Warning: Attackers Exploiting Windows Server Vulnerability

Akshaya Asokan • September 25, 2020

Microsoft and the Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch.

Blockchain & Cryptocurrency

The Risks Posed by Wireless Automotive Dongles

Latest

Cloud Security

Microsoft Shutters Azure Apps Used by China-Linked Hackers

Akshaya Asokan • September 26, 2020

Microsoft removed 18 apps from its Azure cloud platform that were being used by hackers as part of their command-and-control infrastructure, according to company researchers. The threat group, called Gadolinium, was abusing the infrastructure to launch phishing email attacks.

Cybercrime

Why Encrypted Chat Apps Aren't Replacing Darknet Markets

Mathew J. Schwartz • September 25, 2020

With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration. But encrypted apps have their own downsides.

Governance & Risk Management

NIST Unveils Updated Guide to Privacy, Security Controls

Akshaya Asokan • September 24, 2020

The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.

Cloud Access Security Brokers (CASB)

Drop Everything and Secure Remote Workforce, Gartner Warns

Mathew J. Schwartz • September 24, 2020

Revisiting remote workforce security defenses, simplifying cloud access controls and pursuing risk-based vulnerability management and passwordless authentication are among the 10 security projects that all organizations should consider for this year and next, according to advisory firm Gartner.

COVID-19

Cybercrime Review: Hackers Cash in on COVID-19

Mathew J. Schwartz • September 22, 2020

Reviewing online attack trends for the first half of the year, numerous cybersecurity firms agree: COVID-19 was king. As the pandemic has reshaped how many live and work, so too has it driven attackers to attempt to exploit work-at-home challenges and virus fears.

Business Continuity Management / Disaster Recovery

Cybersecurity Leadership: Risk Exposure Awareness

Tom Field • September 22, 2020

It might be new, but are we ready to call this "normal?" In this latest in a series of CEO/CISO panels, cybersecurity leaders talk frankly about the new risk surface and the role emerging technologies play in helping us keep pace with our adversaries.

Application Security

CISA Pushes Government Agencies to Patch 'Zerologon' Flaw

Jeremy Kirk • September 22, 2020

U.S. government agencies are supposed to have patched the "Zerologon" vulnerability by now, about six weeks after Microsoft issued a patch. But CISA warns that too many agencies' systems remain unpatched.

Cyberwarfare / Nation-State Attacks

Will US Indictments of Iranian Hackers Be a Deterrent?

Akshaya Asokan • September 22, 2020

Will recent U.S. indictments of several alleged Iranian hackers - as well as government sanctions against an APT group - have a deterrent effect? Security experts share their opinions on the impact of these actions.

Cybercrime

Congress Questions NASA on Cybersecurity Efforts

Chinmay Rautmare • September 21, 2020

Foreign and domestic hacking activity targeting NASA continues to grow at a time when many staffers are working at home, space agency officials testified at a Friday Congressional hearing where they were questioned about risk mitigation efforts.

Endpoint Security

Hacking Group Used Malware to Bypass 2FA on Android Devices

Akshaya Asokan • September 19, 2020

A hacking group targeting Iranian dissidents has developed malware that can bypass two-factor authentication protection on Android devices to steal passwords, according to Check Point Research. The hackers have also targeted victims' Telegram accounts.

Cyberwarfare / Nation-State Attacks

TikTok's Response to Trump? Let's Make a Deal

Mathew J. Schwartz • September 16, 2020

President Donald Trump says TikTok and Oracle are close to making a deal. Don't neglect to read the fine print. While the president has demanded TikTok divest its U.S. operations - preferably to Oracle - because of national security concerns, the Chinese firm is instead offering Oracle a minority stake.

Cyberwarfare / Nation-State Attacks

National Guard Cybersecurity Units Ready to Protect Election

Doug Olenick • September 15, 2020

National Guard units are commonly called up to help deal with the aftermath of a natural disaster. And they played a role in responding to the COVID-19 pandemic and civil unrest. But some states are now calling out the National Guard to help safeguard elections from online attacks and interference.