

Featured

The All-Too-Dumb World of Smart Cities Technology
Smart cities tech runs the gamut from policing tools and transit sensors to educational software and more. But the tech routinely hoovers up sensitive data on city residents, including their movements and audio, video, and biometric data—even before cities know what to do with the data, and even though they may never know what to with it.

Smart Public Safety: The Evolution of Community Oriented Policing to a Data Driven Police Force
Smart public safety includes the partnerships built by Community-Oriented Policing and requires them to go a step further by incorporating the Enterprise of Things.

The Dual-Use Dilemma: Insights from the Arms Fair
Interception and intrusion cyber capabilities sold by private companies are increasingly being marketed to intelligence and government agencies. New efforts attempt to stop them from winding up in the hands of U.S. and NATO adversaries.

Infographic: The Payout Problem
Ransomware thrives as organizations remain vulnerable and continue to pay criminals.

Meet the Latest Players in Industrial Control System Cyber Intrusions
New threat actors emerge on the scene to target industrial control systems and operational technology networks around the world, often with little insight into their activities until an incident occurs.

Targeting All Lonely Hearts
Romance scams are easier than ever through social media and online dating, and the schemes can be very profitable for fraudsters.

Ransomware Continues to Rise as Nations Struggle to Address Payouts
Ransomware continues to thrive as organizations increasingly rely on remote workforces. Security practitioners are struggling to keep abreast of the threat as criminals change their tactics to ensure ransoms are paid.

On the Road to Connectivity
Connected vehicles are quickly taking over the roadway, bringing enhanced safety features and cyber vulnerabilities along with them.

How Automation is Making Security More Attainable for SMBs
In the security compliance space, automation can also be a means to level the playing field when it comes to accessing the best cybersecurity for businesses of all sizes.

Five Tools to Drive Cyber Success
Understanding how policies, procedures, and tools impact your security posture is critical. A new report helps shed light on what’s working, what’s not, and how security leaders can adopt best practices with C-suite engagement.

New CISA Directive Reiterates Need for Cyber Modernization
U.S. agencies will lean on their private sector mission partners to continue to assess and resolve risks as they arise—and the government contracting community must take similar steps.

The Bull and Millionaire Mike: A Look at Darknet and Securities Fraud
Criminals have long leveraged information and communications technology to commit crimes. They are now using these tactics to engage in insider trading on the Dark Web.

Cloud in the Crosshairs
Organizations are increasingly embracing opportunities to leverage the cloud, which can create security risks if vulnerabilities are left unaddressed.

Risk Adrift
The vessels the world relies on to ship cargo from one side of the planet to the other are becoming increasingly connected, creating business opportunities and cyber risks for operational technology.

The Risk of Underwriting: How Ransomware is Changing the Cyber Insurance Market
With ransomware attacks on the rise and data breaches increasingly commonplace, more organizations are looking into purchasing cyber insurance. But current prices for cyber policies may not accurately reflect risk.

Cyber 101 for Physical Security Practitioners
When it comes to cybersecurity, there are many terms and concepts that are beneficial for physical security professionals and IT professionals alike to understand. Here are a few to help you get started.

USB Cyber Threats Are on the Rise. Here’s What You Can Do to Stop Them
Thirty-seven percent of cyber threats in 2020 were specifically designed to utilize removable media—almost doubling from 19 percent in 2019.

The Next Big Target for Cyberattack: Agriculture and the Supply Chain
Cyberattacks on the food supply chain like JBS, cause prices to soar, demand to increase, and supply to wane. And our food supply will continue to be a target.

An Increasingly Connected ICS: Highlights from Dragos’ 2020 Year In Review
Organizations shifted in how they conducted business to include an increasingly connected industrial environment. This trend has existed for many years, even while many organizations still believed they had highly segmented or even air-gapped ICS networks.

U.S. Government Plays Cyber Catch-Up
Following a series of high-profile cyber incidents, a watchdog highlighted the increasing threat breaches, intrusions, and attacks pose to the U.S. government.

Remote Learning Heightens Ransomware Threats
Following a year of remote learning, educational institutions are prime targets for criminals looking for ransomware victims.

A Cyber Seat at the Table
Nearly half of board members surveyed identified cybersecurity as a top source of risk moving forward. CISOs should expect more scrutiny, support, and resources as a result of the board’s attention.

