Looking back at 2020, it was obvious even at the time that everything had changed forever. The COVID-19 pandemic left nothing as it was. It brought disruption and loss to everyone. For security and IT staff, it also ushered in the Great Remote Access Experiment. Our work was suddenly thrust into the limelight, but without…

Read More

The sight of empty supermarket shelves during the COVID-19 pandemic brought home the fragility of our food supply chain. We can all see the importance of ensuring the security of the farming and agriculture industry. However, farming is becoming increasingly automated. This means new cybersecurity risks are emerging to stand alongside traditional risks like the…

Read More

Hidden Malware, Crouching Ransom One reason ransomware can appear to strike so quickly is because you only notice it once it’s too late. “Just because they’re in your network doesn’t mean you’ll see them,” notes Peck. “Ransomware and attackers often linger long before the ransomware goes active and begins encrypting your data.” The ransomware may…

Read More

Back in the day, the theft and loss of backup tapes and laptops were the primary causes of data breaches. That all changed when systems were redesigned and data at rest was encrypted on portable devices. Not only did we use technology to mitigate a predictable human problem, we also increased the tolerance of failure.…

Read More

JWT brings performance to identity assertion and is being widely adopted, but it’s also garnering the attention of cybercriminals. Source link lol

Read More

By now, it is obvious to everyone that widespread remote working is accelerating the trend of digitization in society that has been happening for decades. What takes longer for most people to identify are the derivative trends. One such trend is that increased reliance on online applications means that cybercrime is becoming even more lucrative.…

Read More

This is the second in a three-part series on the new Department of Defense (DoD) audit requirement called Cybersecurity Maturity Model Certification (CMMC). Part one introduced the DoD CMMC model and what it means for the future of U.S. government cybersecurity suppliers. Part two goes into more detail about the CMMC audit itself. CMMC did…

Read More

During this period, a campaign of blackmail attempts claimed to be from the Russian advanced attacker Fancy Bear. Their attack opened with a small DDoS attack as a demonstration, followed by a payment demand for hundreds of thousands of dollars. Pay up or they will “make sure your services will remain offline until you pay.”…

Read More

Executive Summary Phishing remains a popular method of stealing credentials, committing fraud, and distributing malware. But what appears on the surface to be a juvenile form of cybercrime can be, in practice, a well-orchestrated, multi-faceted, and sustained attack campaign by organized crime groups. From finding victims and creating phishing sites to harvesting and fraudulently using…

Read More

Service providers and telecom carriers form the backbone of communications and commerce in modern economies. Their networks and cell towers deliver the internet itself—and everything that depends on it—to homes, businesses and mobile devices all over the world. And the complexity involved in doing so creates enormous security challenges. Much has been said of the…

Read More