July 2021

The plan this week was to do a super simple update whilst having some time out. In the back yard, sun shining, iPad, Air Pods, all good. Mostly all good – the sound quality on those Air Pods is absolute rubbish. I don’t if that’s a

Read More Weekly Update 254

Webroot put forward another strong performance in its latest round of independent third-party testing, besting all competitors and taking home the highest overall score. In taking the highest score in the category for 2021, Webroot beat out competitors including BitDefender™, McAfee® and ESET® endpoint security solutions. In the report, the company conducted objective testing of […]

The post Webroot top performer among security products in PassMark® Software testing appeared first on Webroot Blog.

Read More Webroot top performer among security products in PassMark® Software testing

This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project. Each video addresses a topic that I think might be of interest to people trying to understand their network usin…

Read More Zeek in Action Videos

For the past 35 years, EY’s Entrepreneur Of The Year® program has honored leaders from around the world who continue to make positive impacts within their industries. We’re thrilled to share that, this year, Veracode’s CEO Sam King has been named a win…

Read More Veracode CEO Sam King Named a Winner in the EY Entrepreneur Of The Year® New England Award

President Biden on July 28, 2021, signed a new National Security Memorandum, “Improving Cybersecurity for Critical Infrastructure Control Systems which directs the Department of Homeland Security (DHS) to work with the Department of Commerce (DOC) in d…

Read More White House National Security Memo Issued | NIST & DHS Developing Cybersecurity Performance Goals for Critical Infrastructure Control Systems

President Biden on July 28, 2021, signed a new National Security Memorandum, “Improving Cybersecurity for Critical Infrastructure Control Systems which directs the Department of Homeland Security (DHS) to work with the Department of Commerce (DOC) in d…

Read More White House National Security Memo Issued | NIST & DHS Developing Cybersecurity Performance Goals for Critical Infrastructure Control Systems

NIST is seeking suggestions and feedback on challenges and practical approaches to initiating cybersecurity labeling efforts for Internet of Things (IoT) devices and consumer software. The information received will help NIST carry out one of its multip…

Read More IoT Devices & Software | NIST Workshop + Call for Papers on Cybersecurity Labeling Programs for Consumers

The way Cloud service providers in the UK operate has changed dramatically in the past few years, thanks to a pair of regulations that took effect. The first – the EU GDPR (General Data Protection Regulation) – should be familiar to most, but you also need to understand the NIS Regulations (Network and Information Systems Regulations 2018). Both of these place an added emphasis on organisations’ ability to prevent data breaches and ensure that critical infrastructure remains operational in the event of a disruption. Streamlining compliance Both regulations contain a long list of requirements, many of which we discuss in

The post The benefits of NIS Regulations and the GDPR for Cloud service providers appeared first on IT Governance UK Blog.

Read More The benefits of NIS Regulations and the GDPR for Cloud service providers

This week, by popular demand, it’s Charlotte! Oh – and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she’s been transitioning from Mac to PC. Plus, she has to put up with

Read More Weekly Update 253

At Carbonite + Webroot, we’re always preaching about the importance of layering security solutions. Because here’s the truth: data’s always at risk. Whether from cybercriminals, everyday mishaps or mother nature, businesses can put up all the defenses they want but disaster only has to successfully strike once. The global pandemic means more work is being […]

The post Redundancy for resilience: The importance of layered protection in the cloud appeared first on Webroot Blog.

Read More Redundancy for resilience: The importance of layered protection in the cloud

The internet is heavily flooded with data. It could take a person several hours, or even days, and a considerable number of cups of coffee to sift through the data and ultimately reach actionable insights. For businesses leveraging a lot of data for market research, competitive price analysis, and other business applications, sifting through data […]

The post How Web Scraping Can Enhance Cyber Security  appeared first on CyberDB.

Read More How Web Scraping Can Enhance Cyber Security 

Who will you call when your organisation has been compromised? Having a cyber incident response team ready to go can save your organisation from disaster. There’s no escaping the threat of cyber security incidents. Criminals are constantly poised to exploit vulnerabilities, and employees use complex IT systems where mistakes are bound to happen. Investing in cyber defences can reduce those risks, but organisations need to be ready for threats they can’t prevent. A CIR (cyber incident response) plan does just that, outlining strategies for identifying and responding to security breaches. An effective plan can quickly stop disruption from turning into

The post How to build a cyber security incident response team (CSIRT) appeared first on IT Governance UK Blog.

Read More How to build a cyber security incident response team (CSIRT)

Anyone with an interest in information security will have encountered ISO 27001, the international standard that describes best practice for an ISMS (information security management system). However, you might not be as familiar with ISO 27002. It’s a supplementary standard that provides advice on how to implement the security controls listed in Annex A of ISO 27001. Although ISO 27001 is the more well-known standard – and the one that organisations certify to – neither can be considered in isolation. This blog explains why that’s the case, helping you understand how each standard works and the differences between them. What

The post ISO 27001 vs. ISO 27002: What’s the difference? appeared first on IT Governance UK Blog.

