CSO Online News
4 ways security has failed to become a boardroom issue
Fri, 22 Jan 2021 02:00:00 -0800

Somewhere around 2015, the security industry adopted a new mantra, “cybersecurity is a boardroom issue.”  This statement was supported by lots of independent research, business press articles, webinars, local events, and even sessions at RSA and Black Hat crowing about the burgeoning relationship between CISOs, business executives, and corporate boards.

Has anything really changed since then£

To find out, ESG surveyed 365 senior business, cybersecurity, and IT professionals at organizations in North America (US and Canada) and Western Europe (UK, France, and Germany) working at midmarket (i.e., 100 to 999 employees) and enterprise-class (i.e., more than 1,000 employees) organizations.

To read this article in full, please click here

(Insider Story)
CISSP certification guide: Requirements, training, and cost
Thu, 21 Jan 2021 02:00:00 -0800

CISSP definition: What is CISSP£  

Certified Information Systems Security Professional, or CISSP, is a certification for advanced IT professionals who want to demonstrate that they can design, implement, and manage a cybersecurity program at the enterprise level. It's offered by the International Information System Security Certification Consortium, or (ISC)2, a nonprofit organization that focuses on certification and training for cybersecurity professionals. CISSP is (ISC)2's most widely known certification.

With more than 20 years of history behind it, CISSP is a respected certification that can help advance your career. To achieve this certification, you need to demonstrate competence across a range of technical areas and well as management, and you also need to build up relevant industry experience.

To read this article in full, please click here

The state of the dark web: Insights from the underground
Thu, 21 Jan 2021 02:00:00 -0800

Lately, dark web actors have one more worry: getting caught by law enforcement. Tracking dark web illegal activities has been a cat-and-mouse game for authorities, but in the end, they often catch their adversaries and seize the dodgy money. On the night of the 2020 presidential election, for example, US government officials managed to empty out a $1 billion Bitcoin wallet recovering funds linked to Silk Road, seven years after the market’s closure. Silk Road was a popular underground marketplace dealing in illegal goods and services such as narcotics, hacking for hire, and contract killing.

To read this article in full, please click here

How to prepare for an effective phishing attack simulation
Wed, 20 Jan 2021 02:00:00 -0800

Over the last year I’ve noticed that small- to medium-sized organizations have done a better job reacting to vulnerabilities and zero days. As a result, attackers have pivoted to different methods. Rather than attack us through our operating systems, attackers have targeted remote control tools, our consultants, and most importantly our users via phishing attacks.

BrandPost: Episode 2: Empowering employees to be secure and productive
Tue, 19 Jan 2021 14:14:00 -0800

When it comes to protecting your business, security is a team sport. Criminal hackers –increasingly sophisticated and persistent – are playing offense, trying to find weak spots to breach an organization. And everyone in your organization – from management to front-line employees – is part of the defense team.

But those team players can also be the biggest challenge, because to keep things secure, security teams must put up guardrails. These policies and procedures can have the unintended effect of slowing down productivity, and when that happens, employees often find workarounds, because they just want to get their work done. Which, of course, defeats the purpose of putting strict security policies in place.

To read this article in full, please click here

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed
Tue, 19 Jan 2021 04:06:00 -0800

Security researchers have found several serious vulnerabilities in dnsmasq, a utility used in many Linux-based systems, especially routers and other IoT devices, to provide DNS services. Attackers can exploit the flaws to redirect users to rogue websites when trying to access legitimate ones or to execute malicious code on vulnerable devices.

Dnsmasq is a lightweight tool that provides DNS caching, DNS forwarding and DHCP (Dynamic Host Configuration Protocol) services. The utility has been around for around 20 years and is part of the standard set of tools in many Linux distributions, including Android. As a utility that provides network services, dnsmasq is widely used in networking devices such as home business routers but is also present in many other types of embedded and IoT systems including firewalls, VoIP phones and car WiFi systems.

To read this article in full, please click here

New Intel CPU-level threat detection capabilities target ransomware
Tue, 19 Jan 2021 02:00:00 -0800

Security vendors can now leverage new telemetry and machine learning processing capabilities built into Intel's 11th Gen mobile processors to better detect and block sophisticated ransomware programs that attempt to evade traditional detection techniques. The features are built into Intel Core CPUs designed for businesses that include the vPro feature set.

