After earning his master’s degree in computer science and working on the IT side of the business at a number of large financial services organizations, Bobby Balanchdran observed one interesting thing: the legal department in these organizations had be…
Read More Chief Legal Officers face mounting compliance, privacy and cybersecurity obligationsMany organizations have maintained heavy investment in cybersecurity over the last year, even in an unpredictable time when other spending has faltered. Gartner estimates that IT security and risk management spending still grew 2.6 percent even as IT s…
Read More Physical cyber threats: What do criminals leave when they break in?Supply chain attacks, ransomware, data extortion and nation-state threats prove to be more prolific than ever, a CrowdStrike report suggests. eCrime attacks made up 79% of all intrusions (via hands-on-keyboard activity). Among a popular vector for cybe…
Read More Adversaries exploit supply chains, double down on COVID-19 and ransomwareThere’s an increased adoption of managed infrastructure services and the emergence of new cloud watering hole attacks, Accurics reveals. Of all violations identified, 23 percent correspond to poorly configured managed service offerings – largely …
Read More Top cloud infrastructure risks faced by real-world organizationsThe global zero trust security market size is projected to grow from $19.6 billion in 2020 to $51.6 billion by 2026, recording a compound annual growth rate (CAGR) of 17.4% from 2020 to 2026, according to MarketsandMarkets. The major growth drivers for…
Read More Worldwide zero trust security market size to reach $51.6 billion by 2026The PCI Security Standards Council (PCI SSC) has published version 1.1 of the PCI Secure Software Lifecycle (SLC) Standard and its supporting program documentation. The PCI Secure SLC Standard is one of two standards that are part of the PCI Software S…
Read More PCI SSC releases PCI Secure Software Lifecycle (SLC) Standard 1.1Digital attackers are increasingly targeting energy organizations including those that support national electric grids. As reported by Morning Consult, security researchers found that utilities worldwide had suffered a recorded 1,780 distributed denial…
Read More 4 Key Cybersecurity Trends Confronting Canada’s Electric SectorUnitas Global announces the availability of Unitas Reach, the first global software defined network (SDN) to offer automated ubiquitous edge access to any cloud location. Enterprises are finding that current networks are a bottleneck to the adoption of…
Read More Unitas Reach: An SDN that offers automated ubiquitous edge access to any cloud locationHID Global announced it has expanded its Seos credential family with two new products. The Seos 16K is the industry’s first credential certified to the highest IT security level established by the independent testing service provider TÜV Informationste…
Read More HID Global expands its Seos credential portfolio with two new productsNutanix announced additional ransomware protections in the company’s cloud platform. These include new threat monitoring and detection, as well as more granular data replication and robust access controls一all natively built into the Nutanix stack. Thes…
Read More Nutanix announces additional ransomware protections in its cloud platformPrivitar released the latest version of the Privitar Data Privacy Platform which includes enhanced HIPAA compliance-focused features, new “fast start” rules packs designed to enable first time users to get their data privacy initiatives up and running …
Read More Privitar helps orgs maximize sensitive data value by addressing gaps in their privacy strategiesAWS and Azure users will achieve significant performance improvements and cost reductions with the launch of the new CloudOps Active Management Solution (CAMS) from igroup. The solution brings together tools and processes to automate support and manage…
Read More CAMS from igroup improves performance and reduces cost for AWS and Azure usersHacker Claims SonicWall Paid Ransom; SonicWall Stays SilentSonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn’t said much about the extent and damage of the breach since its announcement. But there…
Read More SonicWall Was Hacked. Was it Also Extorted?Mindtree announced that it has achieved the Application Development Partner Specialization in the Google Cloud Partner Advantage Program. This specialization highlights Mindtree’s expertise and success in building customer solutions in application deve…
Read More Mindtree announced as Google Cloud partner, helping orgs through the cloud migration journeyuCLOUDLINK is fast-tracking its business expansion in North America with the support of its burgeoning local sales partnerships. uCloudlink is continuing to strengthen its partnership with NewCore Wireless whilst simultaneously seeking new cooperation …
