Why employees need counterespionage training

Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company’s vital intellectual property. Image: Yuichiro Chino/Moment/Getty Images Companies—large and small—need to be aware of espionage threats. If that seems a bit overboard, consider the dramatic increase in the number of incidents related

0 Comments

Why it’s time to figure out how to keep personal information private, yet useful

One expert suggests ways to reach a happy medium between those who give up sensitive personal information and the organizations that use it. Image: Anawat Sudchanham/EyeEm/Getty Images It might be time to take a long hard look at who gets our personal data according to Ina Miranda, CTO and co-CEO

0 Comments

Moobot Milks Tenda Router Bugs for Propagation

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

0 Comments

Name That Toon: Sight Unseen

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2021-32682PUBLISHED: 2021-06-14 elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal

0 Comments

Know Thy Enemy: Fighting Half-Blind Against Ransomware Won’t Work

Ransomware has grown up. Once just a cybercrime nuisance that affected individual computers with payment demands of a few hundred dollars, ransomware attacks now impact whole corporate networks, generate payment demands in the millions, and even disrupt our daily lives. The perpetrators behind this type of crime have become highly

0 Comments

Google Workspace Now Offers Client-side Encryption For Drive and Docs

Google on Monday announced that it’s rolling out client-side encryption to Google Workspace (formerly G Suite), thereby giving its enterprise customers direct control of encryption keys and the identity service they choose to access those keys. “With client-side encryption, customer data is indecipherable to Google, while users can continue to

0 Comments

Gig workers are here to stay, but they might pose a hidden cybersecurity risk

Whether intentional or not, gig workers can cause security breaches. Here’s how to set your company up for safety. More about cybersecurity TechRepublic’s Karen Roby spoke with James Christiansen, VP and CSO of Netskope, about cybersecurity concerns with the gig workforce. The following is an edited transcript of their conversation.

0 Comments

Secure Access Trade-offs for DevSecOps Teams

Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources. Engineering teams building software are always under pressure to deliver new features, fix bugs, and improve performance. To move quickly, engineers need access to computing resources: servers, Kubernetes clusters,

0 Comments

Expert: Freelancers could set your company up for cybersecurity breach

Expert: Freelancers could set your company up for cybersecurity breach Length: 13:36 | Jun 9, 2021 If you’re hiring gig workers, take precautions to protect your company from intentional or accidental data breach.

0 Comments

BackdoorDiplomacy: Upgrading from Quarian to Turian

ESET researchers discover a new campaign that evolved from the Quarian backdoor Executive summary An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East since at least 2017.

0 Comments