Security News > 2021 > September

Police arrested 106 people suspected of carrying out online fraud for an organized crime gang linked to the Italian Mafia, Europol said on Monday. It's claimed the suspects scammed hundreds of victims using phishing; SIM swapping attacks, in which crooks typically take control of people's cellphone numbers to get account login tokens texted to them; and so-called business email compromise, in which fraudsters typically use bogus invoices and the like to trick company staff into transferring money to the thieves.

Marlin Hawk released a research report which explores industry trends and insights of CISOs around the world, the challenges they face in a rapidly evolving cybersecurity landscape, as well as their role and place within organizations. It consists of research from CISOs at 400+ of the world's largest companies and direct feedback from Fortune 500 CISOs at organizations like Bank of America, Humana, TD Bank Group, Equifax, Credit Suisse, and BT Security.

77% of Americans believe their company has gaps in its current security tools, according to Lynx Software survey findings. The results found that 89% are concerned about external security threats to their company, and nearly the same amount, 86%, are concerned about threats from inside.

Organizations are prioritizing strategic security programs but missing the foundational capabilities they need to make meaningful changes to their security posture, a ReliaQuest and Ponemon Research survey reveals. "While it's positive to see more leaders engaging in strategic approaches to securing their organization, as they look to implement programs like zero trust - which can be a multi-year journey - it's important to keep their energy focused on the fundamentals of cybersecurity. Visibility, metrics and process aren't sexy, but they are the building blocks of a resilient security program."

There's nothing like five or six days of in-depth training with SANS Institute to develop cutting-edge Digital Forensics and Incident Response security skills. Then how do you keep those skills honed day to day, week to week, and for free? By checking in regularly with the SANS DFIR page, which should be your go-to one-stop shop for a ton of DFIR resources.

Despite office workers being aware of the cybersecurity challenges faced by their employer - especially when it comes to hybrid working - many admit to high risk behavior including sharing passwords, downloading non-work related files and even losing work-owned devices, a BlueFort Security survey reveals. Despite the above, 33 percent of office workers said that they will not be taking any measures or extra precautions when transporting devices with access to company data from remote to office.

A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. "The malware's primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they've been infected, these systems are then used to mine cryptocurrency," Akamai security researcher Larry Cashdollar said in a write-up published last week.

A massive $100 billion in transactions in 2021 alone have been protected by 3-D Secure payments authentication technology, Outseer reveals. The report also reveals continued explosive growth of worldwide 3-D Secure transactions due to skyrocketing adoption of online shopping and new PSD2 mandates.

Over the past year, CISOs have had to grapple with the challenges of bolstering the security posture, minimizing risks, and ensuring business continuity in the new normal. In this article, we have put together the top cybersecurity priorities for 2021 and beyond that will enable businesses to be fully equipped for future disruptions, without compromising on security.

A Windows security update released in January and now fully enforced this month is causing Windows users to experience 0x0000011b errors when printing to network printers. It did add a new Registry key that admins could use to increase the RPC authentication level used for network printing to mitigate the vulnerability.