Spies in the Supply Chain
A massive intrusion into U.S. government and private sector networks shows how nation-state actors are developing supply chain attacks for cyber space.

The Rise of Cyber Due Diligence in Deal-Making
Following a major drop in deal making in March 2020, executives expressed increasing interest in deal-making and deep dives into targets cybersecurity posture.

Stalkerware Fuels Technology-Enabled Abuse
With the proliferation of connected homes, virtual assistants, and smartphones, abusers have more tools than ever to track and control victims. When the workplace enters the home, however, this puts employees and employers at increased risk.

CCPA Deep Dive: How California is Enforcing its Major Privacy Law
California’s attorney general began enforcing the first U.S. state-level comprehensive privacy law in summer 2020, creating opportunities and challenges for organizations subject to compliance.

Australia Makes a Record Investment in Cybersecurity
After a series of nation-state cyberattacks, the Australian government pledged to make the largest investment ever to improve its cyber defense and security posture.

Connectivity Complicates Vehicle Cybersecurity
Vehicles and the trucking infrastructure that is vital to transporting goods across North America are becoming increasingly connected. But the requirements for cybersecurity remain lacking.

How to Protect an Election
The challenges to secure the 2020 U.S. Presidential Election and its system infrastructure are vast. But so are the new tools in place to help monitor and protect the 2020 election.

Empowering Employees to be the First Line of Defense
Keren Elazari shares how security professionals can learn from hackers to help empower their employees to promote organizational security.

Masterful Manipulation: Deepfakes and Social Engineering
The increasing ease and availability of media manipulation and deepfake production is opening up new avenues of attack for fraudsters, market manipulators, and malicious actors.

Mastercard Takes a Unified Approach to Security
With a converged security team, Mastercard is taking a unified approach to addressing risks and educating its workforce to reduce threats.

New Standards Seek to Illuminate Power Grid Cyber Risks
Critical infrastructure owners are increasingly creating remote connections to their operational equipment—potentially introducing unforeseen vulnerabilities.

The Problem with Patrolling
New research finds that while organizations have made strides to improve data management, they still lack investment in breach detection.

Flight Risks
End users are increasingly adopting unmanned aerial systems for security and operational needs. But they could be introducing cybersecurity risks in flight.

An Unfair Advantage: Confronting Organized Intellectual Property Theft
The United States is taking a multi-prong approach to preventing intellectual property theft. But it needs international partners to succeed.

How to Help Prevent Employee Burnout
Cybersecurity is a stressful business. Here’s what managers can do to help reduce stress in the workplace and promote a healthy work–life balance.

How Cyber Criminals Use Coronavirus Scams to Target Victims
Threat actors tend to be one-step ahead of corporate security. Scams that prey on fear and concern related to the coronavirus show how they’re taking advantage of the pandemic.

U.S. Intel Community: We Want You
The U.S. intelligence community released a strategy that incorporates a whole-of-society approach to counterintelligence.

Automation Poised to Change IT Staffing Models
Automation has received mixed reviews in IT security departments—while some say it reduces staff time spent on repetitive tasks, it makes jobs more complex.

Enhancing In-Flight Cybersecurity
A recent survey finds that the aviation sector has more work to do to increase the cybersecurity of flights.

Seeking SMS Authentication Alternatives
An FBI alert suggests moving away from SMS authenticators to a more secure method of multifactor authentication.

Conducting a GDPR Compliant Investigation
The European Union’s privacy regulation poses new challenges for investigators looking to carry out their work.

Is Security Converging?
New research by the ASIS Foundation indicates that full convergence of physical security, cybersecurity, and business continuity is not commonplace.

Stakeholders Assess Aftereffects of AI
Researchers, technologists, and executives look at how artificial intelligence can have a positive impact on society.

What Poker Taught One Expert About Cybersecurity
Tarah Wheeler shares her thoughts on convergence and responding to security incidents at GSX 2019.

Data Privacy, Information Management, and Security: Adjusting to a New Normal
Stakeholders can work hand in hand to protect against insider and external threats and reduce the risk of data loss while simultaneously improving data protection and streamlining processes.

Equifax Settles Data Breach Charges
Equifax will pay $575 million and implement security reforms to settle charges stemming from its 2017 data breach.

Securing Marijuana Dispensaries
Cannabis growers and retailers are prime targets for malicious cyber actors.

