Automatic Number-Plate Recognition System Exposes 9 Million Records

Sheffield City Council's automatic number-plate recognition (ANPR) system in the UK exposed 8.6 million records of road journeys made by thousands of people, The Register reports. 

from Cyber Security News https://ift.tt/2KRfUKR

Bryan MacDonald Promoted to Vice President of Information Services at Schweitzer Engineering Laboratories

Bryan MacDonald has been promoted to Vice President of Information Services at Schweitzer Engineering Laboratories (SEL). 

from Cyber Security News https://ift.tt/2SomE7g

How to Detect & Prevent Cyberattackers from Exploiting Web Servers via Web Shell Malware

A new NSA guide contains valuable information on how to detect and prevent web shell malware from affecting web servers, including detection, prevention and response strategies.

from Cyber Security News https://ift.tt/3bVMTtt

National Security Agency Releases Cybersecurity Guidance for Remote Workers

The U.S. National Security Agency (NSA) has released cybersecurity guidance, containing a snapshot of current, commercially-available collaboration tools available for telework use, along with a list of security criteria to consider when selecting which capability to leverage.

from Cyber Security News https://ift.tt/3dayie5

Marc Gruzenski Joins The McLean Group to Lead its Security Practice

The McLean Group announced that Marc Gruzenski has joined the firm as Senior Managing Director. Gruzenski will lead the firm’s Security Practice focused on the cybersecurity, physical security and security risk management sectors.

from Cyber Security News https://ift.tt/3cYht5M

War at Home: How U.S. Corporations are on the Front Lines of the Silent War on Privacy

The four individuals who were identified and indicted by the Trump Administration in relation to the Equifax breach from 2017 is yet another example of the overt collection efforts by the Chinese government to steal Americans’ sensitive personal information. The openness of the U.S. government to share these examples should help bring the reality of cyber threats to the forefront in corporate board rooms and research universities. I would like to highlight that these particular attacks were conducted for a different goal – espionage.

from Cyber Security News https://ift.tt/3aTz51k

Vishing and Cybercriminals during COVID-19

While the COVID-19 pandemic has resulted in an upshot of all types of scams, no one is talking about vishing and how cybercriminals can use vishing to further scam the public?

from Cyber Security News https://ift.tt/2Yj5fRa

Protecting VPNs from DDoS Attacks in the Age of Remote Work

As a result of the COVID-19 pandemic, more people than ever are working remotely. Because of this recent and rapid transition, users are accessing corporate resources from their homes and generating unprecedented amounts of network traffic. IT departments face increased pressure to ensure business continuity by providing remote users with access to essential corporate applications and services through Virtual Private Networks (VPNs), which are designed to provide access to private networks through shared or public networks.

from Cyber Security News https://ift.tt/2zKvTZ3

ICA Offers New Cybersecurity Risk Management Program as Global Threat Increases

The International Compliance Association (ICA), a professional body for the global regulatory and financial crime compliance community, has partnered with the International Cyber Threat Task Force (ICTTF) to offer a new program in cyber risk management.

from Cyber Security News https://ift.tt/3bPYL07

New Dashlane Survey: Majority of Americans Feel More at Risk Online Due to COVID-19

A new survey that looks at consumer sentiment and habits around online security in light of the shift to remote work due to COVID-19 has found that the lines between our personal and professional lives are blurring now more than ever. 

from Cyber Security News https://ift.tt/2zM7T81

John Jay College Cyber-Terrorism Project Selected for New Homeland Security Center of Excellence

A John Jay College of Criminal Justice project on cyber-terrorism is one of 13 selected by the Department of Homeland Security as part of the National Counterterrorism Innovation, Technology, and Education (NCITE) Center, a new DHS Center of Excellence. The project will be housed at the University of Nebraska at Omaha.

from Cyber Security News https://ift.tt/3bQFKun

Brian Phillips Named Director of Global Security Strategy at Traction Guest

Traction Guest, a leader in cloud-based solutions for enterprise visitor management systems (VMS), announced Brian Phillips as director of Global Security Strategy. 

from Cyber Security News https://ift.tt/3aQ7SfK

ExecuPharm, Subsidiary of US Biopharmaceutical Giant Parexel, Hit by Ransomware Attack

ExecuPharm, a subsidiary of the U.S. Biopharmaceutical giant Parexel, has been hit by a ransomware attack according to a recent announcement made by the company.

from Cyber Security News https://ift.tt/2VMr3CV

EL AL Airlines: Integrating Security into CI/CD with Seeker IAST from Synopsys

EL AL Israel Airlines Ltd. has over 6,000 employees and is the national air carrier of Israel, carrying over 5.5 million passengers a year. EL AL faces cyberthreats on a regular basis and must maintain the highest levels of application security to prevent these threats from endangering the privacy and safety of its passengers.

from Cyber Security News https://ift.tt/2VNGnQ3

Digital Shadows Research: Cybercriminals Profiting from COVID-19 Charities

New Digital Shadows research takes a look at how cybercriminals may be profiting from COVID-19 charities. 

from Cyber Security News https://ift.tt/35hQfVm

MSPs are the Latest Ransomware Target: Are You Safe?

Ransomware is costing businesses—in ransom, yes, but also in downtime, the cost of which is typically 23 times greater than the ransom requested. The attacks are affecting large organizations and cities including Atlanta and Baltimore. Cybercriminals aren’t just attacking end-users; MSPs are the latest on the hit list.

from Cyber Security News https://ift.tt/2zHktoV

Effective Security Design and Operation of Emergency Facilities

The COVID-19 pandemic of 2020 has challenged our global society in many ways. It is truly a unique and unprecedented situation of our time, which requires communities around the world to come together to defeat the virus.

from Cyber Security News https://ift.tt/2W6uBPu

David Bradbury Named Chief Security Officer at Okta

Identity company Okta has hired its newest chief security officer, David Bradbury.

