#Information Security

Case for Crypto Audits After Another Disastrous Million Dollar Hack in DeFi

The latest protocol hack on BadgerDAO is a call for developers and projects to take a closer look at their smart contracts and employ third-party auditors. Over the past week, the cryptocurrency community witnessed one of the largest DeFi hacks in 2021 as BadgerDAO, a decentralized finance protocol for borrowing, lending, and earning yield with tokenized Bitcoin on Ethereum, lost $120.3 million to the hackers. According to reports on the hack, the criminals added a malicious script to the protocol’s frontend website, prompting users to approve a smart contract transaction giving the script unlimited permission to drain funds from their wallets.
Picture for Case for Crypto Audits After Another Disastrous Million Dollar Hack in DeFi

Kamala Harris is on to something: AirPods are bad

AirPods are bad, people. I’ve said it for years. In 2016, when Apple first debuted the overpriced accessories, I wrote that wireless headphones were like tampons without strings – missing the crucial feature that helps you find them when you need to. As the years have gone by, I’ve clung...
Picture for Kamala Harris is on to something: AirPods are bad

When Scammers Get Scammed, They Take It to Cybercrime Court

Underground arbitration system settles disputes between cybercriminals. Blocked from legitimate courts, cybercriminals have set up their own system for settling disputes, handing over ultimate decision-making to senior underground forum administrators who have awarded claims totaling as much as $20 million. A new report from Analyst1 details activities inside these underground...

Espionage is set to overtake terrorism as Australia’s top security concern – are our anti-spy laws good enough?

Terrorism has been one of Australia’s most significant threats to national security since the September 11 terrorist attacks. But this is set to change. Australia’s domestic spy agency ASIO anticipates espionage – spying – will supplant terrorism as Australia’s principal security threat over the next five years. They do not explicitly say why, but note this is “based on current trends” and that “espionage attempts by multiple countries remain unacceptably high”. Espionage can harm our independence, economy and national security. For example, stealing trade secrets would give a foreign country an advantage on the international market, which would undermine...
PC Magazine

Leave SMS Authentication Behind: Get an Authenticator App

Raise your hand if this has happened to you: You wake up in the middle of the night, check your phone to see the time and notice several missed text messages. You check them, hoping all your loved ones are okay, and see each is a one-time passcode. Now your worry turns to dread because someone has one of your passwords, and only an SMS message stands between you and some would-be hacker.
Washington Post

Tech companies join the fight to take down hacking groups

Welcome to The Cybersecurity 202! Today’s the 80th anniversary of the attack on Pearl Harbor, perhaps a greater turning point for the nation than anything that’s come since. Looking for a Pearl Harbor film? Skip the Ben Affleck flick and watch “From Here to Eternity.”. Below: Sidney Powell’s nonprofit raised...
Healthcare IT News

How to stop ransomware? It starts with an enterprise risk management program

If ransomware attacks are still not quite an inevitability, they're more common than ever across healthcare, and the threat is still an unwelcome fact of life for hospitals and health systems trying to keep their data – and their patients – safe. At the HIMSS Healthcare Cybersecurity Forum on Monday,...

CallMiner Achieves HITRUST CSF Certification to Manage Risk, Improve Security Posture, and Meet Compliance Requirements

HITRUST CSF Certification validates CallMiner is committed to meeting key regulations and protecting sensitive information. CallMiner, the leading provider of conversation analytics to drive business improvement, announced that its HITRUST boundary has earned Certified status for information security by HITRUST. HITRUST CSF Certified status demonstrates that CallMiner’s HITRUST boundary has met key regulations and industry-defined requirements and is appropriately managing risk.

Microsoft Digital Crimes Unit Takes down Domains Targeting Governments

Microsoft Security has taken control of 29 domains that were targeting global governments and closed them. The domains were focusing on governments and NGOs across continents and were part of attacks by China threat-group Nickel. The domain seizures were confirmed by Microsoft Security in two blog posts this week. Microsoft...

Continuous Security Hardening and Monitoring for IBM® z/OS® Mainframes and Databases Using Qualys Policy Compliance

Mainframes are a key infrastructure component for many enterprises worldwide. Arguably the most secure, reliable, and efficient computing platform, mainframes hold some 70% of the world’s business-critical data. Even though they are highly secure and resilient, it’s a common misconception that mainframes are not exposed to security risks. In fact, however, they are susceptible to many of today’s most sophisticated threats.

What Is a Honeypot and Can It Help Mitigate Cyberattacks?

Cybersecurity is not always a case of the attackers trying to attack innocent victims and networks. Thanks to a decoy computer system known as a "honeypot", this role is sometimes reversed. While a honeypot might bring to mind the image of Winnie the Pooh indulging in a giant tub of...

Quantinuum Creates Quantum-Powered Encryption That's Available Today

Quantinuum, a business unit of quantum computing company Honeywell, has productized what it calls the world's first quantum-powered encryption key generator. The technology, marketed as Quantum Origin, will provide clients with quantum-computing derived encryption algorithms with different levels of security capabilities. The company positions its product as a blanket solution for current cybersecurity problems and the nefarious "steal today, decrypt later" attacks that have become more and more likely as developments in quantum computing advance at a breakneck pace.

OMB’s New FISMA Reporting Guidance Includes Zero Trust, CDM Program Review

The Office of Management and Budget has released fiscal year 2021-2022 guidance to help agencies comply with the requirements of the Federal Information Security Modernization Act of 2014 and the recent cybersecurity executive order. OMB outlined several tenets to guide performance management reform under FISMA and one of those is...

Weather security platform to go public in $1.2 billion SPAC deal

Weather and security platform will go public through a merger with a blank-check firm in a deal worth nearly $1.2 billion, the companies said on Tuesday. The deal with special purpose acquisition company (SPAC) Pine Technology Acquisition Corp, which is expected to close in the first half of 2022, will fetch up to $420 million in proceeds for the Israeli founded company.

Top 3 Mistakes Companies Make With Security and Compliance

As the workplace continues to blend between physical and remote environments, protecting company data has become a top priority. We’ve all seen the fallout of poor security policies – phishing scams, data breaches and exposing confidential information just to name a few. So it’s not uncommon for companies to reactively set up compliance programs; being non-compliant can be twice as costly as being compliant due to fines, business disruption, reputation damage and other factors. But compliance can be complex and confusing, especially when set up hastily or with minimal knowledge of the process. There’s an abundance of frameworks to understand with different requirements on timeline, policies and controls. Because compliance is traditionally known as a cumbersome process plagued by a sea of paperwork, it’s no surprise that companies will do whatever they can to avoid it until a customer asks for an attestation report. Yet, without the proper foundation, cobbling a compliance program together can do just as much damage as not having a compliance program in place at all.

To Stay Safe, Businesses Turn to Automation, Employee Training

The range of cybersecurity risks that businesses face today are increasingly complex, and they demand a response that is sophisticated and fundamentally sound. Unfortunately, organizations are struggling on two key fronts. The first is the volume of threats. Basic security tools can detect anomalous network activity, but the sheer number...

Oxeye CNAST platform delivers contextualized risk assessment for cloud native applications

Oxeye announced the company’s Cloud Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for accurate remediation. According to Gartner’s 2021 Magic Quadrant for Application Security Testing, “Modern application...

What Are Best Identity & Access Mgmt Tools Currently Available?

Guest OpEd by Danna Bethlehem Coronel, Director, Product Marketing, Identity & Access Management (IAM) at Thales. The days of network perimeter security are long gone. With corporate boundaries vanishing, the real battle to protect the network has moved to the realm of identity and access management (IAM). Network perimeter security...