Advertisement

Monitoring From Home: 3 Things To Still Watch Out For In Your IT Network | Information Security Buzz

monitoring from home: 3 things to still watch out for in your it network | information security buzz

BEGIN ARTICLE PREVIEW:

The initial move to working from home had many teams making huge adjustments to this way of working. IT departments all over the world worked miracles to make sure staff had access to whatever they needed, wherever they were, to keep businesses up and running. But, as any IT person will tell you: the battle is not over. It’s one thing to get everything up and running, but another to keep it up and running. 
One of the main challenges for IT teams has been that not only are their users logging in remotely, but so are they. With the lockdown having lasted for months now, IT teams have been  far away from the physical IT equipment  that runs their business. Some businesses may now choose to open their doors for staff, however for those who are maintaining remote working measures how do IT teams ensure that everything is running as it should until they are given the green light to get back into the workplace? How can they be alerted when a critical service is slow or even worse down? 
The answer to all these questions is the same as when everyone is working in the office: network …

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE

TSB Customers suffer online banking outages | Information Security Buzz

tsb customers suffer online banking outages | information security buzz

BEGIN ARTICLE PREVIEW:

Some TSB customers couldn’t access online banking services on Monday, with users on both the app and the website receiving error messages when trying to access their accounts, according to BBC News. Many of the affected customers were unable to get past the security questions, some for several hours. A number of users even reported their accounts had been blocked while trying to log in with the correct details. The bank said it was working to fix the issue as quickly as possible, and that only a “very small number” of people were affected.

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE Continue reading “TSB Customers suffer online banking outages | Information Security Buzz”

Devon Bryan Named as Chief Information Security Officer (CISO) for MUFG Union Bank

devon bryan named as chief information security officer (ciso) for mufg union bank

BEGIN ARTICLE PREVIEW:




NEW YORK, Aug. 12, 2020 /PRNewswire/ — MUFG Union Bank announced that Devon Bryan has joined as Chief Information Security Officer (CISO) for MUFG Union Bank effective August 3rd and will be based in Jersey City, NJ.Bryan will be responsible for establishing and maintaining a comprehensive information security strategy and program to ensure that information assets and technologies are appropriately protected.  In addition, he will ensure information security risks are identified, evaluated, mitigated and reported; lead efforts to prevent and respond to security incidents; establish standards and controls; manage security technologies; and implement security policies and procedures.  Bryan will report directly to Chris Higgins, Chief Information & Operations Officer (CIOO) for MUFG Americas Holdings Corporation and its U.S. banking subsidiary, MUFG Union Bank, N.A., and will serve as a member of his management team.”I am thrilled that Devon will be leading our Enterprise Information Security organization,” Higgins said. “He has an impressive career track record in this field which makes him perfectly qualified to lead us in this important area.  He will be focused on developing solutions rather than just implementing policies, and he will also facilitate business enablement versus enacting a narrowly defined security approach.”   Bryan is a …

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE Continue reading “Devon Bryan Named as Chief Information Security Officer (CISO) for MUFG Union Bank”

Comment: Upgraded Agent Tesla malware steals passwords from browsers, VPNs | Information Security Buzz

comment: upgraded agent tesla malware steals passwords from browsers, vpns | information security buzz

BEGIN ARTICLE PREVIEW:

New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. Agent Tesla is a commercially available .Net-based info stealer with both remote access Trojan (RAT) and with keylogging capabilities active since at least 2014. This malware is currently very popular with business email compromise (BEC) scammers who use it to infect their victims for recording keystrokes and taking screenshots of compromised machines. It can also be used for stealing victims’ clipboard contents data, for collecting system information, and for killing anti-malware and software analysis processes.

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE Continue reading “Comment: Upgraded Agent Tesla malware steals passwords from browsers, VPNs | Information Security Buzz”

Twitter’s Crypto Hacking Scandal: A Wake-Up Call for Security

twitter’s crypto hacking scandal: a wake-up call for security

BEGIN ARTICLE PREVIEW:

It started with a phone call, moved on to scamming unsuspecting victims out of Bitcoin, and ended in the arrests of three people, including a Florida teenager.

The July 15 hijacking of about 130 high-profile and verified Twitter accounts, including those of Bill Gates, Elon Musk, Barack Obama and Joe Biden, scammed dozens of people out of about $120,000 worth of bitcoin. The incident, which gained worldwide attention, contained a bit of everything, including a celebrity element and questions about the reliability of messages posted on one of the world’s largest social media platforms.

The arrests of a 17-year-old and two others in connection with the hacking case by the U.S. Justice Department and state prosecutors in Florida also reveal how rather basic hacking techniques, such as phone phishing and SIM swapping, can affect the security of an entire organization, leaving employees and internal resources open to attack.

“We still don’t know exactly what happened with Twitter, however, they’ve acknowledged that the incident was started by a phone spear phishing attack,” Hank Schless, a senior manager for security solutions at Lookout, told Dice. “Regardless of what happened with Twitter, this should be a wakeup call to everyone that phones …

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE Continue reading “Twitter’s Crypto Hacking Scandal: A Wake-Up Call for Security”

Managing Information Security Skepticism by Changing Workplace Culture – Security Boulevard

managing information security skepticism by changing workplace culture – security boulevard

BEGIN ARTICLE PREVIEW:


Imagine a workplace in which all of the staff support the function of information security. Employees report suspicious events, are committed to data privacy and see the value in completing the regularly scheduled compliance trainings. How much easier life would be for security professionals!Naturally, it’s hard for people to get behind something that feels foreign or is shrouded in mystery. Much to the vexation of security professionals, skepticism is a common response to the information security function within business.What problem does managing the internal skepticism to information security solve? Security is a critical element of any successful twenty-first century business. Shifting mindsets to supporting this arm makes the organization more likely to achieve its strategic objectives.Fortunately, effective communication is often the only strategy required to begin transforming skepticism into support.ApproachabilityDue to the constant firefighting nature of the security field, information security professionals can often be quick to dismiss reports from staff that appear benign on the surface.Even if an employee reports a false positive, it is our responsibility as professionals to take all incident reports seriously. We will contribute to the culture of distrust and skepticism if we take lightly or ignore the concerns …

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE Continue reading “Managing Information Security Skepticism by Changing Workplace Culture – Security Boulevard”

Spreedly Adds Chief Information Security Officer | PYMNTS.com

spreedly adds chief information security officer | pymnts.com

BEGIN ARTICLE PREVIEW:

Spreedly, which works in accelerating global commerce via a secure, flexible platform for any payment type, has announced Christopher Hudel as chief information security officer (CISO), according to a press release.Hudel’s role will be to help boost cyber protection for customers. He will “further enhance key security strategies and best practices” and serve as an expert on issues of IT threats for payments services, the release stated.Hudel has more than 20 years of experience in a number of fields, including “application and product security, incident and crisis management, penetration testing (‘red teaming’), security roadmap and strategy, security operations, digital transformation, architecture, evangelism and leadership,” He has worked in financial services with First Union/Wachovia Bank, LendingTree, Bank of America, and First Citizens Bank, according to the release.He was previously an adjunct professor teaching information security graduate and undergraduate courses for the University of North Carolina. He has cybersecurity, defense and incident response credentials, including GIAC Information Security Expert (GSE), Offensive Security Certified Expert (OSCE), and Certified Information Systems Security Professional (CISSP).He said the opportunity is a good one because of the numerous ways the company meets payments and security needs.“What really impressed me about Spreedly …

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE Continue reading “Spreedly Adds Chief Information Security Officer | PYMNTS.com”

MSU: Unauthorized user access online shopping site, exposes shoppers’ information

msu: unauthorized user access online shopping site, exposes shoppers’ information

BEGIN ARTICLE PREVIEW:




Michigan State University announced that an unauthorized party gained access to its online store and placed a malicious code to expose shoppers’ credit card numbers.The university said shoppers’ credit card numbers were exposed between Oct. 19, 2020, and June 26, 2020.According to MSU, the intrusion was a result of a vulnerability in the website which has since been addressed.

