Cyber News Feed
National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs
At White House Cyber Workforce Convening, Commitments from the Federal Government and Private Sector Demonstrate Progress Building the Nation’s Cybersecurity Workforce
April 29, 2024
Denmark Technical College, Fusion Centers announce groundbreaking managed SOC initiative - Columbia Business Report
In a landmark move to revolutionize rural South Carolina’s cybersecurity landscape, Denmark Technical College and Fusion Centers have announced plans for a state-of-the-art managed security operations center (SOC) corporation headquartered and founded in Denmark, SC. Inspired and sponsored by revolutionary work in securing the Nation’s Historically Black Colleges and Universities (HBCUs)
2ND EPIC CBDA GOLF TOURNAMENT AT MEMBERS-ONLY ARMY-NAVY COUNTRY CLUB IN FAIRFAX
The Capital Business Development Association (CBDA) will hold its 2nd Epic Golf Tournament Fundraising Event on Monday, July 22, 2024, at the Army Navy Country Club located at 3315 Old Lee Hwy, Fairfax, VA 22030. The net proceeds from this event will go to the CBDA Cybersecurity Scholarship Program and to cover CBDA operational expenses. CBDA is a Virginia registered federally tax-exempt non-profit organization under Internal Revenue Code 501(c)(3).
Our goal for this tournament is to raise funds to augment the funding of 100% Cisco + CBDA scholarships being offered through Historically Black Colleges and Universities (HBCUs) and veterans seeking work in the field of Cyber Risk Management Framework (RMF), Security Operations Center (SOC), and Cyber Defense. We are working with Fusion Cyber, our cybersecurity training vendor, and partnering with leading HBCUs to provide 24-week online/hybrid boot camps taught by practitioners. Many HCBUs integrate our curriculum into existing undergraduate and graduate degree programs. Our cybersecurity boot camp series creates enterprise risk management professionals who can rapidly advance their cybersecurity careers by combining various certifications that validate their experience and cybersecurity knowledge to employers. Students go through the FC RMF – Fusion Cyber Zero Trust Risk Management Framework Boot Camps (a performance-based cloud security boot camp certification). CBDA funds partial and complete scholarships for student training and preparation for the CISSP, Security+, CISA, or CEH certifications. All donations are tax-deductible.
Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
Red Hat on Friday released an “urgent security alert” warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access.
The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils versions 5.6.0 (released February 24) and 5.6.1 (released March 9).
“Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code,” the IBM subsidiary said in an advisory.
Student Freedom Initiative and Fusion Cyber Proud to Offer STEM Certification Funding through Denmark Technical College
Student Freedom Initiative (SFI) is proud to announce a partnership with Fusion Cyber to help students at Denmark Technical College in South Carolina achieve STEM certifications that will propel them into important and successful careers upon graduation.
UK and Fusion Cyber partner to close the cybersecurity talent gap
The University of Kentucky Pigman College of Engineering has partnered with Fusion Cyber to offer a 100% virtual cybersecurity boot camp that prepares learners for industry roles.
WH aims to transition nearly 100K federal IT jobs to skills-based hiring
White House officials announced plans to move the GS-2210 “Information Technology Management Series” to skills-based hiring during an event at the Eisenhower Executive Office Building in Washington today.
“This is a major milestone in our national effort to move to skills-based hiring,” National Cyber Director Harry Coker said. He noted “this process will take time,” but said officials would “get it done” by the summer of 2025.
Rob Shriver, the deputy director at the Office of Personnel Management, said the 2210 series consists of nearly 100,000 jobs, representing most technical hires across the federal government.
The World’s Third-Largest Economy Has Bad Intentions — and It’s Only Getting Bigger
Move over, Japan and Germany. The global cyber crime economy – a $9.5 trillion behemoth – represents the world’s third-largest economy by GDP, according to Cybersecurity Ventures, trailing only the US and China. Populated by bad actors, the World Economic Forum describes it as “the dark underbelly of the digital era.”
HOW WILL AI CHANGE CYBER OPERATIONS?
The U.S. government somehow seems to be both optimistic and pessimistic about the impact of AI on cyber operations. On one hand, officials say AI will give the edge to cyber defense. For example, last year Army Cyber Command’s chief technology officer said, “Right now, the old adage is the advantage goes to the attacker. Today, I think with AI and machine learning, it starts to shift that paradigm to giving an advantage back over to the defender. It’s going to make it much harder for the offensive side.” On the other hand, the White House’s AI Executive Order is studded with cautionary language on AI’s potential to enable powerful offensive cyber operations. How can this be?
