Cardinals fire scouting director as hacking investigations continue

stltoday | July 03, 2015

The St. Louis Cardinals have terminated the contract of their scouting director, Chris Correa, as investigations continue into alleged hacking of a Houston Astros database.

Spotlight

DAS is the state’s central administrative agency. It supports state agencies by providing management frameworks and infrastructure for information systems and services, procurement, and other functions. Responsibility for cybersecurity is split between DAS, the Office of the State CIO, and the Enterprise Security Office. This audit assessed critical security controls and the information technology (IT) security management practices at the Department of Administrative Services (DAS). We concluded the agency does not have a security management program that identifies necessary actions to ensure systems are appropriately secure, and lacks basic foundational IT controls for all six cybersecurity controls we reviewed. As a result, DAS systems and data may be at risk for unauthorized use, disclosure, or modification.


Other News
ENTERPRISE SECURITY

DTEX Systems Named to the Enterprise Security Tech Cyber Top 20 List

DTEX Systems | June 18, 2022

DTEX Systems, the Workforce Cyber Intelligence & Security Company™, today announced that it has been named to the Enterprise Security Tech Cyber Top 20 List. The list recognizes the top cybersecurity companies providing the most value to market based on technical product/service innovation, industry analyst recognition, customer testimony, diversity and inclusion initiatives, talent development initiatives, and contributions to the cyber community. “The future of data loss prevention and protection is human-centric, not data-centric. “We’re thrilled to be named to this inaugural list of top cybersecurity companies by Enterprise Security Tech, as it is further testament to the success of DTEX’s innovative, human-centric approach to enterprise security and our team’s continued efforts to expand beyond the capabilities of legacy cybersecurity solutions.” Jonathan Daly, Chief Marketing Officer at DTEX Systems As the first and only Workforce Cyber Intelligence and Security platform to put humans at the center of an organization's cybersecurity matrix, DTEX InTERCEPT offers an innovative approach to data collection and analysis that centers around human activity and intent, providing organizations with the context needed to escalate and remediate an event before malicious insiders attack, or data exfiltration occurs. The InTERCEPT platform brings together the capabilities of Insider Threat Management, User and Entity Behavior Analytics, Digital Forensics, and Behavioral DLP in an all-in-one lightweight, cloud-native platform. Only DTEX InTERCEPT delivers the behavioral context and activity intelligence that answers the Who, What, When, Where, Why and How related to any potential insider threat situation, compromised account event or data loss scenario without invading personal privacy. “The cybersecurity industry is going through an evolution right now,” said Jack Campbell, Editor, Enterprise Security Tech. “The threat landscape is growing at a faster pace than organizations can keep up with - so companies need innovative tools and services that leverage automation and simplification to combat threats at scale. We’re honored to be able to recognize these leaders for the value that they are bringing to the market and their contributions to the fight against cyber threats.” This accolade comes on the heels of two notable industry recognitions from Cyber Defense Magazine (CDM), which named DTEX ‘Most Innovative Data Loss Prevention’ and ‘Publisher's Choice Insider Threat Prevention’ in the 10th annual Global InfoSec Awards. About DTEX Systems DTEX Systems helps hundreds of organizations worldwide better understand their workforce, protect their data, and make human-centric operational investments. Its Workforce Cyber Intelligence & Security platform brings together next-generation DLP, UEBA, digital forensics, user activity monitoring and insider threat management in one scalable, cloud-native platform. Through its patented and privacy-compliant meta-data collection and analytics engine, the DTEX platform surfaces abnormal behavioral “indicators of intent” to mitigate risk of data and IP loss, enabling SOC enrichment with human sensors and empowering enterprises to make smarter business decisions quickly. About Enterprise Security Tech Enterprise Security Tech is a specialized cyber media company with a global presence. The Enterprise Security Tech blog is a cybersecurity blog written for CISOs, CIOs, and security-minded CEOs that brings together critical news, expert insights, and product information to help security leaders make informed business decisions. Enterprise Security Tech is also home to The Cyber Jack Podcast, which brings listeners the latest cybersecurity insights via security experts from around the industry.

