Security News

Businesses operating in the word of infosec have been urged to write to the Home Office and support a public interest defence being added to the Computer Misuse Act. On a TechUK-organised call to discuss industry's response to the review of the act, British and overseas companies operating in the UK were urged by both the industry body and the Cyberup campaign to tell UK.gov what they think the law ought to say.

Where does the tip of the spear turn to for a helping hand? One popular avenue is to turn to a virtual CISO, an external consultant who can offer strategic advice, suggestions, and help find insights that can be instrumental in building better security systems. With that in mind, Chris Roberts, Cynet's chief security strategist is offering a new program to give InfoSec leaders a new avenue for support, advice, and valuable insights.

Designed to support modern security organizations increasingly delegating malware analysis to specific security operations or development security operations experts, the ReversingLabs Malware Lab solution equips these teams with a unified threat analysis engine and console to rapidly detect, classify, analyze, and respond to malicious files and associated Indicators of Compromise. Qualys CyberSecurity Asset Management brings security teams the automation they need.

The British government has vowed to create a legally binding cybersecurity framework for managed service providers - and if you want to tell gov. Targeted at managed service providers and firms outsourcing their digital infrastructure services alike, the review is described by the government as helping build evidence for "Additional government intervention" to force businesses into formally assessing cyber risks to their supply chains.

Leaders in the InfoSec field face a strange dilemma. The program, known as the vCISO Free Clinic, will let security professionals book a one-on-one meeting with Roberts, completely free of charge.

British infosec accreditation body CREST has declared that it will not be publishing its full report into last year's exam-cheating scandal after all, triggering anger from the cybersecurity community. "The Report of the Independent Investigator contains information that was obtained in confidence and in line with both the terms of the Process and CREST's Complaints and Resolution Measures, the Report is confidential and cannot be made public," said CREST in an update published on its website late on 10 May, right before the CyberUK conference began.

Elevate Security unveils human attack surface management platform. Pioneering a new category in cybersecurity, human attack surface management, the Elevate Security Platform ingests the entirety of an organization's data to gain benchmarked visibility into human error, enabling CISOs to proactively tailor security controls and create 'safety nets' for the riskiest employees.

The new product line is the industry's first set of multi-protocol security keys with support for FIDO2 and WebAuthn, along with smart card, to receive FIPS 140-2 validation, Overall Level 1 and Level 2. Semperis announced Directory Services Protector 3.5, which includes DSP Intelligence, a new module that provides automated security assessments of Microsoft Active Directory.

Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire. Devonshire spent much of 2019 and 2020 in Hong Kong, working as a digital forensics and incident response specialist at Blackpanda and serving as assistant faculty at Hong Kong University.

published revised CISSP educational materials for online and in-person courses. Students enrolled in CISSP education seminars through² or any of its Official Training Partners will receive instruction based on the revised CISSP exam, which took effect on May 1, 2021.