EARTH RECEIVES LASER MESSAGE FROM 140 MILLION MILES AWAY
NASA’s Psyche spacecraft achieved a milestone by transmitting a laser message from 140 million miles away. This demonstrates the potential for faster communication between spacecraft and Earth, with speeds 10 to 100 times faster than current capabilities. Source: NY Post, NASA
AT&T confirmed data for 73 million customers leaked on a hacking forum
AT&T has finally confirmed it is impacted by a data breach affecting 73 million customers after initially denying data leaked on a hacking forum originated from them.
Every US federal agency must hire a chief AI officer
AT&T has finally confirmed it is impacted by a data breach affecting 73 million customers after initially denying data leaked on a hacking forum originated from them.
GovCon Expert Payam Pourkhomami Explains the Difference Between NIST SP 800-171 and CMMC 2.0—Part 1 - GovCon Wire
BREAKING: @CISAgov's long-awaited cyber incident reporting rule for critical infrastructure organizations
Nearly 600,000 open cybersecurity-related jobs were listed over 12 months
New CyberSeek data reveals that there were 597,767 online job listings for cybersecurity-related positions in the 12 months from October 2020 through September 2021.
TSMC forecasting a 1000x improvement in GPU performance
TSMC forecasting a 1000x improvement in GPU performance per watt over the next 15 years. Coupled with major algorithmic improvements we’re quickly seeing every week, it isn’t crazy to expect 100,000 to 1,000,000x increase in AI performance per dollar in the next decade and a half
‘Most Severe’ Cyberattack Since Russian Invasion Crashes Ukraine Internet Provider
US, UK accuse China over spy campaign that may have hit millions
U.S. and British officials on Monday filed charges, imposed sanctions, and called out Beijing over a sweeping cyberespionage campaign that allegedly hit millions of people – including lawmakers, academics, journalists and more.
Pentagon Looks to Finalize Cybersecurity Rules for Defense Industrial Base
The DoD is modifying industry requirements as part of its final rule on revisions to the DIB Cybersecurity Program eligibility criteria.
FBI: Cybercrime Losses Exceeded $12.5 Billion in 2023
Cybercrime victims in the United States filed more than 880,000 complaints with the FBI in 2023, with reported losses totaling over $12.5 billion, which represents a 22% increase from 2022.
Over the past five years, the law enforcement agency received nearly 3.8 million complaints over losses totaling $37.4 billion.
Truck-to-truck worm could infect entire US fleet
The device that makes it possible is required in all American big rigs, and has poor security
Okta says hundreds of companies impacted by security breach
The EPA Administrator and the National Security Advisor have taken the highly unusual step of sending a joint letter to all U.S. governor
The EPA Administrator and the National Security Advisor have taken the highly unusual step of sending a joint letter to all U.S. governors, urgently warning about the critical cybersecurity threats facing the nation’s water and wastewater systems from malign state actors.
Emerging Architectures for Modern Data Infrastructure
Investing in Space: What to make of SpaceX selling satellite lasers
Earlier this week SpaceX President and COO Gwynne Shotwell announced the company will begin selling “space lasers.”
Security researchers found flaws in Saflok hotel keycard locks, used on 3 million doors in 13,000 properties worldwide
Security researchers found flaws in Saflok hotel keycard locks, used on 3 million doors in 13,000 properties worldwide, that can be used to open them in seconds. The lockmaker Dormakaba has been working on a fix but told them only 36% of locks are updated.
New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable
DMVs Nationwide Hit With Outage, Officials In Multiple States Say
BREAKING: All motor vehicle departments in the United States went down Thursday, according to officials in multiple states.
CISA Official Details New Fed Operational Cyber Alignment Plan
In response to the evolving threat environment, the Cybersecurity and Infrastructure Security Agency (CISA) is looking to better coordinate cybersecurity operations across the Federal government through a newly released Federal Operational Cyber Alignment Plan, or FOCAL.
Women make up just 24% of the cyber workforce. CISA wants to fix that.
New DOD cyber policy office opening soon, sources say
As mandated by Congress, the Office of the Assistant Secretary of Defense for Cyber Policy is coming.
Hackers hit Hood. Dairy shut down milk production this week after ‘cyber security event.
