Month: November 2020

Editor’s note: In the first of a two-part article on securely operating or migrating to the cloud-based Microsoft 365 (formerly Office 365) suite of services, Nemertes Research CEO and founder Johna Till Johnson first looks at common security misconfigurations surrounding Microsoft 365 and the operational practices of some of its third-party practitioners. Part two will
by Florentino Sanchez Every day is a computer security day, but November 30th is officially Computer Security Day, intended to raise awareness of online security issues and to promote cybersecurity best practices. Days like these are a handy nudge to do a few extra security checks. With that in mind, here are some tips from the
The National Cyber Security Centre (NCSC) is assisting Manchester United in dealing with the cyber-attack which struck the English football club last week. Last Friday, the Premier League side confirmed in a statement that an incident had taken place,  following which affected systems were shut down to “contain the damage and protect data.” One week
There’s a reason why a computer virus is called a “virus,” as they have many similarities to medical viruses. Notably, as medical viruses can have a severe impact on your personal health, a computer virus can severely impact the health of your business. In today’s digital world, a computer virus, a “wormable” remote code execution
There needs to be better steps taken by politicians and social media platforms to deal with fake news, especially as the COVID-19 vaccine is created. Speaking during the Westminster Forum Conference on tackling fake news and online misinformation, event chair Khalid Mahmood MP, shadow defense minister for procurement, said, as we have seen throughout the pandemic,
Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise (BEC) scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed “Operation Falcon,” was jointly undertaken by the international police organization along with Singapore-based cybersecurity firm
Steps can be taken to reduce the threat of fake news infiltrating online advertising. Speaking during the Westminster Forum Conference about tackling fake news and online misinformation, Konrad Shek, deputy director, policy and regulation at the Advertising Association, said the advent of disinformation has had an “enormous impact on trust in the media and politics.” He said
The U.S. law enforcement agency shares a sampling of more than 90 spoofed FBI-related domains registered recently The Federal Bureau of Investigation (FBI) has issued a warning about domains designed to spoof the Bureau’s official website, The alert lists more than 90 such fraudulent websites that have been registered recently. “The FBI observed unattributed cyber actors
A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider. By hiring a third-party provider to manage its security program remotely, an organization gains access to staff and resources that it doesn’t have in-house, and can better keep up with information
The ways in which CISOs should go about transforming the cybersecurity capabilities of an entire organization was discussed during the DTX Cyber Security Mini Summit by Michael Jenkins MBE, CISO at Brunel University. Jenkins previously spent a long career in the military including positions in counter-intelligence, and also played a major role in planning security
A security champions program is critical to maintaining an organization’s security culture, but during the COVID-19 shutdown, teams could find themselves working with one hand tied virtually behind their backs. Telework arrangements, online meetings, collaboration software and extensive smartphone use can keep an organization running, but they can’t recreate the casual interactions that are an
Phishing and social media/email hacks are the most frequently reported cybercrimes in the United States and the United Kingdom, respectively, according to new research by cybersecurity company Clario and British cross-party think-tank Demos. The finding was included in “The Great Cyber Surrender” report, created from the results of a survey of 2,000 people in the UK and the
A security operations center, or SOC, is one of the first lines of defense against attacks and breaches. The infosec employees working within this command center create, implement and revise an enterprise cybersecurity program, as well as deploy, manage and update the security technologies and tools key to preventing data loss. The 2020 Verizon Data
This won’t be music to your ears – researchers spot an unsecured database replete with records used for an account hijacking spree Researchers have found an unsecured internet-facing database containing over 380 million individual records, including login credentials that were leveraged for breaking into 300,000 to 350,000 Spotify accounts. The exposed records included a variety
by Paul Ducklin Thanks to Bill Kearney of Sophos Rapid Response for his work on this article. If you’ve read the recent Sophos 2021 Threat Report, you’ll know that we deliberately included a section about all the malware out there that isn’t ransomware. Sure, ransomware understandably hogs the media headlines these days, but cybercriminality goes
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as “SEC-575” and discovered by researchers from Digital Defense, has been remedied by the company in
America’s Cybersecurity and Infrastructure Security Agency (CISA) could soon be on the receiving end of a sizable cash injection to help clear a backlog in state and local vulnerability assessments. A Senate panel is moving to give the Department of Homeland Security’s agency $58m to support the continued reduction of its sizable assessment caseload. According to