Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Transatlantic Cable ...

 News

In this special episode of the Transatlantic Cable Podcast, we engage in a thoughtful conversation with guests Genie Gan and Ekaterina Burdova about the pivotal topic of Women in Technology, coinciding with the celebration of International Womens Day. Throughout the episode, we delve into various aspects of empowering   show more ...

women in STEM fields, touching on strategies for governmental and academic institutions to foster greater female participation, community-driven initiatives aimed at providing support and encouragement, and corporate measures to promote gender diversity and create inclusive workplaces. Additionally, the discussion explores the influence of media representation, citing examples like The Queens Gambit and its impact on shaping perceptions of female protagonists in male-dominated spheres. Emphasizing the significance of representation for aspiring female leaders, the guests also discuss ways to serve as role models for young girls interested in pursuing careers in technology. Furthermore, the conversation highlights the importance of mentoring programs in womens professional development, as well as the challenges and strategies for maintaining a healthy work-life-family-education balance. Ultimately, the episode aims to challenge myths surrounding women in tech and inspire meaningful change within the industry. If you liked what you heard, please consider subscribing.

image for A Close Up Look at t ...

 Breadcrumbs

If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the co-founders of Radaris   show more ...

operate multiple Russian-language dating services and affiliate programs. It also appears many of their businesses have ties to a California marketing firm that works with a Russian state-run media conglomerate currently sanctioned by the U.S. government. Formed in 2009, Radaris is a vast people-search network for finding data on individuals, properties, phone numbers, businesses and addresses. Search for any American’s name in Google and the chances are excellent that a listing for them at Radaris.com will show up prominently in the results. Radaris reports typically bundle a substantial amount of data scraped from public and court documents, including any current or previous addresses and phone numbers, known email addresses and registered domain names. The reports also list address and phone records for the target’s known relatives and associates. Such information could be useful if you were trying to determine the maiden name of someone’s mother, or successfully answer a range of other knowledge-based authentication questions. Currently, consumer reports advertised for sale at Radaris.com are being fulfilled by a different people-search company called TruthFinder. But Radaris also operates a number of other people-search properties — like Centeda.com — that sell consumer reports directly and behave almost identically to TruthFinder: That is, reel the visitor in with promises of detailed background reports on people, and then charge a $34.99 monthly subscription fee just to view the results. The Better Business Bureau (BBB) assigns Radaris a rating of “F” for consistently ignoring consumers seeking to have their information removed from Radaris’ various online properties. Of the 159 complaints detailed there in the last year, several were from people who had used third-party identity protection services to have their information removed from Radaris, only to receive a notice a few months later that their Radaris record had been restored. What’s more, Radaris’ automated process for requesting the removal of your information requires signing up for an account, potentially providing more information about yourself that the company didn’t already have (see screenshot above). Radaris has not responded to requests for comment. Radaris, TruthFinder and others like them all force users to agree that their reports will not be used to evaluate someone’s eligibility for credit, or a new apartment or job. This language is so prominent in people-search reports because selling reports for those purposes would classify these firms as consumer reporting agencies (CRAs) and expose them to regulations under the Fair Credit Reporting Act (FCRA). These data brokers do not want to be treated as CRAs, and for this reason their people search reports typically do not include detailed credit histories, financial information, or full Social Security Numbers (Radaris reports include the first six digits of one’s SSN). But in September 2023, the U.S. Federal Trade Commission found that TruthFinder and another people-search service Instant Checkmate were trying to have it both ways. The FTC levied a $5.8 million penalty against the companies for allegedly acting as CRAs because they assembled and compiled information on consumers into background reports that were marketed and sold for employment and tenant screening purposes. An excerpt from the FTC’s complaint against TruthFinder and Instant Checkmate. The FTC also found TruthFinder and Instant Checkmate deceived users about background report accuracy. The FTC alleges these companies made millions from their monthly subscriptions using push notifications and marketing emails that claimed that the subject of a background report had a criminal or arrest record, when the record was merely a traffic ticket. “All the while, the companies touted the accuracy of their reports in online ads and other promotional materials, claiming that their reports contain “the MOST ACCURATE information available to the public,” the FTC noted. The FTC says, however, that all the information used in their background reports is obtained from third parties that expressly disclaim that the information is accurate, and that TruthFinder and Instant Checkmate take no steps to verify the accuracy of the information. The FTC said both companies deceived customers by providing “Remove” and “Flag as Inaccurate” buttons that did not work as advertised. Rather, the “Remove” button removed the disputed information only from the report as displayed to that customer; however, the same item of information remained visible to other customers who searched for the same person. The FTC also said that when a customer flagged an item in the background report as inaccurate, the companies never took any steps to investigate those claims, to modify the reports, or to flag to other customers that the information had been disputed. WHO IS RADARIS? According to Radaris’ profile at the investor website Pitchbook.com, the company’s founder and “co-chief executive officer” is a Massachusetts resident named Gary Norden, also known as Gary Nard. An analysis of email addresses known to have been used by Mr. Norden shows he is a native Russian man whose real name is Igor Lybarsky (also spelled Lubarsky). Igor’s brother Dmitry, who goes by “Dan,” appears to be the other co-CEO of