Shivkumar Pandey, Group CISO, Bombay Stock Exchange

Managing a Remote Workforce: Critical Security Steps

Geetha Nandikotkur • April 10, 2020

To ensure business continuity, companies that support India's critical infrastructure need to validate the functioning of the security controls and other tools deployed to support the remote workforce during the COVID-19 pandemic, says Mumbai-based Shivkumar Pandey, group CISO at the Bombay Stock Exchange.

►

Blockchain & Cryptocurrency

Business Continuity in a New Environment

Latest

Endpoint Security

Analysis: Remote Workplace Security Challenges

Nick Holland • April 10, 2020

The latest edition of the ISMG Security Report discusses the cybersecurity challenges posed by the work-at-home shift. Also featured: Tips from NIST on developing remote worker security policies, plus a discussion of the nascent threat of AI meeting assistants.

Anti-Phishing, DMARC

Critical PAM Components in the Current Environment

Geetha Nandikotkur • April 10, 2020

Privileged access management is more critical as a result of the shift to telework during the COVID-19 pandemic and the ongoing movement of applications and data to the cloud, says Dr. Yask Sharma, CISO of a large national critical infrastructure organization in India, who outlines essential PAM components.

Cybercrime

UK and US Security Agencies Sound COVID-19 Threat Alert

Mathew J. Schwartz • April 9, 2020

Cybercrime groups and nation-state hacking gangs are continuing to exploit the COVID-19 pandemic to further their aims, U.K. and U.S. security agencies warn in a joint alert. While overall attack levels haven't increased, they say, "the frequency and severity of COVID-19-related cyberattacks" looks set to surge.

Fraud Management & Cybercrime

Faces of Fraud 2020: COVID-19's Impact

Tom Field • April 9, 2020

The cyberthreat and fraud landscape is ever-changing, and attackers are upping the game with more advanced attacks. The COVID-19 pandemic has accelerated socially engineered schemes, such as phishing and virus-related scams. CISO Stephen Fridakis and consultant Rocco Grillo discuss how to ramp up defenses.

Cybercrime

Latest Botnet Offers DDoS Attacks on Demand

Akshaya Asokan • April 9, 2020

The operator of a newly discovered botnet dubbed "Dark Nexus" is offering cybercriminals access to an array of capabilities, include the ability to launch DDoS attacks on demand, according researchers at Bitdefender.

Governance & Risk Management

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Mathew J. Schwartz • April 8, 2020

Patch or perish alert: Less than 20 percent of vulnerable Microsoft Exchange servers have received a fix for a serious flaw that Microsoft first disclosed nearly two months ago, security firm Rapid7 warns. It also found a "concerning number" of Exchange 2007 servers, which Microsoft stopped supporting in 2017.

Cybercrime

Hackers Have Targeted Linux Servers for Years: Report

Ishita Chigilli Palli • April 8, 2020

For nearly a decade, five hacking groups with apparent links to the Chinese government have targeted vulnerable Linux servers that make up the backend IT infrastructure of thousands of companies and organizations around the world, according to a research report from BlackBerry.

Business Email Compromise (BEC)

FBI: COVID-19-Themed Business Email Compromise Scams Surge

Ishita Chigilli Palli • April 7, 2020

Fraudsters are taking advantage of the uncertainty over the global COVID-19 pandemic to ramp-up business email compromise scams designed to steal money, the FBI and security researchers warn.

Business Continuity Management / Disaster Recovery

No COVID-19 Respite: Ransomware Keeps Pummeling Healthcare

Mathew J. Schwartz • April 7, 2020

As the COVID-19 outbreak has intensified, so too has cybercrime, including ransomware, Interpol, the international crime-fighting agency, warns. Despite some gangs claiming to no longer be targeting healthcare organizations, experts have seen "no abatement, empathy or free decryptor" from any of them.

Application Security

Researchers Propose COVID-19 Tracking App

Ishita Chigilli Palli • April 7, 2020

Researchers at Boston University have written a research paper that proposes creating a smartphone app that uses short-range transmission technologies that can inform users if they have been in close proximity to a person infected with COVID-19 - while maintaining privacy.

Cybercrime

Hackers Target Chinese Government Agencies Via VPNs: Report

Apurva Venkat • April 7, 2020

Hackers are targeting Chinese government agencies and their employees by taking advantage of zero-day vulnerabilities in VPN servers to plant backdoors and other malware, researchers at the Chinese security firm Qihoo 360 report.

Endpoint Security

Researcher Finds Flaws in HP's Software Assistant Tool

Jeremy Kirk • April 6, 2020

A security researcher found 10 flaws within HP's Software Assistant Tool, which is installed across HP's desktop and laptop computers. Bill Demirkapi, who found the flaws, says the software is risky because only seven of the flaws have been patched by HP.