T-Mobile hackers claim to have data on millions
The seller of data on more than 100 million T-Mobile customers — stolen from company servers — told Motherboard that “full customer info” is for sale; the company has said little other than that it is investigating. The seller reportedly wants more than $250,000 for 30 million Social Security and driver’s license numbers.
Full Story: https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million
Why do hackers hack?
Cyberattacks and malware infections may seem random, but many are thoroughly planned out with handpicked targets. By understanding the effect of an increasingly digital landscape on the mind, you can thwart cyber disasters and develop security measures designed to outsmart the human brain. Learn more.
Continue reading: https://www.captechu.edu/webinar-series/cap-tech-talks/introduction-cyberpsychology-impact-of-emerging-technology-human
Source: https://QUE.com
False positives from IT solutions are causing headaches
Amplitude Research polled 450 security decision-makers and found that almost half believe their organization is sufficiently protected against external threats. Another finding: 47% said their automated cybersecurity solutions create so many false positives that they ignore half of the solutions’ alerts.
Full Story: https://www.itproportal.com/news/it-leaders-dont-understand-why-their-firms-keep-suffering-breaches/
It’s time to recognize passwords must be improved
Improving cybersecurity is no longer a matter of throwing tactics and tools at a vulnerability, writes Brian Gale of threat monitoring platform FYEO. Gale’s suggested first step: “Pick a password manager that all employees, regardless of technical know-how, can use.”
Full Story: https://www.cpomagazine.com/cyber-security/you-are-the-weakest-link-goodbye/
Watch for IT burnout as working from home persists
Now that it looks as though working from home will be extended at many companies, burnout among IT professionals will increase unless a “digital-first” mindset prevails, says Nicholas Avila of consulting firm Globant. “Most organizations were not ready for the pandemic, and deep down, most would prefer to go back to the pre-pandemic state so they can use their usual methods to build teams and ensure progress on projects,” Avila adds.
Looking for “unicorn” or “rock star” often doesn’t work
Leaders hiring for cybersecurity jobs “artificially limit their talent pool by overburdening their job search with narrowly defined qualifications,” says Zaira Pirzada of research firm Gartner. Tech vendors are often guilty of using terms such as “unicorn” and “rock star” to describe their needs, which creates biases, adds Ian McShane of security software provider Arctic Wolf.
Full Story: https://www.techrepublic.com/article/a-diverse-cybersecurity-team-can-help-alleviate-the-talent-shortage/
More CyberSecurity News at https://que.com/tag/cybersecurity
How do they know they are false positives if they ignore them?
;-)
Some security professional create too many rules/policy that causes too many false positive and simply ignore them. This beat the purpose of analyzing traffics.
You need to have a team of cyber security analysts to check all alerts. I consulted some companies that hold 2-3 different roles in a company, they are burned down and no time to do analyst work to investigate an events or an incidents.
I can see the human side. Just strikes me as a technique too - create some false positives then hack properly using the same vector. but for real.
It's an aspect I'd often thought of going into - have tons of pen testing resources - but always figured there were plenty of younger people with a deeper obsession ;-)
Exactly!
This is exactly why I limit my online activity. In the last several years, I've been notified my information has been compromised by:
Department of Defense
United Airlines
Target
Ebay
just to name a FEW.
I figure if the DOD and United Airlines etc can't safeguard my information the crappy little security I have for my computer does about jack.
I'm inundated with emails about online bill pay, managing all my accounts online or through apps.
No thank you.
I also have limited my online accounts for regular activity as well. You mentioned better passwords, and to be frank I have to many passwords, half of them so complicated I have to keep them recorded off my computer as there is no way I could remember them. I think many like myself are on password overload and with time more will join me in cutting back their online activity that requires yet another password that requires extra codes or texts for added security.
Years ago when I was a self published author I hosted a website so I could do promotion and build an email list. I sold nothing from this website, there was no cart. Despite this, my web security was randomly attacked using brute force programs. I got so sick of it one time I began limiting the countries who could access the site, and within seconds the hacking program would shift its geographical data so it could resume. In the course of one day that particular attack lasted half the day averaging 2-3 attempts per minute.
I can only imagine the attacks that are taking place on sites that actually deal with money.
Remember OPM hacked? Many personal identifiable information (PII) is out there.
Hopefully a biometric solution for general public. I hate maintaining too many passwords.