Facebook has fixed a critical flaw in the Facebook Messenger for Android messaging app. Natalie Silvanovich of Google’s Project Zero reported the bug to the Facebook bug bounty program. The bug could have allowed a sophisticated attacker logged in on Messenger for Android to simultaneously initiate a call and send an unintended message type to someone logged in on Messenger for Android and another Messenger client (i.e. web browser).
During a time where hospitals are already strapped for resources, Mercy Iowa City hospital reported that an internal email compromise and phishing email incident led to the exposure of personal information of some 60,473 individuals.
Over the weekend, the European football club Manchester United was forced to shut down IT systems and confirmed that it had been hit by a sophisticated cyberattack, but said the organization is confident that personal data of fans was not breached and its preparation for such cyberattacks allowed it to react swiftly and efficiently.
Working at home poses many challenges. One smart solution for enterprises that continues to help maintain business continuity is Virtual Desktop Infrastructure (VDI). It enables IT organizations to deliver a corporate endpoint experience on relatively inexpensive hardware while maintaining strict IT standards that will provide benefits well into the future.
The Principle of Least Privilege is one of the longest standing principles of security. People (as well as applications) should only have access to the things they need to do their job, and nothing else. While being overly permissive may make life a bit easier in the short-term, it can easily come back to haunt you long-term, whether due to a malicious attack, misplaced credentials, or even an honest mistake.
Machines are better at speed and scale than humans. But humans have the edge over machines at thinking outside of the box, using their curiosity and creativity to come up with solutions, and reasoning that machines cannot define or replicate. When it comes to security operations, humans and automation are the duo that’s stronger and more effective in partnership than when they’re apart. Using extended detection and response (XDR) can bring these skills to the forefront of the Security Operations Center (SOC), leaving the repeatable, boring tasks to the machines and allowing for these human traits to shine.
According to Menlo Security, Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome.
Menlo Labs discovered that there are 49 different versions of Chrome being used by their customers as of November 17. Nearly two-thirds (61 percent) are running the latest build (.86) while just over a quarter (28 percent) are running one version prior (.85). Out of the customers running .86, a staggering 83 percent are running versions of Chrome that are vulnerable (
Duke Energy, a Fortune 150 company headquartered in Charlotte, N.C., named Keith Butler as Senior Vice President and Chief Security Officer. He is currently senior vice president, global risk management and insurance, chief risk officer and acting chief ethics and compliance officer. The company also named new leaders in the critical areas of corporate security, risk management and ethics and compliance.
No matter how much you spend on your security infrastructure, it won’t do a bit of good if the people you employ aren’t using it correctly. For example, you could install the best antivirus in the world, but if an employee falls for a spear-phishing scam and inadvertently gives their password to a hacker, it’s all for nothing. That’s why it’s more critical than ever to have a culture of security.
Basketball can teach us a lot about managing the cybersecurity of an enterprise: it takes teamwork. This is perhaps most evident as organizations seek to adopt zero trust principles. The zero trust concept is not new, but I hear more organizations discussing it than ever before — driven by a desire for greater security, more flexible access, and accelerated by the shift to remote work due to COVID-19. At its core, zero trust focuses on providing least-privilege access to only those users who need it. Put it this way: don't trust anyone and even when you do, only give them what they need right now. This security philosophy would make Jordan proud, but in that vein, zero trust would not work without another player: identity management (perhaps it’s the Pippen factor!).