Same cyber threats, better solutions as impact of data breaches skyrocketed in 2020

With additional pandemic-related vulnerabilities, these preventable mistakes led to greater losses, and the resulting breaches were often wholly avoidable with simple fixes. Here are four of the most common gaps in security, the high-profile breaches they caused in 2020, and how to prevent your company from becoming the next victim.

from Cyber Security News https://ift.tt/3sAhYeb

Shifting landscapes and cultural changes

As a result of major cyberattacks in 2020, security leaders were forced to be even more cognizant of their approach to protecting their organization, often forcing them to refine and future proof their approaches to this new world of security. After watching the events of 2020 and analyzing threat actors’ approaches, here’s what I expect to see in 2021:

from Cyber Security News https://ift.tt/2NM1oJq

Survey says few employee wellbeing/caregiving programs are effective

U.S. employers are expanding efforts to enhance their employees’ wellbeing as they map out a benefit strategy for operating in a post-pandemic environment. These initiatives come as less than three in 10 employers say their wellbeing (29%) and caregiving (27%) programs have been effective at supporting employees during the pandemic.

from Cyber Security News https://ift.tt/3dT2i1p

New York Cyber Task Force launches report revealing national cybersecurity response readiness

In the spring of 2020, the second New York Cyber Task Force (NYCTF) was formed under the direction of its Executive Director Greg Rattray, gathering key high-profile members and leading experts to analyze the degree to which the U.S. was ready for future cyber challenges, including political, economic, and technological developments; changing cyber conflict dynamics; and the COVID-19 pandemic.  Now, the NYCTF released its new report, “Enhancing Readiness for National Cyber Defense through Operational Collaboration” with Columbia University’s School of International and Public Affairs (SIPA), revealing U.S. cyber response readiness against national security challenges in cyberspace.

from Cyber Security News https://ift.tt/2ZTxhST

Majority of malware now delivered via cloud apps

Netskope revealed new research showing that the majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk. The findings are part of the February 2021 Netskope Cloud and Threat Report, which analyzes the most interesting trends on enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers. 

from Cyber Security News https://ift.tt/37PRk9e

Don’t let IVR fraudsters exploit COVID

Contact center call volumes will vary from industry to industry and from month to month, but the general trend is steeply upward.  Adding new agents isn’t the only or even the most efficient way that contact center managers can respond to the great COVID crunch of 2021. A properly deployed Interactive Voice Response system can make workloads manageable for agents while keeping customers from long and frustrating minutes on hold. Still, new options for callers may correspond to new opportunities for attackers. 

from Cyber Security News https://ift.tt/2NLebf8

New Minnesota Consumer Data Privacy Act is introduced

On Feb. 22, 2021, the “Minnesota Consumer Data Privacy Act” (MCDPA) was introduced in the Minnesota House of Representatives. The MCDPA is now the primary candidate to become Minnesota’s omnibus consumer privacy law. To learn more about the MCDPA and privacy regulations, Security magazine spoke to attorney Nadeem Schwen, from Winthrop & Weinstine, who has been at the forefront of this bill’s creation and leads data privacy work for the firm. 

from Cyber Security News https://ift.tt/3bExiQd

Malwarebytes unveils a new APT group: LazyScripter

Malwarebytes’ Threat Intelligence analysts  introduced a new APT group they have named LazyScripter, presenting in-depth analysis of the tactics, techniques, procedures, and infrastructure employed by this actor group.

from Cyber Security News https://ift.tt/3snnsZA

5 minutes with Sergey Strakhov – Preparing for “Q-day”

Quantum computing, the use of quantum phenomena such as superposition and entanglement to perform computation, is expected to impact many sectors, including healthcare, energy, finance, entertainment, and security. Before this large-scale impact is achieved, several challenges need to be overcome, and security leaders should start preparing for this change, says Sergey Strakhov, Chief Technology Officer at IronCap. Here, we talk to Strakhov about the impact quantum computing will have on security and the potential risks it poses.

from Cyber Security News https://ift.tt/3uJtu94

4 ways to improve your online privacy as a remote worker

As the global pandemic forces more people to work remotely than ever before, it’s important to take steps to protect both your personal and company data from online threats.

from Cyber Security News https://ift.tt/37P5rLS

Bombardier suffers data breach

Canadian airplane maker Bombardier announced that it suffered a breach that exposed employee, customer, and supplier data.

from Cyber Security News https://ift.tt/3bFPdWI

TietoEVRY hit by ransomware group

Finnish IT service company TietoEVRY has been hit by a ransomware group.

from Cyber Security News https://ift.tt/2NXp0e6

Jaguar Racing partners with Micro focus to enhance digital security, business resiliency and cyber posture

Jaguar Racing announced that it has partnered with enterprise software provider Micro Focus, ahead of season seven of the ABB FIA Formula E World Championship. Initially, Micro Focus will provide technology to deliver high-performance advanced analytics and machine learning to ensure the Jaguar team performs at top speed for winning results. Micro Focus will also conduct a cyber resilience assessment workshop to help the team identify any potential risks and gaps in their cybersecurity posture.

from Cyber Security News https://ift.tt/3dKNwd6

CISA releases joint cybersecurity advisory on exploitation of Accellion file transfer appliance

The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance.

from Cyber Security News https://ift.tt/3ssyH2U

Cybercrime report finds young adults and adults over 75 most vulnerable to fraud attacks

