Security News

Particularly in the coronavirus time where people are locked down, and they're not well prepared for that scenario, we are seeing a huge surge in shadow IT tools of late. Rahul Kashyap: So we found that generally, it's one or two file sharing applications which IT people authorize end users to use in a large corporate environment.

File sharing, remote work, and vulnerable employees are leaving company networks open to potential cyberattack

This shift to working from home has exposed new security risks and has left nearly 50% of those employees worried about impending cyber threats in their new home office settings. The rapid shift to working from home has also changed the ways many organizations do business from moving face-to-face meetings to video conferencing calls to adding new collaboration tools-yet the survey showed many employees are lacking guidance, direction and policies.

BEC campaigns represent a relatively small percentage of all email attacks yet pose the greatest financial risk, says Abnormal Security. One less common but potentially more dangerous attack type is the Business Email Compromise.

Stamus Networks announced the general availability of SELKS 6 - the turnkey system based on Suricata intrusion detection/prevention and network security monitoring with a network threat hunting interface and graphical rule manager. "We are excited to make SELKS 6 officially available," said Peter Manev, co-founder and chief strategy officer of Stamus Networks.

A report released Tuesday by IT software vendor Ivanti highlights some of the challenges in light of the move to remote working. Among the respondents, 70% said they increased VPN access to more employees, 54% had to set up and distribute extra devices, and 52% created more "How-to" articles for remote workers to follow.

Unlocked domains are susceptible to malicious tactics that can lead to unauthorized DNS changes and domain name hijacking, says CSC. Your organization's public-facing domain is often as important and critical a resource as are your internal files, data, and network. Just as you protect your internal infrastructure from cyberthreats, so too do you need to protect your domain.

The increased use of mobile banking apps due to the COVID-19 pandemic is sure to be followed by an increased prevalence of mobile banking threats: fake banking apps and banking Trojans disguised as those apps, the FBI has warned. "Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020. Additionally, studies indicate 36 percent of Americans plan to use mobile tools to conduct banking activities, and 20 percent plan to visit branch locations less often," the FBI pointed out.

In a paper recently published through the Journal of Cybersecurity, Cornell University assistant professor Karen Levy and security veteran Bruce Schneier argue that intimate relationships open the door to a set of privacy and security risks that haven't been anticipated or adequately addressed by the public, the technical community, and policymakers. "We describe privacy threats that arise in our intimate relationships: families, romances, friendships," said Levy.

Kaspersky this week released a threat intelligence solution designed to help with the attribution of malware samples to known advanced persistent threat groups. The new Kaspersky Threat Attribution Engine, a commercial product available globally, uses a proprietary method to match malicious code against a malware database and link it to APT groups or campaigns based on code similarities.