All news with #security awareness tag

🔒 Security leaders must avoid career-limiting behaviors that erode trust and effectiveness. The article outlines 10 common missteps — from failing to align security with business priorities and remaining purely technical to drawing inflexible red lines and mishandling AI — that stall advancement. It stresses practical shifts: become a business partner, balance risk with speed, improve asset visibility, foster relationships, and rehearse incident response to maintain credibility.

🔒 This practical guide helps parents reduce their children's digital footprint by identifying risky "hot spots"—from unsecured group chats and gaming voice channels to oversharing on social media, unsafe downloads, public Wi‑Fi and unvetted AI tools. It stresses open conversation over heavy-handed controls and recommends concrete measures: disable geolocation, vet links with anti‑phishing tools, use antivirus, a trusted VPN on public networks, and parental controls such as Kaspersky Safe Kids. The guide also encourages parents to watch and discuss online activity together and to teach habits like unique passwords and cautious AI use.

🛡️ MSRC reports that Cross-Site Scripting (XSS) remains a persistent threat across legacy portals and modern single-page applications, with hundreds of cases triaged in the past year. Between July 2024 and July 2025, MSRC mitigated over 970 XSS cases and awarded more than $900,000 in bounties, spanning low-impact self-XSS to zero-click critical exploits. The post describes MSRC’s severity matrix that combines data classification and exploit conditions, outlines servicing scope and exclusion criteria, and publishes a practical submission checklist. Developers and researchers are encouraged to adopt context-aware encoding, Content Security Policy (CSP), and secure-by-default frameworks to reduce exposure.

🛡️ Corporate communications must be an integral part of cyber incident preparedness, working closely with the CISO to develop and execute a crisis communication plan. Preventive measures include a crisis manual, continuous internet monitoring, and established relationships with opinion leaders to preserve reputation. The article advises joint leadership by communications and IT of a compact emergency team, creation of an independently accessible emergency infrastructure (including an darksite), staged statements and prebuilt templates, and secure off-network contact lists.

☁️ The Certified Cloud Security Professional (CCSP) is a cloud-focused security certification from ISC2 for experienced professionals responsible for designing, managing, and securing cloud data, applications, and infrastructure. The exam was updated effective August 1, 2024 to 125 questions over three hours and maps to six CBK domains. Candidates must meet work-experience and endorsement requirements and maintain the credential via annual fees and continuing education.

👩‍💻 Fortinet marks International Women in Cybersecurity Day 2025 by highlighting programs that expand access to cybersecurity training and career pathways for women. The Fortinet Training Institute and its Education Outreach Program provide free access to Network Security Expert (NSE) training and certifications, and run instructor-led initiatives such as the Networking Fundamentals Bootcamp. Through a four-year partnership with WiCyS, Fortinet supported regional meetups and led a Hands-on SOC Workshop at the WiCyS Annual Conference (April 2–5, 2025) in Dallas. These efforts are positioned to address the global cyber skills gap ahead of the forthcoming 2025 Cyber Skills Report.

👩‍💻 Female cybersecurity leaders report improving representation and influence, with 55% of women in managerial or higher roles even though women comprise just 22% of the cybersecurity workforce, according to a recent ISC2 report. Executives including Carol Lee Hobson and Cindi Carter note more women stepping into CISO and board-level positions and a stronger talent pipeline from STEM programs. However, salary gaps persist (median US pay: men $150,000; women $140,000), and many still face limited mentorship and subtle bias. Leaders emphasize mentoring, sponsorship, and networking groups as essential to sustaining progress.

🔒 This article outlines nine critical errors that can cost CISOs their positions, based on input from several industry leaders. It highlights risks such as overconfidence, unnecessary complexity, weak Governance, Risk & Compliance programs, and poor alignment with business priorities. The piece stresses practical prevention: prioritize access control and identity management, address the human factor, shrink stale data, break down silos, and avoid complacency to reduce breach risk and maintain executive trust.

📚 The online world often mirrors the schoolyard, and bullying can intensify when a new term begins. A 2023 Microsoft study highlights cyberbullying as a top parental concern, with harassment ranging from name‑calling and rumor‑spreading to sextortion and deepfake images. Watch for behavioral changes, keep open, nonjudgmental lines of communication, and review app privacy settings. If abuse occurs, calmly teach children to block, capture evidence and report incidents to platforms and schools.

🔍 This article debunks ten common cyberbullying myths that can mislead parents and educators. It cites rising rates of online harassment among US middle- and high-school students and explains why beliefs such as “what happens online stays online” or “remove the tech and you solve it” are false. The piece urges open dialogue, vigilance for behavioral signs, and collaborative plans to support children.

