Social Engineering

Cloud security vendor Fortanix has updated its Data Security Manager to incorporate support for AWS’ external encryption key store system, adding another major public cloud vendor to the list of those supported for the company’s key management system. With this week’s update, Fortanix, which already supports this type of cloud key management system in Azure and Google Cloud, is trying to solve one of the major security and regulatory problems posed by multicloud environments. Every…

Read More

Amazon Web Services has announced AWS Lambda serverless function support for its automated vulnerability management service, Amazon Inspector, and a new automated sensitive data discovery capability in its machine learning security and privacy service, Amazon Macie. Both announcements were made during the AWS Re:Invent 2022 conference in Las Vegas this week. They follow other security-focused AWS releases including the launch of Wickr, a new encrypted messaging service for enterprises and Amazon Security Lake, which centralizes…

Read More

Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account, the company said in a statement.  “Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources…

Read More

Ransomware and data breaches pose a massive risk to organizations, resulting in loss of customer trust and shareholder value, reputation damage, hefty fines, and penalties. Cyber risk is a top concern in US corporate boardrooms, elevating the role of the chief information security officer to rapid prominence. More than half (61%) of CISOs report to a board and board members are increasingly interested in what CISOs have to say. But technical skills alone won’t suffice…

Read More

Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil. The group employs double extortion, combining data encryption with data theft and subsequent threats to…

Read More

Cybersecurity professionals interested in raising their profiles as subject matter experts can count on social media to become more visible. With everyone being online this may not be enough though. CSO spoke to Forrester analyst Jinan Budge and cybersecurity professionals Katie Moussouris, Troy Hunt, Rachel Tobac, and Christina Morillo about their journeys and their tips for those who want to build their public profile. Some of these professionals have been known for their work for…

Read More

A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year. APIs are a core part of how financial services firms are changing their operations in the modern era, Akamai said, given the growing desire for more and more app-based…

Read More

Just days after announcing the close of its consumer-oriented Wickr Me encrypted messaging service, Amazon Web Services (AWS), at its annual re:Invent conference on Monday, said that it was making the enterprise version of the app generally available. Dubbed simply AWS Wickr, the service was first announced in July and has been in preview till now. The enterprise version of the messaging service, designed to allow enterprise users to securely collaborate via text, voice and…

Read More

Judicial and law enforcement authorities in Europe, Australia, the US, Ukraine, and Canada took down a so-called spoofing website that allowed fraudsters to impersonate trusted corporations or contacts in order to steal more than $120 million from victims. In a coordinated action led by the UK and supported by Europol and EU judicial cooperation agency Eurojust, a total of 142 suspects were arrested, including the main administrator of the website, according to a statement posted…

Read More

The Council of the European Union (EU) has adopted a new cybersecurity directive designed to improve resilience and incident response capacities across the EU, replacing NIS, the current directive on the security of network and information systems. The new directive, NIS2, will set the baseline for cybersecurity risk management measures and reporting obligations across sectors and aims to harmonize cybersecurity requirements and implementation of measures in different member states. NIS2 enhances EU incident management cooperation…

Read More