Introducing SSH command logging
Biden signs cyber incident reporting bill into law
Cyber Alert Plan Puts Onus on Businesses to Assess Their Risks
How to manage imposter syndrome in cybersecurity
How Cloudflare verifies the code WhatsApp Web serves to users
February 2022 Cyber Attacks Statistics
Cloudflare to auto-brick servers that go offline in Ukraine, Russia
HOW SOFTWARE IS EATING THE CAR
CISA’s Known Exploited Vulnerabilities Catalog: Breakdown of 95 Newly Released Vulnerabilities
Over 620 Million Ransomware Attacks Detected in 2021
How the U.S. Army Secured Log4j in 24 Hours
The Log4j zero-day tidal wave not only affected large companies like Twitter, Apple, Red Hat, and Splunk; it became a tsunami-like event within the U.S.
Expeditors International Shuts Down Computer Systems After CyberattacK
The logistics giant hasn’t said when it will fully restore operations.
Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless
Theoretically, there is no impediment to adding post-quantum cryptography to any system. But the reality is harder. In the middle of last year, we posed ourselves a big challenge: to change all internal connections at Cloudflare to use post-quantum cryptography.
AN IN-DEPTH LOOK AT THE 23 HIGH-IMPACT VULNERABILITIES
Today, we are announcing the discovery of 23 high-impact vulnerabilities in one of the major Independent BIOS Developers (IBV) software.
New research reveals vicious tactics of ransomware groups
Hackers are increasingly targeting zero day vulnerabilities and supply chain networks for maximum impact.
RANSOMWARE OFTEN HITS INDUSTRIAL SYSTEMS, WITH SIGNIFICANT IMPACT: SURVEY
Ransomware attacks in many cases hit industrial control systems (ICS) or operational technology (OT) environments, and impact is often significant, according to a report published on Thursday by IoT and industrial cybersecurity company Claroty.
ATTACKS, THREATS, and VULNERABILITIES
Cyberattacks continue to extend across Europe, BlackCat ransomware may be involved (Industrial Cyber) Cyberattacks have continued to affect oil transport and storage companies across Europe, as BlackCat …
European Oil Port Terminals Hit by Cyberattack (SecurityWeek) Major oil terminals in some of Western Europe’s biggest ports have fallen victim to a cyberattack.
Oil terminals disrupted after European ports hit by cyberattack (euronews) The hackers disrupted operating systems and prevented some oil tankers from delivering energy …
HOW THE U.S. ARMY SECURED LOG4J IN 24 HOURS
The Log4j zero-day tidal wave not only affected large companies like Twitter, Apple, Red Hat, and Splunk; it became a tsunami-like event within the U.S. Government and the U.S. Army.
Serious Security: Apple Safari leaks private data via database API – what you need to know
Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple’s web browser software.
Fed CIOs Flag Workforce, Cybersecurity as Big Priorities for 2022
This year further brought IT to the forefront of many organizations’ strategies in 2021, but as Federal chief information officers (CIOs) look to 2022, strengthening their agency’s workforce and cybersecurity posture are their big priorities for the year ahead.
DARPA’s New Public Tools Teach AI Developers to Defend Against Attacks
For the military to trust commercially sourced or even internally developed artificial intelligence, the technology will have to be defended. Now developers have a set of open-source tools to learn new defensive techniques and to test their products against simulated attacks.
Huawei Risks - A Government Security Review
Huawei Technologies Co. Ltd., a Chinese multinational company, has steadily grown to become the largest telecommunications equipment vendor in the world. Huawei’s global revenues have been recorded at over $100 billion globally.
Raspberry Pi Detects Malware Using Electromagnetic Waves
Researchers take antivirus support to the next level with the Raspberry Pi.
Don't copy-paste commands from webpages — you can get hacked
Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal are warned they risk having their system compromised.
FinalSite discloses ransomware attack that crippled websites for 8,000 schools
A ransomware attack on FinalSite, a cloud-based web hosting provider specialized in school and educational websites, has crippled the school portals and web services of more than 8,000 schools across more than 110 countries.
Cybersecurity Trends: 25% of Law Firms Have Been Breached
Here’s what else the ABA’s data tells us — and what’s concerning — about law firm cybersecurity trends.
The Complete List Of Hacker And Cybersecurity Movies
You can learn a lot about cybercrime by watching these flicks
What do your devices know about you?
Whether it’s a computer on your desk or a phone in your pocket, your devices retain a lot of personal data. And all of that information may be vulnerable to cybercriminals.
The Urgent Need For Cybersecurity To Diversify
It’s estimated that the number of cybersecurity jobs will grow by around 31% until 2029, which is seven times faster than the national average. This growth is in large part a response to the huge pressure organizations are under in the face of a surge in cyberattacks during the Covid pandemic.
