Security News
The British government has vowed to create a legally binding cybersecurity framework for managed service providers - and if you want to tell gov. Targeted at managed service providers and firms outsourcing their digital infrastructure services alike, the review is described by the government as helping build evidence for "Additional government intervention" to force businesses into formally assessing cyber risks to their supply chains.
Leaders in the InfoSec field face a strange dilemma. The program, known as the vCISO Free Clinic, will let security professionals book a one-on-one meeting with Roberts, completely free of charge.
British infosec accreditation body CREST has declared that it will not be publishing its full report into last year's exam-cheating scandal after all, triggering anger from the cybersecurity community. "The Report of the Independent Investigator contains information that was obtained in confidence and in line with both the terms of the Process and CREST's Complaints and Resolution Measures, the Report is confidential and cannot be made public," said CREST in an update published on its website late on 10 May, right before the CyberUK conference began.
Elevate Security unveils human attack surface management platform. Pioneering a new category in cybersecurity, human attack surface management, the Elevate Security Platform ingests the entirety of an organization's data to gain benchmarked visibility into human error, enabling CISOs to proactively tailor security controls and create 'safety nets' for the riskiest employees.
The new product line is the industry's first set of multi-protocol security keys with support for FIDO2 and WebAuthn, along with smart card, to receive FIPS 140-2 validation, Overall Level 1 and Level 2. Semperis announced Directory Services Protector 3.5, which includes DSP Intelligence, a new module that provides automated security assessments of Microsoft Active Directory.
Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire. Devonshire spent much of 2019 and 2020 in Hong Kong, working as a digital forensics and incident response specialist at Blackpanda and serving as assistant faculty at Hong Kong University.
published revised CISSP educational materials for online and in-person courses. Students enrolled in CISSP education seminars through² or any of its Official Training Partners will receive instruction based on the revised CISSP exam, which took effect on May 1, 2021.
Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics - including a penchant for using a naughtily named email provider. APT29* is the Western infosec world's codename for what we now know is the Russian Foreign Intelligence Service, known by its Russian acronym SVR. As well as publishing a list of things US counterintelligence know about their Russian offensive counterparts, CISA has also added some advice on how to avoid these common Russian intelligence compromise tactics.
DataLocker SafeConsole Suites add key endpoint security and enterprise support features. DataLocker announced the release of two new suites, the SafeConsole Professional Suite and the SafeConsole Enterprise Suite.
Positive Technologies has hit back at the US government's "Groundless accusations" that it helped the Russian state carry out cyber attacks against the West - by highlighting how "Government agencies of different countries" use its products. Yesterday the US Treasury declared that Positive was selling weaponised infosec tech to the Russian government and ran recruiting events for state hacking agencies, which some Western news outlets have interpreted as meaning the company's flagship Positive Hack Days events.