Category Archives: Featured news

International law enforcement effort pulls off Emotet botnet takedown

Law enforcement and judicial authorities worldwide have effected a global takedown of the Emotet botnet, Europol announced today. “The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware. Investigators have now taken control of its infrastructure in an international coordinated action,” they … More

The post International law enforcement effort pulls off Emotet botnet takedown appeared first on Help Net Security.

Apple fixes three actively exploited iOS zero-days

Apple has release a new batch of security updates and has fixed three iOS zero-days that “may have been actively exploited” by attackers. The three zero-days Two of the zero-day vulnerabilities (CVE-2021-1870 and CVE-2021-1871) are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running a vulnerable version of iOS or iPadOS (i.e., those prior to version 14.4). The third zero-day (CVE-2021-1782) affects the operating … More

The post Apple fixes three actively exploited iOS zero-days appeared first on Help Net Security.

Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156)

A vulnerability (CVE-2021-3156) in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host (without authentication). “This vulnerability is perhaps the most significant sudo vulnerability in recent memory (both in terms of scope and impact) and has been hiding in plain sight for nearly 10 years,” said Mehul Revankar, Vice President Product Management and Engineering, Qualys, … More

The post Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156) appeared first on Help Net Security.

Privacy is not a one-time, check the box activity

New research from ISACA reveals critical skills gaps and insufficient training. The survey report also explores past and future trends in privacy, offering insights into privacy workforce and skills, the use of privacy by design, and the organizational structure and composition of privacy teams. Privacy by design Survey findings—gathered in Q3 2020 from 1,873 professionals who work in data privacy or have knowledge of their organizations’ data privacy functions—show some positive trends for those enterprises … More

The post Privacy is not a one-time, check the box activity appeared first on Help Net Security.

The complexity of moving legacy apps remains a huge cloud migration challenge

85% of IT decision makers are planning to increase their IT budgets for 2021, with cloud migration as a priority, a Next Pathway survey reveals. 65% of companies indicate the initiative is a top three area of technology emphasis in 2021. Looking at specific applications, IT decision makers cited migrating their data warehouse to the cloud as the most important. The key themes revealed in the survey include: Cloud migration is a journey – Most … More

The post The complexity of moving legacy apps remains a huge cloud migration challenge appeared first on Help Net Security.

Isolation-based security technologies are gaining prominence

Cyberinc shared its insights into the key trends that will shape the cybersecurity industry in the coming year. With evolving tactics that increase the risk and impact of ransomware and phishing, combined with the new normal of remote workforces, Cyberinc CEO Samir Shah believes that remote browser isolation (RBI) will prove its value as a critical must-have enterprise technology in 2021. “As mass-scale ransomware and other malware attacks continue to make headlines, companies and IT … More

The post Isolation-based security technologies are gaining prominence appeared first on Help Net Security.

Most with in-house security teams are considering outsourcing security efforts

Syntax surveyed 500 IT decision-makers in the US on the impact of the COVID-19 pandemic on their businesses and strategic decisions they’ll make in 2021. 2020 was a year of unexpected and rapid digital transformation for IT leaders across industries. 89% of respondents report that the pandemic accelerated their enterprises’ digital transformation last year. As a result, IT teams are stretched even thinner implementing secure and collaborative work-from-home environments, onboarding new technologies, and managing their … More

The post Most with in-house security teams are considering outsourcing security efforts appeared first on Help Net Security.

Business executives targeted with Office 365-themed phishing emails

An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn. The compromised login credentials are likely then sold on those same forums for $250 per account (or even higher). The compromised accounts can be used to send out even more convincing phishing emails, perpetrate BEC scams, or collect sensitive information. … More

The post Business executives targeted with Office 365-themed phishing emails appeared first on Help Net Security.

Security researchers targeted by North Korean hackers

Over the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers working on vulnerability research and development at different companies and organizations, the Google Threat Analysis Group (TAG) has revealed on Monday. The hackers’ tactics The hackers, who Google TAG believes are backed by the North Korean government, first created a blog, populated it with posts write-ups about vulnerabilities that have been publicly disclosed, then … More

The post Security researchers targeted by North Korean hackers appeared first on Help Net Security.