Aside from IT management capabilities, the vPro platform provides various hardware-enhanced security features under the name Hardware Shield. These include things like trusted execution, virtualization, memory encryption, runtime BIOS resilience and threat detection technology (Intel TDT).

To read this article in full, please click here

How to reboot a broken or outdated security strategy
Mon, 18 Jan 2021 02:00:00 -0800

An enterprise security strategy should be like a weather report: subject to frequent updates. Allowing a security plan to fall out of sync with current and emerging threats, as well as evolving enterprise technologies and interests, can open the door to financial and reputational catastrophes.

Many elements contribute to a comprehensive security strategy and just as many factors can break or outdate a once-formidable security blueprint. "People, process, and technology are the key areas," says Greg Carrico, senior cybersecurity manager at business and technology consulting firm Capgemini North America. "Companies that don't maintain a pulse on current events, process automation, review cycles and current technical skillsets may continue to struggle with the protection of their most critical items without even realizing that threat actors have set their proverbial sights on them."

To read this article in full, please click here

(Insider Story)
SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda
Mon, 18 Jan 2021 02:00:00 -0800

The federal government and private sector are still reeling from the SolarWinds supply chain hack, and Congress is on edge as it begins a new term beset by fears of domestic terrorism. It would seem all bets are off in terms of the previous legislative agenda for cybersecurity, at least in the near-term. The relevant committees in the new 117th Congress have yet to weigh in on specific pieces of legislation, but it’s clear that cybersecurity will be a big focus across both the House and Senate.

First, in the wake of the discovery of the SolarWinds breach, the incoming Biden administration committed to making cybersecurity a top priority. Late last week, the Biden team made good on that promise when announcing its Rescue Plan that calls for around $10 billion in cybersecurity spending, including $690 million for CISA to improve security monitoring and incident response at the agency.

To read this article in full, please click here

The biggest data breach fines, penalties and settlements so far
Fri, 15 Jan 2021 02:00:00 -0800

Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. 

This comes after an active 2018. Uber’s poor handling of its 2016 breach cost it close to $150 million. Weakly protected and heavily regulated health data cost medical facilities big that year, too, resulting in the US Department of Health and Human Services collecting increasingly large fines.

Security Recruiter Directory
Fri, 15 Jan 2021 02:00:00 -0800

Looking for a qualified candidate or new job£ CSO's security recruiter directory is your one-stop shop.

The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.

If you're a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Michael Nadeau.

To read this article in full, please click here

5 things to look for in an XDR solution
Thu, 14 Jan 2021 02:00:00 -0800

About 18 months ago, I first wrote about XDR (eXtended Detection and Response) in this post on CSO.  Since then, it seems every security vendor—major security vendors and small companies alike—has jumped on the XDR bandwagon and embraced the concept.

Some vendors have approached XDR from the endpoint in and others from the network out. Either approach is valid as the premise of XDR is that security shifts from a series of point products to a single platform for threat visibility across the enterprise.  Data is collected from the various enforcement points and then analyzed so threats can be detected faster and, more importantly, can be responded to quickly to contain the blast radius.

To read this article in full, please click here

(Insider Story)
17 types of Trojans and how to defend against them
Thu, 14 Jan 2021 02:00:00 -0800
Hashing explained: Why it's your best bet to protect stored passwords
Wed, 13 Jan 2021 02:00:00 -0800

What is hashing£

Hashing is a cryptographic process that can be used to validate the authenticity and integrity of various types of input. It is widely used in authentication systems to avoid storing plaintext passwords in databases, but is also used to validate files, documents and other types of data. Incorrect use of hashing functions can lead to serious data breaches, but not using hashing to secure sensitive data in the first place is even worse.

Top SolarWinds risk assessment resources for Microsoft 365 and Azure
Wed, 13 Jan 2021 02:00:00 -0800

One silver lining that has come out of the SolarWinds (Solorigate) incident is the huge amount of new security blogs and content that Microsoft and other vendors have published. Even if your organization was not directly affected by the attack, you are probably having to answer questions about what you and your team are doing to protect your network from this sort of attack. These resources will prepare you to respond appropriately.

