Apr 19 2021

Alarming Cybersecurity Stats: What You Need To Know For 2021

Category: Cyber Attack,Cyber Espionage,Cyber maturity,Cyber resilience,cyber security,Cyber Strategy,Cyber surveillance,Cyber Threats,Cyber War,Cybercrime,Cyberweapons,Information SecurityDISC @ 8:46 am
Cyber Attack A01

The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G,  and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others,  highlighted both the threat and sophistication of those realities.

The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.

To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.

There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.

Top Resources for Cybersecurity Stats:

If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:

 300+ Terrifying Cybercrime and Cybersecurity Statistics & Trends (2021 EDITION) 300+ Terrifying Cybercrime & Cybersecurity Statistics [2021 EDITION] (comparitech.com)·        

The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grant’s Newest Book Should Be Required Reading For Your Company’s Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal

134 Cybersecurity Statistics and Trends for 2021 134 Cybersecurity Statistics and Trends for 2021 | Varonis

 2019/2020 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics  (cybersecurityventures.com)

Source: The State of Cybersecurity Readiness:

Cyber-Security Threats, Actors, and Dynamic Mitigation

Related article:

Top Cyber Security Statistics, Facts & Trends in 2022

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Cybersecurity Stats

Apr 17 2021

Majority of Mobile App Vulnerabilities From Open Source Code

Category: Information Security,Mobile SecurityDISC @ 9:49 am
Majority of Mobile App Vulnerabilities From Open Source Code

COVID-19 has impacted everything over the past year, and mobile app security is no exception. The Synopsys Cybersecurity Research Center (CyRC) took an in-depth look at application security, and discovered just how vulnerable apps that use open source code really are. According to the report, 98% of apps use open source code, and 63% of those apps have at least one known vulnerability.

Open source code is no more or less vulnerable than any other code, Jonathan Knudsen, senior security strategist with Synopsys, was quick to point out in an email interview. The prime security task for any organization that uses open source code is how to manage the code correctly.

“The report underscores, among other things, that managing security vulnerabilities in open source software components is a very real problem,” Knudsen said. The challenge lies in the self-service nature of open source use. With no commercial vendor to push out updates and patches, it then becomes the responsibility of the developers and the business to evaluate and monitor for security risks and come up with a strategy for the inevitable security problems.

Adoption of Open Source

Developers turn to open source because it helps them code 20 to 30 times faster than writing their own from scratch; getting a mobile application into the marketplace quickly is a top priority. This need to move fast has created a dependency on open source. It has also led to the prioritization of development over security in many IT organizations just to remain competitive in the market.

“To stay competitive, software development teams must figure out how to write code quickly, while not sacrificing security to create value and preserve competitive advantage for their organizations,” said Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber. Until that happens, open source will continue to be the go-to code.

Majority of Mobile App Vulnerabilities From Open Source Code

InfoSec Shop

Apr 11 2021

DISC InfoSec shop

Category: Information SecurityDISC @ 10:06 am
DISC InfoSec shop

Apr 07 2021

Security Recommendations 2021: Taking Stock For The Long Term

Category: Information SecurityDISC @ 2:36 pm
Security Recommendations 2021: Taking Stock For The Long Term

Mar 30 2021

Five signs a virtual CISO makes sense for your organization

Category: CISO,Information Security,vCISODISC @ 11:59 am
Five signs a virtual CISO makes sense for your organization

Here are five signs that a virtual CISO may be right for your organization.

1. You have a lot to protect

Companies produce more data than ever, and keeping track of it all is the first step to securing it. A virtual CISO can identify what data needs to be protected and determine the negative impact that compromised data can have, whether that impact is regulatory, financial or reputational.

2. Your organization is complex

Risk increases with employee count, but there are many additional factors that contribute to an organization’s complexity: the number of departments, offices and geographies; how data is used and shared; the distribution of architecture; and the life cycle of applications, data and the technology stack.

A virtual CISO offers an unbiased, objective view, and can sort out the complexity of a company’s IT architecture, applications and services. They can also determine how plans for the future add complexity, identify and account for the corresponding risk, and recommend security measures that will scale to support future demand.

