Security News > 2020 > March
Threatpost editors discuss this week's top news stories from COVID-19 themed malware attacks to Pwn2Own updates.
Threatpost editors discuss this week's top news stories from COVID-19 themed malware attacks to Pwn2Own updates.
Justin Jett, director of audit and compliance at analytics company Plixer, said as more and more employees begin working from home, organizations are struggling to maintain network privacy and handle security issues. "Because of bandwidth capacity issues, many organizations are struggling to provide secure VPN connections for all of their remote employees. This can result in employees not using the VPN, or having a significantly poor experience as compared to when in the office. Since not all employees understand how VPNs work, some employees are bound to engage in activities, like streaming video, that drastically tax the bandwidth for all users," Jett said.
This week, Duck advises on how to keep your company safe while working remotely, Peter discusses malwareless ransomware attacks, and Mark shares the latest in the EARN IT saga. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. The Kubernetes pod security policy is a resource that controls the security of a pod specification.
Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. Update, 5:21 p.m. ET: Finastra has acknowledged that it is battling ransomware.
Cybersecurity researchers say UK-based document printing and binding company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military, by leaving an AWS S3 bucket unprotected. The exposed data included names, addresses, email addresses, passport scans, partial payment information, order details, copyrighted publications, teacher's guides, certifications and diplomas, medical documents, floor plans, personal photos, and documents that users likely paid for, such as university course materials and diet and exercise plans.
Well, hang on to your hats, hosts: before you set up meetings, you need to know how to block the trolls. As TechCrunch reports, on Tuesday, WFH Happy Hour - a popular daily public Zoom call hosted by The Verge reporter Casey Newton and investor Hunter Walk - got ZoomBombed.
The Russia-linked cyber-espionage group known as Pawn Storm has been leveraging hijacked email accounts to send phishing emails to potential victims, Trend Micro's security researchers reveal. For years, Pawn Storm has relied on phishing to gain access to systems of interest, but Trend Micro observed a shift in tactics, techniques, and procedures in May 2019, when the group started using the compromised email accounts of high-profile targets to send credential phishing emails.
Traditional network address-based security controls aren't as effective for the cloud or internal networks. Security controls based on network addresses have a long and distinguished history of success at protecting organizations, but they are also not without certain limitations.