CIA Finds It Failed to Secure Its Own Systems

Data Breach Today

Senator Wyden Releases CIA's Own 2017 Report Into Leak of 'Vault 7' Hacking Tools An internal CIA report from 2017 - just released in heavily redacted form - found that the agency's failure to secure its own systems facilitated the massive "Vault 7" data breach that enabled classified information, including details of 35 CIA hacking tools, to be leaked to WikiLeaks

IT 168

$28 Billion for State Security, IT Upgrades Proposed

Data Breach Today

Legislation Based on Cyberspace Solarium Commission's Recommendations A bipartisan group of federal lawmakers has proposed providing $28 billion to state and local governments to bolster their cybersecurity and IT infrastructures

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cloud Security: Mess It Up and It's on You

Data Breach Today

Jay Heiser of Gartner Says the Cloud Demands New Security Processes, Tools The transition to cloud-based software and infrastructure has revolutionized development and services. It's also created a bevy of new security challenges. Jay Heiser of Gartner says if organizations don't get cloud security right, it's their own fault.

IT 151

Universal Health Services' IT Network Crippled

Data Breach Today

Apparent Ransomware Attack Has National Impact A security incident that apparently involved ransomware has crippled the network of Universal Health Services, which owns hundreds of facilities across the U.S.

Lead Your DevSecOps Team the Right Way

Speaker: Shlomo Bielak, CTO, Benchmark Corp

The "baked-in" security DevOps approach has long taken the spotlight in the developer world. However, teams are now discovering this approach results in unfocused developers and a frustrated security team. In the current climate, we cannot afford to let security implementations falter. It's time to manage your team's energies to maximize DevOps efficiency, all the while maintaining top security standards. Join Shlomo Bielak, and learn how to keep your DevSecOps team focused and connected without creating silos

Cloud Pak for Security

Data Breach Today

Cloud Pak for Security Digital transformation is accelerating. Organisations are adopting SAAS solutions at increasing rates to reduce internal IT constraints and budgets. This webinar will take a deep dive into IBM's Cloud Pak for Security where you will learn how to: Gain insights without moving your data; Respond faster to secuirty incidents with automation and investigative capabilities; Run anywhere, connect security openly

Cloud 159

Report: CIA Failed to Secure Its Own Systems

Data Breach Today

Senator Wyden Releases 2017 Report That Blames Lack of Security for Leaks An internal CIA report released Tuesday found that the agency's failure to secure its own systems led to the massive 2017 data breach that enabled classified information, including details on 35 CIA hacking tools, to be leaked to WikiLeaks

Nefilim ransomware gang published Luxottica data on its leak site

Security Affairs

As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com.

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

Sweden is banning Chinese tech giant Huawei and ZTE from building new 5G wireless networks due to national security concerns. Another state, Sweden, announced the ban of Chinese tech companies Huawei and ZTE from building its 5G network infrastructure.

The British government aims at improving its offensive cyber capability

Security Affairs

Britain’s most senior cyber general declared that the UK has implemented an advanced offensive cyberwar capability that could destroy its enemies. Sanders explained that its cyber army was supported by the GCHQ intelligence agency to deliver offensive cyber capabilities.

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

The financially-motivated hacker group FIN11 has started spreading ransomware to monetize its cyber criminal activities. In recent attacks, the group was observed deploying the Clop ransomware into the networks of its victims.

'UltraRank' Gang Sells Card Data It Steals

Data Breach Today

Group-IB Finds Hacking Group Attacked Hundreds of Checkout Sites A cybercriminal gang dubbed "UltraRank" that has planted malicious JavaScript code in hundreds of e-commerce websites around the world over the last five years to steal payment card data also takes the unusual step of selling the data on its own, the security firm Group-IB reports.

IT 184

RIP, 'IT Security'

Dark Reading

Information security is vital, of course. But the concept of "IT security" has never made sense

The G7 expresses its concern over ransomware attacks

Security Affairs

” G7 experts pointed out that these attacks often involve payments in crypto-assets, jeopardizing essential functions along with our collective security and prosperity. The post The G7 expresses its concern over ransomware attacks appeared first on Security Affairs.

IT 87

6 Lessons IT Security Can Learn From DevOps

Dark Reading

The discipline has lessons for IT security -- here are a quick half-dozen DevOps has taken over enterprise software development.

IT 80

Security Doesn't Trust IT - and IT Doesn't Trust Security

Dark Reading

How a rocky relationship between IT operations and cybersecurity teams can compound security risks

Secure 2018 US Elections: It's Too Late

Data Breach Today

But here's how the company can get its act together in time for 2020 Facebook's Ex-CSO Says That Ship Has Sailed; Look to 2020 With less than three months to go until the U.S. midterm elections, Alex Stamos, until recently Facebooks's CSO, says there isn't time to properly safeguard this year's elections.

