The Security Executive Council (SEC) has welcomed Tom Bello, Coral Gehring, Matthew Giese, Bill King, and Tom Mahlik to its faculty of esteemed security experts. SEC subject matter experts and emeritus faculty (former CSOs and CISOs) have excelled in their careers and are eager to transfer their knowledge and competencies to other security leaders.
More than 60 experts from industry, government, law enforcement, civil society and international organizations have worked together to develop a comprehensive framework, breaking down siloed approaches and advocated for a unified, aggressive, comprehensive, public-private anti-ransomware campaign.
The 81-page report, "A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force," includes 48 recommendations that together form a comprehensive framework to address ransomware. The report was delivered to the Biden administration this week. Among those, these priority recommendations are the most foundational and urgent, and many of the other recommendations were developed to facilitate or strengthen these core actions.
Experian fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.
Reiknistofa Bankanna (RB), an IT service provider for Icelandic financial institutions, recently overhauled its security infrastructure with an array of physical security technology including cameras, access control, and video analytics through one unified interface.
Click Studios has advised customers to stay vigilant and ensure the validity of any email sent to them, as a bad actor has commenced a phishing attack with a "small number of customers having received emails requesting urgent action."
The National Center for Sports Safety and Security (NCS4) team has announced that the 12th Annual National Sports Safety and Security Conference & Exhibition will be held on Nov. 9-10 at the JW Marriott Desert Ridge Resort & Spa in Phoenix. The 2021 conference theme is Reconnect. Reflect. Inspire.
CYBER.ORG announced the kickoff of a new pilot program created to recruit a diverse body of K-12 students to pursue undergraduate cybersecurity degrees and bolster the U.S. cybersecurity workforce. Through a $250,000 grant provided by the National Security Agency (NSA), CYBER.ORG will develop a K-12 feeder program for Grambling State University (GSU) in Northern Louisiana, a Historically Black College and University (HBCU) and the first university in the state to create a cybersecurity undergraduate degree. The goal is to replicate this model between school districts and HBCU’s across the country.
To help software vendors and customers defend against these attacks, CISA and the National Institute for Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks. This new interagency resource provides an overview of software supply chain risks and recommendations. The publication also provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.