Small security teams overwhelmed by onslaught of cyber attacks

Companies with small security teams, generally SMEs, are facing a number of unique challenges, placing these organizations at greater risk than their larger enterprise counterparts, according to Cynet. These enhanced risks are moving 100% of these companies to outsource at least some aspects of security threat mitigation in order to safeguard IT assets. In this survey of 200 CISOs at SMEs with five or fewer security staff members and cybersecurity budgets of $1 million or … More

The post Small security teams overwhelmed by onslaught of cyber attacks appeared first on Help Net Security.

Tailored AI-generated advice may stop the spread of misinformation

Warnings about misinformation are now regularly posted on Twitter, Facebook, and other social media platforms, but not all of these cautions are created equal. A research from Rensselaer Polytechnic Institute shows that artificial intelligence can help form accurate news assessments – but only when a news story is first emerging. Ineffective with with stories on frequently covered topics Researchers found that AI-driven interventions are generally ineffective when used to flag issues with stories on frequently … More

The post Tailored AI-generated advice may stop the spread of misinformation appeared first on Help Net Security.

Cybersecurity investments will increase up to 10% in 2021

A Canalys forecast predicts cybersecurity investments will increase 10% worldwide in the best-case scenario in 2021. Information security will remain a high priority this year, as the range of threats broadens and new vulnerabilities emerge, while the frequency of attacks is unlikely to subside. Cybersecurity market global forecast assumes current investment trends will persist. The first half of the year will be affected by ongoing lockdown restrictions and furloughs in response to the pandemic. COVID-19 … More

The post Cybersecurity investments will increase up to 10% in 2021 appeared first on Help Net Security.

Internet regulation: Not a matter of freedom of speech, but freedom to conduct business

Since 1997 (Reno vs. American Civil Liberties Union), the Supreme Court has used the metaphor of the free market of ideas to define the internet, thus addressing the regulation of the net as a matter of freedom of speech. In law, metaphors have a constitutive value and, once established, affect the debate and the decisions of the Courts for a long time. In a paper, Oreste Pollicino (Bocconi University) and Alessandro Morelli (Università Magna Graecia, … More

The post Internet regulation: Not a matter of freedom of speech, but freedom to conduct business appeared first on Help Net Security.

SonicWall hit by attackers leveraging zero-day vulnerabilities in its own products?

On Friday evening, SonicWall announced that it “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.” The network security company said that several of its products are impacted, but the day after let everyone know that some of those were not affected, after all. Affected devices “We believe it is extremely important to be transparent with our customers, our partners … More

The post SonicWall hit by attackers leveraging zero-day vulnerabilities in its own products? appeared first on Help Net Security.

Automation and no-code are driving the future of business operations

More than 95% of respondents indicated that business operations has become a more important function in their organization in the past year, a Tonkean survey reveals. The survey of 500 IT and business operations professionals at large and mid-sized companies also showed growing frustrations with the status quo of resources and tools to perform operations work. Lack of technical resources delaying projects 86% of respondents said their projects at least occasionally get delayed because of … More

The post Automation and no-code are driving the future of business operations appeared first on Help Net Security.

SCM market to reach $2.2B in total web and email security revenues by 2024

The Secure Content Management (SCM) market is expected to achieve an 11.4% compound annual growth rate to reach $2.2 billion in total web and email security revenues by 2024, according to Frost & Sullivan. Cloud-based deployments are projected to lead growth as more enterprises move their emails to the cloud and rely on the internet, including remote working, especially during COVID-19. Malicious email and web links remain the most popular attack vectors Malicious email and … More

The post SCM market to reach $2.2B in total web and email security revenues by 2024 appeared first on Help Net Security.

Retail and hospitality sector fixing software flaws at a faster rate than others

The retail and hospitality sector is fixing software flaws at a faster rate than five other sectors, a Veracode analysis of more than 130,000 applications reveals. The ability to find and fix potential security defects quickly is a necessity, particularly in an industry that requires rapid response to changing customer demands. Retail and hospitality also track a high volume of personal information about consumers through loyalty cards and membership accounts, tying into marketing data from … More

The post Retail and hospitality sector fixing software flaws at a faster rate than others appeared first on Help Net Security.