Radaris. Dmitry Lybarsky’s Facebook/Meta account says he was born in March 1963. The Lybarsky brothers Dmitry or “Dan” (left) and Igor a.k.a. “Gary,” in an undated photo. Indirectly or directly, the Lybarskys own multiple properties in both Sherborn and Wellesley, Mass. However, the Radaris website is operated by an offshore entity called Bitseller Expert Ltd, which is incorporated in Cyprus. Neither Lybarsky brother responded to requests for comment. A review of the domain names registered by Gary Norden shows that beginning in the early 2000s, he and Dan built an e-commerce empire by marketing prepaid calling cards and VOIP services to Russian expatriates who are living in the United States and seeking an affordable way to stay in touch with loved ones back home. A Sherborn, Mass. property owned by Barsky Real Estate Trust and Dmitry Lybarsky. In 2012, the main company in charge of providing those calling services — Wellesley Hills, Mass-based Unipoint Technology Inc. — was fined $179,000 by the U.S. Federal Communications Commission, which said Unipoint never applied for a license to provide international telecommunications services. DomainTools.com shows the email address gnard@unipointtech.com is tied to 137 domains, including radaris.com. DomainTools also shows that the email addresses used by Gary Norden for more than two decades — epop@comby.com, gary@barksy.com and gary1@eprofit.com, among others — appear in WHOIS registration records for an entire fleet of people-search websites, including: centeda.com, virtory.com, clubset.com, kworld.com, newenglandfacts.com, and pub360.com. Still more people-search platforms tied to Gary Norden– like publicreports.com and arrestfacts.com — currently funnel interested customers to third-party search companies, such as TruthFinder and PersonTrust.com. The email addresses used by Gary Nard/Gary Norden are also connected to a slew of data broker websites that sell reports on businesses, real estate holdings, and professionals, including bizstanding.com, homemetry.com, trustoria.com, homeflock.com, rehold.com, difive.com and projectlab.com. AFFILIATE & ADULT Domain records indicate that Gary and Dan for many years operated a now-defunct pay-per-click affiliate advertising network called affiliate.ru. That entity used domain name servers tied to the aforementioned domains comby.com and eprofit.com, as did radaris.ru. A machine-translated version of Affiliate.ru, a Russian-language site that advertised hundreds of money making affiliate programs, including the Comfi.com prepaid calling card affiliate. Comby.com used to be a Russian language social media network that looked a great deal like Facebook. The domain now forwards visitors to Privet.ru (“hello” in Russian), a dating site that claims to have 5 million users. Privet.ru says it belongs to a company called Dating Factory, which lists offices in Switzerland. Privet.ru uses the Gary Norden domain eprofit.com for its domain name servers. Dating Factory’s website says it sells “powerful dating technology” to help customers create unique or niche dating websites. A review of the sample images available on the Dating Factory homepage suggests the term “dating” in this context refers to adult websites. Dating Factory also operates a community called FacebookOfSex, as well as the domain analslappers.com. RUSSIAN AMERICA Email addresses for the Comby and Eprofit domains indicate Gary Norden operates an entity in Wellesley Hills, Mass. called RussianAmerican Holding Inc. (russianamerica.com). This organization is listed as the owner of the domain newyork.ru, which is a site dedicated to orienting newcomers from Russia to the Big Apple. Newyork.ru’s terms of service refer to an international calling card company called ComFi Inc. (comfi.com) and list an address as PO Box 81362 Wellesley Hills, Ma. Other sites that include this address are russianamerica.com, russianboston.com, russianchicago.com, russianla.com, russiansanfran.com, russianmiami.com, russiancleveland.com and russianseattle.com (currently offline). ComFi is tied to Comfibook.com, which was a search aggregator website that collected and published data from many online and offline sources, including phone directories, social networks, online photo albums, and public records. The current website for russianamerica.com. Note the ad in the bottom left corner of this image for Channel One, a Russian state-owned media firm that is currently sanctioned by the U.S. government. AMERICAN RUSSIAN MEDIA Many of the U.S. city-specific online properties apparently tied to Gary Norden include phone numbers on their contact pages for a pair of Russian media and advertising firms based in southern California. The phone number 323-874-8211 appears on the websites russianla.com, russiasanfran.com, and rosconcert.com, which sells tickets to theater events performed in Russian. Historic domain registration records from DomainTools show rosconcert.com was registered in 2003 to Unipoint Technologies — the same company fined by the FCC for not having a license. Rosconcert.com also lists the phone number 818-377-2101. A phone number just a few digits away — 323-874-8205 — appears as a point of contact on newyork.ru, russianmiami.com, russiancleveland.com, and russianchicago.com. A search in Google shows this 82xx number range — and the 818-377-2101 number — belong to two different entities at the same UPS Store mailbox in Tarzana, Calif: American Russian Media Inc. (armediacorp.com), and Lamedia.biz. Armediacorp.com is the home of FACT Magazine, a glossy Russian-language publication put out jointly by the American-Russian Business Council, the Hollywood Chamber of Commerce, and the West Hollywood Chamber of Commerce. Lamedia.biz says it is an international media organization with more than 25 years of experience within the Russian-speaking community on the West Coast. The site advertises FACT Magazine and the Russian state-owned media outlet Channel One. Clicking the Channel One link on the homepage shows Lamedia.biz offers to submit advertising spots that can be shown to Channel One viewers. The price for a basic ad is listed at $500. In May 2022, the U.S. government levied financial sanctions against Channel One that bar US companies or citizens from doing business with the company. The website of lamedia.biz offers to sell advertising on two Russian state-owned media firms currently sanctioned by the U.S. government. LEGAL ACTIONS AGAINST RADARIS In 2014, a group of people sued Radaris in a class-action lawsuit claiming the company’s practices violated the Fair Credit Reporting Act. Court records indicate the defendants never showed up in court to dispute the claims, and as a result the judge eventually awarded the plaintiffs a default judgement and ordered the company to pay $7.5 million. But the plaintiffs in that civil case had a difficult time collecting on the court’s ruling. In response, the court ordered the radaris.com domain name (~9.4M