How to Use the Attacker Mentality for Good
Through focus, patience, and non-linear thinking, malicious actors create new paths into organizations. Defenders can use attackers’ tactics against them.

Cities Are the New Ransomware Target
Municipalities are increasingly becoming targets for ransomware attacks.

Threat Actors Increasingly Target the C-Suite
Executives are being targeted through a variety of cyberattacks. Stressful work environments are helping them succeed.

Companies Look to Retain Cyber Talent
The cybersecurity workforce gap increased to more than 2.9 million globally in 2018, surpassing earlier estimates of unfilled positions.

Investigators Team Up to Battle Cross-Border Financial Crime
Transnational criminal organizations are using improved connectivity and technology to discover new pathways to profit and stymie investigators.

Cryptojacking Outpaces Ransomware Attacks
Cryptojackers use the resources of their hosts’ computers and Internet of Things (IoT) devices to mine for cryptocurrency while evading detection.

Digital Threats to High Value Targets Pose Physical Security Risks
The threat of compromising someone’s digital security to create a physical threat to an individual or an organization is on the rise.

French Regulator Issues First Major GDPR Violation Fine
A French regulator issued the first major fine for violations of the EU’s General Data Protection Regulation. Other organizations are taking note.

When The Money’s Gone
The longest U.S. government shutdown in history could have major ramifications for the nation’s cybersecurity.

How to Bridge the Gap
Once siloed, cyber and physical security teams are now working together to address corporate risk.

A Warm-Up Election
Following the U.S. midterm elections, officials move their focus to the 2020 presidential election.

The Cost of a Connection
LinkedIn can be a valuable networking and recruitment tool. It can also be used to target employees to obtain corporate secrets.

The Privacy Problem
Private companies come together to demand that authorities create privacy regulations to protect users’ data and technology.
News
Verizon 2022 DBIR Reveals Rise in Ransomware Attacks and Organized Crime Activity
While it’s no surprise that ransomware attacks increased between 2021 and the first quarter of 2022, the amount that it rose and the threat actors behind the trend disclosed in an annual report from Verizon were a bit startling.
Chicago Public Schools’ Vendor Data Breach Compromises Data for 550,000 People
The school district said the breach was caused and exacerbated by a vendor's failure to follow the information security terms of its contract—specifically failing to encrypt data and purge old records.
Good Faith Required: U.S. Justice Department Changes Policy for Cybersecurity Researchers
The U.S. Department of Justice (DOJ) changed its policy toward security researchers acting in good faith to test, investigate, or correct security vulnerabilities, revising its previously broad approach of prosecuting these actions as crimes under the Computer Fraud and Abuse Act.
Today in Security: Held Hostage: FBI Raises Alarm on Ransomware Attacks Against Food & Agriculture Sector
The food and agriculture sector is facing a higher threat of ransomware attacks during critical planting and harvesting seasons, according to a notice issued by the FBI earlier this week.
Today in Security: No Longer a PIPEDREAM: Seventh ICS-Focused Malware Discovered
Researchers discovered a new malware that is designed to target Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA), bringing the total number of publicly known malwares to do this up to seven.
Today in Security: Germany Seizes Hydra Market Servers and $25 Million in Bitcoin
In 2021, Hydra accounted for around 80 percent of all darknet market-related cryptocurrency transactions. The platform’s “Bitcoin Bank Mixer” service obfuscated digital transactions and made cryptocurrency investigations difficult for law enforcement agencies.
Today in Security: Recent Incidents and Exercises Highlight the Importance of Increasing Electric Grid Resilience, Information Sharing
These incidents, coupled with disruptions in electric service in Ukraine due to Russia’s invasion, highlight the fragility of the electric grid and the importance of pre-planning to respond quickly to mitigate further damage from physical attacks and cyber incidents.
Today in Security: Okta Admits Breach Impacted 366 Clients
As the investigation into a January breach continues, authentication company Okta announced that about 2.5 percent of its customers were impacted by the breach.
Today in Security: U.S. Intelligence Finds Evidence of Increased Russian Probes of Cyber Vulnerabilities
U.S. President Joe Biden issued a statement Monday warning of Russian cyberattacks and asking U.S. companies in the critical infrastructure space to redouble their efforts to protect their systems from attacks.
Today in Security: Cyberattack Disrupts Ukraine’s Internet, But Destructive Attacks Remain Yet to Be Seen
Ukraine’s Internet service was disrupted this week after a cyberattack targeted telecoms provider Triolan. The firm—which provides service for the northeastern Kharkiv region—confirmed the incident and said it was working to restore service.
Today in Security: U.S. President Biden Preparing to Announce Cryptocurrency Approach
Executive order is expected to address wide-ranging U.S. governmental approach to cryptocurrency reflecting the many complex aspects of the issue, all with a backdrop of how cryptocurrency could be used to evade sanctions on Russia.
Today in Security: Symantec Discovers Advanced Cyber Espionage Tool Linked to China
The U.S. Cybersecurity and Infrastructure Security Agency issued an alert about a China-linked, stealthy new cyber threat called Daxin, which is optimized for hardened targets that are not connected directly to the Internet.
Today in Security: The Second Front in Ukraine: Cyberattacks, Disinformation, and Defenses
More than half a million people have fled their homes to escape the war in Ukraine as major cities remain under attack. But there are two fronts in this war: the physical fighting and the digital domain, where cybersecurity professionals battle disinformation, psychological warfare, and cyberattacks.
Today in Security: Beijing 2022 Winter Olympics Open, Amidst Boycotts and Cyber and Privacy Concerns
The Beijing 2022 Winter Olympics are officially underway in China following a more subdued opening ceremony on Friday as the nation continues to pursue a zero-COVID policy.
Today in Security: Using Blockchain for Supply Chain Visibility in the Food Sector
The U.S. FDA is drafting regulations that may push companies in the food and beverage sector to adopt blockchain technology to validate every step in the food supply chain.
Today in Security: Cyberattack Harvests Sensitive Data on People Helped by the Red Cross
A cyberattack exposed personal and confidential data from more than 515,000 people who were helped by Red Cross and Red Crescent organizations.
Today in Security: Ukraine and Russia Arrest Ransomware Actors as Talks Stall, and More Security News from Around the Globe
While talks stalled between Western and Russian officials about the country’s increasingly aggressive posture and troop buildup on the border of Ukraine, activity in the cyber sphere was speeding ahead.
Today in Security: Meta Takes Action Against Surveillance-For-Hire Firms, Notifies 50,000 Potential Targets
Meta notified 50,000 people in more than 100 countries that surveillance-for-hire firms were targeting their accounts for intelligence, manipulation, or compromise, the parent company of Facebook announced Thursday.
