Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
A third-party audit financed by the New York Times discovers a high-risk vulnerability but overall gives Securedrop Workstation a positive security bill of health. [Read More]
The U.S. Department of Homeland Security's CISA is directing federal agencies to scan their Microsoft Exchange environments for four weeks and report if they find any compromised servers. [Read More]
The U.S. Department of Justice this week announced official charges against Wyatt A. Travnichek, a Kansas man accused of accessing and tampering with a public water system. [Read More]
Citrix warns that the bugs could result in privileged code in a guest virtual machine to crash the host or render it unresponsive. [Read More]
North Korean government-backed APT group caught using a fake pen-testing company sock puppet Twitter and LinkedIn accounts in an escalation of a hacking campaign targeting security research professionals. [Read More]
A serious security bug in the 'netmask' npm package leads to misinterpretation of IP addresses. [Read More]
CompuCom shares information on the cost of recovering from a cybersecurity incident, including loss of revenue and major service disruptions. [Read More]
Reuters is reporting that a draft executive order would set new rules on data breach disclosure and use of multi-factor authentication and encryption in federal agencies. [Read More]
Researchers flag a critical security hole in the official Facebook for WordPress plugin and warn it could be abused for remote code execution attacks. [Read More]
Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks. [Read More]
FEATURES, INSIGHTS // Fraud & Identity Theft
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
While a credit freeze can protect against the opening of fraudulent credit accounts, it is not an inoculation against identity theft. What can be done to help protect identities and the attributes associated with them?
The attackers may be looking for the path of least resistance, but there is no shortcut to securing your platform.
In addition to basic credit monitoring, breached companies need to get ahead of the attacks and start providing security solutions that actually protect the victims before they are victimized again.
While effective at curbing “petty crimes” such as credit skimming / cloning, EMV does not address more sophisticated cyber-attacks that target backend systems which contain card holders’ most sensitive information.
Many fraudulent accounts are mere satire or innocuous trolling, but others are created with far more devious intentions.
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
They always say in the investment world that cash is king. We are now seeing that in terms of cyber as well. Stealing cash, it’s even better than stealing money.
When it comes to cybercrime, the police really can’t and aren’t going to protect residents of your town. The same goes for all towns and cities. Unless you’re talking a high six-figure theft, it's unlikely an officer will be assigned to your case.
The holiday season is a time of giving. But savvy security and technology professionals such as yourselves know, both during the holidays and year-round, that not all giving is good.
Get the Daily Briefing
- Months After Hack, US Poised to Announce Sanctions on Russia
- NVIDIA Unveils 'Morpheus' Cybersecurity Framework
- Irish Watchdog Opens Another Facebook Probe, Over Data Dump
- Capcom Says Older VPN Device at Heart of Ransomware Attack
- Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested
- Another Critical Vulnerability Patched in SAP Commerce
- Siemens Releases Several Advisories for 'NAME:WRECK' Vulnerabilities
- FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers
- At Least 100 Million Devices Affected by "NAME:WRECK" DNS Flaws in TCP/IP Stacks
- Google Patches More Under-Attack Chome Zero-days
Copyright © 2021 Wired Business Media. All Rights Reserved. Privacy Policy