Cybersecurity |
Sponsored by |
Today, the Biden Administration released the National Cybersecurity Strategy, which outlines the use of all available resources to protect the United States' security, safety, and economic prosperity. more
Russian government hackers are reported to be behind latest cyber-intrusions into the business systems of U.S. nuclear power and other energy companies with efforts to assess networks. more
Despite headlines now at least a couple of years old, the InfoSec world is still (largely) playing lip-service to the lack of security talent and the growing skills gap. The community is apt to quote and brandish the dire figures, but unless you're actually a hiring manager striving to fill low to mid-level security positions, you're not feeling the pain -- in fact, there's a high probability many see problem as a net positive in terms of their own employment potential and compensation. more
Sophie Curtis of eWeek reports: "Researchers have discovered a hole in the secure sockets layer (SSL) protocol, enabling man-in-the-middle attackers to hack into secure applications despite traffic encryption. According to security researcher Chris Paget, hackers can exploit this flaw by breaking into shared hosting environments, mail servers and databases, and inserting text into encrypted traffic as it passes between two end users. This could lead to fragmentation of SSL transactions, giving hackers the opportunity to inject false commands such as password resets into communications which are otherwise encrypted." more
A new network of European telecommunication satellites will be active from 2024, following the green light by European Parliament. The Infrastructure for Resilience, Interconnectivity and Security by Satellite project is aimed at providing a secure communications infrastructure for EU government bodies and agencies, emergency services and European delegations around the world. more
Neil Schwartzman writes: Steven R. Chabinsky, Deputy Assistant Director, Cyber Division of the Federal Bureau of Investigation gave a keynote at the GovSec/FOSE Conference in Washington, D.C., March 23, 2010. Full text of the speech here. more
Security researchers have identified a new phishing attack method designed to trick users into surrendering confidential information after they have logged on to an online banking, brokerage, or other sensitive website. The technique, called In Session Phishing, can be used to inject into all major browsers legitimate looking Pop Up messages using malicious JavaScript that request passwords, account numbers, etc., on behalf of the trusted website. more
Public Interest Registry (PIR), a domain registration and management service for the .org top-level domain, has partnered with the American Red Cross, aiming to combat online fraud, especially in the context of fundraising in emergencies. The collaboration seeks to increase internet safety and enhance public trust in online donations to charitable causes. more
In follow up to FCC's report that the agency's online comment system was subjected to multiple DDoS attacks over the weekend, U.S. federal lawmakers are demanding answers as to what exactly happened. more
In the always interesting Lawfare blog, former FBI counsel Jim Baker in a piece called Rethinking Encryption reiterates his take on the encryption debates. There's a certain amount that makes me want to bang my head against the wall... But it's worth reading to remind us of what the other side is thinking, even with a lot of motivated reasoning that makes him conclude that Congress can pass some laws and the going dark problem will be solved. more
Experts, companies and civil society groups around the world ask governments to support strong encryption -- and reject proposals that would undermine the digital security it provides. more
With the COVID-19 health crisis evolving so quickly, it's hard to predict the extent of the long-term impact on business and the economy. While every business sector is facing different considerations, it's safe to say all are handling challenges from supply chain interruptions, rapid shifts to remote work, and massive changes in consumer spending and communication habits. more
Arbor Networks today released its Global DDoS Attack Data for the first half of 2016 affirming continued escalation in both the size and frequency of denial-of-service (DDoS) attacks. more
NASCAR team Circle Sport-Leavine Family Racing (CSLFR) disclosed today a ransomware infection incident that took place in April and nearly caused losing access to critical files worth about $2 million. more
In a joint announcement today, Dutch research institute CWI and Google revealed that they have broken the SHA-1 internet security standard "in practice". more