Proactive Cyber Security

By Lazarus Alliance | IT Security, IT Audit & Compliance, IT Risk and IT Governance

How to Know Which NIST Framework to Use

<i>Richard P. Tracy is the chief security officer of Telos.</i><p>One of the most important aspects of the recent cybersecurity executive order is also the …


Dedicated security teams: The pros and cons of splitting focus areas

The attack surface for many organizations is steadily expanding, as they must now defend against attacks on their...<p>cloud applications, mobile …

IT security trends: 2017 prioritizes cloud, network, endpoints

Prioritizing endless cybersecurity initiatives is not an easy task for infosec teams.<p>Endless attacks, such as the recent WannaCry ransomware virus or …

Data breach at Oklahoma U impacts 30K students

Lax privacy settings in a campus file-sharing network led to an unintentional exposure of the educational records of thousands of students at the …

Data Breach

Samsung left millions at risk by not renewing domain, patches Magician

Samsung Magician recently patched a flaw which could allow an attacker to execute arbitrary code but a separate flaw may have left millions at risk …

Information Security

NYC mayor reveals plan to add 10,000 cybersecurity jobs over the next decade

Bill de Blasio

Cyber Security Is The Necessity Of The Future

Cyber Security is a rapidly expanding sector.<p>There is no apparent leader in the industry yet.<p>ETF is currently the best way to capture growth with …


How OneLogin Was Compromised and the Lessons for the Rest of Us

As painful as breach incidents are for the service provider and affected companies, they also offer a teaching moment.<p>Last week, OneLogin, one of the leading U.S. Cloud Single Sign-On (SSO) services, suffered a major breach, compromising U.S. customer data. The good news was that OneLogin was able …


Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. …


3 Lessons Agencies Need to Learn from WannaCry

Federal government systems escaped the global outbreak of the WannaCry ransomware, but agencies can glean lessons to fend off whatever comes next, …

Trump's Executive Order: What It Means for US Cybersecurity

The provisions are all well and good, but it's hardly the first time they've been ordered by the White House.


Malware Incidents at US SMBs Spiked 165% in Q1

Texas-based SMBs suffered the most malware attack attempts in the first quarter while those in Arizona had the biggest year-over-year increase, …

Georgia special election disruption concerns rise after 6.7M records leaked


Researchers port EternalBlue exploit to Windows 10

Security researchers found a way to bypass various Microsoft security features and build a proof-of-concept version of the EternalBlue exploit that …

Microsoft accused of blocking independent antivirus competition

Antivirus software company Kaspersky Lab filed antitrust complaints against Microsoft with the European Commission and the German Federal Cartel …

Information Security

In an Era of Russian Hacks, the US Is Still Installing Russian Software on Government Systems

Agencies bought Kaspersky anti-virus to secure their systems, but intel officials and lawmakers worry it's a liability instead.


CIA's Cloud is 'Pretty Close' to Invincible, CIO Says

The agency wants to operate more like commercial companies, not the government, CIA CIO John Edwards said.

Spoofing a Government Website is Easier Than You Think

<i>John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology and government. He is currently the</i> …

Government Technology

If Voting Machines Were Hacked, Would Anyone Know?

As new reports emerge about Russian-backed attempts to hack state and local election systems, U.S. officials are increasingly worried about how vulnerable American elections really are. While the officials say they see no evidence that any votes were tampered with, no one knows for sure.<p>Voters were …


Ex-CIA Director Brennan Warns of More Collaboration Between Nation-States and Cybercriminals

Former CIA head said retaliatory hacking options 'actively being discussed in government circles.'


Select Restaurant chain hit with POS data breach

The Select Restaurant chain reported it suffered a point-of-sale breach during which customer payment card information was compromised.

WannaCry: One month later

FIN7 targeting restaurants with fileless malware

FIN7 is back at it again this time using their infamous fileless malware to target U.S. restaurants using clever phishing emails designed to look …


Posting X-ray photos jeopardize hospital networks

Even if a user takes the precaution to crop out data, they could unintentionally leave information such as the server name.


Russian election hackers breached 39 U.S. states

Russian hackers reportedly breached the electoral systems of at least 39 states during the summer and fall of 2016 accessing software designed to be …


Cyber Criminals Are Hijacking Computers for Cryptocurrency Mining

Cryptocurrency mining malware may end up being a bigger problem than WannaCry<p>Organizations that think they dodged a bullet when their older systems …


New Malware-as-a-Service Offerings Target Mac OS X

MacSpy and MacRansom are two early variants of malware-as-a-service portals targeting the broader population of Mac users.


The Detection Trap: Improving Cybersecurity by Learning from the Secret Service

Intruders often understand the networks they target better than their defenders do.

FTC Issues Advice on Mobile Phone Data Security, Identity Theft

The Federal Trade Commission offers hindsight and foresight on ways to reduce identity theft should your mobile device get stolen.

Identity Theft