Collaborate Disseminate
FireEye has been tracking a campaign this year targeting web payment
portals that involves on-premise installations of Click2Gov. Click2Gov
is a web-based, interactive self-service bill-pay software solution
developed by Superion. It includes var… Continue reading Click It Up: Targeting Local Government Payment Portals
The White House’s delay in implementing an important email security protocol leaves its domain names vulnerable to being used in a large-scale phishing attack, according to a new study. Only one of the 26 email domains managed by the Executive Office of the President (EOP) uses the Domain-based Message, Authentication, Reporting and Conformance (DMARC) protocol to block phishing attempts, the nonprofit Global Cyber Alliance said. Eighteen of those domains haven’t started deploying DMARC. A Department of Homeland Security directive gave federal agencies until Jan. 15 to implement DMARC, which creates a public record for checking whether an email sender is authorized to transmit a message on behalf of a domain. Spokespeople for DHS and the National Security Council did not respond to questions on whether the directive applies to the EOP. The White House has previously claimed it was exempt from a governmentwide-reporting requirement under an IT security law. Email domains […]
The post White House email domains are sitting ducks for phishing attacks: study appeared first on Cyberscoop.
Continue reading White House email domains are sitting ducks for phishing attacks: study
Federal agencies pay an average of $7,000 a year less to cybersecurity personnel than their private sector counterparts, so they need to offer training and other benefits while recruiting more from overlooked groups like women and minorities, according to one of the largest regular surveys of information security workers. The eighth biannual Global Information Security Workforce Study, done by the Center for Cyber Safety and Education and sponsored by contracting giant Booz Allen Hamilton, cyber recruiters Alta Associates and the International Information Systems Security Certification Consortium or (ISC)², was unveiled Tuesday at (ISC)²’s conference CyberSecureGov in Washington, D.C. The U.S. government “must enhance its benefits … to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand,” said Dan Waddell, (ISC)² managing director, North America. “Unfortunately,” he added, “the layers of complexity involved in fulfilling that goal are significant.” “Thanks to the record-number of federal GISWS […]
The post (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay appeared first on Cyberscoop.