Cisco Snaps Up Kenna Security for Vulnerability Management – Security news
Cisco Snaps Up Kenna Security for Vulnerability ManagementCisco is set to acquire privately held Kenna Security in a deal designed to expand its SecureX platform with vulnerability management capabilities.Santa Clara-based Kenna Security provides risk-based vulnerability management capabilities alongside vulnerability intelligence to help organizations rapidly identify, prioritize and remediate cyber-risks.Cisco claimed the technology is increasingly important to organizations as work-from-anywh
#RSAC: RSA CEO Details the Challenges of Resilience in a World of ChaosThe 2021 RSA Conference got underway on May 17, with RSA CEO Rohit Ghai explaining what resilience is all about and what that means for cybersecurity.Resilience is the theme for the 2021 RSA Conference, which is being held as a virtual event as the ongoing global pandemic continues to restrict in person gatherings. Ghai opened the conference and his keynote with an acknowledgment that this year’s conference follows a year of
#RSAC: Netflix Exec Explains Where Infosec Pros are Going Wrong Information security professionals need to be more open to adaptation and embrace emerging ideas to enhance overall cyber-resiliency, according to expert speakers during an opening keynote on day 1 of the virtual RSAC Conference 2021.Jimmy Sanders, information security, Netflix DVD, and Angela Weinman, head of global governance, risk and compliance, VMware, set out three “hard truths” about the sector, and how
Deputy US Marshal Allegedly Framed Ex as Cyber-stalker A serving deputy US marshal from California has been accused of conspiring with his ex-wife to frame his former girlfriend as a potentially violent cyber-stalker. Brea resident Ian R. Diaz was indicted by a federal grand jury in the Central District of California on charges of conspiracy to commit cyber-stalking, cyber-stalking, and perjury.The 43-year-old is accused of plotting with his un-indicted former wife while they were
Miss Universe Speaks Out Against Cyber-bullying Delegates of the Miss Universe competition have drawn attention to the negative impact of cyber-bullying in a new video campaign. In the video, the delegates appear one by one to voice their experiences of being cyber-bullied. Insults thrown at the women include comments that they are too fat, too ugly, or too old to be competing for the Miss Universe title. Miss Universe Cambodia was told that she was “too small” to have a shot of w
Two-thirds of CISOs Unprepared for Cyber-attackTwo-thirds of respondents to a global survey of CISOs have said that they do not feel their organization is prepared enough to cope with a targeted cyber-attack. This widespread lack of readiness was unearthed by California enterprise security company Proofpoint during the creation of its first-ever annual “2021 Voice of the CISO Report.” The report examines global third-party survey responses from more than 1,400 CISOs
UK Government May Force MSPs to Follow Security StandardsThe UK government is considering forcing managed service providers (MSPs) to follow updated security standards.The Department for Digital, Culture, Media and Sport (DCMS) is asking for views on these measures and more to boost the cyber-resilience of the UK’s critical supply chains.The DCMS revealed it is considering making it a requirement for MSPs to meet the current Cyber Assessment Framework, which comprises 14 security prin
Cybercrime Forum Bans Ransomware ActivityA popular cybercrime forum claims to have banned all ransomware activity due to ideological differences and concerns over the amount of publicity that high-profile incidents are generating.Russian language forum XSS has contributed to the success of Ransomware as a Service (RaaS) groups like Netfilim, REvil, DarkSide and Babuk, by providing a platform to recruit new affiliates, according to Flashpoint.However, an administrator post late last week claimed
Toshiba Business Reportedly Hit by DarkSide RansomwareA subsidiary of Japanese tech giant Toshiba has admitted suffering a cybersecurity breach reportedly caused by the DarkSide ransomware gang.Toshiba Tec Corporation — which makes printing, scanning and other office equipment — revealed the incident in a statement on Friday.Although the update did not confirm whether any customer data was taken in the incident, Toshiba admitted that “it is possible that some informat
Lemonade Denies “Unforgivably Negligent” Security GaffeInsurtech company Lemonade has refuted claims put forward by a short seller that it has an “unforgivably negligent security flaw” on its website.Muddy Waters Research LLC alleges that a vulnerability exists on Lemonade’s website that could potentially expose customers’ personally identifiable information. The investor claims that it was able to log in to and edit Lemonade customer accounts without having to en
