Cybersecurity
RSS

Enterprise SIEMs unprepared for 84% of MITRE ATT&CK tactics and techniques

February 10, 2021

Organizations invest more than $3 billion annually on SIEM software and expect this investment to result in comprehensive threat coverage. However, an analysis of live SIEM deployments across select CardinalOps customers in multiple industry verticals, including healthcare and financial services, reveals that the threat coverage remains far below what organizations expect and what SIEM and detection tools can provide. Worse, organizations are often unaware of the gap between the theoretical security they assume they have and the actual security they get in practice, creating a false impression of their security posture.

Fraud schemes amid COVID-19

Fraudsters are taking advantage of the pandemic and increasing the threat landscape for governments and enterprises around the world in a wide-reaching fashion.

Maggie Shein

February 10, 2021

Fraudsters are taking advantage of the pandemic and increasing the threat landscape for governments and enterprises around the world. Where are the threats coming from and can security leaders expect to see an elevated threat landscape into the future?

identity theft, fraud prevention, cybersecurity, data theft

Massive spike in fraud across all industries - 4.3 billion attacks detected since Black Friday

February 10, 2021

Arkose Labs released new data on the latest fraud trends that reveal a massive spike in fraud across all industries from Black Friday onwards. As consumers continue to flock online in droves greater than ever before, credential stuffing, account takeover (ATO) attacks and gift card fraud are poised to be top attack vectors in 2021.

75% of Americans very concerned about online privacy, but most don't take any significant action

February 10, 2021

Internet usage in 2020 rose sharply compared to pre-pandemic levels. More online activity also drove more consumer consciousness around what happens to their online data; nearly three-quarters (72%) of Americans say they are "very concerned" to "extremely concerned" about their online privacy, according to a new Startpage study.

Merging security compliance and DevOps

Ray Kruck

February 10, 2021

A more foundational goal is to make security and compliance part of the development process from the start. This is a transition that requires DevOps to bring along risk, security and compliance teams into the shared responsibility of making the organization resilient to change. But bringing the idea of shared responsibility to fruition can be difficult because there is a natural tension between DevOps and SecOps, as they have different charters and cultures. DevOps can be seen as more of a do culture (Atlassian calls this a “do-ocracy”) and SecOps can be seen as a control culture and they are inherently in conflict. To fulfill the promise of teaming for shared responsibility, DevOps and SecOps should align on three key objectives: collaboration, communication and integration.

Hacker breaks into Florida water treatment facility, changes chemical levels

Maria Henriquez

February 9, 2021

Hackers broke into a water treatment facility in Florida, gained access to an internal ICS platform and changed chemical levels, making the water unsafe to consume.

Researchers discover exposed Comcast database containing 1.5 billion records

February 9, 2021

The WebsitePlanet research team in cooperation with security researcher Jeremiah Fowler discovered a non-password protected database that contained more than 1.5 billion records. The database belonged to American cable and internet giant Comcast, and the publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords.

5 minutes with Sarah Tatsis - Why women are needed in the ongoing fight against cybercriminals

Maria Henriquez

February 9, 2021

A new study by (ISC)², conducted in 2020, revealed that the cybersecurity profession experienced substantial growth in its global ranks, increasing to 3.5 million individuals currently working in the field, an addition of 700,000 professionals or 25% more than last year’s workforce estimate. The research also indicates a corresponding decrease in the global workforce shortage, now down to 3.12 million from the 4.07 million shortage reported last year. Data suggests that employment in the field now needs to grow by approximately 41% in the U.S. and 89% worldwide in order to fill the talent gap, which remains a top concern of professionals. Security experts, like Sarah Tatsis, VP of Advanced Technology Development Labs at BlackBerry, believe women can help solve the cybersecurity workforce shortage. Here, we speak to Tatsis about why women are needed and valued in the ongoing fight against cybercriminals.

Tinder achieves certification for its information security management system

Tinder becomes first dating app to be recognized for comprehensive information security practices in accordance with internationally accepted standards

February 9, 2021

Tinder, the world’s most popular app for meeting new people, has achieved certification for its Information Security Management System (ISMS) under the ISO/IEC 27001:2013 standard following an extensive impartial external audit — becoming the first app in its category to achieve a certification decision for this globally recognized security standard.

CISA announces extension of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force

Extension will allow the Task Force to continue its work as outlined in its recently released Year 2 Report and position itself to support the supply chain risk management imperative in 2021

February 9, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) announced a six-month extension of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force. The Task Force, chaired by CISA and the Information Technology (IT) and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from large and small private sector organizations charged with identifying challenges and devising workable solutions and recommendations for managing risks to the global ICT supply chain.