Tag: business

How to turn around a toxic cybersecurity culture

Dec 13, 2024 11:05 AM

by

Andy Stern

in SecurityNews

Tags: access, advisory, attack, authentication, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, governance, group, guide, healthcare, jobs, password, phishing, risk, sans, service, strategy, technology, threat, training, vulnerability, zero-trust

A toxic cybersecurity culture affects team turnover, productivity, and morale. Worse yet, it places enterprise systems and data at risk.In a toxic cybersecurity culture, everybody believes that cybersecurity is somebody else’s job, says Keri Pearlson, executive director for Cybersecurity at MIT Sloan (CAMS), a research consortium focusing on cybersecurity leadership and governance issues. “They don’t…
ISC2 Survey Reveals Critical Gaps in Cybersecurity Leadership Skills

Dec 13, 2024 11:05 AM

by

Andy Stern

in SecurityNews

Tags: business, cybersecurity, skills, training

ISC2 research has found that cybersecurity leaders have limited skills and training in areas like communication, strategic mindset and business acumen First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/isc2-gaps-cybersecurity-leadership/
7 Must-Have Salesforce Security Practices

Dec 13, 2024 5:05 AM

by

Andy Stern

in SecurityNews

Tags: business

Explore the Salesforce security practices that are essential to your business and understand how AppOmni can empower Salesforce customers across industries. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/7-must-have-salesforce-security-practices-2/
Bitdefender adds business applications sensor to GravityZone XDR

Dec 12, 2024 10:05 PM

by

Andy Stern

in SecurityNews

Tags: business, edr

First seen on scworld.com Jump to article: www.scworld.com/brief/bitdefender-adds-business-applications-sensor-to-gravityzone-xdr
A Year in Data Security: Five Things We’ve Learned From 2024

Dec 12, 2024 10:05 PM

by

Andy Stern

in SecurityNews

Tags: business, cybersecurity, data
Security researchers find deep flaws in CVSS vulnerability scoring system

Dec 12, 2024 9:05 PM

by

Andy Stern

in SecurityNews

Tags: access, apt, breach, business, citrix, control, cve, cvss, cybersecurity, ddos, exploit, finance, flaw, framework, Hardware, metric, privacy, risk, service, software, threat, vulnerability

The industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday.The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts from…
Cohesity CEO On Closing The Veritas Acquisition, Competing With Veeam, Rubrik, And More

Dec 12, 2024 8:05 PM

by

Andy Stern

in SecurityNews

Tags: business, ceo, veeam

Cohesity plans to take advantage of the new Veritas business it just purchased to out-innovate and out-grow what Poonen calls its “honorable competitors.” First seen on crn.com Jump to article: www.crn.com/news/storage/2024/cohesity-ceo-on-closing-the-veritas-acquisition-competing-with-veeam-rubrik-more
PEC “invoice scam” Stealing time, money, and trust from businesses

Dec 12, 2024 7:05 PM

by

Andy Stern

in SecurityNews

Tags: business, credentials, email, malicious, risk

PEC stands for “Posta Elettronica Certificata” – a type of legally binding “certified email” used in Italy. It’s also a hub of abuse targeting business owners. In this article, we share a real-life case of criminals stealing PEC credentials to send malicious emails, causing significant loss of time and money, and explore the risks of…
A Critical Guide to PCI Compliance

Dec 12, 2024 6:05 PM

by

Andy Stern

in SecurityNews

Tags: access, best-practice, breach, business, cloud, compliance, container, control, credit-card, data, data-breach, detection, encryption, finance, gartner, governance, guide, Hardware, ibm, monitoring, network, PCI, ransomware, risk, service, software, strategy, threat, tool, unauthorized

A Critical Guide to PCI Compliance madhav Thu, 12/12/2024 – 13:28 You are shopping online, adding items to your cart, and you’re ready to pay with your credit card. You expect that when you hit “Checkout,” your payment details will be safe. This sense of trust exists thanks largely to PCI DSS”, the Payment Card…
How Much Will Cybercrime Cost Your E-Commerce Business This Season?

Dec 12, 2024 6:05 PM

by

Andy Stern

in SecurityNews

Tags: business, cybercrime, malicious

The 2024 holiday season has seen explosive growth in e-commerce, with transaction volumes more than doubling from 5.1 billion in 2023 to 10.4 billion this year. While this highlights the strength of online shopping, it also points to a parallel increase in malicious activity. Reports indicate that 34.62% of transactions in 2024 were flagged as……
Notorious Nigerian cybercriminal tied to BEC scams extradited to U.S.