 

from Cyber Security News https://ift.tt/2zym8wO

COVID-19 Proves It’s Time for the IRS to Stop Identity Fraud at the Front Door

In light of the reports of theft of COVID-19 stimulus checks (which one headline called “​pure hell”​ ), it’s instructive to look back at recent breaches of IRS systems and processes.

from Cyber Security News https://ift.tt/2KFvWHK

Cybersecurity Pros are Being Reassigned to IT During COVID-19 Pandemic

Cybersecurity professionals, responsible for securing their organizations’ digital assets, are seeing their job function has changed during the coronavirus pandemic, new research shows. Ninety percent say they are now working remotely full-time.

from Cyber Security News https://ift.tt/2Ym94Fr

3 Ways to Fortify Cyber Resilience amid COVID-19

The COVID-19 pandemic has created an environment in which malicious cyber actors thrive. They are exploiting today’s uncertainty and anxiety through ransomware attacks, phishing campaigns, social engineering and financially-motivated scams. Although we are living in unprecedented times, the cyber threats we face and the malicious actors we defend against are not new. But the globe’s singular focus on COVID-19 may make us the proverbial fish in a barrel for bad actors.

from Cyber Security News https://ift.tt/2ySRMom

Leaders Value Strong Security Culture But Struggle to Define and Implement It

New KnowBe4 study, The Rise of Security Culture, finds that the majority of security leaders (94 percent) say security culture is important for business success, but have yet to merge their security strategies with their overall business strategies.

from Cyber Security News https://ift.tt/2YdiPWd

4 Trends for Building and Operating a Security Operations Center

Mimecast Limited released the latest report from the Cyber Resilience Think Tank highlighting four trends for building and operating a Security Operating Center (SOC).

from Cyber Security News https://ift.tt/2KHdwX3

Ankur Rawat Named Chief Information Officer at Siemens Government Technologies

Siemens Government Technologies (SGT) announced that Ankur Rawat has been appointed its Chief Information Officer.

from Cyber Security News https://ift.tt/2VHKM6R

Brian Hobbs Named Global Chief Information Officer at Gibbs & Cox, Inc.

Gibbs & Cox, Inc., a leader in naval architecture and marine engineering, announced that Brian Hobbs, a cybersecurity and information technology executive, has joined the company as Chief Information Officer.  

from Cyber Security News https://ift.tt/2YibuF3

Cybersecurity Whistleblowing in a Pandemic

While employees are the key to identifying cybersecurity vulnerabilities quickly, many companies have failed to create a welcoming environment for whistleblowers. During COVID-19, how can you safely blow the whistle?

from Cyber Security News https://ift.tt/3cSBeeZ

Securing Industrial Systems: Segment IT and OT Networks

To detect and contain breaches faster, it’s become increasingly important to go beyond the typical malware detection capabilities and invest in the ability to detect and react to lateral movement within the environment. Lateral movement is a core piece of an attacker’s strategy once he’s gained a foothold within the environment. What three steps can you take to help stop lateral movement focus on security measures that minimize dwell time?

from Cyber Security News https://ift.tt/2W71zPB

Good Security News -- Share Your Stories!

Good Security News!!! We want to spread the word about positive interactions taking place, including within the security community, during this difficult time in our world.

from Cyber Security News https://ift.tt/3bJoF5w

New Study Examines the Adoption and Abandonment of Security, Privacy & Identity Theft Protection Practices

To find out why people adopt and then sometimes abandon online safety measures, researchers from the University of Michigan School of Information and NortonLifeLock’s Research Group surveyed more than 900 people about their use of 30 commonly recommended practices to guard against security, privacy and identity theft risks.

from Cyber Security News https://ift.tt/2yL9lqw

CISA Guide to Pandemic Response: Critical Infrastructure Operations Centers and Control Rooms

The Cybersecurity and Infrastructure Security Agency (CISA) has released a guide, Critical Infrastructure Operations Centers and Control Rooms Guide for Pandemic Response, geared towards all 16 critical infrastructure sectors.

from Cyber Security News https://ift.tt/2yMsIzC

How to Protect Your Organization from Ransomware

Ransomware. It may be the most feared word of security and risk managers. After countless headlines and costs of over 11.5 billion dollars in 2019 alone, organizations around the world are understandably terrified of being hit by a ransomware attack. What are four steps you can take to protect against ransomware?

from Cyber Security News https://ift.tt/2Y92G4b

SBA Loan Application Data Breach: What You Can Do

On April 21, the Small Business Administration (SBA) revealed that around 8,000 small business loan applicants had their potentially sensitive information exposed in a data leak affecting the website being used to host the online application.

from Cyber Security News https://ift.tt/3cV1tBJ

Most UK Remote Workers Haven't Had Cybersecurity Training in Past Year

The COVID-19 pandemic has brought a fresh wave of cyberattacks targeting remote workers, but a lack of training has resulted in the majority not taking threats seriously

from Cyber Security News https://ift.tt/2KypmCO

Kaspersky Finds 30% of IT Security Managers Missed Important Personal Events due to Data Breaches

The latest Kaspersky report highlights the ‘human side’ of cybersecurity incidents by examining the discomfort and losses employees face following corporate breaches.

from Cyber Security News https://ift.tt/2VCbcqO

New York Universities Ramp up Entry to Computer Science and Cybersecurity Careers

Four New York City graduate schools have signed onto a groundbreaking intensive online program that quickly and inexpensively prepares students without computer science backgrounds to enter master’s degree programs in high-demand fields of cybersecurity, data science, and computer science.

from Cyber Security News https://ift.tt/2S2xP5e

15% of Small Businesses Experienced a Cybersecurity Threat in 2019

Nearly one-fifth of small businesses say they experienced either a hack, virus, or data breach in 2019, according to new data from The Manifest, a B2B news and how-to site.

from Cyber Security News https://ift.tt/3eM2IEU

NY Department of Financial Services Issues Guidance Regarding Cybersecurity Awareness during COVID-19

The New York Department of Financial Services (DFS) issued guidance to its regulated entities regarding heightened cybersecurity awareness as a result of the COVID-19 pandemic.

