A report finds French President Emmanuel Macron was targeted by Pegasus spyware, Venmo removes a puzzling feature, and DuckDuckGo has announced an email protection service. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Thursday, July 22, and I’m your host, Tom Li. The BBC is reporting that French President […]

The post Hashtag Trending July 22 – Macron Targeted by Pegasus; Venmo removes a controversial feature; DuckDuckGo introduces email protection first appeared on IT World Canada.

Read More Hashtag Trending July 22 – Macron Targeted by Pegasus; Venmo removes a controversial feature; DuckDuckGo introduces email protection

Who will you call when your organisation has been compromised? Having a cyber incident response team ready to go can save your organisation from disaster. There’s no escaping the threat of cyber security incidents. Criminals are constantly poised to exploit vulnerabilities, and employees use complex IT systems where mistakes are bound to happen. Investing in cyber defences can reduce those risks, but organisations need to be ready for threats they can’t prevent. A CIR (cyber incident response) plan does just that, outlining strategies for identifying and responding to security breaches. An effective plan can quickly stop disruption from turning into

The post How to build a cyber security incident response team (CSIRT) appeared first on IT Governance UK Blog.

Read More How to build a cyber security incident response team (CSIRT)

Anyone with an interest in information security will have encountered ISO 27001, the international standard that describes best practice for an ISMS (information security management system). However, you might not be as familiar with ISO 27002. It’s a supplementary standard that provides advice on how to implement the security controls listed in Annex A of ISO 27001. Although ISO 27001 is the more well-known standard – and the one that organisations certify to – neither can be considered in isolation. This blog explains why that’s the case, helping you understand how each standard works and the differences between them. What

The post ISO 27001 vs. ISO 27002: What’s the difference? appeared first on IT Governance UK Blog.

Read More ISO 27001 vs. ISO 27002: What’s the difference?

A database belonging to TicketClub Italy, a company providing coupons platform for offline purchases, is available for sale on darkweb hacking forums. TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases. Their clients include Burger King, McDonald’s, Cinecittà World, Rainbow Magicland, and many other enterprises having coupon and loyalty programs.  The […]

The post TicketClub Italy Database Offered in Dark Web appeared first on Security Affairs.

Read More TicketClub Italy Database Offered in Dark Web

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. The author of the post claims that the data was acquired from […]

The post Thousands of Humana customers have their medical data leaked online by threat actors appeared first on Security Affairs.

Read More Thousands of Humana customers have their medical data leaked online by threat actors

The average person in the Philippines spends more time on the Internet than any other country in the world. Filipinos are online over 11 hours each day, compared to a global average of just six hours. Indeed, with a total population of more than 100…

Read More BrandPost: Banking Giant BDO and Huawei Collaborate to Provide Inclusive Financial Services for Filipinos

The average person in the Philippines spends more time on the Internet than any other country in the world. Filipinos are online over 11 hours each day, compared to a global average of just six hours. Indeed, with a total population of more than 100…

Read More BrandPost: Banking Giant BDO and Huawei Collaborate to Provide Inclusive Financial Services for Filipinos

French cyber-security agency ANSSI warned of an ongoing cyberespionage campaign aimed at French organizations carried out by China-linked APT31 group. The French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group. The state-sponsored hackers are hijacking home routers to set up a […]

The post France ANSSI agency warns of APT31 campaign against French organizations appeared first on Security Affairs.

Read More France ANSSI agency warns of APT31 campaign against French organizations

Linux administrators are urged to watch for and install patches to fix two major vulnerabilities in the operating system. Both discovered by researchers at Qualys, one is a stack exhaustion denial-of-service vulnerability in systemd, described as a near-ubiquitous utility available on major Linux operating systems and the second is a flaw in the Linux kernel […]

The post Two Linux vulnerabilities give exploiters root privileges first appeared on IT World Canada.

Read More Two Linux vulnerabilities give exploiters root privileges

Today on the Official Microsoft Blog, Microsoft announced the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access.

The post Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management appeared first on Microsoft Security Blog.

Read More Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management

As containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the unique security threats that target such environments when building security solutions. The first step in this process is understanding the relevant attack landscape.

The post The evolution of a matrix: How ATT&CK for Containers was built appeared first on Microsoft Security Blog.

Read More The evolution of a matrix: How ATT&CK for Containers was built

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware.  FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is […]

The post XLoader, a $49 spyware that could target both Windows and macOS devices appeared first on Security Affairs.

Read More XLoader, a $49 spyware that could target both Windows and macOS devices

Quick Heal Security Lab has seen a sudden increase in dotnet samples which are using steganography. Initially, in…
The post FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data appeared first…

Read More FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data