In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.
Kaiji, a newly discovered botnet, is compromising Linux servers and IoT devices using brute-force methods that target the SSH protocol, according to the security firm Intezer. The botnet has the capability to launch DDoS attacks.
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
The average ransom paid by victims to ransomware attackers reached $111,605 in the first quarter of this year, up 33% from the previous quarter, reports ransomware incident response firm Coveware, which sees the Sodinokibi, Ryuk and Phobos malware families continuing to dominate.
Many attackers continue to camp out in networks for months, conducting reconnaissance and stealing sensitive data before unleashing ransomware. Experts say many recent efforts trace to gangs wielding the RobbinHood, Valet Loader, NetWalker, PonyFinal, Maze and Sodinokibi strains of crypto-locking malware.
Before COVID-19, the privacy discussion this year was mainly about the California Consumer Privacy Act. Now it's about healthcare data sharing, contact tracing and monitoring remote workers. Omer Tene of the IAPP discusses the pandemic's influence on global privacy concerns.
To ensure data is protected, business units must work closely with IT and security specialists to resolve data governance issues, says Sydney-based Prashant Haldankar, CISO at Privasec.
The U.S. National Security Agency and the Australian Signals Directorate offer guidance on how to mitigate the growing threat posed by attackers using web shells to create backdoors.
Debdulal Roy, executive director at Bangladesh Bank describes its efforts to collaborate with others to help protect the banking industry from further attacks.
To deal with the problem of "shadow IT" during the COVID-19 pandemic, organizations should put in place redefined compliance and governance policies, take a multilayered security approach and adopt a security framework to prioritize risks, a panel of three experts advises.
Apple is now preparing final patches for two zero-day vulnerabilities that a security firm says have been exploited by certain attackers to seize control of iPhone and iPad email apps, giving them access to users' messages.
Many governments are pursuing contact-tracing apps to combat COVID-19, but such projects risk subjecting populations to invasive, long-term surveillance - as well as insufficient adoption - unless they take an open, transparent and as decentralized approach, says cybersecurity expert Alan Woodward.
The U.S. Small Business Administration says a flaw in an online application portal may have exposed the personal data - including Social Security numbers - of approximately 8,000 loan applicants seeking help coping with the economic impact of the COVID-19 pandemic, according to news reports.
As COVID-19 spread in the spring of 2020, organizations around the world have scrambled to enable a remote workforce, acting in "firefighting" mode and laser-focused on business continuity. But as the new normal settles in, digital transformation is rising as a critical - if altered - priority, and security teams need...
With the massive shift to telework as a result of the COVID-19 pandemic, shadow IT is becoming a more critical security issue around the world. Security experts offer tips on mitigating the risks involved.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