Dec 12, 2024 5:05 PM

by

Andy Stern

in SecurityNews

Tags: business, cybercrime, email, fraud, scam

Abiola Kayode, a 37-year-old Nigerian national, has been extradited from Ghana to the United States to face charges of conspiracy to commit wire fraud. Kayode, who was on the FBI’s Most Wanted cybercriminal list, is charged with participating in a business email compromise (BEC) scheme and romance fraud from January 2015 to September 2016, defrauding…
A security ‘hole’ in Krispy Kreme Doughnuts helped hackers take a bite

Dec 12, 2024 1:05 PM

by

Andy Stern

in SecurityNews

Tags: authentication, business, cybersecurity, finance, group, hacker, infection, insurance, law, service, threat, tool, unauthorized

Global Doughnut and coffee chain owner Krispy Kreme, famous for its “original glazed doughnuts,” has a “portion of their IT systems” disrupted by a cyberattack.In an SEC filing on Wednesday, the global doughnut business said it suffered a cybersecurity incident that has hampered part of its online business in the US.”Krispy Kreme shops globally are…
The 7 most in-demand cybersecurity skills today

Dec 12, 2024 12:05 PM

by

Andy Stern

in SecurityNews

Tags: access, ai, api, application-security, attack, backup, best-practice, breach, business, cloud, compliance, computing, control, cyber, cyberattack, cybersecurity, data, defense, encryption, exploit, framework, gartner, GDPR, google, governance, grc, group, hacker, Hardware, healthcare, incident response, infrastructure, injection, intelligence, jobs, LLM, malicious, mitigation, ml, network, penetration-testing, phishing, privacy, ransomware, risk, risk-analysis, risk-assessment, risk-management, saas, service, skills, social-engineering, software, spear-phishing, strategy, technology, threat, tool, training, update, vulnerability, zero-trust

Cybersecurity teams find themselves understaffed, overburdened, and rushing to keep up with a rapidly changing threat landscape, as cyberattackers continually devise new ways to attack organizations, and organizations accelerate their embrace of the latest technologies.As a result, security professionals must continually upskill themselves to ensure they keep pace with organizations’ latest skill demands. Unfortunately, deciding…
We must adjust expectations for the CISO role

Dec 12, 2024 11:05 AM

by

Andy Stern

in SecurityNews

Tags: business, ciso, cybersecurity

Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO) role, once a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/12/ciso-role-expectations/
Operation Digital Eye: Chinese APT Exploits Visual Studio Code Tunnels in High-Stakes Espionage Campaign

Dec 12, 2024 5:05 AM

by

Andy Stern

in SecurityNews

Tags: apt, business, china, cyber, cyberespionage, espionage, exploit, group, service, threat

In a sophisticated cyberespionage campaign dubbed Operation Digital Eye, SentinelOne and Tinexta Cyber uncovered activities linked to a Chinese Advanced Persistent Threat (APT) group targeting large business-to-business IT service providers... First seen on securityonline.info Jump to article: securityonline.info/operation-digital-eye-chinese-apt-exploits-visual-studio-code-tunnels-in-high-stakes-espionage-campaign/
Cardiac surgery device manufacturer falls prey to ransomware

Dec 11, 2024 9:06 PM

by

Andy Stern

in SecurityNews

Tags: attack, breach, business, cyber, cyberattack, cybercrime, data, group, hacker, healthcare, ransom, ransomware, service, supply-chain

The healthcare industry has been increasingly in the crosshairs of cyberattackers this year, with ransomware near the top of the sector’s biggest cyber threats. Hackers are attacking IT systems and personal data, among other things, with the aim of manipulation or theft. But it’s not just hospitals that are affected by cyberattacks; their suppliers are under attack as well.…
Comcast Business To Acquire Nitel For Network-as-a-Service, Security Push

Dec 11, 2024 9:06 PM

by

Andy Stern

in SecurityNews

Tags: business, network, service

Comcast Business announced its planned acquisition of network-as-a-service vendor Nitel for undisclosed terms. First seen on crn.com Jump to article: www.crn.com/news/security/2024/comcast-business-to-acquire-nitel-for-network-as-a-service-security-push
Unfinished business for Trump: Ending the Cyber Command and NSA ‘dual hat’

Dec 11, 2024 9:06 PM

by

Andy Stern

in SecurityNews

Tags: business, cyber

U.S. Cyber Command and the National Security Agency are jointly led by a single four-star officer. Donald Trump made moves to end that arrangement in 2020, and sources say the idea is circulating again as the president-elect transitions into a new administration.]]> First seen on therecord.media Jump to article: therecord.media/cyber-command-nsa-dual-hat-trump
GRC is a business enabler and now you can prove it

Dec 11, 2024 9:06 PM

by

Andy Stern

in SecurityNews

Tags: business, grc

First seen on scworld.com Jump to article: www.scworld.com/native/grc-is-a-business-enabler-and-now-you-can-prove-it
Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down

Dec 10, 2024 10:08 PM

by

Andy Stern

in SecurityNews

Tags: business, group, phishing, scam

SpartanWarrioz, whose prolific phishing kit business took a hit when the group’s Telegram channel was shut down in November, is rebounding quickly, creating a new channel and courting former subscribers as it rebuilds its operations, Forta researchers say. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/scam-kit-maker-rebuilding-business-after-telegram-channel-shut-down/
Cohesity completes its merger with Veritas; here’s how they’ll integrate

