Press

Nearly 600,000 open cybersecurity-related jobs were listed over 12 months

New CyberSeek data reveals that there were 597,767 online job listings for cybersecurity-related positions in the 12 months from October 2020 through September 2021.

‘Most Severe’ Cyberattack Since Russian Invasion Crashes Ukraine Internet Provider

A “powerful” cyberattack has hit Ukraine’s biggest fixed line telecommunications company, Ukrtelecom.

Pandemic Leaves Firms Scrambling for Cybersecurity Specialists

Companies have trouble retaining workers, with almost two-thirds of business reporting unfilled positions and massive unmet demand for technical cybersecurity professionals, study shows.

FBI: $6.9 billion lost through internet crimes in 2021

FBI: $6.9 billion lost through internet crimes in 2021 Nearly $7 billion was lost through internet crimes in 2021, surpassing a record set in 2020 by about $1.7 billion, according to the FBI’s annual

Okta says hundreds of companies impacted by security breach

Okta says 366 corporate customers, or about 2.5% of its customer base, were impacted by a security breach that allowed hackers to access the company’s internal network.

Emerging Architectures for Modern Data Infrastructure

The growth of the data infrastructure industry has continued unabated since we published a set of reference architectures in late 2020.

New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable

A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks.

Women make up just 24% of the cyber workforce. CISA wants to fix that.

As the race to recruit female talent in STEM continues moving ahead with steady progress, stunning statistics still wrack the cybersecurity sector:

Hackers hit Hood. Dairy shut down milk production this week after ‘cyber security event.

Dairy says plants are ‘getting back up and running’ but N.H. school district warns milk supply could be delayed

Introducing SSH command logging

SSH (Secure Shell Protocol) is an important protocol for managing remote machines.

Biden signs cyber incident reporting bill into law

President Joe Biden on Tuesday signed into law a $1.5 trillion government funding bill that includes legislation mandating critical infrastructure owners report if their organization has been hacked or made a ransomware payment.

Cyber Alert Plan Puts Onus on Businesses to Assess Their Risks

The SEC’s newly proposed deadline for cyber breach reporting ramps up pressure on companies to quickly gauge the business impacts of such events.

How to manage imposter syndrome in cybersecurity

Cybersecurity is often viewed as a highly technical industry.

How Cloudflare verifies the code WhatsApp Web serves to users

How do you know the code your web browser downloads when visiting a website is the code the website intended you to run?

February 2022 Cyber Attacks Statistics

After the cyber attacks timelines (part I and part II), I can publish the statistics of February 2022 derived from the two timelines

Cloudflare to auto-brick servers that go offline in Ukraine, Russia

Cloudflare announced that it is taking drastic measures to protect data of customers in Eastern Europe under current conditions of the Russian invasion of Ukraine.

HOW SOFTWARE IS EATING THE CAR

Predictions of lost global vehicle production caused by the ongoing semiconductor shortage continue to rise.

CISA’s Known Exploited Vulnerabilities Catalog: Breakdown of 95 Newly Released Vulnerabilities

CISA added additional vulnerabilities to the KEV Catalog on March 25, 2022.

Over 620 Million Ransomware Attacks Detected in 2021

Corporate IT teams were faced with a triple-digit (105%) growth in ransomware attacks last year to over 623 million, according to SonicWall.

UKY RMP First Class

Here’s a short video overview of the introduction to the course.

How the U.S. Army Secured Log4j in 24 Hours

The Log4j zero-day tidal wave not only affected large companies like Twitter, Apple, Red Hat, and Splunk; it became a tsunami-like event within the U.S.

Expeditors International Shuts Down Computer Systems After CyberattacK

The logistics giant hasn’t said when it will fully restore operations.

Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless

Theoretically, there is no impediment to adding post-quantum cryptography to any system. But the reality is harder. In the middle of last year, we posed ourselves a big challenge: to change all internal connections at Cloudflare to use post-quantum cryptography.

AN IN-DEPTH LOOK AT THE 23 HIGH-IMPACT VULNERABILITIES

Today, we are announcing the discovery of 23 high-impact vulnerabilities in one of the major Independent BIOS Developers (IBV) software.

New research reveals vicious tactics of ransomware groups

Hackers are increasingly targeting zero day vulnerabilities and supply chain networks for maximum impact.

