Blog

Who owns customer identity?

When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to organization. From my experience, customer identity often doesn’t have a single owner because it’s critical across the business. This lack of clear ownership, however, makes it hard for organizations to get consensus. When organizations focus … More → The post Who owns customer identity? appeared first on Help Net Security.
http://news.poseidon-us.com/T5fmGr

Five Australians arrested in global raid on phishing kit seller LabHost

Used to steal personal info of 94,000 people.
http://news.poseidon-us.com/T5fhrL

ISC Stormcast For Thursday, April 18th, 2024 https://isc.sans.edu/podcastdetail/8944, (Thu, Apr 18th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/T5fZ02

National Weather Service financial system rollout less predictable than the weather

Last year, the Commerce Department rolled out a new financial system meant to improve financial management. Things have not gone as planned. The post National Weather Service financial system rollout less predictable than the weather first appeared on Federal News Network.
http://news.poseidon-us.com/T5dpKh

Malicious PDF File Used As Delivery Mechanism, (Wed, Apr 17th)

Billions of PDF files are exchanged daily and many people trust them because they think the file is “read-only” and contains just “a bunch of data”. In the past, badly crafted PDF files could trigger nasty vulnerabilities in PDF viewers. All of them were affected at least once, especially Acrobat or FoxIt readers. A PDF file can also be pretty “dynamic” and embed JavaScript scripts, auto-open action to trigger the execution of a script (for example PowerShell on Windows, etc), or any other type of embedded data.
http://news.poseidon-us.com/T5cFwh

Understanding next-level cyber threats

In this Help Net Security video, Trevor Hilligoss, VP of SpyCloud Labs, discusses the 2024 SpyCloud Identity Exposure Report, an annual report examining the latest trends in cybercrime and its impact. Researchers recaptured nearly 1.38 billion passwords circulating the darknet in 2023, an 81.5% year-over-year increase from 759 million in 2022. Within these passwords, the report finds a 74% password reuse rate for users exposed in two or more breaches in the last year. Researchers … More → The post Understanding next-level cyber threats appeared first on Help Net Security.
http://news.poseidon-us.com/T5c7zy

IT and security professionals demand more workplace flexibility

The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti. Ivanti surveyed over 7,700 executive leaders, IT and cybersecurity professionals‌‌ , and office workers to explore the profound challenges and opportunities employers face when they empower their employees to work everywhere — with no limitations on place and time. “Employers seeking to hire top … More → The post IT and security professionals demand more workplace flexibility appeared first on Help Net Security.
http://news.poseidon-us.com/T5c7vy

ISC Stormcast For Wednesday, April 17th, 2024 https://isc.sans.edu/podcastdetail/8942, (Wed, Apr 17th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/T5c2Fk

How legislators could make things a little easier for those companies working with the government

As the second quarter of 2024 begins, there is a lot on the horizon for those who do business with the government. The post How legislators could make things a little easier for those companies working with the government first appeared on Federal News Network.
http://news.poseidon-us.com/T5b8Nr

5 free red teaming resources to get you started

Red teaming is evaluating the effectiveness of your cybersecurity by eliminating defender bias and adopting an adversarial perspective within your organization. Tactics may include anything from social engineering to physical security breaches to simulate a real-world advanced persistent threat. Here are some free red teaming resources to get you started. Atomic Red Team Atomic Red Team is a collection of tests mapped to the MITRE ATT&CK framework. It allows security teams to efficiently, portably, and … More → The post 5 free red teaming resources to get you started appeared first on Help Net Security.
http://news.poseidon-us.com/T5Yjz9