Security News > 2020 > September

What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean? The first, red team automation, has the obvious advantage of increasing the operational efficiency of a red team.

As the economic fallout of the COVID-19 crisis continues to unfold, a research from Next Caller, reveals the pervasive impact that COVID-related fraud has had on Americans, as well as emerging trends that threaten the security of contact centers, as we head towards what may be another wave of call activity. Rising reports of fraud activity signal not only that fraudsters are eager to replicate their initial success, but that some of those early schemes may just be getting started.

After several months of working from home, with no clear end in sight, financial risk and regulatory compliance professionals are struggling when it comes to collaborating with their teams - particularly as they manage increasingly complex global risk and regulatory reporting requirements. "During the pandemic, financial firms quickly adapted to major changes, although not without some operational and technology weaknesses emerging," said Alex Tsigutkin, CEO AxiomSL. "Indeed, businesses might never return to the 'old normal', and that has made building data- and technology-driven resilience much more pressing than before the crisis. Our clients have been experiencing heightened regulatory pressures," he continued.

If GRC leaders don't have confidence in the accuracy and timeliness of security data provided to regulators, then the same holds true for the confidence in their own ability to understand and combat cyber risks. 92% of senior risk and compliance professionals believe it would be valuable to have quantitative security controls assurance reporting and 93.5% believe it's important to automate security risk and compliance reporting.

is the world's largest nonprofit membership association of certified cybersecurity professionals. You may know² for our CISSP credential - five letters that inspire confidence for businesses around the globe.

Plus, eero Pro 6 and eero 6 work with your existing internet service, and are backward compatible with all eero generations, making it easy to expand or upgrade your network. Eero Pro 6: Perfect for homes with Gigabit internet connections, a single eero Pro 6 is a tri-band, high-performance mesh Wi-Fi 6 router with two Ethernet ports and a built-in Zigbee smart home hub.

OWC announces the availability of the Mercury Pro LTO. The Mercury Pro LTO provides a solution for data management/storage/transportation/archive strategy. Using archiving industry-standard Linear Tape-Open tapes formatted with the Linear Tape File System, the tape can be accessed on your computer just like a hard drive or SSD. Files appear in folders and moving them to and retrieving them from tape is drag and drop easy.

F5 Networks announced the appointment of Elizabeth Buse, former CEO of Monitise PLC, to its Board of Directors. Ms. Buse, 59, joins F5's Board, effective today, and brings broad financial services industry expertise and public company board experience.

Microsoft Reports Evolution of China-Linked Threat Actor GADOLINIUM. Microsoft this week announced that it recently removed 18 Azure Active Directory applications that were being abused by China-linked state-sponsored threat actor GADOLINIUM. Also known as APT40, TEMP.Periscope, TEMP.Jumper, Leviathan, BRONZE MOHAWK, and Kryptonite Panda, the adversary has been active since at least 2013, mainly operating in support of China's naval modernization efforts, through targeting various engineering and maritime entities, including a U.K.-based company. The threat actor was recently observed leveraging Azure cloud services and open source tools in attacks employing spear-phishing emails with malicious attachments.

CISA orders federal agencies to implement Zerologon fixIf you had any doubts about the criticality of the Zerologon vulnerability affecting Windows Server, here is a confirmation: the US Cybersecurity and Infrastructure Security Agency has issued an emergency directive instructing federal agencies to "Immediately apply the Windows Server August 2020 security update to all domain controllers." NIST guide to help orgs recover from ransomware, other data integrity attacksThe National Institute of Standards and Technology has published a cybersecurity practice guide enterprises can use to recover from data integrity attacks, i.e., destructive malware and ransomware attacks, malicious insider activity or simply mistakes by employees that have resulted in the modification or destruction of company data.