Today in Security: Software Vendors Scramble to Address Log4j Vulnerability
Because so many enterprise and open-source software products use Log4j—including cloud platforms, Web applications, and email services—a newly discovered vulnerability puts many critical online functions at risk.
Today in Security: U.S. Military Sees Ransomware as National Security Threat
For the first time, the U.S. military acknowledged publicly that it has taken action against ransomware groups.
Today in Security: TSA Announces New Cyber Requirements for Rail Operators, and More
It’s been a busy week, especially in the cybersecurity arena. Here’s a rundown of some of the top news from around the world.
Today in Security: CISA Launches ChemLock Program to Share Security Expertise
CISA launches the voluntary ChemLock program to provide resources, tools, and onsite services to chemical facilities that pose a risk but are not subject to regulation.
Today in Security: The Good Guys Score Wins Against Ransomware Criminals
The United States unsealed court documents on Monday and announced the apprehension of the suspected mastermind behind the most potent REvil ransomware attacks.
Today in Security: China’s New Data Privacy Law Goes Into Effect
China's new data privacy law went into effect this week, and it is already sending shockwaves through the global economy as international firms reassess how they will continue to do business in the country.
Today in Security: Ransomware Actors Use Financial Events to Select Targets
Ransomware actors are likely using significant financial events like mergers or acquisitions to target and leverage victim companies—threatening to disclose nonpublic financial information that could trigger investor backlash if victims do not pay up promptly, the FBI warns.
Today in Security: New Techniques Pave Way for Dark Web Marketplaces to Flourish
White House Market was the largest dark market for drugs, stolen data, and other illicit activity. While it closed down, its methods live on and make catching its successors that much harder.
Today in Security: Officials Arrest 12 Alleged Ransomware Actors Suspected of Attacking Critical Infrastructure
Officials arrested 12 individuals in Ukraine and Switzerland on 26 October for their alleged role in carrying out ransomware attacks against critical infrastructure, Europol announced on Friday.
Today in Security: Another Day, Another Report of Cyber Attacks and Resulting Fallout
Three high-profile cyber attacks in the past few days indicate the ongoing war between hackers with malicious intent and cybersecurity postures of companies, organizations, and nations continues without abatement.
Today in Security: U.S. Joint Advisory Warns Water Sector of Ongoing Cyber Threats
Threat actors are consistently attempting to infiltrate U.S. water and wastewater sector (WWS) facilities, according to a joint advisory issued Thursday.
Today in Security: U.S. Creates Cryptocurrency Enforcement Team to Crack Down on Ransomware Payments
The U.S. Department of Justice is launching an initiative to address the use of cryptocurrency to facilitate criminal activity, including ransomware.
Today in Security: U.S. Agencies Need Documentation, Continuous Improvement for Remote Work Cybersecurity
After a review of 12 agencies, the GAO found that while all of them invested in the technology needed to support remote work, four had not fully documented their plans to mitigate weaknesses found in IT security controls.
Today in Security: Profile of a Ransomware Target
Research examines the Dark Web advertisements of ransomware perpetuators to build a profile of the ideal target: a U.S.-based company with at least $100 million in revenue not operating in taboo sectors.
Today in Security: WhatsApp Hit With Second-Largest GDPR Fine
The Irish Data Protection Commission (DPC) issued a new record high fine against WhatsApp for breaching privacy regulations under the European Union’s GDPR rules.
Today in Security: China Approves GDPR-Style Privacy Law
The new Personal Information Protection Law in China imposes major restrictions on the collection and use of personal data by companies, however, the government is not subject to the same restrictions.
Today in Security: BlackBerry Finally Announces BadAlloc Vulnerability in QNX Devices
Blackberry became aware of a vulnerability that impacted multiple components of its software in April 2021, but waited until this week to disclose it after facing increased pressure.
Today in Security: Federal Agencies Lagging Behind on Cybersecurity, Senate Committee Finds
The report, Federal Cybersecurity: America’s Data Still At Risk, found that only one out of the eight U.S. federal agencies audited for their cybersecurity programs showed improvements in 2020.
Today in Security: From Ransomware Payments to Fake Apps Catching Crooks to, Yes, Nuns: The Week in Security News
This roundup of news from the week covers the recent ransomware payments and recoveries, right-wing extremism in police units, environmental activism, apps that cause suspicion and apps that catch criminals, pandemic updates, workplace shooting motivations, currency wars, and a nun who embezzled and gambled it away.
Today in Security: U.S. Supreme Court Narrows Focus of Computer Fraud Law
In a diverse six to three decision, the U.S. Supreme Court rejected the U.S. Department of Justice’s (DOJ’s) interpretation of a major computer fraud law in a victory for security researchers.
Today in Security: Hacking Group Behind SolarWinds Conducts Massive Phishing Campaign, Microsoft Says