3. Your attack surface is broad

For many organizations, potential vulnerabilities, especially those that share a great deal of data within the organization, may not be obvious at first glance. Virtual CISOs can identify both internal and external threats, determine their probability and quantify the impact they could have on your organization. And at a more granular level, they can determine if those same threats are applicable to competitors, which can help maintain competitiveness within your market.

4. Your industry is highly regulated

Organizations in regulated industries like healthcare, finance, energy/power and insurance will have data that is more valuable, which could make them a bigger target for bad actors. Exposure is even more of a concern due to potential noncompliance. Virtual CISOs bring a wealth of expertise on regulatory standards. They can implement processes to maintain compliance and offer recommendations based on updates to applicable rules and regulations.

5. Your risk tolerance is low

An organization without a great deal of sensitive data may have a much greater tolerance for risk than a healthcare provider or a bank, but an honest assessment is important in determining how much risk each organization should accept. A virtual CISO can coordinate efforts to examine perceived and actual risk, identify critical vulnerabilities and provide a better picture of risk exposure that can inform future decisions.

Cybersecurity is growing more complex, and organizations of all sizes, especially those in regulated industries, require a proven security specialist who can address the aforementioned challenges and ensure that technology and processes are in place to mitigate security risks.

Tags: auditing CISO compliance, CISO, vCISO

Mar 26 2021

Alan Turing’s £50 banknote officially unveiled

Category: cyber security,Information SecurityDISC @ 9:25 am
Alan Turing’s £50 banknote officially unveiled

Regular Naked Security readers will know we’re huge fans of Alan Turing OBE FRS.

He was chosen in 2019 to be the scientist featured on the next issue of the Bank of England’s biggest publicly available banknote, the bullseye, more properly Fifty Pounds Sterling.

(It’s called a bullseye because that’s the tiny, innermost circle on a dartboard, also known as double-25, that’s worth 2×25 = 50 points if you hit it.)

Turing beat out an impressive list of competitors, including STEM visionaries and pioneers such as Mary Denning (first to unravel the paleontological mysteries of what is now known as Dorset’s Jurassic Coast), Rosalind Franklin (who unlocked the structure of DNA before dying young and largely unrecognised), and the nineteenth-century computer hacking duo of Ada Lovelace and Charles Babbage.

The Universal Computing Machine

Turing was the groundbreaking computer scientist who first codified the concept of a “universal computing machine”, way back in 1936.

At that time, and indeed for many years afterwards, all computing devices then in existence could typically solve only one specific variant of one specific problem.

They would need rebuilding, not merely “reinstructing” or “reprogramming”, to take on other problems.

Turing showed, if you will pardon our sweeping simplification, that if you could build a computing device (what we now call a Turing machine) that could perform a certain specific but simple set of fundamental operations, then you could, in theory, program that device to do any sort of computation you wanted.

The device would remain the same; only the input to the device, which Turing called the “tape”, which started off with what we’d now call a “program” encoded onto it, would need to be changed.

So you could program the same device to be an adding machine, a subtracting machine, or a multiplying machine.

You could compute numerical sequences such as mathematical tables to any desired precision or length.

You could even, given enough time, enough space, enough tape and a suitably agreed system of encoding, produce all possible alphabetic sequences of any length…

…and therefore ultimately, like the proverbially infinite number of monkeys working at an infinite number of typewriters, reproduce the complete works of William Shakespeare.

More on: You can extend the halting problem result in important ways for cybersecurity

Tags: Alan Turing

Mar 25 2021

Chrome to Enforce HTTPS Web Protocol (Like It or Not)

Category: Information Security,Web SecurityDISC @ 1:58 pm
Chrome to Enforce HTTPS Web Protocol (Like It or Not)

If you type in securityboulevard.com, Chrome version 90 will send you directly to the secure version of the site. Surprisingly, that’s not what it currently does—instead, Google’s web browser relies on the insecure site to silently redirect you.

That’s slow. And it’s a privacy problem, potentially. This seemingly unimportant change could have a big—if unseen—impact.

So long, cleartext web. In today’s SB Blogwatch, we hardly knew ye.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Making breakfast.