from Cyber Security News https://ift.tt/3bGygu8

DOJ Announces Disruption of Hundreds of Online COVID-19 Related Scams

Federal authorities announced that an ongoing cooperative effort between law enforcement and a number of private-sector companies has disrupted hundreds of internet domains used to exploit the COVID-19 pandemic to commit fraud and other crimes.

from Cyber Security News https://ift.tt/2YdRMdB

Staying Protected While Connected – Video Conferencing Best Practices for Businesses and Consumers

As with all digital and online tools, there are inherent security risks associated with utilizing video conferencing platforms. What are some concrete steps that consumers and organizations alike can take now to improve security while video conferencing?

from Cyber Security News https://ift.tt/2VwVnBv

Zoom Announces New Security and Privacy Updates for its Platform

Zoom has announced robust security enhancements with the upcoming general availability of Zoom 5.0 as part of their 90-day plan to proactively identify, address and enhance the security and privacy capabilities of the Zoom platform.

from Cyber Security News https://ift.tt/3eEIoW5

Darrin E. Jones Named Executive Assistant Director of the Science and Technology Branch

FBI Director Christopher Wray has named Darrin E. Jones as the executive assistant director of the Science and Technology Branch at FBI Headquarters in Washington, D.C. Mr. Jones most recently served as the assistant director of the Information Technology Infrastructure Division.

from Cyber Security News https://ift.tt/3bsSmHY

FBI: Online Extortion Scams Increasing during Coronavirus

The Federal Bureau of Investigation (FBI) has posted a Public Service Announcement (PSA) noting that the Internet Crime Complaint Center (IC3) has seen an increase in reports of online extortion scams during the current "stay-at-home" orders due to the COVID-19 crisis.

from Cyber Security News https://ift.tt/2VXsZaW

Data Breach Report: Kinomap, Exercise App, Exposes 42 Million User Records

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a data breach belonging to the exercise technology company Kinomap. In total, the database was leaking more than 42 million records, affecting people all over the world.

from Cyber Security News https://ift.tt/2KF4ABL

When Efficiency is the Outcome of Enhanced Security

According to Verizon's 2019 Mobile Security Index report, two-thirds of organizations said they are less confident about the security of their mobile assets than other devices. Many of these breaches occur due to vulnerable devices, servers and applications that allow bad actors to gain access. Security breaches and the threat of compromise are a serious issue for organizations of all sizes.

from Cyber Security News https://ift.tt/3bxD3xF

Jim Miller Appointed Chief Technology Officer for Wayfair Inc.

Wayfair Inc. named Jim Miller Chief Technology Officer, making permanent a role he has held on an interim basis since August 2019. As CTO, Miller will continue to provide strategic direction and leadership for the rapid scaling of Wayfair’s best-in-class tech operations.

from Cyber Security News https://ift.tt/2VrxuLy

Bitdefender: Spearphishing Campaigns Targeting Oil and Gas Industry

Bitdefender researchers have recently found spearphishing campaigns, either impersonating a well-known Egyptian engineering contractor or a shipment company, dropping the Agent Tesla spyware Trojan. 

from Cyber Security News https://ift.tt/2wYAWnA

309 Million Facebook User Profiles Sold on Dark Web and Hacker Forums

Threat actors are selling more than 309 million Facebook profiles for $623 on dark web sites and hacker forums. 

from Cyber Security News https://ift.tt/2Vs0nHt

NFL: Cybersecurity Concerns as Draft Moves Online

As the NFL takes its Draft Day operations online this Thursday, April 23, 2020, many head coaches and cybersecurity experts say teams are vulnerable to online mischief-makers, according to a Reuters report. 

from Cyber Security News https://ift.tt/3eKrMfm

Top 10 Largest Data Breaches

Since 2005, the US has seen over 10 billion data breaches take place. A new study, conducted by Omnisend, has revealed the US companies that have had the largest number of data breaches across America. 

from Cyber Security News https://ift.tt/3bt8Hwd

5 Minutes with Sounil Yu, CISO-in-Residence at YL Ventures

After a seven-year tenure as Chief Security Scientist at Bank of America, Sounil Yu joined YL Ventures as Chief Information Security Officer-in-Residence. What is his main focus in his new role and what are his initial priorities over the next six months?

from Cyber Security News https://ift.tt/2Ku9npb

Malware Bytes: Online Credit Card Skimming Increased by 26% in March 2020

With COVID-19 lockdown measures in place throughout the globe, online shopping has soared and along with it, credit card skimming. According to Malwarebytes data, web skimming increased by 26 percent in March over the previous month.

from Cyber Security News https://ift.tt/2XVsyQS

Expanding Trust in Mobile Devices

For many people, their mobile device, serves as their primary computer in day-to-day life. Modern mobile devices offer a rich, flexible set of features and allow users to add new features just by downloading applications.

from Cyber Security News https://ift.tt/2Kz06wt

Observing Privilege to Reduce Risk in Software-as-a-Service (SaaS)

Risk remains the top concern for organizations adopting software-as-a-service (SaaS) models and this is an issue that is only getting worse. What is needed today is the ability to remove the dependency on human behavior and human error, bringing control back to the security team.

from Cyber Security News https://ift.tt/2RTHlru

Risk Management, Insider Threats and Security Leaders in the Age of COVID-19

As COVID-19 has forced organizations to suddenly halt operations or institute work-from-home initiatives, there is greater opportunity for security incidents and greater data security responsibility with less direct oversight. Remote work poses its own challenges for enterprise risk managers, as well, such as addressing evolving vulnerabilities and threats unique to new environments. One area that will need to be monitored now more than ever is that of the insider threat, argue many enterprise security leaders. 

from Cyber Security News https://ift.tt/34SetoC

Holly Walters Promoted to Chief Information Officer and Group VP of Information Services at Toyota Motor North America

Holly Walters has been promoted to Chief Information Officer and Group Vice President of Information Systems for Toyota Motor North America. In her new role, Walters will oversee the company’s information systems, solutions and technology.

from Cyber Security News https://ift.tt/2yxrub6

DOJ and FBI Warn of Potential for Videoconferencing Hacking during Coronavirus Pandemic

The US Federal Bureau of Investigation and Attorney William M. McSwain warned the community about the potential for hackers to invade and disrupt videoconference meetings that are taking place as Americans use video-teleconferencing (VTC) platforms to conduct online meetings during the coronavirus pandemic.

from Cyber Security News https://ift.tt/2yxrt72

FBI Warns Popular Social Media Trends can Lead to Fraud

The FBI Charlotte, N.C. office is warning social media users to pay close attention to the information they share online. A number of trending social media topics seem like fun games, but can reveal answers to very common password retrieval security questions, says the FBI, as fraudsters can leverage this personal information to reset account passwords and gain access to once-protected data and accounts.

from Cyber Security News https://ift.tt/3aq0APC

Google Blocks 18 Million COVID-19 Related Scam Emails Each Day

Google says that Gmail blocks more than 100 million phishing emails per day. Now, Google is seeing 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages.

from Cyber Security News https://ift.tt/2XPrq1d

CISA Releases Version 3.0 of Guidance on Essential Critical Infrastructure Workers during Covid-19

The Cybersecurity and Infrastructure Security Agency (CISA) released version 3.0 of the Essential Critical Infrastructure Workers guidance to help state and local jurisdictions and the private sector identify and manage their essential workforce while responding to COVID-19.

from Cyber Security News https://ift.tt/2zaT5ze

Amy Tong Reappointed California's Director of Technology

Calif Governor Gavin Newsom announced that Amy S. H. Tong has been reappointed director of the California Department of Technology, where she has served as director since 2016.

from Cyber Security News https://ift.tt/2RQDk6W

The Executive Women's Forum announces its 18th Annual Conference and Women of Influence Awards

The Executive Women's Forum on Information Security Risk Management & Privacy (EWF) announces its 18th Annual Conference "Empowering Women In Cybersecurity, Risk And Privacy: Enhancing Business Resilience And Trust," to be held October 20-22, 2020 in Scottsdale, Ariz.

from Cyber Security News https://ift.tt/2XL8TmJ

CISA Issues Alert on North Korean Cybersecurity Threat

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to the international community, network defenders and the public of the North Korean cyber threat.

from Cyber Security News https://ift.tt/34KKy1V

Scams and Phishing Attacks Grow as People Operate Online due to COVID-19

Due to COVID-19, there are more Americans conducting life online than ever before – over 70 percent are teleworking, and of that, 34 percent have been granted telework options who would otherwise not have had them – but 62 percent have signed up for new tools and platforms to work, study or play.

from Cyber Security News https://ift.tt/2VEyMBJ

UW-Superior to Offer Online Master’s Degree in Cybersecurity

The University of Wisconsin-Superior is introducing a completely online Master of Science in Cybersecurity this fall.

from Cyber Security News https://ift.tt/2REMR15

The Biggest Cybersecurity Mistakes CISOs Might be Making Today

Even if a Chief Information Security Officer (CISO) performs 99 percent of their tasks perfectly, there is still plenty of opportunity to make mistakes. When companies have unpatched vulnerabilities, or incorrect configurations, or other holes in their security tactics (not to mention the "set it and forget it” mentality after deployment)—security management can quickly become a CISO’s nightmare. This is why it's so important for leaders to consider the following when developing the right security approach for their organizations. 

from Cyber Security News https://ift.tt/3ai4bzn

Bryan Jones Named Chief Technology Officer at the Office of Experience

The Office of Experience (OX), a Chicago, Ill.-based design and digital innovation agency, announced that it has named Bryan Jones as Chief Technology Officer. Jones comes to OX most recently from the Marketing Store, where he served as Global Chief Technology Officer delivering product solutions for McDonalds, Nissan and T-Mobile.

from Cyber Security News https://ift.tt/2xrPo83

Cybersecurity Hygiene Requirement Meets Its Toothbrush

CEOs cite cybersecurity as the biggest threat to the world economy and as a result, the global spend in cybersecurity is expected to surpass $1 trillion by 2021. An enterprise cyber attack can turn into a catastrophe in a matter of hours, potentially damaging any business at any point in time. As we see from the past few years, the greatest have already fallen.

from Cyber Security News https://ift.tt/2z3QzL7

GAO: DOD Needs to Take Decisive Actions to Improve Cybersecurity Hygiene

The Government Accountability Office (GAO) has released a new report, noting that the Department of Defense (DOD) has not fully implemented three of its key initiatives and practices aimed at improving cybersecurity hygiene and is at risk of cyberattacks.

from Cyber Security News https://ift.tt/2VdGfIY

Lookout Research: Nation-State Mobile Malware Targets Syrians with COVID-19 Lures

Lookout researchers have uncovered a long-running surveillance campaign tied to Syrian nation-state actors, which recently started using the novel coronavirus as its newest lure to entice its targets to download malware. This campaign appears to have been active since the start of January 2018, and targets Arabic-speaking users, likely in Syria and the surrounding region.

from Cyber Security News https://ift.tt/34H2NVR

Coronavirus-Related Spear Phishing Attacks See 667% Increase in March 2020

Barracuda researchers have seen a steady increase in the number of coronavirus or COVID-19-related spear-phishing attacks since January 2020, but they have observed a recent spike in this type of attack, up 667-percent since the end of February 2020.

from Cyber Security News https://ift.tt/2RGEGBm

Chris Williamson Named Field Chief Technology Officer at FNTS

FNTS, managed IT services provider, has announced Chris Williamson as Field Chief Technology Officer (CTO). As a member of the FNTS executive team, Williamson will assist the leading cloud, mainframe and IT managed services provider in developing strategic partnerships and long-term digital transformation initiatives with clients.

from Cyber Security News https://ift.tt/2VdGmEo

The Skimmer Scam: How to Stay Safe

You lean back in your office chair during your lunch break, sipping your second (or third) cup of coffee, and decide to check your credit card account balance, just to keep on top of things. You log in to your account and stare at the numbers. Something isn’t right. There must be some mistake, you think. Your balance is significantly lower than it should be.

