Anish Ravindranathan, security and cloud architect at Tata Digital

Business Continuity in a New Environment

Suparna Goswami • April 3, 2020

As companies deal with a remote workforce as a result of the COVID-19 crisis, they face serious business continuity issues, regardless of whether their applications operate in the cloud or on the company's own servers, says Anish Ravindranathan, security and cloud architect at Tata Digital.

3rd Party Risk Management

Hijacked Routers Steering Users to Malicious COVID-19 Sites

Latest

Business Continuity Management / Disaster Recovery

COVID-19 Response: The Re-Evaluation Phase

Tom Field • April 3, 2020

As April begins, enterprises are starting to re-evaluate their COVID-19 response plans, says crisis management expert Regina Phelps. What are the other pandemic response planning phases we can expect to see as infections spread and quarantines continue?

Cybercrime

Magecart Group Hits Small Businesses With Updated Skimmer

Ishita Chigilli Palli • April 3, 2020

A Magecart group has been using a new skimmer technique to target the online checkout sites of smaller businesses in order to steal credit card data, according to RiskIQ researchers, who have spotted 19 of these malicious JavaScript attacks so far.

Cybercrime

Botnet Targets Devices Running Microsoft SQL Server: Report

Apurva Venkat • April 3, 2020

Researchers at security firm Guardicore Labs are tracking a botnet they call Vollgar that's targeting devices running vulnerable Microsoft SQL Server databases with brute-force attacks and planting cryptominers in the infected databases.

Anti-Phishing, DMARC

Analysis: The Path Back to Business as Usual After COVID-19

Nick Holland • April 3, 2020

The latest edition of the ISMG Security Report offers an analysis of the phases businesses will go through in the recovery from the COVID-19 pandemic, plus an assessment of new risks resulting from the work-at-home shift and lessons learned from the Equifax breach.

Business Continuity Management / Disaster Recovery

What Went Wrong at Equifax? We Have Good Answers

Mathew J. Schwartz • April 3, 2020

What missteps led to hackers stealing details on 145 million Americans from Equifax in 2017? The answer to that question can be found in numerous reports and a Justice Department indictment. Security researcher Adrian Sanabria says they're essential reading for anyone responsible for cybersecurity defenses.

3rd Party Risk Management

The Cybersecurity Follies: Zoom Edition

Mathew J. Schwartz • April 3, 2020

The stuck-at-home chronicles have fast become surreal, as remote workers face down a killer virus on the one hand and the flattening of their work and personal lives on the other. To help, many have rushed to adopt Zoom. And for many use cases - hint: not national security - it is a perfectly fine option.

COVID-19

Zoom Rushes Patches for Zero-Day Vulnerabilities

Apurva Venkat • April 2, 2020

The day after security researcher Patrick Wardle disclosed two zero-day vulnerabilities in the macOS client version of Zoom's teleconferencing platform, the company on Thursday rushed out patches for these flaws and one other.

COVID-19

A CISO Conversation: Managing the Remote Workforce

Tom Field • April 1, 2020

As CISO of SoftBank Investment Advisers, Gary Hayslip is dealing with a familiar crisis management challenge: Supporting a remote workforce, with extra emphasis on secure identities. But he's also keeping a close eye on his team and the risks of burnout.

COVID-19

Zoom Contacts Feature Leaks Email Addresses, Photos

Jeremy Kirk • April 1, 2020

Popular teleconferencing software Zoom is continuing to fall under scrutiny as questions are raised over its privacy and security practices. The latest issue: a feature that inadvertently reveals strangers' email addresses and profile photos.

Business Email Compromise (BEC)

Nigerian BEC Scammers Increase Proficiency: Report

Akshaya Asokan • April 1, 2020

Nigerian cybercriminal gangs have become even more proficient in waging business email compromise attacks, according to an analysis from Palo Alto Network's Unit 42 that describes recent trends.

Breach Notification

Marriott Suffers Another Massive Data Breach

Scott Ferguson • March 31, 2020

Hotel giant Marriott, which in 2018 disclosed that it had suffered one of the worst data breaches in history, is now warning that it suffered a new breach earlier this year that exposed personal details - although not payment card information - for 5.2 million customers.

COVID-19

Phishing Campaigns Leverage Latest COVID-19 Themes

Scott Ferguson , Apurva Venkat • March 31, 2020

With the U.S. and other nations adopting economic stimulus packages as a result of the global COVID-19 pandemic, fraudsters are now using the promise of government checks as phishing lures to spread banking Trojans, according to a pair of new security research reports.