Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
Declaring that threats to the United States' power grid are a national emergency, President Donald Trump is taking steps designed to help defend the grid from foreign interference by focusing on the supply chain.
In an apparent attempt to spread TrickBot malware, cybercriminals are sending fake emails designed to look like notifications from the Labor Department concerning changes to the Family and Medical Leave Act, according to IBM X-Force.
Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.
With more employees working remotely and a much heavier demand for telehealth services, entities need to consider extra, accelerated steps in keeping data and systems secure, says Martin Littmann, Kelsey-Seybold Clinic CISO, and Stephen Moore, a former security leader at Anthem.
As Google and Apple prepare to offer a jointly developed infrastructure for contact-tracing smartphone apps to help fight the COVID-19 pandemic, the Electronic Frontier Foundation, a privacy advocacy group, is raising concerns about the risks involved.
Many attackers continue to camp out in networks for months, conducting reconnaissance and stealing sensitive data before unleashing ransomware. Experts say many recent efforts trace to gangs wielding the RobbinHood, Valet Loader, NetWalker, PonyFinal, Maze and Sodinokibi strains of crypto-locking malware.
Over the past five years, a sophisticated spyware campaign has been targeting Android users through Trojan-laced apps in the Google Play store that are disguised as various plugins, browser cleaners and application updaters, according to Kaspersky researchers.
Less than 24 hours after the Australian government released its COVID-19 contact-tracing app Sunday, nearly 2 million people had downloaded it. As security and privacy experts review the app, one outstanding question is if the public will trust it enough to reach the public health target of 10 million users.
It's not so much that the threats have changed amidst the COVID-19 pandemic. It's that the attack surface has broadened, and it's more challenging for defenders to coordinate intelligence, tooling and processes, says Jimmy Astle of VMware Carbon Black.
VictoryGate, a recently discovered botnet that infected about 35,000 devices with malware, has been disabled by researchers from security firm ESET. The botnet's main purpose was mining monero cryptocurrency.