433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

What is Traffic Light Protocol? Here’s how it supports CISOs in sharing threat data

Traffic Light Protocol (TLP) was created to facilitate greater sharing of potentially sensitive threat information within an organization or business and to enable more effective collaboration among security defenders, system administrators, security managers, and researchers. TLP grew out of efforts by various public-sector security incident response teams of various nations that began sharing security alerts. The protocol was developed so that recipients of threat data could assess its sensitivity and determine how to share it with others, without giving any aid to the bad actors, revealing personal data, or running afoul of data privacy regulations. To read this article in full, please click here
http://news.poseidon-us.com/SjpRvK

Resecurity warns about cyber-attacks on data center service providers

Resecurity warns about the increase of malicious cyber activity targeting data center service providers globally. According to the detailed report recently released by the California-based cybersecurity company, during September 2021, Resecurity notified several data center organizations about malicious cyber activity targeting them and their customers. Such organizations act as a critical part of the enterprise supply chain and become a juicy target for nation-state, criminal and cyberespionage groups. The details about this activity have been … More → The post Resecurity warns about cyber-attacks on data center service providers appeared first on Help Net Security.
http://news.poseidon-us.com/Sjp1lf

DNA Diagnostic Center fined $400,000 for 2021 data breach

DNA Diagnostics Center, a DNA testing company, will pay a penalty of $400,000 to the attorneys general of Pennsylvania and Ohio for a data breach in 2021 that affected 2.1 million individuals nationwide, according to a settlement deal with the states’ attorneys general.  The company will also be required to implement improvements to its data security, including updating the asset inventory of its entire network and disabling or removing any assets identified that are not necessary for any legitimate business purpose. To read this article in full, please click here
http://news.poseidon-us.com/Sjld9j

Why CISOs change jobs

Being a CISO is a hard job. You must constantly balance business, technology, and regulatory requirements against things like employee and adversary behavior. You can be a superstar, build a world-class cybersecurity program, and follow best practices, providing exceptional protection for the organization. Despite this excellence, a single employee can click on a malicious web link, share a password, or misconfigure an asset, leading directly to a successful cyberattack. When this happens, it’s your fault. Yup, CISOs have heavy responsibilities. How are they dealing with this burden? Not very well, according to research from ESG and the information systems security association (ISSA). The data reveal that 57% of cybersecurity professionals believe their organization’s CISO is only somewhat effective, not very effective, or not at all effective. To read this article in full, please click here
http://news.poseidon-us.com/SjlPpQ

GoDaddy connects a slew of past attacks to a multi-year hacking campaign

Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an SEC filing. The company only discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains. “Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the filing added. To read this article in full, please click here
http://news.poseidon-us.com/SjhkZ2