NGA Picks Four States for Academy on Cybersecurity Policy – Security news

NGA Picks Four States for Academy on Cybersecurity PolicyFour states have been chosen by the National Governors Association (NGA) for its 2021 Policy Academy to Advance Whole-of-State Cybersecurity. Kansas, Missouri, Montana, and Washington have all been selected by the NGA Center for Best Practices to work directly with the NGA on cybersecurity governance, workforce development, and government partnership policies. “Representatives of the four states will convene in-state wo

Phished Healthcare Provider Takes Legal Action Against Amazon An American healthcare provider whose data was allegedly exfiltrated to an Amazon storage account by a cyber-attacker has taken legal action against Amazon. As many as 85,688 patient and employee records were compromised last week when a threat actor seemingly based in Ukraine struck SalusCare, the largest provider of behavioral healthcare services in Southwest Florida.The attacker is believed to have gained access

FBI Issues Mamba AlertThe Federal Bureau of Investigation has issued a flash alert to Americans highlighting the dangers of Mamba ransomware.According to the Bureau, Mamba has been deployed against local governments, public transportation agencies, legal services, technology services, and industrial, commercial, manufacturing, and construction businesses.The ransomware works by weaponizing an open source full-disk encryption software called DiskCryptor. By encrypting an

UK Security Chief: CEOs Must Get Closer to Their CISOsCompany leaders should be as close to their chief information security officers (CISOs) as their general counsel or finance directors, the head of the National Cyber Security Centre (NCSC) will argue today.In her first public speaking engagement, NCSC CEO Lindy Cameron, will tell a virtual audience at Queen’s College Belfast this morning that security must be given more attention in the boardroom.“Cybersecurity is still not t

Burned Out Employees Put Corporate Security at RiskThe pressures of remote working and caregiving during the pandemic have taken a significant psychological toll on UK employees, leading to risky behavior online which could expose their employer to cyber-threats, according to Forcepoint.The security vendor polled 1000 UK adults to better understand how life under lockdown is affecting the corporate cybersecurity posture.Over half (52%) of respondents reported increased personal pressure over the

Patch Facebook for WordPress to Fix Site Takeover BugsFacebook has fixed two critical vulnerabilities in its popular WordPress plugin which could have been exploited to enable full site takeover, according to Wordfence.The security company revealed yesterday that it disclosed the bugs to the social network on December 22 last year and January 27 2021. Patches for each were released on January 6 and February 7 2021, respectively.The vulnerabilities affected the plugin formerly known as Offic

Kroll Acquires Redscan to Expand Cyber-Risk OfferingServices and digital product provider Kroll has announced the acquisition of award-winning UK cybersecurity firm Redscan.The deal will see Kroll, which specializes in governance, risk and transparency, extend its Kroll Responder capabilities through the addition of Redscan and its extended detection and response (XDR) enabled security operations center (SOC) platform.Redscan will join Kroll under the leadership of Andrew Beckett, managing

Activist Denies Facebook FraudA political activist from Ohio has denied impersonating a leader of the political group Black Lives Matter on social media for his own personal profit.Toledo resident Sir Maejor Page, a.k.a. Tyree Conyers-Page, was arrested in September on one count of wire fraud and two counts of money laundering.An investigation was launched into the 32-year-old after a complaint was filed with the FBI’s National Threat Operations Center in April 2020. The com

Data Loss Impacts 40% of SaaS App UsersNew research has found that 40% of Software as a Service (SaaS) users across a range of industries have lost data stored in their online tools. The survey by Rewind, a provider of cloud backups for SaaS applications, was commissioned ahead of World Backup Day on March 31. A total of 631 respondents answered questions related to how they use SaaS apps in a professional context.  Key findings were that more than half (53 percent) of r

McAfee Partners with College to Help Address Cyber-Skills ShortageMcAfee has announced a partnership with London South East Colleges in a bid to provide students with insights into working in the cybersecurity industry.The initiative is part of efforts to encourage younger people to pursue a career cybersecurity and address the skills gap in the sector. Earlier this week, a report from the Learning & Work Institute found that the number of students enrolling in ICT at GCSE level fell by 40%

