Time to Get Kids Hacking: Our 2022 Holiday Gift Guide
Whether cybersecurity professionals, software developers, hardware tinkerers, or all of the above, hacker parents are some of the best “recruiters” for the future of tomorrow’s cyber workforce. If you’re one such pro seeking out a gift that’s not just fun but also gets your kid thinking like a hacker, we’ve got the gift guide for…
Transportation sector targeted by both ransomware and APTs
Trellix released The Threat Report: Fall 2022 from its Advanced Research Center, which analyzes cybersecurity trends from the third quarter (Q3) of 2022. The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) actors. It examines malicious cyberactivity including threats to email, the malicious use of legitimate third-party…
The Future of Cybersecurity Recruiting: Lessons on What Employers Want and What Students Need
In today’s cybersecurity space, there is a knowledge gap, with numerous cybersecurity positions going unfilled. As demand increases and talent lags, cybersecurity educators, recruiters, and employers alike are looking for more actionable solutions to collaborate and link talent to jobs. While the worker shortage continues to grow amid new demands, here is what organizations and…
Balancing Security Automation and the Human Element
I’ve written about both topics from many angles and now, as the industry becomes more focused on automation as a cornerstone of effective security, the secret to making meaningful progress in both areas is to leverage the symbiotic relationship between them. In other words, using automation to make your people more efficient, and using your…
Microsoft Patches MotW Zero-Day Exploited for Malware Delivery
Windows adds the MotW to files coming from untrusted locations, including browser downloads and email attachments. When trying to open files with the MotW, users are warned about the potential risks or, in the case of Office, macros are blocked to prevent malicious code execution. However, there are ways to bypass MotW defenses. Researcher Will…
No Cyberattacks Affected US Vote Counting, Officials Say
A few state and local governments appeared to be hit by a relatively rudimentary form of cyberattack that periodically made public websites unreachable. But U.S. and local officials said Wednesday that none breached vote-counting infrastructure. “We have seen no evidence that any voting system deleted or lost votes, changed votes, or was any way compromised…
A Better Way to Resist Identity-Based Cyber Threats
Take a moment to consider how frequently you authenticate your identity online: checking your email, logging in to your bank account, accessing cloud-based productivity tools, booking a flight, paying your taxes. We confirm our identities so many times every day that things like providing personally identifiable information and confirming a login attempt through our smartphones…
Darwinium Raises $10 Million for Customer Protection Platform
The security and fraud prevention firm’s platform identifies bad behavior in real time by continuously assessing users’ digital interactions across websites, applications, and APIs. Darwinium says it takes a new approach to customer protection by combining internal cybersecurity tools with fraud-prevention tools, in a single view. The startup aims to prevent account compromise and online…
Anxiously Awaited OpenSSL Vulnerability’s Severity Downgraded From Critical to High
The OpenSSL Project revealed last week that an update for OpenSSL 3.0 would address a critical vulnerability. That flaw is tracked as CVE-2022-3602 and it has been described as a buffer overrun that can be triggered in X.509 certificate verification. Exploitation of the flaw could lead to a denial-of-service (DoS) condition caused by a crash,…
US Gov Issues Supply Chain Security Guidance for Software Suppliers
Created by the Enduring Security Framework (ESF), a cross-sector working group seeking to mitigate the risks threatening the critical infrastructure and national security, the guidance provides recommendations for developers, suppliers, and organizations. In September, the three US agencies released the first part of the series, which included recommendations for developers looking to improve the software…
