Author: Admin

Mobile applications with tens of millions of downloads are leaking sensitive user data due to the misconfiguration of back-end cloud databases, according to Check Point. The security vendor’s three-month study began with a simple query on VirusTotal for mobile apps listed on the malware scanning service that communicates with the Firebase cloud database. Throughout the study, Check Point discovered 2113 mobile apps in this way that had their Firebase back-end exposed due to misconfigurations. “While writing…

The US authorities have issued a new alert warning of Russian state-backed malicious activity involving exploiting a well-known bug in Windows Print Spooler discovered last year. The US Cybersecurity and Infrastructure Security Agency (CISA) explained that Russian actors had been spotted exploiting the PrintNightmare bug (CVE-2021-34527) back in May 2021, targeting an unnamed NGO. This was part of an attack chain that began when they exploited a misconfigured account set to default multi-factor authentication (MFA)…

In 2008, Praveen Jonnala became global vice president of digital transformation and business solutions for CommScope, then a $2 billion manufacturer of network infrastructure solutions. Today, after 14 years of acquisitions, the business has more than quadrupled in size. “What worked for us 10 years ago will not work for the next three,” says Jonnala, who became CIO in 2021. “Customer demand, products, and markets are all transforming, so CommScope needs to transform as well.”…

Russian AV firm Kaspersky has hit back at the German authorities after they advised organizations to replace the firm’s products due to heightened east-west tensions. The Federal Office for Information Security (BSI) yesterday argued that critical infrastructure providers and organizations “with special security interests” were particularly exposed. “The actions of military and/or intelligence forces in Russia and the threats made by Russia against the EU, NATO and the Federal Republic of Germany in the course of the current military conflict…

The days of one-off change management initiatives are over. Rather than tackle organizational change management with an end in mind, IT leaders and their organizations must now exist in an environment of persistent flux.  “In this era of continuous disruption, the goal should not be to build an organization that reacts quickly to change. Nor should it only be to build an organization that is almost impervious to disruption,” says Kevin Martin, chief research officer…

André Mendes stepped into the top technology leadership job at the Department of Commerce in April of 2020, just a few weeks into the global pandemic.  His responsibilities and oversight include all the technology and operations for the Department of Commerce and its 13 associated bureaus, including the U.S. Census Bureau, the National Oceanic and Atmospheric Administration (NOAA), the National Institutes for Standards and Technology, the U.S. Patent and Trade Office, and the Bureau of…

Many industrial security professionals lack visibility into their organizations’ assets and processes. This includes Industrial Internet of Things (IIoT) devices as well as industrial organizations’ supply chains. Back in March 2021, Tripwire announced the results of a survey in which 99% of security professionals said that they had experienced challenges securing their organizations’ IoT and IIoT devices. Two-thirds of respondents said that they had struggled to discover and remediate vulnerabilities, while 60% had run into…

By Peter Lund, Vice President of Product Management at OT security company Industrial Defender As of February 2022, we’re already witnessing an increased focus on OT cybersecurity — and for good reason. The Biden Administration has announced a new plan to secure U.S. water systems from cyberattacks, an unfortunate signal that bad actors are targeting utilities and threatening what Americans typically view as guarantees. Water, gas, and electricity are all at risk of being contaminated,…