LexisNexis Risk Solutions released its biannual Cybercrime Report covering July 2020 through December 2020, which details how the evolving threat landscape created new opportunities for cybercriminals around the world, particularly as they targeted new online users.

from Cyber Security News https://ift.tt/3aRAxV6

5 minutes with Shimrit Tzur-David - Developments in passwordless authentication technology

As cybercriminals continue to revel in the surge of employees using weak or vulnerable methods to remotely access workplace systems, organizations are increasingly looking to boost overall security by eliminating passwords, and instead opting for passwordless authentication. Here, we talk to Shimrit Tzur-David, CTO of Secret Double Octopus, about recent developments in this technology. 

from Cyber Security News https://ift.tt/3spRI61

2021: Ransomware isn’t going away anytime soon

Indeed, over the past few years, ransomware operators have shifted tactics, moving from widespread targeting intended to collect smaller ransoms from several entities to being more selective in what organizations are targeted and setting larger ransom amounts. One recent tactic revealed ransomware operators using virtual machine to evade detection, which was quickly adopted by other groups.

from Cyber Security News https://ift.tt/3bCwdbF

The IoT Cybersecurity Improvement Act: A first step in bolstering smart technology security

The IoT security bill is a step in the right direction, as it addresses one of the biggest gaps in software security overall -- generating awareness. But, as the use of connected devices continues to exponentially grow over time, we must ask ourselves: is it enough? Let’s explore.

from Cyber Security News https://ift.tt/3uyq74w

CISA and AVANGRID conduct virtual exercise to improve emergency response and recovery plans

The Cybersecurity and Infrastructure Security Agency (CISA) and AVANGRID, a sustainable energy company providing services in 24 states, conducted a virtual tabletop exercise to test and identify the safety procedures AVANGRID has implemented since the beginning of the COVID-19 pandemic and identify additional procedures necessary to ensure employee safety operations and business continuity in the out years.  

from Cyber Security News https://ift.tt/3uqRFc5

10K Microsoft users targeted by FedEx and DHL phishing attack

Two large phishing attacks, aimed at a combined 10,000 victims, spoofed emails from FedEx and DHL Express in an attempt to steal their targets' business email account credentials.

from Cyber Security News https://ift.tt/2NVZNk2

Why security must be shifted left in a cloud-first strategy

Companies with cloud-first strategies are growing in number as the benefits of cloud have become more apparent and appetizing in the fallout of the COVID-19 pandemic. However, simply having a cloud-first strategy doesn’t guarantee success in the cloud, cost savings and increased agility. Similarly, security remains a pervasive threat if a process for mitigation is not built into the very foundation of your cloud strategy.

from Cyber Security News https://ift.tt/2Mjsmr8

Addressing security risks of personal business in the workplace

 There are numerous solutions organizations can implement to mitigate risks associated with employee use of corporate connected devices in the execution of personal business. In this article, we will delve a bit deeper to explain the pros and cons of implementing a few of the more common solutions. It is important to note, that regardless of the solution, an effective awareness and training program for employees is the number one most effective safeguard for your organization.

from Cyber Security News https://ift.tt/3qUssEL

5 minutes with Mike Hamilton – The biggest threats to the critical infrastructure

Local governments, including counties and municipalities, face unique cybersecurity challenges that can too easily disrupt the delivery of mission-critical services. With continuous threats of ransomware and other malicious attacks to derail day-to-day municipality function, like water infrastructure, waste management and more, the security of these entities is of top national priority. Here, we talk to Mike Hamilton, CISO for government cybersecurity firm, CI Security, about the biggest threats to the U.S. critical infrastructure.

from Cyber Security News https://ift.tt/37LRgaC

Telework exposes U.S. government employees to increasing credential-theft mobile attacks

Lookout Inc. released its Government Threat Report, which examines the most prominent mobile threats affecting federal, state and local governments in the United States. Lookout data reveals that U.S. government organizations are increasingly targeted by credential stealing mobile attacks and exposed to hundreds of vulnerabilities from outdated operating systems and risky apps.

from Cyber Security News https://ift.tt/2NZ44Db

Cyber resilience: Protecting the vaccine supply chain

As pharmaceutical companies and healthcare organizations turn their attention from the development to the deployment of coronavirus vaccines, well-resourced cybercriminals are hotly following suit. The vaccine supply chain is rife with logistical complexities making the enormously valuable data on the various vaccines deeply attractive to threat actors. In fact, cybercriminals are already attempting to steal vaccine formulas and disrupt operations.

from Cyber Security News https://ift.tt/2ZNtiY8

Clubhouse suffers data breach

Audio-based social app Clubhouse has allegedly suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone users to access the invite-only, iPhone-only service. The app, which launched in March 2020, has quickly gained popularity, raising $100 million in funding in January.

from Cyber Security News https://ift.tt/3dFKYNy

Organizations are at growing risk from Initial Access Brokers

Digital Shadows highlighted the growing role of Initial Access Brokers within the criminal ecosystem within its Initial Access Brokers Report. Rather than infiltrating an organization deeply, this type of threat actor operates as a ‘middleman’ by breaching as many companies as possible and goes on to sell access to the highest bidder – often to ransomware groups.

