Latest

Endpoint Security

Researcher Finds Flaws in HP's Software Assistant Tool

Jeremy Kirk  •  April 6, 2020

A security researcher found 10 flaws within HP's Software Assistant Tool, which is installed across HP's desktop and laptop computers. Bill Demirkapi, who found the flaws, says the software is risky because only seven of the flaws have been patched by HP.

Endpoint Security

NIST Specialist Offers Telework Security Insights

Scott Ferguson  •  April 6, 2020

With the COVID-19 pandemic forcing large portions of the workforce to shift to telework, CISOs need to rethink corporate policies on the use of video conferencing platforms and other communications tools, says NIST's Jeff Greene, who offers risk mitigation advice.

Anti-Phishing, DMARC

Spear-Phishing Campaign Uses COVID-19 to Spread LokiBot

Akshaya Asokan  •  April 4, 2020

A recently uncovered spear-phishing campaign is using fears of the COVID-19 pandemic to spread an information stealer called LokiBot. FortiGuard Labs researchers find that cybercriminals are once again using World Health Organization images as a lure.

►

Business Continuity Management / Disaster Recovery

CISO Conversations: Healthcare's Unique Opportunity

Tom Field  •  April 3, 2020

Healthcare professionals are on the front line in the war against COVID-19, and cybersecurity leaders bear unique pressure to support and secure their efforts. But amid this crisis, Anahi Santiago, CISO of ChristianaCare, also sees tremendous strides in telehealth delivery.

Cybercrime

Magecart Group Hits Small Businesses With Updated Skimmer

Ishita Chigilli Palli  •  April 3, 2020

A Magecart group has been using a new skimmer technique to target the online checkout sites of smaller businesses in order to steal credit card data, according to RiskIQ researchers, who have spotted 19 of these malicious JavaScript attacks so far.

Cybercrime

Botnet Targets Devices Running Microsoft SQL Server: Report

Apurva Venkat  •  April 3, 2020

Researchers at security firm Guardicore Labs are tracking a botnet they call Vollgar that's targeting devices running vulnerable Microsoft SQL Server databases with brute-force attacks and planting cryptominers in the infected databases.

Anti-Phishing, DMARC

Analysis: The Path Back to Business as Usual After COVID-19

Nick Holland  •  April 3, 2020

The latest edition of the ISMG Security Report offers an analysis of the phases businesses will go through in the recovery from the COVID-19 pandemic, plus an assessment of new risks resulting from the work-at-home shift and lessons learned from the Equifax breach.

Business Continuity Management / Disaster Recovery

What Went Wrong at Equifax? We Have Good Answers

Mathew J. Schwartz  •  April 3, 2020

What missteps led to hackers stealing details on 145 million Americans from Equifax in 2017? The answer to that question can be found in numerous reports and a Justice Department indictment. Security researcher Adrian Sanabria says they're essential reading for anyone responsible for cybersecurity defenses.

3rd Party Risk Management

The Cybersecurity Follies: Zoom Edition

Mathew J. Schwartz  •  April 3, 2020

The stuck-at-home chronicles have fast become surreal, as remote workers face down a killer virus on the one hand and the flattening of their work and personal lives on the other. To help, many have rushed to adopt Zoom. And for many use cases - hint: not national security - it is a perfectly fine option.

COVID-19

COVID-19 Crisis Triggers More HIPAA Policy Changes

Marianne Kolbasuk McGee  •  April 2, 2020

In the latest move to relax certain HIPAA requirements during the COVID-19 crisis, federal regulators Thursday paved the way for business associates to share protected health information for public health-related activities during the pandemic.

COVID-19

Zoom Rushes Patches for Zero-Day Vulnerabilities

Apurva Venkat  •  April 2, 2020

The day after security researcher Patrick Wardle disclosed two zero-day vulnerabilities in the macOS client version of Zoom's teleconferencing platform, the company on Thursday rushed out patches for these flaws and one other.

Artificial Intelligence & Machine Learning

Washington Governor Signs Facial Recognition Law

Akshaya Asokan  •  April 2, 2020

Washington's governor has signed a new law that regulates the use of facial recognition technology. But some privacy advocates say the measure, which was backed by Microsoft, doesn't do enough to protect individuals' rights.