News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Baltimore County Public Schools became the latest victim of ransomware attacks against the K-12 education sector, which have seen increases in frequency, sophistication and ransom demands in recent months. Since the start of the new school year, the hurried switch to remote learning brought on by COVID-19 has caused significant cybersecurity risks, which were only
0 Comments
Editor’s note: In the first of a two-part article on securely operating or migrating to the cloud-based Microsoft 365 (formerly Office 365) suite of services, Nemertes Research CEO and founder Johna Till Johnson first looks at common security misconfigurations surrounding Microsoft 365 and the operational practices of some of its third-party practitioners. Part two will
0 Comments
There’s a reason why a computer virus is called a “virus,” as they have many similarities to medical viruses. Notably, as medical viruses can have a severe impact on your personal health, a computer virus can severely impact the health of your business. In today’s digital world, a computer virus, a “wormable” remote code execution
0 Comments
Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise (BEC) scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed “Operation Falcon,” was jointly undertaken by the international police organization along with Singapore-based cybersecurity firm
0 Comments
A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider. By hiring a third-party provider to manage its security program remotely, an organization gains access to staff and resources that it doesn’t have in-house, and can better keep up with information
0 Comments
A security champions program is critical to maintaining an organization’s security culture, but during the COVID-19 shutdown, teams could find themselves working with one hand tied virtually behind their backs. Telework arrangements, online meetings, collaboration software and extensive smartphone use can keep an organization running, but they can’t recreate the casual interactions that are an
0 Comments
A security operations center, or SOC, is one of the first lines of defense against attacks and breaches. The infosec employees working within this command center create, implement and revise an enterprise cybersecurity program, as well as deploy, manage and update the security technologies and tools key to preventing data loss. The 2020 Verizon Data
0 Comments
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as “SEC-575” and discovered by researchers from Digital Defense, has been remedied by the company in
0 Comments
In an increasingly challenging threat landscape, many organizations struggle with implementing and enforcing effective cybersecurity governance. The “Managing Cybersecurity Risk: A Crisis of Confidence” infographic by the CMMI Institute and ISACA states that, “While enterprise leaders recognize that mature cybersecurity is essential to thriving in today’s digital economy, they often lack the insights and data
0 Comments
At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS (Domain Name System) related outage and Distributed denial of service (DDoS) lead a negative impact on businesses. Among the wide range of countermeasures, a web application firewall is
0 Comments
Listen to this podcast This week’s Risk & Repeat podcast discusses President Trump’s firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community. This week’s Risk & Repeat podcast discusses the fallout from President Trump’s decision to remove Christopher Krebs as head of the Cybersecurity and Infrastructure Security Agency this
0 Comments
Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses. Being constantly under development, Emotet updates itself regularly to improve stealthiness,
0 Comments
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Tokenization, which seeks to minimize the amount of data a business needs to keep on hand, has become a popular way for small and midsize businesses to bolster the security
0 Comments
President Trump fired Christopher Krebs from his post as director of the Cybersecurity and Infrastructure Security Agency on Tuesday night via a tweet. Both Krebs and CISA have been actively pushing back on misinformation in the weeks since Election Day, repeatedly speaking out against accusations made by Trump on issues like alleged voter fraud and
0 Comments
A critical vulnerability uncovered in Real-Time Automation’s (RTA) 499ES EtherNet/IP (ENIP) stack could open up the industrial control systems to remote attacks by adversaries. RTA’s ENIP stack is one of the widely used industrial automation devices and is billed as the “standard for factory floor I/O applications in North America.” “Successful exploitation of this vulnerability
0 Comments
An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include developing a proactive incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices and providing support for all incident handling measures.
0 Comments
Sound security budget planning and execution are essential for CIO’s/CISO’s success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template (download here) provide security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame. The
0 Comments
Securing the U.S. elections may seem solely like a technology challenge on the surface. However, as the November election rapidly approaches and with early voting underway, election security truly boils down to the core fundamental challenge of protecting our nation and maintaining confidence in our democratic processes. Election security is a bipartisan issue and must