3 security career lessons from 'Back to the Future'
Tue, 12 Jan 2021 02:00:00 -0800

The security industry had a terrible year in 2020—some even think the worst ever. You can point to failures in working from home after COVID-19 struck, various election narratives, the SolarWinds breach, foreign nation-state cyberattacks, new ransomware, the global lack of cybertalent, government leader mistakes or a long list of other items.

My favorite quote that captures this “good riddance” sentiment is from Back to the Future when Doc warns Marty: “Whatever happens, don’t ever go to 2020!”  (Note: Avid Back to the Future fans, you can get the T-shirt here.)       

To read this article in full, please click here

(Insider Story)
US bulk energy providers must now report attempted breaches
Mon, 11 Jan 2021 12:13:00 -0800

One of the most pernicious aspects of the far-reaching and potentially devastating SolarWinds supply chain hack is that it successfully evaded detection for at least ten months by hiding inside seemingly normal software operations. The hack of SolarWinds’ Orion product enabled Russian actors to embed surveillance malware into widely used management software. It pushed the so-called SUNBURST malware deep into public and private networks using the invisibility cloak of ordinary activity, causing no harm or disruption as it silently operated.

The SolarWinds hack is largely considered a turbo-charged nation-state espionage campaign.  Most experts, however, won’t rule out that out the possibility that the Russian intelligence team behind the breach weren’t also paving the way for attacks that could damage operations. One of the biggest concerns about the hack’s impact is how it affected the nation’s power grid.

To read this article in full, please click here

What IT leadership looks like in 2021
Mon, 11 Jan 2021 03:00:00 -0800
As IT leaders meet the challenges of the COVID era, only one thing is assured – more change is coming sooner than you think.
Top 7 security mistakes when migrating to cloud-based apps
Mon, 11 Jan 2021 02:00:00 -0800

With the pandemic, many businesses have moved to more cloud-based applications out of necessity because more of us are working remotely. In a survey by Menlo Security of 200 IT managers, 40% of respondents said they are facing increasing threats from cloud applications and internet of things (IoT) attacks because of this trend.

BrandPost: Episode 1: Balancing act
Fri, 08 Jan 2021 06:53:00 -0800

As widespread work-from-home arrangements for knowledge workers continue, traditional perimeter-based security models are no longer viable. Combine this remote work trend with ongoing and ever-changing threats, along with a growing security stack, and CISOs and their security teams are more challenged than ever to balance enterprise-grade security with end-user productivity.

In this episode of the Strengthen and Streamline Your Security podcast, we look at how an identity-based security framework can help organizations let users work from anywhere while securing them seamlessly. We’ll hear fresh insights from three experts: Joy Chik, Corporate Vice President of Identity with Microsoft; Peter Hesse, Chief Security Officer at 10 Pearls; and Bob Bragdon, senior vice president and managing director of CSO.

To read this article in full, please click here

The 15 biggest data breaches of the 21st century
Fri, 08 Jan 2021 02:00:00 -0800

Not long ago, a breach that compromised the data of a few million people would have been big news. Now, breaches that affect hundreds of millions or even billions of people are far too common. About 3.5 billion people saw their personal data stolen in the top two of 15 biggest breaches of this century alone. The smallest incident on this list involved the data of a mere 134 million people.

CSO compiled this list of the biggest 21st Century breaches using simple criteria: The number of people whose data was compromised. We also made a distinction between incidents where data was stolen for malicious intent and those where an organization inadvertently left data unprotected and exposed. Twitter, for example, left the passwords of its 330 million users unmasked in a log, but there was no evidence of any misuse. So, Twitter did not make this list.

To read this article in full, please click here

4 ways attackers exploit hosted services: What admins need to know
Thu, 07 Jan 2021 02:00:00 -0800

Experienced IT professionals are believed to be well protected from online scammers who profit mostly from gullible home users. However, a huge number of cyber attackers are targeting virtual server administrators and the services they manage. Here are some of the scams and exploits admins need to be aware of.

Targeted phishing emails

While drinking your morning coffee, you open the laptop and launch your email client. Among routine messages, you spot a letter from the hosting provider reminding you to pay for the hosting plan again. It is a holiday season (or another reason) and the message offers a significant discount if you pay now.