from Cyber Security News https://ift.tt/2ZLzlw0

Reddit appoints Allison Miller as CISO and VP of Trust

Reddit has named Allison Miller as Chief Information Security Officer (CISO) and VP of Trust. An industry expert and innovator, Miller will oversee the Safety and Security teams at Reddit where she’ll be responsible for expanding trust & safety operations and data security, as well as evolving programs to mitigate security challenges and risks. Miller will also redesign Reddit’s trust frameworks and transparency efforts to enable further growth across the platform. 

from Cyber Security News https://ift.tt/3ur9JTg

Sequoia Capital is hacked due to phishing scam

Sequoia Capital, one of the largest and most successful venture capital firms in the world, has told its investors that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee's email was successfully phished, according to an Axios report. 

from Cyber Security News https://ift.tt/3qKZRS6

Security researchers discover VMware bug that could allow remote command execution

Positive Technologies expert Egor Dimitrenko discovered a high-severity vulnerability in the VMware vSphere Replication data replication tool. This solution allows organizations to create backups of virtual machines and run them if the main virtual machine reports a failure. The bug could have allowed attackers with access to the VMware vSphere Replication administration web interface to execute arbitrary code on the server with maximum privileges and start lateral movement on the network to seize control of the corporate infrastructure.

from Cyber Security News https://ift.tt/2ZGyWeC

5 minutes with Jeremy Prout - How to protect the workforce against security risks in 2021

International SOS recently released its Risk Outlook report, unveiling the top security risks for the international workforce in 2021. Here, we talk to Jeremy Prout, Director of Security at International SOS, to discuss how to protect the workforce against the top risks found within the report. 

from Cyber Security News https://ift.tt/3bzC9SO

Reshaping cybersecurity in the Remote Work Era

2020 and COVID-19 taught us a few things in the security industry: the importance of security awareness, speed of deployment is not always a good thing, and assuming new levels of risk such as “remote work force”. With so many challenges still on the horizon, here are some of the key topics to have on top of mind:

from Cyber Security News https://ift.tt/3slVyNN

Exponential increase in malware and exploit activities

Nuspire  announced the release of its 2020 Q4 and Year in Review Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.

from Cyber Security News https://ift.tt/2OQCRmH

New report reveals evolving risks and insecure defaults in the cloud

Accurics unveiled its latest research, “Accurics Cloud Cyber Resilience Report,” which highlights security risks identified in cloud native environments. The findings reveal an increased adoption of managed infrastructure services and the emergence of new cloud watering hole attacks. Of all violations identified, 23% correspond to poorly configured managed service offerings – largely the result of default security profiles or configurations that offer excessive permissions.

from Cyber Security News https://ift.tt/3sg1qrJ

5 minutes with Michael Bahar - The aftermath of the SolarWinds Orion breach

As the cybersecurity community slowly recovers from the SolarWinds Orion breach, we speak to Michael Bahar, a leader in cybersecurity and privacy, about the aftermath of this attack. Bahar is a partner in the Washington D.C. office of Eversheds Sutherland (U.S.) LLP, and the firm’s Litigation practice. He was Deputy Legal Advisor to the National Security Council at the White House, former Minority Staff Director and General Counsel for the U.S. House Intelligence Committee, and a former Active Duty Navy JAG.

from Cyber Security News https://ift.tt/3qAVbyp

Microsoft concludes Solorigate investigation

Microsoft announced they had closed their internal investigation of the SolarWinds attack.  The Microsoft Security Research Center (MSRC), which has shared learnings and guidance throughout the Solorigate incident, confirmed that following the completion of their internal investigation, Microsoft has seen no evidence that Microsoft systems were used to attack others. There was also no evidence of access to Microsoft production services or customer data. 

from Cyber Security News https://ift.tt/3s9iv6x

Laura Juanes Micas joins Constella as Chief Privacy and Compliance Officer

Laura Juanes Micas is joining Constella as Chief Privacy and Compliance Officer to oversee the creation and development of the company's Privacy and Compliance program.

from Cyber Security News https://ift.tt/3bgoEak

Research reveals 50% of apps have security vulnerabilities

WhiteHat Security, provider of application security, released AppSec Stats Flash Volume 2. Research indicated at least 50% of applications in industries such as manufacturing, public services, healthcare, retail, education and utilities, are vulnerable throughout the year due to one or more serious exploitable vulnerabilities.

from Cyber Security News https://ift.tt/3puTcKw

French cybersecurity agency warns of intrusion campaign targeting Centreon

ANSSI, the French cybersecurity agency, has reported an intrusion campaign targeting the monitoring software Centreon distributed by the French company CENTREON which resulted in the breach of several French entities. The first victim seems to have been compromised from late 2017. The campaign lasted until 2020.

from Cyber Security News https://ift.tt/37timmK

Risk and compliance: A 2021 comeback strategy

If the experiences of 2020 taught us anything, it’s that risk in the modern world cannot be understood or sufficiently mitigated with a siloed approach. Individual threats, such as regulatory risk and IT security, converge. Lacking a high-level view, it’s difficult to see the web of cause and effect – making it more difficult to anticipate, prepare, or mitigate the biggest risks. 2020 may be over, but the challenges remain in 2021. Compliance and risk management will need a shared umbrella of information and communication to tackle the complex, integrated risks of today’s landscape.

from Cyber Security News https://ift.tt/3k0MqLm

How insight-driven security builds business resiliency

The acceleration of digitization initiatives was paramount to ensure business continuity during this global crisis. As we rebuild economic stability in 2021, technology – especially automation and security – will play a significant role in positioning enterprises to return to growth.