RANSOMWARE OFTEN HITS INDUSTRIAL SYSTEMS, WITH SIGNIFICANT IMPACT: SURVEY

Ransomware attacks in many cases hit industrial control systems (ICS) or operational technology (OT) environments, and impact is often significant, according to a report published on Thursday by IoT and industrial cybersecurity company Claroty.

ATTACKS, THREATS, and VULNERABILITIES

Cyberattacks continue to extend across Europe, BlackCat ransomware may be involved (Industrial Cyber) Cyberattacks have continued to affect oil transport and storage companies across Europe, as BlackCat …

European Oil Port Terminals Hit by Cyberattack (SecurityWeek) Major oil terminals in some of Western Europe’s biggest ports have fallen victim to a cyberattack.

Oil terminals disrupted after European ports hit by cyberattack (euronews) The hackers disrupted operating systems and prevented some oil tankers from delivering energy …

HOW THE U.S. ARMY SECURED LOG4J IN 24 HOURS

The Log4j zero-day tidal wave not only affected large companies like Twitter, Apple, Red Hat, and Splunk; it became a tsunami-like event within the U.S. Government and the U.S. Army.

Serious Security: Apple Safari leaks private data via database API – what you need to know

Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple’s web browser software.

Fed CIOs Flag Workforce, Cybersecurity as Big Priorities for 2022

This year further brought IT to the forefront of many organizations’ strategies in 2021, but as Federal chief information officers (CIOs) look to 2022, strengthening their agency’s workforce and cybersecurity posture are their big priorities for the year ahead.

DARPA’s New Public Tools Teach AI Developers to Defend Against Attacks

For the military to trust commercially sourced or even internally developed artificial intelligence, the technology will have to be defended. Now developers have a set of open-source tools to learn new defensive techniques and to test their products against simulated attacks.

Huawei Risks - A Government Security Review

Huawei Technologies Co. Ltd., a Chinese multinational company, has steadily grown to become the largest telecommunications equipment vendor in the world. Huawei’s global revenues have been recorded at over $100 billion globally.

Raspberry Pi Detects Malware Using Electromagnetic Waves

Researchers take antivirus support to the next level with the Raspberry Pi.

Don't copy-paste commands from webpages — you can get hacked

Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal are warned they risk having their system compromised.

FinalSite discloses ransomware attack that crippled websites for 8,000 schools

A ransomware attack on FinalSite, a cloud-based web hosting provider specialized in school and educational websites, has crippled the school portals and web services of more than 8,000 schools across more than 110 countries.

Cybersecurity Trends: 25% of Law Firms Have Been Breached

Here’s what else the ABA’s data tells us — and what’s concerning — about law firm cybersecurity trends.

The Complete List Of Hacker And Cybersecurity Movies

You can learn a lot about cybercrime by watching these flicks

What do your devices know about you?

Whether it’s a computer on your desk or a phone in your pocket, your devices retain a lot of personal data. And all of that information may be vulnerable to cybercriminals.

The Urgent Need For Cybersecurity To Diversify

It’s estimated that the number of cybersecurity jobs will grow by around 31% until 2029, which is seven times faster than the national average. This growth is in large part a response to the huge pressure organizations are under in the face of a surge in cyberattacks during the Covid pandemic.

Five Cybersecurity Themes to Look Out For

Each December, security experts like to predict which themes will be prominent in the coming year. Such predictions often focus on which attacks will happen more frequently or which vendor solutions are more likely to be successful.

Op-Ed: Cybersecurity, the new pillar of business

Cybersecurity can sometimes be treated as an afterthought. However, with the recent surge in ransomware and cyberattacks, it’s coming to light just how important it truly is. Everyone understands why finance, operations, management, etc. are non-negotiable to an organization, but where does cybersecurity fit?

National Security Commission on Artificial Intelligence

“Scale up digital talent in government. National security agencies need more digital experts now or they will remain unprepared to buy, build, and use AI and associated technologies. The talent deficit in DoD and the IC represents the greatest impediment to being AI-ready by 2025. The government needs new talent pipelines, including a U.S. Digital Service Academy to train current and future employees. It needs a civilian National Digital Reserve Corps to recruit people with the right skills—including industry experts, academics, and recent college graduates. And it needs a Digital Corps, modeled on the Army Medical Corps, to organize technologists already serving in government.

