Security News

"From a security perspective," said Javvad Malik, security awareness advocate for KnowBe4, "The first things a company should look into are whether there is enough capacity for employees to work from home at the same time. It is also important to ensure the right policies and tools are put in place to enable employees to work remotely. Not having the right tools in place can lead to employees using unapproved or insecure apps, tools, or methods to try and get their job done. Most of all, expectations should be set as to how the organization expects its employees to operate under remote conditions and how to raise any issues." A Veritas Technologies spokesperson warned, "Many employees are habitual in the way they store data, saving to local drives on laptops or to the public cloud when working remotely. If large percentages of employees shift towards remote work over time, it could create a pool of unstructured data that would become invisible to the business-causing a new wave of data protection and compliance concerns." Given how quickly the coronavirus has spread, corporations may not have had time to implement necessary protocols.

Take your SOC to the next level of effectivenessOrganizations are turning to Breach and Attack Simulation integration with the SOC. BAS integration with SIEM and SOAR solutions enables SOC teams to continually evaluate the effectiveness of their security controls and improve the company's security posture with real-time, accurate metrics. SecOps teams face challenges in understanding how security tools workSecurity professionals are overconfident in their tools with 50% reporting that they have experienced a security breach because one or more of their security products was not working as expected, according to Keysight.

Victims of dodgy IT support from Office Depot will start receiving compensation checks, a US consumer watchdog said Thursday. The payouts come from a 2019 settlement the retail giant reached with the FTC, after the biz was accused of letting employees and a computer support provider trick punters into paying for unneeded malware cleanup and security software.

America's Homeland Security this week disclosed it recently responded to a ransomware infection at an unnamed natural gas plant. It did spread from an office computer through the plant's IT network to the operational network of PCs that monitor the plant, overwriting documents and other data as it went.

Many novice Office 365 shops do not know where platform-specific security vulnerabilities lie, or even that they exist. Companies get themselves into trouble when they do not fully understand the way data moves through O365 or they apply on-premise security practices to their cloud strategy.

Security researchers with Cisco's Talos Security Intelligence and Research Group discovered a new type of malware, which is able to attack a victim's devices through malicious Microsoft Office documents. "We don't know why specifically these countries, the attackers simply hardcoded these countries in the malware. The attackers had complete control of the compromised systems. The purpose of the campaigns were cyber espionage," Rascagneres said.

CloudNine launches CloudNine Collection Manager, a breakthrough data extraction solution from the global electronic discovery technology provider. Installed in minutes, Collection Manager defensibly performs native data collections from Office 365 email custodians, as well as Microsoft OneDrive cloud storage files.

Amid Uncle Sam's dire warnings, Microsoft said there is no evidence of the flaw being targeted in the wild and its severity level is listed as "Important," a step below the critical remote code execution bugs in RDP,.NET and Internet Explorer. The American spying agency wants everyone to know - to the point of even holding a press conference about CVE-2020-0601 - that it privately found and reported this diabolical cert flaw to Microsoft, and that it is a totally friendly mass-surveillance system that has turned a new leaf, wants to be on the good side of infosec researchers, and cares about your ongoing ability to verify the origin and integrity of executable files and network connections.

The latest example of this involves Office 365 users being directed to phishing and malicious pages hosted on Office Sway, a web application for content creation that's part of Microsoft Office. "The Sway page will include trusted brand names. Most commonly, the spoofed brands are Microsoft-affiliated, just like the SharePoint logo shown in the example above," Avanan explained.

Three Louisiana parish sheriff's offices were targeted by hackers over the weekend in a suspected cyberattack, officials confirmed. read more