Five Cybersecurity Themes to Look Out For
Each December, security experts like to predict which themes will be prominent in the coming year. Such predictions often focus on which attacks will happen more frequently or which vendor solutions are more likely to be successful.
Op-Ed: Cybersecurity, the new pillar of business
Cybersecurity can sometimes be treated as an afterthought. However, with the recent surge in ransomware and cyberattacks, it’s coming to light just how important it truly is. Everyone understands why finance, operations, management, etc. are non-negotiable to an organization, but where does cybersecurity fit?
National Security Commission on Artificial Intelligence
“Scale up digital talent in government. National security agencies need more digital experts now or they will remain unprepared to buy, build, and use AI and associated technologies. The talent deficit in DoD and the IC represents the greatest impediment to being AI-ready by 2025. The government needs new talent pipelines, including a U.S. Digital Service Academy to train current and future employees. It needs a civilian National Digital Reserve Corps to recruit people with the right skills—including industry experts, academics, and recent college graduates. And it needs a Digital Corps, modeled on the Army Medical Corps, to organize technologists already serving in government.
…Win the global talent competition. The United States risks losing the global competition for scarce AI expertise if it does not cultivate more potential talent at home and recruit and retain more existing talent from abroad. The United States must move aggressively on both fronts. Congress should pass a National Defense Education Act II to address deficiencies across the American educational system—from K-12 and job reskilling to investing in thousands of undergraduate- and graduate-level fellowships in fields critical to the AI future. At the same time, Congress should pursue a comprehensive immigration strategy for highly skilled immigrants to encourage more AI talent to study, work, and remain in the United States through new incentives and visa, green card, and job-portability reforms.”
MANTECH: DEFEATING CYBERCRIME ON CONTACT
This year, according to analysts, the cost of cybercrime is expected to top $6 trillion. The U.S. government has authorized $17.4 billion for cyber-related activities for the current fiscal year.
ACCIDENTS AND ESCALATION IN A CYBER AGE
Sometimes wars, from small ones to big ones, start with accidents.
Hackers could steal encrypted data now and crack it with quantum computers later, warn analysts
Analysts at Booz Allen Hamilton warn that Chinese espionage efforts could soon focus on encrypted data.
Holiday Time - New CyberAttacks Risks for your Business
The holidays are an opportunity for people to take time off work and enjoy time with family and loved ones. During this period, people’s minds are turned away from work that cybercriminals plan sinister attacks.
The secret Uganda deal that has brought NSO to the brink of collapse
In February 2019, an Israeli woman sat across from the son of Uganda’s president, and made an audacious pitch – would he want to secretly hack any phone in the world?
China regulator suspends cyber security deal with Alibaba Cloud
Chinese regulators on Wednesday suspended an information-sharing partnership with Alibaba Cloud Computing, a subsidiary of e-commerce conglomerate Alibaba Group (9988.HK), over accusations it failed to promptly report and address a cybersecurity vulnerability, according to state-backed media reports.
'Fully weaponized' software bug poses a threat to Minecraft gamers and apps worldwide including Google, Twitter, Netflix, Spotify, Apple iCloud, Uber and Amazon
Experts warn software bug poses a huge threat to internet-connected devices
Update on the Executive Order on Improving the Nation’s Cybersecurity
New executive orders on cybersecurity are always packed with positive-sounding actions with assigned deadlines. The Biden administration’s EO on improving the nation’s cybersecurity came in the wake of the SolarWinds and Colonial Pipeline attacks.
Chinese cyberattack almost shut off power for THREE MILLION Australians in terrifying demonstration of what the belligerent regime could do in wartime
Chinese hackers came within minutes of shutting off power to three million Australian homes but were thwarted at the final hurdle.
Digital Asset Compliance & Risk Management
Monitor, detect and investigate crypto fraud and financial crime
DOD CIO updating cyber reciprocity guidance after audit finds weaknesses
The Department of Defense said it will take steps to strengthen reciprocity guidance for IT systems security authorization after the department’s inspector general found its existing processes to be lacking.
The Law of Neutrality in Cyberspace
This CSS Cyberdefense Report by Sean Cordey and Kevin Kohler provides a historical and technological background to neutrality and a breakdown of the legal debates regarding the application of the law of neutrality in cyberspace.
How to detect the Log4j vulnerability in your applications
A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours?
Inside Intel’s Secret Warehouse in Costa Rica
Chip maker is stockpiling legacy technology for security research, plans to expand facility to house 6,000 pieces of equipment
Cyber-attacks are top concern for Board Directors: McGill
According to a new report from specialist reinsurance broker McGill and Partners, cyber-attacks are the number one concern for Board Directors.