Read More

SOFTWARE SECURITY

CyberSaint Releases CyberStrong Version 3.20 Empowering Customers to Further Automate the Cyber & IT Risk Management Function

CyberSaint | June 22, 2022

CyberSaint, the developer of the leading platform delivering cyber risk automation, announced the release of CyberStrong version 3.20 today, providing customers with the ability to further automate the assessment process via continuous control automation with Tenable and Microsoft Azure Security Center integrations. “CyberSaint’s continuous control automation functionality changes the way that security and risk teams perform assessments, and ultimately, manage cyber risk,” said Jerry Layden, CEO of CyberSaint. “Being first-to-market with this technology is exciting for us, and positions us to redefine the cyber and IT risk management market at large.” Until now, the process of assessing an organization’s cybersecurity risk posture against a framework or standard has been manual. CyberStrong’s continuous control automation leverages natural language processing (NLP) to map telemetry coming in from various security products, such as Tenable and Microsoft Azure Security Center, to controls in a customer environment, automating scores at the control level and pulling in evidence. Want to see this new feature in action? Register for the Live Demo on July 12th at 3:00pm EDT or watch after on-demand. “Having the capability to integrate with cybersecurity solutions such as those in a hybrid cloud environment is essential for successful integrated risk management (IRM) technologies. “IRM solution providers like CyberSaint offer companies real-time visibility and understanding of their cybersecurity risk. This provides a competitive edge by giving business leaders actionable data to mitigate growing cybersecurity and associated digital risks.” John A. Wheeler, Founder and CEO of Wheelhouse Advisors and former Gartner IRM analyst CyberSaint’s integration with Tenable allows customers to: Identify and create mappings to controls and control actions Automate the scoring of vulnerability scanning controls Keep assessment control scores up to date with every successful vulnerability scan CyberSaint’s integration with Microsoft Azure Security Center allows customers to: Pull in policies from Azure and relate their compliance to assessments within the CyberStrong platform Query the customer Azure configuration and correlate directly to NIST 800-53, the CSF, and additional standards such as CMMC, PCI, HIPAA, and more Provide nightly updates to control actions within the CyberStrong platform to keep compliance status up to date which aids in viewing variance of controls when evaluating risk About CyberSaint CyberSaint's mission is to empower today's organizations to build a cybersecurity program that is as clear, actionable, and measurable as any other business function. CyberSaint's solutions empower teams, CISOs, and Boards to measure, mitigate, and communicate risk with agility and alignment.

Read More

DATA SECURITY

DataTribe Announces Fourth Annual Cybersecurity Start-Up Challenge

DataTribe | July 29, 2022

DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies, announced today the launch of its fifth-annual DataTribe Challenge. The competition is poised to identify and curate Pre-Series A, high-technology start-ups with a vision to disrupt cybersecurity and data science. Three finalists will split $20,000 in prize money, and one winner will be eligible to receive up to $2 million in seed capital from DataTribe. In 2021, the Challenge had two winners: Quickcode.ai and ContraForce. Quickcode.ai helps non-technical experts build machine learning training data with unprecedented speed and accuracy while ContraForce is the only platform to make comprehensive cybersecurity easy, effective, and accessible for the small to midsize enterprise. “Over the last five years, the Challenge has evolved into an excellent platform for entrepreneurs to not only get exposure and feedback — but to actually fundraise. For the winner, it could take care of their entire seed round. We’re always humbled by the quality of submissions — as founders look over the horizon to chart the future of cyber. The Challenge is a lot of fun and we look forward to working with participants.” John Funge, Managing Director of DataTribe Mike Janke, Co-founder of DataTribe said, “The Challenge is the top cybersecurity startup competition in the world. We are inspired by the founders that participate and the innovations they present. We’re honored to be able to use all the resources we have at DataTribe to co-build with entrepreneurs, giving them an unfair advantage and creating the next generation of market-leading companies.” In June 2021, Synopsys acquired the winner of the 2019 Challenge, Code Dx, a software security testing orchestration, correlation, and prioritization platform. The exit was a demonstration of the Challenge’s ability to draw top cybersecurity solutions, as well as of the success of the DataTribe model of partnering with over the horizon technology coming out of national security agencies. DataTribe invites contestants to join the Challenge who have developed a robust concept and/or initiated development of a minimal viable product (MVP) – i.e., a product developed with sufficient features to entice early adopters. The firm anticipates a strong showing from teams with experience working in national security, defense, national laboratories, or at organizations specializing in cybersecurity and data science R&D. Applicants will have until August 31, 2022 to enter an application. DataTribe will review submissions for technical merit, market potential, and readiness of the team. On October 12, 2022, DataTribe will announce up to three finalists. These teams will then have 3 weeks to refine their pitch and prepare for final judging, with assistance from DataTribe’s team of startup veterans. In a live event, finalists will present a pitch and answer questions from a panel of esteemed judges on November 3, 2022. “Winning the 2021 DataTribe Challenge was a major catalyst in achieving the product and market momentum necessary to grow our customer base,” said Stan Golubchick, ContraForce Co-Founder and CEO. “DataTribe is more than just an investor. Their unique foundry approach is a true partnership, adding the experience, support, and knowledge of successful company-builders to our team.” About DataTribe DataTribe is a startup foundry that invests in and co-builds world-class startups focused on generational leaps in cybersecurity and data science. DataTribe was launched in 2015 with the vision of empowering technologists in the Washington, D.C. region to build and grow successful companies.

