Security News
Atos' share price sank as much as 20 percent this morning on confirmation that Airbus is no longer interested in buying the big data and security parts of the crumbling tech empire. Atos said at the time it had received two letters indicating interest in buying BDS, but only the aerospace corp had offered to snaffle the whole unit.
In their keynote at the firm's Security & Risk Management Summit in Sydney, Australia, today, VP analyst Mixter and director analyst Xiu argued that no amount of effort can prevent infosec incidents, and the quality of organizations' response is a more appropriate measure of an infosec team's effectiveness than expecting they will never fail to fend off the never-ending torrent of attacks. "Adrenalin does not scale," Xiu told the event - a reference to the practice of infosec teams responding to incidents by attacking them without a rehearsed plan.
Varonis introduced Varonis Managed Data Detection and Response, a managed service dedicated to stopping threats at the data level. Security teams can receive alerts if employees are uploading sensitive data, like customer PII, security credentials, and intellectual property.
A cache of stolen document posted to GitHub appears to reveal how a Chinese infosec vendor named I-Soon offers rent-a-hacker services for Beijing. Analysis of the docs by infosec vendor SentinelOne characterizes I-Soon as "a company who competes for low-value hacking contracts from many government agencies."
President Biden has empowered the US Coast Guard to get a tighter grip on cybersecurity at American ports - including authorizing yet another incident reporting rule. Port Captains, USCG officers responsible for laying down the law in US ports, can now declare "Security zones," inside of which they'll have broad authority to prevent "Access of persons, articles, or things, including any data, information, network, program, system, or other digital infrastructure, to vessels, or waterfront facilities."
About a quarter of those probed said their higher education was "Not at all useful" for their working life in cybersecurity; 12 percent said it was "Slightly useful;" and 14 percent described it as "Somewhat useful," adding up to 50 percent for the negatives. On the flip side, 29 percent said their education was "Extremely" useful, and 21 percent said "Very" useful.
Asset Visibility helps customers become more proactive within their security program, helping them uncover assets that need protection, validate that the expected endpoint security controls are in place and working, and identify areas of risk exposure due to gaps in security coverage. Dasera expands data security posture management capabilities to Microsoft 365.
23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps. The letter, which was first reported by TechCrunch, read: "As set forth in 23andMe's October 6, 2023 blog post, 23andMe believes that unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials - that is, users used the same usernames and passwords used on 23andMe.com as on other websites that had been subject to prior security breaches, and users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe. Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures under the CPRA.".
As Cyber Solidarity Act edges closer to full adoption in Europe The US Cybersecurity and Infrastructure Security Agency (CISA) has signed a working arrangement with its EU counterparts to increase...
Aqua Trivy open-source security scanner now finds Kubernetes security risks. Lacework code security helps prevent security issues from getting into the wild by identifying them before code is deployed, and helps prioritize and fix issues faster, wherever they are found in the application lifecycle.