Author: Asad Yaseen

Speaking at the RSAC 365 Virtual Summit Jason Rivera, director, Strategic Threat Advisory Group at CrowdStrike, explored how the COVID-19 health crisis has fundamentally altered the attack surface for organizations across the world. “We had to use the internet so much more than we ever have in the past. If we use the internet more, then we have a larger, more complex attack surface. That in turn allows adversaries opportunities they did not have before.”…

Infamous botnet Emotet has been brought down by an international law enforcement operation. Earlier today, Europol announced that Emotet’s infrastructure had been taken over by investigators in a coordinated action by authorities in Canada, France, Germany, Lithuania, the Netherlands, the United Kingdom, the United States, and Ukraine, with international activity coordinated by Europol and Eurojust. First discovered as a banking trojan in 2014, the malware evolved into a powerful tool used by cyber-criminals the world over to…

The ways organizations should react following a ransomware attack were discussed during a session at the RSAC 365 Virtual Summit. This topic was highlighted in context of an advisory issued in October 2020 by the US Department of the Treasury concerning the payment of ransomware. Adam Hickey, deputy assistant attorney general, National Security Division, Department of Justice, explained that “essentially it reminds the audience that if you engage in transactions with a sanctioned entity or person,…

Insurance providers in the United Kingdom have defended the inclusion of ransomware payments in first-party cyber-insurance policies. Cyber-risk insurance covers the cost of restoring loss to business income or reputation caused by damage to computers and computer networks. The Association of British Insurers (ABI) said that while insurance was “not an alternative” to taking appropriate action to minimize risk, firms could suffer financial ruin without cyber coverage.  The ABI comments were made in response to…

The world’s largest social networking and dating app for gay, bisexual and trans people is facing a hefty fine in Norway over an alleged breach of data privacy.  On Tuesday, Norway’s Data Protection Authority (NDPA) announced its intention to fine Grindr 100 million Norwegian crowns ($11.7m) for illegally disclosing user data to advertising firms. The American company, which launched back in 2009, said that the allegations made by the Norwegian regulator hark back to 2018, when Grindr had different…

  Following its annual Special Interest Group (SIG) election process, the PCI Security Standards Council has confirmed the winning SIG topic for 2021. The Council’s Participating Organizations voted to select “Best Practices for Container Orchestration” as the focus for the year ahead. The goal of the SIG is to provide guidance for companies on how to enhance security when using container orchestration tools. This guidance will include an overview of container orchestration tools as well…

McAfee’s Advanced Threat Research team just completed its second annual capture the flag (CTF) contest for internal employees. Based on tremendous internal feedback, we’ve decided to open it up to the public, starting with a set of challenges we designed in 2019.   We’ve done our best to minimize guesswork and gimmicks and instead of flashy graphics and games, we’ve distilled the kind of problems we’ve encountered many times over the years during our research projects. Additionally, as this contest is educational in nature, we won’t be focused as…

Jack Wallen discusses why the upcoming Ubuntu 21.04 is more important than some of its features would imply. Image: Ubuntu At one point, the Ubuntu faithful were excited that 21.04 (aka Hirsute Hippo) would be one of the first distributions to include GNOME 40. The upcoming release of the GNOME desktop promises to bring about some serious workflow changes that could make everything on the desktop flow a bit more efficiently. GNOME 40 would also…