Yearly Archives: 2021
New cyber council tackles infosec challenges from a tech perspective
Cybercrime is a plague on all industries, but a technology-borne problem at its core. So it makes sense that leading IT experts and infosec solution providers would step up to provide key advice to the tech community on how to protect customers from prevalent cyberthreats. To that end, the nonprofit IT trade association CompTIA this month officially…
The post New cyber council tackles infosec challenges from a tech perspective appeared first on SC Media.
Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years
The effectiveness of this operation serves as a reminder of the risks of openly sharing and storing plain-text network credentials or sensitive network access instructions on internet-accessible apps or servers.
The post Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years appeared first on SC Media.
Thousands of BEC lures use Google Forms in recon campaign
Researchers say they have observed thousands of messages using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to launch future business email compromises (BECs). The attackers used Google Forms to bypass email security content filters based on keywords, according to a blog released Wednesday by Proofpoint Threat…
The post Thousands of BEC lures use Google Forms in recon campaign appeared first on SC Media.
70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw
With public administration apps, the number that went a year with an unpatched security flaw dropped to 67 percent, and nine other sectors ranged between 50 and 60 percent, according to research from WhiteHat Security.
The post 70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw appeared first on SC Media.
CISA launches ransomware education program
The effort encourages governments, schools and private companies to take steps to protect their systems and data from ransomware.
The post CISA launches ransomware education program appeared first on SC Media.
Look for GDPR fines to increase, extend beyond breaches
So far, U.S. companies have felt the brunt of regulators’ displeasure. The highest GDPR fine so far – $57 million – was imposed on Google by French regulators, though Marriott may have to pony up $123 million.
The post Look for GDPR fines to increase, extend beyond breaches appeared first on SC Media.
Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems
Based on the malware features, the researchers said the attackers use the compromised systems for further attacks, spreading laterally across the victim company’s network, or launching attacks on outside targets while masquerading as the compromised company.
The post Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems appeared first on SC Media.
Reliance on cloud, APIs create confusion and introduce risk into software development
Businesses are increasingly hosting their applications in public or private clouds while using APIs to speed up the development process. Both shifts come with security implications.
The post Reliance on cloud, APIs create confusion and introduce risk into software development appeared first on SC Media.
Last-minute Trump order adds new security regulation to cloud providers
An eleventh-hour executive order will require infrastructure-as-a-service providers to log the identity of foreign clients. The executive order will stand, unless specifically repealed by new President Joe Biden.
The post Last-minute Trump order adds new security regulation to cloud providers appeared first on SC Media.