Organizations struggle to maintain application security across platforms

Global organizations are struggling to maintain consistent application security across multiple platforms, and they are also losing visibility with the emergence of new architectures and the adoption of APIs, Radware reveals. Working to maintain application security across platforms A major factor in these challenges was the need to adjust rapidly to a new remote working and customer engagement model that resulted from the pandemic, leaving decision makers little or no time to conduct adequate security … More

The post Organizations struggle to maintain application security across platforms appeared first on Help Net Security.

Financial institutions must prepare for increased risk of financial crime

LexisNexis Risk Solutions published survey results of U.S. and Canadian compliance professionals on the range of challenges that financial institutions have experienced during the COVID-19 pandemic. The survey outlines the issues that many financial institutions encounter today and finds that the pandemic continues to test the resilience and agility of businesses across every market. The top three issues that compliance departments within financial institutions have experienced during the pandemic are: 42% face difficulty accessing information … More

The post Financial institutions must prepare for increased risk of financial crime appeared first on Help Net Security.

3GPP standards enrich LTE and 5G with network architecture enhancements

Despite the impact of COVID-19, momentum for enhancements to LTE and 5G standards continue with additional releases from the Third Generation Partnership Project (3GPP). 5G Americas announced the publication of a white paper providing an update on the newest 3GPP releases launching the next chapter of 5G standardization and beyond. Many new features to be introduced For decades, 3GPP has maintained detailed mechanisms through standards which have enabled billions of worldwide users to access mobile … More

The post 3GPP standards enrich LTE and 5G with network architecture enhancements appeared first on Help Net Security.

Bugs in Signal, other video chat apps allowed attackers to listen in on users

Bugs in several messaging/video chat mobile apps allowed attackers to spy on targeted users’s surroundings. The vulnerabilities – in Signal, Google Duo, Facebook Messenger, JioChat, and Mocha – could be triggered by simply placing a call to the target’s device – no other action was needed. Searching for bugs in video chat apps In early 2019, Apple fixed a major logic bug (CVE-2019-6223) in its Group FaceTime feature. The bug, discovered by a Tucson high-schooler, … More

The post Bugs in Signal, other video chat apps allowed attackers to listen in on users appeared first on Help Net Security.

Most CISOs believe that human error is the biggest risk for their organization

53% of CISOs and CSOs in the UK&I reported that their organization suffered at least one significant cyberattack in 2020, with 14% experiencing multiple attacks, a Proofpoint survey reveals. This trend is not set to slow down, with 64% expressing concern that their organization is at risk of an attack in 2021. Those in larger organizations feel at greater threat, with this figure jumping to 89% amongst CSOs and CISOs from organizations over 2,500 employees … More

The post Most CISOs believe that human error is the biggest risk for their organization appeared first on Help Net Security.

IT leaders concerned about their ability to keep up with digital transformation

IT leaders have growing concerns about their ability to keep up with digital transformation, a Dynatrace survey of 700 CIOs reveals. Traditional IT operating models with siloed teams and multiple monitoring and management solutions are proving ineffective at keeping up with cloud-native architectures. As a result, teams waste time manually combining data from disparate solutions in a reactive effort to solve challenges instead of focusing on driving innovation. Key findings 89% of CIOs say digital … More

The post IT leaders concerned about their ability to keep up with digital transformation appeared first on Help Net Security.

Worldwide private LTE/5G infrastructure market to reach $5.7 billion in 2024

Private LTE/5G infrastructure is any 3GPP-based LTE and/or 5G network deployed for a specific enterprise/industrial customer that provides dedicated access. It includes networks that may utilize dedicated (licensed, unlicensed, or shared) spectrum, dedicated infrastructure, and private devices embedded with unique SIM identifiers. Private LTE/5G infrastructure carries traffic native to a specific organization, with no shared resources in use by any third-party entities. Worldwide revenue attributable to the sales of private LTE/5G infrastructure will grow from … More

The post Worldwide private LTE/5G infrastructure market to reach $5.7 billion in 2024 appeared first on Help Net Security.

Malwarebytes was breached by the SolarWinds attackers

A fourth malware strain wielded by the SolarWinds attackers has been detailed by Symantec researchers, followed by the disclosure of the attackers’ ingenous lateral movement techniques and the release of an auditing script by FireEye researchers that organizations can use to check their Microsoft 365 tenants for signs of intrusion. Then, on Tuesday, Malwarebytes CEO Marcin Kleczynski disclosed that the same attackers targeted and breached the company, but not through the compromised SolarWinds Orion platform … More

The post Malwarebytes was breached by the SolarWinds attackers appeared first on Help Net Security.

