Security

0 Comments
Threat modeling is an approach that can potentially be overly complicated, but it doesn’t have to be that way, according to Alyssa Miller, business information security officer (BISO) at S&P Global Rating, in a session at the RSA Conference 2022, Miller also explained an approach for plain language threat modeling that can help accelerate DevSecOps efforts.
0 Comments
Bryan Palmer, CEO of Trellix, delivering his keynote at RSA Conference The cybersecurity industry must capitalize on the exodus of technologists leaving their roles in social media companies seeking soulful work by welcoming and converting them. This was the sentiment of Bryan Palmer, CEO of Trellix, as he delivered his keynote on 07 June 2022
0 Comments
Cyber-threat intelligence firm Checkpoint Research (CPR) spotted a critical vulnerability in the Unisoc Tiger T700 chips that power the Motorola Moto G20, E30 and E40 smartphones. The components, which replaced MediaTek’s chips in the aforementioned devices due to global shortages, have been marked as threat vectors due to a stack overflow vulnerability. More specifically, due to
0 Comments
Global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters, according to new data from Sophos. The security vendor commissioned Vanson Bourne to compile its report, The State of Ransomware in Healthcare 2022, from interviews with 381 IT pros in 31
0 Comments
Connecticut Governor Ned Lamont officially signed into law the Public Act No. 22-15, titled ‘An Act Concerning Personal Data Privacy and Online Monitoring’ on May 10. Commonly referred to as the Connecticut Privacy Act (CTPA), the new legislation provides consumers with enhanced privacy rights, including the right of access, rectification and deletion of data. It also provides the
0 Comments
by Paul Ducklin Software development and colloboration toolkit behemoth Atlassian is warning of a dangerous zero-day in its collaboration software. There’s no alert about the bug visible on the company’s main web page, which features the company’s best-known tools JIRA (an IT ticketing system) and Trello (a discussion board), but you’ll find Confluence Security Advisory
0 Comments
The latest phase of the UK government-backed Digital Security by Design (DSbD) program will see 10 companies experimenting with prototype cybersecurity technology designed to radically strengthen computers’ underlying hardware. The technology, developed by semiconductor and software design company Arm in collaboration with researchers from the University of Cambridge, is known as Capability Hardware Enhanced RISC Instructions (CHERI). This
0 Comments
Europol’s European Cybercrime Centre (EC3) announced the execution of an international law enforcement operation that involved 11 countries and resulted in the takedown of the so-called “FluBot” Spyware. The technical achievement reportedly followed an investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands, and the United States and
0 Comments
Anonymous-affiliated collective Spid3r claims to have attacked Belarus’ government websites in retaliation for the country’s alleged support of Russia’s invasion of Ukraine. The group made the announcement on Twitter, publishing screenshots of various websites connected with the Belarus state being down, including the Ministry of Communications, the Ministry of Justice and the Ministry of Economy. In
0 Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new five-step 5G Security Evaluation Process to help companies improve their security posture before deploying new 5G applications. More specifically, the new guidelines include information about relevant threat frameworks, 5G system security standards, industry security specifications, federal security guidance documents and methodologies to conduct cybersecurity
0 Comments
Pro-consumer website Comparitech has released a new report exploring legislation about child data collection in the world’s top 50 countries by gross domestic product (GDP). The document assessed 23 different aspects of these policies to assess whether specific legislation was in place for children’s online data or not. Aspects examined included requirements for privacy policies,
0 Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws this week. The US federal agency has urged all organizations to remediate these vulnerabilities promptly to “reduce their exposure to cyber-attacks.” Federal Civilian Executive Branch (FCEB) agencies are required by law to remediate all vulnerabilities in the catalog by the specified
0 Comments
The District of Columbia announced that it sued Meta Platforms Inc. CEO Mark Zuckerberg for his role in the data breach that allowed political consulting firm Cambridge Analytica to target Facebook users during the 2016 US presidential election. The “sweeping investigation” found that Zuckerberg had lax oversight of users and created misleading privacy agreements that resulted in