…Win the global talent competition. The United States risks losing the global competition for scarce AI expertise if it does not cultivate more potential talent at home and recruit and retain more existing talent from abroad. The United States must move aggressively on both fronts. Congress should pass a National Defense Education Act II to address deficiencies across the American educational system—from K-12 and job reskilling to investing in thousands of undergraduate- and graduate-level fellowships in fields critical to the AI future. At the same time, Congress should pursue a comprehensive immigration strategy for highly skilled immigrants to encourage more AI talent to study, work, and remain in the United States through new incentives and visa, green card, and job-portability reforms.”

MANTECH: DEFEATING CYBERCRIME ON CONTACT

This year, according to analysts, the cost of cybercrime is expected to top $6 trillion. The U.S. government has authorized $17.4 billion for cyber-related activities for the current fiscal year.

ACCIDENTS AND ESCALATION IN A CYBER AGE

Sometimes wars, from small ones to big ones, start with accidents. 

Hackers could steal encrypted data now and crack it with quantum computers later, warn analysts

Analysts at Booz Allen Hamilton warn that Chinese espionage efforts could soon focus on encrypted data.

Holiday Time - New CyberAttacks Risks for your Business

The holidays are an opportunity for people to take time off work and enjoy time with family and loved ones. During this period, people’s minds are turned away from work that cybercriminals plan sinister attacks. 

Alert (AA21-356A)

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

The secret Uganda deal that has brought NSO to the brink of collapse

In February 2019, an Israeli woman sat across from the son of Uganda’s president, and made an audacious pitch – would he want to secretly hack any phone in the world?

China regulator suspends cyber security deal with Alibaba Cloud

Chinese regulators on Wednesday suspended an information-sharing partnership with Alibaba Cloud Computing, a subsidiary of e-commerce conglomerate Alibaba Group (9988.HK), over accusations it failed to promptly report and address a cybersecurity vulnerability, according to state-backed media reports.

'Fully weaponized' software bug poses a threat to Minecraft gamers and apps worldwide including Google, Twitter, Netflix, Spotify, Apple iCloud, Uber and Amazon

Experts warn software bug poses a huge threat to internet-connected devices 

Update on the Executive Order on Improving the Nation’s Cybersecurity

New executive orders on cybersecurity are always packed with positive-sounding actions with assigned deadlines. The Biden administration’s EO on improving the nation’s cybersecurity came in the wake of the SolarWinds and Colonial Pipeline attacks.

Chinese cyberattack almost shut off power for THREE MILLION Australians in terrifying demonstration of what the belligerent regime could do in wartime

Chinese hackers came within minutes of shutting off power to three million Australian homes but were thwarted at the final hurdle.

Digital Asset Compliance & Risk Management

Monitor, detect and investigate crypto fraud and financial crime

DOD CIO updating cyber reciprocity guidance after audit finds weaknesses

The Department of Defense said it will take steps to strengthen reciprocity guidance for IT systems security authorization after the department’s inspector general found its existing processes to be lacking.

The Law of Neutrality in Cyberspace

This CSS Cyberdefense Report by Sean Cordey and Kevin Kohler provides a historical and technological background to neutrality and a breakdown of the legal debates regarding the application of the law of neutrality in cyberspace.

How to detect the Log4j vulnerability in your applications

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours?

Inside Intel’s Secret Warehouse in Costa Rica

Chip maker is stockpiling legacy technology for security research, plans to expand facility to house 6,000 pieces of equipment

Cyber-attacks are top concern for Board Directors: McGill

According to a new report from specialist reinsurance broker McGill and Partners, cyber-attacks are the number one concern for Board Directors.

Nearly 600,000 open cybersecurity-related jobs were listed over 12 months

New CyberSeek data reveals that there were 597,767 online job listings for cybersecurity-related positions in the 12 months from October 2020 through September 2021.

FortiGuard Labs Predicts Cyberattacks Aimed at Everything From Crypto Wallets to Satellite Internet

Advanced Persistent Cybercrime Techniques Mean More Destructive Ransomware and Supply Chain Attacks

2021 Alternative Education Pathways Report

Making decisions about jobs and careers means choosing a path for training and education. While most high school graduates choose to attend college every year, there are other options (U.S. Bureau of Labor Statistics, 2021).

Hoax Email Blast Abused Poor Coding in FBI Website

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Kentucky will soon have access to Terabit ethernet — three things to know

Accelecom is launching a Terabit transport service from cities in the western and eastern parts of the state to Louisville and Cincinnati.

