Cybersecurity News: December 13, 2021

DOJ Announces New Initiative to Use False Claims Act to Enforce Compliance with Data Privacy and Security Laws and Contract Requirements

JD Supra
“This new initiative significantly expands the potential liability of federal contractors and healthcare provider that participate in federal healthcare programs related to data privacy and cybersecurity issues.” Read More

Cybersecurity Takes the Wheel as Auto Industry’s Top Priority

Dark Reading, Yash Prakash
“The auto industry’s reliance on software and connectivity will only become more pronounced in the years to come. Building effective cybersecurity into all aspects of new vehicles and systems is essential to ensuring the future success of the automotive industry.” Read More

27 flaws in USB-over-network SDK affect millions of cloud users

Bleeping Computer, Bill Toulas
“These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded.” Read More

SolarWinds hackers have been quietly targeting governments, cloud providers

SC Magazine, Derek B. Johnson
“The SolarWinds campaign was about who were the vendors you trust and all the different software in your environment, and this threat actor leveraged that one-to-many relationship pretty well. When we fast forward to now and talking about the cloud service providers, that’s them again saying why spend a lot of effort targeting a dozen individual companies when I can instead target one company that can then get me into those dozen ones.” Read More

GraphQL API authorization flaw found in major B2B financial platform

ZD Net, Jonathan Greig
“It is tempting to believe that mobile apps create an obscurity layer that is hard for attackers to crack, but decades of experience show that security through obscurity just doesn’t get the job done. Organizations need to make sure every transaction requires authorization and every step of a transaction is checked to make sure the permissions are appropriate for what is being attempted.” Read More

Ransomware: When Policy Matters Most

Selling to a CISO? Practice Empathy, Not Salesmanship

Why Bots Are the Next Big Thing in Account Takeover Fraud

The Risk of Measuring Risk

What Is Zero Trust Anyway?

Data Classification: Building, and Pitching, a Rock Solid Program

Stagehand: S1 Episode 8

Stagehand: S1 Episode 7

SecOps Needs More Democratization, Not Less SOC

Five Best Practices to do Supply Chain Security Right

Employee Security Awareness Training: Why It’s Important

Zero Trust Architecture: Never Trust, Always Verify

A Conversation with Jonathan Kimmitt

A Conversation with Gary Gooden

A Conversation with Morgan Wright

Alan Levine: Strategic Advice for Cybersecurity Leaders

Andreas Wuchner: A Cyber Risk Guide for Humans

Darrell Jones: Data – The New Frontier

Jack Sullivan: Stagehand – A Fictional Crime Drama

Sergej Epp: Top of the SOC

Global Trends and Predictions 2022

Cybercriminals Are Watching You; Are You Watching Them?

3 CISOs Discuss How To Select the Right Cyber Insurance

Can You Hear Me Now?

Dirty Hands, Elephants, and ID10Ts – Oh My!

Beware The CISO’s Wrath

A Conversation With Juliet Okafor

A Conversation with Anne Marie Zettlemoyer

A Conversation with Helen Mohrmann

Cybersecurity News: December 13, 2021

DOJ Announces New Initiative to Use False Claims Act to Enforce Compliance with Data Privacy and Security Laws and Contract Requirements

Cybersecurity Takes the Wheel as Auto Industry’s Top Priority

27 flaws in USB-over-network SDK affect millions of cloud users

SolarWinds hackers have been quietly targeting governments, cloud providers

GraphQL API authorization flaw found in major B2B financial platform

About CISO Street

Site Map

Subscribe