Half of organizations experienced security incidents while working remotely

A new report from email security company Tessian reveals that 75% of IT decision makers believe the future of work will be remote or “hybrid” - where employees choose to split their time between working in the office and anywhere else they’d like. As businesses try to deliver a seamless hybrid experience, Tessian’s Securing the Future of Hybrid Working report reveals the security risks they must overcome and the pressures on IT teams.

from Cyber Security News https://ift.tt/30pvqpz

CISA releases telework essentials toolkit

The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices.

from Cyber Security News https://ift.tt/3jk8Aaq

Six core characteristics that next-generation CISO’s exhibit

The Information Security Forum (ISF) has published Becoming a Next Generation CISO, the organizations latest digest which sets out the range of disciplines a next-generation Chief Information Security Officer (CISO) can be expected to master.

from Cyber Security News https://ift.tt/3jgm7j6

Breaking down morality and forum dynamics on cybercriminal forums

Digital Shadows explored four main themes via which threat actors’ personalities or real-life identities are expressed on cybercriminal forums, providing examples they've observed over the years. This first blog looked at gender and nationality, while the second in the series examined morality and forum dynamics. 

from Cyber Security News https://ift.tt/33dSREc

Enterprise security teams struggle with the growing pace, volume and sophistication of cyberattacks

The 2020 State of Security Operations study from Forrester Consulting finds that enterprise security teams around the world continue to struggle with the growing pace, volume and sophistication of cyberattacks. The commissioned survey of over 300 enterprise security operations professionals reveals that only 46% of enterprises are satisfied with their ability to detect cybersecurity threats.

from Cyber Security News https://ift.tt/34amQfA

Purdue University Global to commemorate Cybersecurity Awareness Month with variety of activities

Purdue University Global will commemorate Cybersecurity Awareness Month with a variety of activities throughout October.

from Cyber Security News https://ift.tt/2G62JXY

68% of hackers initiate attacks to be challenged with 71% opting for websites

Survey data acquired by Finbold.com indicates that about 68% of hackers initiate attacks in order to be challenged. The survey featured over 3,150 respondents from at least 120 countries and territories.

from Cyber Security News https://ift.tt/2SbOQtB

Guard against ransomware and business disruption with offline backups

Corporate enterprises and governments used to be the main targets of cyberattacks, but now any organization with an online presence is vulnerable. The surge in remote working due to the pandemic significantly increases risk as IT departments balance the demands of security, remote access and business continuity. Widespread use of new apps and solutions, credential sharing, unsecured Wi-Fi, weak passwords, lack of encryption and more provide cybercriminals with many opportunities to exploit gaps in security.  

from Cyber Security News https://ift.tt/3l333pd

The scale of our modern economy: Balancing safety and privacy

In order to get the future right, the reopening process must balance COVID-19's numerous implications—health, safety, rights, and freedoms. We don’t need to dismiss privacy to gain value from the health data involved. But before we discuss how to find that balance, we need to understand the role data plays in the decision-making process and why that is even more important now.

from Cyber Security News https://ift.tt/3ihmCbk

Top security considerations for enterprises planning IoT adoption

There is no one-size-fits-all IoT security solution. Organizations need to spend time selecting an IoT solution that maps to their unique business needs to ensure they’re able to maximize the investment’s potential without creating any security liabilities. Here’s what enterprises need to consider when creating their IoT deployments.

from Cyber Security News https://ift.tt/3kPwKtI

2020 Travelers Risk Index finds fewer companies taking steps to mitigate cyber threats despite increased concern

The Travelers Companies, Inc. announced the results of the 2020 Travelers Risk Index, which found that fewer companies than last year have taken steps to mitigate cyber risks, even though the level of concern about these threats has increased during the COVID-19 pandemic.

from Cyber Security News https://ift.tt/2S64mXQ

UHS Hospitals hit by Ryuk ransomware, forced to shut down systems

Universal Health Services (UHS), one of the largest healthcare services provider, has reportedly shut down systems at healthcare facilities around the U.S. after a cyberattack hit its networks. 

from Cyber Security News https://ift.tt/36iHX22

Five key steps to full device defensibility

To help you and your organization plan and implement an improved cyber hygiene program, we now present a framework for full IoT device defensibility in real world deployments at scale. This framework represents current state-of-the-art best practices for protecting IoT devices, and can form the backbone of your assessment, evaluation, and improvement plans. Follow the steps below to strengthen your network defenses.

from Cyber Security News https://ift.tt/3kYct54

Amazon unveils "flying camera" that launches if intrusions are detected

Amazon's smart home security division Ring has unveiled a flying camera that launches if sensors detect a potential home break-in. It is designed to activate only when residents are out, works indoors, and is limited to one floor of a building.

from Cyber Security News https://ift.tt/3i9UmaO

Four ways to stop cybercriminals from capitalizing on your remote workers

Cybercriminals love a crisis. As most of the workforce continues operating remotely, how can you stop cybercriminals from exploiting your business? Here are four secure ways to manage a distributed workforce.

from Cyber Security News https://ift.tt/3440c8v

Tinker Tailor Business Spy: What entrepreneurs don’t know (that can hurt them)

As September is National Insider Threat Awareness Month, there is no better time than the present to seriously reconsider how we educate America’s next generation of business leaders about these critical intelligence issues. As we wait on MBA programs to catch up to America’s new geopolitical reality, these are the three most important issues business schools, early stage entrepreneurs, and even seasoned pros should consider as they protect their life’s work.

from Cyber Security News https://ift.tt/3jaz266

Phishing campaigns and malicious websites impersonating the Trump campaign

According to a Mimecast report, businesses now face growing risk from phishing email attacks that prey on people’s political opinions, mirroring the COVID-19 cybercrime surge that preyed on fear.

from Cyber Security News https://ift.tt/2ED2xys

GRC leaders lack confidence in security data they provide to regulators

Senior risk and compliance professionals within financial services company’s lack confidence in the security data they are providing to regulators, according to Panaseer's 2020 GRC Peer Report. Results from a global external survey of over 200+ GRC leaders* reveal concerns on data accuracy, request overload, resource-heavy processes and lack of end-to-end automation.