Read More uCloudlink elevates NewCore Wireless’ users data connectivity experienceHUBUC announces the launch of payment cards underpinned by MOTION CODE, a dynamic CVV technology from IDEMIA for online shopping across Europe. HUBUC is a novel embedded financial services provider that offers a number of payment capabilities, includin…
Read More HUBUC partners with IDEMIA to offer payment cards with MOTION CODE technologyGalgus has received the CERTIFIED Passpoint seal of approval. This renowned certification is granted by Wi-Fi Alliance, a global organization that promotes WiFi technology and certifies all products related to it. In fact, Wi-Fi Alliance is the owner o…
Read More Galgus receives CERTIFIED Passpoint seal of approval from Wi-Fi AllianceViasat announced it is part of an elite community of commercial service providers approved to receive cyber threat intelligence through the Department of Homeland Security (DHS) Enhanced Cybersecurity Services (ECS) program. As an accredited ECS provid…
Read More Viasat authorized to use U.S. government provided classified cyber threat intelligenceSecure-IC and MosChip Technologies announce their strategic partnership to provide turnkey ASIC solutions, expand Secure-IC’s global presence to India and support the company growth in the country. Secure-IC’s solutions are embedded in hundreds of mill…
Read More Secure-IC and MosChip extend technologies and services to ASICs and Indian marketPalo Alto Networks announced the appointment of Dr. Helene D. Gayle to the company’s board of directors and the nominating and corporate governance committee of the board. “We are fortunate to have Dr. Gayle join the Palo Alto Networks̵…
Read More Dr. Helene D. Gayle joins Palo Alto Networks’ board of directorsAPT31 cloned and reused a Windows-based hacking tool for years before Microsoft patched the vulnerability, researchers report.
Read More Chinese-Affiliated APT31 Cloned & Used NSA Hacking ToolAlmost four of every five attacks attributed in 2020 were conducted by cybercriminal groups, a significant jump from 2019, with attacks on healthcare or using the pandemic rising fast.
Read More Cybercrime Groups More Prolific, Focus on Healthcare in 2020As we all know, nothing is 100% secure — perhaps none more so than when legacy server infrastructure is involved. Old, vulnerable gear is a blessing for hackers. Increasingly sophisticated attacks are preying on outdated legacy infrastructure.$4m pe…
Read More BrandPost: 3 Ways HCI Helps Improve Your Data Center SecurityAs we all know, nothing is 100% secure — perhaps none more so than when legacy server infrastructure is involved. Old, vulnerable gear is a blessing for hackers. Increasingly sophisticated attacks are preying on outdated legacy infrastructure.$4m pe…
Read More BrandPost: 3 Ways HCI Improves Data Center SecurityThe FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services.
Read More TDoS Attacks Take Aim at Emergency First-Responder ServicesPhishing Campaign Bypasses Secure Email GatewayA newly-discovered phishing campaign posts harvested credentials using the Telegram messaging app’s application programming interface to bypass secure email gateways, report researchers at the Cofense Phis…
Read More Fraudsters Using Telegram API to Harvest CredentialsCaaS isn’t just a tool to boost business performance, it’s essential to enhancing the customer experience.
The post The new age of customer experience is CCaaS first appeared on IT World Canada.
FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group.
Read More Accellion Data Breach Resulted in Extortion Attempts Against Multiple VictimsUkraine ‘s government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security and defense websites. The Ukrainian officials did not provide details about the attacks either the damage they have caused. “It was […]
The post Ukraine sites suffered massive attacks launched from Russian networks appeared first on Security Affairs.
Read More Ukraine sites suffered massive attacks launched from Russian networksResearchers: ‘Jian’ Hacking Tool Targeted Zero-Day Flaw in WindowsA Chinese hacking group reportedly “cloned” and deployed a zero-day exploit developed by the NSA’s Equation Group before Microsoft patched the Windows flaw being exploited, according to …
Read More Chinese Hacking Group ‘Cloned’ NSA Exploit ToolThe new funding is in addition to the CA$600 million from the federal government announced last year.
The post Telesat to receive $400 million investment from Quebec first appeared on IT World Canada.
Most organizations don’t give the same thought and attention to their non-human workers, such as bots, RPAs and service accounts, as they do human workers and identity lifecycles.