To read this article in full, please click here

33 hardware and firmware vulnerabilities: A guide to the threats
Thu, 07 Jan 2021 02:00:00 -0800

In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory. The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors.

Meltdown and Spectre were certainly not the first vulnerabilities to result from a hardware design decision, but their widespread impact sparked the interest of the security research community into such flaws. Since then, many researchers, both from academia and the private sector, have been studying the low-level operation of CPUs and other hardware components and have been uncovering more and more issues.

To read this article in full, please click here

SolarWinds hack is a wakeup call for taking cybersecurity action
Wed, 06 Jan 2021 02:00:00 -0800

Advanced Persistent Threats (APTs) have long been a concern of the cybersecurity community. Well-organized teams with significant resources and targets they are not willing to give up attacking until their mission is accomplished are certainly not a threat to be underestimated. The tactics deployed by such groups involve a combination of attack types, from exploiting zero-day vulnerabilities to social engineering, gaining access, establishing a foothold and deepening access, and then remaining in a target’s systems undetected until realizing their goal.

To read this article in full, please click here

(Insider Story)
How to prepare for and respond to a SolarWinds-type attack
Wed, 06 Jan 2021 02:00:00 -0800

If you use the recently compromised SolarWinds Orion monitoring products, you are already reviewing your infrastructure and possibly blocking network access to the servers in your domain. For those of you who do not use the SolarWinds software, this is an opportunity to review your own processes and determine whether you would have detected the compromised code and backdoors.

Egregor ransomware group explained: And how to defend against it
Tue, 05 Jan 2021 02:00:00 -0800

What is Egregor£

Egregor is one of the most rapidly growing ransomware families. Its name comes from the occult world and is defined as “the collective energy of a group of people, especially when aligned with a common goal,” according to Recorded Future’s Insikt Group. Although descriptions of the malware vary from security firm to security firm, the consensus is that Egregor is a variant of the Sekhmet ransomware family.

It arose in September 2020, at the same time the Maze ransomware gang announced its intention to shut down operations. Affiliates who were part of the Maze group appear, however, to have moved on to Egregor without skipping a beat.

To read this article in full, please click here

Tech Resume Library: 23 downloadable templates for IT pros
Mon, 04 Jan 2021 19:14:00 -0800
A well-crafted resume will attract recruiters, HR pros and hiring managers, but getting it just right is a daunting task. To jump start the process, Insider Pro has assembled this collection of real resumes revamped by professional resume writers. (Watch this space for new templates.)
5 questions CISOs should ask prospective corporate lawyers
Mon, 04 Jan 2021 02:00:00 -0800

Every CISO needs access to skilled legal counsel, a trusted advisor who can address the challenge of protecting enterprise and customer data as well as complying with an ever-growing maze of international industry and government mandates. Finding an  attorney who understands the serious issues CISOs face can be a formidable task. Only a relative handful are knowledgeable in technology, security and privacy issues.

That’s a good reason for CISOs to participate in the hiring of a general counsel (GC). The following five questions will help CISOs cut through the candidate crowd and find the legal counsel who's best equipped to help your organization and its customers and business partners stay safe and secure.

To read this article in full, please click here

(Insider Story)
Differential privacy: Pros and cons of enterprise use cases
Mon, 04 Jan 2021 02:00:00 -0800

In the past, the pursuit of privacy was an absolute, all-or-nothing game. The best way to protect our data was to lock it up with an impregnable algorithm like AES behind rock-solid firewalls guarded with redundant n-factor authentication. 

Lately, some are embracing the opposite approach by letting the data go free but only after it’s been altered or “fuzzed” by adding a carefully curated amount of randomness. These algorithms, which are sometimes called “differential privacy,” depend on adding enough confusion to make it impossible or at least unlikely that a snoop will be able to pluck an individual’s personal records from a noisy sea of data.

To read this article in full, please click here

(Insider Story)
How to block malicious JavaScript files in Windows environments
Wed, 30 Dec 2020 02:00:00 -0800

There have been several recent reports of fake updaters that spoof Google Chrome, Mozilla Firefox, and Internet Explorer landing pages. When the user clicks on the upgrade option, a JavaScript file is downloaded and executes malware. You have several options to block or change the default behavior to better protect workstations.

Feed Fetched by RSS Dog.