Building Effective Business Cases to Cover Cybersecurity Costs
With the global average cost of a data breach totaling $3.86 million in 2020, the topic of security continues to be a major pressure point and a board-level agenda item. So why do security programs still seem to lack adequate funding, urgency and support until a breach or lawsuit occurs or auditors demand change? Verizon’s…
CODESYS Patches Dozen Vulnerabilities in Industrial Automation Products
Vulnerabilities in CODESYS software could have serious implications considering that it’s used in the industrial control systems (ICS) made by several major companies. Last month, a cybersecurity firm warned that programmable logic controllers (PLCs) made by over a dozen manufacturers were exposed to attacks due to critical security bugs discovered in CODESYS software. CODESYS on…
Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems
Advisories describing the vulnerabilities were published this month by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Mitsubishi Electric. SecurityWeek has also obtained additional information from people involved in the discovery and disclosure of these flaws. One advisory describes a critical vulnerability that exposes the affected control systems to unauthenticated XML external entity injection…
Cybersecurity M&A Roundup: 14 Deals Announced July 1-8, 2021
A total of 14 cybersecurity-related acquisitions were announced between July 1 and July 8, 2021. Barracuda Networks acquires SKOUT Cybersecurity Application, cloud, email, data and network security solutions provider Barracuda Networks is acquiring SKOUT Cybersecurity, a company that provides cyber-as-a-service software for MSPs, as well as XDR solutions. The deal enables Barracuda to expand its…
Director of Cybersecurity at NSA Gets Dedicated Twitter Account
The account, @NSA_CSDirector, is currently being used by Joyce, but it will likely be passed on to future NSA cybersecurity directors, similar to the @POTUS Twitter account used by the president of the United States. Joyce has promised to share “insights and information about what we are up to.” His first tweet after announcing the…
UN Security Council Confronts Growing Threat of Cyber Attacks
At their summit earlier this month in Geneva, the US president set out red lines for Russia, which is often accused of being behind major hacks. In this case, he laid out 16 “untouchable” entities, ranging from the energy sector to water distribution. “This is the generic list of critical infrastructure which every country has,”…
XSS Vulnerability in Cisco Security Products Exploited in the Wild
Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after. CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported…
Cybersecurity Companies Join Forces Against Controversial DMCA Section
The DMCA is a copyright law that was passed in 1998. It prohibits the production and dissemination of technology, devices, or services designed to circumvent measures that control access to copyrighted works. One section of the DMCA, section 1201, has posed some problems for the cybersecurity community. According to the U.S. Copyright Office, “section 1201…
Ransomware Gangs Get Paid Off as Officials Struggle for Fix
“It is the position of the U.S. government that we strongly discourage the payment of ransoms,” Eric Goldstein, a top cybersecurity official in the Department of Homeland Security, told a congressional hearing last week. But paying carries no penalties and refusing would be almost suicidal for many companies, especially the small and medium-sized. Too many…
Cybersecurity Training Company Immersive Labs Raises $75 Million
Founded in 2017, by a former employee of the UK’s GCHQ intelligence agency, the company has offices in Bristol and Boston, helping both private and government organizations improve the cybersecurity skills of their employees. The new funding round, Immersive Labs says, will help it accelerate the delivery of a new Cyber Workforce Optimization platform. Leveraging…
