Security News > 2020 > December

A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant-developed by a sanctioned Iranian threat actor-that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations. In September, the US Department of the Treasury imposed sanctions on APT39 - an Iranian threat actor backed by the country's Ministry of Intelligence and Security - for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors.

As companies look to cut costs, reduce turnover, and maximize growth potential, telework will play a central role in both the present and future of work. In response, companies need to be proactive about establishing and enforcing clear data management guidelines.

Countries engaging in "Protectionist" practices essentially ban or embargo specific technologies, companies, or digital platforms under the banner of national security, but we are seeing it used more often to send geopolitical messages, punish adversary countries, and/or prop up domestic industries. Rather, it is about cybersecurity and operations resilience against the ever-present reality of threats in cyber space-crucially, regardless of where the attacks come from or what technology attackers are targeting.

Organizations have become more aggressive with the cloud, especially financial services organizations that are moving toward payment processing in the cloud. BYOE is the next evolution of organizations being able to determine the level of control they want when it comes to managing their data security policies.

A cybercrime group known for targeting e-commerce websites unleashed a "Multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. The ultimate goal of the attack, the researchers noted, was to steal payment and user data via several attack vectors and tools to deliver the malware.

Their paper identifies "Digital thought clones," which act as digital twins that constantly collect personal data in real-time, and then predict and analyze the data to manipulate people's decisions. Activity from apps, social media accounts, gadgets, GPS tracking, online and offline behavior and activities, and public records are all used to formulate what they call a "Digital thought clone".

Access to data is critical as 59% of LoB employees are involved in identifying, suggesting, or creating new ways to improve the delivery of digital services externally, such as building an online self-service portal or a customer-facing mobile application. "This research shows data is one of the most critical assets that businesses need to move fast and thrive into the future. Organizations need to empower every employee to unlock and integrate data - no matter where it resides - to deliver critical, time-sensitive projects and innovation at scale, while making products and services more connected than ever."

DMARC enforces the use of a combination ofSPF andDKIM email authentication technologies to ensure only real emails are delivered to the end receivers. Without DMARC, all emails sent from the email domain of your business reaches the receiver's inbox without any security check or validation.

Ensure efficient use of available bandwidth, accelerating backups to the cloud and data recovery from the cloud by only transmitting data blocks that have been changed. "We have been testing DataProtect delivered as a Service for some time, and I am very pleased with its performance," said Tim Kovars, Senior Systems Engineer, Quarles & Brady LLP. "The UI is simple, clean, and easy to navigate, and data ingestion and retrieval have been a snap. As a long-term Cohesity customer, this is the type of innovation I have come to expect from this data management company."

By building security into its supply chain, services, infrastructure and devices, Dell Technologies helps customers lower risk and become more cyber resilient. "Security is the foundation of everything we do, and our intrinsic security approach addresses our customers' need for trusted technology and partners to help them fend off attacks and lower business risk."