Security News > 2020 > September
Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works. How do you test those end users? One way is with the GoPhish phishing toolkit.
Checking users, applications, and devices on your network are just a few ways to keep your company safe from cyberattacks. Tom Merritt lists five things to know about zero trust ops.
Checking users, applications, and devices on your network are just a few ways to keep your company safe from cyberattacks. Tom Merritt lists five things to know about zero trust ops.
Calendars for security and compliance audits are largely unchanged despite COVID-19, but the pandemic is straining security teams as they work remotely, according to the findings of a recent survey by automated audit prep provider Shujinko. The survey of North American CISOs documented the challenges facing security and compliance professionals preparing for a wave of upcoming audits and was conducted by Pulse in late June 2020.
Published with contribution from the FBI, the alert presents some of the tactics, techniques, and procedures that the Chinese state-sponsored hackers are employing in attacks on the U.S., such as the heavy use of publicly available tools to hinder attribution. According to CISA, threat actors affiliated with the Chinese MSS use open-source information in the planning stage of their operations, and engage target networks leveraging readily available exploits and toolkits.
Without early threat detection, you may not know your website has been hit by a DDoS attack until it slows down or stops, says NordVPN Teams.
Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.
Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers' bank card information as they enter their details to order stuff online. Sansec, a software company focused on these so-called "Digital skimming" attacks, discovered that 1,904 cyber-shops had been altered by miscreants over the weekend to include malicious JavaScript that siphoned off folks' card info.
The personal information of roughly 46,000 veterans was affected in a recent security incident, the U.S. Department of Veterans Affairs Office of Management said in a Monday statement. The data breach involved an online application pertaining to the Financial Services Center, which was accessed by "Unauthorized users to divert payments to community health care providers for the medical treatment of Veterans."
The state of the world in 2020 is unlike anything we have experienced before, and it's trickled down to have an impact on the IT and security world. Download this report to understand the most pervasive threats and how they attack organizations at their email perimeters, from inside the organization, or beyond the organization's perimeters.