monthly visitors) to be handed over to the plaintiffs. However, in 2018 Radaris was able to reclaim their domain on a technicality. Attorneys for the company argued that their clients were never named as defendants in the original lawsuit, and so their domain could not legally be taken away from them in a civil judgment. “Because our clients were never named as parties to the litigation, and were never served in the litigation, the taking of their property without due process is a violation of their rights,” Radaris’ attorneys argued. In October 2023, an Illinois resident filed a class-action lawsuit against Radaris for allegedly using people’s names for commercial purposes, in violation of the Illinois Right of Publicity Act. On Feb. 8, 2024, a company called Atlas Data Privacy Corp. sued Radaris LLC for allegedly violating “Daniel’s Law,” a statute that allows New Jersey law enforcement, government personnel, judges and their families to have their information completely removed from people-search services and commercial data brokers. Atlas has filed at least 140 similar Daniel’s Law complaints against data brokers recently. Daniel’s Law was enacted in response to the death of 20-year-old Daniel Anderl, who was killed in a violent attack targeting a federal judge (his mother). In July 2020, a disgruntled attorney who had appeared before U.S. District Judge Esther Salas disguised himself as a Fedex driver, went to her home and shot and killed her son (the judge was unharmed and the assailant killed himself). Earlier this month, The Record reported on Atlas Data Privacy’s lawsuit against LexisNexis Risk Data Management, in which the plaintiffs representing thousands of law enforcement personnel in New Jersey alleged that after they asked for their information to remain private, the data broker retaliated against them by freezing their credit and falsely reporting them as identity theft victims. Another data broker sued by Atlas Data Privacy — pogodata.com — announced on Mar. 1 that it was likely shutting down because of the lawsuit. “The matter is far from resolved but your response motivates us to try to bring back most of the names while preserving redaction of the 17,000 or so clients of the redaction company,” the company wrote. “While little consolation, we are not alone in the suit – the privacy company sued 140 property-data sites at the same time as PogoData.” Atlas says their goal is convince more states to pass similar laws, and to extend those protections to other groups such as teachers, healthcare personnel and social workers. Meanwhile, media law experts say they’re concerned that enacting Daniel’s Law in other states would limit the ability of journalists to hold public officials accountable, and allow authorities to pursue criminals charges against media outlets that publish the same type of public and governments records that fuel the people-search industry. PEOPLE-SEARCH CARVE-OUTS There are some pending changes to the US legal and regulatory landscape that could soon reshape large swaths of the data broker industry. But experts say it is unlikely that any of these changes will affect people-search companies like Radaris. On Feb. 28, 2024, the White House issued an executive order that directs the U.S. Department of Justice (DOJ) to create regulations that would prevent data brokers from selling or transferring abroad certain data types deemed too sensitive, including genomic and biometric data, geolocation and financial data, as well as other as-yet unspecified personal identifiers. The DOJ this week published a list of more than 100 questions it is seeking answers to regarding the data broker industry. In August 2023, the Consumer Financial Protection Bureau (CFPB) announced it was undertaking new rulemaking related to data brokers. Justin Sherman, an adjunct professor at Duke University, said neither the CFPB nor White House rulemaking will likely address people-search brokers because these companies typically get their information by scouring federal, state and local government records. Those government files include voting registries, property filings, marriage certificates, motor vehicle records, criminal records, court documents, death records, professional licenses, bankruptcy filings, and more. “These dossiers contain everything from individuals’ names, addresses, and family information to data about finances, criminal justice system history, and home and vehicle purchases,” Sherman wrote in an October 2023 article for Lawfare. “People search websites’ business pitch boils down to the fact that they have done the work of compiling data, digitizing it, and linking it to specific people so that it can be searched online.” Sherman said while there are ongoing debates about whether people search data brokers have legal responsibilities to the people about whom they gather and sell data, the sources of this information — public records — are completely carved out from every single state consumer privacy law. “Consumer privacy laws in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia all contain highly similar or completely identical carve-outs for ‘publicly available information’ or government records,” Sherman wrote. “Tennessee’s consumer data privacy law, for example, stipulates that “personal information,” a cornerstone of the legislation, does not include ‘publicly available information,’ defined as: “…information that is lawfully made available through federal, state, or local government records, or information that a business has a reasonable basis to believe is lawfully made available to the general public through widely distributed media, by the consumer, or by a person to whom the consumer has disclosed the information, unless the consumer has restricted the information to a specific audience.” Sherman said this is the same language as the carve-out in the California privacy regime, which is often held up as the national leader in state privacy regulations. He said with a limited set of exceptions for survivors of stalking and domestic violence, even under California’s newly passed Delete Act — which creates a centralized mechanism for consumers to ask some third-party data brokers to delete their information — consumers across the board cannot exercise these rights when it comes to data scraped from property filings, marriage certificates, and public court documents, for example. “With some very narrow exceptions, it’s either extremely difficult or impossible to compel these companies to remove your information from their sites,” Sherman told KrebsOnSecurity. “Even in states like California, every single consumer privacy law in the country completely exempts publicly available information.” Below is a mind map that helped KrebsOnSecurity track relationships between and among the various organizations named in the story above: A mind map of various entities apparently tied to Radaris and the company’s co-founders. Click to enlarge.

