F1TYM1

When the pandemic struck, online bad actors took it as an opportunity to double-down on their attacks through ransomware, malware, and social engineering. Newly remote workers and remotely connected workplaces had to adapt rapidly to a greater digital threat as well as a public health crisis.

Security team members are the principal defenders of enterprise cyber assets. It makes sense, then, to verify that current staffers and potential new hires aren’t hiding secrets that could place essential systems and data at risk.

Lazarus targets defense industry with ThreatNeedle (PDF)

India announced sweeping rules to regulate social media firms, streaming services, and digital news outlets, joining a handful of other nations in posing new challenges for giants such as Facebook and Google that count Asia’s third-largest economy as its biggest market by users.

India announced sweeping changes to its guidelines for social media, on-demand video streaming services, and digital news outlets on Thursday, joining several other nations in posing new challenges for giants such as Facebook and Google that count the nation as its biggest market by users.

Security professionals are inundated with thousands of alerts per day generated by a growing number of cybersecurity tools. Investigating and connecting individual alerts to events often takes days. Seeing the proverbial forest for the trees is an ongoing struggle. And, once threats are discovered, the time required to understand the breadth of the attack and ultimately remediate the threat is now measured in months. IBM’s Cost of a Data Breach Report found the mean time to identify a malicious attack is 230 days; the mean time to contain the attack is 84 days. This is why breach incidents continue to increase, despite rising cybersecurity investments.

In mid-February 2021, the Department of Justice shared the content of what had been a sealed indictment charging three North Korean (DPRK) hacking “operatives” with a plethora of cybercrimes, including “cyber heists and extortion schemes, targeting both traditional and cryptocurrencies.”

address a global chip shortage impacting industries

Written by Tim Starks
Feb 24, 2021 | CYBERSCOOP

We check out Amazon’s new smart home device, Airbnb adds flexible search and Hopin is raising even more money. This is your Daily Crunch for February 24, 2021.

Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO).

Our thanks to BSides Calgary and Conference Speakers for publishing their outstanding presentations; which originally appeared at the group’s BSides Calgary 2020 Conference, and on the Organization’s YouTube Channel. Enjoy!

Our thanks to BSides Calgary and Conference Speakers for publishing their outstanding presentations; which originally appeared at the group’s BSides Calgary 2020 Conference, and on the Organization’s YouTube Channel. Enjoy!

House Democrats sent a letter to President Joe Biden on February 22 urging the Commander in Chief to give up his ability to unilaterally launch a nuclear weapon. 

This Week in Breach News:

Kia hits a bump in the road with ransomware, Underwriters Laboratories didn’t check their cyber safety, Simon Fraser University is back for a cyberattack encore, enhance your password power and see how increased phishing risk means it’s time to increase cyber resilience for your clients.

In part two of this blog series on aligning security with business objectives and risk, we explored the importance of thinking and acting holistically, using the example of human-operated ransomware, which threatens every organization in every industry. As we exited 2020, the Solorigate attack highlighted how attackers are continuously evolving. These nation-state threat actors used an organization’s software supply chain against them, with the attackers compromising legitimate software and applications with malware that installed into target organizations.