RSS_Virtulization

The UK privacy regulator has fined a QR code provider that abused its access to personal data to spam individuals with direct marketing at the height of the pandemic. The Information Commissioner’s Office (ICO) explained in a notice yesterday that it fined St Albans firm Tested.me £8000 after it send the marketing email without gaining adequate valid consent from data subjects. The firm provided clients with contact tracing services by enabling them to offer customers…

Some 90% of cyber-attacks investigated by a leading security vendor last year involved abuse of the Remote Desktop Protocol (RDP), and ransomware featured in 81%. The figures come from a new Active Adversary Playbook 2021 compiled by Sophos from the experiences of its frontline threat hunters and incident responders. It revealed that, while RDP is often used to gain initial access into victim organizations, especially during ransomware attacks, it was also hijacked by attackers in…

CSO Online | May 19, 2021 The SolarWinds breach represents a tectonic shift in threat actor tactics, suggesting this kind of attack vector will be replicated. Not only were the attacker’s sophistication and technical proficiency high — allowing them to stay in stealth mode — they also understood the supply chain. Join us to learn how improved identity management and governance surrounding software components, along with workload runtime protection, are critical strategies in guarding against…

Amazon’s, Google’s and Microsoft’s experiences with building massive infrastructures for the world allows for some fascinating insights into the future of IT security at scale. As a result, when Google published The CISO’s Guide to Cloud Security Transformation earlier this year, I was curious about what priorities they saw in cloud security. It’s a short read, and it’s well worth the time invested in downloading a copy.  I want to share my observations on some…

The scourge that is ransomware has had a devastating impact on the lives of ordinary people around the world, but it doesn’t have to be that way, according to a panel of experts speaking at the 2021 RSA Conference on May 18. Ransomware is not a new problem in 2021, and it certainly is not one that appears to be diminishing by any measure; rather, it’s growing. Jen Miller-Osborn, deputy director of threat intelligence for Unit…

  P2PE Assessors and Participating Organizations are invited to provide feedback on the draft P2PE v3.1 Standard minor revision during a 30-day request for comments (RFC) period running from 18 May through 17 June 2021. This minor revision primarily includes updates to Domain 5 to align with the updates, as applicable, from the PCI PIN v3.1 Standard minor revision published in March 2021. Additional errata updates are also included.