image for Breaking Codes and G ...

 Features

In a recent homage to Women’s History Month, the US Cyber Command cast a spotlight on Judy Parsons and the unsung heroines of World War II, known as the “Code Girls.” Their story, deeply interwoven with the theme of International Women’s Day 2024, #InspireInclusion, serves as a reminder of the   show more ...

pivotal role women have historically played in keeping the world safer. This tribute not only honors their legacy but also bridges the past with the present, showcasing the continuum of women’s contributions to cybersecurity. During the throes of World War II, a group of remarkable women, including Judy Parsons, were instrumental in the Allied forces’ intelligence efforts, breaking ciphers and providing crucial information that led to the sinking of 95 German U-boats. These women, meticulously selected from the Seven Sister colleges for their exceptional skills in mathematics, languages, and sciences, were America’s original ethical hackers. Yet, for decades, their contributions remained veiled in secrecy, their stories untold, and their achievements unrecognized. The Code Girls: A Closer Look The story of the Code Girls begins in 1941, when mysterious letters arrived in the mailboxes of select students at the Seven Sister colleges. These letters, which would change the course of their lives, invited them to meetings where they were asked if they enjoyed crossword puzzles or had wedding plans. Unbeknownst to these women, they were being recruited for a top-secret mission that would leverage their unmatched skills in a bid to serve their country in an unprecedented way. These women were about to become part of a covert operation, breaking the codes and ciphers of the Axis powers. Working in secrecy, they embarked on a challenge that was as intellectually demanding as it was crucial to the Allied war effort. Their achievements, including the breaking of codes that led to significant naval victories, were monumental. Yet, the recognition of their contributions was delayed for decades, their stories untold, and their achievements unrecognized until recent years. The comparison of the Code Girls to their counterparts at Bletchley Park, including Alan Turing, and the acknowledgment of their similar achievements in breaking complex codes, serves to elevate their status in the annals of history. Despite facing bureaucratic rivalries and administrative sexism, these women persevered, showcasing their prodigious intellect and dedication to their work. Liza Mundy’s book, “Code Girls: The Untold Story of the American Women Code Breakers of World War II,” provides a detailed account of their efforts and the challenges they faced. The book’s revelations about the volume of intercepted and decoded messages, and the strategic impact of their work, offer a glimpse into the critical role these women played in the war effort. The notion of the Code Girls as America’s first ethical hackers and the modern-day equivalents of the intellectual women of the 18th century, the bluestockings, is a compelling comparison. It highlights the continuity of women’s contributions to intellectual and security fields, despite societal expectations that often sought to limit their roles. The reflections of Ann Caracristi on the nature of the work and the fulfillment it brought underscore the personal impact of this service on the women involved. Their transition back to civilian life, with many unable to continue in high-level positions, points to the broader societal challenges faced by women at the time. Bridging the Past and Present The narrative of the Code Girls is not merely a historical recount but a testament to the intellectual and innovative prowess of women in the realm of cybersecurity. Despite facing bureaucratic hurdles and administrative sexism, these women persevered, deciphering complex codes and creating deceptive intel to mislead enemy forces. Their work laid the foundational stones for modern cybersecurity practices and underscored the indispensable role of women in the field. Fast forward to today, the landscape of cybersecurity continues to evolve, with women like Tayse Orlovas, Director of Security & Resilience at Kyndryl, and Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4 Africa, at the forefront. Their journeys, akin to those of the Code Girls, are marked by innovation, resilience, and a profound passion for cybersecurity. Tayse Orlovas, with three decades of experience in Information Technology, offers a unique perspective on the role of women in cybersecurity. “As a woman in STEM, my journey has been about overcoming doubts and leveraging my strengths to make a meaningful impact in the field of Information/Cyber Security,” Orlovas shares. Her insights into the qualities that women bring to cybersecurity—passion, optimism, organization, empathy, and collaboration—echo the theme of #InspireInclusion. Orlovas emphasizes that these traits are not just beneficial but essential for success in cybersecurity, a field that thrives on diverse perspectives and innovative problem-solving. Anna Collard’s journey from doodling cartoons to becoming a cybersecurity leader is equally inspiring. Collard’s transition into the tech world was marked by a blend of creativity and determination. “I was driven by imposter syndrome to work as hard as I could and keep on studying in order to keep up with my mostly male engineering colleagues,” Collard recalls in one of her columns in The Cyber Express. Her innovative approach to cybersecurity education, combining her love for cartoons with her expertise in the field, highlights the diverse pathways into cybersecurity and the importance of creative thinking in developing effective security solutions. Both Orlovas and Collard emphasize the importance of inclusion and diversity in driving innovation and effectiveness in cybersecurity. Their stories, along with those of the Code Girls, serve as a powerful reminder of the contributions women have made—and continue to make—in the field. As we celebrate International Women’s Day 2024 under the theme #InspireInclusion, it’s crucial to recognize and honor the achievements of women in cybersecurity, from the pioneers of the past to the leaders of today. The legacy of the Code Girls, coupled with the contributions of women like Tayse Orlovas and Anna Collard, illustrates the transformative power of inclusion in cybersecurity. Their stories not only celebrate the past achievements of women in the field but also highlight the ongoing need for diversity and inclusion in shaping the future of cybersecurity. As the cybersecurity landscape continues to evolve, the stories of these remarkable women serve as a beacon, inspiring future generations to pursue careers in tech and cybersecurity. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Shattering the Glass ...

