Security News

This shift to working from home has exposed new security risks and has left nearly 50% of those employees worried about impending cyber threats in their new home office settings. The rapid shift to working from home has also changed the ways many organizations do business from moving face-to-face meetings to video conferencing calls to adding new collaboration tools-yet the survey showed many employees are lacking guidance, direction and policies.

BEC campaigns represent a relatively small percentage of all email attacks yet pose the greatest financial risk, says Abnormal Security. One less common but potentially more dangerous attack type is the Business Email Compromise.

Stamus Networks announced the general availability of SELKS 6 - the turnkey system based on Suricata intrusion detection/prevention and network security monitoring with a network threat hunting interface and graphical rule manager. "We are excited to make SELKS 6 officially available," said Peter Manev, co-founder and chief strategy officer of Stamus Networks.

A report released Tuesday by IT software vendor Ivanti highlights some of the challenges in light of the move to remote working. Among the respondents, 70% said they increased VPN access to more employees, 54% had to set up and distribute extra devices, and 52% created more "How-to" articles for remote workers to follow.

Unlocked domains are susceptible to malicious tactics that can lead to unauthorized DNS changes and domain name hijacking, says CSC. Your organization's public-facing domain is often as important and critical a resource as are your internal files, data, and network. Just as you protect your internal infrastructure from cyberthreats, so too do you need to protect your domain.

The increased use of mobile banking apps due to the COVID-19 pandemic is sure to be followed by an increased prevalence of mobile banking threats: fake banking apps and banking Trojans disguised as those apps, the FBI has warned. "Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020. Additionally, studies indicate 36 percent of Americans plan to use mobile tools to conduct banking activities, and 20 percent plan to visit branch locations less often," the FBI pointed out.

In a paper recently published through the Journal of Cybersecurity, Cornell University assistant professor Karen Levy and security veteran Bruce Schneier argue that intimate relationships open the door to a set of privacy and security risks that haven't been anticipated or adequately addressed by the public, the technical community, and policymakers. "We describe privacy threats that arise in our intimate relationships: families, romances, friendships," said Levy.

Kaspersky this week released a threat intelligence solution designed to help with the attribution of malware samples to known advanced persistent threat groups. The new Kaspersky Threat Attribution Engine, a commercial product available globally, uses a proprietary method to match malicious code against a malware database and link it to APT groups or campaigns based on code similarities.

UK-based infosec outfit Keepnet Labs left an 867GB database of previously compromised website login details accessible to world+dog earlier this year - then sent lawyers' letters to bloggers in a bid to erase their reports of its blunder. As reported by news website Verdict, Keepnet was stung by Diachenko's initial post about the gaffe, which Keepnet interpreted as the blogger blaming the business for leaking its own customers' data - none of its own clients' data was exposed, but rather info from previous publicly known database exposures.

I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships.