MS-ISAC Releases Advisory on DrayTek Devices

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory regarding two vulnerable command injection points in DrayTek devices (CVE-2020-8515). An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in exploits in the wild.

Social security for all — for now

Image: Maureen Herman

America has no fire drill for economic uncertainty. What is going to happen today, April 1st, in the middle of an unprecedented pandemic, when everyone’s rent, mortgages, and bills are due?

Important tips for safe online shopping post COVID-19

As more and more countries order their citizens inside in response to COVID-19, online shopping—already a widespread practice—has surged in popularity, especially for practical items like hand sanitizer, groceries, and cleaning products. When people don’t feel safe outside, it’s only natural they’d prefer to shop as much as possible from the safety of their own homes. Unfortunately, you can bet your last toilet paper roll that cybercriminals anticipated the rush and were ready to take advantage of our need to buy supplies of all kinds online.

Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do

True to form, human-operated ransomware campaigns are always on prowl for any path of least resistance to gain initial access to target organizations. During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances. Unfortunately, one sector that’s particularly exposed to these attacks is healthcare.

Here’s How Bots Are Exploiting Coronavirus Fears

Coronavirus is a pandemic that the world has not witnessed in quite some time. International borders are closed. Major sports leagues have suspended their games. Employers have asked their workers to work from home. Normal life has been upended and will remain so for the foreseeable future, as the world struggles to get ahead of the deadly COVID-19 virus.

Take your shot: Apply to TC Top Picks at Disrupt SF 2020

TechCrunch Disrupt San Francisco is known around the world as the place where the early-stage startup community gathers to learn and launch, connect and collaborate. We know COVID-19 has created challenges, but Disrupt SF is still on schedule (keep tabs on our updates here). Like startup founders everywhere, we quickly learn where, when and how to pivot. Case in point, check out our new Disrupt Digital Pass option.

Expanding Free Security Offers into Customers’ Endpoints

During this global health crisis, normal has been redefined. We are living through a dynamic situation that has required us to reorient our personal and professional lives in ways we never have before. Companies have had to do the same. Many have taken the extraordinary step of moving the majority, if not the entirety, of their workforces to a virtual workplace. As companies adapt to their new normal, securing this sudden exponential growth of remote workers and their devices remains a challenge.

Securing Your Remote Workforce

As mentioned in previous articles, Securonix, has devoted an entire taskforce to outlining key threats that are appearing under the guise of COVID-19 themed domain names or emails. The threat research team has been observing malicious threat actors attempting to exploit an increasing number of the associated cyberattack vectors such as: 

Ex-NSA hacker drops new zero-day doom for Zoom

Zoom’s troubled year just got worse.

Now that a large portion of the world is working from home to ride out the coronavirus pandemic, Zoom’s popularity has rocketed, but also has led to an increased focus on the company’s security practices and privacy promises. Hot on the heels of two security researchers finding a Zoom bug that can be abused to steal Windows passwords, another security researcher found two new bugs that can be used to take over a Zoom user’s Mac, including tapping into the webcam and microphone.

The Zoom Privacy Backlash Is Only Getting Started

The popular video conferencing application Zoom has been having A Moment during the Covid-19 pandemic. But it’s not all positive. As many people’s professional and social lives move completely online, Zoom use has exploded. But with this boom has come added scrutiny from security and privacy researchers—and they keep finding more problems, including two fresh zero day vulnerabilities revealed Wednesday morning.

BrandPost: Securing the Shift of Workloads to Public Clouds

As organizations around the world are increasingly reliant on public cloud platforms for managing server workloads, compliance and security issues abound. These include attempted exploits and data breaches. One effective way to reduce vulnerabilities is to harden servers based on accepted standards such as the CIS Benchmarks, which are developed and maintained through a consensus-based process. Organizations implement hardening standards due to compliance audits as well as internal policies driven by security needs and risk management.

BrandPost: How to Implement & Assess Your Cyber Hygiene

Just like physical hygiene keeps us healthy and protects us from common germs, cyber hygiene is important for protecting your organization from common cyber threats. Implementing cyber hygiene security best practices is the CIS-recommended way to help prevent data breaches, system misconfigurations, and more.

BrandPost: New Options from CIS for STIG Compliance

Staying secure can be a challenge, especially for organizations working in a regulated environment. Organizations in regulated industries can rely on the industry-recognized, community-developed CIS Benchmarks to help them meet their various cybersecurity compliance requirements. The CIS Benchmarks from The Center for Internet Security (CIS) are consensus-based secure configuration guidelines that help organizations around the globe meet common compliance framework requirements.

BrandPost: How to Prepare for Your Next Cybersecurity Compliance Audit

Reading a list of cybersecurity compliance frameworks is like looking at alphabet soup: NIST CSF, PCI DSS, HIPAA, FISMA, GDPR…the list goes on. It’s easy to be overwhelmed, and not only because of the acronyms. Many frameworks do not tell you where to start or exactly how to become compliant. Cybersecurity best practices from the Center for Internet Security (CIS) provide prioritized, prescriptive guidance for a strong cybersecurity foundation. And, they support your efforts toward compliance with the aforementioned alphabet soup.

BrandPost: 4 Risks of Waiting to Migrate to the Cloud

If you’re responsible for the security of your organization’s digital environment, staying up-to-date with the latest hardware, environment, and software vulnerability patches can be a challenge. Migrating your workloads to the cloud can help address these challenges in new, unique ways. Waiting to migrate to the cloud can create unforeseen consequences. Here are four risks of waiting to migrate to the cloud and how CIS resources can help mitigate them.