SECURING THE DEFENSE INDUSTRIAL BASE

To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base from increasingly frequent and complex cyberattacks.

How We Can Narrow the Talent Shortage in Cybersecurity

Filling crucial roles in cybersecurity and addressing the talent shortage requires rethinking who qualifies as a “cybersecurity professional” and rewriting traditional job descriptions.

H.R.4611 - DHS Software Supply Chain Risk Management Act of 2021

This bill goes into effect 180 days from when it is signed.

Sinclair hit by ransomware attack, TV stations disrupted

Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that data was stolen from its network.

Legal, procurement experts question DoJ plan to sue contractors for cyber reporting failures

Among the flurry of cybersecurity news to come out last week was an announcement by the Department of Justice that it would start using the False Claims Act to go after contractors and recipients of federal grant money who fail to report breaches in a timely manner or knowingly misrepresent their cybersecurity protections.

You don't need a bachelor's degree to land a high-paying job

It’s common knowledge at this point that the more education you have, the more money you’ll make. Studies have shown that, on average, someone with a bachelor’s degree will earn more than someone with an associate degree or a yearlong certificate.

AWS executive predicts shift toward workforce development

After more than a year-and-a-half of state and local government IT agencies racing to respond to the COVID-19 pandemic by dramatically — and often rapidly — scaling up their use of cloud computing, the head of Amazon Web Services’ state, local and education practice said Monday that there’s been a permanent shift in how government is approaching service delivery.

50 Cybersecurity Titles That Every Job Seeker Should Know About

There will be 3.5 million unfilled cybersecurity jobs by the end of 2021 — enough to fill 50 NFL stadiums — according to Cybersecurity Ventures.

How Data-Driven Tech Can Help Higher Ed Elevate Top Skills Amid Job Market Turmoil

As the American economy begins to recover after the pandemic, some trends are imperiling its long-term growth.

Why enterprises are massively subcontracting cybersecurity work

NewtonX market research revealed this week that 56% of organizations surveyed subcontract as much as 25% of their cybersecurity work.

DoD Approved 8570 Baseline Certifications

As an extension of Appendix 3 to the DoD 8570.01-Manual, the following certifications have been approved as IA baseline certifications for the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position category or specialty and level. Refer to Appendix 3 of 8570.01-M for further implementation guidance.

US has already lost AI fight to China, says ex-Pentagon software chief

Nicolas Chaillan speaks of ‘good reason to be angry’ as Beijing heads for ‘global dominance’.

The executive cybersecurity training blues

Rather than letting complacency take its toll on an organization’s bottom line, learning leaders must make it a priority to help business executives understand the value of cybersecurity training. To maximize efficacy, cybersecurity training must be relevant, just in time and personalized.

Securing Cyberspace Requires Addressing Talent Issues

Ransomware and other cyber vulnerabilities have gotten a lot of public attention over the last few months. 

Do You Have A Cybersecurity Talent Shortage? Don't Require A Four-Year Degree

These days, college-educated cybersecurity professionals are in high demand and short supply.

U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats

Creation of Joint Cyber Defense Collaborative follows high-profile cyberattacks on U.S. infrastructure

The Cybersecurity 202: The government’s facing a severe shortage of cyber workers when it needs them the most

The government is struggling to hire cybersecurity workers at the same time it is facing an unprecedented slate of hacking threats.

A D for NASA, a C for HUD: Senate report warns agencies unprepared for cyberattacks

Government agencies and major companies, such as Microsoft, have reported intrusions by foreign hackers in Russia and China.

Vice Adm. Robert Sharp: US Needs ‘Steady Stream’ of Geomatics Professionals

Vice Adm. Robert Sharp, director of the National Geospatial-Intelligence Agency (NGA) and a two-time Wash100 Award recipient, said the U.S. should develop the next generation of geomatics scientists, mathematicians and engineers to maintain U.S. national security, support NGA’s Moonshot strategy and safeguard the country’s advantage in the field.

Cybersecurity Chiefs Are in High Demand as Companies Face Rising Hacking Threats

As companies face growing hacking risks, corporate cybersecurity chiefs are earning more money compared with last year, but in many cases are still reporting to IT leaders.

Many companies that previously didn’t have chief information security officers have hired one in the past few years, driving the need for professionals with experience, technical skills and business knowledge, experts say. Security leaders with these qualifications can be difficult to find, which has pushed salaries higher.