Hackers gained access to an email marketing service account used by a U.S. State Department agency to carry out a string of attacks on other agencies, think tanks, consultants, and non-governmental organizations (NGO), Microsoft announced Thursday evening.
Today in Security: FBI Logs 1 Million Internet Crime Complaints in 14 Months
While it took nearly seven years for the FBI's Internet Crime Complaint Center tally to reach 1 million, the latest million took just 14 months—from mid-March 2020 to mid-May 2021.
Today in Security: Biden Signs Cybersecurity Executive Order, Creating Road Map for Federal Improvements
U.S. President Joe Biden signed a long-awaited cybersecurity executive order on Wednesday evening, which instructs the federal government to take a host of actions to improve the nation’s security and resiliency.
Today in Security: U.S. Pipeline Cyberattack Underscores Infrastructure Vulnerability
Colonial Pipeline, responsible for a major portion of the East Coast's fuel supply, shut down its pipelines over the weekend due to a ransomware attack.
Today in Security: Taskforce Issues Recommendations to Combat Rise of Ransomware
A task force recommended a series of actions to mitigate the threat of ransomware, including requiring cryptocurrencies to adopt anti-money laundering regulatory requirements.
Today in Security: Police Departments Hit by Ransomware
Data from the Washington, D.C., police department ransomware attack has leaked online, adding the Metropolitan Police to the ever-growing list of organizations compromised by hijacked data.
Today in Security: U.S. Issues New Sanctions for Russia
In response to the country’s alleged misconduct linked to the SolarWinds hack and attempts to generate confusion in the United States’ election process, the Biden administration levied new sanctions on Russia.
Today in Security: Headaches from 2019 Facebook Data Breach Continue
The personal information—including phone numbers—of Facebook users exploited in a vulnerability originally uncovered and fixed in 2019 is now freely available.
Today in Security: Breach of 150,000 Surveillance Cameras Sparks Credential Concerns
Up to 150,000 security cameras installed in schools, hospitals, factories, and businesses were compromised, giving outsiders access to video from Tesla factories, prisons, psychiatric hospitals, and more.
Today in Security: Microsoft Urges Customers to Patch to Mitigate Effect of Latest 0-Day Exploits
While security professionals are continuing to address the fallout from the SolarWinds breach, Microsoft announced this week that it had detected several 0-day exploits being used to attack versions of Microsoft Exchange Server.
Today in Security: Council Urges American Investment in AI for Security, Competition, and Regulation
The world is at a turning point when it comes to artificial intelligence (AI), and the United States is at risk of falling behind, according to a new report from the National Security Commission on Artificial Intelligence (NSCAI).
Today in Security: CISA Announces Global Strategy To Address Critical Infrastructure Threats
CISA released its first international strategy on Thursday in a commitment to work with international partners to address risks and threats to critical infrastructure.
Today in Security: Cyber Attack on Florida Water Supply Thwarted
The attack on an Oldsmar, Florida, water utility was unsuccessful; however, it chillingly spotlights a potential vulnerability to critical infrastructure in the United States.
Today in Security: Global Law Enforcement Effort Takes Down EMOTET
Global law enforcement agencies came together to take down one of the most significant botnets in the world: EMOTET, responsible for distributing the EMOTET malware.
Today in Security: CISA Warns of Cloud Service Attacks
The U.S. Cybersecurity and Infrastructure Security Agency issued an alert this week, warning security practitioners of recent cyberattacks against organizations’ cloud services that exploited poor hygiene practices and phishing tactics.
Today in Security: U.S. Laws Address Deepfakes
The recently enacted defense authorization bill and other federal and state laws call for research and begin to codify restrictions on deepfake technology; European countries have not addressed the issue directly.
Today in Security: Cyber Thieves Scam $1 Million From Philadelphia Food Charity
Philadelphia area hunger relief organization Philabundance was the target of a cyberattack that cost the charity group almost $1 million.
Today in Security: Baltimore County Schools Crippled by Ransomware Attack
Approximately 115,000 students have been affected by the ransomware-triggered shutdown, and there is no clear timeline for schools to reopen.
Today in Security: IoT Cybersecurity Bill Passes U.S. Congress
If enacted, the IoT Cybersecurity Improvement Act would help consolidate security requirements and considerations for Internet of Things (IoT) devices, including secure development, identity management, patching, and configuration management.
Today in Security: U.S. Top Cybersecurity Official Fired
U.S. President Donald Trump announced on Twitter Tuesday that he decided to fire Chris Krebs, the director of CISA, which has led the way for federal cybersecurity initiatives, public–private sector information sharing and partnerships, and election security.
Today in Security: Facebook Bans New Political Ads
Facebook banned new political ads for the week leading up to the 3 November 2020 U.S. elections.
Today in Security: Deepfake Bot Creates Pornographic Images of Thousands of Women
An artificial intelligence enabled bot created deepfake nude images of more than 100,000 women, some of whom seem to be underage, according to a new report from intelligence firm Sensity.
