Security News
Last week ended with news that the venerable infosec mailing list Bugtraq was being shutdown at the end of the month. From its first posts in November 1993, Bugtraq aimed to get details of vulnerabilities, as well as defence and exploitation techniques, onto netizens' radar, and discussed among admins and security researchers.
By running a survey on whether infosec bods think the Common Vulnerability Scoring System is a useful tool for assessing security flaws, Dr Zinaida Benenson of Friedrich-Alexander Universität Erlangen-Nürnberg's IT Security Infrastructure Lab in Germany hopes to further the infosec world's understanding of how reliable the system really is. While the survey hopes to gain up to 300 respondents, Benenson was coy about precisely what she's hoping to prove or disprove, but she did drop The Register a hint about the current state of CVSS scoring.
When it comes to cybersec certifications, GIAC is the gold standard. The organisation takes pride in certifications that "Rather than skimming the surface of different skillsetsare a mile deep for specialised job-focused tasks." And GIAC exams with Cyberlive don't just test you on the theory, but show you've proven your skills in lab-based situations.
While in 2020 organizations were focused on adapting existing technology to borderless and disconnected environments, we will see a massive shift to cloud-native solutions in 2021. In addition to new attacks on container-based environments, 2021 will bring the heightened threat of ransomware and new solutions to combat disinformation.
Naked Security's Paul Ducklin interviews Sophos expert John Shier about his recently published paper, "20 years of cyberthreats that shaped information security". Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk and REvil, who are extorting millions of dollars in blackmail money per attack.
Locked up indoors with nothing to do as the evenings draw closer? If lighthearted chats about cyber security are your thing, followed up by some banging dance tunes, then we have just the event - all in the name of charity, of course. The Cyber House Party launched this summer with the inaugural shindig held on 3 June and the second on 29 October, pulling in a total of 750 attendees and raising £10,000 in donations.
Manchester United is working with infosec pros to "Minimize the ongoing IT disruption" that it says was caused by an assault on its tech systems. "In a statement, the club said:"Manchester United Plc can confirm that the club has experienced a cyber attack on its systems.
AWS Network Firewall: Network protection across all AWS workloads. With AWS Network Firewall, customers can deploy granular network protections across their entire AWS environment, without the need to configure and manage additional security infrastructure.
Cyberup campaign: 80% of infosec pros fear they might fall foul of UK's outdated Computer Misuse Act
A majority of British infosec professionals worry about accidentally breaking the UK's antiquated Computer Misuse Act, according to an industry campaign group that hopes to reform the law. The Cyberup campaign, which includes NCC Group, Orpheus Cyber, Context Information Security, Nettitude, F Secure and others, first wrote to UK Prime Minister Boris Johnson in July 2019 urging him to update the regulations.
The Global Commission on the Stability of Cyberspace, a group that works to develop policy the world can follow to keep the internet stable and secure, late last week delivered a final report that outlines its vision for how the nations of the world should behave online. State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.