Last week, the Trump administration announced the appointment of a White House cybersecurity coordinator. That's a good first step, security experts say, but the government also needs to have a federal CISO."It's a big leadership vacancy," said Sanjay Beri, CEO and co-founder at cloud security vendor Netskope.The job of a federal CISO is very new -- it was only created last year and filled in September with the appointment of retired brigadier general Gregory Touhill. He was previously the deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security.To read this article in full or to leave a comment, please click here
This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community.According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.He has been pitching the idea of a Cyber National Guard for a while, and has suggested that the government could forgive student loan debt for those who serve. It would also help ensure a cross-pollination of experience between government and industry.To read this article in full or to leave a comment, please click here
This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community.According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.He has been pitching the idea of a Cyber National Guard for a while, and has suggested that the government could forgive student loan debt for those who serve. It would also help ensure a cross-pollination of experience between government and industry.To read this article in full or to leave a comment, please click here
Last month, reports came out that Apple accidentally installed a fake firmware patch on internal development servers. That's a lesson to all companies to be careful about where they get their patches.What may have happened is that an Apple employee installed a patch shared by the hardware vendor's employee, instead of using the official release of the patch, said Chris Nietzold, senior platform engineer at security appliance manufacturer MBX Systems."They procured the firmware from an unofficial source and didn't follow the official release schedule," he said.The firmware included a potential security vulnerability and Apple reportedly ended its relationship with the supplier, Super Micro Computer, as a result.To read this article in full or to leave a comment, please click here
Last month, reports came out that Apple accidentally installed a fake firmware patch on internal development servers. That's a lesson to all companies to be careful about where they get their patches.What may have happened is that an Apple employee installed a patch shared by the hardware vendor's employee, instead of using the official release of the patch, said Chris Nietzold, senior platform engineer at security appliance manufacturer MBX Systems."They procured the firmware from an unofficial source and didn't follow the official release schedule," he said.The firmware included a potential security vulnerability and Apple reportedly ended its relationship with the supplier, Super Micro Computer, as a result.To read this article in full or to leave a comment, please click here
Last month, reports came out that Apple accidentally installed a fake firmware patch on internal development servers. That's a lesson to all companies to be careful about where they get their patches.What may have happened is that an Apple employee installed a patch shared by the hardware vendor's employee, instead of using the official release of the patch, said Chris Nietzold, senior platform engineer at security appliance manufacturer MBX Systems."They procured the firmware from an unofficial source and didn't follow the official release schedule," he said.The firmware included a potential security vulnerability and Apple reportedly ended its relationship with the supplier, Super Micro Computer, as a result.To read this article in full or to leave a comment, please click here
Earlier this week, Danish-speaking users were hit by malware spread through Dropbox, but the company responded quickly to shut down the attack.
According to a research report by AppRiver, the attack hit Denmark, Germany, and several surrounding Scandinavian countries on Wednesday morning.
The attack was unusual in that it narrowly targeted a specific audience, said Troy Gill, security analyst at AppRiver.
"Somehow, they found this language-based list of email addresses," he said. "I'm not sure where they gathered it."To read this article in full or to leave a comment, please click here
Earlier this week, Danish-speaking users were hit by malware spread through Dropbox, but the company responded quickly to shut down the attack.
According to a research report by AppRiver, the attack hit Denmark, Germany, and several surrounding Scandinavian countries on Wednesday morning.
The attack was unusual in that it narrowly targeted a specific audience, said Troy Gill, security analyst at AppRiver.