from Cyber Security News https://ift.tt/3u9OIMX

Kia Motors allegedly suffers ransomware attack; cybercriminals demand $20 million to recover sensitive data

Kia Motors America has allegedly suffered a ransomware attack by the DoppelPaymer gang. The gang is demanding $20 million for a decryptor and not to leak stolen data, according to news reports. 

from Cyber Security News https://ift.tt/3u9CUua

Smishing and vishing: Explained and explored

Ransomware attacks, phishing scams, fake news and several other cyberattacks made headlines in 2020. As millions of Americans shifted to remote work for business continuity, cybercriminals sprung into action, evolving their social engineering tactics. Smishing and vishing are new variants that are fast gaining traction, targeting mobile phones.

from Cyber Security News https://ift.tt/3k0KAtW

Three North Korean military hackers indicted in scheme to commit cyberattacks

A federal indictment charged three North Korean computer programmers with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.

from Cyber Security News https://ift.tt/3s6417C

IRS issues urgent EFIN scam alert to tax professionals

The Internal Revenue Service, state tax agencies and tax industry warned tax professionals of a new scam email that impersonates the IRS and attempts to steal Electronic Filing Identification Numbers (EFINs).

from Cyber Security News https://ift.tt/3b9OTiC

Researchers find security vulnerabilities in sharing app SHAREit

SHAREit, an Android application which has been downloaded more than a billion times, contains unpatched security vulnerabilities that the app maker has failed to fix for more than three months, according to a Trend Micro report.

from Cyber Security News https://ift.tt/2OLIrH8

Accidental database breaches are on the rise – How can your company avoid becoming the next headline?

Every week there seems to be a news story about another massive data breach with millions—and sometimes billions—of records containing personal data lost or stolen. We regularly hear about cyberattacks involving brute-forcing secure logins or exploiting software flaws, but there’s a new segment of the cybercriminal economy that’s growing fast: attackers who target companies that have unintentionally left data out in the open via misconfigured databases.

from Cyber Security News https://ift.tt/37nKAiG

Cybercriminals exploited pandemic with shift to targeted, sophisticated attacks

Malwarebytes announced the findings of its annual “State of Malware” report. The latest report explores how the global pandemic forced many employees to quickly become a remote workforce and confined consumers to their homes. In the wake of this change, cybercriminals ditched many of their old tactics, placing a new emphasis on gathering intelligence, and exploiting and preying upon fears with targeted and sophisticated attacks. As a result, the State of Malware Report found a notable shift in the devices targeted and strategies deployed by cybercriminals.

from Cyber Security News https://ift.tt/3qwY8Qg

As pandemic-driven fraud increases, firms respond with accelerated adoption of defenses

Bottomline and Strategic Treasurer released the results of the 2021 Treasury Fraud & Controls Survey. This is the 6th annual survey between the long-time collaborators, whose research partnership also includes the annual B2B Payments Survey. As in prior years, the 2021 survey gathered details about corporate and banking experiences, actions and plans regarding fraud. Results show that the pandemic accelerated both the threat of fraud and the response to it, with corporate and banking alignment on defensive automation.

from Cyber Security News https://ift.tt/2ZqK1A6

Leading privacy lawyer Vivek Mohan joins Mayer Brown in Northern California

Privacy lawyer Vivek Mohan has joined Mayer Brown as a partner in the Cybersecurity & Data Privacy practice in Northern California. Mr. Mohan joins from Apple Inc., where he served as a senior attorney on the company’s global privacy law & policy team and as head of information security law.

from Cyber Security News https://ift.tt/3anwoIb

NIST finalizes cybersecurity guidance for positioning, navigation and timing systems

As part of an effort to help users apply its well-known Cybersecurity Framework (CSF) as broadly and effectively as possible, the National Institute of Standards and Technology (NIST) has released finalized cybersecurity guidance for positioning, navigation and timing (PNT) services.

from Cyber Security News https://ift.tt/2N3mPFP

How cloud desktops can help your security posture

Risk assessment is a key element of any discussion around security and the cloud. Security is measured in terms of how much risk there is of something happening – and nothing is without risk. So, when it comes to evaluating a move to cloud desktops, companies are really looking at how it will reduce risk.

from Cyber Security News https://ift.tt/3qDuxVH

What you cannot see you cannot secure: Shining a light on cybersecurity threats in a work-from-home environment

With work from home becoming the norm, employees are likely letting their guards down, allowing people in the same household, whether family or visitors, to have access to work-related content. That is why a good cybersecurity strategy starts with people—and a zero trust approach.

from Cyber Security News https://ift.tt/3jVKUdE

CISA announces virtual hiring events

The Cybersecurity and Infrastructure Security Agency (CISA), the nation’s first federal cybersecurity agency, is kicking off a series of virtual hiring events in 2021 for job seekers, while aiming to further increase the representation among women, minorities, and persons with disabilities in order to more fully realize the goal of using the talents of all segments of society.

from Cyber Security News https://ift.tt/3pmlQxr

Which states are getting into the data privacy game?