IT 143

Garmin shut down its services after an alleged ransomware attack

Security Affairs

Smartwatch and wearable device maker Garmin had to shut down some of its connected services and call centers following a ransomware attack. The outage also impacted the company call centers, making it impossible for the company to provide information to its users.

Securing IoT: Is It Feasible?

Data Breach Today

In an interview, Al Pascual of Javelin Strategy & Research, discusses the challenges involved in securing the exploding IoT landscape consumers now own about 870 million IoT devices.

IoT 100

Microsoft open-sourced its Project OneFuzz fuzzing framework for Azure

Security Affairs

Microsoft released the Project OneFuzz, an open-source fuzzing framework for its cloud computing service Azure. Microsoft this week announced the release of the Project OneFuzz which is an open-source fuzzing framework for its cloud computing service Azure.

IT 91

Hacking It as a CISO: Advice for Security Leadership

Dark Reading

A security leader shares tips for adopting a CISO mindset, creating risk management strategies, and "selling infosec" to IT and executives

Risk 85

VMware fixes several flaws in its ESXi, Workstation, Fusion and NSX-T

Security Affairs

VMware patched several flaws in its ESXi, Workstation, Fusion and NSX-T products, including a critical code execution vulnerability. VMware has fixed several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.

IT 91

Addressing Shadow IT Issues During COVID-19 Crisis

Data Breach Today

Security Experts Offer Risk Mitigation Tips With the massive shift to telework as a result of the COVID-19 pandemic, shadow IT is becoming a more critical security issue around the world. Security experts offer tips on mitigating the risks involved

IT 175

Swiss watchmaker Swatch shuts down IT systems in response to a cyberattack

Security Affairs

The Swiss watchmaker giant Swatch Group shut down its systems over the weekend because it was the victim of a cyber attack. Swiss watchmaker Swatch Group shut down its IT systems in response to a cyber attack that hit its infrastructure over the weekend.

Signal Is Finally Bringing Its Secure Messaging to the Masses

WIRED Threat Level

The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream. Security Security / Security News

Autonomous IT: Less Reacting, More Securing

Dark Reading

Keeping data secure requires a range of skills and perfect execution. AI makes that possible

IT 64

Ransomware Takes Down Network of French IT Giant

Threatpost

Malware BazarLoader Universal Health Services cyber attack Cybersecurity digital transformation IT services Point3 Security ransomware ryuk Sopra Steria TrickBotSopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct.

GUEST ESSAY: Skeptical about buying life insurance online? Here’s how to do it — securely

The Last Watchdog

Related: Life insurance types explained From shopping to socializing or paying their bills, people seem to be doing everything online these days, so it was only a matter of time until insurance companies stepped into the digital world. Online tools make it easier for you to compare insurance companies, weigh the pros and the cons of different life insurance policy types and draw your conclusions, so you can choose the policy that works for you. Affirm the website is secure.

Turn on MFA Before Crooks Do It For You

Krebs on Security

But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. As a career chief privacy officer for different organizations, Dennis Dayman has tried to instill in his twin boys the importance of securing their online identities against account takeovers.

IT 210

Security Affairs newsletter Round 284

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 284 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived!

The FBI Botched Its DNC Hack Warning in 2016—but Says It Won’t Next Time

WIRED Threat Level

Facing looming election threats and a ransomware epidemic, the bureau says it has revamped its process for warning hacking victims. Security Security / National Security

The DoD Isn't Fixing Its Security Problems

Schneier on Security

It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them : GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. It was unclear in many cases who had completed which training modules.

Struggling to Secure Remote IT? 3 Lessons from the Office

Dark Reading

The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges

IT 83

France will not ban Huawei from its upcoming 5G networks

Security Affairs

French President Emmanuel Macron announced that France won’t ban the Chinese giant Huawei from its upcoming 5G telecommunication networks. However, Macron said that France will favor European providers of 5G technology due to security concerns.

IT 85

Ill-Defined Career Paths Hamper Growth for IT Security Pros

Dark Reading

Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows

Cloud 79

Security Affairs newsletter Round 286

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 286 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived!

A Dangerous Year in America Enters Its Most Dangerous Month

WIRED Threat Level

Security Security / National SecuritySeven distinct factors between now and the election threaten to combine, compound, and reinforce each other in unpredictable ways.

IT 106

Online Voting Is Coming, but How Secure Will It Be?

Dark Reading

It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all

Cisco addresses 17 high-severity flaws in security appliances

Security Affairs

Security Advisory Bundled Publication for October 2020 – Cisco announced the release of patches for 17 high-severity flaws in its security appliances. “All of these vulnerabilities have a Security Impact Rating (SIR) of High.”

Aadhaar Security: How Can It Be Fixed?

Data Breach Today

Security Critics Discuss the Gaps in the System After news of yet another apparent Aadhaar-related data breach, some security experts are once again calling for the government to substantially beef up security for the identification system