Zoom has reached a settlement with the New York state attorney general's office to provide better security and privacy controls for its videoconferencing platform. Meanwhile, the company announced it's acquiring a start-up encryption company.
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.
Kaiji, a newly discovered botnet, is compromising Linux servers and IoT devices using brute-force methods that target the SSH protocol, according to the security firm Intezer. The botnet has the capability to launch DDoS attacks.
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
"Digital transformation" was an overused marketing buzz phrase until the global crisis came along and - over the course of a single weekend - changed permanently how we live and work.
Enterprises are emerging from firefighting mode now and beginning to strategize about what comes next. What will be the balance of...
The average ransom paid by victims to ransomware attackers reached $111,605 in the first quarter of this year, up 33% from the previous quarter, reports ransomware incident response firm Coveware, which sees the Sodinokibi, Ryuk and Phobos malware families continuing to dominate.
Many attackers continue to camp out in networks for months, conducting reconnaissance and stealing sensitive data before unleashing ransomware. Experts say many recent efforts trace to gangs wielding the RobbinHood, Valet Loader, NetWalker, PonyFinal, Maze and Sodinokibi strains of crypto-locking malware.
Before COVID-19, the privacy discussion this year was mainly about the California Consumer Privacy Act. Now it's about healthcare data sharing, contact tracing and monitoring remote workers. Omer Tene of the IAPP discusses the pandemic's influence on global privacy concerns.
Apple is now preparing final patches for two zero-day vulnerabilities that a security firm says have been exploited by certain attackers to seize control of iPhone and iPad email apps, giving them access to users' messages.
Many governments are pursuing contact-tracing apps to combat COVID-19, but such projects risk subjecting populations to invasive, long-term surveillance - as well as insufficient adoption - unless they take an open, transparent and as decentralized approach, says cybersecurity expert Alan Woodward.
The U.S. Small Business Administration says a flaw in an online application portal may have exposed the personal data - including Social Security numbers - of approximately 8,000 loan applicants seeking help coping with the economic impact of the COVID-19 pandemic, according to news reports.
As COVID-19 spread in the spring of 2020, organizations around the world have scrambled to enable a remote workforce, acting in "firefighting" mode and laser-focused on business continuity. But as the new normal settles in, digital transformation is rising as a critical - if altered - priority, and security teams need...
Federal government agencies face unique cybersecurity risks, and as a result they often place tight restrictions on mobile devices in the workplace. But perhaps it's time to loosen these restrictions because they are negatively impacting missions, recruitment and retention.
There are consequences of cutting back or...
It's crucial for companies to assess and monitor the security of their vendors, suppliers and business partners.
Companies must carefully check their vendors' cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. But these can be a headache, because...