Read More Why non-human workers can increase security issues in your businessStarting next month, Microsoft Word for Windows will include a new predictive typing feature that automatically suggests new words to use as you are typing. […]
Read More Microsoft Word for Windows is finally getting predictive typingStarting next month, Microsoft Word for Windows will include a new predictive typing feature that automatically suggests new words to use as you are typing. […]
Read More Microsoft Word for Windows will soon predict what you’ll type nextAPT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers.
Read More Chinese Hackers Hijacked NSA-Linked Hacking Tool: ReportFew Details Are Known, But Phishing Attack May Have Played a RoleVenture capital firm Sequoia Capital confirmed it was recently involved in a “cybersecurity incident,” but offered no details on exactly what may have transpired. Cybersecurity teams and …
Read More Sequoia Capital Investigating ‘Cybersecurity Incident’A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.
Read More Researcher Reports Vulnerability in Apple iCloud DomainThe attack began with a successful phishing email.
Read More Sequoia Capital Suffers Data BreachTexas electric utility Austin Energy today warned of unknown individuals impersonating the company and threatening customers over the phone that their power will be cut off unless they pay fictitious overdue bills. […]
Read More Texas electric company warns of scammers threatening to cut powerMicrosoft earlier this month announced Microsoft Viva, a new integrated Employee Experience Platform (EXP) that brings together communications, knowledge, learning, resources, and insights inand delivers them via Microsoft Teams. There are four modu…
Read More Viva Connections: What your intranet wants to beAt nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorde…
Read More Assume ClubHouse Conversations Are Being Recorded, Researchers WarnA bug in the ad blocking component of Brave’s Tor feature caused the browser to leak users’ DNS queries
The post Brave browser’s Tor mode exposed users’ dark web activity appeared first on WeLiveSecurity
The systems of Georgetown County have been hacked at the end of January, and the county staff is still working to rebuild its computer network. The systems of Georgetown County have been hit with a sophisticated cyber attack at the end of January, and the county staff is still working to recover from the incident. […]
The post Georgetown County has yet to recover from a sophisticated cyber attack appeared first on Security Affairs.
Read More Georgetown County has yet to recover from a sophisticated cyber attackLearn how Microsoft ensures operational resilience for Azure datacenters with Azure Defender for IOT and Azure Sentinel
The post Securing Azure datacenters with continuous IoT/OT monitoring appeared first on Microsoft Security.
Read More Securing Azure datacenters with continuous IoT/OT monitoringSpiteful fired employee lost San Jose stadium concessionaire hundreds of thousands of dollars
Read More Former Employee Behind Earthquakes Stadium HackDakota Gruener of ID2020 Discusses the Good Health Pass CollaborativeThe Good Health Pass Collaborative is developing a road map for digital health passes that international travelers could use to prove they have been tested for COVID-19. Dakota Gruene…
Read More Creating a Digital ID to Verify COVID-19 TestingSingapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices. […]
Read More SHAREit fixes security bugs in app with 1 billion downloadsSingapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices. […]
Read More SHAREit fixes security bugs three months after initial reportDiscover more inspirational stories at StrikeUp 2021’s free Digital Conference for Women Entrepreneurs on March 4 – Learn more here and register today!
The post StrikeUp’s 2021 Digital Conference for Women Entrepreneurs: An opportunity to learn and in…
Media and tech companies ally to tackle disinformation and fraudulent online content
Read More Content Provenance Group FormedThe threat actors stole data and used Clop’s leaks site to demand money in an extortion scheme, though no ransomware was deployed.
Read More Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11
She was a single mom with three kids in daycare, no child support, and a job as an executive assistant that didn’t pay enough to cover the bills. With absolutely no experience, Jen Stone took a chance on a helpdesk position, which c…
If you’ve ever found the Significant Locations section on your iPhone, then a recently published study that shows how such data can be used to decipher personal information about users should pose some alarm.Significant Locations
The way Significant…
A study on CIO and CISO prioritization showed these two areas are most important this year. Cloud security is another area high on their lists.
Read More Cybersecurity pros: Automation and app security are top priorities in 2021Team8 surveyed cybersecurity leaders to find out where they will spend their money in 2021.
