A global health crisis. A remote workforce. Economic uncertainty. These are key ingredients to fuel the insider threat. Randy Trzeciak of the CERT Insider Threat Center at Carnegie Mellon University offers tips for monitoring risky behavior and creating positive incentives to reduce risk.
TikTok, a video-sharing service, has been delivering video and other media without TLS/SSL encryption, which means it may be possible for someone to tamper with content, researchers say. That could be especially damaging in the current pandemic environment, where misinformation and confusion abounds.
Two recently uncovered phishing campaigns used COVID-19 themes as a lure in an attempt to spread ransomware and information stealers, according to Palo Alto Networks' Unit 42 division.
Singapore's open banking effort has expanded the attack surface, and the only effective defense is to enhance threat intelligence sharing among banks, retailers and third parties, says Tom Wills, a Singapore-based cybersecurity practitioner who is a consultant for financial institutions.
In January, hackers reportedly compromised portions of the New York state government's computer network by taking advantage of an unpatched vulnerability in Citrix enterprise software. Although state officials say no data was compromised, the attack reportedly disabled some state agency information systems.
Dutch police have shut down 15 DDoS booter sites over the course of a week. Meanwhile, they've arrested a 19-year-old in connection with DDoS attacks on two government websites.
The SEC has settled charges against two traders who were accused of profiting from the hacking of an SEC EDGAR system server in 2016. The Ukrainian man who allegedly hacked the system by bypassing its authentication control remains at large.
To ensure business continuity, companies that support India's critical infrastructure need to validate the functioning of the security controls and other tools deployed to support the remote workforce during the COVID-19 pandemic, says Mumbai-based Shivkumar Pandey, group CISO at the Bombay Stock Exchange.
As governments and organizations around the globe rethink their use of the Zoom teleconference platform as a result of ongoing privacy and security concerns, the company is making more system changes and has formed a CISO advisory board.
Travelex, a London-based foreign currency exchange that does business in 26 countries, including the U.S., paid a ransomware gang $2.3 million to regain access to its data following an attack, the Wall Street Journal reports. The incident crippled the company's customer services for weeks.
The Justice Department and several other federal executive branch agencies are asking the Federal Communications Commission to revoke China Telecom (Americas) Corp.'s license to provide international telecommunications services to and from the U.S., citing national security concerns.
Privileged access management is more critical as a result of the shift to telework during the COVID-19 pandemic and the ongoing movement of applications and data to the cloud, says Dr. Yask Sharma, CISO of a large national critical infrastructure organization in India, who outlines essential PAM components.
Cybercrime groups and nation-state hacking gangs are continuing to exploit the COVID-19 pandemic to further their aims, U.K. and U.S. security agencies warn in a joint alert. While overall attack levels haven't increased, they say, "the frequency and severity of COVID-19-related cyberattacks" looks set to surge.
The cyberthreat and fraud landscape is ever-changing, and attackers are upping the game with more advanced attacks. The COVID-19 pandemic has accelerated socially engineered schemes, such as phishing and virus-related scams. CISO Stephen Fridakis and consultant Rocco Grillo discuss how to ramp up defenses.
The operator of a newly discovered botnet dubbed "Dark Nexus" is offering cybercriminals access to an array of capabilities, include the ability to launch DDoS attacks on demand, according researchers at Bitdefender.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.