Security News

Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model - for the vendors, anyway. A zero trust security framework essentially boils down to trusting no-one on the network, let alone anyone connecting in from the outside, and assuming there has been a security breach.

Summer holiday season fuels upswing of travel-themed spamPhishers, scammers and malware peddlers are ready to take advantage of the summer holiday season: According to Bitdefender security analysts, the deluge of travel-themed spam has started in March and is expected to reach its peak in June. Attackers aren't slowing down, here's what researchers are seeingIn this Help Net Security interview, John Shier, Senior Security Advisor at Sophos, talks about the main findings of two Sophos reports: the 2022 Active Adversary Report and the State of Ransomware Report, which provide an exceptional overview of the modern threat landscape.

RSA Conference, the world's leading information security conference and exposition, concluded its 29th annual event in San Francisco. More than 36,000 attendees, 704 speakers and 658 exhibitors gathered at the Moscone Center to explore the Human Element in cybersecurity through hundreds of keynote presentations, track sessions, tutorials, seminars and special events.

To that end, CISA has worked with the National Security Council, various federal agencies, industry stakeholders and organizations like the ICS Village to develop a set of core initiatives for 2020. Four, CISA will have a focus on developing detection and incident-response training blueprints.

According to Mary T. Barra, CEO of the automaker, GM has invested $100 million into cybersecurity per year, including the hire of nearly 500 men and women. In 2019, GM reached nearly 300,000 students and teachers across the United States, Barra noted, including with a Society of Automotive Engineers-led interactive cybersecurity challenge and curriculum for middle-school students.

The vulnerabilities were discovered in the iBaby Monitor M6S connected baby camera by researchers with Bitdefender. "We've tried to reach out to iBaby since May 2019 about three major vulnerabilities in their baby monitor but haven't heard back," Alex Jay Balan, chief security researcher at Bitdefender, said during an RSA session.

Why so few machine learning court cases? Experts point to the fact that staple cybersecurity regulations such as the Computer Fruad and Abuse Act and Electronic Communications Privacy Act don't specifically spell out how to handle machine learning attacks. This type of attack can open up machine learning systems to anything from data manipulation, logic corruption or even backdoor attacks.

During the event's annual Cryptographer's Panel, industry leaders broke down their top crypto-concerns, including privacy regulations, election security and blockchain. "Any legislation that requires people to undo past actions is contrary to the technology. In most cases, blockchain is overhyped and there are simpler ways to achieve the same goal. Most of these use cases have been proposed for blockchain are nonsense."

The security industry needs to branch out beyond its historically "Narrow culture" and change how it is perceived by the rest of the world. The narrative around cybersecurity needs to instead emphasize the human players behind cybersecurity, including the IT teams working in companies, the cybercriminals who are launching cyberattacks, the businesses who are working with security teams - and, importantly, the end users who are often the true victims.

Today Friday the Threatpost team is preparing, so we've got Lindsey O'Donnell-Welch, myself and Tom Spring and Tara Seals with Threatpost here to talk about some of the biggest themes that we're going to be looking out for at RSA. Tom and Tara, how's it going? Well, I'm looking through some of the sessions that we're all going to be covering.