Nearly 600,000 open cybersecurity-related jobs were listed over 12 months
New CyberSeek data reveals that there were 597,767 online job listings for cybersecurity-related positions in the 12 months from October 2020 through September 2021.
FortiGuard Labs Predicts Cyberattacks Aimed at Everything From Crypto Wallets to Satellite Internet
Advanced Persistent Cybercrime Techniques Mean More Destructive Ransomware and Supply Chain Attacks
2021 Alternative Education Pathways Report
Making decisions about jobs and careers means choosing a path for training and education. While most high school graduates choose to attend college every year, there are other options (U.S. Bureau of Labor Statistics, 2021).
Hoax Email Blast Abused Poor Coding in FBI Website
The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.
Kentucky will soon have access to Terabit ethernet — three things to know
Accelecom is launching a Terabit transport service from cities in the western and eastern parts of the state to Louisville and Cincinnati.
SECURING THE DEFENSE INDUSTRIAL BASE
To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base from increasingly frequent and complex cyberattacks.
How We Can Narrow the Talent Shortage in Cybersecurity
Filling crucial roles in cybersecurity and addressing the talent shortage requires rethinking who qualifies as a “cybersecurity professional” and rewriting traditional job descriptions.
H.R.4611 - DHS Software Supply Chain Risk Management Act of 2021
This bill goes into effect 180 days from when it is signed.
Sinclair hit by ransomware attack, TV stations disrupted
Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that data was stolen from its network.
Legal, procurement experts question DoJ plan to sue contractors for cyber reporting failures
Among the flurry of cybersecurity news to come out last week was an announcement by the Department of Justice that it would start using the False Claims Act to go after contractors and recipients of federal grant money who fail to report breaches in a timely manner or knowingly misrepresent their cybersecurity protections.
You don't need a bachelor's degree to land a high-paying job
It’s common knowledge at this point that the more education you have, the more money you’ll make. Studies have shown that, on average, someone with a bachelor’s degree will earn more than someone with an associate degree or a yearlong certificate.
AWS executive predicts shift toward workforce development
After more than a year-and-a-half of state and local government IT agencies racing to respond to the COVID-19 pandemic by dramatically — and often rapidly — scaling up their use of cloud computing, the head of Amazon Web Services’ state, local and education practice said Monday that there’s been a permanent shift in how government is approaching service delivery.
50 Cybersecurity Titles That Every Job Seeker Should Know About
There will be 3.5 million unfilled cybersecurity jobs by the end of 2021 — enough to fill 50 NFL stadiums — according to Cybersecurity Ventures.
How Data-Driven Tech Can Help Higher Ed Elevate Top Skills Amid Job Market Turmoil
As the American economy begins to recover after the pandemic, some trends are imperiling its long-term growth.
Why enterprises are massively subcontracting cybersecurity work
NewtonX market research revealed this week that 56% of organizations surveyed subcontract as much as 25% of their cybersecurity work.
DoD Approved 8570 Baseline Certifications
As an extension of Appendix 3 to the DoD 8570.01-Manual, the following certifications have been approved as IA baseline certifications for the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position category or specialty and level. Refer to Appendix 3 of 8570.01-M for further implementation guidance.
US has already lost AI fight to China, says ex-Pentagon software chief
Nicolas Chaillan speaks of ‘good reason to be angry’ as Beijing heads for ‘global dominance’.
The executive cybersecurity training blues
Rather than letting complacency take its toll on an organization’s bottom line, learning leaders must make it a priority to help business executives understand the value of cybersecurity training. To maximize efficacy, cybersecurity training must be relevant, just in time and personalized.
Securing Cyberspace Requires Addressing Talent Issues
Ransomware and other cyber vulnerabilities have gotten a lot of public attention over the last few months.
Do You Have A Cybersecurity Talent Shortage? Don't Require A Four-Year Degree
These days, college-educated cybersecurity professionals are in high demand and short supply.
U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats
Creation of Joint Cyber Defense Collaborative follows high-profile cyberattacks on U.S. infrastructure
The Cybersecurity 202: The government’s facing a severe shortage of cyber workers when it needs them the most
The government is struggling to hire cybersecurity workers at the same time it is facing an unprecedented slate of hacking threats.
A D for NASA, a C for HUD: Senate report warns agencies unprepared for cyberattacks
Government agencies and major companies, such as Microsoft, have reported intrusions by foreign hackers in Russia and China.