 Firewall Daily

In the fast-paced world of cybersecurity, diversity isn’t just a buzzword; it’s a necessity for success. Yet, the door to this vital sector remains disproportionately closed to women. Despite the commendable efforts of organizations like ICMCP, WiCyS, WoSEC, and The Diana Initiative, women comprise a mere   show more ...

25 percent of the cybersecurity workforce. This glaring gap not only hampers our ability to tackle the growing threats in cyberspace but also stifles the innovation that thrives on diverse perspectives. With the industry facing an acute shortage of skilled professionals, the need to embrace a wider talent pool has never been more urgent. Beyond filling immediate roles, fostering gender diversity is essential for nurturing healthy competition and advancing towards true gender equality. The World Economic Forum’s Global Gender Gap Report 2023 highlights the magnitude of the challenge ahead. While more women STEM graduates are entering the job market each year, the transition from university to the workplace reveals a concerning trend. Despite comprising 29.4% of entry-level positions, women experience a notable decline in representation as they climb the corporate ladder. In top-tier leadership roles like Vice Presidents and C-suite executives, female representation dwindles to 17.8% and 12.4%, respectively. In the field of artificial intelligence (AI), although there has been a significant increase in talent availability overall, with a six-fold surge between 2016 and 2022, progress in women representation remains sluggish. Currently, women make up approximately 30% of the AI workforce, marking a modest 4 percentage point increase from 2016. Furthermore, another report by WeAreTechWomen highlights that the disparity in female representation extends beyond entry-level roles. Only 17% of Fortune 500 Chief Information Security Officers (CISOs) are women, this translates to only 85 out of 500 CISO positions being held by women, exacerbating the gender gap across all levels of the industry hierarchy. Bridging the gender gap in cybersecurity, and in all sectors, is a marathon, not a sprint, requiring dedication and continuous effort across generations As we celebrate International Women’s Day under the banner of “Inspire Inclusion,” let’s embark on a journey together. Let’s unveil practical strategies to empower and embolden women to claim their rightful place in the cybersecurity space. 7 Strategies to Encourage Women in Cybersecurity Careers To encourage more women to pursue careers in cybersecurity, various strategies and initiatives have been implemented, focusing on areas such as networking, mentorship, education, and professional development. Networking events, conferences, and online communities tailored to women in cybersecurity provide invaluable platforms for building connections, sharing knowledge, and exploring career opportunities.  This International Women’s Day, where we celebrate the success of women globally and also promote accelerating gender parity, The Cyber Express brings 7 strategies to encourage women’s participation in cybersecurity careers, fostering a better culture in the industry. Mentorship Programs Mentorship programs have emerged as powerful tools for guiding and inspiring women as they traverse their career paths in cybersecurity. By connecting aspiring professionals with experienced mentors who can offer guidance and support, these programs help women overcome challenges and gain confidence in their abilities. Mentorship programs can be structured to facilitate regular one-on-one meetings between mentors and mentees, providing a safe space for mentees to seek advice, discuss challenges, and set career goals.  Mentors, ideally experienced women leaders in cybersecurity, offer not just professional guidance but also share insights on understanding workplace dynamics, managing work-life balance, and building confidence.  Additionally, mentorship programs may include group sessions, networking events, and skill-building workshops to foster a sense of community among participants and facilitate knowledge exchange. Awareness Campaigns Effective awareness campaigns leverage various media channels, including social media, industry conferences, webinars, and online forums, to showcase the accomplishments and diverse experiences of women in cybersecurity. There are many women in cybersecurity today who stand as an inspiration to individuals who want to pursue the same career option.  By collaborating with these cybersecurity women, these campaigns can go beyond highlighting individual success stories; they also shed light on systemic challenges faced by women in the industry and advocate for meaningful change.  Collaborations with influencers, industry associations, and educational institutions amplify the campaign’s reach and impact, sparking important conversations and challenging stereotypes about gender roles in technology fields. Workplace Diversity Initiatives Effective workplace diversity initiatives require a multifaceted approach that addresses recruitment, retention, promotion, and leadership development.  This may involve implementing blind recruitment processes to mitigate unconscious biases, establishing affinity groups or employee resource groups for women in cybersecurity to foster a sense of belonging, and conducting regular diversity and inclusion training for all employees to promote awareness and cultural sensitivity. Furthermore, leadership buy-in and accountability mechanisms are crucial for driving systemic changes and holding organizations accountable for creating equitable and inclusive work environments. Community Building Communities tailored to women in cybersecurity can take various forms, including online forums, social media groups, local meetups, professional associations, and virtual mentorship platforms. These communities provide opportunities for women to connect with like-minded peers, share insights and best practices, and access resources such as job postings, training opportunities, and mentorship programs. Collaborations with industry partners, educational institutions, and non-profit organizations can enhance the scalability and sustainability of these communities, ensuring that women have access to ongoing support and networking opportunities throughout their careers. Outreach Programs Outreach programs targeting young girls aim to introduce them to cybersecurity concepts in a fun, engaging, and accessible manner. Though there are various methods to achieve a higher success rate with this method, some solid tried-and-tested methods are organizing interactive workshops, hackathons, coding camps, and STEM fairs where girls can learn about cybersecurity through hands-on activities and real-world examples. Additionally, partnerships with schools, libraries, and community centers can facilitate the delivery of educational resources and curriculum materials that incorporate cybersecurity topics into existing STEM programs. By sparking early interest and curiosity in cybersecurity, these outreach programs help bridge the gender gap in technology fields and cultivate the next generation of female cybersecurity professionals. Flexible Work Policies Flexible work policies should be designed to accommodate the diverse needs and preferences of women in cybersecurity, recognizing that individuals may have different circumstances and priorities throughout their careers. This could involve offering options such as flexible scheduling, compressed workweeks, telecommuting, or job-sharing arrangements. Furthermore, organizations can implement technology solutions to facilitate remote collaboration and communication, ensuring that employees can effectively perform their roles regardless of their physical location.  Flexible work policies not only support work-life balance but also promote inclusivity by accommodating employees with caregiving responsibilities, disabilities, or other personal commitments. Recognition and Awards Recognition programs and awards ceremonies play a crucial role in celebrating the achievements and contributions of women in cybersecurity, thereby raising awareness of their talent and expertise within the industry and beyond. These initiatives can honor women at various career stages, from emerging leaders to seasoned professionals, across different domains of cybersecurity, including technical, managerial, and research roles. By highlighting diverse role models and success stories, recognition programs inspire other women to pursue careers in cybersecurity and encourage organizations to prioritize gender diversity and inclusion as strategic priorities. Additionally, recognition can help combat imposter syndrome and reinforce the value of women’s contributions to the field, fostering a culture of appreciation and support. Conclusion Looking ahead, organizations must track and evaluate the effectiveness of their diversity efforts to ensure long-term success. By measuring recruitment and retention outcomes and identifying areas for improvement, organizations can refine their strategies and sustain diversity initiatives over time. Moreover, providing support for women re-entering the workforce or transitioning into cybersecurity careers can help bridge skills gaps and cultivate a more diverse talent pool. Promoting women’s participation in cybersecurity is not only a matter of workforce diversity but also a strategic imperative for the industry’s future success. By implementing targeted strategies and initiatives to attract, retain, and empower women in cybersecurity roles, organizations can unlock new opportunities for innovation, growth, and excellence in the field. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Incident Response, Learnings

