Blog

By Nancy Rand, Posted in Security

NIST Privacy Framework working drafts have been published for input. The Privacy Framework group has posted an outline of the NIST Privacy Framework, along with a summary analysis of the comments received on their Request for Information. The group developed the outline in response to what was heard from stakeholders, and are looking forward to feedback. A comments spreadsheet has also been posted. A list of standards guidance referenced is available. The NIST Privacy Framework Group is hosting a live webi... read more.

• March 01, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 2/18 Symantec Improves Email Security With Fraud Protection Jane Wong, vice president of Engineering and Product Management, explained that Symantec Email Security protects customers from email attacks by blocking threats such as phishing, malware, spam and BEC; Email Fraud Protection helps customers automate implementation of sender authentication standards such as DMARC, DKIM and SPF.  http://bit.ly/2EhPmQK Detected Cryptojacking Prompts Microsoft to Remove Eight Free Apps from Micros... read more.

• February 22, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 2/11 Microsoft: Improved Security features are delaying hackers form attacking Windows users New features have made it much harder for mundane cybercrime operations to come up with zero-days or reliable exploits for newly patched Microsoft bugs, reducing the number of vulnerabilities exploited at scale. https://zd.net/2WVMQXq Citrix Cloud comes to Cisco HyperFlex Customers who want to take advantage of the benefits of moving the Citrix control plane to the cloud and have Citrix manage the enviro... read more.

• February 15, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 2/4 Google Yanks 29 Malicious Photo Apps From Play Store, But Not Before Millions of Downloads Google yanked some 29 photo apps from the Play Store this week after they were discovered to have malicious code that pushes full-screen ads, steals information from users by tricking them into believing they have won a contest, and in some cases even lifted photos from devices to send to the malware designers behind the apps. http://bit.ly/2WIdwuz This password-stealing phishing attack comes disguised... read more.

• February 08, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 1/28 This Trojan infects Chrome browser extensions, spoofs searches to steal cryptocurrency The main thrust of the malware is its capability to steal cryptocurrency. Razy focuses on compromising browsers, including Google Chrome, Mozilla Firefox, and Yandex. Different infection vectors are in place depending on the type of browser found on an infected system. https://zd.net/2COMgBC Bypassing Network Restrictions Through RDP Tunneling FireEye has observed threat actors using native Windows RDP ut... read more.

• February 01, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 1/21 Malware Evades Detection One Step at a Time The apps were reportedly able to evade detection by using the device's motion sensor data. The malware authors assume that the device is scanning for malware, so they created an emulator with no motion sensors that monitors the user’s steps so that they check for sensor data to determine whether the app is running in a sandbox environment. If it is, the malicious code does not run. If it does run, though, the user receives a fraudulent prompt,... read more.

• January 25, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 1/14 FireEye gears up email security for emerging threats Business email compromise (BEC), which is often cited as the most common way for cyber criminals to infiltrate corporate networks, is a type of scam that targets email accounts of high-level employees related to finance or working with wire transfer payments, either spoofing or compromising them through keyloggers or phishing attacks. http://bit.ly/2M9Dm5V Cryptocurrency mining malware is the number one malware menace – again Crypto... read more.

• January 18, 2019

By Eric Corcoran, Posted in Technology Week in Review

Monday 1/7 Ursnif, Emotet, Dridex and BitPaymer Malware Families Team Up to Wreak Havoc Given the impact of the Ursnif and Dridex banking Trojans, the ubiquity of Emotet loaders, and the ability of BitPaymer to infiltrate systems via remote desktop and email vectors, this malware interoperability provides evidence that malicious actors are developing their own versions of professional organizations to empower threat evolution. https://ibm.co/2FddCVU Security researchers find over a dozen iPhone apps lin... read more.

• January 11, 2019

By Eric Corcoran, Posted in

Monday 12/17 Symantec Collaborates with Aon to Address Hacking Concerns As incidences of high-profile cybercrimes and cyber warfare continue to grow, demand for stronger cyber security solutions and products are becoming vital for businesses and individuals alike. To address this growing concern, Symantec is taking initiatives to enhance its products.  http://bit.ly/2ECLnzs Microsoft wants AI to predict if your Windows PCs will get malware Microsoft has launched a new $25,000 malware challenge for... read more.

• December 21, 2018

By Nancy Rand, Posted in Security

NIST held their first privacy framework workshop on 10/16/18 in Austin Texas. Representatives of NIST and private industry discussed the development of a privacy framework and plan to leverage the process used to develop the NIST Cybersecurity Framework.  This will include workshops and sessions throughout the US to gather information.  https://www.nist.gov/news-events/events/2018/10/kicking-nist-privacy-framework-workshop-1 The three hour event was recorded for additional viewing and can be fou... read more.

• December 20, 2018