from Cyber Security News https://ift.tt/345atBh

SailPoint report reveals security risks of IaaS cloud infrastructure

To understand current cloud infrastructure (IaaS) utilization and management practices, SailPoint, in partnership with dimensional research, surveyed executives and governance professionals who are directly involved with IaaS compliance and governance. The report reviews the global research survey which investigates current issues, risks, and challenges with IaaS environments as well as the tools used to manage access and governance of those environments.  In addition, the report found that a large majority (74%) of companies use more than one IaaS provider, with some companies reporting using as many as seven and eight – which can lead to significant security issues.

from Cyber Security News https://ift.tt/3mYND7a

Breaking down the politics of gender and nationality on cybercriminal forums

Recently, broader social dynamics, related to gender and nationality, in particular, are shaping the activity of cybercriminal forums. Digital Shadows explored this trend in a new analysis blog, "Unpicking Cybercriminals’ Personalities - Part 1: Gender and Nationality," that looks at how the dynamics of gender and nationality play out in cybercriminal forums and how it’s shaping cybercrime trends as a result. 

from Cyber Security News https://ift.tt/2EBB9RA

Lance Dubsky named chief security officer at Quintillion

Lance Dubsky was named chief security officer at Quintillion. Dubsky is charged with ensuring the company's current corporate, physical, and cybersecurity, as well as positioning Quintillion to support a secure U.S. Arctic.  

from Cyber Security News https://ift.tt/307bhVe

Mitigating digital banking security issues during the pandemic

Digital banking provides faster processing of financial transactions, more convenience, and a model that allows for the continuation of a financial industry even in the face of a pandemic. However, digital banking makes banks vulnerable to cyberattacks. Banks are now facing fresh security challenges that were brought on or affected by COVID-19. Here is what you need to know about them and how to protect yourself.

from Cyber Security News https://ift.tt/3mPvokv

New cybersecurity threat - Credential stuffing

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) recently issued a Risk Alert (the “Alert”) discussing cybersecurity observations from its examinations over time. The Alert did not state the time period of examinations included; however, OCIE has conducted several cybersecurity targeted exams over recent years.

from Cyber Security News https://ift.tt/33YLkby

5 minutes with John Scimone, CSO, Dell Technologies, on how to navigate a culture of security convergence

We spoke to John Scimone, Dell’s Chief Security Officer, who runs a converged organization, combining physical and cybersecurity, about how he has personally navigated a culture of convergence and digital transformation at Dell. 

from Cyber Security News https://ift.tt/367rMoa

570% increase in bit-and-piece DDoS attacks in 2020

Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to the new Nexusguard Q2 2020 Threat Report. Perpetrators used bit-and-piece attacks to launch various amplification and elaborate UDP-based attacks to flood target networks with traffic.

from Cyber Security News https://ift.tt/3i28WAT

Seven in ten CISOs believe cyberwarfare is an imminent threat to their organizations

Seven in every ten CISOs (71%) believe cyberwarfare is a threat to their organization, and yet just over a fifth (22%) admit to not having a strategy in place to mitigate this risk. This is especially alarming during a period of unprecedented global disruption, as half of infosec professionals (50%) agree that the increase of cyberwarfare will be detrimental to the economy in the next 12 months.

from Cyber Security News https://ift.tt/2G92Lh4

Keren Elazari delivers GSX+ keynote address on the future of cybersecurity

Keren Elazari, CISSP, Security Analyst, Researcher, and Public Speaker, kicked off GSX+’s fourth day with a keynote address on the future of cybersecurity. Elazari, a former hacker turned cybersecurity expert, is an internationally celebrated speaker, researcher, and author on all matters of cybersecurity. Her 2014 TED talk, viewed by millions, helped shape the global conversation about the role of hackers and the evolution of cybersecurity in the information age.

from Cyber Security News https://ift.tt/3crCeYB

COVID-19, K-12 cybersecurity & responding on the home front

Previously, school districts dealt with securing their systems at both the district and school level. But now, teaching, learning and working are all happening at home simultaneously. It’s messy, far more complicated, and gives our cyber and IT teams significantly less control over networks and security than there was when traditional in-school learning was the norm. Of course, this altered reality reeks of exposure potential, especially given that attackers are smart and adaptable. They’re taking advantage of the fact that kids are generally uneducated about digital security, parents are distracted and overwhelmed, and that teachers and administrators are stretched far too thin. It’s especially crucial we keep our security measures tight, even if it feels like an uphill battle.

from Cyber Security News https://ift.tt/3mRqt2e

Security awareness training key to changing security culture

As users receive more security awareness training, their ability to effectively deal with security threats increases, reveals a new study by MediaPRO, co-sponsored with Osterman Research. The report also found that boring security awareness training doesn’t make employees want to be secure.

from Cyber Security News https://ift.tt/3jbY0lu

How extremist groups are using social media to spread their ideology, recruit and encourage violence

Using memes as propaganda, employing sophisticated communication networks for both planning and recruiting, making use of both fringe and private online forums and organizing militias to inspire lone wolf actors for violent action have proven to become tried-and-true tactics by extremist online communities seeking to expand their influence in recent years. According to the Network Contagion Research Institute (NCRI) report, presented by the Rutgers Miller Center for Community Protection and Resilience, Network-Enabled Anarchy: How Militant Anarcho-Socialist Networks Use Social Media to Spread Violence Against Political Opponents and Law Enforcement, militant and extremist groups have taken to social media and online forums to plant hateful, anti-Semitic and/or revolutionary ideas in the public eye, which are often disguised with humor or through using coded language.

from Cyber Security News https://ift.tt/3cud2Ax

Information Security Forum launches Aligned Tools Suite 2020 to help ensure compliance standards

The Information Security Forum (ISF) announced the launch of ISF Aligned Tools Suite 2020, bringing together 14 ISF tools and cross reference aids, including a rebuilt Benchmark platform and the new IRAM2 WebApp. Aligned to the latest version of the Standard of Good Practice for Information Security 2020 (SOGP 2020), the suite – which also includes Security Healthcheck, Supply Chain accelerator tools and SOGP 2020 cross-references – helps ISF Members demonstrate compliance with international standards and assure security across their external suppliers.

