Top Weekly News In Cyber Security
Would you pay $1m for a laptop full of malware?
A laptop deliberately infected with six notorious strains of malware, including WannaCry and ILoveYou, is being auctioned in the US as an art project.
At time of writing, the highest bid for the device was $1.1m (£800,000).
The auction states that the Samsung laptop's internet connectivity will be disabled when the device is shipped to the auction winner.
The 11-year-old Notebook has been air-gapped - a security measure to isolate it from other networks.
Microsoft Defender ATP is Now Publicly Available for Macs
Microsoft Defender ATP for Mac is now publicly available after being tested in a limited preview that started in March. With the release of a Mac endpoint, enterprise customers utilizing Microsoft Defender ATP can now manage the security of Mac computers from a centralized administrative console.
Google Stored G Suite Passwords in Plaintext Since 2005
Google said it had stored G Suite enterprise users’ passwords in plain text since 2005 marking a giant security faux pas.
Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening.
G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently discovered the passwords for a “subset of enterprise G Suite customers” stored in plain text since 2005.
DoD stepping up recruitment efforts to find more diverse cyber talent
The Pentagon is trying a new approach to recruit top-notch IT talent. The Defense Digital Service thinks the current recruiting process is too passive — posting vacancies on the USAJobs website and waiting for applicants. So as part of a new pilot program, it’s just awarded contracts to five companies to actively recruit technical talent from the private sector. DDS said the Civilian Hiring as a Service program will target communities the government usually overlooks. (FedBizOpps)
What Do Women in Tech Want?
To find out what women in tech want, we asked them. A query to HARO drew a large number of responses. Everyone wants equal opportunity, though some experience it more others. Some women share positive reports for the level of female representation at their places of work, while others still feel the sting of being overlooked by those who direct technical questions only to the men in the room. However, their thoughtful responses include not just what women want but what practical steps will get us there.
To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape
Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame.
In recent years, the cyber skills gap between attackers and defenders has widened. Corporate security teams — their hands tied by budget constraints, box-ticking exercises, internal politics, and outdated training — are struggling to catch up. More than half of organizations now consider the shortage of adequately trained cybersecurity professionals to be a major problem.
Evaluating Cybersecurity Degree Programs: Four Pillars of Excellence
At this point, it’s almost common knowledge: the demand for qualified cybersecurity professionals far outweighs the supply.
According to IT industry association ISACA in its “State of Cybersecurity 2019” report, 58 percent of organizations have unfilled cybersecurity positions, and nearly 70 percent say their cybersecurity teams are understaffed. Additionally, CyberSeek, an initiative of the National Initiative for Cybersecurity Education and the National Institute of Standards and Technology, reports that as of mid-2018, there were more than 310,000 cybersecurity job openings.
Exabeam Partners with Deakin University to Strengthen Security Management Approach and Expand Cybersecurity Degree Program
Exabeam, the Smarter SIEM™ company, announced a partnership with Deakin University in Australia to strengthen its security management approach and bolster its already distinguished cybersecurity degree program, delivered through the School of IT. The university not only deployed Exabeam Advanced Analytics to help process the large amounts of generated data and spot anomalies on its network; it also turned to the security management leader’s industry expertise to build out its curriculum and initiate a real-life career experience program within the School of IT.
It’s Time to Combine Security Awareness and Privacy Awareness
The time is right
It’s clear that the conditions are ripe for a merger of the security and privacy domains, at least in the way they communicate about risk to employees. After all, both cybersecurity pros (battered by hacking attacks and ransomware) and privacy pros (pressed by the demands of the GDPR, the CCPA, and whatever comes next) are keenly aware that all the technical controls and policies won’t do any good unless their employee population is engaged in playing their role in their day-to-day jobs.
CircleCityCon: May 31, 2019 - June 2, 201
CircleCityCon is a security conference held in downtown Indianapolis. Our cons last years were big successes and we are only looking to grow and make it better.
CircleCityCon is about the community. Our signature offering is the community led training classes offered to all participants. Events and contests are organized by members of the security community, including both CircleCityCon staffers and community partners. Three tracks, incredible entertainment, and technical villages help round out the CircleCityCom experience. Of course, don’t forget the chance to meet and talk with your peers about all topics including security, hacking, and the latest superhero movies.