Four different states (Washington, Virginia, Oklahoma and Minnesota) are on track to enact new data privacy laws in 2021, but are businesses ready to comply with state-by-state regulations? This patchwork of legislation could leave companies confused and vulnerable to legal action if they are unprepared. 

from Cyber Security News https://ift.tt/3anIy3X

4 reasons ERP data security and privacy should factor into your 2021 security budget

As organizations look to strengthen their enterprise data security and privacy programs, they must consider the new risks that remote work has uncovered. More specifically, how legacy business applications and ERP systems may be exposing organizations to new levels of risk because these applications were not designed for user access from unmanaged networks and devices.

from Cyber Security News https://ift.tt/3jRVsdz

5 cybersecurity challenges facing healthcare delivery organizations

Healthcare Delivery Organizations (HDOs) are arguably the most pressured organizations in 2020, not only needing to treat the many patients infected by coronavirus, but also defend themselves against a growing number of cyberattacks targeted at their industry. Here are five cybersecurity challenges researchers found facing Healthcare Delivery Organizations today:

from Cyber Security News https://ift.tt/37h8UCK

Record number of critical and high severity vulnerabilities were logged to the NIST NVD in 2020

A record number of critical and high severity vulnerabilities were logged to the National Institute of Standards and Technology (NIST) and its National Vulnerability Database (NVD) in 2020. THE NVD is a repository of Common Vulnerabilities and Exposures (CVEs) reported by security professionals, researchers and vendors. It is used by security teams around the world to stay up to date with security vulnerabilities as they are discovered. In January 2021, Redscan performed an analysis of the NVD to examine security and vulnerability trends. Their report focuses on vulnerabilities discovered in 2020, but also highlights wider CVE trends that have emerged since 1989.

from Cyber Security News https://ift.tt/2Zwqj6l

CISA and partners release cybersecurity advisory on compromise of US water treatment facility

In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility,  the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint Cybersecurity Advisory AA21-042A: Compromise of U.S. Water Treatment Facility. This advisory outlines how cybercriminals exploit desktop sharing software and end-of-life operating systems to gain unauthorized access to systems.

from Cyber Security News https://ift.tt/3tQULpu

Don't fall victim to cyber romance scams

New research from Tessian finds that almost one-third of people have fallen victim to a cyber romance scam, posing a new warning: don’t get cat-phished this Valentine’s Day.

from Cyber Security News https://ift.tt/3tRrwmy

Security researchers discover Helpdesk Software vulnerability

After auditing the security of Helpdesk Software solution Deskpro in accordance with the company's Responsible Disclosure Bug Bounty Program, the Checkmarx Security Research Team discovered a severe cross-site scripting (XSS) issue that can be exploited multiple ways. 

from Cyber Security News https://ift.tt/3pnyvQR

Securing business automation amidst remote work

In today’s world, business process automation solutions are considered the fastest-growing segment on the global enterprise software market. However, both business owners and frequent users alike often express their doubts about the capability of automation tools to operate at the proper level required by enterprise data security, especially with many employees working from home due to the pandemic.

from Cyber Security News https://ift.tt/377MJ1D

The top 25 most phished brands

INKY processed 656,954,951 emails in 2020. From this data, they ranked the top 25 most-phished brands during 2020. In round numbers, that’s two-thirds of a billion.

from Cyber Security News https://ift.tt/2Ot9A1n

5 minutes with Christos Kalantzis - The concept and power of security ratings

Security ratings or cybersecurity ratings are a data-driven, objective, and dynamic measurement of an organization's security posture and cybersecurity performance. To learn more about the benefits of security ratings, we speak to Christos Kalantzis, Chief Technology Officer at SecurityScorecard. 

from Cyber Security News https://ift.tt/3tNlvqN

Lookout unmasks state-sponsored Android spyware tied to India-Pakistan conflict

Lookout, Inc. announced the discovery of two novel Android surveillanceware, Hornbill and SunBird. The Lookout Threat Intelligence team believes these campaigns are connected to the Confucius APT, a well-known pro-India state-sponsored advanced persistent threat group. Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS message content, encrypted messaging app content, geolocation, contact information, call logs, as well as file and directory listings. The surveillanceware targets personnel linked to Pakistan’s military and nuclear authorities and Indian election officials in Kashmir.

from Cyber Security News https://ift.tt/2LMpXoQ

ISACA outlines risks and benefits of 5G technology

As 5G technology continues to be rolled out worldwide—providing latency of a mere 1 millisecond—it is critical that information security professionals become familiar with 5G system architecture and security architecture, as well as the risks that come with implementing new cellular technologies. ISACA’s new white paper, 5G Security: Addressing Risk and Threats of Mobile Network Technologies, explores these topics, and compares 5G technology with 4G and previous generation cellular technologies.

from Cyber Security News https://ift.tt/3p5BJIh

Privacy in 2020 and what to expect for the year ahead

COVID-19 wasn’t the only thing to sweep the globe in 2020 — the year also brought a wave of privacy legislation. Major players, including Brazil, Canada and China, all introduced privacy legislation that closely aligns with the EU General Data Protection Regulation. And in the U.S., California debuted the highly anticipated California Consumer Privacy Act (CCPA) and quickly followed up by approving the California Privacy Rights Act of 2020 (CPRA), which modifies the existing CCPA obligations and introduces new ones. So, what’s in store for 2021?

from Cyber Security News https://ift.tt/3q9Ghip

Everything in your home will be connected (what could possibly go wrong?)

