Tuesday, March 31, 2020

Google Skips Chrome 82, Resumes Stable Releases

Google is on track to resume the roll-out of stable Chrome releases next week, but says it will skip one version of the browser. Last week, the Internet search giant said it was pausing upcoming releases of the browser, following...

Examining Potential Election Vulnerabilities: Are They Avoidable?

In the U.S and global communities, election security is a large concern because so many aspects of it can be insecure and open to attacks that may shift public opinion or be used for personal gain. Not only does...

Benchmarking the State of the CISO in 2020

Driving digital transformation initiatives while safeguarding the enterprise is a mammoth task. In some aspects, it might even sound counter-intuitive when it comes to opening up IT infrastructure, or converging IT and OT networks to allow external parties such...

Cyberattacks a Top Concern for Gov Workers

More than half of city and state employees in the United States are more concerned about cyberattacks than they are of other threats, a new study discovered. Conducted by The Harris Poll on behalf of IBM, the survey shows that over 50%...

Hackers Target Online Gambling Sites

Threat Actor Targets Gambling and Betting in Southeast Asia Gambling and betting operations in Southeast Asia have been targeted in a campaign active since May 2019, Trend Micro reports.  Dubbed DRBControl, the adversary behind the attacks is using a broad range of...

When Data Is Currency, Who’s Responsible for Its Security?

In a year that was all about data and privacy, it seems only fitting that we closed out 2019 in the shadow of a jumbo data leak where more than a billion records were found exposed on a single server. Despite...

SEC Shares Cybersecurity and Resiliency Observations

The U.S. Securities and Exchange Commission (SEC) this week published a report detailing cybersecurity and operational resiliency practices that market participants have adopted.  The 10-page document (PDF) contains observations from the SEC's Office of Compliance Inspections and Examinations (OCIE) that...

What Does Being Data-Centric Actually Look Like?

“Data-centric” can sometimes feel like a meaningless buzzword. While many companies are vocal about the benefits that this approach, in reality, the term is not widely understood. One source of confusion is that many companies have implemented an older approach...

The Big 3: Top Domain-Based Attack Tactics Threatening Organizations

Nowadays, businesses across all industries are turning to owned websites and domains to grow their brand awareness and sell products and services. With this dominance in the e-commerce space, securing owned domains and removing malicious or spoofed domains is...

Security Compass Receives Funding for Product Development and Expansion

Toronto, Canada-based Security Compass has received additional funding from growth equity investment firm FTV Capital. The amount has not been disclosed, indicating that it is likely to be on the smaller side.   According to the security firm, the...

Password Shaming Isn’t Productive – Passwords Are Scary Business

We’ve all been in the situation trying to set a new password – you need one uppercase character, one number and one character from a special list. Whatever password we come up with needs to be between 8 and...

Five Key Cyber-Attack Trends for This Year

‘It’s not if, but when’ is a long-established trope in the world of cybersecurity, warning organizations that no matter how robust their defenses, nor how sophisticated their security processes, they cannot afford to be complacent. In 2020, little has changed...

20/20 Vision on 2020’s Network Security Challenges

As the new year starts, it’s natural to think about the network security challenges and opportunities that organizations are likely to face over the next 12 months – and how they will address them. Of course, we are likely...

Is Cybersecurity Getting Too Complex?

Weighing SMB Security Woes Against the Managed Security Promise Looking strictly at the numbers, it appears small to mid-sized businesses (SMBs) are sinking under the weight of their own IT complexity. To be more efficient and competitive, SMBs are reaching...

Six Reasons for Organizations to Take Control of Their Orphaned Encryption Keys

A close analysis of the cybersecurity attacks of the past shows that, in most cases, the head of the cyber kill chain is formed by some kind of privilege abuse. In fact, Forrester estimates that compromised privileged credentials play a role...

Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC

Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.

Defense Evasion Dominated 2019 Attack Tactics

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

OpenWRT is vulnerable to attacks that execute malicious code

Enlarge (credit: OpenWRT) For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
SC Magazine

Privacy in critical care after telehealth demands jump

As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...