Read More These two areas are CISOs’ top priorities this yearSequoia Capital tells investors that it has been hacked
Read More Silicon Valley VC Firm PhishedMicrosoft Defender for Endpoint provides the right security intelligence for Expel to analyze rich data and provide support for their customers.
The post What we like about Microsoft Defender for Endpoint appeared first on Microsoft Security.
Read More What we like about Microsoft Defender for EndpointApple plans with iOS 14.5 to allow masked enterprise employees to access their iPhones if they are also wearing an Apple Watch (running WatchOS 7.4), that is unlocked. Heads up: This is a quintessential convenience vs. security trade-off from Apple,…
Read More Apple tramples on security in the name of convenienceA new macOS malware known as Silver Sparrow has silently infected almost 30,000 Mac devices with malware whose purpose is a mystery. […]
Read More New Silver Sparrow malware infects 30,000 Macs for unknown purposeViolations of security policies including insecure storage buckets, hardcoded passwords and exposed networking remain rampant.
The post Cloud developers still tripped up by misconfigurations, says vendor report first appeared on IT World Canada.
Read More Cloud developers still tripped up by misconfigurations, says vendor reportSecurity researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.
Read More 8 Ways Ransomware Operators Target Your NetworkDakota Gruener of ID2020 Discusses the Good Health Pass CollaborativeThe Good Health Pass Collaborative is developing a digital ID that international travelers could use to prove they have been vaccinated for COVID-19. Dakota Gruener, executive directo…
Read More Creating a Digital ID to Verify COVID-19 VaccinationsAccellion and Mandiant Say Four Vulnerabilities Have Now Been PatchedSoftware company Accellion has released preliminary findings around the security incident that stung customers using its 20-year-old File Transfer Appliance. The attackers swiftly sto…
Read More Accellion: How Attackers Stole Data and Ransomed CompaniesChinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. […]
Read More Chinese hackers used NSA exploit years before Shadow Brokers leakWhen discussing cyber risks, among the most common terms that are used are vulnerabilities, exploits, and threats. It is necessary to understand the difference between these terms and what they mean in order to properly define Vulnerability Risk Manage…
Read More What Is Vulnerability Risk Management?As we all know, nothing is 100% secure — perhaps none more so than when legacy server infrastructure is involved.$4m per data breachAccording to figures from IBM’s Cost of a Data Breach report1, the average financial cost of a security breach in 202…
Read More BrandPost: 3 ways HCI helps improve your data center securityKnown as Silver Sparrow, the malware’s intent is still unknown as it has yet to deliver an actual payload, says security firm Red Canary.
Read More Mysterious malware infects 30,000 Mac computersIn today’s constantly evolving cyber-threat landscape, your organization’s endpoints are more than simple workstations. They are digital connections to the online world, which is undeniably useful, but can become dangerous as well. Did you know that mo…
Read More What You Need to Know Before Implementing an EDR SolutionWhen we started this month of patching, I fully expected to come back by now with massive listings of applications that hated the February updates. That hasn’t been the case, though there have been some issues related to .NET this month. In case you…
Read More The .NET patch failure that wasn’tApp developers must take responsibility for the security of users’ data.
Read More What Can Your Connected Car Reveal About You?The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years […]
The post NSA Equation Group tool was used by Chinese hackers years before it was leaked online appeared first on Security Affairs.
Read More NSA Equation Group tool was used by Chinese hackers years before it was leaked onlineEnterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses.
Read More The top 6 enterprise VPNs to use in 2021Here’s the latest Naked Security Live talk – watch now!
Read More Naked Security Live – How to calculate important things using a computerWith the free version of LastPass now limiting where you can sync your passwords, here are a few other options.
Read More Free password manager alternatives to LastPassThreat actors associated with a financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance and steal data. […]
Read More Global Accellion data breaches linked to Clop ransomware gangIndustry veteran to help drive continued enterprise and channel growth
Read More Kaspersky Appoints Christopher Hurst GM of UK and IrelandAccurics analyzed cloud-native configurations over the last 7 months to identify ongoing and new threats.