You check your wallet. None of your cards are missing. How could someone have stolen your money without access to your physical credit card? With technology, of course ─ in this case, a credit card skimmer.

Know the Facts

A skimmer is a diabolically ingenious little device that looks like a real card slot, the kind that you stick your card into when you’re paying for gas or withdrawing money from an ATM. The skimmer fits over the real card slot, and when you insert your card, it collects all the information. Skimmers range from cheap-looking pieces of tech to high-end mimics of genuine card slots.

Some skimmers work in conjunction with tiny cameras, which record PIN numbers while the skimmer captures key data with a magnetic reader. While the alert consumer can sometimes spot these devices, many of today’s distracted, busy users never suspect them at all, until it’s too late.

Crunch the Numbers

According to the United States Secret Service, ATM fraud losses come to around $350,000 or more each day of the year, and card skimming is responsible for over 80% of that total. Thieves that use skimmers usually install them at self-service, point-of-purchase machines like gas station pumps or ATMs. Lots of people come through these areas, so the criminals can blend in easily as they install and reclaim their device.

Dare to Compare

Your best defense against this kind of theft is vigilance. Whenever you use an ATM or gas pump card slot, take a look around first. Note what the other gas pump card slots look like. Do they differ from yours? If so, your pump or the one next to you may have a skimmer attached.

At ATMs, the bank sometimes posts a photo of the card slot to show you what it should look like. If it looks different, there may be a skimmer present. However, keep in mind that thieves could always post their own photo over the original to throw you off.

Spot the Skimmer

Note the color of the rest of the machine. If the card slot and the area immediately surrounding it don’t seem to match in hue, weather wear, or style, you may be looking at a skimmer. Even if you just have an odd feeling about the setup, trust your gut feeling. Find another ATM or an alternative gas station. You might just save yourself the hassle and stress of ATM fraud on your account.

Give Them Some Credit

When you pay for gas, use your credit card instead of your debit card. For a credit card, you only have to enter your ZIP code, whereas with a debit card you have to type in your PIN. A hidden camera could collect that keypad information easily.

Watch your credit card and bank accounts carefully, checking them every day. Your vigilance enables you to alert your financial institution if any fraud does occur. The faster you notify them of a problem, the sooner they can investigate and return your money to you.

from We Hate Malware https://ift.tt/34GfvnV

Information Security Forum: Nine Cybersecurity Threats Organizations can Expect Through 2022

The Information Security Forum (ISF), a London-based authority on cybersecurity, information security and risk management has released Threat Horizon 2022, which highlights nine major threats, broken down into three themes, that organizations can expect to face over the next two years as a result of increasing developments in technology. 

from Cyber Security News https://ift.tt/2RIsKit

Want to Avoid Being Scapegoated For the Next Breach? You Need Total Trust Alongside Zero Trust

You are a new Chief Information Security Officer (CISO) in the financial services industry. You are excited about the job but anxious due to the scale of the cyber threat from a range of actors: lone-wolf hackers, organized crime syndicates, governments and their proxies, and insiders. As you think through your game plan for addressing these threats, what’s your most important first step?

from Cyber Security News https://ift.tt/2VuDfXQ

Americans See Spread of Disease as Top International Threat, with Terrorism, Nuclear Weapons, Cyberattacks

Americans continue to see many international issues – including terrorism, the spread of nuclear weapons and cyberattacks – as major threats to the well-being of the nation, says new data from Pew Research.

from Cyber Security News https://ift.tt/2wDCV0m

Zoom Database of Credentials up for Sale on Dark Web Forums, Says Report

In a recent investigation of deep and dark web forums, IntSights researchers came across a cybercriminal who shared a database containing more than 2,300 usernames and passwords to Zoom accounts.

from Cyber Security News https://ift.tt/2VaCPXH

Eve Maler Named Chief Technology Officer at ForgeRock

ForgeRock, provider in digital identity, announced the appointment of Eve Maler as Chief Technology Officer. Maler joins ForgeRock’s senior leadership team to deliver deep insight into the technology trends that will impact the company’s business and enable innovation that helps its customers create great digital experiences. 

from Cyber Security News https://ift.tt/2Vy7VqW

Andy Palan Appointed Chief Technology Officer at AdaptHealth Corp.

AdaptHealth Corp., a large provider of home medical equipment (“HME”) in the United States, announced the appointment of Andy Palan as its first Chief Technology Officer

from Cyber Security News https://ift.tt/3b7l3Km

Two Manitoba, Canada Law Firms Hit by Maze Ransomware

Two unnamed Manitoba, Canada law firms have been hit by a Maze ransomware attack which has locked their computers and their cloud backup. 

from Cyber Security News https://ift.tt/2RC23vF

Enhancing Physical Security with Wireless Video

When it comes to wireless video surveillance, security professionals face no end of hurdles.

from Cyber Security News https://ift.tt/2RH6Qwa

Security Deemed Essential in DHS CISA Guidelines

The U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) released a notice explicitly mentioning the security industry. 

from Cyber Security News https://ift.tt/2RCdDqF

DoJ and IRS Warn Taxpayers of Potential Scams in Relation to COVID-19 Economic Impact Payments

Recently, the U.S. Attorney’s Office for the Western District of Louisiana and the Internal Revenue Service – Criminal Investigation (IRS-CI) cautioned taxpayers of the opportunity for criminals to steal economic impact payments through various means of deception.

from Cyber Security News https://ift.tt/3acRg1r

Roger Hale Joins BigID as Chief Security Officer

BigID, data-centric personal data privacy and protection company, announced the appointment of Roger Hale to Chief Security Officer. As CSO, Roger brings more than 35 years of information security experience spanning venture capital, cloud, data management and more.

