For the Defense Industrial Base (DIB), the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) compliance requirement is the hot news topic of 2021. In fact, across the DIB market, CMMC compliance will probably stay a focus through at least 2025. However, for the long term, many organizations are looking to understand the potential impact that CMMC will have outside the DIB. On January 21, the DoD’s CISO subtly announced that her agency is … More
The post Preparing for the Cybersecurity Maturity Model Certification onslaught appeared first on Help Net Security.
The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform Gootloader. It is actively delivering malicious payloads through tightly targeted operations in the US, Germany and South Korea. Previous campaigns also targeted internet users in France. The Gootloader infection chain begins with sophisticated social engineering techniques that involve hacked websites, malicious downloads, … More
The post Multi-payload Gootloader platform stealthily delivers malware and ransomware appeared first on Help Net Security.
With the voice commands “Alexa Skills,” users can load numerous extra functions onto their Amazon voice assistant. Amazon screens special voice assistant functions for security. However, scammers can circumvent this check. These Skills can often have security gaps and data protection problems, as a team of researchers from the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum (RUB) and North Carolina State University discovered, together with a former PhD student who started to work … More
The post Alexa Skills: Security gaps and data protection problems appeared first on Help Net Security.
The majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk, a Netskope research reveals. “Cybercriminals increasingly abuse the most trusted and popular cloud apps, especially for cloud phishing and cloud malware delivery,” said Ray Canzanese, Threat Research Director at Netskope. “Enterprises using the cloud need to quickly modernize and extend their security architectures to understand … More
The post Cybercriminals continue to target trusted cloud apps appeared first on Help Net Security.
There is ample opportunity for financial institutions to harness the power of AI to build more meaningful connections and experiences with customers — vastly improving both retention and acquisition, according to research findings released by NTT DATA. In the global study, customers provide striking testimony about what they would like their financial institutions to provide for them: 53% of customers say they would like their financial institution (FI) to proactively send them reminders on upcoming … More
The post Customers willing to share personal data in exchange for personalized services appeared first on Help Net Security.
A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers (PLCs) and to install new (malicious) firmware, alter the device’s configuration, and so on. Due to these factors the vulnerability has received the maximum CVSS v3 severity score – 10.0. About the vulnerability (CVE-2021-22681) Rockwell Automation’s PLCs are used around the world to control industrial equipment. The flaw may allow an attacker to … More
The post Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681) appeared first on Help Net Security.