A new report released this month by MIT Sloan in collaboration with Proofpoint surveyed 600 board members at organizations across 12 countries about their thoughts on cybersecurity preparedness.
While 75% of respondents said that cybersecurity risks and impacts are understood by their boards, the report states that "Just under two-thirds of board members believe that their organization is at risk of a material cyber attack.
On Friday, September 30, President Biden signed into Law the "SBIR and STTR Extension Act of 2022," which, according to a press release on the White House's website, "which authorizes the Small Business Innovation Research (SBIR), Small Business Technology Transfer (STTR), and six related pilot programs through Fiscal Year 2025."
“Passing this important bill gives our nation’s innovative small businesses and research institutions the certainty they need to continue developing the technology that will power the economy of tomorrow," said Senator Ben Cardin (D-Maryland).
It also codifies the requirement of agencies part of the program to assess "potential risk posed by program applicants' foreign ties.
A somewhat funny but definitely bad news story came out last month that involved a popular song from the late 1980s. Raymond Chen, who has worked at Microsoft for a quarter-century, keeps a blog on their website called "The Old New Thing."
In a post dated August 16th, 2022, Chen recalled a story a colleague had told him about how one of the world's largest computer manufacturers had found out by accident that by playing Janet Jackson's "Rhythm Nation" music video, several of their laptops would crash.
The United States House of Representatives has been working hard on preparing its FY23 spending bills, with an estimated $15.6 billion being earmarked for cybersecurity over the coming year. This would also include $417 million more for the Cybersecurity and Infrastructure Security Agency (CISA) than the amount President Biden requested.
Here at Direct iT, we've had a long-standing policy of not relying on password managers.
This has proven itself, most recently as password manager leader LastPass admitted that they were not only hacked, but their source code was stolen.
“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," LastPass said in a statement.
Last Month, our CEO David Javaheri spoke at an IT and Cybersecurity conference in Nashville. Cybersecurity entrepreneur and TV personality Robert Herjavec also gave a presentation at the conference about how important persistence is for him and his company.
Blue Cross and Blue Shield (BCBS) of Massachusetts has identified and given notice to 4,855 members whose personal information was part of a data breach that occurred in late-June.
According to the insurer, an employee at a third-party vendor that they work with, LifeWorks, e-mailed a spreadsheet containing members’ personal identifying information, to their personal Gmail account, and copied another employee’s personal e-mail as well.
The phone numbers and e-mails of 5.4 million Twitter users are up for sale for a mere $30,000.00 after the social media giant suffered a data breach in December 2021.
A threat actor going by the name “devil” wrote a post on July 21 stating that they had collected the data of 5.4M users, including “celebrities, to companies, randoms, OGs, etc.
Remember when an Apple employee accidentally left a prototype iPhone in a Silicon Valley bar about a decade ago? Now, imagine that scenario, but instead, the employee leaves a thumb drive containing the confidential information of every resident of a large city.
AMD (Advanced Micro Devices), one of the world's largest semiconductor manufacturers and computer hardware manufacturer, second only to Intel, has announced that it is investigating a cyberattack incident which left 450GB of company data stolen.
According to BleepingComputer, the extortion group "RansomHouse" had made mention on their Telegram social media account that they had attained and would be offering for sale data from "a well-known three-letter company that starts with the letter A."
The report goes on to state that while the data is listed as stolen on January 5th, 2022, that was only the date that the threat actors finally lost access to AMD's servers.