US Sentences Cyber-Stalker Who Sent Sex Workers to Family’s HomeA cyber-stalker from Hawaii who tormented a Utah family by sending more than 500 unwanted service people to their home has been placed under three years of supervision.Loren M. Okamura was arrested in December 2019 on charges of cyber-stalking, making interstate threats, and transporting a person over state lines for the purpose of prostitution. Over a seven-month period that started in August 2018, Okamura sent up to 20
Permanent secretary Matthew Rycroft responds to an article about his government departmentYour characterisation of the Home Office (Cruel, paranoid, failing: inside the Home Office, 13 May) does not match my experience during the year I have led it. I have found a group of people committed to public service, determined to have a positive impact and focused on doing the right thing. Everyone at the Home Office acknowledges the wrongs and injustices of the past. We feel these every day and are det
Rapid7 Source Code Accessed in Cyber-attackSource code and credentials belonging to cybersecurity company Rapid7 were accessed by an unauthorized third party during a supply-chain attack on Codecov.Starting on January 31, hackers gained restricted access to hundreds of networks belonging to Codecov’s customers by tampering with one of the San Francisco–based company’s software development tools.Codecov, whose customers include IBM and Hewlett-Packard, announced on
Ireland’s Healthcare System’s IT Offline Following Ransomware AttackIreland’s healthcare system is being subjected to a ransomware attack, which has led to its taking its IT systems offline and the cancellation of a number of hospital appointments.HSE Ireland, the body responsible for the provision of health and personal social services for everyone living in Ireland, revealed the ongoing incident in a tweet this morning, stating: “There is a significant ransomware attack
Microsoft Alerts Aviation and Travel Firms to RAT CampaignMicrosoft is warning the aerospace and travel sectors of a new targeted attack campaign aimed at stealing sensitive information from affected companies.The tech giant said it had been tracking the “dynamic campaign” for several months via a series of spear-phishing emails designed to deliver an “actively developed loader.”The screenshot posted to Microsoft Security Intelligence Twitter feed was of a phishing email
Quarter of CISOs Self-Medicate as Pandemic Stress SpikesAn increase in work-related stress and a lack of paid leave opportunities during COVID-19 have raised concerns that some IT and security executives may be self-medicating to cope with the extra pressure.Security vendor OneLogin polled 250 tech leaders across the globe to compile its IAMokay Mental Health Survey.It found that over three-quarters (77%) believe the pandemic has increased workplace stress while 86% also reported an increas
Colonial Reportedly Paid $5 Million Ransom Ransomware surged 102% year-on-year at the start of 2021 as it emerged that Colonial Pipeline agreed to pay $5 million to extorters after a crippling attack that began last week.The East Coast fuel pipeline was offline for five days after an attack struck last Thursday. However, contrary to initial reports that it refused to engage with the DarkSide threat group, the company actually paid within hours of the attack, two people familiar with the matter t
Cyber-bullying Spawns Artistic Protest A group of artists in China has used insults hurled at women over the internet as the basis for a humungous new artwork intended to raise awareness of cyber-bullying.The impactful piece was created by swathing an entire hillside with red banners on which 700 misogynistic comments are printed in bold white lettering. On Weibo, the insults took up a dozen pages. In their new physical form, the hateful missives measure 3,000 meters and weigh 100
Cyber-attacks Cost Small US Businesses $25k AnnuallyCyber-attacks are leaving small businesses in the United States with big dents in their annual budgets, according to new research by international insurance company Hiscox.Data analyzed in the creation of the “Hiscox Cyber Readiness Report 2021” revealed that the average financial cost of a cyber-attack to a small business in the US over 12 months is “high at $25,612.”The annual report, which was first published five years a
Consumers Unforgiving of Merchants’ Data Failings New research has revealed that most American consumers who shop online will cease doing business with a merchant that mishandles their data.The finding emerged from the May 2021 Securing eCommerce study, carried out by PYMNTS.com in collaboration with NuData, which surveyed a census-balanced panel of nearly 2,400 American consumers.Shoppers were quizzed about their online buying habits and asked to share how they felt about a vari