IBM: Average Cost of Data Breach Exceeds $4.2 Million

A global study commissioned by IBM Security shows that the average cost of a data breach exceeded $4.2 million during the coronavirus pandemic, which the company pointed out is the highest in the 17-year history of its “Cost of a Data Breach” report.

Security as code: The best (and maybe only) path to securing cloud applications and systems

Existing cybersecurity architectures and operating models break down as companies adopt public-cloud platforms. Why? Almost all breaches in the cloud stem from misconfiguration, rather than from attacks that compromise the underlying cloud infrastructure.

Panning for Litigation Gold in ‘1's' and ‘0's'

Class action firms are seeking a new gold rush of suits through class action complaints alleging online consumer tracking software is wiretapping liability

New Bipartisan Bill Aims to Bolster Federal Cyber Workforce; Sen. Maggie Hassan Quoted

Sen. Maggie Hassan, D-N.H., and John Cornyn, R-Texas, have presented a bill that aims to fortify the federal government’s workforce of cyber professionals. The Federal Cybersecurity Workforce Expansion Act would establish two cyber training programs: one with the Cybersecurity and Infrastructure Security Agency (CISA) and the other with the Department of Veterans Affairs (VA), Hassan’s office said Friday.

Chris h on linkedIn

National Security Agency’s Cybersecurity Directorate Rob Joyce recently made comments regarding technical debt and the need to have legislation around addressing critical gaps in cyber defenses across the public and private sector.

Ex-FBI Official to CEOs: Your New Job Is Chief Risk Officer

Frank Figliuzzi, former FBI assistant director, offers a crash course on protecting your company from ransomware, deep fakes, and other cybersecurity threats.

China Likely Outed Soon For Exchange Hacks

The Biden administration will formally say “in coming weeks” who initiated the widespread Microsoft Exchange server hacks that swept the country earlier this year, Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger said. China is the leading suspect.

Techmeme on twitter

DHS says it’s onboarding about 300 cybersecurity professionals and has extended job offers to 500 more; DHS has more than 2,000 cybersecurity vacancies open (@adamjanofsky / The Record)

https://therecord.media/dhs-adds-hundreds-of-new-cyber-professionals-to-its-ranks/

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices

Western Digital has published an update that says the company will provide data recovery services starting early next month. My Book Live customers will also be eligible for a trade-in program so they can upgrade to My Cloud devices. A spokeswoman said the data recovery service will be free of charge.

NIST defines 'critical software' under the cyber EO

The Biden administration’s cybersecurity executive order, issued in May, touched off a major effort to exert more control over the content of code that finds its way into government systems and public infrastructure.

Northrop Grumman Building ‘Justified Confidence’ for Integrated Artificial Intelligence Systems

“Justified confidence” in artificial intelligence is more than just new buzzwords. It’s about developing AI systems that are robust, reliable and accountable, and ensuring these attributes can be verified and validated. The National Security Commission on Artificial Intelligence’s (NSCAI) Final Report highlights emerging consensus on the principles for using AI ethically and responsibly for defense and intelligence applications.

CYBER CAPABILITIES AND NATIONAL POWER: A Net Assessment

This report sets out a new methodology for assessing cyber power and then applies it to fifteen nation-states.

Microsoft admits to signing rootkit malware in supply-chain fiasco

Microsoft admits to signing rootkit malware in the supply-chain fiasco. This driver, called “Netfilter,” is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs. G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec. community in tracing and analyzing the malicious drivers bearing the seal of Microsoft. This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft’s code-signing process.

Cyber Talent Shortage Undermines U.S. in Cyber Warfare

But the public and private sectors in the U.S. face a common problem—a chronic shortage of skilled workers. Some 359,000 American jobs remain unfilled, according to a 2020 survey by a cybersecurity training nonprofit called (ISC)2.

79% of Third-Party Libraries in Apps Are Never Updated

Software developers almost never update third-party libraries after including them in a codebase, even though in most cases the libraries can be relatively easily updated without disrupting application functionality, a new study shows.

$12 Billion Government Contractor Booz Allen Facilitates Ransomware Payments—Even Though The FBI Says Never Pay

The consulting firm helps ransomware victims negotiate with hackers will facilitate payments to cybercriminals to reopen breached businesses. The federal government advises against paying, especially when there’s the risk of giving money to America’s adversaries.

