Articles Tagged with ''risk management''

Dark web takedowns up in 2021

March 4, 2021

2021 has proven to be busy for law enforcement operations already, taking down numerous high-profile dark web marketplaces and forums including Dark Market (500k users, 2.4k sellers, transactions ~ €140 million), Emotet, Netwalker, and Egregor, with some even producing arrests of site operators. Digital Shadows’ new report, “Cybercriminal law enforcement crackdowns in 2021,” highlights the impact that these takedowns have had to date.

CISA issues emergency directive and alert on Microsoft Exchange vulnerabilities

March 4, 2021

CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities could allow an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network.

Malaysian Airlines is breached

March 3, 2021

Malaysia Airlines has confirmed it has suffered a "data security incident" via a third-party IT service provider. The company also said the breach had not affected its carrier's core IT infrastructure and systems.

DoS vulnerability discovered in Eclipse Jetty

March 3, 2021

Synopsys Cybersecurity Research Center (CyRC) researchers have discovered CVE-2020-27223, a denial of service vulnerability in Eclipse Jetty, a widely used open source web server and servlet container.

Researcher discovers and patches Linux kernel vulnerabilities

March 3, 2021

Positive Technologies security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. These vulnerabilities could be exploited for local privilege escalation, as confirmed by Popov in experiments on Fedora 33 Server. The vulnerabilities, known together as CVE-2021-26708, have received a CVSS v3 base score of 7.0 (high severity).

Leadership & Management

Humor in leadership? Funny you should ask

Sometimes it’s better to disarm than to arm. Put another way, humor can be both a powerful leadership and tactical tool for security.

Michael Gips

March 3, 2021

Humor is tricky business in the security world, however. Briefing staff on warning signs of workplace violence, precursors of terrorist attacks, contingency plans for natural disasters, and methods of corporate espionage doesn’t exactly lend themselves to one-liners. Dealing with most security incidents isn’t a laughing matter.

Leadership and Your Security Career

Secure your mask before others: Preventing security burnout

Steven Antoine

March 3, 2021

Left attempting to optimize security teams while struggling to cope with multiple crises simultaneously, security leaders feel as if almost 75% of the workday is spent battling internal bureaucracy, while 25% is spent dedicated to the issues that require attention. But you’re not alone. To start, have some real conversations with your staff, and don’t forget to focus on yourself and your own well-being.

Securing the cloud in 2021: 3 steps to cloud-based identity

March 2, 2021

Now that we’ve learned this dependency on the cloud will continue to grow, there are new challenges that organizations have to solve in the year ahead – starting with making these cloud infrastructures more secure. To do this, organizations must reroute the security perimeter to focus on identity. While cloud-based identity can be a complicated concept for a number of reasons, there are a few simple steps organizations can take to evolve their identity access management (IAM) strategies. By moving beyond “effective permissions,” they should instead focus on threats and risks, following a cloud IAM lifecycle approach.

CISA releases COVID-19 vaccine physical security guidance

March 2, 2021

CISA created the COVID-19 Vaccine Distribution Physical Security Measures guidance. This guidance provides a non-comprehensive list of physical security resources available to the public to help facility owners and operators enhance their physical security to protect workers and individuals.

Juan Rodriguez named Executive Vice President & Chief Information Security Officer at Comerica Incorporated

March 2, 2021

Comerica Incorporated announced that Juan Rodriguez has been named Executive Vice President, Chief Information Security Officer. Reporting to Executive Vice President and Chief Technology & Operations Services Officer Megan Crespi, Rodriguez oversees Comerica's enterprise-wide information security policy, strategy, architecture, operations and capability enhancements of the bank.

Digital threats to executives and other high-profile employees are evolving faster than most corporate protection programs. Learn why modern executive protection programs require data-driven, intelligence-led strategies to keep pace with the magnitude of today’s threats.

Learn how modern security teams are evolving from alert-driven workflows to outcome-driven operations and how AI is enabling faster, more confident decisions at every stage of the incident response lifecycle.

Articles Tagged with ''risk management''

Dark web takedowns up in 2021

CISA issues emergency directive and alert on Microsoft Exchange vulnerabilities

Malaysian Airlines is breached

DoS vulnerability discovered in Eclipse Jetty

Researcher discovers and patches Linux kernel vulnerabilities

Humor in leadership? Funny you should ask

Secure your mask before others: Preventing security burnout

Securing the cloud in 2021: 3 steps to cloud-based identity

CISA releases COVID-19 vaccine physical security guidance

Juan Rodriguez named Executive Vice President & Chief Information Security Officer at Comerica Incorporated

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.