blackhat: Exploiting Vulnerabilities In Your Container Workloads With AWS (Dec. 14th)
IT - Security

GDPR - Privacy First
Security Boulevard, November 14th, 2022
Let us start this by talking about why privacy is important to the business. You want to assure your customers, especially in Europe that you take their data seriously and will develop processes to protect it.

The recent companies that have been fined by the European Union are:

1. Ireland slammed WhatsApp with A 225 million Euro GDPR penalty after claiming that the messaging service had failed to properly explain its data processing practices in its privacy notice...


XDR: Still Confusing After All These Years
CSO Online, November 16th, 2022
It's time to stop debating about what XDR is and focus on how it fits in a security operations center modernization strategy.

We've been discussing extended detection and response (XDR) for years now, but a fundamental question remains: Just what the heck are we talking about, anyway?

Alarmingly, this continues to be a pertinent question. According to ESG research, 62% of security professionals claim to be 'very familiar' with the term XDR, up from just 24% in 2020. An improvement, but still 29% are only somewhat familiar, not very familiar, or not at all familiar with XDR. So, despite industry hyperbole, arm waving at the RSA conference, and cacophony of XDR talking heads, nearly one in five security professionals haven't received the message.


Effectively Enforce A Least Privilege Strategy
SecurityIntelligence, November 15th, 2022
Every security officer wants to minimize their attack surface. One of the best ways to do this is by implementing a least privilege strategy.

One report revealed that data breaches from insiders could cost as much as 20% of annual revenue. Also, at least one in three reported data breaches involve an insider. Over 78% of insider data breaches involve unintentional data loss or exposure. Least privilege protocols can help prevent these kinds of blunders.

Five Steps To Eliminate Passwords
Hypr, November 18th, 2022
Passwords and credentials remain the largest source of attack attempts and successful attacks, making them the biggest cybersecurity threat to organizations across all industries.

Per Verizon's 2022 Data Breach Investigations Report, 62% of successful breaches are tied to stolen credentials or phishing.

Password attacks come in many shapes and sizes and have evolved to circumvent counter measures like 2FA and traditional MFA.


Back in January, few could have predicted the events that have unfolded this year. So trying to anticipate trends for the coming 12 months is always going to be fraught with risk.

That said, we can point to some clear macro-trends in the cybersecurity and privacy sphere which will help IT decision makers to steer their ship to calmer waters in 2023.

As digital investments accelerate to cushion the blow from incoming recession, organizations will look to simplify security with a focus on data protection and more efficient cyber risk management.


The Fight Against Fraud Continues
Cyber Defense Magazine, November 14th, 2022
A closer look at biometric authentication technology

As we recognize Cybersecurity Awareness Month, many organizations are taking the opportunity to sharpen their focus on fraud detection and prevention - and security in general. In fact, the White House Office of Management and Budget (OMB) just recently released new guidance for strengthening the security of the nation's software supply chain.

An outgrowth of a 2021 cybersecurity executive order, under this new guidance, Federal agencies 'will require software vendors to self-certify that they're following secure development practices.'

And for good reason. Software solutions are at the heart of critical infrastructure. From our healthcare platforms to utility delivery (and so much in between), software vulnerabilities can have a profound impact on our nation's resilience.


Top 5 Vulnerability Scanning Tools For Security Teams
SearchSecurity, November 17th, 2022
Use these five vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud infrastructure, IoT devices and more.

Vulnerability scanning tools enable organizations to search for and discover potential weaknesses within their environment.

Such tools have changed since debuting about 30 years ago. In the beginning, there were two basic types of vulnerability scanners. One scanned the internal network to find hosts on the network, determine what network ports were open and potentially "fingerprint" each host by studying its network behavior to pinpoint its OS and OS version. The other type of vulnerability scanning tool ran on individual hosts, often with local administrator credentials, to get a more comprehensive picture of what software each host was running and what known vulnerabilities were in that software.


What Is Top Of Mind For CISOs Right Now?
DARKReading, November 16th, 2022
Security executives are leaning into the powerful twinning of XDR and automated management to reduce the risk and impact of ransomware.

CISOs have a unique perspective on the world. They see security threats to which most people are oblivious, and they face challenges keeping one step ahead of hackers who are looking to penetrate their networks. This threat landscape is outlined four times a year in the "CISO Insider" - an actionable report that explores the top three issues that are most relevant in today's threat landscape.

This quarter, rising ransomware rates, the promise of extended detection and response (XDR) in helping rapidly address emergent threats, and the need for increased automation and better tools to empower security teams to do more with limited resources have come to the forefront. Keep reading to learn how you can apply these insights to your own operations.


What Is Cyber Espionage And How To Prevent It
Geekflare, November 14th, 2022
Cyber espionage is a growing concern for individuals, businesses, and governments. Learn about it here to prepare yourself against cyber spying.

As information technology grows, so do cyber crimes. Cyber espionage is one of the darkest cyber crimes, where nobody is safe from bad actors.

Cyber spying is not just limited to organizations. It has also touched individual internet users. So, you must prepare yourself, or else your data might find its way to the dark web for sale in no time.


What Is Identity Fraud? Definition, Types, And Examples
Security Boulevard, November 17th, 2022
Identity fraud is the unauthorised use of a person's personal information by another person to commit a crime or deceive or defraud that person or a third party in order to take advantage of the pleasures that come with that synthetic identity.

The majority of identity fraud is performed for financial gains, such as gaining access to a victim's credit card, bank accounts, or loan accounts. False or fabricated identification documents have been used in criminal behaviour (such as gaining access to secure locations) as well as contacts with official authorities such as immigration.

Today, the identities of genuine people are frequently utilised in the creation of such copies. A person's personal information can be stolen in a variety of methods, which is usually referred to as identity theft, which is used to commit the so-defined fraud; Identity Fraud

See all Archived IT - Security articles See all articles from this issue