Security News
Thousands of sensitive police department files - including police and FBI reports - were published on Friday by DDoSecrets, a self-proclaimed "Transparency collective" that publishes covert data. DDoSecrets said on Twitter that it contains ten years of data, from over 200 police departments, law enforcement training and support resources and fusion centers, which are state-owned entities that gather public safety data.
Brit cycling equipment shop Wiggle confirmed to The Reg today it was delinking customers' payment cards from their accounts, two weeks after first receiving complaints that orders were appearing on customers' accounts that they had not made themselves. Ross Clemmow, CEO at Wiggle, told The Reg: "[W]e understand a small number of customers' login details have been acquired outside of Wiggle's systems and some have been used to gain access to Wiggle accounts and purchases made.
Only 37% of "High performer" organizations monitor the risk of IoT devices used by third parties, and current IoT risk-management programs can't keep pace, study said. The report, A New Roadmap for Third Party IoT Risk Management, offered up a chart chronicling the differences between 2017, 2018, 2019, and 2020 in IoT and TPRM, and this year definitely shows an increase.
Dell Technologies' Global Data Protection Index 2020 Snapshot takes a closer look at the disruptions plaguing organizations around the globe. "Vulnerabilities, if not addressed, can do lasting damage to a company. Businesses must become more resilient, such as implementing air-gapped solutions that are physically disconnected while protecting their data, as cyber criminals continue to seize new opportunities to cause disruptions," said Nelson Hsu, director of data protection solutions marketing at Dell Technologies.
COVID-19 has completely changed the work world, but many organizations have seemingly failed to realize that security risks are changing as well, a new report finds. The report found that the shift to remote work has been massive: There has been a 39% decrease in companies with less than 25% of their staff working remotely, and a whopping 250% increase in companies with more than three-quarters of their full-time employees working from home.
Sadly unlawful cryptomining is still a thing, and SophosLabs has just published a report that follows the evolution and operation of the cybercrime gang behind a botnet known as Kingminer. Servers have two desirable properties for cryptomining abuse, namely that they're always on, so any unauthorised mining runs 24/7, and they're usually much more powerful than the average laptop, so the crooks can dial in decent earnings without taking over the server so completely that they get noticed.
Security vendor Mimecast has released its fourth annual State of Email Security report for 2020. The report is filled with data about email security, but for those looking for action items Mimecast has provided a list of 10 takeaways that point out particular risks and provide IT security decision makers with some avenues to focus on in the coming months.
A hapless IT bod found the Have I Been Pwned service answering its own question in a way he really didn't want - after a breach report including a SQL string KO'd his company's helpdesk ticket system. A pseudonymous blogger posting under the name Matt published a tortured account of what happened when a breach notification email from HIBP was ingested into his firm's helpdesk ticket system and was automatically assigned a ticket ID. The company used version 9.4.5 of the GLPi open source helpdesk system, a rather old product but quite functional.
Here's how employees in the US, UK, France and Germany are putting systems at risk, according to CyberArk. As companies have responded to the coronavirus pandemic by shifting employees from the physical workspace to the home office, the remote working environment has greatly expanded-and with this new normal, come some challenges to corporate security. "The security posture of organizations continues to be tested as many remote employees face daunting challenges balancing productivity and security across their professional and personal workspaces," said Marianne Budnik, CMO of CyberArk, in the press release.
COVID-19 phishing emails have been bombarding inboxes since the virus began to spread in December and January. Cybersecurity company INKY pored through the months of coronavirus-themed phishing emails and compiled a report on where most of them were coming from, finding that the majority of IP addresses found in email headers originated from the United States.