Former Google engineer Linwei Ding has been charged with stealing trade secrets related to artificial intelligence (AI) and supercomputing data centres while secretly working for Chinese companies.

 Security Products & Services

Tazama is an open-source platform that offers scalable and cost-effective solutions for fraud management in digital payment systems, aiming to democratize access to advanced financial monitoring tools.

 Security Tips and Advice

The NSA and CISA have issued five joint bulletins outlining best practices for securing cloud environments, covering identity and access management, key management, encryption, data security, and mitigating risks from managed service providers.

 Trends, Reports, Analysis

According to the latest Internet Crime Complaint Center (IC3) annual report, digital crimes reported to the FBI in 2023 resulted in potential monetary losses of over $12.5 billion, marking a 22 percent increase from the previous year.

 Trends, Reports, Analysis

Adversaries can exploit AI-powered applications to manipulate information, create harmful content, and develop deep fake media, posing significant risks to organizations.

 Feed

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a   show more ...

stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

 Feed

Ubuntu Security Notice 6680-2 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was   show more ...

discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6686-1 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in   show more ...

the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6685-1 - It was discovered that mqtt-client incorrectly handled memory while parsing malformed MQTT frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6684-1 - It was discovered that ncurses incorrectly handled certain function return values, possibly leading to segmentation fault. A local attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6682-1 - ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. It was discovered that Puma incorrectly handled parsing certain headers. A   show more ...

remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS.

 Feed

Ubuntu Security Notice 6683-1 - It was discovered that HtmlCleaner incorrectly handled certain html documents. An attacker could possibly use this issue to cause a denial of service via application crash.

 Feed

Ladder versions 0.0.1 through 0.0.21 fail to apply sufficient default restrictions on destination addresses, allowing an attacker to make GET requests to addresses that would typically not be accessible from an external context. An attacker can access private address ranges, locally listening services, and cloud instance metadata APIs.