📸 Parents should engage when children show interest in blogging, using open discussion to build trust and teach online safety. The article recommends creating accounts together, reviewing privacy settings, disabling geolocation, choosing strong unique passwords, and enabling two-factor authentication to reduce account-takeover risk. It also outlines what not to post, how to monitor usernames, and how to spot scams, doxing, and stalker behavior.

📦 Delivery scams now include evolved brushing and QR-based "quishing" campaigns that use unsolicited packages or printed postcards to trick recipients into visiting malicious sites, paying fake fees, or installing malware. Scammers may include QR codes, phone numbers, or counterfeit tracking cards to extract payment data, one-time codes, or to prompt app installs. Never scan printed QR codes or call numbers on unexpected parcels; verify shipments via official courier channels and avoid connecting unknown USB devices. Enable two-factor authentication and report suspicious packages to the courier and police.

🔒 Microsoft Security invites CISOs, SecOps leads, identity architects, and cloud security engineers to Microsoft Ignite 2025 in San Francisco (Nov 17–21) and online (Nov 18–21) to explore secure AI adoption and modern SecOps. Register with RSVP code ATXTJ77W to access the half-day Microsoft Security Forum (Nov 17), hands-on labs, live demos, and one-on-one meetings with experts. Attendees can join networking events including the Secure the Night party, pursue onsite Microsoft Security certifications, and engage in roundtables focused on threat intelligence, regulatory insights, and protecting data, identities, and infrastructure.

🔒 Digital natives often spend more time online and maintain large numbers of accounts, which increases exposure to scams, phishing and account takeovers. Research shows Gen Z is less likely to use unique passwords, enable MFA, or install updates regularly, and some admit sharing sensitive data with AI or bypassing corporate security tools. Simple, practical steps — stick to official app stores, keep software updated, deploy trusted security software, review privacy settings and treat unsolicited offers with skepticism — can significantly reduce risk.

📱 Android adware can range from benign ad‑supported apps to intrusive PUAs that harvest data, perform click fraud, or hide to prevent removal. Detections rose by 160% in H1 2025, and sophisticated campaigns such as Kaleidoscope — which uses identical “evil twin” apps across official and third‑party stores — accounted for a substantial share of incidents. To reduce risk, only install apps from reputable developers and the Google Play Store, keep software updated, enable PUA detection in mobile security tools, and if infected disconnect, reboot to Safe Mode and remove suspicious apps or run a trusted scanner.

🔐 Talos, in collaboration with NetHope and Cisco Crisis Response, developed a customized Backdoors & Breaches expansion deck to help humanitarian aid NGOs improve incident response and proactive security within constrained budgets. The cards model real-world challenges—forced relocation, limited connectivity, and scarce resources—to make tabletop exercises practical and relevant for both technical and non-technical teams. Hundreds of physical decks have been distributed and a U.S.-focused edition was created with NGO-ISAC for domestic organizations. Resources and virtual play options are provided to lower barriers to adoption and scale training.

🛡️ Over the coming weeks Google will begin a limited U.S. rollout of age assurance, a system designed to distinguish users under 18 from adults and apply age-appropriate protections across its products. For accounts identified as minors Google will enable defaults such as YouTube Digital Wellbeing tools, disable Maps Timeline, turn off personalized advertising, and block adult-only apps on Google Play. The approach combines machine-learning age estimation based on existing account signals with optional age verification — including a government ID or a selfie — when users dispute their estimated age, and Google will notify users and provide options for adult verification.

🔒 Browser extensions can provide useful features but also expose users and organizations to significant risk. Malicious or compromised add-ons may steal credentials, session cookies, and browsing data, inject ads or malware, redirect users, or run background tasks like cryptomining. Scrutinize developer credentials and permissions, prefer official web stores, keep browsers updated, and enable security software and MFA.

🔐 In this Cybersecurity Podcast episode, ESET Principal Threat Intelligence Researcher Robert Lipovsky outlines the practical skills and personality traits useful for newcomers to the field. He addresses common questions about coding ability, college degrees, and whether formal qualifications are required. Lipovsky emphasizes curiosity, persistence, and a willingness to learn alongside foundational technical skills. The discussion frames these recommendations within an evolving threat landscape and ESET’s broader career guidance.

⚠️ Task scams are rising employment frauds that lure jobseekers with easy micro-tasks and visible “earnings,” then pressure victims to pay to unlock funds. The schemes use gamification, spoofed sites and messaging apps, often asking for cryptocurrency deposits or “level-up” fees. Victims see initial fake gains, then lose payments with no recourse. Always verify recruiters and never pay upfront.