Researchers say they have observed thousands of messages using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to launch future business email compromises (BECs). The attackers used Google Forms to bypass email security content filters based on keywords, according to a blog released Wednesday by Proofpoint Threat…
With public administration apps, the number that went a year with an unpatched security flaw dropped to 67 percent, and nine other sectors ranged between 50 and 60 percent, according to research from WhiteHat Security.
So far, U.S. companies have felt the brunt of regulators' displeasure. The highest GDPR fine so far – $57 million – was imposed on Google by French regulators, though Marriott may have to pony up $123 million.
Based on the malware features, the researchers said the attackers use the compromised systems for further attacks, spreading laterally across the victim company’s network, or launching attacks on outside targets while masquerading as the compromised company.
An eleventh-hour executive order will require infrastructure-as-a-service providers to log the identity of foreign clients. The executive order will stand, unless specifically repealed by new President Joe Biden.
Ryan Weeks is CISO at Datto, a founding member of the Institute for Security and Technology's new anti-ransomware initiative. He spoke to SC Media about the segment of the business community that he believes to be underserved by efforts to counter ransomware.
Washington, D.C. is on high alert, extending a special designation for security that always applies to inaugurations to Jan. 21, and calling in the National Guard. But in the wake of the attack on the Capitol, protection of digital assets is paramount.