Security News

82% of women in cybersecurity jobs agree the industry has a gender bias problem. A significant gender gap exists in cybersecurity, with women occupying less than a quarter of the roles.

The process of constructing a holistic policy-based identity management solution can be difficult and overly complex, especially in the sensitive hospital environment with myriad identities. An integrated identity ecosystem provides a unified view across both cyber and physical security system; improving the overall hospital experience.

UNITED NATIONS - The United States, United Kingdom and Estonia accused Russia's military intelligence Thursday of conducting cyber attacks against the Georgian government and media websites in an attempt "To sow discord and disrupt the lives of ordinary Georgians." Estonian Ambassador Sven Jurgenson read a statement afterward, flanked by UK Ambassador Karen Pierce and acting U.S. deputy ambassador Cherith Norman Chalet, saying the cyber attacks "Are part of Russia's long-running campaign of hostile and destabilizing activity against Georgia and are part of a wider pattern of malign activity."

The updates were pulled, and we are waiting to see if Microsoft re-releases a more comprehensive fix this patch Tuesday. The advisory specifically stated, "The March 10, 2020 and updates in the foreseeable future will not make changes to LDAP signing or LDAP channel binding policies or their registry equivalent on new or existing domain controllers." These features will be included in the March Patch Tuesday updates, so take advantage and enable them.

US lawmakers proposed legislation Thursday that could see internet companies held legally responsible for content on their platforms if they don't do enough to police child pornography. Senators from both parties, backed by the Department of Justice, said that existing laws immunizing internet hosts like social media companies from liability for user-posted content have allowed child pornography to proliferate.

T-Mobile US was hacked by miscreants who may have stolen some customer information. The hackers gained access to employee email accounts, which contained customer account information.

US officials on Wednesday stepped up warnings about the potential security risks from the fast-growing, Chinese-owned TikTok as a lawmaker unveiled legislation to ban the social media app from government devices. Senator Josh Hawley, who convened the hearing, said he was introducing a bill to ban TikTok from all US government devices, calling it "a major security risk for the American people."

The U.S. Department of Justice's Cybersecurity Unit has released guidelines for organizations that want to gather cyber threat intelligence from dark web forums/markets but, at the same time, want to stay on the right side of the law. The document focuses on "Information security practitioners' cyber threat intelligence-gathering efforts that involve online forums in which computer crimes are discussed and planned and stolen data is bought and sold. It also contemplates situations in which private actors attempt to purchase malware, security vulnerabilities, or their own stolen data-or stolen data belonging to others with the data owners' authorization-in Dark Markets."

It looks like Switchzilla is moving swiftly to clear up the Krook bug discovered by ESET. Just hours after the researchers delivered their findings in a report, Cisco gave its own advisory on the Wi-Fi data snooping flaw. Missing C++ update opens security hole in Ubuntu 16.04.

US lawmakers have passed legislation offering $1 billion to help telecom carriers "Rip and replace" equipment from Chinese tech firms Huawei and ZTE amid national security concerns. To allay concerns over the impact for small telecom carriers, the bill provides funds to subsidize the removal of equipment "That poses a national security risk" for firms with fewer than two million customers, according to the text.