by Dawn Dunkerley
Contributing Editor

No Quick Fix for Security-Worker Shortfall – Dark Reading

Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly-skilled employees.

Editor’s note: Recruiting is only part of the battle; it’s still critical that you train and look for incentives to retain your cyber security professionals. Often the incentive can be quality training itself, conferences, even just simple appreciation for the work they’re doing. Invest in your high-performing personnel, and your program will flourish.


Instagram Fixed Flaw That Links Account Info To PII – Packet Storm Security

Facebook has repaired a vulnerability in its Instagram social media platform after a researcher found that it could be exploited to link users’ phone numbers to their account numbers, usernames and actual names.

Editor’s Note: This story is a reminder that companies like Facebook aggregate key bits of your Personally Identifiable Information (PII), and malicious actors often use such data from multiple sources to conduct identity theft operations. Minimize the PII you give companies, and never reuse passwords across websites.


NY Payroll Company Vanishes With $35 Million – Krebs on Security

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies.

Editor’s Note: This is a terrifying story that underlines the trust we put in our third-party vendors, with sometimes dramatic downside. Pioneer Bank has reported $36M (USD) in exposure as a result of this theft. A great reminder to review your contracts with vendors and conduct your due diligence, both before and during your partnership.


Rural towns targets for hackers | Commentary Bowling Green Daily News

Hackers and scammers are everywhere these days. Spoofed phone calls bombard most of us daily; emails are constantly landing in our inboxes with misleading links and dangerous files attached; security breaches at major companies have probably put some amount of your personal information in the hands of data thieves.

Editor’s Note: We are seeing small and medium-sized municipalities come under increasing fire, especially through ransomware, and this is no coincidence. Hackers know that resources are often limited and that cyber security may not have been at the forefront of planning. For these situations, a Virtual CISO (vCISO) is an economical way to make the critical progress needed without hiring a full-time CISO.


Baltimore to use $6M in park funds for ransomware recovery – WTOP

The city’s spending panel voted Wednesday to use the funds for recovery and “hardening of the environment.” BALTIMORE (AP) — Baltimore officials have decided to use $6 million in park and public facility funds to help pay for the recovery of a ransomware attack that crippled the city for weeks.

Editor’s Note: This is just heartbreaking, but a reminder that an ounce of prevention is worth a pound of cure. I feel for the kids who won’t have nicer parks due to that lack of prevention.


Video captures glitching Mississippi voting machines flipping votes – Naked Security

“It is not letting me vote for who I want to vote for,” a Mississippi voter said in a video that shows him repeatedly pushing a button on an electronic touch-screen voting machine that keeps switching his vote to another candidate.

Editor’s Note: Small to medium-sized municipalities are often the organizations responsible for the voting process. Putting the same care into the voting systems – often old, defunct operating systems that have been minimally patched – as is done in traditional IT systems is critical to ensuring our elections are free and fair.


Leave a Reply

Your email address will not be published. Required fields are marked *