Protecting the remote workforce to be enterprises’ prime focus in 2021

Protecting the remote workforce will be enterprises’ prime focus in 2021, according to a Cato Networks survey of 2,376 IT leaders. IT teams struggled in the early days of the pandemic, rushing to meet the urgent need for widespread remote access. Connecting users often came at the expense of other factors, such as security, performance, and management. As 81% of respondents expect to continue working-from-home (WFH), 2021 will see enterprises address those other areas, evolving … More

The post Protecting the remote workforce to be enterprises’ prime focus in 2021 appeared first on Help Net Security.

Companies turning to MSPs as attack vectors get more sophisticated

Research from Infrascale reveals new information security insights important to MSPs in the new year. The research survey highlights business executive input, from a security perspective, on COVID-19, on cloud adoption, and on standards compliance. As 65% of those surveyed have seen an increase in information security breaches in their industry since the pandemic began, it’s not surprising that even more, 74% of all respondents, have chosen caution and implemented new infosec technology. A robust … More

The post Companies turning to MSPs as attack vectors get more sophisticated appeared first on Help Net Security.

Research team develops fast and affordable quantum random number generator

An international research team has developed a fast and affordable quantum random number generator. The device created by scientists from NUST MISIS, Russian Quantum Center, University of Oxford, Goldsmiths, University of London and Freie Universität Berlin produces randomness at a rate of 8.05 gigabits per second, which makes it the fastest random number generator of its kind. The study is a promising starting point for the development of commercial random number generators for cryptography and … More

The post Research team develops fast and affordable quantum random number generator appeared first on Help Net Security.

Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning

Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices. “Some of the bigger users of Dnsmasq are Android/Google, Comcast, Cisco, Red Hat, Netgear, and Ubiquiti, but there are many more. All major Linux distributions offer Dnsmasq as a package, but some use it more than others, e.g., in OpenWRT it … More

The post Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning appeared first on Help Net Security.

Product showcase: Pentest Robots

Security testing automation is not about building tech to replace humans. We don’t adhere to that limiting view because it fails to capture the complexity and depth of security testing. Instead, we believe automation should enhance uniquely human abilities such as critical thinking and subjective judgment. A good pentester can never be replaced by a robot. But a robot can make them exponentially more effective. Here’s what we mean. How Pentest Robots work Security pros … More

The post Product showcase: Pentest Robots appeared first on Help Net Security.

Visibility, control and governance holding back cloud transformation

While 91% of organizations were successful in increasing security as a result of adopting cloud services, it remains a top concern for many, a part two of an Aptum study reveals. The report identifies common security, compliance and governance challenges impacting organizations undergoing cloud transformation. The research reveals that 51% of survey respondents see security as the main driver behind cloud adoption. However, 38% cite security and data protection as the primary barrier to cloud … More

The post Visibility, control and governance holding back cloud transformation appeared first on Help Net Security.

Worldwide SD-WAN market to reach valuation of $53 billion by end of 2030

A software-defined wide area network is a type of computer network that allows the bounding of multiple internet access resources, such as cables, digital subscriber lines (DSL), and cellular or any other IP transport to provide high throughput data channels. WAN solutions improve application performance, reducing costs, increasing agility, and addressing various IT challenges. Enterprises are adopting SD-WAN solutions for threat protection, efficient offloading of expensive circuits, and simplification of WAN network management. IT infrastructure … More

The post Worldwide SD-WAN market to reach valuation of $53 billion by end of 2030 appeared first on Help Net Security.

How to defend against today’s top 5 cyber threats

Cyber threats are constantly evolving. As recently as 2016, Trojan malware accounted for nearly 50% of all breaches. Today, they are responsible for less than seven percent. That’s not to say that Trojans are any less harmful. According to the 2020 Verizon Data Breach Investigations Report (DBIR), their backdoor and remote-control capabilities are still used by advanced threat actors to conduct sophisticated attacks. Staying ahead of evolving threats is a challenge that keeps many IT … More

The post How to defend against today’s top 5 cyber threats appeared first on Help Net Security.

