Threat actors, including state-supported groups and cybercrime organizations, are actively ramping up attacks that leverage a recently discovered zero-day flaw in a Microsoft Windows support tool. The flaw, known as Follina, allows attackers to remotely take control of targeted computer systems through the use of altered Office documents.
Remember the early days of ransomware attacks? The approach seems almost comical today. Send an email to as many people as possible about needing help transferring millions of dollars to an American bank from a far-off land. Tell users that they’ll get a nice cut of the loot if they click a malicious link.
A new version of the Payment Card Industry Data Security Standard, PCI DSS 4.0, was released on March 31, 2022, the first major update to the standard since 2018. As the news release states, the update “brings major changes to the payments ecosystem” and “places an increased focus on targeted risk analysis, organizational maturity and governance.
Today’s consumers are no longer satisfied with receiving the right product at the right price at the right time. When they have a question or a problem, they expect the question answered or problem resolved quickly, with clarity, through the communications channel of their choosing.
Higher premiums and stricter requirements force organizations to boost their IT security posture.
Cyber insurance provides an important hedge against business-crippling cyberattacks, but policies have become increasingly expensive and difficult to obtain as malicious attacks become more frequent, severe and costly.
As employees return to the office, outdated Wi-Fi networks create connectivity challenges.
Connectivity is king in a work-from-anywhere world, but outdated and unreliable Wi-Fi networks threaten to undermine hybrid and remote work models. Legacy wireless infrastructure based on older standards do not adequately support changing Wi-Fi usage patterns.
A microchip engineer was recently accused of stealing trade secrets using a clever technique. He allegedly sent data to his personal computer by hiding schematics in image files named for Pokémon characters.
A former Tesla employee is accused of taking a less technical approach, downloading trade secrets to his personal computer and submitting a different laptop for inspection to hide his activity.
According to a recent Gallup poll, about half of the U.S. full-time workforce say their jobs can be done remotely, at least on a part-time basis. Forty-two percent of those working remotely have a hybrid schedule, while 39 percent work from home full-time.
Despite months of dire warnings about the threat potential, researchers say the vast majority of vulnerabilities in the widely used Apache Log4j logging utility for Java software remain unpatched and actively exploited. New research suggests that more than 90,000 Internet-facing Java applications and nearly 70,000 servers remain exposed to the flaw that enables attackers to remotely execute code on compromised systems.
There’s no single solution for detecting and defeating increasingly evasive malware.
Malware authors have become practiced at the art of deception, leveraging a multitude of techniques to disguise malicious payloads from conventional network security measures.