from Cyber Security News https://ift.tt/3kJdk9F

Addressing the cyber metrics challenge

Why are CISOs constrained from delivering metrics at scale and why is producing good security metrics so difficult? Here, find out what the five stages of security metrics maturity are, and how you can achieve a mature security metrics program.

from Cyber Security News https://ift.tt/2ZZIqC4

CISA awards $2m to the University of Mississippi Medical Center (UMMC)

Following a competitive review process, CISA awarded $2,000,000 to the University of Mississippi Medical Center (UMMC) for a two-year period of performance beginning on September 30, 2020. UMMC will use REMCDP funds to build on the successes of its previous REMCDP awards.

from Cyber Security News https://ift.tt/363Wgaf

Metro Health joins collaborative effort to combat pandemic-era increase in cyberattacks

As cybercriminals increase their attacks during the COVID-19 pandemic, Metro Health – University of Michigan Health is fighting back. Metro Health has joined an innovative partnership of cybersecurity experts working 24/7 to protect patients and employees from scams and information theft. The Michigan Healthcare Security Operations Center launched in 2018 as the first collective of its kind in the nation. Mi|HSOC brings together leading IT security experts from Michigan Medicine, Beaumont Health, Munson Healthcare, the Michigan Health & Hospital Association and security company CyberForce|Q.

from Cyber Security News https://ift.tt/2FM0jgZ

Rapid growth across container and kubernetes adoption, security incidents, and DevSecOps initiatives

 StackRox released the findings of the State of Containers and Kubernetes Security Report, Fall 2020. Security incidents remain high (90 percent), and nearly half of respondents have delayed rolling out applications into production because of security concerns (44 percent). At the same time, organizations have progressed in developing DevSecOps initiatives (83 percent have some form in place) and in maturing their container and Kubernetes security strategies (only 25 percent lack a strategy).

from Cyber Security News https://ift.tt/3cpt2np

General Stanley McChrystal delivers keynote address on leadership qualities and leading during crises at GSX+

On its third day, GSX+ kicked off with a keynote address on Military & Law Enforcement Appreciation Day by General Stanley McChrystal, former commander of U.S. and International forces in Afghanistan and best-selling author of Team of Teams: New Rules of Engagement for a Complex World.

from Cyber Security News https://ift.tt/2RU5cH0

FBI and CISA warn foreign actors and cybercriminals will spread disinformation regarding 2020 election results

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a Public Service Announcement (PSA) to raise awareness of the potential threat posed by attempts to spread disinformation regarding the results of the 2020 elections. Foreign actors and cybercriminals could create new websites, change existing websites, and create or share corresponding social media content to spread false information in an attempt to discredit the electoral process and undermine confidence in U.S. democratic institutions, warns the PSA. 

from Cyber Security News https://ift.tt/3cnbA3b

Rogue TikTok accounts promoting adware scam apps posing as “Shock Roulette” and “Wallpaper” apps

At least three TikTok profiles with more than 350,000 followers combined have been promoting multiple fraudulent mobile apps that generated $500,000 in profit, according to an Avast report. 

from Cyber Security News https://ift.tt/3hXI2Km

New research indicates positive perceptions about cybersecurity professionals

The 2020 Cybersecurity Perception Study finds most people still don’t view cybersecurity as a career field for themselves, even as nearly one-third (29%) of respondents say they are considering a career change.

from Cyber Security News https://ift.tt/32SR4nI

International sting against dark web vendors leads to 179 arrests

A coalition of law enforcement agencies across the world announced the results of a coordinated operation known as DisrupTor which targeted vendors and buyers of illicit goods on the dark web.

from Cyber Security News https://ift.tt/3iRF1g2

What U.S. companies should know about LGPD – Brazil’s new General Data Protection Law

As documented in Dirceu Santa Rosa’s article for the IAPP’s Privacy Tracker, efforts to delay the effective date of Brazil’s General Data Protection Law – Lei Geral de Proteção de Dados or LGPD – recently failed, and the law is expected to go into force in the coming days. Brazil’s federal government also published a decree approving the regulatory structure of the Autoridade Nacional de Proteção de Dados, i.e., Brazil’s national data protection authority.

from Cyber Security News https://ift.tt/3kLNcv7

The five biggest threat trends in the first half of 2020

The year 2020 isn’t over yet, but so far, it’s been unprecedented from a threat landscape point of view – including the impact of the global pandemic and social movements on the cybersecurity landscape. The threat researchers at FortiGuard Labs have taken a good hard look at what was happening over the first six months of 2020 from a cybersecurity perspective, and we’ve identified some key trends that the industry needs to be aware of.

from Cyber Security News https://ift.tt/33UKBIn

Reexamining data privacy and protection amid COVID-19

What are four aspects that security and privacy professionals need to consider to ensure the balance of privacy and safety in data regulations?

from Cyber Security News https://ift.tt/3cnH2ht

Texas government spoofing campaign discovered by security researchers

Abnormal Security researchers discovered attackers were impersonating the Texas Department of State Health Services to send fake Request for Quotations (RFQs) to vendors in a type of multi-layered email attack. 

from Cyber Security News https://ift.tt/3cnNaXc

Two tips to prevent threat intelligence analysts from burnout

Threat Intelligence (TI) analysts are one of the key groups of experts in Security Operation Centers (SOCs) and play an important role in making sure IT systems are functioning properly. They are in charge of identifying attack vectors that most threaten the organization, define their company’s defensive strategy and help other team members make informed decisions about potential threats. However, handling such a vast amount of responsibilities, data and managing repetitive tasks is the exact type of work that makes TI employees prone to burnout.

from Cyber Security News https://ift.tt/32SmUB6

Check Point researchers: Iranian hackers can bypass encrypted apps like Telegram

Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, the investigation allowed Check Point to connect the different campaigns and attribute them to the same attackers.

from Cyber Security News https://ift.tt/2HoBUOT

Firefox for Android vulnerability allows hackers to hijack device over Wi-Fi

Mozilla has patched a security flaw that could allow cybercriminals to hijack all vulnerable Firefox for Android browsers running on devices connected to the same Wi-Fi network.

from Cyber Security News https://ift.tt/2FZztlf

NYU will allows Master's students to gain first-hand knowledge with zero trust practices