What a Difference an ‘s’ Makes

What’s the craic? Thomas Claburn reports—“Chrome 90 goes HTTPS by default”:

 Lack of security is currently the norm in Chrome. … The same is true in other browsers. … This made sense in the past when most websites had not implemented support for HTTP.

But these days, most of the web pages loaded rely on secure transport. … Among the top 100 websites, 97 of them currently default to HTTPS. [So] when version 90 of Google’s Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection.

Chrome to Enforce HTTPS Web Protocol (Like It or Not)

Tags: HTTPS Web Protocol

Mar 23 2021

Best Practices for Data Hygiene

Category: data security,Information Security,MetadataDISC @ 2:28 pm
5 Data Hygiene Best Practices To Keep Your Data Reliable - Winpure

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also demonstrably improves an organization’s data security effectiveness without significantly increasing IT or information security costs. Most of these actions involve people performing activities that all personnel within an enterprise can take. No specialized tools are typically needed—just some training and ongoing awareness reminders, or periodic use of data management tools.

These actions serve to:

  • limit the amount of data collected to only that which is necessary to support the purposes of the data collection
  • keep data from being modified in unauthorized ways, or accidentally
  • destroy/delete data when it is no longer needed to support the purpose(s) for which it was collected and to meet legal retention requirements
  • prevent access to data to only those entities (devices, individuals, accounts, etc.) that have a business/validated need to access the data
  • not share data with others unless necessary and with the consent of those about whom the data applies, as applicable
  • keep your own personal and business data from being used and posted in ways for which you did not consent or is not necessary to support the purposes for which you originally allowed the data to be collected or derived
  • keep unauthorized entities from accessing data

Source: Best Practices for Data Hygiene

Tags: Data Hygiene

Mar 22 2021

The MITRE Att&CK Framework

Category: Attack Matrix,Information SecurityDISC @ 3:55 pm

A recent article from Gartner states that, “Audit Chiefs Identify IT Governance as Top Risk for 2021.” I agree that IT governance is important but I question how much does the IT governance board understand about the day to day tactical risks such as the current threats and vulnerabilities against a companies attack surface? How are the tactical risks data being reported up to the board? Does the board understand the current state of threats and vulnerabilities or is this critical information being filtered on the way up?

If the concept of hierarchy of needs was extended to cyber security it may help business owners and risk management teams asses how to approach implementing a risk management approach for the business.

There are three key questions to ask:

  1. How confident are you in your organization’s ability to inventory and monitor IT assets? 
  2. How confident are you in your organization’s ability to “detect unauthorized activity”? 
  3. How confident are you in your organization’s ability to identify and respond to true positive incidents within a reasonable time to respond? 
No alt text provided for this image
Source: medium

Layers 1-2 – Inventory and Telemetry – The first two layers are related to asset inventory which is part of the CIS Controls 1-2. How can you defend the vulnerable Windows 2003 server that is still connected to your network at a remote site?

Layers 3-4 – Detection and Triage – These layers are related to a SOC/SIEM/SOAR program which will allow the cyber security team to begin to detect threats through logging and monitoring.

Layers 5-10 – Threats, Behaviors, Hunt, Track, Act – The final layers are threat hunting, tracking and incident response and this is where the MITRE framework is very helpful to identify threats, understand the data sources, build use cases and prepare the incident response playbooks based on real world threat intelligence.

To more about What is the MITRE’s Att&CK Framework? Source: The MITRE Att&CK Framework

Tags: MITRE Att&CK Framework

Mar 21 2021

Dirt Cheap DDoS for Hire, via D/TLS Amplification

Category: DDoS,Information SecurityDISC @ 10:33 pm
Dirt Cheap DDoS for Hire, via D/TLS Amplification

A new way of sending powerful denial of service traffic emerged this week. Malefactors are now misusing servers that talk Datagram Transport Layer Security (D/TLS).

Typified by Cisco’s Netscaler ADC product, before a patch was released in January, some D/TLS servers don’t check for forged requests. That allows scrotes to misuse these high-bandwidth servers to deny internet service to people they want to extort money from.

This possibly includes Sony, whose LittleBigPlanet service has been AWOL for a week. In today’s SB Blogwatch, we ask the question.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: But is it art?

