Skip to main content
Please wait...

After Russia’s invasion of Ukraine, it's time to hunker down

2 months 2 weeks ago

Chances are you don't live in Ukraine's capital, Kyiv, so you don't need to worry about a missile landing on your office. But even if you're 6,000 miles away, you could still get smacked by Russia’s or its Anonymous enemies' cyberwar fallout.

As the war grinds on, chances will only increase that everyone will be affected by the resulting and growing cyberattacks. So, what can you do to protect yourself?

To read this article in full, please click here

Steven J. Vaughan-Nichols

Google buys cybersecurity company Mandiant for $5.4B

2 months 2 weeks ago

In a move to offer an end-to-end security operations suite from its cloud platform, Google has announced it will acquire cyberdefense and response company Mandiant for $5.4 billion, in a deal expected to close later this year.

The acquisition will complement Google Cloud’s existing security services and together, the companies will deliver a security operations suite as well as advisory services that help customers address critical security challenges and stay protected at every stage of the security lifecycle, Mandiant said in a press release.

The company recently announced a new Ransomware Defense Validation service for its SaaS-based XDR (extended detection and response) platform, Mandiant Advantage, to help enterprises gauge the ability of their security systems to guard against ransomware attacks. 

To read this article in full, please click here

Charlotte Trueman

Change my password? AGAIN?

2 months 2 weeks ago

Every year at this time, I have to fill out my firm’s cyber insurance application — and every year they ask whether we encourage strong passwords and change them often. This question annoys me tremendously, because we really shouldn’t be changing passwords often. We should instead be choosing authentication processes that appropriately match site risks; using a password should be the last thing you want to rely on.

First, think about the information and data a website is keeping on you. The sites we want to offer the most protections often have the weakest. Where you can, always add two-factor authentication to a site’s access. (Not all multi-factor authentication is created equally, but some sort of multi-factor is better than none. If it encourages attackers to go elsewhere, it’s done its job.

To read this article in full, please click here

Susan Bradley

Employee monitoring risks ‘spiraling out of control,’ union group warns

2 months 3 weeks ago

An increase in workplace surveillance during the COVID-19 pandemic could lead to widespread discrimination, work intensification, and unfair treatment of workers unless regulatory safeguards are put in place, according to a prominent UK union group.

The Trades Union Congress (TUC), which represents most unions in the UK, published survey results this week  highlighting the use of surveillance technologies to monitor workers in a variety of job roles.

To read this article in full, please click here

Matthew Finnegan

After Russia’s invasion of Ukraine, it's time to hunker down

2 months 3 weeks ago

Chances are you don't live in Ukraine's capital, Kyiv, so you don't need to worry about a missile landing on your office. But even if you're 6,000 miles away, you could still get smacked by Russia’s or its Anonymous enemies' cyberwar fallout.

As the war grinds on, chances will only increase that everyone will be affected by the resulting and growing cyberattacks. So, what can you do to protect yourself?

To read this article in full, please click here

Steven J. Vaughan-Nichols

It's time to secure the Apple enterprise

2 months 3 weeks ago

It’s not unreasonable to assume that war in Ukraine will generate a wave of cyberattacks. That means every business or personal computer user should audit their existing security protections, particularly for companies that have embraced the hybrid workplace.

While larger enterprises usually employ Chief Information Security Officers (CISOs) and security consultants to manage such tasks, what follows is useful advice for Mac, iPad, and iPhone users seeking to start such an audit.  

To read this article in full, please click here

Jonny Evans

Splunk appoints Gary Steele as new CEO

2 months 3 weeks ago

Splunk has named Gary Steele as its new CEO, three months after the surprise resignation of longtime CEO Doug Merritt.

“The board is focused on identifying a leader with a proven track record of scaling operations and growing multi-billion-dollar enterprises,” Merritt said in a statement at the time.

We now know that leader is Gary Steele, who was the founding CEO of SaaS (software-as-a-service) security vendor Proofpoint, a company he led for nearly 20 years. During that time, Steele navigated both an IPO in 2012 and a private equity buyout from Thoma Bravo last year. He will start on April 11, when he will also take a seat on Splunk’s board.

To read this article in full, please click here

Scott Carey

In a time of war, it’s important to stay secure

2 months 3 weeks ago

As Russia invaded Ukraine, seeing the disruption in the world occur in near real time on social media brought poignancy to what was happening. While I don’t know anyone in Ukraine, I know many people who have friends or family members that have been impacted by the war. Ukraine has many technology ties around the world. It’s also been a source of cyberattacks, which is why there’s extra concern about what we can do to protect ourselves in case of attack. (Eastern Europe has often been the source of many of the ransomware attacks that occur around the world.)

So what can tech users do to ensure you protect yourself from possible cyberattacks arising from the conflict?

To read this article in full, please click here

Susan Bradley

Behavioral Analytics is getting trickier

2 months 3 weeks ago

Behavioral analytics is one of the best authentication methods around — especially when it’s part of continuous authentication. Authentication as a "one-and-done" is something that simply shouldn’t happen anymore. Then again, I've argued the same thing about using unencrypted SMS as a form of multi-factor authentication and I sadly still see that being used by lots of Fortune 1000 firms.

Oh well.

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams/GoogleMeet/Zoom?), they're resistant to rapid widespread deployment because it requires creating a profile for every user — including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person.

To read this article in full, please click here

Evan Schuman

Windows is in Moscow’s crosshairs, too

3 months ago

Russia telegraphed its intentions to invade Ukraine well ahead of this week’s attack by massing nearly 200,000 soldiers along Ukraine’s borders, and by Vladimir Putin’s increasingly belligerent threats.

Behind the scenes, Russia was doing more than that, including dangerous cyberattacks launched against Ukraine. And as is typically the case in such attacks, Windows was the attack vector.

“We’ve observed destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government, Tom Burt, Microsoft corporate vice president for customer security and trust, wrote in a blog post in mid-January. “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable.” In a related technical post detailing how the malware works, Microsoft added: “These systems [under cyberattack] span multiple government, non-profit, and information technology organizations, all based in Ukraine.”

To read this article in full, please click here

Preston Gralla

Take your time testing these February Patch Tuesday updates

3 months 2 weeks ago

There are (as of now) 51 patches to the Windows ecosystem for February, but no critical updates and no "Patch Now" recommendations from the Readiness team. I'm hoping that with this month's list of Patch Tuesday updates, we can enjoy the quiet after the storm. January was tough for a lot of folks. And, with this month's very light release from Microsoft, corporate security and systems administrators can take the time needed to test their applications and desktop/server builds. It's also important to invest in their testing methodologies, release practices, and how their applications may be affected by OS-level updates and patches.

To read this article in full, please click here

Greg Lambert

Addigy talks up Apple-in-the-enterprise tech show

3 months 2 weeks ago

Apple’s continuing enterprise momentum means it’s grabbing a growing slice of the business ecosystem, and the expansion is driving growth across the Apple device management ecosystem.

Addigy Innovate 2022

Reflecting this, Addigy recently announced plans to hold its annual Innovate 2022 conference later this month. I spoke with Jason Dettbarn, founder and CEO, who says the event will include keynotes and product presentations, including one hosted by The Ethical Hacker author Ralph Echemendia.

To read this article in full, please click here

Jonny Evans
Checked
45 minutes 27 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.