Sat.Apr 25, 2020 - Fri.May 01, 2020

article thumbnail

Work-at-Home: The Impact on Security

Data Breach Today

Survey Sizes Up Increased Risks, New Duties for Security Staff The shift to working at home is opening the door to cybersecurity incidents. Some 23% of respondents to a small survey conducted by the training organization (ISC)2 say their organization has experienced an increase in cybersecurity incidents since transitioning to remote work.

Security 251
article thumbnail

Ascending to new heights of CSR

Micro Focus

Today, I am pleased to announce that Micro Focus is joining over 80 companies who have pledged their support to North American-based Ascend’s COVID-19 Action Agenda. Micro Focus joins the ranks of Goldman Sachs & Co, Bank of America, Deloitte, The Coca Cola Company, Facebook, Procter & Gamble, Uber, Pfizer and many more global companies. View Article.

90
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

COVID-19: Stages of Re-Entry Planning

Data Breach Today

Pandemic Expert Regina Phelps on How to Strategize for Life After Quarantine As politicians and protesters argue about the merits and timing of emerging from COVID-19 quarantine, crisis management expert Regina Phelps lays out a 10-step re-entry plan. Her word of counsel: "Caution.

240
240
article thumbnail

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Security Affairs

Google Project Zero white-hat hackers have disclosed zero-click vulnerabilities affecting multiple Apple operating systems. White-hat hackers at Google Project Zero team have discovered several zero-click vulnerabilities impacting multiple Apple’s multimedia processing components is several Apple operating systems. Multimedia processing components could be a privileges entry point for threat actos that attempt to hack into the mobile OS, including the Apple one. ultimedia processing compon

Libraries 144
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The ADL Calls Out Steam for Giving Extremists a Pass

WIRED Threat Level

The nonprofit has identified hundreds of profiles that espouse hate, with little attempt from the gaming platform to stop them.

More Trending

article thumbnail

COVIDSafe App Teardown & Panel Discussion

Troy Hunt

I've written a bunch about COVID-19 contact tracing apps recently as they relate to security and privacy, albeit in the form of long tweets. I'm going to avoid delving into the details here because they're covered more comprehensively in the resources I want to consolidate below, firstly the original thread from a fortnight ago as news of an impending app in Australia was breaking: Ok folks, let's talk about the Coronavirus tracking app as news of Australia adopting Singapore's "Trac

Privacy 131
article thumbnail

What Is Fleeceware and How Can You Protect Yourself?

WIRED Threat Level

Sneaky developers are charging big bucks for basic apps. Here's how to spot a scam in sheep's clothing.

Security 101
article thumbnail

How Cybercriminals are Weathering COVID-19

Krebs on Security

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services.

article thumbnail

Enterprise Security Woes Explode with Home Networks in the Mix

Threatpost

Thanks to WFH, IoT refrigerators, Samsung TVs and more can now be back-channel proxies into the corporate network.

IoT 99
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How Spies Snuck Malware Into the Google Play Store—Again and Again

WIRED Threat Level

Malicious Android apps from the so-called PhantomLance campaign targeted hundreds of users, and at least two slipped past Google's defenses.

Security 127
article thumbnail

NEW TECH: CASBs continue evolving to help CISOs address multiplying ‘cloud-mobile’ risks

The Last Watchdog

It can be argued that we live in a cloud-mobile business environment. Related: The ‘shared responsibility’ burden Most organizations are all caught up, to one degree or another, in migrating to hybrid cloud networks. And startups today typically launch with cloud-native IT infrastructure. Mobile comes into play everywhere. Employees, contractors, suppliers and customers consume and contribute from remote locations via their smartphones.

Cloud 193
article thumbnail

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Security Affairs

Maze Ransomware operators claim to have gained access to the network of Banco BCR of Costa Rica and stolen 11 million credit card credentials. Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Banco BCR has equity of $806,606,710 and assets of $7,607,483,881, it is one of the most solid banks in Central America.

article thumbnail

Securing Internet Videoconferencing Apps: Zoom and Others

Schneier on Security

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

RDP brute-force attacks rocketed since beginning of COVID-19

Security Affairs

The number of RDP brute-force attacks is skyrocketing in mid-March due to remote working imposed during the COVID-19 pandemic. Researchers from Kaspersky Lab are observing a significant increase in the number of RDP brute-force attacks since the beginning of the COVID-19 pandemic. Earlier this month, researchers from Shodan reported a 41% increase in the number of RDP endpoints exposed online, since the beginning of the COVID-19 pandemic.

Passwords 144
article thumbnail

Would You Have Fallen for This Phone Scam?

