CPRA Hints at The Future of Cybersecurity and Privacy

Written by Karen Walsh, CEO, Allegro Solutions – December 11th, 2020 One of the most notable ballot propositions impacting the privacy and cybersecurity world during the US 2020 election was the passage of the California Privacy Rights Act (CPRA). Predominantly considered an updated version of 2018’s California Consumer Privacy Act (CCPA), the CPRA incorporates several changes other ...

Read More

Healthcare in Crisis: Diagnosing Cybersecurity Shortcomings in Unprecedented Times

In the early fog of the COVID-19 pandemic, cybersecurity took a back seat to keeping patients alive. Lost in the chaos was IT security. When the COVID-19 pandemic first hit the U.S. hard in March, the Elmhurst Hospital was forced into a logistical nightmare. It was a grim sign of the times, as the Queens, N.Y. hospital ...

Read More

FBI warns of email forwarding rules being abused in recent hacks

Written by Catalin Cimpanu for Zero Day – December 1st, 2020 FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators."  The US Federal Bureau of Investigation says that cyber-criminals are increasingly relying on email forwarding rules in order to disguise their presence inside hacked ...

Read More

Office 365 phishing abuses Oracle and Amazon cloud services

Written by lonut Ilascu on November 27th, 2020 A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. The campaign has been active for more than half a year and uses a network of legitimate websites that ...

Read More

Be Very Sparing in Allowing Site Notifications

Written for Krebs on Security – November 20th, 2020 An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling ...

Read More

Why now is the time for zero trust in DoD cybersecurity

Written by Jim Hansen – November 20th, 2020 The sudden and massive shift to a remote work policy across the Department of Defense and the contracting community has created a perfect storm of cyber challenges needing to be addressed. Keenly aware of this, threat actors are taking advantage. A few months into the COVID-19 crisis, the Pentagon ...

Read More

Understanding What The FCI Means

At the present time, the Cybersecurity Maturity Model Certification (CMMC) is fast gaining steam in the defense industry. A previous whitepaper has explored the CMMC in much more detail, but essentially, this is where any defense contractors and any subcontractors must be certified at a certain level before the Department of Defense (DoD) will allow ...

Read More

Microsoft advises ditching voice, SMS multi-factor authentication

Written by Deeba Ahmed – HackRead – November 16th, 2020 Microsoft wants users to opt for securer technologies citing multi-factor authentication (MFA) as the “least secure” method available nowadays. Microsoft’s identity security director, Alex Weinert, wrote in a blog post that the time has come to ditch SMS and voice multi-factor authentication (MFA) tools in favor of ...

Read More

Breakdown of a Break-in: A Manufacturer’s Ransomware Response

Written by Kelly Sheridan – November 16th, 2020 The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents. While no two organizations are the same, they can learn from one another's mistakes. A step-by step analysis of a ransomware investigation can prove fruitful in helping organizations ...

Read More

Microsoft says three APTs have targeted seven COVID-19 vaccine makers

Written by Catalin Cimpanu for Zero Day – November 13th, 2020 Microsoft says it detected three state-sponsored hacking operations (also known as APTs) that have launched cyber-attacks on at least seven prominent companies involved in COVID-19 vaccines research and treatments. Microsoft traced the attacks back to one threat actor in Russia and two North Korean hacking groups. Known ...

Read More