Your next home will be connected in creepy ways. It will take a while, but eventually every machine and device in your house will talk to everything else, and Consumer Electronic Show (CES)-born inspiration will be at their roots. From e-toothbrushes to connected e-toilets that can detect a health issue (Really!), the items in your home will be controlled via the internet and will be everywhere. But what does that mean for security?

from Cyber Security News https://ift.tt/3d0s1og

CISA and CYBER.ORG partner to deliver cyber safety video series

The Cybersecurity and Infrastructure Security Agency (CISA) and CYBER.ORG jointly announce a cyber safety video series to help those learning or working online take proactive steps to protect themselves and their business. CYBER.ORG is a cybersecurity workforce development organization that targets K-12 students with cyber career awareness, curricular resources, and teacher professional development.

from Cyber Security News https://ift.tt/3jJ4yJK

Massive spike in fraud across all industries - 4.3 billion attacks detected since Black Friday

Arkose Labs released new data on the latest fraud trends that reveal a massive spike in fraud across all industries from Black Friday onwards. As consumers continue to flock online in droves greater than ever before, credential stuffing, account takeover (ATO) attacks and gift card fraud are poised to be top attack vectors in 2021.

from Cyber Security News https://ift.tt/3a51HaM

75% of Americans very concerned about online privacy, but most don't take any significant action

Internet usage in 2020 rose sharply compared to pre-pandemic levels. More online activity also drove more consumer consciousness around what happens to their online data; nearly three-quarters (72%) of Americans say they are "very concerned" to "extremely concerned" about their online privacy, according to a new Startpage study.

from Cyber Security News https://ift.tt/3aQJPzv

Merging security compliance and DevOps

A more foundational goal is to make security and compliance part of the development process from the start. This is a transition that requires DevOps to bring along risk, security and compliance teams into the shared responsibility of making the organization resilient to change. But bringing the idea of shared responsibility to fruition can be difficult because there is a natural tension between DevOps and SecOps, as they have different charters and cultures. DevOps can be seen as more of a do culture (Atlassian calls this a “do-ocracy”) and SecOps can be seen as a control culture and they are inherently in conflict. To fulfill the promise of teaming for shared responsibility, DevOps and SecOps should align on three key objectives: collaboration, communication and integration.

from Cyber Security News https://ift.tt/3jzPsWG

Enterprise SIEMs unprepared for 84% of MITRE ATT&CK tactics and techniques

Organizations invest more than $3 billion annually on SIEM software and expect this investment to result in comprehensive threat coverage. However, an analysis of live SIEM deployments across select CardinalOps customers in multiple industry verticals, including healthcare and financial services, reveals that the threat coverage remains far below what organizations expect and what SIEM and detection tools can provide. Worse, organizations are often unaware of the gap between the theoretical security they assume they have and the actual security they get in practice, creating a false impression of their security posture.

from Cyber Security News https://ift.tt/3707X1y

Hacker breaks into Florida water treatment facility, changes chemical levels

Hackers broke into a water treatment facility in Florida, gained access to an internal ICS platform and changed chemical levels, making the water unsafe to consume. 

from Cyber Security News https://ift.tt/3tGYu8V

Researchers discover exposed Comcast database containing 1.5 billion records

The WebsitePlanet research team in cooperation with security researcher Jeremiah Fowler discovered a non-password protected database that contained more than 1.5 billion records. The database belonged to American cable and internet giant Comcast, and the  publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords. 

from Cyber Security News https://ift.tt/36ZDyQT

5 minutes with Sarah Tatsis - Why women are needed in the ongoing fight against cybercriminals

A new study by (ISC)², conducted in 2020, revealed that the cybersecurity profession experienced substantial growth in its global ranks, increasing to 3.5 million individuals currently working in the field, an addition of 700,000 professionals or 25% more than last year’s workforce estimate. The research also indicates a corresponding decrease in the global workforce shortage, now down to 3.12 million from the 4.07 million shortage reported last year. Data suggests that employment in the field now needs to grow by approximately 41% in the U.S. and 89% worldwide in order to fill the talent gap, which remains a top concern of professionals.  Security experts, like Sarah Tatsis, VP of Advanced Technology Development Labs at BlackBerry, believe women can help solve the cybersecurity workforce shortage. Here, we speak to Tatsis about why women are needed and valued in the ongoing fight against cybercriminals.

from Cyber Security News https://ift.tt/2LA4cIJ

CISA announces extension of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force

The Cybersecurity and Infrastructure Security Agency (CISA) announced a six-month extension of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force.  The Task Force, chaired by CISA and the Information Technology (IT) and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from large and small private sector organizations charged with identifying challenges and devising workable solutions and recommendations for managing risks to the global ICT supply chain.

from Cyber Security News https://ift.tt/3d7KgIH

AI and biometrics in 2021: Predictions, trends, and insights for what might lie ahead

Biometric security solutions and AI-powered fraud prevention technologies have, for several years now, been transforming the ways in which organizations protect their business, their customers, and their employees. In fact, some industry estimates reveal that AI and biometrics have combined to prevent billions of dollars in losses from fraud—already.

from Cyber Security News https://ift.tt/3jt1jWE

Tinder achieves certification for its information security management system

Tinder, the world’s most popular app for meeting new people, has achieved certification for its Information Security Management System (ISMS) under the ISO/IEC 27001:2013 standard following an extensive impartial external audit — becoming the first app in its category to achieve a certification decision for this globally recognized security standard. 

from Cyber Security News https://ift.tt/3cVPdUO

Sue Bergamo named CISO at Precisely

Precisely announced the appointment of Sue Bergamo as Chief Information Security Officer (CISO). In the newly created CISO role at Precisely, she will be responsible for carrying out and managing the company’s information security vision, strategy, and program to minimize potential security risks and further a culture of security stewardship.

