March, 2020

Security Lessons We've Learned (So Far) from COVID-19

Dark Reading

Takeaways about fighting new fires, securely enabling remote workforces, and human nature during difficult times

DOD Warns of Cyber Risks as Employees Work From Home

Data Breach Today

Defense Department to Issue Detailed Security Guidance As more of its employees shift to working from home due to the COVID-19 pandemic, the U.S. Department of Defense is warning workers to take security precautions to guard against potential hackers. It plans to release detailed guidance soon

Risk 192
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Should Location Data Be Used in Battle Against COVID-19?

Data Breach Today

US, UK, Other Nations in Talks With Tech Firms to Provide Information The Trump administration is reportedly in talks with tech companies, including Facebook and Google, to explore whether it's possible to use real-time location data from smartphones to support efforts to slow the spread of COVID-19. But some privacy advocates are raising concerns about such tracking efforts

Limited-Time Free Offers to Secure the Enterprise Amid COVID-19

Dark Reading

These products and services could be of immediate help to infosec pros now protecting their organizations while working from home

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

A Critical Internet Safeguard Is Running Out of Time

WIRED Threat Level

Shadowserver has helped keep the internet safe for 15 years. Unless it can raise funds fast, it's going to disappear. Security Security / Security News

IT 54

More Trending

COVID-19 Response: How to Secure a 100% Remote Workforce

Data Breach Today

Cybereason CSO Sam Curry on Business Continuity and Reducing Risk Cybereason CSO Sam Curry is no stranger to crisis - he was on the team that responded to the RSA breach in 2011. But the COVID-19 pandemic brings an unprecedented challenge: How do you manage business continuity and reduce risk with a 100 percent remote workforce? Curry shares strategies and lessons learned

Risk 155

What Cybersecurity Pros Really Think About Artificial Intelligence

Dark Reading

While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment

Uncertain Markets May Drive Cybersecurity Consolidation

Data Breach Today

Experts: This Week's 'Black Monday' Likely to Accelerate Security M&A Activity With U.S. stock markets suffering their worst day since 1987 on Monday, most technology firms took a hit as Wall Street continues to be rattled by the COVID-19 crisis. Experts predict this will drive fresh waves of consolidation and M&A in the cybersecurity market, as well as growth in hot areas

Living and Working Amid COVID-19 Crisis

Data Breach Today

Quarantines, lockdowns, supply chain disruptions and the biggest remote workforce in history. These all part of the "new normal" in the shadow of the COVID-19 pandemic. Business continuity expert Regina Phelps has some new advice for how businesses and individuals should approach the next crucial weeks

135
135

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Live Coronavirus Map Used to Spread Malware

Krebs on Security

Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software. A recent snapshot of the Johns Hopkins Coronavirus data map, available at coronavirus.jhu.edu.

NEW TECH: Byos pushes ‘micro segmentation’ approach to cybersecurity down to device level

The Last Watchdog

Many companies take an old-school approach to bringing up the rear guard, if you will, when it comes to protecting IT assets. It’s called network segmentation. The idea is to divide the network up into segments, called subnetworks, to both optimize performance as well as strengthen security. Related: A use case for endpoint encryption At RSA 2020 in San Francisco recently, I learned about how something called “micro segmentation” is rapidly emerging as a viable security strategy.

Privacy vs. Surveillance in the Age of COVID-19

Schneier on Security

The trade-offs are changing : As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians.

Your colleague was infected with Coronavirus, this is the latest phishing lure

Security Affairs

Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus. Experts continue to spot Coronavirus-themed attack, a new phishing campaign uses messages that pretend to be from a local hospital informing the victims they have been exposed to the virus and that they need urgently to be tested.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

COVID-19: Latest Security News & Commentary

Dark Reading

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Data Breach Today

Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce

Coronavirus Widens the Money Mule Pool

Krebs on Security

With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “ money mules ” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer.

IT 191

NEW TECH: Juicing up SOAR — SIRP inserts risk-based analysis into network defense playbooks

The Last Watchdog

Security information and event management (SIEM) is evolving and integrating with security orchestration, automation, and response (SOAR) to add real value in the cybersecurity space. Related : How SOAR Is Helping to Address the Cybersecurity Skills Gap SIEM is useful for detecting potential security incidents and triggering alerts, but the addition of a SOAR solution brings these alerts to another level by triaging the data and adopting remediation measures where required.

Risk 155

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

IBM SPSS Statistics free trial extended through June 15 due to pandemic

IBM Big Data Hub

We recognize that these are difficult times. In response to the worldwide pandemic, IBM will be extending the SPSS Statistics Subscription trial for active and new accounts through June 15. This will allow our users time to adjust to this dynamic and unprecedented situation. To sign up for a free trial, click here: [link

87

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year.

Work-from-Home Security Advice

Schneier on Security

SANS has made freely available its " Work-from-Home Awareness Kit.". When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Hackers Targeted World Health Organization

Data Breach Today

Researcher Says Spear-Phishing Incident Has Hallmarks of Nation-State Attack A hacking group targeted the World Health Organization earlier this month with an apparently unsuccessful spear-phishing campaign designed to harvest credentials as the United Nations organization was grappling with the global COVID-19 pandemic

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Crafty Web Skimming Domain Spoofs “https”

Krebs on Security

Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site’s source code: “ http[.]ps

SHARED INTEL: Here’s why CEOs who’ve quit Tweeting are very smart to do so

The Last Watchdog

Cyber threats now command the corporate sector’s full attention. It’s reached the point where some CEOs have even begun adjusting their personal online habits to help protect themselves, and by extension, the organizations they lead. Corporate consultancy PwC’s recent poll of 1,600 CEOs worldwide found that cyber attacks are now considered the top hinderance to corporate performance, followed by the shortage of skilled workers and the inability to keep up with rapid tech advances.

Cloud 148

The EARN IT Act Is a Sneak Attack on Encryption

WIRED Threat Level

The crypto wars are back in full swing. . Security Security / Security News

A cyberattack hits the US Department of Health and Human Services

Security Affairs

While the Coronavirus is spreading in the U.S., a mysterious cyberattack hit the Department of Health and Human Services on Saturday. According to Bloomberg, that cited three people familiar with the matter, a cyberattack hit the U.S. Department of Health and Human Services on Saturday night. People cited by Bloomberg confirmed that the cyber attack aimed at slowing the agency’s systems down. “The U.S.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

7 Cloud Attack Techniques You Should Worry About

Dark Reading

Security pros detail the common and concerning ways attackers target enterprise cloud environments

Cloud 87

Zoom Stops Transferring Data by Default to Facebook

Data Breach Today

Privacy Gaffe Blamed on Facebook's iOS Software Development Kit Zoom has apologized for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app. With COVID-19 driving unprecedented levels of remote working, video conferencing software is under the privacy and security microscope

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io , a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Kirill V. Firsov was arrested Mar. 7 after arriving at New York’s John F. Kennedy Airport, according to court documents unsealed Monday. Prosecutors with the U.S.

Sales 174