Security News

"Before my arrival at ManoMano, security was managed individually by each team at the company. There was no security team per se, no unique strategy and no clear security framework. Everyone's approach was very operational, which worked but kept the security stature at a level that was acceptable and functional," he told Help Net Security. "First of all, there had to be a focus on communication and open collaboration - I needed to listen and watch, understand the business challenges and security risks that were present at that time. Secondly, I focused on presenting a clear vision of the strategy across the business, laying out a concrete action plan with desired results. Finally, I immediately started thinking about the recruitment of new talent so we could build a smashing security team."

US federal agencies have warned today against making or selling fake COVID-19 vaccination record cards as this is breaking the law. Using fake vaccination record cards could also put others at risk, increasing the chance of contracting COVID-19 or infecting others.

Indonesian officials have asked its nation's citizens to stop leaking their own personal data on social media by sharing pictures of certificates attesting to their receipt of COVID-19 vaccinations. In a Tuesday press conference, Indonesia's COVID-19 task force spokesman Wiku Adisasmito explained that the certificates include a QR code that, when scanned, can yield personal medical data.

A report released Tuesday by threat intelligence firm Check Point Research explains how phony COVID-19 vaccine documents are selling on the Dark Web and how to avoid these fake documents. For individuals who don't have such a certificate or can't wait for a vaccine, the Dark Web is becoming home to fake documents, according to Check Point's analysis.

According to researchers at Cofense, a campaign began circulating in March that capitalized on Americans' interest in the forthcoming $1,400 relief payments and other aid. In reality, the emails offer the Dridex banking trojan.

Email scamming is still one of the most effective types of attacks in the coronavirus era, according to Kaspersky, since fear and anxiety are two of the most-exploited emotions for this kind of social-engineering attack. In 2020, delivery services entered the top ten most-spoofed organizations for these types of attacks, according to Kaspersky.

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. Since December 2020, the US Department of Justice seized four other domains used by fraudsters for various nefarious purposes, including fraud, phishing attacks, and/or infecting targets' computers with malware.

Between October and January the average number of COVID-19 vaccine-related spear-phishing attacks grew 26 percent, said Barracuda Networks researchers. The types of cybercriminal activity varies, from sending malicious emails that purport to be from the Centers for Disease Control and Prevention, to posting advertisements on underground forums touting vaccine doses for sale.

Even as more and more people get vaccinated against COVID-19 despite a slow rollout, most companies have business travel plans on hold at least for now. Brian Kropp, chief of research in the Gartner HR research, said that executives are still very early in their planning process around starting normal business travel.

An analysis of 40 COVID-19 contact tracing applications for Android has led to the discovery of numerous security and privacy issues, according to a new research paper. Contact tracing applications have been created to help authorities automate the process of identifying those who have been in close contact with infected individuals.