Lack of budget and cloud security skills are top obstacles keeping organizations from protecting data in the cloud, according to Netwrix study

Half of CISOs say their organization’s desire for growth and rapid digitalization is detrimental to data security in the cloud.

SEC Brings Charges for Cybersecurity Disclosure Failures

On June 14, 2021, the U.S. Securities and Exchange Commission (SEC or Commission) settled charges against an issuer for disclosure controls and procedures violations relating to a cybersecurity vulnerability that exposed sensitive customer information. The charges, stemming from a violation of Rule 13a-15(a) of the Securities Exchange Act of 1934, resulted in a $487,616 penalty for the issuer.

NSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Systems

NSA released a Cybersecurity Technical Report today that provides best practices and mitigations for securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems. The comprehensive report, “Deploying Secure Unified Communications/Voice and Video over IP Systems,” also describes potential risks to UC/VVoIP systems that aren’t properly secured.

US Congress tees up ambitious cybersecurity agenda in the wake of supply chain, ransomware attacks

Roughly 115 cybersecurity-related bills are working their way through the legislative process, in many cases with bipartisan support.

Christopher Porter on LinkedIn

Ransomware is the AK-47 of cyber weapons: not closely followed during development because it’s not technologically sophisticated or strategic on its own, usable with little training by almost anyone, replicable and shareable, and revolutionary on the battlefield if used correctly.

VW says data breach at vendor impacted 3.3 million people in North America

Volkswagen AG’s (VOWG_p.DE) U.S. unit said a data breach at a vendor impacted more than 3.3 million customers and prospective buyers in North America. Nearly all those impacted were current or potential customers of Audi, one of the German automaker’s luxury brands.

'An eye for an eye': The electric sector's defense will depend on federal government's might, says Southern CEO

The United States electric grid faces a growing set of cyber and physical threats, and the co-chair of the CEO-led Electricity Subsector Coordinating Council (ESCC) wants the electric utility industry to begin considering how a mutual aid approach might be used to “black start” an entire region of the country in the event of a massive blackout.

After years of flat cybersecurity budgets, DoD asks for more money and cyber mission force personnel

The Biden administration on Friday proposed a $10.4 billion cybersecurity budget for the Department of Defense next year and plans to add significantly to the cyber mission force responsible for cyberspace national security.

The world needs a chief risk officer

The world was caught off guard by COVID-19, and millions of people have paid the price. But the pandemic provides an opportunity to rethink the approach to the growing threat from low-probability but high-consequence risks — including the ones we may be inadvertently causing ourselves.

Colonial Pipeline was hacked with SINGLE password to access its systems remotely, experts reveals

Hackers who attacked Colonial Pipeline breached the company’s system using a single password to access its systems remotely. Charles Carmakal, who consulted on the Colonial Pipeline’s attack response, told Bloomberg News on Friday that the password was one used to access the company’s virtual private network (VPN).

Ransomware attacks are closing schools, delaying chemotherapy and derailing everyday life

It can feel abstract: A group of organized but faceless criminals hijacking corporate computer systems and demanding millions of dollars in exchange for their safe return. But the impact of these ransomware attacks is increasingly, unavoidably, real for everyday people.

Forcepoint: 74% of IT leaders shifted funds to cybersecurity post-pandemic

In a survey of 508 global CEOs and CISOs, 90% of respondents said they were adopting, or considering, Secure Access Service Edge (SASE) and 74% had reallocated funds to cybersecurity, said cloud security company Forcepoint. CEOs and CISOs are doubling down on converged security approaches, Forcepoint found.

U.S. has almost 500,000 job openings in cybersecurity

Help wanted: thousands and thousands of people interested in a career in cybersecurity.

There are about 465,000 open positions in cybersecurity nationwide as of May 2021, according to Cyber Seek — a tech job-tracking database from the U.S. Commerce Department — and the trade group CompTIA.

How the DoD can win the great tech race with a new workforce model

Despite innovative initiatives to redesign DoD’s future technology and cyber workforce, the preponderance of its military and civilian personnel structure remains steady, consistent and predictable — all representing a value-based model. Today’s expanding and unpredictable great power competition landscape has much less concern for financial efficiencies, yet more demand for an adaptive and innovative workforce design superior to those who threaten harm to the United States and its national interests.

