The National Security Agency (NSA) released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems and abuse federated authentication.
Physical threats are rising and increasingly unmanageable, putting unprecedented financial, reputational and liability pressures on business leadership and security teams, according to the “2021 State of Protective Intelligence Report: A Mandate for Proactive Protective Intelligence in the Era of Exponential Physical Security Threats,” a new study commissioned by the Ontic Center for Protective Intelligence.
When we hear the term “critical infrastructure,” we want to believe that the assets – whether they are physical or digital – are extremely secure. Our minds conjure images of the vaults of Fort Knox, which are protected from every angle. However, critical infrastructure of the digital variety is not necessarily any more secure than any other digital asset. It all comes down to how meticulous the organization is in looking for and quickly closing vulnerabilities and security gaps that expose an attack surface for a bad actor to exploit.
It is certainly important to bring awareness to the industry-wide stress that hinders our security workforce, but in order to tackle this issue head on, leaders must make employee wellbeing the priority. Changes made during these times will have lasting beneficial effects on employees and the industry no matter where their career takes them.
Minnesota Timberwolves President of Basketball Operations Gersson Rosas announced changes and additions to the NBA team's staff. In addition to several changes announced in coaching and other staff members, Tony Adams was promoted to Director of Team Security.
With more Americans expected to do their holiday shopping online during the COVID-19 pandemic, US agencies and cybersecurity leaders are urging all consumers to be on alert for holiday shopping scams and cyber threats, which historically spike during the holiday season. Here, we talk to Michael Rezek, Vice President of Business Development and Cybersecurity Strategy at Accedian, about the technologies retailers need to adopt to ensure a smooth holiday shopping season, how to see the warning signs for bad actors, how to proactively manage them and what to do to prevent them in the first place.
To combat commonly exploited protocols, the Center for Internet Security, Inc. (CIS) has released guidance to help organizations mitigate these risks to protect and defend against the most pervasive cyber threats faced today that can be exploited through RDP.
Before the pandemic, buy online, pickup in store (BOPIS) became hugely popular to consumers who didn’t want to have to wait for items to be delivered, pay for shipping or for those that wanted to avoid shopping in store altogether. However, as retailers adopted BOPIS, its rise flipped a switch and increased opportunities for fraudsters, enabling them to use stolen credit card information to make purchases online and then simply arrive at the store to pick up the item. So what can retailers do to ensure their customers are staying safe? Here are a few things to consider: