Security News

Indian stock markets given ten day deadline to file infosec report, secure board signoff
2022-05-25 06:53

Indian IT shops have been handed another extraordinarily short deadline within which to perform significant infosec work. MII boards must sign off on lists of critical systems.

Fake Windows exploits target infosec community with Cobalt Strike
2022-05-23 20:12

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.

Fake Windows exploits targets infosec community with Cobalt Strike
2022-05-23 20:12

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.

India slightly softens infosec incident reporting and data retention rules
2022-05-20 04:30

India has slightly softened its controversial new reporting requirements for information security incidents and made it plain they apply to multinational companies. The rules were announced with little advance warning in late April and quickly attracted criticism from industry on grounds including the requirement to report 22 different types of incident within six hours, a requirement to register personal details of individual VPN users, and retention of many log files for 180 days.

Work toward an InfoSec certification with this online training bundle
2022-05-02 16:14

Work toward an InfoSec certification with this online training bundle We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. Want to break into the InfoSec field? The 2022 Ultimate Information Security Certification Bundle offers a great first step.

Infosec products of the month: April 2022
2022-05-02 03:00

Orca Security adds attack path analysis capability to improve the effectiveness of security teams. Keysight Technologies released CyPerf 2.0, a new subscription-based software solution that enables network equipment manufacturers to validate the performance and security of their offerings when deployed in complex distributed cloud environments utilizing zero trust security policies.

India gives local techies 60 days to hit 6-hour deadline for infosec incident reporting
2022-04-29 10:46

India's Computer Emergency Response Team has given many of the nation's IT shops a big job that needs to be done in a hurry: complying with a new set of rules that require organizations to report 20 different types of infosec incidents within six hours of detection, be they a ransomware attack or mere compromise of a social media account. The national infosec agency stated the short deadline is needed as it has identified "Certain gaps causing hindrance in incident analysis."

Singapore to license pentesters and managed infosec operators
2022-04-12 08:30

Cybersecurity service providers must for licenses to operate in Singapore, under new regulations launched by the country's Cyber Security Agency on Monday. Specifically, concerns were raised over whether service providers may aggregate or use anonymised client data for threat intelligence purposes, leading CSA to limit the scope of its license condition.

Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck
2022-04-06 08:15

On the one hand, security leaders and CISOs must be able to communicate strategies clearly - instructions, incident response plans, and security policies. More so than just talking about the dollar value of a security policy security leaders need to show the importance of processes, tasks, decisions, and how threats and other security risks impact the math.

Infosec products of the month: March 2022
2022-04-04 02:45

CybeReady offers a fully-managed security training platform that includes phishing simulations, security awareness, and compliance training capabilities, with built-in expertise already embedded into the training. VMware unveiled new container runtime security capabilities that build upon a strong end-to-end security offering to help customers better secure modern applications at scale.