MSU said during the initial investigation, it was determined that the exposed information included names, addresses, and credit card numbers of about 2,600 customers.Once it became aware of the breach, the university said its information security team promptly corrected the vulnerability.No Social Security numbers were compromised and MSU is working with law enforcement in the investigation. 

“Our top priority is preventing any further exposure of consumers’ information by sharing resources and tools to help protect them from these cybercriminals,” said MSU Interim Chief Information Security Officer Daniel Ayala. “The security of our IT systems and those who use them are of paramount importance to MSU. We are deeply sorry and understand the concern of those affected. We are working around the clock to make it right.”MSU said it began notifying all potentially affected individuals of the breach today. They said they’ …

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE Continue reading “MSU: Unauthorized user access online shopping site, exposes shoppers’ information”

New Report Shows Lack of Security Confidence in Addressing the Hidden Risks of Shadow Code, Putting Organizations at High Risk of Attack – Security Boulevard

new report shows lack of security confidence in addressing the hidden risks of shadow code, putting organizations at high risk of attack – security boulevard

BEGIN ARTICLE PREVIEW:


SAN MATEO, Calif., August 11, 2020 – – PerimeterX, the leading provider of application security solutions that keep digital businesses safe, today released “Shadow Code: The Hidden Risk to Your Website.” This second annual survey of security professionals uncovers the extent and impact of third-party scripts and open-source libraries used in web applications across organizations.These third-party scripts and script libraries – collectively referred to as ”Shadow Code” – are a growing security risk as organizations rely on them to increase the pace of digital transformation. Similar to Shadow IT, where employees use cloud services and software that is not approved, monitored or supported by Corporate IT, Shadow Code includes any code introduced into a website or web application without approval or security validation. Shadow Code can be legitimate third-party services such as payment scripts, chatbots or analytics scripts, but can also include malicious scripts injected by hackers, as well as misconfiguration that results in outdated or vulnerable scripts used in production applications that handle sensitive user data.Conducted with Osterman Research, a leading market research firm, the survey found that Shadow Code remains a blind spot for most information security teams, and trust is eroding. Only 8% of respondents reported that they have complete insight into …

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE Continue reading “New Report Shows Lack of Security Confidence in Addressing the Hidden Risks of Shadow Code, Putting Organizations at High Risk of Attack – Security Boulevard”

Addressing security challenges presented by HIEs

addressing security challenges presented by hies

BEGIN ARTICLE PREVIEW:

Health information exchanges can be a way for providers to access clinical information in efficient and, ideally, seamless ways.But experts say they can also present security challenges.
“You should be constantly thinking about how to map what an HIE does, and what it is, to our security base: confidentiality, integrity and availability.” said Jenn Behrens, chief information security officer at San Diego Health Connect.
Behrens was among several panelists who weighed in at the Office of the National Coordinator for Health IT’s Tech Forum on Monday about best practices for HIE network management. 
Achieving that mapped triad requires an interplay of governance and security controls, said the panelists.
“If we do one without the other, the likelihood of success … is going to be minimized,” said Behrens.
The governance domain involves contracts – including MSAs with security addendums and business associate agreements – internal and external risk management audits, and trust frameworks, including TEFCA. 
Security controls, Behrens explained, should include access control; network, mobile and asset, information, software development, operations and physical security; architecture; identity and access management; and incident response. 
“Business continuity, disaster recovery and incident response seem like no brainers … but these are being increasingly tested as we’re having smaller …

END ARTICLE PREVIEW

READ MORE FROM SOURCE ARTICLE Continue reading “Addressing security challenges presented by HIEs”