Lifeboat Foundation

The need for more web watchmen spans from private businesses to government agencies, experts say, and most of the job openings are in California, Florida, Texas and Virginia. That means for anyone looking to switch careers and considering a job in cybersecurity, there’s no greater time than now to find work, the job trackers said.

“You don’t have to be a graduate of MIT to work in cybersecurity,” said Tim Herbert, executive vice president for research at CompTIA. “It just requires someone who has the proper training, proper certification and is certainly committed to the work.”

A group of “ethical hackers” has obtained access to sensitive systems and proprietary online data hosted by the Fermi National Accelerator Laboratory in the US after accessing multiple unsecured entry points in late April and early May. The group – Sakura Samurai – discovered configuration data for the lab’s NoVa experiment and more than 4500 “tickets” for tracking internal projects.

The Sakura Samurai team has previous experience probing the vulnerabilities of scientific and educational organizations, which hold critical information that if leaked could put those institutions at risk. “Fermilab was no different,” Sakura Samurai leader Robert Willis told Physics World. “Oversharing can be very dangerous, especially when it’s sharing credentials that could enable a malicious actor to take over a server with the potential to move across their network to access items that the organization wouldn’t even think of being vulnerable.”

Splunk today announced it plans to acquire security software company TruStar for an undisclosed amount. The acquisition will add TruStar’s cloud-native, cyber intelligence-sharing capabilities and automated processes to Splunk’s growing cybersecurity portfolio.

“TruStar will help us get even better at predictive threat assessments by strengthening our threat intelligence framework. This acquisition will allow customers to autonomously and seamlessly enrich their (security operation center) workflows with threat intelligence data feeds from heterogeneous sources,” Splunk president and CEO Doug Merritt told VentureBeat in an exclusive interview.

The pending deal is in line with Splunk’s philosophy that “security is a data problem,” he said. The announcement marks a return to M&A activity for Splunk and the massive $1.05 billion deal for SignalFX in 2019. The company also made four cloud-related acquisitions in 2020.

Even when you pay for a decryption key, your files may still be locked up by another strain of malware.

Not the usual medical or science, but it may help someone.

Windows 10 comes with its own baked-in antivirus solution called Windows Defender, and it is enabled by default when setting up a new PC. At the very least, that affords you some basic protection against the many malware threats out in the wild. But did you know there is an added optional layer that can keep your pictures, videos, work documents, and other files safe in the event of a ransomware infection? The caveat is that you have to manually enable ransomware protection in Windows 10.

Continue reading “Windows 10 has a built-in ransomware block, you just need to enable it” »

An attack has crippled the company’s operations—and cut off a large portion of the East Coast’s fuel supply—in an ominous development for critical infrastructure.

Top U.S. fuel pipeline operator Colonial Pipeline has shut its entire network, the source of nearly half of the U.S. East Coast’s fuel supply, after a cyber attack that the company said was caused by ransomware.

The shutdown has raised fears of a price spike at the gas pumps ahead of peak demand summer driving season if it persists, and has drawn attention to how critical U.S. energy infrastructure is vulnerable to hackers.

Colonial transports 2.5 million barrels per day of gasoline, diesel, jet fuel and other refined products through 5500 miles (8850 km) of pipelines linking refiners on the Gulf Coast to the eastern and southern United States.

Computing experts thought they had developed adequate security patches after the major worldwide Spectre flaw of 2018, but UVA’s discovery shows processors are open to hackers again.

In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack.

Researchers named the vulnerability Spectre because the flaw was built into modern computer processors that get their speed from a technique called “speculative execution,” in which the processor predicts instructions it might end up executing and preps by following the predicted path to pull the instructions from memory. A Spectre attack tricks the processor into executing instructions along the wrong path. Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way.

A mental health startup built its business on easy-to-use technology. Patients joined in droves. Then came a catastrophic data breach.