When the theme, Human Element, was announced for RSA Conference 2020 (RSAC), I was gratified. It’s a topic I never tire of because not only do I believe that there is no “silver bullet” technology, I believe it’s the humans who really lead the way to greater security efficiency and effectiveness. So, while at the conference I took the opportunity to view eve

Law firm Morgan & Morgan announced on Thursday that it has filed a class action lawsuit against Marriott over the recently disclosed data breach that has impacted as many as 5.2 million individuals.The complaint filed by Morgan & Morgan in the District of Maryland accuses Marriott of negligence, breach of contract, breach of confidence, and deceptive

Google, Microsoft and Mozilla are delaying plans to disable support for the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Chrome, Edge, Internet Explorer, and Firefox.TLS 1.0 is over two decades old, and TLS 1.1 was only meant to address some limitations in the former and prevent specific attacks. Both are known to include weaknesses, some addresse

Cloud-based Cyber Ranges Will Change the Future of Training and Certifying Security and DevOps ProfessionalsA half-decade ago, with much fanfare, cyber ranges were touted as a revolutionary pivot for cybersecurity professionals’ training. Many promises and investments were made, yet the revolution has been slow coming. What may have been a slow start appears

AMD has confirmed that a hacker has stolen files related to some of its graphics products, but the company says it’s not too concerned about the impact of the leak.A hacker who uses the online moniker “Palesa” claims to have obtained source code files related to several AMD graphics processing units (GPUs), including the Navi 10 architecture, which is used i

General Electric (GE) revealed last week that the personal information of some employees may have been compromised as a result of a data breach suffered by Canon Business Process Services.In a data breach notification sent to affected individuals and submitted to the California Attorney General, GE said an unauthorized party gained access to a Canon email ac

New Mexico school districts, universities, and government agencies have collectively spent millions of dollars to regain control of their computer systems after employees unknowingly opened emails containing an encrypted code that effectively shut them out of their systems.The ransomware attacks occurred between January 2018 and February 2020, and have put s

UK-based financial technology company Finastra is investigating a cybersecurity incident that may involve a piece of ransomware infecting some of its systems.Finastra has over 10,000 employees and it delivers financial software to more than 9,000 customers across 130 countries, including 90 of the top 100 banks.Cybersecurity blogger Brian Krebs reported that

The U.S. Department of Health and Human Services (HHS) was targeted with a distributed denial-of-service (DDoS) attack on Sunday, but the agency said it did not experience any significant disruption as a result of the incident.“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity t

The European Network of Transmission System Operators for Electricity (ENTSO-E) revealed this week that malicious actors breached its corporate network.ENTSO-E represents 42 electricity transmission system operators (TSOs) from 35 countries in Europe. TSOs are responsible for the transmission of electric power across the main high-voltage networks, and ENTSO

Opener Through threat hunting, an organization can break away from a reactive approach to identifying incidents and evolve into a proactive operation that actively looks for incidents. The high-level threat hunting pipeline consists of taking a hypothesis built around threats specific to the organization, lab testing and validating the hypothesis, impleme

The City of Durham and the Durham County government in North Carolina are in the process of recovery after experiencing what appears to be a ransomware attack on March 6.In a notice published on its website on Sunday, the City of Durham revealed that it was alerted of the incident late on Friday, and that it immediately responded and shut down some systems i

Employing techniques usually associated with nation-state threat actors, human-operated ransomware attacks represent a growing threat to businesses, Microsoft warned last week.Different from auto-spreading ransomware, these are hands-on-keyboard attacks, where attackers use stolen credentials, perform reconnaissance, adapt to the compromised network’s config

Virgin Media has been accused of downplaying the recently disclosed cybersecurity incident that involved the personal information of roughly 900,000 people.UK-based phone, TV and broadband services provider Virgin Media started informing customers and potential customers last week that some of their personal information was exposed as a result of a misconfig

Australia's privacy watchdog announced legal action against Facebook Monday for alleged "systematic failures" exposing more than 300,000 Australians to a data breach by Cambridge Analytica.The Office of the Australian Information Commissioner said it had initiated proceedings against the tech giant and that Facebook committed "serious and/or repeated interfe