Technologies & Solutions

RSS

The Kenosha Unified School District (KUSD) of Wisconsin has selected an AI-based platform focused solely on weapons detection to help improve security on its campuses. The solution will identify visible guns if present and send alerts to school administrators and security personnel within three to five seconds, helping to stop violent threats before they occur.

Security Orchestration, Automation and Response (SOAR) solutions came on the market around six years ago. The two main objectives of these tools were to orchestrate 3rd party tools for filtering false positive alerts out of the network, and to automatically block attacks. SOAR came on the scene with bold statements to fill in some of the gaps that existed in Security Information and Event Management (SIEM) platforms, which have been making security analysts miserable for twenty years now.

Generally, the chief information security officer (CISO) is thought of as the top executive responsible for information security within organizations. However, in today’s remote work environment, the need to expand security beyond one department or the responsibilities of CISOs is more important than ever. Due to the pandemic, the physical barriers of the office have been removed and the threat surface has exponentially expanded leaving more endpoints to be attacked. In this scenario, each employee’s home office has become a new potential risk, which is why building a strong security culture within organizations should be a priority.

ESET researchers recently discovered attempts to deploy Lazarus malware via a supply-chain attack (on less secure parts of the supply network) in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies. The attack was made easier for Lazarus since South Korean internet users are often asked to install additional security software when visiting government or internet banking websites.

Digital Shadows has identified a post on the English-speaking cybercriminal forum, RaidForums, alleging to possess a complete 2020 Wisconsin voter database. The author of the post provided a free download link to a database containing statewide voter and absentee data acquired from the "Badger Voters" site, a website established by the State of Wisconsin Elections Commission.

How is the current COVID-19 pandemic affecting fraud levels, and what can firms do to protect their employees and customers? Below, we talk to Omri Kletter, VP, Cyber Crime and Fraud Management at Bottomline, about best practices for managing risk and cyber threats in the payments process more broadly. 

The Q3 2020 Threat Landscape Report by Nuspire demonstrates threat actors becoming even more ruthless. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC). Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

Financial services firms are reportedly hit by security incidents 300 times more frequently than other businesses, according to ID Theft Resource Center. To help financial planners protect their data and comply with the cybersecurity requirements established by the Securities and Exchange Commission (SEC) and FINRA, the Financial Planning Association (FPA) today launched Cybersecurity for Financial Planners: An FPA Certificate Program.

The following outlines three steps the C-suite and other executive team members should take to prevent and survive a data breach. But first, it’s imperative all involved heed this initial piece of advice when planning cybersecurity; treat breaches not as a possibility, but as something that is going to happen.

Building security and privacy into product development is more critical today than ever before. First introduced through the Microsoft Trustworthy Computing initiative in the early 2000s, the well-known security development lifecycle (SDL) is a framework designed to do just that. It was originally devised to enhance software security, but an SDL process can and should be applied to all types of products to help root out security and privacy vulnerabilities, while establishing long-term resilience in the rapidly evolving threat landscape.