January 18, 2021

Free cyber career training coursework emerges as a perk in tough times

SC Magazine, January 18, 2021
A pair of cybersecurity firms this month announced a slate of new career training and education courses that will be made freely available to the public. These complimentary offerings are helping current, aspiring and unemployed infosec professionals gain an upper hand in a down economy, while aiding an industry facing a growing skills gap.

January 12, 2021

Data Privacy Day: Understanding COVID-19’s Impact

Security Boulevard, January 12, 2020
Data Privacy Day is Jan. 28, just like it is every year. But as with everything else, COVID-19 has forced us to reconsider a new normal for enforcing data privacy in the work-from-home (WFH) environment. Sponsored by the National Cyber Security Alliance (NCSA), Data Privacy Day is designed to “inspire dialogue and empower individuals and companies to take action” on the way personal information is collected, stored and used.

January 11, 2021

IT cleanup at U.S. Capitol presents massive challenge

GCN, January 11, 2021
Federal IT staff have a massive job ahead of them cleaning up after the rioters who broke into the U.S. Capitol building, some of whom rifled through lawmakers offices.
While improving physical security for the building and for lawmakers and staff who work there is the first priority, experts have said the rioters’ unprecedented access to offices, files and computers can have serious cybersecurity ramifications.

January 11, 2021

Experts Weigh In on Cybersecurity Risks of Capitol-Like Attacks

SecurityWeek, January 11, 2021
Hundreds of protesters stormed the U.S. Capitol on Wednesday just as the House and Senate were certifying the election victory of Joe Biden. While much of the focus was on the physical destruction caused by the protesters, many people have pointed out that rioters gained access to computers in the Capitol, which in some cases were still turned on and logged in, as their users were forced to quickly evacuate.

January 8, 2021

Cybersecurity Ramifications of the 2021 Storming of the United States Capitol

TidBits, January 8, 2021
Hidden amidst the physical cleanup and repairs necessary after a mob of rioters stormed and occupied the US Capitol are significant cybersecurity concerns. At Wired, Lily Hay Newman writes about the cybersecurity implications of the invasion, explaining some of the breaches that happened and discussing others that could have happened if foreign intelligence agents piggybacked on the takeover.

January 8, 2021

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

WIRED, January 8, 2021
IN THE AFTERMATH of destructive riots that trashed the United States Capitol on Wednesday, the nation is grappling with questions about the stability and trajectory of US democracy. But inside the Capitol building itself, the congressional support staff is dealing with more immediate logistics, like cleanup and repairs. A crucial part of that: the process of securing the offices and digital systems after hundreds of people had unprecedented access to them.

December 16, 2020

SolarWinds Attack Fallout: 18K Customers at Risk, ExtraHop IDs 550 Suspicious IP Addresses

SDxCentral, December 16, 2020
As many as 18,000 SolarWinds customers installed the company’s Orion software updates containing malicious code likely inserted by Russian nation-state hackers, according to documents filed with the U.S. Securities and Exchange Commission on Monday.
The SolarWinds attack may have also hit Microsoft customers. In its SEC filing, SolarWinds said the hackers compromised its Office 365 email and office productivity accounts.