Read More ISO 27001 vs. ISO 27002: What’s the difference?

Quick Heal Security Lab has seen a sudden increase in dotnet samples which are using steganography. Initially, in…
The post FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data appeared first…

Read More FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data

On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. The order, which outlines security initiatives and timelines, calls for the U.S. Department of Commerce’s National Institute of Standards and Technolog…

Read More Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code

World-renowned fashion retailer; Guess confirmed over the course of the past week that some of its clients had their confidential data compromised in a brutal ransomware attack that the fashion…

The post Popular Fashion Seller Guess Alerts Its Clients Over Possible Data Breach appeared first on Hacker Combat.

Read More Popular Fashion Seller Guess Alerts Its Clients Over Possible Data Breach

Next week first: based on popular demand, at 18:00 on our end Friday 23 (that’s 09:00 in London and terrible o’clock everywhere in the US), Charlotte is going to join me to talk about her transition from Mac to PC. Scott Helme will also

Read More Weekly Update 252

It’s not just that they’re making headlines more often. Ransomware rates really are rising. Given the recent spate of high-profile attacks, it’s worth remembering the difference between standard backup and high-availability replication. Our research suggests that the costs of ransomware for businesses can amount to much more than an extortion payment. They include lost hours […]

The post What’s the difference between high availability and backup again? appeared first on Webroot Blog.

Read More What’s the difference between high availability and backup again?

People are the weakest part of any organisation’s security defences. You can spend months designing flawless processes and investing in state-of-the-art technology, but these both only work if the people using them know what they’re doing. That’s why information security policies are among the most crucial element of an organisation’s defence. They contain a list of instructions for staff to follow in various scenarios and cover a range of topics, such as acceptable passwords and how often to back up data. What do information security policies do? Information security policies are usually the result of risk assessments, in which vulnerabilities

The post What is an information security policy? appeared first on IT Governance UK Blog.

Read More What is an information security policy?

Threats to your business data can be really damaging if you are not careful. But they are completely avoidable when you have the right safeguards in place. If you are wanting to ensure that you can conduct business without a lot of issues along the way, then investing in the right methods will help.  There […]

The post Tips for Keeping Your Business Data Secure appeared first on CyberDB.

Read More Tips for Keeping Your Business Data Secure

Between school holidays and a house full of tradies repairing things, there wasn’t a lot a free time this week. That said, I’ve got another gov onto HIBP, snared by 11th MVP award, did a heap of other cyber-things and Charlotte and I even managed to

Read More Weekly Update 251

NIST today fulfilled two of its assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028). That Executive Order (EO) charges multiple agen…

Read More NIST Delivers Two Key Publications to Enhance Software Supply Chain Security Called for by Executive Order

The threat of cyber security incidents looms over all organisations. There are simply too many things that can go wrong – whether it’s a cyber attack, a technical malfunction or another delay – to assume that operations will always be functional. And when disaster strikes, time is of the essence. The longer it takes to respond, the more likely it is the costs will escalate. That’s why it’s essential to have an incident response plan. By preparing for the inevitable, you can act quickly to identify and mitigate the damage. In this blog, we look at five ways you can

The post 5 tips for incident response management success appeared first on IT Governance UK Blog.

Read More 5 tips for incident response management success

Draft NISTIR 8286A, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM), is now available for a second public comment period. This report provides a more in-depth discussion of the concepts introduced in NISTIR 8286, Inte…

Read More Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management: 2nd Public Draft of NISTIR 8286A Available for Comment

A new malicious software (ransomware) variant that leverages Golang has been released. It indicates that cybercriminals leverage GoLang (programming language) to execute their malicious actions. CrowdStrike obtained a specimen of…

The post New Ransomware Highlights Widespread Adoption of Golang Language By Cyberattackers appeared first on Hacker Combat.

Read More New Ransomware Highlights Widespread Adoption of Golang Language By Cyberattackers

On April 2021, one of the most known Ransomware Gang called Babuk, decided to change the way they ask for ransom: no more double extortion, no more file encryption but just data exfiltration and a later announcement in case of no deal with the victim. It’s a nice move forward for a Ransomware Gang that, […]

Read More Babuk Ransomware: The Builder

The National Cybersecurity Center of Excellence (NCCoE) has finalized its project description on the Automation of the Cryptographic Module Validation Program (CMVP). Increased automation is necessary because a number of elements of the current validat…

Read More Automation of the Cryptographic Module Validation Program (CMVP): Final Project Description Released