While this is a step in the right direction, there are some confusion, speculation and rumors related to CMMC accreditation. The following are three common misconceptions around CMMC certification, with clarification to help organizations requiring CMMC certification to stay well-informed on the necessary guidelines and procedures.
Because cybersecurity events are complicated, we rely on analogies to understand how they work. Analogies are useful, but certain oversimplifications are perpetuating inaccurate narratives. These inaccuracies misdirect productive discussion and as a result, proposed policy and solutions are being based on faulty assumptions. A faulty premise can only yield flawed results…and cyber national security is not an area in which the United States has margin for error.
Bitdefender security researchers have discovered a threat group likely based in Romania that's been active since at least 2020. They've been targeting Linux-based machines with weak SSH credentials, mainly to deploy Monero mining malware, but their toolbox allows for other kinds of attacks.
REvil ransomware gang’s website and infrastructure has gone offline, about a week and a half after the news of the group’s cyberattack on IT software vendor Kaseya.
SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.
Capable cybersecurity professionals can expect to be spoiled for choice in the job market today and well compensated for their in-demand skillsets. For those considering entering the field, I’d like to lay out the state of security today, explore potential career paths, and provide some guidance on the steps you can take, including skills you can develop to make it happen.
Salt Labs researchers investigated a large financial institution’s online platform that provides API services to thousands of partner banks and financial advisors. As a result of multiple API vulnerabilities, researchers were able to launch attacks where:
How often do you consider gravity? And the power of this invisible force to move oceans, hold planets in orbit, and quite literally, keep us all grounded. Now, how about women in technology? Another force of nature that, I think, deserves more visibility and recognition. Men haven’t cornered the market on technological genius, innovation, and invention. But too often, women have had to work all the harder not only to prove that fact, but also to be equally recognized for their extraordinary contributions.
I dare to say this: “companies need to stop playing the game of pin the blame on the developer whenever a security vulnerability is discovered or exploited in applications.” Rather than pointing fingers at developers, organizations need to empower these professionals to help them build and expand their cloud-based initiatives without having to worry about security.
Fashion retailer Guess recently announced a data breach that compromised 1,300 people and their information, including account numbers, debit and credit card numbers, social security numbers, access codes and personal identification numbers.