 Features

By Zinet Kemal, Associate Cloud Security Engineer, Best Buy The cybersecurity space, as dynamic and challenging as it is, has been witnessing a gradual but significant change – the rising influence of women in its ranks. When I took the plunge into this field in late 2017, it was like stepping into a world where   show more ...

women were just a ripple in a vast ocean, making up 14% inching up from 11% of the industry’s workforce. Fast forward to today, and that ripple has become more noticeable, with women representing around 25% of the cybersecurity workforce. It’s a shift, yes, but let’s be clear: we’re not there yet.  The recent surge to nearly a quarter of representation is heartening, but it’s not the full picture. The industry has been hit by a workforce gap that’s not just 3.4 million as we know it but 4 million, exacerbated by recent cutbacks and layoffs as per a recent ISC2 report. This begs the question: how has this impacted women in cybersecurity? What about women from underrepresented groups? The truth is, it’s a mixed bag. On one hand, there’s the optimism that women in cybersecurity is projected to grow to 30% by 2025. On the other, there’s the stark reality that we’re still far from where we need to be.  Cybersecurity, at its core, thrives on diverse perspectives and innovative problem-solving approaches. The need for women in this field isn’t just about hitting a quota or balancing ratios; it’s about enriching the industry with diverse insights and experiences. Women, with their unique perspectives, are instrumental in driving innovation and contributing to problem-solving in ways that homogeneity simply cannot.  Women’s involvement brings to the table different life experiences, viewpoints, and creativity – aspects essential for tackling complex, ever-evolving cybersecurity challenges. The inclusion of women, particularly those from underrepresented backgrounds such as Black communities, stands not as a mere act of equity but as a strategic imperative for the industry.  What Can We Do to Ensure That Cybersecurity Isn’t Missing Out?  Targeted initiatives can spark interest in young girls at an early age. These efforts and programs aim not just to open doors but to pave new pathways for the youth who might not have seen cybersecurity as a viable career option. This is also why I published ‘Oh, No …Hacked Again! and ‘See Yourself in Cybersecurity’ to educate children not only about the importance of online safety but creating exposure and introducing them to cybersecurity careers.  The power of mentorship cannot be overstated, by pairing emerging talents with seasoned professionals. We’re not just transferring knowledge; we’re also building confidence and breaking down the invisible barriers that often deter women from advancing in the field.  I am also big on building personal brand and networking opportunities tailored for women and underrepresented groups to serve as both a support system and a professional springboard. This is also why I created a LinkedIn Learning Course on Build Your Brand in Cybersecurity for both aspiring and seasoned cybersecurity professionals.  Moreover, fostering an environment that champions professional development that ensures that once talent is in the door, it has every opportunity to grow, lead, and innovate.  The voices of women in cybersecurity need amplification, not just within their organizations but across the industry. Advocating for and highlighting successes, and ensuring women are visible in leadership roles, paying them what their skill worth, speaking engagements, and in the media, sends a powerful message about the value of diversity in cybersecurity.  We need to continue pushing the boundaries, breaking stereotypes, and paving the way for more women to enter and thrive in this field. The industry desperately needs this infusion of more women and diversity of thought to continue growing, innovating, and effectively securing our world.  Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a complete

 Feed

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF

 Feed

Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed "large company" to connect to their infrastructure. While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink have been used by adversaries to their advantage, the development marks the first QEMU that has been

 Feed

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. “This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated

 Feed

In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's   show more ...

dispense with the pleasantries; this isn't a simple 'set it and forget it' scenario. It's

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations’ online infrastructure. Today, we’re very happy to welcome Germany as the 35th   show more ...

country to use this service, courtesy of their CERTBund department. This access now […] La entrada Welcoming the German Government to Have I Been Pwned – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By John A. Smith, CSO, Conversant Group If data is the new oil, this holds especially true for law firms as they are wholly dependent on the information they store and maintain regarding their clients. Further, law firms have a fiduciary responsibility to   show more ...

protect this sensitive information regarding cases […] La entrada Do You Know Where Your Data Is? How Law Firms Can Protect Their Most Valuable Asset – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Carl Cadregari, Executive Vice President, FoxPointe Solutions Regardless of the industry in which they operate, organizations have likely witnessed the wave of destructive MOVEit breaches sweeping the globe during recent months. As a result, many   show more ...

organizations may be left wondering what they need to understand about the MOVEit […] La entrada Building a Secure Data-Protection Infrastructure to Protect against the MOVEit Hack – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Tim Ward, Chief Strategy Officer, XConnect Robocalls are relentlessly targeting consumers and causing mistrust for the telecom industry as a whole. This is a problem that is accelerating as bad actors take advantage of generative Artificial   show more ...

intelligence (AI) to carry out more believable scams. According to Juniper Research, […] La entrada AI and the Next Wave of Robocalls: Protecting Carriers and Consumers from Sophisticated Voice Fraud – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: NSFOCUS The year 2023 witnessed a dynamic and complex cybersecurity landscape, with various security incidents, vulnerabilities, and trends emerging and evolving. Today, we released the 2023 Annual Security Incident Observation Report, based on our security incident data   show more ...

recorded in 2023. This report provides a summary of the security incidents, the security […] La entrada What Happened in Cybersecurity in 2023: A Summary of Security Incidents, Vulnerability Information, and Cybersecurity Trends – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 API security

Source: securityboulevard.com – Author: Jaweed Metz Government bodies are clamping down heavily on institutions and organizations that handle sensitive customer data. For APIs, tokens are used to authenticate users. We live in an era dominated by cloud-native and cloud-first solutions that rely on these   show more ...

services to provide dynamic data storage capabilities and overall computing  capabilities  […] La entrada Top 4 Essential Strategies for Securing APIs To Block Compromised Tokens – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Best Practices

Source: securityboulevard.com – Author: cyberwire San Francisco, Calif., Mar. 7, 2024 — Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today launched a new Partner Program and welcomed Identity Data Management and Analytics provider Radiant Logic as its newest partner.   show more ...

