The Treasury Department’s Office of Foreign Assets Control sanctioned a Russian government research institution linked to Triton malware targeting industrial safety systems, the first time the U.S. took such an action for an industrial control system attack. Treasury Secretary Steve Mnuchin called out the Russian government for continuing “to engage in
Author: Teri Robinson
With compliance on the mind, corporate boards up cyber investments
Despite the pandemic, boards are increasing investment in security, and organizations expect their security budgets to expand over the next year. Of the 900 global chief information security officers and information technology decision-makers tapped for Thycotic’s CISO Decisions survey, 77 percent said their boards have okayed investment in new security projects.
NYC demonstrates ‘gold standard’ in cyber resilience amid pandemic
Zoom tries to make good on security, privacy promises
Zoom headquarters on Almaden Boulevard in San Jose, California. (Coolcaesar via Creative Commons Attribution-Share Alike 4.0 International license) After a massive boom in use and a rocky start as the COVID-19 pandemic swept the world, Zoom has completed its ambitious 90-day security and privacy plan, most recently adding two-factor authentication (2FA)
Twitter bug may have exposed API keys, access tokens
Massive Magecart attacks steal personal data from Magento 1 stores
An automated campaign Magecart campaign against 2,000 Magento stores over the weekend compromised the private information of thousands of customers and may very well be the largest attack of its kind since 2015. The hacks were typical Magecart attacks, but since many of the stores victimized had no prior history of
How to use cybersecurity to accelerate growth
Cybersecurity often – and rightly – has been viewed as a point of friction and a cost center, but more recently organizations are using it to accelerate growth. When considered early on – in everything from design and development through planning and execution – security can help companies lower risk and
Attackers could exploit flaws in MAGMI Magento plugin to hijack admin sessions
A duo of vulnerabilities discovered in the MAGMI Magento plugin could result in remote code execution (RCE) on vulnerable sites using Magento. The flaws in the Magento database client used for raw bulk operations on online store models were found by researcher Enguerran Gillier, a member of the Tenable Web Application
How, and when, to divvy consequences to employees for breaching security policy
A recent study out of the U.K. suggests that organizations, fueled in part by security challenges during the pandemic, are beginning to impose harsher consequences on employees who breach security policy. Nearly 40 percent of respondents said they had dismissed employees for such transgressions, according to the report from Centrify. While security
