Posts

Under Scrutiny, Big Ag Scrambles To Address Cyber Risk

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


At first glance, the LinkedIn post from a UK based security researcher was unremarkable: a photo of vendor swag – a hat, iron-on patch and gym bag he received as a “thank you” for participating in the company’s bug bounty program and reporting software flaws in a company’s products. 

What was remarkable was the company logo on the swag: the distinctive yellow stag set against the bright green of agricultural equipment giant John Deere. A handwritten note to the researcher, Sai Ganesh (@ganiganeshss79), thanked him for his participation in Deere’s bug bounty program, which is hosted by the bug bounty platform HackerOne. It was signed “The John Deere Security Team.” 

The Trustworthy Computing Memo Lands On The Farm

In 2021, such gestures are commonplace in the software industry. It has been 16 years since TippingPoint Technologies (now part of 3COM) launched its Zero Day Initiative – one of the first “cash for vulnerabilities” programs. In the intervening years, hundreds of firms have followed suit including giants like Microsoft, Yahoo and Facebook, as well as device makers like Samsung and car makers GM and Tesla. 

Tech industry firms, in 2021, draw attention to their programs for rewarding researchers with cash – sometimes lots of it – and company swag for finding and reporting software flaws in their technology. The vulnerability disclosure market is expected to grow in value from $223m annually in 2020 to more than $5 billion by the end of the decade. 

So far, however, that revolution passed over the agriculture sector, which makes Deere’s sudden about-face all the more remarkable. Despite employing more software developers than mechanical design engineers, according to its CTO, Deere – as late as March – did not have a public vulnerability disclosure program for researchers like Ganesh to partake in. On the MITRE-maintained list of Common Vulnerabilities and Exposures (CVE), the company still does not have a single, publicly disclosed software vulnerability to its…

Source…

School districts say cyber security attacks are a growing risk – KATU



School districts say cyber security attacks are a growing risk  KATU

Source…

Bitglass Report Shows Enterprises Increasing Risk by Enabling BYOD

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Securing BYOD to prevent data loss/theft is a top concern.

A new Bitglass report shows that despite the surge in enterprises enabling bring your own device (BYOD), many are unprepared for the associated risks.

Bitglass’ 2021 BYOD Security Report show the rapid adoption of unmanaged personal devices connecting to work-related resources. It also highlights how organizations are ill-equipped to deal with growing security threats such as malware and data theft.

The Bitglass report is a joint venture with Cybersecurity Insiders. It surveyed hundreds of cybersecurity professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced by the use of personal mobile devices.

The insights in this report are especially relevant. That’s because more enterprises are shifting to permanent remote work or hybrid work models. That means connecting more devices to corporate networks and, as a result, expanding the attack surface.

Enterprises Left Vulnerable

Anurag Kahol is CTO and co-founder of Bitglass.

Bitglass' Anurag Kahol

Bitglass’ Anurag Kahol

“Despite 82% of enterprises enabling BYOD to some capacity, many are still highly unprepared for the risks associated with unmanaged devices,” he said. “Fifty-one percent of the surveyed organizations don’t have any means of identifying vulnerabilities associated with malicious Wi-Fi on personal devices. Even more surprisingly, 49% are unsure or unable to detect whether malware has been downloaded in the last 12 months.”

Key findings from the Bitglass report:

  • BYOD is here to stay. Use of personal devices has helped businesses improve employee productivity and satisfaction, while also reducing costs. However, challenges associated with managing device access and mobile security remain.
  • Securing BYOD to prevent data loss/theft is a top concern. Respondents are most concerned about data leakage. Other apprehensions included users downloading unsafe apps or content, lost or stolen devices, and unauthorized access to company data and systems.
  • Enterprises are running blind when it comes to securing BYOD devices against modern security threats. For example, 22%  of…

Source…

KSA Collabs With Black Hat Organizers To Launch @Hack Conference To Tackle International Cyber Risk


Happening on November 28-30, 2021, @Hack is bringing together the world’s most prominent hackers and trainers to explore breakthrough issues, trainings and trends within the information security community.



a screen shot of a computer


© Shutterstock


The event is organized by the Saudi Federation of Cybersecurity, Programming and Drones (SAFCSP), which is behind some of KSA’s prominent high-tech bootcamps and events, and in association with Informa Tech, the organizers of the renowned cybersecurity networking event series Black Hat. Bringing their global experience and industry know-how, @Hack is set to occur at the Riyadh Front Expo Centre, in a partnership with national telecoms operator STC.

The premier event is held in support of Saudi Arabia’s Vision 2030 and SAFCSP’s mission to make one in every 100 Saudi citizens a programmer to advance the Kingdom’s distinction in the tech industry.

The three-day conference will have in-depth, hands-on technical courses on topics ranging from offensive security, to the latest techniques in penetration testing, infrastructure hacking, mobile application security, analyzing automotive electrical systems, and more.

Loading...

Load Error

@Hack will feature 250 cutting-edge brands, including 40 promising startups, in its Innovation City exhibition hall. The event will feature an Executive Summit to bring together leading Chief Information Security Officers (CISOs) to look into the Middle East’s cybersecurity needs, including security guru and cybersecurity author Bruce Schneier. More than 250 leading infosec experts and hackers will showcase advanced research, new vulnerabilities, open-source tools and more. It has an impressive list of speakers, including former US marine and ethical hacker Bryan Seely, known as the only person to wiretap the US Security Service and FBI; Hector Monsegur, controversial hacker and former head of the Anonymous hacking group; Chris Tarbell, former FBI special agent who caught Black Hat hacker Monsegur; Shira Rubinoff, cybersecurity and blockchain advisor, who serves as President of Prime Tech Partners and SecureMySocial; Jaya Baloo, CISO at Avast; and Olivera Zatezalo, CSO at Huawei Canada.

The event will put…

Source…