WHY IT MATTERS: Digital Transformation

McDonald’s Drive-Thrus are a baseline for the entire industry and seeing them install LCDs that basically blow up and fail totally is something everyone wants to understand.

The DIACC is pleased to publish the first iteration of the Directory of Products That Assess Identification Documents & Verify Identity. This Directory is designed to provide an overview of providers’ solutions which use government issued photo identification cards, combined with biometric facial scans, to establish Digital Identity.

Each of these distinct attacks had two things in common: China and Super Micro Computer Inc., a computer hardware maker in San Jose, California. They shared one other trait; U.S. spymasters discovered the manipulations but kept them largely secret as they tried to counter each one and learn more about China’s capabilities.

IT Security Certification Roadmap charting security implementation, architecture, management, analysis, offensive, and defensive operation certifications.

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.

Parler lacked the most basic security measures that would have prevented the automated scraping of the site's data. It even ordered its posts by number in the site's URLs, so that anyone could have easily, programmatically downloaded the site's millions of posts. Parler's cardinal security sin is known as an insecure direct object reference,

The Falcon OverWatch managed threat hunting team and the CrowdStrike Services team present selected analysis that highlights the most significant events and trends in the past year of cyber threat activity. This analysis demonstrates how threat intelligence and proactive hunting can provide a deeper understanding of the motives, objectives and activities of these actors — information that can empower swift proactive countermeasures to better defend your valuable data now and in the future.

MITRE started ATT&CK in 2013 to document common tactics, techniques, and procedures (TTPs) that advanced persistent threats use against Windows enterprise networks. ATT&CK was created out of a need to document adversary behaviors for use within a MITRE research project called FMX.

Global boardroom awareness of the increased scale and sophistication of cyberattacks, and their financial and reputational impact, has skyrocketed. To improve response and recovery, security and risk management leaders must align business continuity management with cybersecurity incident response.

A billion people in the world have no legal identity. Without an ID they can’t open a bank account, get a loan, or even vote. Now a tech entrepreneur has come up with an answer.

As remote work increases access management tool adoption, and security controls shift to identity, the ability to secure access with AM strategies aligned with continuous adaptive risk and trust assessment is paramount. Cost optimization for IT spending (e.g., AM) will also increase during 2021.

The purpose of the PCTF Authentication Component is to assure the on-going integrity of login and authentication processes by certifying, through a process of assessment, that they comply with standardized Conformance Criteria.Click here to edit the content

Girish Balakrishnan, Netflix's director of virtual production, says the workflow using Unreal offers "the ability to connect a DP in New York with VFX artists in London, a director in Los Angeles with an art department in Japan, and performance-capture talent with in-house animation supervisors." The goal is to streamline production across continents "while talent safely works from home."

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

The last few weeks, I've been spending my days helping victims recover from ransomware attacks. When doing this, restoration is the number one priority, and the motto becomes "as fast as you can". There have been some challenges along the way, and some "shocking" reveals when working with criminal software when expecting it to unlock your files. Here are some of the following use cases that Unit 221B encountered and the workarounds we applied to get a successful restoration.

Stay ahead of threats with the insights in the 2020 Data Breach Investigations Report (DBIR) from Verizon Enterprise Solutions. Read the official report now.

Make no mistake, the knowledge of hacking is different from a hacker. A hacker is a person, not the skill. And the use of any knowledge is a personal choice and that choice isn’t universal. The same way some politicians are corrupt, some hackers are corrupt. The same way some politicians are good, some hackers are good also. You may be a Satoshi Nakamoto or an Albert Gonzalez, it is your choice. There is nothing wrong with the hacker knowledge. It is all about you. What You’ll Learn

In June of 2018, in the midst of all the other letters demanding that the company stop police use of Rekognition, Raji and Buolamwini expanded the Gender Shades audit to encompass its performance. The results, published half a year later in a peer-reviewed paper, once again found huge technical inaccuracies. Rekognition was classifying the gender of dark-skinned women 31.4 percentage points less accurately than that of light-skinned men.

Proof-of-concept shows how easy it may be to hide malicious chips inside IT equipment.

Most cyber attacks and data breaches remain the result of weak passwords. So, why are we still using them?

The cybersecurity skills gap has been plaguing enterprises for years—but despite garnering much discussion and media coverage, little progress is being made.

State of Cybersecurity 2020 looks at questions such as:

• How long does it take to fill a cybersecurity role with a qualified candidate?
• What percentage of cybersecurity candidates are qualified for the role?
• Is retention improving or worsening?
• Which cybersecurity skills are in the highest demand?
• Are HR teams informed partners in the search for qualified cybersecurity candidates?
• Are cybersecurity teams becoming more gender-balanced, and are diversity programs doing enough to help?
• What can companies do to staff up more quickly and find better-qualified candidates?

Attackers look for the path of least resistance. Recently, that path has shifted from enterprise networks to you and your devices for two reasons. First, as we have built more secure software and systems, it has made it harder to …

Protecting People cybersecurity threat report explores who’s being targeted, how they’re being attacked, and what you can do about it.

Every year, millions of fraudulent web domains are registered by threat actors looking to impersonate trusted brands. Using these domains, they launch phishing attacks or other scams.

What are the latest trends around fraudulent domains, and how can you protect your organization?

Download the report now to learn: 

• How threat actors create fraudulent domains
• What characterizes fraudulent and legitimate domains
• Which keywords and top-level domains (TLD) are trending
• How fraudulent domains use email to launch attacks