Dec 10, 2024 4:07 PM

by

Andy Stern

in SecurityNews

Tags: business, data, startup

Data protection startup Cohesity completed its merger with Veritas’ enterprise data protection business, creating one entity with 12,000 customers that is valued at $7 billion. The deal was originally announced in February 2024. Cohesity valued Carlyle-owned Veritas’ data protection business at $3 billion at the time, according to CRN reporting. Cohesity declined to comment on…
RedLine Malware Weaponizing Pirated Corporate Softwares To Steal Logins

Dec 10, 2024 4:07 PM

by

Andy Stern

in SecurityNews

Tags: business, corporate, cyber, login, malicious, malware, software, tool, update

Attackers are distributing a malicious .NET-based HPDxLIB activator disguised as a new version, which is signed with a self-signed certificate, and targets entrepreneurs automating business processes and aims to compromise their systems. They are distributing malicious activators on forums targeting business owners and accountants, deceptively promoting them as legitimate license bypass tools with update functionality…
Visual Studio Tunnels Abused For Stealthy Remote Access

Dec 10, 2024 4:07 PM

by

Andy Stern

in SecurityNews

Tags: access, attack, business, china, cyber, service, threat

In an attack campaign dubbed >>Operation Digital Eye,
AWS customers face massive breach amid alleged ShinyHunters regroup

Dec 10, 2024 3:08 PM

by

Andy Stern

in SecurityNews

Tags: access, ai, attack, breach, business, cloud, credentials, crypto, cyber, cybersecurity, data, data-breach, email, endpoint, exploit, fraud, group, hacker, hacking, iam, identity, infrastructure, Internet, law, open-source, phishing, service, threat, tool, unauthorized, vulnerability

Terabytes of data belonging to thousands of AWS customers, including customer details, AWS credentials, and proprietary source code, were compromised in a large-scale cyber operation linked to the now-defunct ShinyHunters hacking group.Independent cybersecurity researchers, Noam Rotem and Ran Locar, found the operation exploiting vulnerabilities and misconfigurations in a number of public sites to gain unauthorized…
Webinar Today: Inside a Hacker’s Playbook How Cybercriminals Use Deepfakes

Dec 10, 2024 3:08 PM

by

Andy Stern

in SecurityNews

Tags: business, cybercrime, deep-fake, email, exploit, hacker, social-engineering, tactics, technology

Join the live, eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake technology and Business Email Compromise (BEC). The post Webinar Today: Inside a Hacker’s Playbook How Cybercriminals Use Deepfakes appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/webinar-today-inside-a-hackers-playbook-how-cybercriminals-use-deepfakes/
Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage

Dec 10, 2024 1:09 PM

by

Andy Stern

in SecurityNews

Tags: attack, business, china, cyber, cybersecurity, espionage, group, hacker, service

A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye.The intrusions took place from late June to mid-July 2024, cybersecurity companies SentinelOne SentinelLabs and Tinexta Cyber said in a joint report shared with The Hacker…
Top tips for CISOs running red teams

Dec 10, 2024 8:10 AM

by

Andy Stern

in SecurityNews

Tags: access, attack, business, ciso, control, credentials, data, detection, edr, exploit, finance, flaw, group, guide, identity, infrastructure, jobs, mfa, network, penetration-testing, phishing, PurpleTeam, RedTeam, risk, soc, threat, training, windows

Red team is the de facto standard in offensive security testing when you want to know how all security investments, from technological controls to user training to response procedures, work together when subjected to a targeted attack. Unlike penetration testing, which aims to comprehensively assess a system, or purple team, which assesses detection and response…
U.S. Subsidiary of a Japanese water Treatment Company Hit By Ransomware Attack

Dec 10, 2024 8:10 AM

by

Andy Stern

in SecurityNews

Tags: attack, business, cyber, data-breach, ransomware, usa

Kurita America Inc. (KAI), the North American subsidiary of Tokyo-based Kurita Water Industries Ltd., has confirmed it was the victim of a ransomware attack that compromised multiple servers and potentially leaked sensitive data. The attack was detected on Friday, November 29, 2024, and has raised concerns worldwide among customers and business partners. Incident Overview KAI’s security…
How Secrets Security Boosts Business Value

Dec 10, 2024 6:07 AM

by

Andy Stern

in SecurityNews

Tags: business, cybersecurity

Are You Maximizing Your Organization’s Cybersecurity? Cybersecurity is not only a means of information protection but also a valuable strategic asset that can drive business growth and stability. Central to achieving such a valuable level of security is managing Non-Human Identities (NHIs) and their corresponding secrets”, a technique known as Secrets Security Management. So, how…
Bug bounty programs: Why companies need them now more than ever

Dec 9, 2024 11:07 PM

by

Andy Stern

in SecurityNews

Tags: attack, best-practice, bug-bounty, business, crypto, cyber, cybercrime, cybersecurity, defense, exploit, finance, guide, hacker, hacking, jobs, malicious, ransom, strategy, threat, tool, update, vulnerability, zero-day

In the fast-evolving landscape of cybersecurity, the need for proactive measures has become more pressing than ever.When I first entered the cybersecurity field, the primary threats were largely opportunistic hackers exploiting known vulnerabilities and multi-million-dollar ransoms were unheard of. Today, the stakes are significantly higher. According to Cybersecurity Ventures, cybercrime is expected to cost the…