Monthly Archives: January 2021

Thousands of BEC lures use Google Forms in recon campaign

Researchers say they have observed thousands of messages using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to launch future business email compromises (BECs). The attackers used Google Forms to bypass email security content filters based on keywords, according to a blog released Wednesday by Proofpoint Threat…

The post Thousands of BEC lures use Google Forms in recon campaign appeared first on SC Media.

Continue reading

Posted in Email Security, Phishing, Security News, Social engineering | Comments Off on Thousands of BEC lures use Google Forms in recon campaign

70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw

With public administration apps, the number that went a year with an unpatched security flaw dropped to 67 percent, and nine other sectors ranged between 50 and 60 percent, according to research from WhiteHat Security.

The post 70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw appeared first on SC Media.

Continue reading

Posted in Application Security, Manufacturing, Mobile, Security News | Comments Off on 70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw

CISA launches ransomware education program

The effort encourages governments, schools and private companies to take steps to protect their systems and data from ransomware.

The post CISA launches ransomware education program appeared first on SC Media.

Continue reading

Posted in Government, Ransomware, Security News | Comments Off on CISA launches ransomware education program

Look for GDPR fines to increase, extend beyond breaches

So far, U.S. companies have felt the brunt of regulators’ displeasure. The highest GDPR fine so far – $57 million – was imposed on Google by French regulators, though Marriott may have to pony up $123 million.

The post Look for GDPR fines to increase, extend beyond breaches appeared first on SC Media.

Continue reading

Posted in Compliance, Data Breach, Featured, Privacy, Privacy & Compliance, Security News | Comments Off on Look for GDPR fines to increase, extend beyond breaches

Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems

Based on the malware features, the researchers said the attackers use the compromised systems for further attacks, spreading laterally across the victim company’s network, or launching attacks on outside targets while masquerading as the compromised company.

The post Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems appeared first on SC Media.

Continue reading

Posted in Botnet, Breach, DDoS, Malware, Security News | Comments Off on Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems

Reliance on cloud, APIs create confusion and introduce risk into software development

Businesses are increasingly hosting their applications in public or private clouds while using APIs to speed up the development process. Both shifts come with security implications.

The post Reliance on cloud, APIs create confusion and introduce risk into software development appeared first on SC Media.

Continue reading

Posted in Application Security, Cloud, Cloud Security, Security News | Comments Off on Reliance on cloud, APIs create confusion and introduce risk into software development

Last-minute Trump order adds new security regulation to cloud providers

An eleventh-hour executive order will require infrastructure-as-a-service providers to log the identity of foreign clients. The executive order will stand, unless specifically repealed by new President Joe Biden.

The post Last-minute Trump order adds new security regulation to cloud providers appeared first on SC Media.

Continue reading

Posted in Cloud, Cloud Security, Featured, Regulation, Security News | Comments Off on Last-minute Trump order adds new security regulation to cloud providers

CISO lends voice to MSPs and their small-biz clients in ransomware battle

Ryan Weeks is CISO at Datto, a founding member of the Institute for Security and Technology’s new anti-ransomware initiative. He spoke to SC Media about the segment of the business community that he believes to be underserved by efforts to counter ransomware.

The post CISO lends voice to MSPs and their small-biz clients in ransomware battle appeared first on SC Media.

Continue reading

Posted in Ransomware, Security News | Comments Off on CISO lends voice to MSPs and their small-biz clients in ransomware battle

With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge

Washington, D.C. is on high alert, extending a special designation for security that always applies to inaugurations to Jan. 21, and calling in the National Guard. But in the wake of the attack on the Capitol, protection of digital assets is paramount.

The post With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge appeared first on SC Media.

Continue reading

Posted in Breach, Data Breach, Featured, Security News, Security strategy, Vulnerability Management | Comments Off on With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge