Security News
Bloomington School District 87 in Illinois has published its cyber-insurance renewal details, and the cost has jumped from $6,661 in 2021 to $22,229 this year. Suburban School Cooperative Insurance Program is an insurance pool allowing school districts to join together to negotiate better insurance rates and lower management fees.
The sixth annual report from Aryaka found that IT teams are planning to invest more in 2022 but expect more transparency and control. IT leaders are managing distributed teams and juggling more complex networks than ever, according to Aryaka's Global State of the WAN 2022 report.
Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could. Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched.
The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly. Chairwoman Jessica Rosenworcel drafted a document outlining the new proposal to strengthen the FCC's powers for disclosing data breaches and leaks to customers and federal agencies of "Customer proprietary network information." The updated rules, published this week, would keep the FCC in line with other federal and state data breach laws, she said.
Microsoft's first Patch Tuesday of 2022 has, for some folk, broken Hyper-V and sent domain controllers into boot loops. As well as the broken Hyper-V, popular tech blog Born City noted problems with boot loops on domain controllers, with other versions of Windows Server affected.
A Russian national working for a cybersecurity company has been extradited to the U.S. where he is being charged for hacking into computer networks of two U.S.-based filing agents used by multiple companies to file quarterly and annual earnings through the Securities and Exchange Commissions system. The defendants used compromised employee credentials to access the networks of the targeted filing agent and view or download data related to earnings of multiple companies, including SEC filings and press releases.
Given that the speed with which organizations typically manage vulnerabilities is typically measured in days or months, "That fact that attackers could find and compromise our honeypots in minutes was shocking," Unit 42 principal cloud security researcher Jay Chen wrote in the post. The study clearly shows how quickly these common misconfigurations can lead to data breaches or attackers' taking down an entire network-given that "Most of these internet-facing services are connected to some other cloud workloads," Chen wrote.
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.
Does your pentesting program bring enough value? Find out in this exclusive in-depth report comparing Pentest as a Service vs. traditional consulting engagements and check out our ROI calculator to learn how PtaaS can double your pentesting impact. Pentests, whether done with traditional consulting firms or up-and-coming PtaaS providers, have become a critical component across all security programs.