Today in Security: U.S. Charges Russian Hackers for Most Destructive Cyberattack in History
Six Russian intelligence hackers were charged with the NotPetya attack, as well as several other cyber crimes involving the 2017 French election and the 2018 Olympics.
Today in Security: Facebook Bans QAnon Groups and Pages
The ban marks a sharp escalation in Facebook’s battle to curb the movement and its conspiracy theories—which have been identified as a potential domestic terror threat by the FBI.
Today in Security: Agencies Kick Off Cybersecurity Awareness Month
The year 2020 may permanently shift the way individuals use the Internet. Cybersecurity Awareness Month aims to help people—and security practitioners—take control of their cybersecurity to enhance their overall security posture.
Today in Security: Portland Bans Private Use of Facial Recognition Technology
City council members in Portland, Oregon, voted unanimously to enact the strictest ban on facial recognition technology in the United States.
Today in Security: Ransomware Attack Derails School Opening
One of the largest public school systems in Connecticut was forced to delay its first day of classes after a ransomware attack affected 200 of the city’s 300 servers.
Today in Security: OMB Instructs U.S. Agencies To Implement VDPs
The U.S. Office of Management and Budget (OMB) released a memo that instructs U.S. federal agencies to create and publish coordinated vulnerability disclosure program (VDP) policies.
Today in Security: Twitter and Facebook Move Against Disinformation Tactics
Facebook and Twitter reported that the FBI warned them that Russia is again targeting Americans with disinformation, attempting to influence the 2020 U.S. presidential election.
Today in Security: Former Uber CSO Charged with Covering Up Data Breach
U.S. prosecutors charged the former chief security officer of Uber for his alleged role in an attempted cover up of a data breach of the company in 2016.
Today in Security: Trump Restricts WeChat and TikTok, Escalating Tensions with China
U.S. President Donald Trump issued executive orders late Thursday night that bar transactions by U.S. persons or that involve property subject to U.S. jurisdiction with the parent companies of WeChat and TikTok.
Today in Security: EU Issues First Sanctions for Cyberattacks
The European Union issued its first sanctions for cyberattacks on Thursday against Chinese, North Korean, and Russian groups linked to recent major hacking incidents.
Today in Security: EU-U.S. Data Sharing Agreements in Question
The Court of Justice of the European Union struck down a major data sharing agreement between the United States and the European Union, but confusion remains about what measures corporations can use to share data across the Atlantic.
Today in Security: Following Hacking Indictment, U.S. Orders Chinese Consulate Closed
The United States has ordered China to close its Houston, Texas, diplomatic consulate within 72 hours—a move made in response to alleged violations of American sovereignty and “massive illegal spying and influence operations” from China, including intellectual property theft.
Today in Security: Twitter Breach Targets High Profile Accounts
Several accounts of high profile Americans were taken over on 15 July, directing followers of billionaires and politicians to send cryptocurrency to a Bitcoin wallet.
Today in Security: Companies Adopting Artificial Intelligence Are Concerned About the Risks
A new study from Deloitte gives overview of the state of AI adoption and highlights risk and ethical concerns companies face.
Today in Security: Law Enforcement Cracks Communications System, Cracks Down on Crime
A joint task force of European investigators cracked the EncroChat encrypted messaging platform, unlocking a gold mine of leads on criminal activities and plots.
Today in Security: COVID-19 Scams Keep Evolving
The race to exploit COVID-19 fears for profit continues as fraudsters are rapidly evolving their methods—now posing as COVID-19 contact tracers to steal personal information.
Today in Security: Symantec Alerts 31 Customers to Cyberattacks
Symantec sent a notice to its customers Thursday night, alerting them to a series of attacks against U.S. companies by threat actors attempting to deploy WastedLocker ransomware on their networks.
Today in Security: Report Finds Americans Unconcerned about Rising COVID-19 Cyber Risks
Despite a 400 percent rise in COVID-19-related cyberattacks, Americans remain largely unconcerned about cyber crime, according to a new report.
Today in Security: Report Says CIA Was More Focused on Cyber Offense Than Protecting Its Assets
New reporting finds CIA did not take appropriate insider threat precautions, which enabled the massive data leak to Wikileaks in 2017.
Today in Security: IBM Discontinues Facial Recognition Business to Advance Racial Equality
IBM announced it will discontinue its general-purpose facial recognition business and opposes the use of the technology to conduct mass surveillance and racial profiling.
Today in Security: COVID-19 Conspiracy Theories Meet Election Interference
Recent social media activity has experts concerned about the potential for disinformation to color the outcome of upcoming elections, including the 2020 presidential election in the United States.
Today in Security: Security Concerns Raised About Possible Online Voting
The COVID-19 pandemic has spurred more discussion about the possibility of online voting, but some security experts and officials are voicing security concerns about the risks.
Today in Security: World Password Day
