Security News

ReversingLabs has analyzed clues from attacks by the Kwampirs remote access trojan to help software companies defend their organizations against this malware. In addition to attacks against supply chain software providers, the FBI said the same malware was also used in attacks against healthcare, energy, and financial companies.

Phishing is typically used to gain credentials so attackers have access to an organization's systems, or as a way to deploy malware directly. One of the key reasons phishing is so successful is how easy it is to execute, and how many ways it can be used.

Often business priorities are given precedence over security priorities, particularly when optimal security practices risk interfering with business efficiency or overall productivity. Underfunding security in order to boost other areas of the business may seem like a good idea in the short term, but it's a big risk that can come back to bite senior executives pretty spectacularly if they aren't careful.

Among the top issues being discussed at the RSA 2020 conference this week is the need for more cybersecurity collaboration between government agencies and the private sector. Alexander says private sector organizations need to share anonymized information on cybersecurity issues with the government so that further attacks can be prevented.

Phishing attacks have become one of the business world's top cybersecurity concerns. Hackers have evolved their methods, from regular phishing attacks to spear phishing, where they use email messages disguised as coming from legitimate sources to dupe specific individuals.

A U.S. Defense Department agency that's responsible for providing secure communications and IT equipment for the president and other top government officials says a data breach of one of its systems may have exposed personal data, including Social Security numbers. While Defense Department officials did not provide specifics about the data breach, such as when it happened or how many individuals may have been affected, the notification letter refers to a data breach of a system hosted by the agency.

Cymatic announced its participation in RSAC 2020 to demonstrate the success of the only unified web defense that deploys at the client through a simple line of JavaScript without agents or proxies to deliver first-look, first-strike capability that is earliest in the kill chain. Cymatic's next-generation all-in-one web application defense platform provides universal in-session visibility and control to reduce risk across web applications, networks, and users while decreasing network traffic loads and eliminating user friction.

Summit 7 Systems, a leading national provider of Cybersecurity Compliance Solutions for the Defense Industrial Base, announced an expansion of their Cybersecurity Practice Area with the addition of new software and services to prepare Defense and Aerospace Contractors for compliance with the new Cybersecurity Maturity Model Certification regulations. The CMMC regulations were created by the U.S. Department of Defense to strengthen Cybersecurity in the supply chain of the Defense Industrial Base, and version 1.0 was released on January 31, 2020.

Japanese defense contractors Pasco and Kobe Steel this week disclosed cyber intrusions they suffered back in 2016 and 2018. Pasco is Japan's largest geospatial service provider and Kobe Steel is a major steel manufacturer.

A new Maryland bill would ask the state's Department of Information Technology to develop a baseline plan for localities within the state to help battle cyber attacks. Senate bill 120, introduced by Sen. Susan Lee, D-Montgomery, would give the Maryland Department of Information Technology the expanded responsibility of developing a cybersecurity strategy and helping agencies within the state implement it at their discretion.