CNA Suffers “Sophisticated” Cyber-AttackThe website of insurance giant CNA is out of action following a cyber-attack that took place over the weekend.Visitors to the website of the Chicago-based firm are greeted with a notice explaining that threat actors have disrupted the company’s network. In a statement released Tuesday evening, CNA described the assault as a “sophisticated cybersecurity attack.” The company said that certain systems, including corpo

Rise in Attacks on ICS Computers in Second Half of 2020Attacks on industrial control system (ICS) computers went up by .85 percentage points in H2 of 2020 compared to H1, according to new research from Kaspersky.The analysis also found that the variety of malware families targeting ICS computers increased by 30% in this period, with cyber-criminals significantly ramping up attacks against these sectors amid the COVID-19 lockdowns.While industrial organizations have traditionally been an attracti

Two-Thirds of Large Firms Attacked as #COVID19 Hampers SecurityNearly two-thirds of medium and large-sized businesses suffered a cyber-attack or breach last year, with security efforts suffering during the pandemic, according to the latest government figures.The Cyber Security Breaches Survey 2021 on the face of it showed a slight improvement over last year’s: 39% of UK businesses of all sizes said they were breached or attacked over the previous 12 months versus 46% last year.However, whi

Half of UK Firms Suffer Cyber-Skills GapsHalf of UK businesses reported cyber-skills gaps last year, with diversity still woefully lacking in most organizations, according to the latest government figures.The DCMS-sponsored Cybersecurity skills in the UK labour market 2021 report was compiled from representative surveys of security sector and wider organizations, as well as analysis of job postings and research with recruitment agencies.It revealed that around 680,000 businesses in the country h

#IMOS21: Six Components of a Bug Bounty ProgramSpeaking at the Spring Infosecurity Magazine Online Summit, Sean Poris, director, product security at Verizon Media, explored how to run a bug bounty program, outlining the six components of a successful big bounty structure.Poris explained that, by investing in bug bounties, organizations are potentially tapping into “hundreds of thousands of global hackers” that think about software and vulnerabilities in ways that internal staff might

FatFace Faces Customer Anger After Controversial Breach ResponseBritish clothing retailer FatFace is facing a mounting storm of criticism for its handling of a “sophisticated criminal attack” which led to the compromise of customers’ personal data (PII).In an email to customers posted by HaveIGotPwned? founder Troy Hunt this week, the firm revealed that the breached data included customers’ full names, email and home addresses and partial card details (last four digi

12 riddles linked to new £50 note featuring the codebreaker may take seven hours to crackGCHQ has released its “most difficult puzzle ever”, a set of 12 riddles linked to design elements of the new £50 note featuring the mathematician and codebreaker Alan Turing.The questions begin with a relatively straightforward crossword-style puzzle that starts by asking where GCHQ’s predecessor agency, where Turing worked, was based during the second world war. A two-word answ

Cybeats Technologies Acquired by Relay MedicalRelay Medical Corporation has completed the acquisition of an Internet of Things (IoT) cybersecurity firm based in Toronto, Canada.The completion of the deal to acquire Cybeats Technologies Inc was announced yesterday, just 20 days after news of the transaction was published.Cybeats was founded in 2016 by Peter Pinsker, Dmitry Raidman, and Vladislav Kharbash. The company is known for developing an integrated security platform that is desig

#IMOS21: How to Better Understand and Secure Modern DataSpeaking in the opening keynote session of Day Two of the Spring Infosecurity Magazine Online Summit, Wendy Nather, head of advisory CISOs at Duo Security (Cisco), analyzed the chemistry of data, exploring data’s power (for good and bad), creating formulas for data security requirements and driving a data-centric security approach.Nather outlined that, over the past 40 years, there have been vast changes in how data is stored, accesse

