management is an assessment tool that combines all required elements of risk management, including mapping standard specific controls to risks, tracking compliance progress against each mitigated risk, and computing inherent and residual risk - under one umbrella. Halo Security platform combines external asset risk and vulnerability assessment, and penetration testing services to provide organizations complete visibility into the risk posture of their internet-exposed assets on an on-going basis.

Darktrace launched Darktrace PREVENT, an interconnected set of AI products that deliver a proactive cyber security capability to help organizations pre-empt future cyber-attacks. CertiK launched several web3 Skynet security features to bolster end-to-end security for the web3 world.

How many cybersecurity vendors are active at the moment? What are they offering? How is their business doing? These are just some of the questions that Richard Stiennon, Chief Research Analyst at IT-Harvest, is trying to answer on a daily basis. The former Gartner Research VP and industry executive is one of the industry's most prominent analysts and creator of the Analyst Dashboard, a web app that reveals data on 2,850 cybersecurity vendors.

As a result of this drive toward security technology consolidation, 77% of infosec pros would like to see more industry cooperation and support for open standards promoting interoperability. As thousands of cybersecurity technology vendors compete against each other across numerous security product categories, organizations are aiming to optimize all security technologies in their stack at once, and vendors that support open standards for technology integration will be best positioned to meet this change in the industry, according to a new annual global study of cybersecurity professionals by ISSA and ESG. The new research report, Technology Perspectives from Cybersecurity Professionals, surveyed 280 cybersecurity professionals, focused on security processes and technologies, and revealed that 83% of security professionals believe that future technology interoperability depends upon established industry standards.

What the hell are we supposed to do with this information? Is this an error in the suspicious activity detector? Is this the result of hacking attempts via compromised Microsoft systems? Is it Microsoft bungling some sort of management task? At the time of writing, nobody knows. That's quite a remarkable response to a threat that's difficult to enumerate.

Iran's Communications Ministry joined in a pledge with Russian state-owned defence and technology conglomerate Rostec to explore future collaboration in e-government, information security, and other areas. News of the collaboration came in a statement published on Friday by Iran's Information Technology Organization - a government agency charged with developing policy related to data networks and digital services.

Cynet Automated Response Playbooks empowers security teams to reduce their alert investigation. Cynet's Automated Response Playbooks automate manual tasks and workflows, empowering security teams to reduce their alert investigation and response times by 90%. In addition to freeing up valuable time for security teams, the playbooks provide a defined, consistent response process for more accurate security decisions and ensure that all alerts are properly addressed.

India's Ministry of Electronics and Information Technology and the local Computer Emergency Response Team have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India.