SoatDev IT Consulting
SoatDev IT Consulting
  • About us
  • Expertise
  • Services
  • How it works
  • Contact Us
  • News
  • September 1, 2023
  • Rss Fetcher

Celebrate Women in Cybersecurity.
Welcome to Cyber Security Today. It’s Friday, September 1st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Today is International Women in Cybersecurity Day. It’s a day IT and security leaders should think about how they ensure their teams are diverse. This is especially important with the number of unfilled IT and cybersecurity jobs in organizations around the world. So the first thing listeners who are leaders need to ask themselves is are their teams diverse, and if not, why? Second, what are you going to do about it? Do you go out of your way to give women a chance? Are job postings written in an open way that encourages diversity? Is there too much reliance on IT certifications? If there are women on your IT and security teams, are their solutions and opinions valued?
There will be an online celebration this afternoon at 1 p.m. Pacific time. Register here
I have a more detailed story on International Women in Cybersecurity Day here. And later today it will be discussed as part of the Week in Review podcast.
Also in the news, clothing retailer Forever 21 is notifying over a half a million current and former employees of a data breach earlier this year. The attacker got names, Social Security numbers, birth dates and bank account numbers.
Threat actors continue planting malicious packages in open-source repositories, hoping to sucker unsuspecting application developers. The latest example was found by researchers at Reversing Labs: Three packages in the PyPI repository for Python-language code that continue a campaign of planting code that mimics the names of popular Python tools. As I’ve said before, if you want to download something from PyPI, NPM, Ruby, GitLab or any public code repository you’d better be sure it’s legit — and you’d better scan it to be sure.
Separately, researchers at Checkmarx report that for the last three years a threat actor has been plopping malicious packages in the NPM repository. These particular packages steal data from developers’ work. Apparently they are looking to infect cryptocurrency apps or wallets.
Someone is loading old bugs into the Common Vulnerabilities and Exposures list. Known to most infosec pros as the CVE list, its a compilation of publicly disclosed computer security flaws found by IT companies and security researchers. However recently CVEs that are upwards of three years old were added. According to Dan Lorenc, chief executive of Chainguard, 138 were entered on one day. It looks like the person is scraping old issues and commits and filing them. Their motive is unknown. And while they have CVE numbers, Lorenc says some of them aren’t really vulnerabilities. And in most cases patches were issued for them long ago.
Threat actors use all kinds of tricks to get you to click on a malicious link in an email. One of them is putting a phony date in the subject line. Why? To make you think the message was sent earlier than it was. So if the subject line reads, ‘Warning. Invoice due at the end of today’ and beside it is a date 24 or 48 hours ago, you might think, ‘I’d better get on this fast.’ Which is exactly what you shouldn’t do, say researchers at Cofense who reported on this trick. Don’t be fooled by what’s in the subject line, any more than you should be fooled by the content of the email.
Later today the Week in Review will be available. There will be discussion on a Canadian government report on cybercrime, the takedown of the Qakbot botnet and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.The post Cyber Security Today, Sept. 1, 2023 – Celebrate Women in Cyber Security first appeared on IT World Canada.

Previous Post
Next Post

Recent Posts

  • For the love of God, stop calling your AI a co-worker
  • Elon Musk tries to stick to spaceships
  • Thousands of Netflix fans gather for Tudum
  • Early AI investor Elad Gil finds his next big bet: AI-powered rollups
  • Gardener’s ellipse

Categories

  • Industry News
  • Programming
  • RSS Fetched Articles
  • Uncategorized

Archives

  • June 2025
  • May 2025
  • April 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023

Tap into the power of Microservices, MVC Architecture, Cloud, Containers, UML, and Scrum methodologies to bolster your project planning, execution, and application development processes.

Solutions

  • IT Consultation
  • Agile Transformation
  • Software Development
  • DevOps & CI/CD

Regions Covered

  • Montreal
  • New York
  • Paris
  • Mauritius
  • Abidjan
  • Dakar

Subscribe to Newsletter

Join our monthly newsletter subscribers to get the latest news and insights.

© Copyright 2023. All Rights Reserved by Soatdev IT Consulting Inc.