RSS_Virtulization

For Stanley Black & Decker, digital technologies are transforming every aspect of the company, from internal operations to customer experience to the products and services themselves. Recently, I spoke with Rhonda Gass, CIO, about her approach to strategy, architecture, and change management as well how her CIO role is evolving now and into the future. What follows is an edited version of our interview. Martha Heller: How is Stanley Black & Decker currently deploying digital…

Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason. vchal, Getty Images/iStockphoto Ransomware attacks can devastate an organization in obvious ways, most notably by preventing it and its customers or users from accessing critical data and resources. But such an attack can also have longer lasting and far wider consequences. A report released Wednesday by cybersecurity firm Cybereason looks at…

NHS Test and Trace has announced that an early-stage UK company will be in charge of managing its supply chain cybersecurity risks. Risk Ledger, which was part of the fourth cohort of the government-backed London Office for Rapid Cybersecurity Advancement (LORCA) program to promote cyber scaleups, will allow NHS Test and Trace to utilize its ‘social network’ platform. The platform will enable organizations to connect and share risk data securely, quickly and easily. This move is particularly…

Security experts have urged users to think more carefully about their password choice after spotting as many as one million based on simple football-related words. Authentication firm Authlogics manages a Password Breach Database — a collection of previous stolen or cracked credentials which that allows it to spot trends and offer industry advice. It claimed that of the one billion passwords in the trove, over 1.1 million are linked to the beautiful game. These are led…

Some 80% of global organizations that have paid a ransom demand experienced another attack, often at the hands of the same threat actors, according to a new study from Cybereason. The security vendor polled 1,263 cybersecurity professionals in multiple verticals across the US, UK, Spain, Germany, France, the United Arab Emirates, and Singapore to compile its latest report, Ransomware: The True Cost to Business. It confirmed what law enforcers and commentators have been saying for some…

Security experts have warned of a critical IoT supply chain vulnerability that may affect millions of connected cameras globally, allowing attackers to hijack video streams. Nozomi Networks revealed the flaw in a popular software component from ThroughTek, which OEMs use to manufacture IP cameras, baby and pet monitoring cameras, and robotic and battery devices. The bug itself is found in a P2P SDK produced by the firm. In this case, P2P refers to functionality that…

Back in 2018, the State of Security spent a lot of time going over v7 of the Center for Internet Security’s Critical Security Controls (CIS Controls). We noted at the time how the Center for Internet Security shuffled the order of requirements for many of the existing controls in that version. It also cleaned up the language of the CIS Controls, simplified some working, removed duplicate requirements, and created an abstract for each of the…

Executive Summary  The McAfee Advanced Threat Research team (ATR) is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. As security researchers, something that we always try to establish before looking at a target is what our scope should be. More specifically, we often assume well-vetted technologies like network stacks or the OS layers are sound and instead focus our attention on the application layers or software that is specific to a target. Whether that approach is comprehensive sometimes doesn’t…

[Disclaimer: The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021.] Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert a tiny USB key with a boot image file containing malicious code that grants them remote root access. Since the attacker doesn’t need to factory unlock the bike to load the…

[Disclaimer: The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021.] Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert a tiny USB key with a boot image file containing malicious code that grants them remote root access. Since the attacker doesn’t need to factory unlock the bike to load the…