Thursday, October 1, 2020

InterPlanetary Storm: Cross-platform P2P botnet infects computers and IoT devices

IoT botnets have come a long way since Mirai showed its devastating potential in 2016 with distributed denial-of-server attacks that exceeded in strength anything seen before then. Myriad malware programs now infect poorly secured or vulnerable routers, IP cameras,...

What it takes to be a transformational CISO

Brian Kelly, back when he was CISO of Quinnipiac University, felt the pressure to take a different tack. To read this article in full, please click here(Insider Story)

CIOs say security must adapt to permanent work-from-home

The entire US economy and government were forced to shut down in-person facilities and operations almost overnight in March as COVID quarantines began. The new conditions forced organizations to quickly find ways to secure tens of millions of new,...

Tips to prep for digital forensics on Windows networks

The phone rings. You answer it and the rattled voice on the other end says, “We think there has been a breach.” What is your first thought about what to do? To read this article in full, please click here(Insider...

BrandPost: How to Defend Against Today’s Top 5 Cyber Threats

Cyber threats are constantly evolving. As recently as 2016, Trojan malware accounted for nearly 50% of all breaches. Today, they are responsible for less than 7%. That’s not to say that Trojans are any less harmful. According to the 2020 Verizon...

BrandPost: The Journey to Better Cybersecurity in 2020 and Beyond

The year 2020 will be remembered as the time when widespread Internet-enabled remote working became a reality. IT administrators saw their responsibilities increase dramatically as enterprise scrambled to provide organizational stability, versatility, and agility. These new challenges made an already difficult...

5 top vulnerability management tools and how they help prioritize threats

The science and technology behind vulnerability management has changed a lot in a short time. When originally deployed, vulnerability management companies acted almost like antivirus vendors in that they tried to get their scanners to uncover as many potential...

BrandPost: Fortinet Secure SD-WAN Ensures User Experience Across 3,000 Branch Offices

An organization’s continued growth depends on their vision and roadmap to expand business opportunities, and this is especially true in the financial services industry. And with expansion, comes the immediate need to implement solutions that meet the demands of...

Identity theft explained: Why businesses make tempting targets

Identity theft definition  Identity theft is the use of someone else's personal information without permission, typically to conduct financial transactions. By personal information, we mean data that institutions use to identify or recognize you: your social security number, your bank...

4 hot areas for encryption innovation

Who owns data? Who can read which data? At the center of some of the most vexing problems confronting the internet are a set of encryption algorithms that hold everything together. The routines are mathematically complex and often difficult...

Confidential Computing: What is it and why do you need it?

Confidential Computing can significantly enhance enterprise security, but what is it, and what do you need to do about it?

BrandPost: Customers Across Industries Simplify and Secure Branch Networks

As organizations expand their footprints in branches, stores, home offices, and a variety of other locations, they are evolving the way they manage and secure their distributed network infrastructure. At the remote edges, many companies are already using Fortinet Secure...

Preventing insider threats: What to watch (and watch out) for

September is officially National Insider Threat Awareness Month (NIATM) and the theme of this year’s NIATM is resilience. Of all the digital threats facing organizations, the insider threat can be the most vexing to tackle given how uncomfortable it...

SAP ASE leaves sensitive credentials in installation logs

SAP users should deploy the patches for Adaptive Server Enterprise (ASE) released last month because the server fails to clear credentials from persistent installation logs. Even though the credentials are encrypted or hashed, researchers warn that attackers can easily...

Eli Lilly security finds strength in flexibility in WFH shift

As executives throughout the United States scrambled to send employees home to work this past spring, Meredith Harper already had a roadmap for action. To read this article in full, please click here(Insider Story)

Microsoft’s Zerologon vulnerability fix: What admins need to know

Microsoft recently released a patch (CVE-2020-1472) to fix a software issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). As noted on a Secura blog, an unauthenticated attacker with network access to a domain controller could exploit this vulnerability,...

Zerologon explained: Why you should patch this critical Windows Server flaw now

On Friday, September 18, the US Cybersecurity and Infrastructure Security Agency (CISA) ordered all federal agencies to patch a critical privilege escalation flaw that affects Windows servers and could allow hackers to take over Windows networks. A patch has...

Shaking off old public sector security perceptions at L&Q Group

The public sector is traditionally known for being slow, bureaucratic, often underfunded, and full of legacy technology. But public sector organisations are evolving how they approach and deliver security to become more agile, keep costs down and reduce risks...

WastedLocker explained: How this targeted ransomware extorts millions from victims

WastedLocker definition To read this article in full, please click here(Insider Story)

9 top anti-phishing tools and services

Phishing ranks low on the list of cyberattacks in terms of technological sophistication. Even more sophisticated phishing variants like spear phishing (focused and often personalized phishing attacks) and whaling (phishing attacks focused on high-profile or high-dollar targets) are focused...
Computerworld

Microsoft on Apple in the enterprise

When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At JNUC2020 event I (virtually) spoke with Microsoft’s Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson,...
SecurityWeek

FBI, CISA Say DDoS Attacks Won’t Prevent Voting

While they might hinder access to information, distributed denial-of-service (DDoS) attacks against election infrastructure won’t prevent voting, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert issued this week. read more
TechRepublic

How organizations can reduce their reliance on passwords

Passwordless authentication can be an effective option, though introducing such a method poses its own challenges, says LastPass.

#DTXNOW: Time to Remove Security from IT

#DTXNOW: Time to Remove Security from IT Speaking on a session titled “Is top level security possible on a shoestring budget?” as part of Digital Transformation Expo, security specialists were asked by moderator Jeremy White what their top tips were...
SecurityWeek

HP Offering Big Rewards for Cartridge Vulnerabilities

HP announced on Thursday that it has expanded its bug bounty program, inviting several white hat hackers to find vulnerabilities in its office-class ink and toner cartridges. read more