Read Time:4 Second
The new rules are designed to improve trust in digital identity solutions
Category Archives: News
Are Ukraine’s drone capabilities being throttled in Russia-Ukraine conflict?
Read Time:31 Second
Chinese drone producer DJI Global has been accused of limiting the capabilities of its AeroScope technology for the Ukrainian army, giving a significant air reconnaissance edge to Russian invaders amid the Russia-Ukraine conflict. The unconfirmed claims were made by a Twitter user on March 10.
Volodymyr Shymanskyy, co-founder of Blynk IoT Platform, made the claims on Twitter. He said his information comes from its working group within the Ukrainian Forces. A DJI spokesperson in the U.S. rebuffed the accusations, stating that a technical problem is responsible for some systems malfunctioning in Ukraine.
Nearly 70% of tested ServiceNow instances leaking data
Read Time:30 Second
A configuration error in the SaaS platform of an S&P 500 company is leaking data on the internet. News of the misconfiguration mistake found in nearly 70% of ServiceNow instances tested was reported Wednesday by AppOmni, a SaaS security provider.
According to AppOmni, the misconfiguration resulted from a combination of customer-managed configurations and over-provisioning of permissions to guest users. ServiceNow has more than 25,000 customers, most of them with 50 to 200 employees and with revenues in the $1 million to $10 million range.
#DSbD: Cybersecurity Advances Must Focus on Building Trust in Technologies
Read Time:5 Second
Cybersecurity must be about growing trust in technologies rather than surveillance and control, argues Prof Adam Joinson
Ukrainian IT Army Hijacked by Info-stealing Malware
Operationalizing a “think like the enemy” strategy
Read Time:39 Second
Security professionals have always been told to “think like the enemy.” This philosophy could start with a series of questions like: How could an adversary gain a foothold in one of our systems? How would they circumvent our security controls? How would they find and exfiltrate our sensitive data? Armed with knowledge about what an adversary would do, security teams could then design countermeasures to impede or even stop the bad guys in the tracks.
Good strategy, but most security professionals don’t have the knowledge or skills to take an adversary’s perspective. CISOs, recognizing the value of thinking like the enemy, have overcome this deficit by conducting penetration testing or red teaming exercises, attacking themselves to test their defenses.
SEC Proposes Four-Day Breach Notification Rules
Vodafone and Mercado Libre Likely Hit by Ransomware Attacks
New: Free Trials for CIS Hardened Images in AWS Marketplace
Read Time:7 Second
CIS now offers free trials for several CIS Hardened Images, pre-configured virtual machine images, in the AWS Marketplace. Try a hardened VM today.
SEC plans four-day cybersecurity breach notification requirement
Read Time:47 Second
The US Securities and Exchange Commission today proposed legal changes that would require publicly traded companies to disclose material cybersecurity incidents within four days of such a breach.
The SEC also wants to require “periodic disclosures” of the impact of ongoing cybersecurity threats in regularly scheduled quarterly 10-Q and annual 10-K reports filed by publicly traded firms, further increasing the mandate for transparency on cybersecurity issues. The more immediate reports disclosing security incidents would be filed in 8-K forms, used for unscheduled disclosures.
The idea is to protect investors by improving their ability to inform themselves about the risks involved in investing in a given company, according to the SEC. Given the severity of the threat posed by bad cybersecurity actors, a breach could have a huge impact on a company’s stock value and line of business, the commission said in a statement.