from Cyber Security News https://ift.tt/34B34cF

How to Minimize Cybersecurity Failure? Plan for it

While there’s some debate whether Benjamin Franklin or someone else said it first, the advice remains solid for the modern cyber landscape. Yet, in today’s competitive environment, not only is planning critical — but so, too, is planning for plans to fail.

from Cyber Security News https://ift.tt/3edVXvr

Fugue Survey Finds Widespread Concern Over Cloud Security Risks during the COVID-19 Crisis

As a vast majority of companies make the rapid shift to work-from-home to stem the spread of COVID-19, a significant percentage of IT and cloud professionals are concerned about maintaining the security of their cloud environments during the transition. The findings are a part of the State of Cloud Security survey conducted by Fugue. 

from Cyber Security News https://ift.tt/2XxOgdG

Brian Work Joins Nolan Transportation Group as Chief Technology Officer

Nolan Transportation Group (NTG), a large non-asset truckload freight brokerages and providers of third-party logistics services in North America, announces that Brian Work has joined the company as Chief Technology Officer. 

from Cyber Security News https://ift.tt/2Rydch0

The California Consumer Privacy Act Has Data Security at its Core

The CCPA has forced enterprises to rethink the types of personal information they collect and share, and the policies and procedures they implement to safeguard that data. Are enterprises prepared for the CCPA?

from Cyber Security News https://ift.tt/3ccAwc5

Edward Aractingi Named Chief Information Officer for the College of William & Mary

Edward Aractingi has been named Chief Information Officer at the College of William & Mary, where he will lead Information Technology, a critical partner in every aspect of learning and work at the university.

from Cyber Security News https://ift.tt/2VhaaPA

DDoS Attacks Increase 180% in 2019 Compared to 2018

Neustar's Security Operations Center (SOC) saw a 168 percent increase in distributed denial-of-service (DDoS) attacks in Q4 2019, compared with Q4 2018, and a 180 percent increase overall in 2019 vs. 2018.

from Cyber Security News https://ift.tt/3c5kgK0

Beyond COVID-19: Six Ways to Secure Remote Workers

The COVID-19 pandemic has turned worldwide social and business interactions upside down, stoking fear and panic everywhere from main street to Wall Street.

from Cyber Security News https://ift.tt/2RkNEnJ

ISC West Postponed Again to October 2020 due to Coronavirus

ISC West, in collaboration with premier sponsor SIA, is rescheduling the ISC West 2020 event to take place October 5-8 at Sands Expo in Las Vegas (SIA Education@ISC: October 5-7 | Exhibit Hall: October 6-8).

from Cyber Security News https://ift.tt/39VIrJt

US CISA and UK NCSC Issue COVID-19 Cybersecurity Threat Update

A joint advisory published by the UK’s National Cyber Security Centre (NCSC) and US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) shows that cyber criminals and advanced persistent threat (APT) groups are targeting individuals and organizations with a range of ransomware and malware.

from Cyber Security News https://ift.tt/2JRuZf5

Survey: Realities of a Remote Workforce Increase Cybersecurity Concerns for Half of All Small Business Owners, But Policies, Training Still Lag

The overnight move to a “virtual workplace” has increased cybersecurity concerns for small business owners, but many still have not implemented remote working policies to address cybersecurity threats, according to a new survey by the Cyber Readiness Institute (CRI).

from Cyber Security News https://ift.tt/3e71jbN

NJCCIC: Cyber Threats & Cybersecurity for Healthcare during COVID-19

As the healthcare sector ramps up operations to manage the influx of COVID-19 cases, major organizational and networked system changes may leave them vulnerable to cyberattacks, says the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC). 

from Cyber Security News https://ift.tt/2y4FjNX

Tim McCreight Promoted to Chief Security Officer for the City of Calgary, Alberta

Tim McCreight, MSc, CISSP, CPP, CISA, has been promoted to Chief Security Officer for the city of Calgary, Alberta in Canada. Previously, he was acting Chief Security Officer for the city of Calgary. 

from Cyber Security News https://ift.tt/2VbE4Vn

General Electric Discloses Data Breach Affecting Present and Former Employees

General Electric (GE), a global Fortune 500 company, has acknowledged a data breach affecting present and former employees and their beneficiaries. Between February 3-14, 2020, an unauthorized user gained access to the email account of Canon Business Process Services, which GE contracts with to process employee documents. 

from Cyber Security News https://ift.tt/3aVsBQn

Data Breach Report: RigUp Exposes More Than 70,000 Private Files

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to American software company RigUp, containing more than 70,000 private files belonging to its US energy sector clients. Read more to learn about this data breach and the cybersecurity implications.

from Cyber Security News https://ift.tt/2VbE4ol

Zoom Forms Cybersecurity Council; Alex Stamos Joins as an Advisor

Remote video conferencing services company Zoom announced that it has formed a CISO Council and Advisory Board, including security leaders from across industries; and Alex Stamos has joined Zoom as an outside advisor to assist with a security review of the company's platform.

 

from Cyber Security News https://ift.tt/3eh0OMq

Nominations Open for the 2020 Women in Biometrics Awards

Nominations are now being accepted for the 2020 Women in Biometrics Awards, a globally-recognized program co-founded by the Security Industry Association (SIA) and SecureIDNews and co-presented with sponsors IDEMIA, Biometric Update and the SIA Women in Security Forum.

from Cyber Security News https://ift.tt/2Rnxtpz

30% Increase in Attacker Interest in Remote Desktop Protocol in March 2020

SANS Institute has identified a 30 percent increase in attacker interest in Remote Desktop Protocol (RDP) servers during the month of March 2020.

from Cyber Security News https://ift.tt/34kxfVr

FBI Anticipates Rise in Business Email Compromise Schemes Related to the COVID-19 Pandemic

Fraudsters will take advantage of any opportunity to steal your money, personal information, or both. Right now, they are using the uncertainty surrounding the COVID-19 pandemic to further their efforts, warns the FBI. 

from Cyber Security News https://ift.tt/2UPU2pa

BlackBerry Report: Decade of the RATs - Novel APT Attacks Targeting Linux, Windows and Android

BlackBerry researchers have released a new report that examines how five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and Android mobile devices while remaining undetected for nearly a decade.

from Cyber Security News https://ift.tt/2XjgBUE

Mike Jin Joins CNSI as SVP, CIO and CISO

CNSI, a provider of health information technology solutions, announced that Mike Jin has joined the company Senior Vice President, Chief Information Officer & Chief Information Security Officer.