Vulnerability management isn’t working for cloud security: Here’s how to do it right

Three things in life are seemingly guaranteed: death, taxes and high-profile cloud security breaches. But there is no reason why public cloud or hybrid cloud breaches must remain so stubbornly persistent. The fact is that we understand why these incidents keep occurring: managing risk and vulnerabilities within dynamic cloud environments isn’t easy. The difficulty of this challenge is magnified by the competitive imperative to migrate to the public cloud quickly. It is further compounded by … More

The post Vulnerability management isn’t working for cloud security: Here’s how to do it right appeared first on Help Net Security.

How do I select a fraud detection solution for my business?

The rapid increase in digital use created a perfect storm for fraudsters to quickly find new ways to steal funds, capitalizing on consumers’ lack of familiarity with digital platforms and the resource constraints faced by many businesses. In fact, from January 2020 to early January 2021, the Federal Trade Commission released that consumers reported over 275,000 complaints resulting in more than $210 million in COVID-19-related fraud loss. Because of this, it’s critical for businesses to … More

The post How do I select a fraud detection solution for my business? appeared first on Help Net Security.

Enterprises move on from legacy approaches to software development

Application development and maintenance services in the U.S. are evolving to meet changing demands from enterprises that need dynamic applications with rich user interfaces, according to a report published by Information Services Group. The report for the U.S. finds the growing ranks of companies undergoing digital transformation want to modernize their software portfolios and continuously update their applications. Meeting requirements through next-generation ADM services Service providers are meeting these requirements through next-generation ADM services, which … More

The post Enterprises move on from legacy approaches to software development appeared first on Help Net Security.

Malware incidents on remote devices increase

52% of organizations experienced a malware incident on remote devices in 2020, up from 37% in 2019, a Wandera report reveals. Of devices compromised by malware in 2020, 37% continued accessing corporate emails after being compromised and 11% continued accessing cloud storage, highlighting a need for organizations to better determine how to configure business tools to ensure fast and safe connectivity for all users in 2021. Other findings In 2020, 28% of organizations were regularly … More

The post Malware incidents on remote devices increase appeared first on Help Net Security.

Public cloud IT infrastructure revenue increasing

Vendor revenue from sales of IT infrastructure products (server, enterprise storage, and Ethernet switch) for cloud environments, including public and private cloud, increased 9.4% year over year in the third quarter of 2020 (3Q20), according to IDC. Investments in traditional, non-cloud, IT infrastructure declined -8.3% year over year in 3Q20. These growth rates show the market response to major adjustments in business, educational, and societal activities caused by the COVID-19 pandemic and the role IT … More

The post Public cloud IT infrastructure revenue increasing appeared first on Help Net Security.

Phishers count on remotely hosted images to bypass email filters

Loading remotely hosted images instead of embeedding them directly into emails is one of the latest tricks employed by phishers to bypass email filters. Phishers are always finding new ways trick defenses Phishing emails – especially when impersonating popular brands – contain widely known brand logos and other images to give the illusion of having been sent by legitimate organizations. Images have also been used for ages as a way to circumvent an email’s textual … More

The post Phishers count on remotely hosted images to bypass email filters appeared first on Help Net Security.

Fraudulent attempt purchase value decreased by $10 in 2020 compared to 2019

There has been a 24 percent increase in eCommerce transactions globally in December 2020 compared to December 2019, ACI Worldwide reveals. In particular, eCommerce transactions in the retail sector increased 31 percent and the gaming sector increased 90 percent, comparing December 2020 with December 2019. BOPIS fraud also seeing a significant increase While many merchants initially implemented the buy online, pick up in store (BOPIS) delivery channel during the pandemic, those that already had this … More

The post Fraudulent attempt purchase value decreased by $10 in 2020 compared to 2019 appeared first on Help Net Security.

Revenue for 5G enterprises in the Asia-Pacific region to reach $13.9B by 2024

Mega trends across the government and public sector, healthcare, manufacturing, and telecommunications are posing new challenges to end users in vertical industries in the Asia-Pacific region, Frost & Sullivan finds. These changes are pushing enterprises to transform and enable new use cases that are critical in supporting and optimizing enterprise business processes to improve business efficiency. In addition to impacting mega trends, the COVID-19 pandemic is driving the need for critical and vital broadband, remote … More

The post Revenue for 5G enterprises in the Asia-Pacific region to reach $13.9B by 2024 appeared first on Help Net Security.