Security News
NIS2 outlines several security measures that will be considered minimal requirements for all member companies. Creating a minimum requirement for security protocols and shifting liability to company decision makers raises the stakes for security leaders and their teams.
There is a misconception that only software and technology companies leverage crowdsourced security. Companies across various sectors are increasingly adopting crowdsourced security, as reported by Bugcrowd.
Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. The October Okta security breach involved more than 130 customers of that IT access management biz, in which snoops swiped data from Okta in hope of drilling further into those organizations.
Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. The FTC's complaint alleges that the company "Failed to monitor attempts by hackers to breach its networks, segment data to prevent hackers from easily accessing its networks and databases, ensure data that is no longer needed is deleted, adequately implement multifactor authentication, and test, review and assess its security controls" and "Allowed employees to use default, weak, or identical passwords for their accounts."
Cyber attacks using AI-generated deepfakes to bypass facial biometrics security will lead a third of organizations to doubt the adequacy of identity verification and authentication tools as standalone protections. Remote account recovery, for example, might rely on an image of the individual's face to unlock security.
The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The SEC's rule require public companies hit by cybercriminals to report the incident within four days.
Security teams need not take a binary approach to the tradeoff of fast scanning vs. vulnerability detection. How significant is the ability to write custom rules in security tools for organizations, and what impact does this have on the effectiveness of vulnerability detection?
Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers. The same social engineering, phishing and application/operating system vulnerabilities which plague desktops and laptops are just as applicable to mobile devices.
The four vulnerabilities reported to Juniper Networks by watchTowr researcher Aliz Hammond, which were later found to be missing individual CVEs, have now each been disclosed separately, per an out-of-cycle security advisory. Despite submitting four vulnerability reports in total, Juniper credited watchTowr with the discovery of just two.
Each New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field – the speed at which malicious actors carry out...