Vice Adm. Robert Sharp: US Needs ‘Steady Stream’ of Geomatics Professionals
Vice Adm. Robert Sharp, director of the National Geospatial-Intelligence Agency (NGA) and a two-time Wash100 Award recipient, said the U.S. should develop the next generation of geomatics scientists, mathematicians and engineers to maintain U.S. national security, support NGA’s Moonshot strategy and safeguard the country’s advantage in the field.
Cybersecurity Chiefs Are in High Demand as Companies Face Rising Hacking Threats
As companies face growing hacking risks, corporate cybersecurity chiefs are earning more money compared with last year, but in many cases are still reporting to IT leaders.
Many companies that previously didn’t have chief information security officers have hired one in the past few years, driving the need for professionals with experience, technical skills and business knowledge, experts say. Security leaders with these qualifications can be difficult to find, which has pushed salaries higher.
IBM: Average Cost of Data Breach Exceeds $4.2 Million
A global study commissioned by IBM Security shows that the average cost of a data breach exceeded $4.2 million during the coronavirus pandemic, which the company pointed out is the highest in the 17-year history of its “Cost of a Data Breach” report.
Security as code: The best (and maybe only) path to securing cloud applications and systems
Existing cybersecurity architectures and operating models break down as companies adopt public-cloud platforms. Why? Almost all breaches in the cloud stem from misconfiguration, rather than from attacks that compromise the underlying cloud infrastructure.
Panning for Litigation Gold in ‘1's' and ‘0's'
Class action firms are seeking a new gold rush of suits through class action complaints alleging online consumer tracking software is wiretapping liability
New Bipartisan Bill Aims to Bolster Federal Cyber Workforce; Sen. Maggie Hassan Quoted
Sen. Maggie Hassan, D-N.H., and John Cornyn, R-Texas, have presented a bill that aims to fortify the federal government’s workforce of cyber professionals. The Federal Cybersecurity Workforce Expansion Act would establish two cyber training programs: one with the Cybersecurity and Infrastructure Security Agency (CISA) and the other with the Department of Veterans Affairs (VA), Hassan’s office said Friday.
Chris h on linkedIn
National Security Agency’s Cybersecurity Directorate Rob Joyce recently made comments regarding technical debt and the need to have legislation around addressing critical gaps in cyber defenses across the public and private sector.
Ex-FBI Official to CEOs: Your New Job Is Chief Risk Officer
Frank Figliuzzi, former FBI assistant director, offers a crash course on protecting your company from ransomware, deep fakes, and other cybersecurity threats.
China Likely Outed Soon For Exchange Hacks
The Biden administration will formally say “in coming weeks” who initiated the widespread Microsoft Exchange server hacks that swept the country earlier this year, Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger said. China is the leading suspect.
Techmeme on twitter
DHS says it’s onboarding about 300 cybersecurity professionals and has extended job offers to 500 more; DHS has more than 2,000 cybersecurity vacancies open (@adamjanofsky / The Record)
https://therecord.media/dhs-adds-hundreds-of-new-cyber-professionals-to-its-ranks/
Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices
Western Digital has published an update that says the company will provide data recovery services starting early next month. My Book Live customers will also be eligible for a trade-in program so they can upgrade to My Cloud devices. A spokeswoman said the data recovery service will be free of charge.
NIST defines 'critical software' under the cyber EO
The Biden administration’s cybersecurity executive order, issued in May, touched off a major effort to exert more control over the content of code that finds its way into government systems and public infrastructure.
Northrop Grumman Building ‘Justified Confidence’ for Integrated Artificial Intelligence Systems
“Justified confidence” in artificial intelligence is more than just new buzzwords. It’s about developing AI systems that are robust, reliable and accountable, and ensuring these attributes can be verified and validated. The National Security Commission on Artificial Intelligence’s (NSCAI) Final Report highlights emerging consensus on the principles for using AI ethically and responsibly for defense and intelligence applications.
CYBER CAPABILITIES AND NATIONAL POWER: A Net Assessment
This report sets out a new methodology for assessing cyber power and then applies it to fifteen nation-states.
Microsoft admits to signing rootkit malware in supply-chain fiasco
Microsoft admits to signing rootkit malware in the supply-chain fiasco. This driver, called “Netfilter,” is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs. G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec. community in tracing and analyzing the malicious drivers bearing the seal of Microsoft. This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft’s code-signing process.
Cyber Talent Shortage Undermines U.S. in Cyber Warfare
But the public and private sectors in the U.S. face a common problem—a chronic shortage of skilled workers. Some 359,000 American jobs remain unfilled, according to a 2020 survey by a cybersecurity training nonprofit called (ISC)2.
