Cybercrime groups and nation-state hacking gangs are continuing to exploit the COVID-19 pandemic to further their aims, U.K. and U.S. security agencies warn in a joint alert. While overall attack levels haven't increased, they say, "the frequency and severity of COVID-19-related cyberattacks" looks set to surge.
The COVID-19 pandemic has dramatically changed how we live and work - for now. But will some of these changes last beyond the crisis? If so, what impact can we expect on cybersecurity and privacy? Thought leaders Edna Conway of Microsoft, Michelle Dennedy of DrumWave and Wendy Nather of Cisco share their views.
Patch or perish alert: Less than 20 percent of vulnerable Microsoft Exchange servers have received a fix for a serious flaw that Microsoft first disclosed nearly two months ago, security firm Rapid7 warns. It also found a "concerning number" of Exchange 2007 servers, which Microsoft stopped supporting in 2017.
Australia is investigating how it can leverage data to slow the spread of COVID-19. This raises myriad privacy and security questions, including whether the public would embrace such a system and how long it should be in place.
Zero-day exploits are increasingly a commodity that advanced persistent threat groups can purchase and use to wage attacks, according to a report from security firm FireEye. The report says the number of attacks leveraging such exploits grew last year.
With a global remote workforce, the concept of secure identity has never been more critical. What is the present and future of identity? In a preview of an upcoming virtual roundtable discussion, SecureAuth's Bil Harmer shares his vision.
Identity and access management for the workforce? Cybersecurity leaders are all over that. But what about customer IAM? There's plenty of room to grow there, judging by Dallas roundtable discussion featuring Richard Bird of Ping Identity and Gray Mitchell of IDMWORKS.
As the COVID-19 outbreak has intensified, so too has cybercrime, including ransomware, Interpol, the international crime-fighting agency, warns. Despite some gangs claiming to no longer be targeting healthcare organizations, experts have seen "no abatement, empathy or free decryptor" from any of them.
Researchers at Boston University have written a research paper that proposes creating a smartphone app that uses short-range transmission technologies that can inform users if they have been in close proximity to a person infected with COVID-19 - while maintaining privacy.
Hackers are targeting Chinese government agencies and their employees by taking advantage of zero-day vulnerabilities in VPN servers to plant backdoors and other malware, researchers at the Chinese security firm Qihoo 360 report.
Zoom, responding to research that highlighted encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls. With COVID-19 driving a surge in working from home, researchers have been closely reviewing the security of such software.
A security researcher found 10 flaws within HP's Software Assistant Tool, which is installed across HP's desktop and laptop computers. Bill Demirkapi, who found the flaws, says the software is risky because only seven of the flaws have been patched by HP.
With the COVID-19 pandemic forcing large portions of the workforce to shift to telework, CISOs need to rethink corporate policies on the use of video conferencing platforms and other communications tools, says NIST's Jeff Greene, who offers risk mitigation advice.
As global enterprises get their arms around supporting and securing a near-total remote workforce, their digital adversaries are adapting - and so is the role of deception technology. Carolyn Crandall of Attivo Networks discusses how deception can help mitigate new risks.
A recently uncovered spear-phishing campaign is using fears of the COVID-19 pandemic to spread an information stealer called LokiBot. FortiGuard Labs researchers find that cybercriminals are once again using World Health Organization images as a lure.