New York University Tandon School of Engineering and its Master of Science in Cybersecurity Risk and Strategy degree will now encompass practical, first-hand knowledge of secure access service edge (SASE) and zero trust best practices.

from Cyber Security News https://ift.tt/33Kts3Y

A call to arms: Preparing for the quantum apocalypse

Currently, cryptographic algorithms are based on factorization. RSA and Elliptic Curve Cryptography (ECC) algorithms are difficult to solve using traditional binary computers because the computer is forced to work through an incomprehensibly long list of probabilities. A traditional binary computer solves that mathematical problem slowly, whereas a quantum computer with an efficient algorithm can solve that problem much more quickly. Maybe a million times faster!

from Cyber Security News https://ift.tt/33Nq5cx

How to mitigate critical cyber risks in a post-COVID-19 environment

The novel coronavirus has forever changed how and where we work. As many organizations adopt new solutions and collaboration tools (e.g., Microsoft Teams, Slack or Zoom) to accommodate employees and customers during this critical period, such fast-paced digital transformation has also exposed several shortcomings associated with our remote workforce’s home networks and routers.

from Cyber Security News https://ift.tt/2Es7t9u

CISA to oversee CVE numbering authorities for industrial control systems and medical devices

The Common Vulnerabilities and Exposures (CVE®) Program announced it is granting authority to the Cybersecurity and Infrastructure Security Agency (CISA) for managing the assignment of CVE Identifiers (IDs) for the CVE Program. 

from Cyber Security News https://ift.tt/3ckArob

Organizations suffer outbound email data breaches approximately every 12 working hours

Ninety-three percent of IT leaders surveyed said that their organization had suffered data breaches through outbound email in the last 12 months. On average, the Egress 2020 Outbound Email Data Breach Report found, an email data breach happens approximately every 12 working hours.

from Cyber Security News https://ift.tt/3hYc2Gl

First ransomware-related death reported in Germany

The Duesseldorf University Clinic in Germany was hit by a ransomware attack last week that forced staffers to direct emergency patients elsewhere. The cyberattack “crippled the entire IT network of the hospital,” forcing staffers to redirect emergency patients elsewhere. As a result, a woman in life-threatening condition died after she had to be taken to another city for treatment, according to several outlets. 

from Cyber Security News https://ift.tt/3kxUEK7

60% of US businesses have adopted automation approaches across their networks

The time it takes to get engineers onsite (52% in the US and 42% globally), inadequate network monitoring (41% in the US and 36% globally) and a lack of in-house skill (40% in both the US and globally) are among the biggest challenges organizations face in resolving a network outage quickly, according to a recent study commissioned by Opengear, a Digi International company.

from Cyber Security News https://ift.tt/35UiFXD

Study says 32 million Americans (14%) have been victims of new account fraud in only four months

A new study has found historic levels of digital adoption among Americans, as well as telling trends in terms of ID fraud.

from Cyber Security News https://ift.tt/35V0KAg

US to ban TikTok and WeChat downloads this Sunday

The Department of Commerce announced prohibitions on transactions relating to mobile applications (apps) WeChat and TikTok to safeguard the national security of the United States.

from Cyber Security News https://ift.tt/3iHCghq

The state of the cybercriminal marketplace landscape following the Empire Market exit scam

Digital Shadows has analyzed the cybercriminal marketplace landscape following the Empire Market exit scam. The company’s research has identified a number of currently available dark web marketplaces popular within the cybercriminal community. Noting the impact of the closure of Empire Market, some marketplaces, such as Icarus Market, have seen a major spike in listings, from 25,000 to 35,000 in the last month.

from Cyber Security News https://ift.tt/2ZP2kjk

Google bans stalkerware apps from the play store

Google has updated its Play Store rules to impose a "formal" ban on stalkerware apps.

from Cyber Security News https://ift.tt/3krZzMy

CISOs struggling to prepare for upcoming security compliance audits

Shujinko announced the results of a survey of North American CISOs documenting the challenges facing security and compliance professionals preparing for a wave of upcoming audits. The survey, a joint effort between Shujinko and Pulse, found that calendars for security and compliance audits are largely unchanged despite COVID-19, yet the pandemic is straining teams as they work remotely.

from Cyber Security News https://ift.tt/3hMsBES

Dunkin' Donuts settles data breach lawsuit

New York Attorney General Letitia James announced a settlement with Dunkin’ Brands, Inc. (Dunkin’) — franchisor of Dunkin’ Donuts — resolving a lawsuit over the company’s failure to respond to successful cyberattacks that compromised tens of thousands of customers’ online accounts. 

from Cyber Security News https://ift.tt/32FNg9d

Switzerland’s DPA concludes that Swiss-US Privacy Shield does not provide adequate level of protection

The fallout from the Schrems II judgment continued with an announcement from Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) that the Swiss-US Privacy Shield regime “does not provide an adequate level of protection for data transfer from Switzerland to the US pursuant to [Switzerland’s] Federal Act on Data Protection (FADP).”

from Cyber Security News https://ift.tt/3c87M5H

BSIMM11 study shows fundamental shifts in software security initiatives in response to DevOps & digital transformation

Synopsys, Inc. published BSIMM11, the latest version of the Building Security In Maturity Model (BSIMM), created to help organizations plan, execute, measure, and improve their software security initiatives (SSIs). BSIMM11 reflects the software security practices observed across 130 firms from multiple industry verticals including financial services, FinTech, independent software vendors, cloud, health care, Internet of Things, insurance, and retail.

from Cyber Security News https://ift.tt/3iE4UQw

Data governance trends in 2020: New risks, new rewards of remote work

The Data Governance Trends Report, by Egnyte, highlights how the COVID-19 pandemic has forced CIOs to reimagine data governance plans in the context of remote-first (and remote-only) working conditions. It reveals new and emerging security threats associated with the work-from-everywhere paradigm, and digs into the strategies companies have adopted (and plan to adopt) to keep up.

from Cyber Security News https://ift.tt/2ZLpF54

More than 80% of government cybersecurity leaders say private-public partnerships a necessity

According to a new report, public-private collaboration would help government leaders keep pace with cyberthreats.