 

from Cyber Security News https://ift.tt/2UPhsed

New AI-Powered Search Engine Makes it Easier to Find Information in the Fight Against COVID-19

University of Waterloo in Ontario, Canada professor Jimmy Lin has spearheaded the creation of a dedicated search engine for those who are engaged in the fight against COVID-19.

from Cyber Security News https://ift.tt/2UQS8ok

Preventing Cyberattack Penetration Can Save Enterprises $1.4 Million Per Incident

New Ponemon Institute research finds that 70 percent of security professionals believe the ability to effectively prevent cyberattack penetration strengthens their security posture, yet only 24 percent are focused on optimizing prevention capabilities –majority focus on detection and containment instead. 

from Cyber Security News https://ift.tt/2V81DhD

Report: Every State Gets Failing Cyber Grade

Webroot's fourth annual report reveals the most and least cyber-secure states in the U.S., and underlines the nation’s lack of cybersecurity education during the peak of remote work.

from Cyber Security News https://ift.tt/34gaYrQ

Windows Zero Day Bug Goes Up For Sale

A zero day bug in several versions of the Windows operating system has been found by a hacker and put up for sale on a popular cybercrime forum.  Zero day bugs are those that are previously unknown – new bugs that are unknown even the the developers of the software itself.  These vulnerabilities have become more and more popular these days as bug bounty programs increase in price.

These types of vulnerabilities have been in the news lately because of their growing role in foreign and domestic government conflicts.  Most recently the FBI purchased a zero day vulnerability to access the iPhone of the San Bernardino terrorist.  It was the only alternative to forcing Apple in court to open up a backdoor – a conflict that had many in the security community up in arms.  But Apple didn’t need to create the backdoor – someone else did.  And it’s considered a zero day bug because of the unknown nature — it’s out there, but only the person (or persons) who found it and the FBI are privy to the details.  Apple still, apparently, doesn’t know how they did it.

These zero day bugs carry a large bounty.  And thus the different roles of hackers were born: white, grey, and black.  Those that just give up the bug for the sake of education and public interest are known as white hat hackers.  They ply their trade as a hobby, knights in shining armor of the security community.  They like to find the bugs first before the bad guys.  They give up their secrets for free (or sometimes reward) to the companies that publish the software.

Grey hat hackers are those that find vulnerabilities and sell them to governments.  It’s unknown whether or not the government will use those vulnerabilities for good or ill, hence they “grey” nature of their deeds.

Black hat hackers use their knowledge to inflict damage on others and software itself.  They are the vandals and bandits of the cyber community.  The recent zero day Windows bug was found by a Black Hat hacker and was put up for sale on the cyber crime forum exploit[dot]in.  As reported by Krebs On Security, it appears that rather than get a larger sum of money from Microsoft for the bug bounty, the hacker was willing to take a smaller financial sum in exchange for the reputation points that selling such a vulnerability on the forum would bring.

It’s an interesting conflict of interests, and a study in human nature.  But one thing is for certain – zero day flaws are fast becoming a very profitable commodity and there is big business in cyber warfare.  As more and more of our daily lives and business are conducted online and through computers, the greater in value these security holes will become–whether for good use or ill.

What do you think should happen?  Should the government begin to subsidize bug bounty programs?  Should companies step it up and offer even greater sums of money to try to turn grey or black hat hackers towards the white side?

from We Hate Malware https://ift.tt/3aQS0KP

74% of Finance Leaders Intend to Shift Some Employees to Remote Work Permanently Post-COVID-19

A Gartner, Inc. survey of 317 CFOs and Finance leaders on March 30, 2020* revealed that 74 percent intend to move at least five percent of their previously on-site workforce to permanently remote positions post-COVID 19.

from Cyber Security News https://ift.tt/2RhNVb7

Beware of Scams in Connection with COVID-19

The SonicWall Capture Labs Threat Research team has come across many scams in connection with COVID-19, such as an IRS economic impact payment scam, a CDC phishing scam and a medical supply scam. 

from Cyber Security News https://ift.tt/2Xglazm

Secure 5G and Beyond Act of 2020 Signed Into Law

President Donald Trump signed into law the "Secure 5G and Beyond Act of 2020,” and the “Broadband Deployment Accuracy and Technological Availability Act or the Broadband DATA Act.”

from Cyber Security News https://ift.tt/34lvWpl

CDC and Microsoft Release COVID-19 Assessment Bot

The U.S. Centers for Disease Control and Prevention (CDC) released a COVID-19 assessment bot that can quickly assess the symptoms and risk factors for people worried about infection, provide information and suggest a next course of action such as contacting a medical provider or, for those who do not need in-person medical care, managing the illness safely at home.

from Cyber Security News https://ift.tt/2wh0ETV

Sounil Yu Joins YL Ventures as Chief Information Security Officer-in-Residence

Sounil Yu, former Chief Security Scientist at Bank of America, will join the YL Ventures team as its full-time CISO (Chief Information Security Officer)-in-Residence.

from Cyber Security News https://ift.tt/2V8kHfI

Data Breach Report: Popular Digital Wallet App Key Ring Exposes 14 Million Users

Led by Noam Rotem and Ran Locar, vpnMentor’s research team of ethical hackers, recently discovered a data leak by the popular app Key Ring, that compromised the privacy and security of their 14 million users.

from Cyber Security News https://ift.tt/39AFMot

Nearly 10 Million People Filed for Unemployment in the US: What Does It Mean for the Cybersecurity and IT Workforce?

