In today’s highly distributed world, technology acts as the linchpin for business success. Outdated, slow-moving legacy infrastructure can keep companies from serving customers with the agility and security they demand. Modernization removes those obstacles, leveraging the cloud to accelerate IT service delivery and streamline management.  The result? The freedom to move apps across clouds to fit business needs, help developers bring apps to market faster, and build a competitive advantage.   What makes customers decide to…

Security researchers are warning of a newly discovered ransomware variant currently being used in targeted attacks. Dubbed “Yanluowang” after the .yanluowang extension it adds to encrypted files, the new ransomware was discovered by Symantec during its investigation into an attack against an unnamed “large organization.” It appears that the group using the variant first deployed legitimate command-line Active Directory query tool AdFind for reconnaissance and to help with lateral movement. Before Yanluowang is downloaded, an additional tool…

The UK’s financial regulator, The Financial Conduct Authority (FCA), has released new guidance for organizations in the sector to help them transition securely to hybrid working practices. The regulator warned that financial sector firms must prove that “the lack of a centralized location or remote working” doesn’t increase the risk of financial crime. It also demanded that firms prove there is “satisfactory planning” in several areas. These include regular reviews of hybrid working plans to identify…

The EU could be gearing up to ban anonymous registration of domain data in a bid to boost security and anti-piracy efforts, it has emerged. The new provision was added to the “NIS2” legislation making its way through the European Parliament. It’s aimed at closing loopholes that currently allow registrants to potentially give false contact, or “WHOIS,” information to domain registrars – while expanding the personal details they must provide. “In order to ensure the…

Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular review is useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of a successful attack. CIS Control 8 emphasizes the need for centralized collection and storage and standardization to better coordinate audit log reviews. Some…

When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a sign of identity theft.  A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.  How does identity theft happen in the first place?  Unfortunately, it can happen…

When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a sign of identity theft.  A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.  How does identity theft happen in the first place?  Unfortunately, it can happen…

Researchers at Sophos Labs have unearthed a fraudulent scam that exploits iPhone users looking for love via dating apps.  Under the CryptoRom scam, victims are contacted through their dating app account. The scammer gains the victim’s trust by exchanging direct messages with them.  “Once the victim becomes familiar, they ask them to install fake trading applications with legitimate looking domains and customer support,” wrote researchers. “They move the conversation to investment and ask them to invest a small amount,…

CIOs have had their hands full since the start of the pandemic with three risk management and governance priorities weighing heavily on their minds. Image: Getty Images/iStockphoto With many employees working remotely, a digital transformation taking place at an accelerated pace and cybersecurity issues on the rise, spending on information security and risk management technology and services is expected to exceed $150 million in 2021.  CIOs are becoming more sharply focused on information security and…