Larry Jaffee SC Media

Larry Jaffee

Most recent articles by Larry Jaffee

Commerce imposes prohibitions on TikTok, WeChat

After previously expressing support for Oracle’s planned partnering with TikTok, the Trump administration took a step back from the deal Friday with the Commerce Department putting prohibitions on transactions related to the video-sharing platform and, separately, on the mobile communications app WeChat, both owned by Chinese companies. President Trump had said at a Wednesday news…

Oracle will inherit TikTok security, privacy headaches

By partnering with the popular Chinese videosharing platform TikTok, Oracle will inherit a laundry list of security and privacy issues once the deal is approved, as soon as Sept. 20, by TikTok parent company ByteDance. TikTok boasts 100 million users in the U.S. and 689 million globally. Earlier this year President Trump threatened to ban…

All eyes on VA security measures after compromise of 46,000 accounts

The U.S. Department of Veterans Affairs (VA) disclosure that the information of 46,000 U.S. service people recently was breached through an apparent social engineering scheme underscores the need for government vigilance even when a significant investment has been made in state-of-the-art protection. Security experts said the relatively low number of impacted accounts – in comparison…

Exploit for critical Windows flaw allows access to admin rights

A Windows vulnerability recently patched by Microsoft, registering a CVSS score of 10, could allow attackers instant access to Active Directory. The vulnerability (CVE-2020-1472) subverts Netlogon cryptography, providing a gateway to an enterprise’s internal network for an intruder to gain Domain Admin status with one click, according to a Secura blog post. “This flaw allows…

Lessons combating COVID-19 healthcare security challenges

Long at the forefront of protecting sensitive information from cyberattacks, health care organizations had to pivot quickly to ensure as the COVID-19 pandemic imposed new threats on a vulnerable newly remote workforce. And adapt they did, even as bad actors exploited a fragile, fragmented infrastructure suddenly reliant on telehealth visits. The lessons learned from the…

New Zeppelin strand avoids AV detection with trojan downloader

A fresh wave of Zeppelin ransomware attacks discovered in late August went undetected by antivirus defenses as the result of a new trojan downloader and research suggests the attacks might be targeted. The presumably targeted infections were announced in a blog post by Juniper Threat Labs researcher Asher Langton. “This campaign shows an evolution of…

Adobe releases update to patch critical flaws that could leave networks, data vulnerable

Adobe Tuesday released critical security updates for Adobe InDesign, Framemaker and Experience Manager, addressing multiple vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.   “While only a few are marked critical, even less critical vulnerabilities are targeted and exploited to gain access to a system, which…

Microsoft fixes 129 flaws, 23 critical, in massive Patch Tuesday

In a Patch Tuesday to rival June’s security update,  Microsoft fixed 129 new software vulnerabilities, including 23 critical flaws, impacting multiple platforms, including the Windows Graphic Device Interfaces (GDI), Microsoft SharePoint and Microsoft Exchange Server. Justin Knapp, Automox product marketing manager, attributed the patch laundry list to a remote workforce not going back to offices en masse…

No more excuses: how to build a diverse workforce now

For such a vibrant, innovative industry, cybersecurity isn’t as diverse and inclusive within the executive ranks as it should be. And some leaders say that reality is to the detriment of the community. Industry luminaries Camille Stewart from Google, Microsoft’s Edna Conway and former NASA technology chief Jerry Davis will draw on their substantial private…

How to use cybersecurity to accelerate growth

Cybersecurity often – and rightly – has been viewed as a point of friction and a cost center, but more recently organizations are using it to accelerate growth. When considered early on – in everything from design and development through planning and execution – security can help companies lower risk and get applications and services…

Next post in RiskSec 2020