The number of new people claiming unemployment benefits totaled a staggering 6.648 million last week — doubling the record set a week earlier, the Department of Labor said recently. How is the coronavirus pandemic affecting the cybersecurity community and IT staffers?

from Cyber Security News https://ift.tt/2R7t9uK

UB School of Management Cybersecurity Expert Offers Tips for Teleworkers during Coronavirus Pandemic

Alan Katerinsky, cybersecurity expert and Professor of Management in Science and Systems at the University of Buffalo School of Management, provides cybersecurity tips for teleworkers during the coronavirus crisis.

from Cyber Security News https://ift.tt/2R864Yz

21% of SMBs Don't Have a Data Backup or Disaster Recovery Solution in Place

New research from Infrascale indicates that 58 percent of C-level executives at small and medium businesses (SMBs) said their biggest data storage challenge is security vulnerability.

from Cyber Security News https://ift.tt/2UVsKg0

Security from the Start: Why Cyber Awareness is Critical at the Initial Stages of Business

In spite of this cyber war and in an effort to be first to market, many companies still rush their products out while ignoring proper security integration during development which can lead to disastrous side effects for businesses. Costing them valuable data, reputation, money and time to amend their product weaknesses. Companies can spend a great deal of time and money developing security patches, repeatedly rolling back and implementing updates, and buying other technologies to secure their own offering. This cycle can potentially continue for years releasing cures to the latest aliments while fearing the next hit. 

from Cyber Security News https://ift.tt/3dOrnZ1

10 Years of Data Breaches Mark Vulnerable Businesses

Looking back at cybercrime incidents of the past 10 years, only the questions of "if" and "when" remain. "If" a business has no active cybersecurity policy and processes even just hundreds of rich customer records, "when" becomes soon enough. For the past 10 years, at least eight large-scale data breaches per year have trembled economies. You’d imagine that as business owners, we would have learned the immense value of the digital data we hold. The Ponemon Institute says that just in the US, the average size of a data breach is 25,575 records with a cost of $150 per record on average. That could be the money you would have paid in damages, as a government fine, and potentially in customer lawsuits.

from Cyber Security News https://ift.tt/2X3SmK0

Digital Shadows Report: How COVID-19 is Impacting Cybercriminal Activity

How is the coronavirus pandemic shaping the business operations of criminal networks? Tracking how the market is changing in real time, Digital Shadows has observed that some operations have quickly curtailed their activity while the majority of malicious actors are capitalizing on the crisis, noting, for example, that an increase in online transactions has potentially bolstered success rates for credit and debit card fraud.

from Cyber Security News https://ift.tt/2UBzyAf

Cryptowall RansomWare Protection

Ransomware is one of the worst things that can happen to a computer.  One of the most destructive forms of malware, ransomware will lock a computer’s files in exchange for a payment.  The even worse thing is that many times these files are then unrecoverable because ransomware encrypts the files – meaning that unless you have the key, you’re pretty much up a creek without a paddle.

The best thing that you can do is to protect yourself as best as you can.  That means installing adequate antivirus software, antimalware software, and special software tools that can protect against certain ransomware programs.

One such program is Cryptowall Vaccine, a program from Bitdefenders that can stop any encryption of your files, even if you do become infected with the ransomware.  It’s a genius program, and one that we highly recommend anyone install on their computer.  It’s free, and you won’t even notice it.

According to BitDefender, machines are taken hostage through methods that don’t really require any sort of user interaction at all.  That means exploits in your browser could allow the installation of the ransomware from a hacked or infected website.  The website could be any site that you visit on a daily basis – and it doesn’t necessarily have to be a “bad” website such as an adult or gambling site.  Any site is subject to being hacked and turned into an infection point of contact.

The only thing you can really do with Cryptowall is to prevent it – there’s really no other way around it (unless you want to pay the ransom).  So we highly recommend this free program, especially if you run a business or have unreplacable files.

Another great way to protect against these ransomware attacks is offsite backup to the cloud using software such as Backblaze or Crashplan.  These programs can help you to automatically back up data to the cloud so you won’t be out of luck if anything happens to your PC.  This is another thing we HIGHLY recommend doing if you haven’t done so already.  Just last week I myself suffered a hard disk failure and had I not backed up with Backblaze I would have lost data that was absolutely unable to be replaced.

 

from We Hate Malware https://ift.tt/2R4QZab

World Economic Forum Releases Guide on Protecting from Cyberattacks during COVID-19

The World Economic Forum released a guide on how businesses and employees can protect themselves against cyberattacks while working from home during COVID-19. 

from Cyber Security News https://ift.tt/340KdHY

Mahmood Khan Named SVP and CISO at CNA

CNA announced the appointment of Mahmood Khan as Senior Vice President & Chief Information Security Officer.

from Cyber Security News https://ift.tt/2UOSlqM

FBI Warns of Teleconferencing and Online Classroom Hijacking during COVID-19 Pandemic

As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide.

from Cyber Security News https://ift.tt/2US3N56

Matthew Rosenquist Named CISO at Eclipz

Matthew Rosenquist has joined the Eclipz executive team as Chief Information Security Officer (CISO).

from Cyber Security News https://ift.tt/2R3fBjw

Innovyze Names Rick Gruenhagen Chief Technology Officer

Innovyze has announced Rick Gruenhagen as Chief Technology Officer. Gruenhagen assumes a key role on the executive team reporting to CEO Colby Manwaring. He will oversee the company’s overall product direction and development and will lead the engineering, product and infrastructure teams.

from Cyber Security News https://ift.tt/3bH8m8V

UK BSI Releases Suite of Risk Management and Business Continuity Standards

Following the outbreak of the novel coronavirus (COVID-19), BSI, in its role as the UK National Standards Body, has released a suite of 11 risk and business continuity standards

from Cyber Security News https://ift.tt/3dHFHT4

Data Breach Report: Cloud Backup Provider Exposes More than 135 Million Customer Records

vpnMentor’s research team recently discovered a breached database, containing more than 135 million records. The database, claims vpnMentor, belongs to Cloud backup provider SOS Online Backup. 

from Cyber Security News https://ift.tt/2WZlItd