Read More

PLATFORM SECURITY

OpenText Security Cloud Powers and Protects Businesses

OpenText | June 03, 2022

OpenText™ , a global leader in information management, today announced an expanded suite of security solutions to address the heightened state of cyber security in today's vulnerable world. With OpenText, organizations of every size can protect their data and systems against evolving threats. OpenText is showcasing new and enhanced security offerings that strengthen cyber resilience for SMBs, government agencies, and enterprises at this year's RSA Conference in San Francisco at booths #4214, #4221 and #1535. Real-time threat intelligence is an essential component of a business's cyber resilience strategy. Further to the findings from the 2022 BrightCloud Threat Report, new quarterly findings released today from BrightCloud® Threat Intelligence show: 1122% increase in phishing in the first quarter of 2022 compared to 2021 Q1 phishing numbers, indicating a buck in the trend of hackers taking holiday in Q1; For the first time, Instagram broke into the top five most impersonated brands for phishing, demonstrating increased targeting of younger users; and 36.1% reduction in malware encounters for customers using both endpoint and DNS protection versus only endpoint protection, reinforcing the added efficacy benefit of securing DNS and using layered security. To ensure cyber resilience, organizations must deploy strong, multi-layered security and data protection policies to prevent, respond, and quickly recover from threats. OpenText has expanded its security offerings with new technology and increased capabilities that enable businesses to confidently power and protect information continuously at the data, application, infrastructure, and edge layers with intelligence and insights across the perimeter and endpoints. "With security risks escalating worldwide and a persistent state of evolving threats, compromises are inevitable, security remains job number one," said Mark J. Barrenechea, OpenText CEO and CTO. "Through our breadth of OpenText Security Cloud, we make it easier for businesses to increase their cyber resilience posture and protect themselves against threats. And if a vulnerability unfortunately leads to a breech, our solutions enable quick detection, response, and recovery to minimize disruption." "Texas Tech University Health Sciences Center, (TTUHSC), a large medical school serving more than 100 counties in the western portion of Texas, needed a trusted partner to help us protect our operations from cyberattacks. OpenText MxDR has been responding to our needs effectively and because it is a 24X7X365 service, our experience has been seamless," said TTUHSC, ISO, Lane Timmons. About OpenText OpenText, The Information Company™, enables organizations to gain insight through market leading information management solutions, powered by OpenText Cloud Editions.

Read More

Spotlight

DAS is the state’s central administrative agency. It supports state agencies by providing management frameworks and infrastructure for information systems and services, procurement, and other functions. Responsibility for cybersecurity is split between DAS, the Office of the State CIO, and the Enterprise Security Office. This audit assessed critical security controls and the information technology (IT) security management practices at the Department of Administrative Services (DAS). We concluded the agency does not have a security management program that identifies necessary actions to ensure systems are appropriately secure, and lacks basic foundational IT controls for all six cybersecurity controls we reviewed. As a result, DAS systems and data may be at risk for unauthorized use, disclosure, or modification.

Resources