Krebs on Security

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

article thumbnail

Ransomware: Average Business Payout Surges to $111,605

Data Breach Today

Ryuk and Sodinokibi Largely Responsible for One-Third Increase in Average Payments The average ransom paid by victims to ransomware attackers, when they paid, reached $111,605 in the first quarter of this year, up by one-third from the previous quarter, reports ransomware incident response firm Coveware, which sees the Sodinokibi, Ryuk and Phobos malware families continuing to dominate.

article thumbnail

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

The Last Watchdog

As coronavirus-themed cyber attacks ramp up, consumers and companies must practice digital distancing to keep themselves protected. Related: Coronavirus scams leverage email As we get deeper into dealing with the coronavirus outbreak, the need for authorities and experts to communicate reliably and effectively with each other, as well as to the general public, is vital.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

COVID-19 disinformation and misinformation campaigns continue to proliferate

Security Affairs

COVID-19 disinformation and misinformation campaigns continue to proliferate around the world, with potentially harmful consequences for society. During a COVID-19 crisis, while most of the people have to maintain social distancing and work from home, threat cyber are attempting to conduct disinformation and misinformation campaigns. The main difference between misinformation and disinformation is that the latter is the sharing of specially crafted incorrect information to influence the sentimen

article thumbnail

Microsoft Teams Impersonation Attacks Flood Inboxes

Threatpost

Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.

Phishing 143
article thumbnail

10 Ransomware Strains Being Used in Advanced Attacks

Data Breach Today

Advanced Hackers Continue to Linger in Breached Networks for Weeks or Months Many attackers continue to camp out in networks for months, conducting reconnaissance and stealing sensitive data before unleashing ransomware. Experts say many recent efforts trace to gangs wielding the RobbinHood, Valet Loader, NetWalker, PonyFinal, Maze and Sodinokibi strains of crypto-locking malware.

article thumbnail

How to Apply Lean Principles to Policy Writing

AIIM

As important as Intelligent Information Management (IIM) policy writing is, it's probably not the only dish you have cooking on the stove. It's important, therefore, not to let that process commandeer more time from your day than it has to. The best way to do that is to keep your IIM policies lean. What Does It Mean for an IIM Policy to be Lean? We want both the final document and the policy creation/revision process to be free of unnecessary elements.

Paper 142
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

The Israeli authorities are alerting organizations in the water industry following a series of cyberattacks that hit water facilities in the country. The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks that targeted the water facilities. Israel’s National Cyber Directorate announced to have received reports of cyber attacks aimed at supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stati

article thumbnail

Zoom Upgrades Encryption Keys to What It Promised All Along

WIRED Threat Level

Plus: Facebook data on the dark web, Nintendo accounts keep getting hacked, and more of the week's top security news.

article thumbnail

Phishing Campaigns Target Senior Executives via Office 365

Data Breach Today

Top Victims Include Financial Services and Law Firms, Group-IB Warns A sophisticated, highly targeted phishing campaign has hit high-level executives at more than 150 businesses, stealing confidential documents and contact lists, says security firm Group-IB. The campaign, which targets Office 365 users, appears to trace to attackers operating from Nigeria and South Africa.

Phishing 334
article thumbnail

Zoom Is YouTube, Instagram, and WhatsApp – All in Two Months.

John Battelle's Searchblog

If you’ve read Shoshana Zuboff’s Surveillance Capitalism , you likely agree that the most important asset for a data-driven advertising platform is consumer engagement. That engagement throws off data, that data drives prediction models, those models inform algorithms, those algorithms drive advertising engines, and those engines drive revenue, which drives profit.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild. Sophos was informed of the attacks exploiting the zero-day issue by one of its customers on April 22.

Passwords 145
article thumbnail

BEST PRACTICES: How testing for known memory vulnerabilities can strengthen DevSecOps

The Last Watchdog

DevOps wrought Uber and Netflix. In the very near future DevOps will help make driverless vehicles commonplace. Related: What’s driving ‘memory attacks’ Yet a funny thing has happened as DevOps – the philosophy of designing, prototyping, testing and delivering new software as fast as possible – has taken center stage. Software vulnerabilities have gone through the roof.

article thumbnail

Contact-Tracing App Privacy: Apple, Google Refuse to Budge

Data Breach Today

Germany Changes Tack to Decentralized Model; Some US States Seek More Control Apple and Google have promised to help facilitate contact-tracing apps, but they've rejected calls to give users' location data to governments, as the U.K., France and some U.S. states are demanding. In response, Germany is among those now backing a privacy-preserving, decentralized model.

Privacy 297