Read More New cloud security analysis finds default configurations and identity management are the biggest concernsWith your data being the digital currency of our times, Facebook is planning to track your behavior using WhatsApp to deliver tailored advertising via Facebook and improve their services. On the other hand, Telegram is working on a new privacy feature …
Read More Telegram for Windows 10 update brings a new privacy featureAn attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website While the popularity of the audio chatroom app Clubhouse continues to increase experts are questioning the security and privacy level it offers to its users. Recently the company announced it […]
The post An attacker was able to siphon audio feeds from multiple Clubhouse rooms appeared first on Security Affairs.
Read More An attacker was able to siphon audio feeds from multiple Clubhouse roomsDevices such as laptops and mobile phones taken from BBC premises in the past two years
Read More BBC Reports Theft of 105 Electrical DevicesReally good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives.
Read More GPS VulnerabilitiesThe 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March. Eleven potential systems were tested, including eLoran, a low-frequency, high-power timing and navigation system transmitted from terrestrial towers at Coast Guard facilities throughout the United States…
U.S. supermarket chain says pharmacy records hacked, a slip-up at a Winnipeg school board and the impact of ransomware, plus more in our latest podcast
The post Cyber Security Today – U.S. supermarket chain says pharmacy records hacked, a slip-up at a …
Just because you’re now working from home doesn’t mean you can’t convey to your boss that you’re a dependable employee. Different managers have different expectations, but everyone can have baseline best-practices they can use to shine. So how do you c…
Read More 11 steps to impress your boss and thrive in your job – New York TimesMore time in front of the screen is likely the last thing you want if you’re working from home. Nevertheless, when you’ve exhausted your games library and your loved ones are out of reach, sinking your teeth into a new online skill may stave off …
Read More 5 best programming languages to learn during COVID-19 lockdown – DiceA new publication from the National Institute of Standards and Technology (NIST) provides companies, government agencies, and other organizations with a set of practices that any organization can use to manage growing cybersecurity risks associated wit…
Read More NIST Shares Key Practices in Cyber Supply Chain Risk Management Based on Observations from IndustryFTA platform exploited to compromise data
Read More US Retailer Kroger Admits Accellion BreachAn ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise.
Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of da…
On August 13, 2016, a hacking unit calling itself “The Shadow Brokers” announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) un…
Read More Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked OnlineIn this video, Omdia Cybersecurity Senior Research Director Maxine Holt explains why a more sustainable approach to post-pandemic cybersecurity is necessary.
Read More Cybersecurity Responsibility in a Post-Pandemic WorldOur survey of 1,172 IT pros finds that despite the pandemic, most people have seen compensation rise or remain steady but some old inequalities remain
Read More IT Salary Survey 2021: Compensation holds steady despite pandemicDropbox is best known as a cloud storage service, but it also offers a set of collaboration tools under the name Spaces. In a nutshell, Spaces lets you turn folders into project workspaces where you and teams can collaborate. For example, you and your …
Read More How to collaborate with Dropbox SpacesA short while ago, news reports revealed that social networking app Clubhouse was exposed to a major security breach and the application is currently reviewing its data. The company that owns the app also confirmed that it is looking to use specialized…
Read More Clubhouse Chats Have Been BreachedCrowdStrike warns of rising e-crime and nation state activity
Read More Concern as Attacker “Breakout” Time Halves in 2020Robinhood gets grilled over its position during the Gamestop fiasco, Canada issues warning to Facebook after the tech giant bans news on its platform in Australia, and Instacart’s anti-fraud policy causes headaches with its workers.
The post Hashtag Tr…
Akamai-powered MDBR service blocks traffic to suspicious domains
Read More CIS Offers Free DNS Security Tool for US HospitalsWhen it comes to managing and mitigating technology risk, IT teams have traditionally relied on operational, control-compliance approaches focused on information security. The rest of the business, meanwhile, has probably adopted broader, business-f…
Read More The big debate: control compliance vs. risk managementThrough the lens of the Florida water supply hack, Dale Peterson teaches how events like these remind us to take the necessary steps to maintain our cybersecurity. Founder and chair of S4 Events, Dale has been helping security professionals effectively…
Read More Industrial Cybersecurity and the Florida Water Supply Attack with Dale PetersonDays after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker’s M…
Read More New ‘Silver Sparrow’ Malware Infected Nearly 30,000 Apple Macs