This holiday season, more consumers than ever will be shopping digitally - and cybercriminals are already capitalizing on the opportunity. Greg Foss, Senior Cybersecurity Strategist at VMware Carbon Black, looked through the dark web to find that: There’s a continued rise in e-skimming attacks in the retail sector, where attackers inject JavaScript into website payment processing pages in order to siphon credit cards and account credentials from customers.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy. The following guidance may assist U.S. think tanks in developing network defense procedures to prevent or rapidly detect these attacks.
On November 4, 2020, the YES on Prop 24 campaign announced the passage of the California Privacy Rights Act (CPRA), with a majority of Californians supporting the measure to strengthen consumer privacy rights. The new law aims to give Californians the strongest online privacy rights in the world. But, does the CPRA do enough to advance the data privacy of California consumers? Many security and privacy leaders argue that it does not. To find out more, we talk to David Bodnick, Chief Technology Officer and co-founder of Startpage, a private search engine.
The U.S. Federal Bureau of Investigation (FBI) issued a Private Industry Notification alert, noting that cybercriminals are increasingly implementing auto-forwarding rules on victims' web-based email clients to conceal their activities. According to the FBI, cybercriminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).
Ensuring the safety of workers is the top priority for human resources (HR), whether that’s adhering to proper social distancing measures or following emergency response protocols. In today's divisive environment, how can HR departments leverage in-office security guards to keep employees safe? Here, we talk to Matt Voska about the importance of in-office security guards and why security management technology is critical in helping HR leaders ensure workforce safety.
The UK's National Cyber Security Centre has issued an alert on the MobileIron remote code execution vulnerability. According to the alert, APT nation state groups and cybercriminals are exploiting this vulnerability to compromise the networks of UK organizations.
Meet Ian Thornton-Trump. He is the Chief Information Security Officer at Cyjax, and an ITIL certified IT professional with 25 years of experience in IT security and information technology. As CISO Cyjax, Ian has deep experience with the threats facing small, medium and enterprise businesses. His research and experience have made him a sought-after cybersecurity consultant specializing in cyber threat intelligence programs for small, medium and enterprise organizations. In his spare time, he teaches cybersecurity and IT business courses for CompTIA as part of their global faculty and is the lead architect for Cyber Titan, Canada's efforts to encourage the next generation of cyber professionals.
Attorney General Kathy Jennings announced that Delaware has joined a total $17.5 million settlement against Georgia-based retailer The Home Depot, resolving a multistate investigation of a 2014 data breach which exposed the payment card information of approximately 40 million Home Depot consumers nationwide. Through the settlement The Home Depot has reached a resolution with 45 other states and the District of Columbia. The DOJ’s Consumer Protection Unit helped secure the settlement.
With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.
Facebook has fixed a critical flaw in the Facebook Messenger for Android messaging app. Natalie Silvanovich of Google’s Project Zero reported the bug to the Facebook bug bounty program. The bug could have allowed a sophisticated attacker logged in on Messenger for Android to simultaneously initiate a call and send an unintended message type to someone logged in on Messenger for Android and another Messenger client (i.e. web browser).