Dirty Deeds: DDoS D/TLS

What’s the craic? Dan Goodin reports in—“~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet”:

 DDoSes are attacks that flood a website or server with more data than it can handle. The result is a denial of service to people trying to connect to the service. As DDoS-mitigation services develop protections … the criminals respond with new ways to make the most of their limited bandwidth.

In so-called amplification attacks, DDoSers send requests of relatively small data sizes to certain types of intermediary servers. … DDoS-for-hire services [are] adopting a new amplification vector … D/TLS, which (as its name suggests) is essentially the Transport Layer Security for UDP data packets.

The biggest D/TLS-based attacks Netscout has observed delivered about 45 Gbps of traffic. The people responsible for the attack combined it with other amplification vectors to achieve a combined size of about 207 Gbps.

Abusable D/TLS servers are the result of misconfigurations or outdated software that causes an anti-spoofing mechanism to be disabled. While the mechanism is built in to the D/TLS specification, hardware including the Citrix Netscaler Application Delivery Controller didn’t always turn it on by default.

Dirt Cheap DDoS for Hire, via D/TLS Amplification

Tags: DDoS D/TLS

Mar 21 2021

Ransomware Payments Jumped 171% In 2020: Report

Category: Information Security,RansomwareDISC @ 10:25 am
Ransomware Payments Jumped 171% in 2020: Report

A new report has emerged stating that average ransomware payments jumped by more than 171% in 2020, suggesting that cybercriminals have benefitted from an extremely lucrative period throughout the pandemic. 

The numbers come from Palo Alto Networks, who noted an 171% increase in ransomware payments from organisations and individuals that had been hit by the malicious software. 

In essence, malicious software like ransomware takes control of a user’s computer, and encrypts the data. This encryption leaves the data on that device locked up, and can only be made accessible again once a password – or decryption tool – is offered by the hacker in question. 

Hackers are happy to make these tools available to their victims, so long as they pay a price. 

According to the report in question, that price has been skyrocketing as cybercriminals look to exploit those impacted by ransomware software that often have sensitive private and corporate information stored on their device. 

That report was published recently after analysing more than 19,000 network sessions, data from more than 250 ransomware leak websites and thanks to information provided by 337 organisations that had been hit by a ransomware attack. 

The Ransomware Threat Report 2021 states that on average, ransoms paid by victims to hackers has increased from USD $115,123 to more than $312,000 in 2020. 

Authors of the report say that they noted the largest ransomware payment paid to hackers had also doubled, from $5 million to more than $10 million. 

Ransomware Payments Jumped 171% In 2020: Report

Mar 19 2021

Serious Security: Mac “XcodeSpy” backdoor takes aim at Xcode devs

Category: App Security,Backdoor,Information SecurityDISC @ 10:11 am
Serious Security: Mac “XcodeSpy” backdoor takes aim at Xcode devs

Remember XcodeGhost?

It was a pirated and malware-tainted version of Apple’s XCode development app that worked in a devious way.

You may be wondering, as we did back in 2015, why anyone would download and use a pirated version of Xcode.app when the official version is available as a free download anyway.

Nevertheless, this redistributed version of Xcode seems to have been popular in China at the time – perhaps simply because it was easier to acquire the “product”, which is a multi-gigabyte download, directly from fast servers inside China.

The hacked version of Xcode would add malware into iOS apps when they were compiled on an infected system, without infecting the source code of the app itself.

The implanted malware was buried in places that looked like Apple-supplied library code, with the result that Apple let many of these booby-trapped apps into the App Store, presumably because the components compiled from the vendor’s own source code were fine.

As we said at the time, “developers with sloppy security practices, such as using illegally-acquired software of unvetted origin for production builds, turned into iOS malware generation factories for the crooks behind XcodeGhost.

As you probably know, this sort of security problem is now commonly known as a supply chain attack, in which a product or service that you assumed you could trust turned out to have had malware inserted along the way.

Meet “XcodeSpy”

Tags: Xcode devs, XcodeSpy

Mar 17 2021

Hackable: How to Do Application Security Right

Category: Hacking,Information SecurityDISC @ 11:00 pm

If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk too.

Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you may be uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or maybe you think you do know, but don’t realize what you’re doing wrong.

To defend against attackers, you must think like them. As a leader of ethical hackers, Ted Harrington helps the world’s foremost companies secure their technology. Hackable teaches you exactly how. You’ll learn how to eradicate security vulnerabilities, establish a threat model, and build security into the development process. You’ll build better, more secure products. You’ll gain a competitive edge, earn trust, and win sales.

Hackable: How to Do Application Security Right

Tags: Hackable

Mar 16 2021

Magecart hackers hide captured credit card data in JPG file

Category: Information SecurityDISC @ 11:46 am
Magecart hackers hide captured credit card data in JPG file
Crooks devised a new method to hide credit card data siphoned from compromised e-stores, experts observed hackers hiding data in JPG files.

Cybercriminals have devised a new method to hide credit card data siphoned from compromised online stores, experts from Sucuri observed Magecart hackers hiding data in JPG files to avoid detection and storing them on the infected site.

The new exfiltration technique was uncovered while investigating a Magecart attack against an e-store running the e-commerce CMS Magento 2.

“A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it was found to encode captured data before saving it to a .JPG file.” reads the post published by Sucuri.

The researchers discovered a PHP code that was found injected to the file ./vendor/magento/module-customer/Model/Session.php. The attackers use the getAuthenticates function to load the rest of the malicious code onto the compromised environment.

The code stored the siphoned data in the image file “pub/media/tmp/design/file/default_luma_logo.jpg,” in this way it is easy to hide, access, and download the stolen information without rising suspicious.

The PHP code injected into the site leverages the Magento function getPostValue to capture the POST data within the checkout page, then the captured POST data is encoded with base64 before the PHP operator ^ is used to XOR the stolen data.

“To successfully capture the POST data, the PHP code needs to use the Magento code framework. It relies on the Magento function getPostValue to capture the checkout page data within the Customer_ POST parameter.” continues the post.

“Using the Magento function isLoggedIn, the PHP code also checks whether the victim that sent the POST request data is logged in as a user. If they do happen to be logged in, it captures the user’s email address.”

Customer_ parameter contains almost all of the information submitted by the victim on the checkout page, including full names and addresses, payment card details, telephone numbers, and user agent details.

Sucuri experts pointed out that captured data could be used for credit card fraud, spam campaigns, or spear-phishing attacks.

“Bad actors are always actively searching for new methods to prevent any detection of their malicious behavior on compromised websites.” concludes the post. “The creative use of the fake .JPG allows an attacker to conceal and store harvested credit card details for future use without gaining too much attention from the website owner.”

Source: Magecart hackers hide captured credit card data in JPG file

Codes, Ciphers, Steganography & Secret Messages

Mar 15 2021

Forget Covid, The Global Elites are Now Warning us About a Cyber Pandemic

Category: Information SecurityDISC @ 10:15 pm
Photo by ThisIsEngineering on Pexels.com

The exercise/event is called “Cyber Polygon” and it will take place this July. It is being sponsored by the WEF (World Economic Forum) and this is what they will focus on during the simulated cyber attack. This is from their website.

“Cyber Polygon 2021 will draw together leading global experts to discuss the key risks posed by digitalisation and share best practices in developing secure ecosystems. During the technical exercise, the participants will practise mitigating a targeted supply chain attack on a corporate ecosystem.”

Also from Technocracy news: Last year, the World Economic Forum teamed up with the Russian government and global banks to run a high-profile cyberattack simulation that targeted the financial industry, an actual event that would pave the way for a “reset” of the global economy. The simulation, named Cyber Polygon, may have been more than a typical planning exercise and bears similarities to the WEF-sponsored pandemic simulation Event 201 that briefly preceded the COVID-19 crisis.

Main Article

Mar 13 2021

Developing a Strong Security Posture in the Era of Remote Work

Category: data security,Email Security,File Security,Information Security,Laptop Security,Linux Security,Mobile Security,Network security,Password Security,Physical SecurityDISC @ 10:08 pm
Developing a Strong Security Posture in the Era of Remote Work

Tags: Remote work

Mar 11 2021

Getting your application security program off the ground

Category: App Security,Information SecurityDISC @ 1:01 pm
Getting your application security program off the ground

“Application security was traditionally very low on CISOs’ priority list but, as the attacks targeting applications increase in frequency, it’s getting more attention,” Eugene Dzihanau, Senior Director of Technology Solutions at EPAM Systems, told Help Net Security.

“The application layer is quickly becoming more exposed to the outside world, drastically increasing the attack surface. Applications are deployed on the public cloud, mobile phones and IoT devices. Also, applications process a lot more data than before, making them a more frequent target of an attack.”

In addition to that, modern applications and tech stacks are evolving and becoming increasingly complex – applications are integrating more external dependencies and are becoming very interconnected through API calls. The increased complexity significantly increase the chance of security issues

“SAST scan results are massive, with very little insight into prioritizing fixes for critical or exploitable vulnerabilities. DAST rarely brings desired results without additional steps; the out of the box crawlers can rarely traverse the modern web applications,” he explained.

“This leaves glaring gaps in the security of deployment pipelines, security defects on the architecture level and third party/open source dependencies checks.”

“SAST scan results are massive, with very little insight into prioritizing fixes for critical or exploitable vulnerabilities. DAST rarely brings desired results without additional steps; the out of the box crawlers can rarely traverse the modern web applications,” he explained.

“This leaves glaring gaps in the security of deployment pipelines, security defects on the architecture level and third party/open source dependencies checks.”

Getting your application security program off the ground

Tags: application security program

Mar 11 2021

Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws

Category: Data Breach,Information SecurityDISC @ 9:15 am
Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws
Hackers attack Norwegian parliament - BBC News

On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild.

The IT giant reported that at least one China-linked APT group, tracked as HAFNIUM, chained these vulnerabilities to access on-premises Exchange servers to access email accounts, and install backdoors to maintain access to victim environments. According to Microsoft, the Hafnium APT exploited these vulnerabilities in targeted attacks against US organizations. 

“The Storting has again been hit by an IT attack. The attack is linked to vulnerabilities in Microsoft Exchange, which affected several businesses.” reads a statement issued by the Storting.

“The Storting does not yet know the full extent of the attack. A number of measures have been implemented in our systems, and the analysis work is ongoing. The Storting has received confirmation that data has been extracted,”

Storting director Marianne Andreassen confirmed that the data breach.

“We know that data has been extracted, but we do not yet have a full overview of the situation. We have implemented comprehensive measures and cannot rule out that it will be implemented further.” said Andreassen.

“The work takes place in collaboration with the security authorities. The situation is currently unclear, and we do not know the full potential for damage.” 

This isn’t the first time that Storting was hit by a cyber attack, in August 2020 the authorities announced that Norway ‘s Parliament was the target of a major attack that allowed hackers to access emails and data of a small number of parliamentary representatives and employees. Norway‘s government blamed Russia for the cyberattack.

Tags: Microsoft Exchange flaws, Norway parliament

Mar 09 2021

How a push to remote work could help fix cybersecurity’s diversity problem

Category: cyber security,Information Security,Security trainingDISC @ 9:56 am

When Rinki Sethi heard that her 7th grade daughter applied to take a technology innovation class as an elective, she was thrilled. Sethi, who joined Twitter in September as its chief information security officer, said one of her passions is getting more young women interested in technology.

But when her daughter found out that she didn’t get into the class, Sethi discovered a troubling statistic: 18 slots for the class went to boys, while only 9 were filled by girls. “I went and sat down with the principal and asked: ‘Why are we turning down girls if that’s what the ratio looks like?’” Sethi recounted Monday at a virtual panel centered around women in cybersecurity. “We need more women to enter this field, and I think that’s the biggest problem—how do we get more women and girls interested.” 

Source: How a push to remote work could help fix cybersecurity’s diversity problem

Tags: cybersecurity’s diversity

Mar 08 2021

Starting your cybersecurity career path: What you need to know to be successful

Category: cyber security,Information Security,Security trainingDISC @ 10:15 pm
Starting your cybersecurity career path: What you need to know to be successful

A comprehensive guide to getting started in cybersecurity

Tags: Cybersecurity Career

« Previous PageNext Page »