While the first thing that may come to mind is attacks on voter booths and polling data, hackers were expected to hit more vulnerable targets first, such as community-based organizations and systems supporting political campaigns.
These networks are rarely designed to withstand the ransomware threats much larger, established political bodies face, and hackers know it.
Here, we talk to Doug Matthews, Vice President of Product Management for Veritas, about the conditions impacting data protection during the election period.
Cybercriminals quickly weaved the pandemic into their email scams earlier this year, and more recently impersonated the IRS by pretending to share updates about COVID tax relief in an attempt to steal sensitive tax information. In mid-April, Google’s Threat Analysis Group reported that they detected 18 million COVID-19 themed malware and phishing emails per day. And that’s without including all the email impersonation, invoice fraud, and phishing attacks that have nothing to do with COVID, but are dangerous nonetheless.
In this article, I will provide some tips to help individuals and organizations communicate more securely over email.
By now, it’s no secret that the endless quest by tech companies, data brokers and other players to capture, make sense of and monetize as much user data as possible – a practice known as surveillance capitalism – presents all sorts of privacy issues. Less discussed are the increased security risks this model creates for companies, governments and individuals.
With the fall season underway and winter looming, states across the U.S. are opening up their grants for applications. There are a number of different programs and types of security grants that organizations can qualify for.
Operators used four different DLL side-loading scenarios to install and execute new malware after removing a resident PlugX Backdoor
November 4, 2020
Sophos uncovered attackers using DLL side-loading to execute malicious code and install backdoors in the networks of targeted organizations. A report published, “A New APT uses DLL Side-loads to Killl Someone,” outlines the discovery of four different DLL side-loading scenarios, which all share the same program database path and some of which carry a file named “KilllSomeOne.”
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), has awarded $2 million to the Critical Infrastructure Resilience Institute (CIRI), a DHS Center of Excellence (COE) led by the University of Illinois at Urbana-Champaign (UIUC), to develop a plan that CISA can execute to build a national network of cybersecurity technical institutes.
A Russian national was sentenced to eight years in prison for his role in operating a sophisticated scheme to steal and traffic sensitive personal and financial information in the online criminal underground that resulted in an estimated loss of over $100 million.
Ian Pratt, HP’s Global Head of Security for Personal Systems, believes hardware-embedded security paired with a robust cybersecurity education and cyber hygiene protocols for remote employees is core to any organization’s operational resiliency. Below, we speak with Pratt about the long-term security implications of the pandemic, what CISOs should be doing now to prepare for an increasingly uncertain future and where he believes cybersecurity is headed next.
Cybersecurity teams struggle with a lack of visibility into threats, endpoint devices, access privileges, and other essential security controls necessary for a robust cybersecurity posture. Without full visibility into their entire digital ecosystem, infosec teams cannot fully secure the assets on their networks or effectively prioritize the most serious threats. Below, I dive into how security professionals are still fighting the battle between effectively viewing serious threats and communicating cyber risk to company leadership.