from Cyber Security News https://ift.tt/33FG4JJ

What the Zerologon vulnerability means for the state of enterprise security

On August’s Patch Tuesday, Microsoft closed several vulnerabilities, among them CVE-2020-1472, known as Zerologon. Secura's security expert Tom Tervoort discovered the vulnerabilty and recently explained in a blog why the vulnerability is so dangerous. 

from Cyber Security News https://ift.tt/3mu3WbJ

Five cybersecurity trends from 2020 – And what the future holds

The need for cybersecurity in the financial services industry has never been greater. Financial Institutions (FIs) have been and will continue to be the subject of cyberattacks by adversaries of all varieties. The old adage “why do you rob banks....because that’s where the money is” holds in this domain as well. In 2019, 86 percent of breaches were financially motivated, and the records exposed in all breaches increased by 284 percent. And if that’s not enough for FIs to worry about, consider that the average cost of a breach as disclosed by public firms in 2019 was $116 million. Given the magnitude of this issue, these are the top trends seen in cybersecurity this year.

from Cyber Security News https://ift.tt/2ZFCQ7R

US charges 5 Chinese “Apt41” actors for hacking into more than 100 companies

U.S. federal agencies revealed criminal charges against five computer hackers, all of whom were residents and nationals of the People’s Republic of China (PRC), with computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

from Cyber Security News https://ift.tt/33yzBAh

Siemens USA launches cybersecurity analytics lab to help protect operational technology

Siemens USA announced the launch of its technologically advanced cyber test range housed at its U.S. R&D headquarters in Princeton, New Jersey. The COVID-19 pandemic and the related increase in cyberattacks has highlighted the need for facilities such as this to focus on prevention, detection, and response solutions.

from Cyber Security News https://ift.tt/2ZLUoPB

Data breach exposes more than 320 million records and PII of 70 websites

vpnMentor’s research team recently received a report from an anonymous ethical hacker about a massive data leak exposing users of over 70 adult dating and e-commerce websites from around the world.

from Cyber Security News https://ift.tt/35UoyEr

Data breach exposes personal information of 46k veterans

The U.S. Department of Veterans Affairs (VA) Office of Management announced a data breach involving the personal information of approximately 46,000 Veterans. 

from Cyber Security News https://ift.tt/3c3rwHy

C-Suite executives expect changes made in response to COVID-19 to become permanent

The vast majority (83%) of C-level executives expect the changes they made in the areas of people, processes, and applications as a response to the COVID-19 pandemic to become permanent (whether significant or partial), according to data from a new report published today by Radware, a provider of cyber security and application delivery solutions.

from Cyber Security News https://ift.tt/3mrNwAJ

Reduction in human-initiated attacks, growth in bot attacks targeting financial services organizations

LexisNexis® Risk Solutions  released its biannual Cybercrime Report, which tracks global cybercrime activity from January through June 2020. The report dives deep into how the COVID-19 pandemic has impacted the global digital economy, regional economies, industries, businesses and consumer behavior.

from Cyber Security News https://ift.tt/33D8aW5

Outbound emails grow and are causing a rising security breach risk says report

An independent study surveying IT security leaders in the U.S. and U.K. found that 93% of those surveyed said that their organisation had suffered data breaches through outbound email in the last 12 months. Rising outbound email volumes due to COVID-19-related remote working and the digitization of manual processes are also contributing to escalating risk. 

from Cyber Security News https://ift.tt/33OoTWz

The future of connectivity

Cloud communications and other advanced networking solutions have not only changed the way we connect with the world around us today, but they are also driving the change in future connectivity and are set to transform the way businesses create operating models, collaborate, and more. So, what does the future of connectivity look like in 2021? The near future consists of more robust security, more intuitive and streamlined connectivity, and increased mobility for a global workforce.

from Cyber Security News https://ift.tt/2FBAYpE

The changing threat landscape in today’s cybersecurity

Thoughts around threat landscapes commonly prioritize corporate and governmental networks assets as high priorities, with personal networks and resources as lower-level threats. However, there have been recent changes that have caused the reassessment of prioritization levels at times. As a result of the COVID-19 pandemic, the number of individuals who work from home has greatly increased. In fact, Stanford researcher Nicholas Bloom places the percentage of people currently working at home at over 40%.

from Cyber Security News https://ift.tt/3iznE3D

IFSEC Global influencers in security and fire 2020 revealed

The International Foundation for Protection Officers (IFPO) revealed the IFSEC Global influencers in security and fire 2020. Chosen based on nominations judged by a panel of highly respected judges, the influencers span seven categories, with nominees and winners coming from across the globe.

from Cyber Security News https://ift.tt/3mAEp0K

The evolution of cloud security access brokers (CASB)

What are the expectations, technical implementations, and challenges of using cloud security access brokers (CASB)? Cloud Security Alliance's latest study reveal unrealized gaps between the rate of implementation or operation and the effective use of the capabilities within the enterprise.

from Cyber Security News https://ift.tt/33uKV0e

Potential voter privacy issues in Biden campaign app

New findings by The App Analyst reveal a privacy bug in Democratic presidential candidate Joe Biden's official campaign app. 

from Cyber Security News https://ift.tt/3izexQq

Eric Cardwell named Director of Cyber Risk Engineering at Axio

Eric Cardwell has been named Axio's  Director of Cyber Risk Engineering. Mr. Cardwell will be responsible for addressing cyber risk requirements for industry clients, identifying government and trade association contracts, and driving innovation in the advancement of security and financial controls across the energy and utilities sector.

from Cyber Security News https://ift.tt/2FzrPxE

Databases stores, cloud storage and services at risk from exposed access keys finds new research

Digital Shadows revealed new research looking at the growing problem of company access keys inadvertently exposed during software development. Access keys, and their corresponding secrets, are used by developers to authenticate into other systems.

from Cyber Security News https://ift.tt/3isS8Ee

Self-sovereign identity: The true password killer

From the early days of the web, the concept of authentication has been synonymous with the notion of ‘logging in,’ typically with a username and password. Today, this ubiquity has exploded to the point that the average individual has 191 usernames and passwords acting as one-to-one keys for any website they’ve registered with.

from Cyber Security News https://ift.tt/2FsSo7S

The three main ingredients for the successful implementation of Zero Trust in the time of COVID-19: Machine learning, carta and software defined perimeter

Today, Zero Trust is the subject of much discussion and debate; for instance, is Zero Trust doable in reality or more so in theory?  As many are aware, Zero Trust is a concept that deems everyone (employees, freelancers and vendors) and everything (datacenters, applications and devices) must be verified before being allowed into a network perimeter – whether they are on the inside or the outside of an organization.

from Cyber Security News https://ift.tt/35DzRk2

Fairfax County Public Schools hit by Maze ransomware

Over the weekend, Fairfax, Va. County Public Schools, the 10th largest school district in the country, was hit by Maze ransomware, resulting in an apparent leak of student and faculty data, just days after previous attacks on these two other school systems.

from Cyber Security News https://ift.tt/35yjchT

Election security study: More than half of tech pros are less confident now than before the pandemic

In the lead-up to the 2020 US elections, the nonpartisan global technology association ISACA surveyed more than 3,000 IT governance, risk, security and audit professionals in the US in January and again in July.

from Cyber Security News https://ift.tt/3muIeof

Chinese Ministry of State Security-affiliated cyber threat actor activity targeting US agencies

The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.

from Cyber Security News https://ift.tt/3kfmA5e

US criminal Court hit by “Conti” ransomware

The Fourth District Court of Louisiana has been hit by ransomware. Hacking group/ransomware strain Conti has claimed the attack on the US Court, and published apparent proof of the attack on its dark web page this week, CBR reports. 

from Cyber Security News https://ift.tt/2ZD5iaj

Study finds 39% of employees access corporate data on personal devices

Trend Micro Incorporated released survey results that show smart home devices and their apps represent a major weak link in the corporate cybersecurity chain as the lines between work and home life increasingly blur.

from Cyber Security News https://ift.tt/33pwZo5

CISA, EAC develop risk profile tool for election officials

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Election Assistance Commission (EAC), released the Election Risk Profile Tool, a user-friendly assessment tool to equip election officials and federal agencies in prioritizing and managing cybersecurity risks to the Election Infrastructure Subsector.  

from Cyber Security News https://ift.tt/32qKiW2

NSA, National Cryptologic Museum Foundation reveal plans for Cyber Center for Education and Innovation

When NSA and the National Cryptologic Museum Foundation (NCMF) break ground on the proposed Cyber Center for Education and Innovation (CCEI) on the campus of NSA-Washington (NSAW), it will culminate many years of hard work and commitment shared by the two partners. The state-of-the-art CCEI will offer over 70,000 square-feet of conference space and classrooms, providing a venue focused on delivering programs that encourage government, industry, and academia to share insights, knowledge, and resources to strengthen cybersecurity across the Nation. 

from Cyber Security News https://ift.tt/2RqqBaA

Securing cloud access when everyone is now a privileged user

Organizations may consider adopting an adaptive risk-based trust approach to securing their privileged access. This approach uses least-privilege, zero-trust as a baseline for how organizations build trust scores which will then be used to determine the level of security which is required to gain access to the cloud, and specific applications and systems.

from Cyber Security News https://ift.tt/3bVYU2Q

Growing cybersecurity concerns create opportunity for competitive advantage

In Spring 2020 as the COVID-19 pandemic was starting to spread across the globe, a survey of approximately 250 U.S. consumers commissioned by Awake Security found that the two threats from the DHS list that worry Americans most are cyberattacks on core infrastructure (electric, water, transportation etc.) and cyberattacks on corporations. Diving deeper into the results surfaces something that is contrary to the popular narrative: consumers take responsibility for their personal cybersecurity and even help out those around them. They hold the government and enterprises ultimately accountable, but also understand the role each individual has to play.

from Cyber Security News https://ift.tt/3mdeTyp

Zoom introduces two-factor authentication for all users

To enhance security following a massive increase in use of video conferencing apps, Zoom introduced two-factor authentication (2FA) for all users on its client and mobile apps. 

from Cyber Security News https://ift.tt/32k1tIJ

Back to school ransomware attacks

Recently, schools throughout the U.S. have endured delays in reopening after experiencing massive ransomware attacks that force the shutdown of critical information technology systems.

from Cyber Security News https://ift.tt/3hlTfnN

The Twitter takedown: How a teen rocked the cybersecurity world and why this can never happen again

Recently, two teens and a young adult infiltrated one of Silicon Valley’s biggest companies in a high-profile hack – and the biggest ever for Twitter. Authorities say the 17-year-old “mastermind” used social engineering tactics to convince a Twitter employee that he also worked in the IT department and gained access to Twitter’s Customer Service Portal. The 130-account takeover proved unique, as it was fundamentally a dramatic manipulation of trust and could have had far more world-changing consequences if the attackers had the aspirations of say, a dangerous fringe group versus that of a teenager. There are a few takeaways to learn here, especially when it comes to considering redefining what we classify as “critical infrastructure” and what must be protected at all costs.

from Cyber Security News https://ift.tt/3k9uNrQ

European Commission and EDPB provide update on efforts to address cross-border transfers after Schrems II

Last week, Didier Reynders, European Commissioner for Justice, and Dr. Andrea Jelinek, Chair of the European Data Protection Board (EDPB), appeared at a hearing conducted by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, and updated committee members on their work since the Schrems II decision. In his remarks, Mr. Reynders identified three main areas on which the Commission is focusing.

from Cyber Security News https://ift.tt/3hlcqOu

Information Security Forum announces digital 2020 conference

The Information Security Forum (ISF) is hosting it’s Annual World Congress (Digital 2020), which takes place November 15-19, 2020. For the first time, the ISF World Congress will be held virtually, providing a unique online, interactive global event experience, available in multiple time zones, allowing attendees to watch and participate in the full show at times that best suit their schedules.

from Cyber Security News https://ift.tt/3magBQS

Cybersecurity claims trends amid COVID-19

Coalition announced the results of its H1 2020 Cyber Insurance Claims Report, which explores top cybersecurity trends and threats facing organizations today, in addition to data showing the impact of COVID-19 on cyber insurance claims.

from Cyber Security News https://ift.tt/35rJVg4

Digital Shadows research: The middlemen who make ransomware possible (and profitable)