from Cyber Security News https://ift.tt/3jwNnuL

Researchers discover Microsoft Office phishing attack hosted on Google Firebase

Researchers at Armorblox uncovered invoice-themed emails sent to at least 20,000 mailboxes that purport to share information about an electronic funds transfer (EFT) payment.  

from Cyber Security News https://ift.tt/3cTfJhy

The state of fraud in the United States and Canada amid COVID-19 pandemic

LexisNexis Risk Solutions unveiled findings on the current State of Fraud, detailing key fraud trends occurring in 2020 for organizations in the United States and Canada while also looking ahead at what to expect in 2021. The COVID-19 pandemic caused 2020 to be a year of unique circumstances and disruption to the global economy. One thing that has stayed the same is fraudsters' willpower to gain access to money and confidential information. 

from Cyber Security News https://ift.tt/2LvYVSt

NCIJTF releases ransomware factsheet

The National Cyber Investigative Joint Task Force (NCIJTF) has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques.

from Cyber Security News https://ift.tt/3tLk4cL

Developing a risk-based cybersecurity approach

McKinsey & Company reports that most risk managers at large organizations are flying blind when it comes to evaluating their cyber resilience due to bloated reporting processes and overly complicated reporting tools. Here's how organizations can implement a risk-based approach to their cybersecurity controls.

from Cyber Security News https://ift.tt/3cWMGtB

Cybercrime on the rise: Plotting a way forward

The modern workplace will likely remain partially remote long term, so a robust remote cybersecurity program is now a critical element of your cybersecurity program, which may require a larger IT staff or assistance from a managed IT provider.

from Cyber Security News https://ift.tt/3aAeOzD

New Matryosh botnet targeting Android devices

Netlab, the networking security division of Chinese security firm Qihoo 360, said it had discovered a new fledgling malware operation that is currently infecting Android devices for the purpose of assembling a DDoS botnet, according to a ZDNet report. 

from Cyber Security News https://ift.tt/3tu4cLf

The Big 8: How to heighten cybersecurity governance

The daunting threats and attack techniques from 2020 are expected to continue into this year.  And while 2021 offers a fresh start, cybercriminals will continue to become increasingly savvy,  deploying a wide range of techniques to extort, disrupt, and infiltrate organizations. Now more than ever, government and corporate leaders and consumers must become engaged in ensuring effective cybersecurity strategies are in place. Here are eight steps organizations can implement to heighten cybersecurity governance:

from Cyber Security News https://ift.tt/2MDojpL

5 reasons why Active Directory is the CISO’s Achilles heel

Despite the heavy reliance on the 20-year-old technology, Active Directory, cybersecurity efforts seem to continuously overlook this obvious and frequent target, which only puts organizations at further risk. Despite cybersecurity advances, Active Directory is still one part of an organization’s environment that gets the least cybersecurity attention. While most security programs have a SIEM solution monitoring logs for anything out of the norm, this is simply not enough. 

from Cyber Security News https://ift.tt/2Mq7TkJ

New TeamTNT malware targeting Kubernetes

Palo Alto Unit 42 researchers have detected a new malware campaign targeting Kubernetes clusters. The attackers gained initial access via a misconfigured kubelet that allowed anonymous access.

from Cyber Security News https://ift.tt/3oPF3XQ

239.4 million attempted attacks targeting healthcare alone in 2020

VMware Carbon Black released 2020 data that paints a holistic view of the threats healthcare organizations face and should be prepared for in 2021. Researchers found that there were 239.4 million attempted attacks targeting healthcare alone in 2020. VMware Carbon Black was also able to identify the top five ransomware families plaguing the healthcare industry including:

from Cyber Security News https://ift.tt/3trjl00

It’s time to rethink cybersecurity training… Again

As we think about adapting our cybersecurity training to be more realistic, applicable, and effective, what are some things you should definitely keep and what are some things you should lose in your current security training?

from Cyber Security News https://ift.tt/36Gi77e

Business leaders' top 10 risk concerns over the next decade

Board members and C-suite executives around the globe are most concerned in 2021 with risks associated with COVID-19-related government policies and regulations, economic conditions that may restrict growth and market conditions that may continue to impact customer demand, according to a new survey from Protiviti and North Carolina State University. Amid these near-term headwinds, when asked about top concerns through 2030, business leaders cite challenges that ultimately ladder up to talent. High ranking risks – including the adoption of technology that requires new or upgraded skills, rapid innovation that threatens business models and the reimagining of creative strategies – point to a need to attract and retain top talent and invest in reskilling and upskilling workforces to ensure agility and resilience in the future. 

from Cyber Security News https://ift.tt/2YGde9T

Alejandro Mayorkas sworn in as Secretary of Homeland Security

Alejandro Mayorkas was officially sworn in as the seventh Secretary of Homeland Security. Secretary Mayorkas took the oath this afternoon after the Senate voted to confirm him. As Secretary of Homeland Security, Mayorkas now leads the third largest federal department in the United States, which includes the Cybersecurity and Infrastructure Security Agency, Federal Emergency Management Agency, Transportation Security Administration, U.S. Coast Guard, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, U.S. Citizenship and Immigration Services, and the United States Secret Service.

