Security News > 2020 > March

More organizations are also taking additional steps to prepare beyond their data breach response plan. Integrating data breach response into business continuity plans.

Attacks on cell phones aren't new, and researchers have previously shown that ultrasonic waves can be used to deliver a single command through the air. These waves, the researchers found, can propagate through many solid surfaces to activate voice recognition systems and - with the addition of some cheap hardware - the person initiating the attack can also hear the phone's response.

The common practice in recent years is to gain extra protection through implementing either EDREPP solutions or Network Traffic Analysis/NDR solutions. A recently published guide, 'Advanced Threat Protection Beyond the AV' is the first resource that not only guides security executives through the pros and cons of each solution type but also outlines a best-practice approach that allows the "Non-Fortune 500" companies to combine the advantages of both approaches - without actually buying both.

The Advanced Threat Protection Beyond the AV guide guides security executives through the pros and cons of each solution type, and also outlines a best-practice approach that allows companies to combine the advantages of both approaches - without actually buying both. The Advanced Threat Protection Beyond the AV guide dives deep to explain the differences between the endpoint and network-based approaches, specifying the pros and cons of each and leading to the conclusion that the best protection against cyberthreats entails combining the capabilities of both approaches.

Jetico, long-trusted pioneer in data encryption, announced support for Mac computers with a T2 security chip. With this update, BestCrypt Volume Encryption - Enterprise Edition becomes the industry's most comprehensive enterprise encryption software for Windows and macOS. "Native OS encryption tools might be an easy way to get started with data protection. Yet there's a critical limitation. Their security is bound to only some versions of a single operating system," states Jetico CEO, Michael Waksman.

Securonix, a leader in Next-Gen SIEM, announced that multiple Securonix Security Operations & Analytics Platform products have been approved for Network Security Management of the Department of Homeland Security's Continuous Diagnostics and Mitigation program's Approved Products List. Securonix Next-Gen SIEM and Security Data Lake products were approved for Network Security Management, which aims to provide tools for incident response and monitoring, ongoing assessment monitoring, and auditing data collection.

Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims' knowledge. It's possible for an attacker to interact with the devices using the voice assistants, hijack SMS two-factor authentication codes, and even place fraudulent calls, the researchers outlined in the paper, thus controlling the victim device inconspicuously.

Two Chinese nationals have been charged by the US Department of Justice and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards. According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated by Lazarus Group, a cybercrime group with ties with the North Korean government.

Trump's appearance at HIMSS is "Unprecedented" - in that it's the first time a sitting president addressed the health IT conference, the organization notes. "Since our inception, HIMSS has been a nonpartisan organization whose mission is improving global health through information and technology, while providing insights and resources to our membership," HIMSS said in a statement Monday.

If a recipient opens the document via Microsoft Office Outlook, a prompt appears that asks users to "Enable content" to open the document - clicking "Yes" executes macros. This contains another PowerShell script that is responsible for installing the NetSupport Manager RAT onto the victim's machine.