Record Number of Breaches Detected Amid #COVID19 A record number of breaches were analyzed in the Verizon 2021 Data Breach Investigations Report, with cybercrime thriving during the COVID-19 pandemic.The study looked at a total of 29,207 security incidents from 83 contributors across the globe, of which 5,258 were confirmed breaches. This represented a substantial rise compared to last year’s report, in which there were 3,950 breaches identified.There was a significant increase across a nu
Biden Executive Order Mandates Zero Trust and Strong EncryptionPresident Biden has issued a long-awaited executive order (EO) designed to improve supply chain security, incident detection and response and overall resilience to threats.Although every President in recent years has issued an order to improve the nation’s cybersecurity, experts believe this one is more detailed and has a better chance of success than previous efforts. It also comes amidst unprecedented attacks on US gover
Colonial Pipeline Attackers Linked to Infamous REvil GroupThe DarkSide ransomware group blamed by the US government for a crippling attack on a major East Coast fuel pipeline has been linked to a notorious variant used in extortion attacks against Apple and Donald Trump.The DarkSide variant first appeared in around August 2020, but after a few months of operating it themselves, its Russian-speaking owners opened it up to affiliates, as most ransomware groups do today.Researchers at Flashpoint cl
Four Years On: Two-thirds of Global Firms Still Exposed to WannaCryOver two-thirds (67%) of organizations are still running an insecure Windows protocol largely responsible for the infamous WannaCry and NotPetya attacks of 2017 and 2018, according to new research.Security vendor ExtraHop used its network detection and response (NDR) capabilities to analyze anonymized metadata from an unspecified number of customer networks, in order to better understand where they may be vulnerable to outdated p
Four Year On: Two-thirds of Global Firms Still Exposed to WannaCryOver two-thirds (67%) of organizations are still running an insecure Windows protocol largely responsible for the infamous WannaCry and NotPetya attacks of 2017 and 2018, according to new research.Security vendor ExtraHop used its network detection and response (NDR) capabilities to analyze anonymized metadata from an unspecified number of customer networks, in order to better understand where they may be vulnerable to outdated pr
Gerald Banyard found guilty of perverting course of justice over attack by Khalid Masood in 2017A police hunt is under way for a man who “looked to exploit an extremely tragic and serious situation” by framing an innocent person for the Westminster terror attack.Gerald Banyard, 67, of Whalley, Lancashire, sent two handwritten notes to police in the days after the Westminster Bridge attack by Khalid Masood in March 2017, claiming that his landlord’s partner had been involved in
Police Doxxed After Ransom DisputeCyber-criminals appear to have leaked online data belonging to the Metropolitan Police Department of the District of Columbia after the law enforcement agency allegedly failed to comply with a ransom demand. In April, ransomware gang Babuk claimed to have stolen more than 250GB of data from the MPD. Data posted by the gang to back up their claim appeared to contain MPD reports, mug shots, internal memos, and personal information belonging to
More Domestic Abuse Cases Involve TechThe number of complex domestic abuse cases in which perpetrators used digital technology to harass, stalk, and control their victims has risen sharply in the United Kingdom.According to the charity Refuge, which is the largest specialist provider of domestic abuse investigation services in England and Wales, the average number of complex tech abuse cases reported from April 2020 to May 2021 rose 97% compared with the three months bef
INTERPOL Launches Digital Piracy Project The International Criminal Police Organization (INTERPOL) is launching a new five-year project to tackle digital piracy following a significant increase in the number of offenses. According to INTERPOL, digital piracy has increased by more than 60 percent in some countries during the 12 months from April 2020 as millions of people have been confined due to the global health pandemic. The new INTERPOL Stop Online Piracy (I-SOP) initiative will co
UK Government Drafts New Legislation to Force Tech Firms to Tackle Online AbuseThe UK government has published draft legislation designed to tackle a number of online harms, ranging from child sexual abuse to fraud.The Online Safety Bill, which formed part of yesterday’s Queen’s Speech during the state opening of Parliament, will place new obligations on social media sites and other services hosting user-generated content or allowing people to talk to others online to remove and limi