from Cyber Security News https://ift.tt/3tiItWR

Survey reveals inadequate security is the number one VPN pain point

DH2i announced the results of its premier Virtual Private Network (VPN) survey of IT professionals across small-, mid- and enterprise-sized organizations. To qualify, the respondent had to be using a VPN for network access and/or security measure. The survey findings revealed that universally, respondents advised that using a VPN created a number of problems for their organization. Topping the list, 62% of respondents cited inadequate security as their number one VPN pain point.

from Cyber Security News https://ift.tt/2YGA1mc

A post-pandemic guide to cybersecurity budgeting for 2021

While it might not feel like it right now, the kind of root-and-branch assessment of cybersecurity budgets necessitated by the pandemic might, overall, be a positive development. Many firms haven't looked at their budgets and the assumptions they are based on for many years. This review has been long overdue.

from Cyber Security News https://ift.tt/3rikAwK

5 biggest cybersecurity threats

Cybersecurity threats are getting more sophisticated and intense amid the increasing levels of remote work and dependence on digital devices. Here are 5 that were the most damaging for enterprises in 2020.

from Cyber Security News https://ift.tt/3jkT3rB

China has stolen the personal data of 80% of American adults

Bill Evanina, former Director of the U.S. National Counterintelligence and Security Center, recently appeared on CBS’ 60 Minutes where he warned that Beijing is attempting to collect and exploit Americans’ health care information, including their DNA. He also claimed that China has stolen the personally identifiable information of 80% of Americans, using "less-than-honorable" methods to steal data, including hacking healthcare companies and technology, such as smart homes, sensors and 5G networks. 

from Cyber Security News https://ift.tt/3pHQySC

Cybersecurity postures stronger than pre-pandemic for many

Siemplify released new research on “The State of Remote Security Operations.” Based on a recent survey of nearly 400 security operations (SecOps) professionals, the report studies how the sudden shift to remote work during the COVID-19 pandemic has affected SecOps analysts’ ability to perform their jobs and the impact on overall security postures.

from Cyber Security News https://ift.tt/39DU76C

Security risks of personal business in the workplace

File-sharing services, such as Google Drive, DropBox and personal OneDrive folders, also pose significant risk to the corporate network. The additional layering effect of file-sharing service — such as multiple shares of a potentially malicious file through a chain of services — create an additional layer of complexity and risk.

from Cyber Security News https://ift.tt/3oHvkTJ

Greek police to introduce live facial recognition

Greek police are set to introduce live face recognition before the summer. By the summer of 2021, the Greek police will receive thousands of devices allowing for live facial recognition and fingerprint identification. The devices will be deployed in everyday police work, according to a Greek police official AlgorithmWatch talked to. 

from Cyber Security News https://ift.tt/3jayNZC

Is 2021 the last call for Change Your Password Day?

A recent Dell Technologies Brain on Tech study found when people were tasked with logging into a computer with a long, difficult password, their stress not only increased by 31% within 5 seconds, but it continued to rise even after successfully logging in. Password stress goes hand in hand with a growing appetite for biometrics on devices. Dave Konetski, VP/Fellow of Dell Technologies Client Solutions Group, believes that as technologies like fingerprint readers and facial recognition continue to gain popularity, "this year’s Change Your Password Day may mark a shift or perhaps a beginning to the end of passwords as we know it."

from Cyber Security News https://ift.tt/2MgIJFb

CISA & Cactus League partner for security tabletop exercise to protect spring training fans

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) joined the Cactus League, its teams and spring training facilities, and state and local partners for a virtual tabletop exercise to review pre-incident preparedness measures and response plans at stadiums during spring training. 

from Cyber Security News https://ift.tt/3cuDRXv

83% of IT leaders look to outsource security to MSPs in 2021

Outsourcing cybersecurity is an increasingly attractive solution: 83% of IT leaders with in-house security teams are now considering outsourcing their security efforts to an MSP in 2021, according to the Syntax IT Trends Report.

from Cyber Security News https://ift.tt/2YB68Du

80% of healthcare tech providers have suffered a cyberattack

According to a new survey conducted by Irdeto and Censuswide, 15% of healthcare technology providers admit having no knowledge or awareness of the new cybersecurity regulations such as US FDA premarket guidelines. The same respondents also stated that regulatory compliance is the most important factor driving companies to have a water-tight cybersecurity strategy for their products and solutions, emphasizing the need for partnering with external cybersecurity experts to help decipher and navigate imminent security requirements.

from Cyber Security News https://ift.tt/2YysLsl

Security practices state Capitols should put in place today

As lawmakers and law enforcement continue to unravel the events and impact of the crisis at the U.S. Capitol on Wednesday, January 6th, attention is turning to identification and prosecution of those that illegally entered, attacked, and looted the Capitol and the offices of the legislature housed there. We’re learning more about the litany of security failings and it is imperative that we take the lessons offered by this example and make the changes they demand now, at our state capitol buildings, as well as in our businesses.

from Cyber Security News https://ift.tt/3al6LXr

How two-factor authentication works with blockchain

Every organization has hundreds of applications and databases, and its employees access them every day using their credentials (that is, their username and password). An attacker with such valid credentials can bypass existing security solutions, as they look like a legitimate user. As per the Verizon Data Breach report in 2016, more than 63% of successful breaches involved compromised credentials. Two-factor authentication (2FA) provides an added layer to the existing credential-based system protection as a solution to this drastically growing problem. As such, in this article, we will cover the following two topics: What is 2FA and Blockchain for 2FA.

from Cyber Security News https://ift.tt/3oET7mW