Digital Shadows released new research into a group of cybercriminals who are essential to the profitability of ransomware, but who are also often overlooked: initial access brokers. Initial access brokers gain remote access to vulnerable organizations, which an end-purchaser of ransomware or RaaS can then leverage to wreak havoc.

from Cyber Security News https://ift.tt/2DNe3XN

ESET Research discovers CDRThief, malware attacking Chinese VoIP platform

ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches. This new malware, named CDRThief by ESET, is designed to target a very specific VoIP platform used by two China-made softswitches (software switches): Linknat VOS2009 and VOS3000.

from Cyber Security News https://ift.tt/35oidkg

The role of cybersecurity in helping retail open post-COVID-19

The pandemic has redefined what it means to be a resilient business, especially when it comes to retail. “Essential” businesses that have remained open, such as supermarkets or pharmacies, have had to figure out how to operate safely in this new world. No matter the type of retailer, the importance of cybersecurity hasn’t gone away. If anything, it becomes more important as a cyber disruption could be the fatal final straw for a business looking for a smooth return to operations and maintain its brand image and reputation.

from Cyber Security News https://ift.tt/3m6mM8x

5 minutes with David “moose” Wolpoff

We talk to David “moose” Wolpoff, Chief Technology Officer (CTO) and co-founder of Randori – who’s successfully broken into every company he was asked to – about Black Hats’ processes for finding and exploiting weaknesses in software.

from Cyber Security News https://ift.tt/3mhIU02

Third-party components putting operational hardware and software technologies at risk

Claroty researchers have uncovered six critical vulnerabilities in third-party license management components, which could expose operational technology (OT) environments (hardware and software components) across numerous industries to exploits via cyberattacks.

from Cyber Security News https://ift.tt/35jqsOj

Trump administration launches new cybersecurity principles for space technologies

The Trump Administration announced the first cybersecurity policy for systems used in outer space and near space. Space Policy Directive- 5 (SPD-5) makes clear the lead role the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have in in enhancing the nation’s cyber defenses in space, notably on key systems used for global communications, navigation, weather monitoring, and other critical services.

from Cyber Security News https://ift.tt/2FgPD9w

Keeper Security: Understanding and preventing ransomware attacks

According to the latest white paper from Keeper Security, "Understanding & Preventing Ransomware Attacks," ransomware attacks have become increasingly common for three reasons.

from Cyber Security News https://ift.tt/33iLQRs

MS-ISAC, DNG-ISAC sign MOU for improved cybersecurity

The Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC) have signed a memorandum of understanding (MOU) to share cyber threat information that will enable stronger protection for both sectors.

from Cyber Security News https://ift.tt/2R9BXzy

You've been hacked - Now what?

If you've done your job correctly, you will never ask "now what?" when a cyberattack occurs, because you'll already have an incident response plan in place that prescribes exactly what you need to do.

from Cyber Security News https://ift.tt/3m6Kdyz

Jamie Neumaier named CISO at Erie Insurance

Erie Insurance announced that Jamie Neumaier will assume the role of chief information security officer (CISO), effective September 10.

from Cyber Security News https://ift.tt/32bZ7ff

SonicWall suffers security vulnerability, affecting millions of managed devices and organizations

United Kingdom security researchers say it took SonicWall more than two weeks to patch a vulnerability in 1.9 million SonicWall user groups, affecting some 10 million managed devices and 500,000 organizations.

from Cyber Security News https://ift.tt/3hbVcTU

SMBs increasingly have to ‘do more with less’ when it comes to cybersecurity

Untangle, Inc. released the results of its third annual SMB IT Security Report. Polling more than 500 SMBs, the report explores major barriers for managing IT security, particularly in the face of the unique challenges brought on by COVID-19 and its resulting shift to remote work.

from Cyber Security News https://ift.tt/3bCcTL7

Lessons learned from the Equifax data breach

Three years later, what are some of the lessons learned about the Equifax data breach, which exposed the personal information of 147 million people?

from Cyber Security News https://ift.tt/3h7Gz3J

Australian government releases best practices on securing IoT devices

The Australian Government has released The Code of Practice: Securing the Internet of Things for Consumers (Code of Practice). The guide represents a first step in the Australian Government’s approach to improve the security of IoT devices in Australia.

from Cyber Security News https://ift.tt/2QWYkrT

MIT launches SCRAM, a tool to help enterprise security prioritize investments

The Secure Cyber Risk Aggregation and Measurement (SCRAM), a new platform from the Massachusetts Institute of Technology (MIT) Computer Science and Artificial Intelligence Laboratory (CSAIL), quantifies companies' security risk without requiring them to disclose sensitive data about their systems to the research team, much less their competitors. 

from Cyber Security News https://ift.tt/2DsSZ8E

Andrew Albrecht named VP and CISO at IAA Inc.

IAA, Inc. announced the appointment of Andrew Albrecht as Vice President and Chief Information Security Officer. Albrecht will report directly to Maju Abraham, Senior Vice President and Chief Information Officer.

from Cyber Security News https://ift.tt/2Z2JuVi

Love, hate and cybersecurity

I was chatting with a chief information security officer (CISO) recently, and we started talking about motivation and the role of love and hate in driving ourselves towards our goals. In cybersecurity, we tend to think about external opponents, most notably white hats vs. black hats, but rarely discuss the internal factors that guide our day-to-day decisions. Humans are dynamic beings that aren’t driven solely by love or hate (despite what the chatter on social media may have you believe). We do, however, have predilections based on our personalities and environment. How we choose to deal with those influences shapes who we become. A good strategy is a combination of love and hate where organizations work towards a grand vision of their future while eliminating things they hate one after the other.

from Cyber Security News https://ift.tt/34XgSAG

Bringing BEC home: How to protect against BEC attacks while remote

In 2019, Business Email Compromise (BEC) attacks – a long-standing cybersecurity threat – accounted for $1.7 billion in losses, with cybercriminals using new tactics and techniques to carry out existing attacks. As cybercrime spikes in the wake of COVID-19, BEC’s toll is expected to rise this year. The Federal Bureau of Investigation (FBI) recently issued a warning to businesses on the growing threat of BEC attacks using the pandemic as a backdrop for unusual requests like payments to a “new” vendor or a change of account information.