"Somehow, they found this language-based list of email addresses," he said. "I'm not sure where they gathered it."To read this article in full or to leave a comment, please click here
Kaspersky Labs announced new research this morning that shows some links between the massive Shamoon attack that took down 35,000 computers in Saudi Arabia to a new attack against a target in Europe.The Shamoon attack, which occurred in 2012, was followed by a series of related against against Gulf States earlier this year. The attacks were widely attributed to Iran.The new malware, called StoneDrill, is, like Shamoon, a wiper -- it destroys all the data on a computer.To read this article in full or to leave a comment, please click here
Kaspersky Labs announced new research this morning that shows some links between the massive Shamoon attack that took down 35,000 computers in Saudi Arabia to a new attack against a target in Europe.The Shamoon attack, which occurred in 2012, was followed by a series of related against against Gulf States earlier this year. The attacks were widely attributed to Iran.The new malware, called StoneDrill, is, like Shamoon, a wiper -- it destroys all the data on a computer.To read this article in full or to leave a comment, please click here
Howard Schmidt advised both President Brack Obama and George W. Bush on cybersecurity. He was a CSO at Microsoft and a CISO at eBay. He led several industry groups, and wrote books on cybersecurity.But when security professionals remember him, it is not so much for his technical accomplishments as for the impact he had on the people around him. He is remembered as a mentor, a communicator, and an educator."He does have a very storied path of accomplishment," said Mary Ann Davidson, CSO at Redwood City, Calif.-based Oracle Corp. "From a security standpoint, he had a tremendous impact, the many roles he played, the work in the white house."To read this article in full or to leave a comment, please click here
Howard Schmidt advised both President Brack Obama and George W. Bush on cybersecurity. He was a CSO at Microsoft and a CISO at eBay. He led several industry groups, and wrote books on cybersecurity.But when security professionals remember him, it is not so much for his technical accomplishments as for the impact he had on the people around him. He is remembered as a mentor, a communicator, and an educator."He does have a very storied path of accomplishment," said Mary Ann Davidson, CSO at Redwood City, Calif.-based Oracle Corp. "From a security standpoint, he had a tremendous impact, the many roles he played, the work in the white house."To read this article in full or to leave a comment, please click here
We don't hear much about John Dillinger-style bank robberies these days, with exciting police chases to the state lines. In 2015, there were 4,091 traditional bank robberies in the US, according to the FBI, with an average loss of less than $4,000 per incident. No customers or bank employees were killed in any of these robberies, though eight would-be robbers were killed.The clearance rate for traditional bank robberies is around 60 percent, while the proportion of criminals that escape could be even lower, if they commit more than one robbery -- the FBI currently has fewer than 500 people on its list of wanted and unidentified bank robbers. In most cases, the FBI has a picture of them, and a description, posted on its website.To read this article in full or to leave a comment, please click here
We don't hear much about John Dillinger-style bank robberies these days, with exciting police chases to the state lines. In 2015, there were 4,091 traditional bank robberies in the US, according to the FBI, with an average loss of less than $4,000 per incident. No customers or bank employees were killed in any of these robberies, though eight would-be robbers were killed.The clearance rate for traditional bank robberies is around 60 percent, while the proportion of criminals that escape could be even lower, if they commit more than one robbery -- the FBI currently has fewer than 500 people on its list of wanted and unidentified bank robbers. In most cases, the FBI has a picture of them, and a description, posted on its website.To read this article in full or to leave a comment, please click here
On March 1, new regulations go into effect in New York State, requiring that all regulated financial services institutions have a cybersecurity program in place, appoint a Chief Information Security Officer, and monitor the cybersecurity policies of their business partners.It might seem a little sudden, since the regulations were only finalized a month ago. But it's actually not as bad as it sounds."There's a transitional period," said Brad Keller, senior director of third party strategy at Prevalent. "Everyone has six months to be in compliance."To read this article in full or to leave a comment, please click here
On March 1, new regulations go into effect in New York State, requiring that all regulated financial services institutions have a cybersecurity program in place, appoint a Chief Information Security Officer, and monitor the cybersecurity policies of their business partners.It might seem a little sudden, since the regulations were only finalized a month ago. But it's actually not as bad as it sounds."There's a transitional period," said Brad Keller, senior director of third party strategy at Prevalent. "Everyone has six months to be in compliance."To read this article in full or to leave a comment, please click here
Trend Micro this morning released a report about the exposed cyberassets in the top U.S. cities and most critical industry segments -- and in many cases, it was the smaller municipalities that had the largest number of problems."Larger cities had fewer systems being exposed," said Ed Cabrera, chief cybersecurity officer at Trend Micro.Houston, for example, had 3,900,208 exposed devices, compared with 1,031,325 in New York City, even though New York has nearly four times as many people.But many of the cities with the highest numbers of exposed devices were even smaller. Sometimes, much, much smaller.To read this article in full or to leave a comment, please click here
Trend Micro this morning released a report about the exposed cyberassets in the top U.S. cities and most critical industry segments -- and in many cases, it was the smaller municipalities that had the largest number of problems."Larger cities had fewer systems being exposed," said Ed Cabrera, chief cybersecurity officer at Trend Micro.Houston, for example, had 3,900,208 exposed devices, compared with 1,031,325 in New York City, even though New York has nearly four times as many people.But many of the cities with the highest numbers of exposed devices were even smaller. Sometimes, much, much smaller.To read this article in full or to leave a comment, please click here
The information security industry hasn't made any significant strides in addressing the workforce shortage, according to a report released this morning by ISACA.To read this article in full or to leave a comment, please click here(Insider Story)
Cybercriminals have been producing fewer new kinds of malware last year -- but that's because they're so busy raking in the money from their ransomware attacks.The number of unique malware samples discovered last year was 60 million, down 6.25 percent from last year's 64 million, according to a report released this morning by SonicWall."This is the first time I've seen that the number of unique malware samples actually decreased," said Dmitriy Ayrapetov, director of product management at SonicWall, which produced the report, based on data collections from more than a million sensors.To read this article in full or to leave a comment, please click here
Maria Korolov