Drug Maker to Pay $50m for Destroying DataA drug manufacturer in India has been fined $50m for hiding and erasing records ahead of an inspection by the United States Food and Drug Administration (FDA).The deception occurred at a drug manufacturing plant in Kalyani, West Bengal, that makes active pharmaceutical ingredients (APIs) used in several different cancer drugs distributed to terminally ill patients in the US. The plant, which was owned and operated by Fresenius Kabi Oncology Lim

Breach at California State Controller’s OfficeThe California State Controller’s Office (SCO) has suffered a data breach after falling victim to a phishing attack.Threat actors were able to access email and files after a member of the staff clicked on a malicious link and unwittingly shared their credentials. In a data breach notice published March 20, the SCO said: “An employee of the California State Controller’s Office (SCO) Unclaimed Property Division clicked on a link

LogMeIn Appoints Michael Oberlaender as CISOCloud-based security provider LogMeIn has announced the appointment of Michael Oberlaender at its new chief information security officer (CISO).Oberlaender has been given responsibility for managing and growing the firm’s security program, both for internal systems and its portfolio of software products. This covers areas such as infrastructure, applications and overall data security.In this role, he will lead a global security team encompassing

Proton Founder Accuses Apple of “Giving in to Tyrants”The founder of a privacy centric email and VPN service has hit out at Apple for putting profits before human rights.Andy Yen is the CEO of Proton Technologies, which produces the ProtonMail and ProtonVPN offerings. He argues that the services were created in part to enable activists, protesters, journalists and others to communicate privately and “overcome internet blocks.”However, Apple recently blocked a ProtonV

Forex Broker Leaks Billions of Customer Records OnlineOver 20TB of sensitive customer data has been accidentally leaked online by a popular online trading broker, after it misconfigured a cloud database.Researchers at reviews site WizCase spotted the Elasticsearch server left wide open without any encryption or password protection.They quickly traced it back to FBS, one of the world’s busiest online brokers for foreign exchange (forex) trading, which boasts as many as 16 million globa

Sierra Wireless Halts Production After Ransomware AttackA leading IoT manufacturer has been forced to halt production of devices after suffering a major ransomware attack.In a statement issued yesterday, Sierra Wireless claimed the attack struck over the weekend, on March 20.“The company’s website and other internal operations have also been disrupted by the attack. The company believes it will restart production at these facilities and resume normal operations soon,” it said.&

#IMOS21: The Critical Role of Culture in DevSecOps The approach organizations should take to develop and maintain an effective DevSecOps culture were highlighted by Patrick Debois, director of market strategy at Snyk during a session at the Infosecurity Magazine Online Summit EMEA 2021.Debois firstly emphasized the importance of an organization’s culture in determining the DevSecOps strategy that should be employed. “The CEO and culture of your company w

Fired IT Contractor Jailed for Retaliatory Cyber-AttackAn IT contractor who carried out a retaliatory cyber-attack after being fired for underperforming has been sent to prison. Indian national Deepanshu Kher was hired by an American IT consulting firm in 2017. The firm sent Kher to the headquarters of a company in Carlsbad, California, to assist the business with its migration to a Microsoft Office 365 (MS O365) environment.The company was unhappy with the standard of Kher’s work and waste

UPMC and Charles Hilton Sued Over PHI BreachA Pennsylvania medical center and its legal services provider are facing a class-action lawsuit over a data breach that exposed the protected health information (PHI) of more than 36,000 patients. The breach occurred last year when hackers gained access to several email accounts belonging to employees of law firm Charles J. Hilton & Associates P.C. (CJH). An investigation revealed that the attackers had access to the accounts between

#IMOS21: AI Analysts May Prove Key to Keeping Organizations Secure Leveraging AI to undertake investigations of suspicious activities could significantly increase security teams’ abilities to protect their organizations from cyber-attacks, according to Andrew Tsonchev, director of technology, Darktrace, speaking during the Infosecurity Magazine Online Summit EMEA 2021.The development of an ‘AI analyst’ differs from the normal role of threat detection played by this type of tech