Large organizations utilize a variety of technologies and solutions to create cyber resiliency, an important part of the best practice known as Defense in Depth. But, using disparate systems can actually result in increased security exposure and risks, and slower response to threats. A few years ago, Cisco began working with the best and brightest minds around the world to address this issue. This led to the creation of their…
In response to fake news becoming an increasingly pervasive issue affecting the global political climate, many countries have implemented, or are in the process of implementing, legislation to combat the online spread of false information. While it’s difficult to reach uniform conclusions about these different legislative acts, organisations with an online presence in countries with anti-fake news laws may be subjected to increased government scrutiny, as well as potential fines…
Kroll, a division of Duff & Phelps, a global leader in risk mitigation, investigations, compliance, cyber resilience, security and incident response solutions, announces that CREST has accredited Kroll as a global CREST Penetration Testing service provider. This accreditation affirms Kroll’s expertise and authority to conduct penetration testing for clients around the world and helps provide assurance to organisations regarding the strength of their cyber resilience. CREST was set up…
It used to be difficult to discuss security within an organisation, terms like Phishing needed explanation, Denial of Service was when the local garage couldn’t change the oil in your car, and forget about Botnets. However over the years, and at an accelerated pace it has become easier for us security professionals to communicate types of risks and vulnerabilities – why? Because they are now part of our everyday lives,…
A majority of executives around the world feel they face a “specialist-generalist” dilemma as to whom leads on cyber resiliency due to its critical nature across the company, but also the recognition that specialization is necessary. This is according to the results of a global survey conducted by The Economist Intelligence Unit (EIU) and sponsored by Willis Towers Watson. The EIU surveyed over 450 companies across the globe about their…
New data privacy laws in Europe and California — not to mention the resulting flurry of updated privacy policy notifications landing in our inboxes — have put privacy matters in the spotlight. But the circumstances that have precipitated this highlight a worrying trend: customers are concerned about not just the vulnerability of their personal information, but also how companies handle and use it. According to the new Trends in…
While the days of the average person being distrustful of carrying out any kind of financial transaction online are long gone, there are still certain obstacles to overcome, despite ecommerce and online business continuing to grow. Digital transactions have become more sophisticated, more secure, but one kind of digital transaction is lagging behind: online banking. And cyber criminals are aware of this fact. More than three quarters of companies (78%)…
The US justice department has charged an alleged North Korean spy for helping to perpetrate cyber-attacks against the National Health Service that saw operations cancelled, ambulances diverted and patient records made unavailable following a worldwide hack in 2017 which affected computers in more than 150 countries. View Full Story ORIGINAL SOURCE: The Guardian The post North Korean hacker charged with cyber attack on NHS appeared first on IT SECURITY GURU. Source: http://www.itsecurityguru.org
Security researchers exploited a threat actor’s poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks.The new piece of malware, which received the name Chainshot, is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction. View Full Story ORIGINAL SOURCE: Bleeping Computer The post Researchers find Chainshot…
Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened Sept. 4 at 14:30 UTC (10:30 a.m. EST), when MEGA’s Chrome extension was updated to version 3.39.4 on the Google Chrome Web Store. The update was not pushed by MEGA itself, but by hackers, and the new version…