Evacuations and lockdowns are two events no organization wants to face, but every organization should be prepared for. Here are some solutions to help your organization be prepared for lockdowns or evacuations.
Over the past few months, millions of workers have turned their homes into their new, remote office, including state government employees, which brought a host of risks through use of unsecured Wi-Fi and poor access controls. This shift toward home as well as the underlying panic brought on by COVID-19 altered hackers’ focus and targets aimed at the remote worker. Chief Information Security Officers (CISO) preparing their companies for this change require time, training for employees and the right technology, as well as increased cooperation between the security teams and IT/network operations groups.
In her “Top Breaches of 2019”, a security journalist asked if last year would “…be the worst on record?” It looks like 2020 could surpass last year’s breaches, but it’s not entirely due to consequences of the global pandemic. For sure, unprecedented levels of remote working has emboldened hackers to exploit new vulnerabilities, but there’s one very insidious risk that shows up year after year: the silent and unwitting exposure of sensitive data that no one notices… until it’s too late.
The internet has become a powerful force for global interconnectivity and democratization. What’s more, the internet has introduced new methods for collective mobilization, such as “e-rebellions” and virtual protests. The global pandemic has accelerated the use of cyberspace as a powerful venue for individuals, groups, and nations to share ideas, engage, mobilize, and challenge authoritarian states in an impactful way.
ESET researchers explored Mekotio, a banking trojan targeting Spanish- and Portuguese-speaking countries: mainly Brazil, Chile, Mexico, Spain, Peru and Portugal. Mekotio boasts several typical backdoor activities, including taking screenshots, restarting affected machines, restricting access to legitimate banking websites, and, in some variants, even stealing bitcoins and exfiltrating credentials stored by the Google Chrome browser.
New research finds nearly half of organizations regularly and knowingly ship vulnerable code despite using application security tools. Among the top reasons cited for pushing vulnerable code were pressure to meet release deadlines (54 percent) and finding vulnerabilities too late in the software development lifecycle (45 percent), according to the Veracode and Enterprise Strategy Group (ESG) research.
SANS Institute, a provider of cybersecurity training and certification services, lost approximately 28,000 items of personally identifiable information (PII) in a data breach that occurred after a single staff member fell victim to a phishing attack.