Radiant Logic joins Badge’s partner network alongside marquee identity partners, Okta and Ping Identity. […] La entrada News alert: Badge expands availability of ‘Enroll Once and Authenticate on Any Device’ software – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Cofense Malicious email threats bypassing all secure email gateways (SEGs) on the market increased over 100% in the past year.   How do we know? Because we stop thousands of phishing threats bypassing our customers’ SEGs every day.  The email threat landscape is   show more ...

constantly evolving which makes it difficult to stay […] La entrada Annual State of Email Security by the Numbers – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Pierre Noujeim SOAR solutions create a centralized queue of all incidents going on in a security team’s environment. Endpoint, SIEM, email, behavior, and network alerts are all collected inside of a holistic SOAR solution. As such, SOAR analytics are a unique way to   show more ...

understand your overall security environment and what threats […] La entrada The 10 Most Common MITRE Tactics & Techniques of 2023 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Security Bloggers Network  Home » Security Bloggers Network » USENIX Security ’23 – Daniel W. Woods, Rainer Böhme, Josephine Wolff, Daniel Schwarcz – Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys by Marc   show more ...

Handelman on March 7, 2024 Many thanks to USENIX for publishing […] La entrada USENIX Security ’23 – Daniel W. Woods, Rainer Böhme, Josephine Wolff, Daniel Schwarcz – Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 adversary emulation

Source: securityboulevard.com – Author: Francis Guibernau On February 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) notified the revision of the Cybersecurity Advisory (AA23-353A) which detailed additional Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs)   show more ...

identified through FBI investigations as recently as February 2024. This CSA is part of CISA’s ongoing #StopRansomware […] La entrada Response to the Revised CISA Advisory (AA23-353A): #StopRansomware: ALPHV BlackCat – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 academic papers

Source: www.schneier.com – Author: Bruce Schneier Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy   show more ...

is the “compound instruction attack,” as […] La entrada A Taxonomy of Prompt Injection Attacks – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration. The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of   show more ...

Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on […] La entrada Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration. – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cybertalk.org – Author: slandau Cindi Carter is a Field CISO for the Americas region at Check Point. Happy International Women’s Day! As we recognize this day and celebrate the social, economic, political and cultural achievements of women, let’s also note that there is still much more work to   show more ...

be done, especially in relation to […] La entrada Making cyber security more diverse and inclusive (starting now!) – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber security

Source: www.cybertalk.org – Author: slandau Micki Boland is a global cyber security warrior and evangelist with Check Point’s Office of the CTO. Micki has over 20 years in ICT, cyber security, emerging technology, and innovation. Micki’s focus is helping customers, system integrators, and service providers   show more ...

reduce risk through the adoption of emerging cyber security technologies. Micki […] La entrada This International Women’s Day, meet a true technology trailblazer… – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Bug

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Security experts have warned that cyber criminals are exploiting a critical TeamCity vulnerability en masse. Hackers are creating hundreds of new user accounts on compromised servers.  TeamCity as a target First released in 2006, the popular   show more ...

commercial software known as TeamCity enables developers to create and test software […] La entrada JetBrains TeamCity supply chain bug, servers still unpatched and vulnerable – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Best Practices

Source: www.lastwatchdog.com – Author: cyberwire San Francisco, Calif., Mar. 7, 2024 — Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today launched a new Partner Program and welcomed Identity Data Management and Analytics provider Radiant Logic as its newest partner.   show more ...

Radiant Logic joins Badge’s partner network alongside marquee identity partners, Okta and Ping Identity. […] La entrada News alert: Badge expands availability of ‘Enroll Once and Authenticate on Any Device’ software – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Business email compromise

Source: www.tripwire.com – Author: Graham Cluley If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it’s time to wake up. The FBI’s latest annual Internet Crime Complaint Center (IC3) report has just been published and makes for some   show more ...

grim reading. According to the IC3 report, online […] La entrada $12.5 billion lost to cybercrime, amid tidal wave of crypto investment fraud – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: grahamcluley.com – Author: Graham Cluley Is there any truth behind the alleged data breach at Fortnite maker Epic Games? Who launched the ransomware attack that caused a fallout at pharmacies? And what’s the latest on the heart-breaking hack of Finnish therapy clinic Vastaamo? All this and much much   show more ...

more is discussed in the latest […] La entrada Smashing Security podcast #362: Ransomware fraud, pharmacy chaos, and suicide – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.bitdefender.com – Author: Graham Cluley Ukraine claims to have successfully hacked Russian military servers and gained access to highly sensitive information. According to an official statement from the Defence Intelligence of Ukraine, the hack has allowed Ukraine to gain possession of “the   show more ...

information security and encryption software” used by Russia’s Ministry of Defence (Minoborony), […] La entrada Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 08, 2024NewsroomInteroperability / Encryption Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union.   show more ...

“This allows users of third-party providers who choose to enable interoperability (interop) to […] La entrada Meta Details WhatsApp and Messenger Interoperability to Comply with EU’s DMA Regulations – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 08, 2024The Hacker NewsSecrets Management / Access Control In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We’re all familiar with the   show more ...

routine: safeguarding those API keys, connection strings, and certificates is […] La entrada Secrets Sensei: Conquering Secrets Management Challenges – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cisco

Source: thehackernews.com – Author: . Mar 08, 2024NewsroomNetwork Security / Vulnerability Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking   show more ...

equipment company described the vulnerability, tracked as CVE-2024-20337 […] La entrada Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Friday, March 08
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay