Page 2

Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.

Critical infrastructure providers ask CISA to place guardrails on reporting requirements

Top companies and industry groups fear incident reporting mandates would overwhelm CISA with noise. 

McDonald’s to launch cybersecurity apprenticeship program

The restaurant chain's initiative is among nearly 200 registered apprenticeships programs approved or under development as part of the White House's Cybersecurity Apprenticeship Sprint.

Nokia warns 5G security ‘breaches are the rule, not the exception’

A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.

Confidential computing critical for cloud security, Google and Intel say

Confidential computing aims to isolate and encrypt data in use. The technology is young, but it could deliver significant gains for cloud security.

High risk, critical vulnerabilities found in 25% of all software applications and systems

Research from Synopsys showed weak SSL/TLS configurations were the most prevalent form of vulnerability.

CISA wants to change how organizations prioritize vulnerabilities

Federal authorities want to take the guesswork and manual decision making processes out of the messy world of vulnerabilities.

K-12 schools lack resources, funding to combat ransomware threat

One-fifth of schools spend less than 1% of their IT budgets on security, a MS-ISAC report shows.

Why privacy professionals should work closely with company engineers

Transcend's general counsel, Brandon Wiebe, said the increasingly technical nature of data privacy regulations requires cross-functional collaboration. 

CISA warns unpatched Zimbra users to assume breach

Months after warnings to patch the Zimbra Collaboration Suite, government and private sector organizations are under attack from multiple threat actors.

Twitter, amid security and compliance officer exodus, could run afoul of FTC rules

Regulatory attention is just the latest trouble for the embattled social media platform. Without chief security, privacy or compliance officers, following a consent decree becomes more difficult.

5 security musts for industrial control systems

OT involves a collection of dedicated systems and physics, and that creates distinct security requirements, said Robert M. Lee, CEO and co-founder at Dragos.

Citrix CVEs need urgent security updates, CISA says

Though there's no active exploitation yet, Tenable researchers warn they expect threat actors to target the Citrix systems in the near term.

SolarWinds under SEC probe related to 2020 supply chain attack

The company also disclosed a proposed $26 million settlement of a class action suit related to the cyberattack. 

CISA’s K-12 cyber education program goes nationwide

Cyber.org Range will introduce students to cybersecurity concepts and prepare them for intermediate-level jobs in a severely understaffed industry.

Microsoft finally releases security updates for ProxyNotShell zero days

The company linked a limited set of recent Exchange Server attacks to state-backed threat actors.

Mondelē​​z settlement in NotPetya case renews concerns about cyber insurance coverage

The legal dispute between the snack giant and insurer Zurich American, which lasted four years, raises further questions about how insurers cover acts of cyber war.

Precise ransomware strikes boost threat actors’ success rate

Threat actors are amassing specialized skills and tools from a broader group of cybercriminals to target organizations with more sophisticated tactics.

Senator proposes cybersecurity mandates for health systems

Cybersecurity can no longer be treated as a secondary concern and must become incorporated into every organization’s core business model, according to the chairman of the Senate Select Committee on Intelligence.

Face it, password policies and managers are not protecting users

Passwords haven’t worked as a solid security strategy in a long time. The policies are there, so why are passwords security’s weak spot?

How to implement an effective system to address third-party risk

Current processes for assessing and managing third-party cybersecurity risks are cumbersome and ineffective. CISOs must adopt new principles to address business exposure.

CISA demystifies phishing-resistant MFA

The “gold standard” safeguard isn’t a one-size-fits-all or all-or-nothing endeavor. For most organizations, a phased approach works best.

NIST seeks water industry feedback on boosting cyber resilience

The Biden administration is turning its security attention to the water and wastewater treatment industry, which has become vulnerable to cyberattacks as facilities grow more digital.

No, your CEO is not texting you

Everyone wants to stay on good terms with their employer. Threat actors know this too, and they exploit this weakness accordingly. Don’t fall for it.

CISA director bullish on private sector cooperation toward cybersecurity goals

Jen Easterly urged U.S. companies to embrace the agency’s efforts to raise cybersecurity performance, create resilient products and share more information.