Cyber threat intelligence sharing across auto industry eyed

The Automotive Security Research Group (ASRG) is gearing up for cyber threat intelligence sharing across the automotive industry, and has partnered with ThreatQuotient to provide the technology platform that serves as a critical tool for automotive companies to strengthen their security practices.

How Defense contractors are preparing for cybersecurity certification

One Defense cybersecurity initiative from the Trump era is gaining steam in the Biden. That would be CMMC, the Cybersecurity Model Maturity Certification Program. In a program with many moving parts, all aimed at making sure Defense contractors can be trusted with controlled, unclassified information.

Colonial Pipeline Accused of Negligence in Proposed Class Action

Colonial Pipeline Co. and its owners acted negligently by employing lax cybersecurity standards that left the company vulnerable to a massive ransomware attack, a proposed Georgia federal court class action alleges.

Infosec experts: Threat landscape is worst in 60 years

Between an increasing sophistication seen in nation-state groups and a rise in ransomware that’s affecting everyone, the threat landscape may be reaching a historic peak.

Department of Defense (DOD) Zero Trust Reference Architecture

Prepared by the Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team

Gen. Paul Nakasone Informs Congress About the Need for More Cyber Warriors

Gen. Paul Nakasone, commander of U.S. Cyber Command, director of the National Security Agency and 2021 Wash100 Award recipient, addressed Congress on Friday about growth of cyber force personnel. He remarked that the cyber domain is a critical part of national security and an increase of personnel is required to protect the nation’s information technology assets. C4ISRNET reported the story on Saturday.

CISA to pilot secure cloud instance in response to SolarWinds attack

The rash of cyber attacks in the last six months is forcing the Cybersecurity and Infrastructure Security Agency to come up with a new way to secure agency cloud instances. CISA will use some of the $650 million it received through the American Rescue Plan to test out these concepts.

Digital Assets and Data Management – Disruption and Transformation

BakerHostetler – 2021 Data Security Incident Response Report

US Government Cybersecurity Challenges and Opportunities

A recent paper by Cynergy Partners titled Cybersecurity Opportunities for the Public and Private Sectors highlights some of the key cybersecurity accomplishments and investments of the Biden administration in the U.S., and lays out recommendations for how to modernize and improve cybersecurity for government agencies, suppliers, as well as private companies that participate in this supply chain.

Senator Proposes Cyber 'Academy' to Attract More to National Service

The nation would benefit from a national academy, similar to the military service academies, for cyber research and operations, a U.S. senator said Wednesday during a hearing on military personnel issues.

The Role of Team Training in Cybersecurity

These days, few things trigger more insecurity than cybersecurity. The threat landscape continues to grow, attack methods become more nefarious and the collateral damage from assaults keeps getting worse.

Security is a People Problem, Training is the Solution

Enterprises Must be Committed to Keeping their IT Security Staff Highly Trained on the Current Threat Landscape and Advanced Approaches to Security.

The New Language Of A Highly Effective Cybersecurity Leader

Every organization is a potential target for a cyberattack. The impact can be devastating, from loss of data and customer trust to significant financial losses. In fact, the overall security environment has become so demanding that there has been a growing focus on developing a new breed of security leaders.

The College Cyber Security Tightrope: Higher Education Institutions Face Greater Risks

Student Internet use is nothing short of the Wild West. Malicious software (malware), phishing, infrastructure attacks, social network targeting, and peer-to-peer (P2P) information leakage are not potential threats; they’re actual, daily issues. And here’s the scary part: when a student’s computer on a college network is compromised, it’s not just the student who pays the price—legally, so does the institution.

Bridging the Cybersecurity Skills Gap as Cyber Risk Increases

The uptick in cyber-attacks during the pandemic is well documented at this point. As ransomware, phishing, insider threats and other types of attacks rise, IT and business leaders are already anticipating an increased need for more cybersecurity professionals. The industry has been dealing with a skills gap for years now, but the silver lining in all of this is that for individuals looking to change careers or reskill, there is a lot of opportunity in cybersecurity.

LET’S ACCELERATE YOUR CAREER

Fusion Cyber provides 3 unique Cybersecurity Certificate Programs, leveraging a U.S. Department of Homeland Security recognized curriculum and taught by practitioners. See how you can advance and excel in the lucrative Cybersecurity Industry today. Take this survey and see if it’s the right program for you!

Fusion Cyber uses Accessibility Checker to monitor our website's accessibility.