The first Thursday of May is designated World Password Day, arguably more important than before as several organizations in various countries have workers operating remotely in response to the COVID-19 pandemic.
Today in Security: Teleworking Security Tips from DOD
The U.S. Department of Defense CIO released a list of a list of best practices for cybersecurity and protecting an information network while teleworking.
Today in Security: Cyber Criminals Use Wide Array of Pandemic-Inspired Methods
From phishing to malware to ransomware, COVID-19-related attacks seek to take advantage of vulnerabilities.
Today in Security: Spotlight on U.S. Government Use of AI
Researchers note the limited use of artificial intelligence in the U.S. government, as well as opportunities for enhancement.
Today in Security: United States, Britain Link Russian GRU Unit to Sandworm
The United States linked a Russian military unit to the hacking group known as Sandworm which is said to be responsible for some of the most significant cyberattacks around the globe over the past 10 years.
Today in Security: DOJ Charges Huawei With Trade Secret Theft
The U.S. Department of Justice charged Huawei and its subsidiaries with racketeering conspiracy and conspiracy to steal trade secrets in an indictment released late Thursday afternoon.
Today in Security: U.S. Charges Chinese Army for 2017 Equifax Breach
The breach compromised sensitive personal information on more than 145 million Americans.
Today in Security: Voter Data for 6.5 Million Israelis Leaked
A security lapse by an app maker led to the exposure of data from all 6.5 million eligible voters in Israel, including full names, addresses, genders, phone numbers, and identity card numbers.
Today in Security: Watchdog Finds CISA Election Strategy Incomplete
A vital U.S. government agency tasked with aiding state and local election officials to secure election systems “has not yet completed” plans to secure the 2020 U.S. presidential election less than 10 months away, a watchdog report found.
Today in Security: FBI Director Says Russia Involved in 'Information Warfare'
FBI Director Chris Wray tells Congress that Russia is conducting "information warfare" leading into the 2020 U.S. presidential election.
Today in Security: Convergence Drivers: Conditions Point to Increased Physical and Cybersecurity Integration
The State of Convergence report shows slow adoption of a converged security function, but business conditions may speed up the timetable.
Today in Security: Spotlight on Data Privacy
On Data Privacy Day, here are a collection of resources for security professionals.
Today in Security: U.S. Government Skeptical of Chinese-Made Drones
Department of Interior, military, other agencies cite security concerns with Chinese-made drones.
Today in Security: Unhackable Voting Machines Found to Be Vulnerable to Hacking
A study from the University of Michigan found that voting machines advertised as a secure alternative are still hackable.
Today in Security: Top Risk Forecast for 2020
The internationalization of far-right threats and tension between the Persian Gulf countries rank as the top two security risks for companies in 2020, according to a new risk forecast.
Today in Security: OPM Improves Cybersecurity After Mega Breach But Challenges Remain
The U.S. Office of Personnel Management (OPM) has made strides in increasing its cybersecurity, but more work remains to be done almost five years after the agency suffered one of the largest government data breaches in history.
Today in Security: How Converged Are Corporate Security Functions?
ASIS Foundation study researches the degree to which physical security, cybersecurity, and business continuity have converged into a single department.
Today in Security: Democrats Unveil Their Preferred Online Privacy Law
Despite writing and releasing the text of a bill, bipartisan work on a federal online privacy law is expected to continue well into 2020.
Today in Security: Russia Spreading Ukraine-Based Hacking Theory
U.S. intelligence officials confirmed that Russia has been spreading a disinformation campaign about Ukrainian efforts to interfere in the 2016 U.S. presidential election.
Today in Security: U.S. Intellectual Property at Risk
U.S. federal officials say that foreign governments are trying to steal ideas, proprietary information, and research from American universities.
Today in Security: Feds Warn About Election Hacking
A group of U.S. federal agencies released a joint statement Tuesday pledging to work with states and localities to protect the 2020 election.
Today in Security: AI Commission Charts Pathway Forward for U.S.
U.S. superiority in artificial intelligence is endangered, according to a new report from the National Security Commission on Artificial Intelligence.
Today in Security: Storming SCIF Causes Security Breach on Capitol Hill
U.S. Representatives Matt Gaetz and Steve Scalise led a group of lawmakers into a closed hearing on Capitol Hill on Wednesday in a major breach of protocol and security.
Today in Security: Cyber Awareness Focuses On Individual Action
As part of National Cybersecurity Awareness month, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and the National Cyber Security Alliance (NCSA)—launched the “Own IT. Secure IT. Protect IT.” campaign.
Today in Security: Most Data Breaches Come from Insiders
A new study says employees are to blame for as many as half of all data breaches.
Today in Security: Officials Ask Facebook to Halt End-to-End Encryption Efforts
Australian, British, and U.S. officials asked Facebook not to fully encrypt its messaging services to provide greater access to data for law enforcement.