79% of Third-Party Libraries in Apps Are Never Updated
Software developers almost never update third-party libraries after including them in a codebase, even though in most cases the libraries can be relatively easily updated without disrupting application functionality, a new study shows.
$12 Billion Government Contractor Booz Allen Facilitates Ransomware Payments—Even Though The FBI Says Never Pay
The consulting firm helps ransomware victims negotiate with hackers will facilitate payments to cybercriminals to reopen breached businesses. The federal government advises against paying, especially when there’s the risk of giving money to America’s adversaries.
Lack of budget and cloud security skills are top obstacles keeping organizations from protecting data in the cloud, according to Netwrix study
Half of CISOs say their organization’s desire for growth and rapid digitalization is detrimental to data security in the cloud.
SEC Brings Charges for Cybersecurity Disclosure Failures
On June 14, 2021, the U.S. Securities and Exchange Commission (SEC or Commission) settled charges against an issuer for disclosure controls and procedures violations relating to a cybersecurity vulnerability that exposed sensitive customer information. The charges, stemming from a violation of Rule 13a-15(a) of the Securities Exchange Act of 1934, resulted in a $487,616 penalty for the issuer.
NSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Systems
NSA released a Cybersecurity Technical Report today that provides best practices and mitigations for securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems. The comprehensive report, “Deploying Secure Unified Communications/Voice and Video over IP Systems,” also describes potential risks to UC/VVoIP systems that aren’t properly secured.
US Congress tees up ambitious cybersecurity agenda in the wake of supply chain, ransomware attacks
Roughly 115 cybersecurity-related bills are working their way through the legislative process, in many cases with bipartisan support.
Christopher Porter on LinkedIn
Ransomware is the AK-47 of cyber weapons: not closely followed during development because it’s not technologically sophisticated or strategic on its own, usable with little training by almost anyone, replicable and shareable, and revolutionary on the battlefield if used correctly.
VW says data breach at vendor impacted 3.3 million people in North America
Volkswagen AG’s (VOWG_p.DE) U.S. unit said a data breach at a vendor impacted more than 3.3 million customers and prospective buyers in North America. Nearly all those impacted were current or potential customers of Audi, one of the German automaker’s luxury brands.
'An eye for an eye': The electric sector's defense will depend on federal government's might, says Southern CEO
The United States electric grid faces a growing set of cyber and physical threats, and the co-chair of the CEO-led Electricity Subsector Coordinating Council (ESCC) wants the electric utility industry to begin considering how a mutual aid approach might be used to “black start” an entire region of the country in the event of a massive blackout.
After years of flat cybersecurity budgets, DoD asks for more money and cyber mission force personnel
The Biden administration on Friday proposed a $10.4 billion cybersecurity budget for the Department of Defense next year and plans to add significantly to the cyber mission force responsible for cyberspace national security.
The world needs a chief risk officer
The world was caught off guard by COVID-19, and millions of people have paid the price. But the pandemic provides an opportunity to rethink the approach to the growing threat from low-probability but high-consequence risks — including the ones we may be inadvertently causing ourselves.
Colonial Pipeline was hacked with SINGLE password to access its systems remotely, experts reveals
Hackers who attacked Colonial Pipeline breached the company’s system using a single password to access its systems remotely. Charles Carmakal, who consulted on the Colonial Pipeline’s attack response, told Bloomberg News on Friday that the password was one used to access the company’s virtual private network (VPN).
Ransomware attacks are closing schools, delaying chemotherapy and derailing everyday life
It can feel abstract: A group of organized but faceless criminals hijacking corporate computer systems and demanding millions of dollars in exchange for their safe return. But the impact of these ransomware attacks is increasingly, unavoidably, real for everyday people.
Forcepoint: 74% of IT leaders shifted funds to cybersecurity post-pandemic
In a survey of 508 global CEOs and CISOs, 90% of respondents said they were adopting, or considering, Secure Access Service Edge (SASE) and 74% had reallocated funds to cybersecurity, said cloud security company Forcepoint. CEOs and CISOs are doubling down on converged security approaches, Forcepoint found.
U.S. has almost 500,000 job openings in cybersecurity
Help wanted: thousands and thousands of people interested in a career in cybersecurity.
There are about 465,000 open positions in cybersecurity nationwide as of May 2021, according to Cyber Seek — a tech job-tracking database from the U.S. Commerce Department — and the trade group CompTIA.