from Cyber Security News https://ift.tt/2EN6Qrj

APIs are the next frontier in cybercrime

Application programming interfaces (APIs) make everything a bit easier - from data sharing to system connectivity to delivery of critical features and functionality - but they also make it much easier for the bad actors (and the bad bots they deploy). Here are the top 5 API vulnerabilities that get exploited by hackers, including some tips to help close those gaps. 

from Cyber Security News https://ift.tt/3jJkRVD

Digital Shadows finds 225 new, potentially malicious, typosquats in US election domains

Digital Shadows has identified 225 new, potentially malicious, typosquats related to the upcoming US presidential elections. Based on the major party tickets, Digital Shadows identified three classes of typosquats - misconfigured or illegitimate sites, non-malicious sites, and sites that redirect to another – associated with election-specific keywords like Trump, Pence, Biden, and Harris, among others.   

from Cyber Security News https://ift.tt/3jJ1KuN

The Most Influential People in Security 2020

Security magazine is pleased to announce our 2020 Most Influential People in Security – 22 top security executives and industry leaders who are positively impacting the security field, their organization, their colleagues and peers, and the national and global security landscape.

from Cyber Security News https://ift.tt/3i7DjGQ

U.S. Transportation announces launch of AV TEST online tracking tool

The U.S. Department of Transportation launched a public online tool to improve the safety and testing transparency of automated driving systems.

from Cyber Security News https://ift.tt/2YXqtDN

Best practices for incident response

Multiple intelligence agencies are releasing a joint cybersecurity advisory on technical approaches to incident response and best practices to remediating malicious cyber activity.

from Cyber Security News https://ift.tt/2Z1kkXk

Facebook: Russians once again targeting Americans with disinformation

The Russian group that meddled in the 2016 election (Internet Research Agency) is now using sham accounts and a fake left-wing news site to sow disinformation, according to The New York Times. 

from Cyber Security News https://ift.tt/32KseVU

September: National Insider Threat Awareness Month

September is National Insider Threat Awareness Month (NIATM), which is a collaborative effort between the National Counterintelligence and Security Center (NCSC), National Insider Threat Task Force (NITTF), Office of the Under Secretary of Defense Intelligence and Security (USD(I&S)), Department of Homeland Security (DHS), and Defense Counterintelligence and Security Agency (DCSA) to emphasize the importance of detecting, deterring, and reporting insider threats.

from Cyber Security News https://ift.tt/31QS8bp

Insider Threat Report: 61% of companies have had an insider attack in the past year

A majority of survey respondents (61%) reported at least one insider attack over the last 12 months (22% reported at least six separate attacks). Forty-nine percent of respondents stated that at least one week typically goes by before insider attacks are detected; additionally, 44% said that another week usually passes before the organization recovers from the attacks.

from Cyber Security News https://ift.tt/2GelQP0

Cybersecurity Talent Initiative announces first class; calls for second class to reduce cybersecurity talent gap

Public and private sector partner to start reducing the cybersecurity talent gap and provide participants with up to $75,000 in student loan assistance.

from Cyber Security News https://ift.tt/3gPgg2f

Stolen Fortnite accounts reportedly earn hackers millions per year

A new Night Lion Security and Data Viper report provides an inside look at the lucrative economy of hacked consumer gaming accounts, where cybercriminals are earning upwards of $40,000 per week in profits. 

from Cyber Security News https://ift.tt/3hQhKuv

Android users urged to delete six dangerous apps

Android smartphones are some of the most popular handheld devices around the world. However, if you have an Android smartphone, a new report may urge you to reconsider which apps you have installed on your phone. Researchers from Pradeo have warned about six dangerous apps that can swindle you out of thousands. The apps are loaded with a dangerous malware dubbed Joker, according to Pradeo.

from Cyber Security News https://ift.tt/3jEUsrM

Taren Rodabaugh named Chief Information Officer for Bridgestone Americas

Bridgestone Americas announced Taren Rodabaugh has been named Chief Information Officer (CIO) effective August 31. She will lead the information technology strategy in support of the company's ongoing evolution to become a sustainable mobility and advanced solutions company.

from Cyber Security News https://ift.tt/3hTHExi

It’s coming: National Cybersecurity Awareness Month

Flashback to 2004 and the genesis of National Cybersecurity Awareness Month (NCSAM), an initiative created to raise awareness in the U.S. around the importance of cybersecurity. Founded by the National Cyber Security Division within the Department of Homeland Security and the nonprofit National Cyber Security Alliance, NCSAM has taken place each October, since its mid-aughts inception, in efforts to ensure all Americans have knowledge of the resources and tools they need to be safer and more secure online.

from Cyber Security News https://ift.tt/2QKK0CU

New IoT security maturity model profile targets retail industry

International technology standards consortium Object Management Group® (OMG®) and the Industrial Internet Consortium® (IIC™) announced the first vertical profile for the recently released v1.2 of the IoT Security Maturity Model (SMM) Practitioner’s Guide. Targeted specifically for the retail industry, IoT SMM: Retail Profile for Point-of-Sale Devices will help retail organizations determine the right level of investment to meet their security needs.

from Cyber Security News https://ift.tt/3beGGJL

Former Cisco employee pleads guilty in insider threat case

Sudhish Kasaba Ramesh pleaded guilty in federal court to intentionally accessing a Cisco's protected computer without authorization and recklessly causing damage, announced United States Attorney David L. Anderson and Federal Bureau of Investigation Special Agent in Charge John L. Bennett. 

from Cyber Security News https://ift.tt/3jx0omP

Brian Harrell joins AVANGRID as Chief Security Officer and VP of Physical and Cybersecurity

AVANGRID announced the appointment of Brian Harrell to the role of Chief Security Officer and Vice President of Physical and Cybersecurity. Harrell will lead the security efforts across the company.

from Cyber Security News https://ift.tt/32P7BI2

New research shows significant increase in phishing attacks since the pandemic began straining corporate IT security teams

New research spike in phishing attempts since the pandemic began, leading to more frequent successful attacks and a heavier burden on corporate IT security teams to remediate incidents.

from Cyber Security News https://ift.tt/2ERnPrW