The Cybersecurity and Infrastructure Security Agency (CISA) is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this threat actor has the resources, patience, and expertise to resist eviction from compromised networks and continue to hold affected organizations at risk, says CISA.
Though the pressures on cybersecurity professionals and leaders aren’t likely to go away anytime soon, there are ways to curb the pressure and find a healthier, safer, and more effective work–life balance. Here are five tips to help your team avoid burnout.
Shifting to a remote environment may have benefitted businesses, but not without introducing new cybersecurity risks. A data-backed strategy can help security leaders manage those risks.
Meet Ali Golshan, CTO and co-founder at StackRox, a Mountain View, Calif.-based leader in security for containers and Kubernetes. Prior to StackRox, he was the Founder & CTO of Cyphort (acquired by Juniper Networks) and led the company's product strategy and research initiatives. Previously, he worked as a security researcher and engineer at Microsoft and PwC. His career started in government, conducting security and vulnerability research for the intelligence community. Here, we talk to Golshan about the benefits of DevOps.
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) published the Resilient Positioning, Navigation, and Timing (PNT) Conformance Framework today. PNT services, such as the Global Positioning System (GPS), is a national critical function that enables many applications within the critical infrastructure sectors. This framework will inform the design and adoption of resilient PNT systems and help critical infrastructure become more resilient to PNT disruptions, such as GPS jamming and spoofing.
Sift released its Q4 2020 Digital Trust & Safety Index: Holiday Fraud and the Shifting State of E-commerce, which revealed that fraudsters are executing larger and more targeted attacks this holiday season. Derived from Sift’s global network of over 34,000 sites and apps, the Index found the average attempted fraudulent purchase value rose to over $700 from October through November 2020, a 70% year-over-year increase during the same period in 2019.
Despite many companies' best efforts to combat cybercrime, it persists and is increasingly costly. Here’s a look at some of the latest technologies that may be able to turn the tide against malicious hackers because they can still deliver performance and function at the necessary scale.
As we have done in previous years, the Security magazine team compiled our favorite articles from this year. As we head into 2021, we hope you take a moment to review some of 2020’s top articles about lessons learned, thought leadership, security challenges and good practices.
The rise of high-profile data breaches and the implementation of data privacy laws have raised awareness that businesses and institutions rely on consumer information. While there is no single, comprehensive U.S. federal data privacy law, there are enough industry-specific compliance regulations in force in addition to HIPAA, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Children's Online Privacy Protection Act, and a growing number of state privacy laws, that every organization needs to step up and recognize how subject rights requests fit into its data protection and cybersecurity policies.
The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime.
RSS