How the DoD can win the great tech race with a new workforce model
Despite innovative initiatives to redesign DoD’s future technology and cyber workforce, the preponderance of its military and civilian personnel structure remains steady, consistent and predictable — all representing a value-based model. Today’s expanding and unpredictable great power competition landscape has much less concern for financial efficiencies, yet more demand for an adaptive and innovative workforce design superior to those who threaten harm to the United States and its national interests.
Cyber threat intelligence sharing across auto industry eyed
The Automotive Security Research Group (ASRG) is gearing up for cyber threat intelligence sharing across the automotive industry, and has partnered with ThreatQuotient to provide the technology platform that serves as a critical tool for automotive companies to strengthen their security practices.
How Defense contractors are preparing for cybersecurity certification
One Defense cybersecurity initiative from the Trump era is gaining steam in the Biden. That would be CMMC, the Cybersecurity Model Maturity Certification Program. In a program with many moving parts, all aimed at making sure Defense contractors can be trusted with controlled, unclassified information.
Colonial Pipeline Accused of Negligence in Proposed Class Action
Colonial Pipeline Co. and its owners acted negligently by employing lax cybersecurity standards that left the company vulnerable to a massive ransomware attack, a proposed Georgia federal court class action alleges.
Infosec experts: Threat landscape is worst in 60 years
Between an increasing sophistication seen in nation-state groups and a rise in ransomware that’s affecting everyone, the threat landscape may be reaching a historic peak.
Department of Defense (DOD) Zero Trust Reference Architecture
Prepared by the Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team
Gen. Paul Nakasone Informs Congress About the Need for More Cyber Warriors
Gen. Paul Nakasone, commander of U.S. Cyber Command, director of the National Security Agency and 2021 Wash100 Award recipient, addressed Congress on Friday about growth of cyber force personnel. He remarked that the cyber domain is a critical part of national security and an increase of personnel is required to protect the nation’s information technology assets. C4ISRNET reported the story on Saturday.
CISA to pilot secure cloud instance in response to SolarWinds attack
The rash of cyber attacks in the last six months is forcing the Cybersecurity and Infrastructure Security Agency to come up with a new way to secure agency cloud instances. CISA will use some of the $650 million it received through the American Rescue Plan to test out these concepts.
Digital Assets and Data Management – Disruption and Transformation
BakerHostetler – 2021 Data Security Incident Response Report
US Government Cybersecurity Challenges and Opportunities
A recent paper by Cynergy Partners titled Cybersecurity Opportunities for the Public and Private Sectors highlights some of the key cybersecurity accomplishments and investments of the Biden administration in the U.S., and lays out recommendations for how to modernize and improve cybersecurity for government agencies, suppliers, as well as private companies that participate in this supply chain.
Senator Proposes Cyber 'Academy' to Attract More to National Service
The nation would benefit from a national academy, similar to the military service academies, for cyber research and operations, a U.S. senator said Wednesday during a hearing on military personnel issues.
The Role of Team Training in Cybersecurity
These days, few things trigger more insecurity than cybersecurity. The threat landscape continues to grow, attack methods become more nefarious and the collateral damage from assaults keeps getting worse.
Security is a People Problem, Training is the Solution
Enterprises Must be Committed to Keeping their IT Security Staff Highly Trained on the Current Threat Landscape and Advanced Approaches to Security.
The New Language Of A Highly Effective Cybersecurity Leader
Every organization is a potential target for a cyberattack. The impact can be devastating, from loss of data and customer trust to significant financial losses. In fact, the overall security environment has become so demanding that there has been a growing focus on developing a new breed of security leaders.
The College Cyber Security Tightrope: Higher Education Institutions Face Greater Risks
Student Internet use is nothing short of the Wild West. Malicious software (malware), phishing, infrastructure attacks, social network targeting, and peer-to-peer (P2P) information leakage are not potential threats; they’re actual, daily issues. And here’s the scary part: when a student’s computer on a college network is compromised, it’s not just the student who pays the price—legally, so does the institution.
Bridging the Cybersecurity Skills Gap as Cyber Risk Increases
The uptick in cyber-attacks during the pandemic is well documented at this point. As ransomware, phishing, insider threats and other types of attacks rise, IT and business leaders are already anticipating an increased need for more cybersecurity professionals. The industry has been dealing with a skills gap for years now, but the silver lining in all of this is that for individuals looking to change careers or reskill, there is a lot of opportunity in cybersecurity.
Fusion Cyber provides 3 unique Cybersecurity Certificate Programs, leveraging a U.S. Department of Homeland Security recognized curriculum and taught by practitioners. See how you can advance and excel in the lucrative Cybersecurity Industry today. Take this survey and see if it’s the right program for you!
