Larry Jaffee SC Media | Page 2 of 18

Larry Jaffee

Most recent articles by Larry Jaffee

Lessons combating COVID-19 healthcare security challenges

Long at the forefront of protecting sensitive information from cyberattacks, health care organizations had to pivot quickly to ensure as the COVID-19 pandemic imposed new threats on a vulnerable newly remote workforce. And adapt they did, even as bad actors exploited a fragile, fragmented infrastructure suddenly reliant on telehealth visits. The lessons learned from the…

New Zeppelin strand avoids AV detection with trojan downloader

A fresh wave of Zeppelin ransomware attacks discovered in late August went undetected by antivirus defenses as the result of a new trojan downloader and research suggests the attacks might be targeted. The presumably targeted infections were announced in a blog post by Juniper Threat Labs researcher Asher Langton. “This campaign shows an evolution of…

Adobe releases update to patch critical flaws that could leave networks, data vulnerable

Adobe Tuesday released critical security updates for Adobe InDesign, Framemaker and Experience Manager, addressing multiple vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.   “While only a few are marked critical, even less critical vulnerabilities are targeted and exploited to gain access to a system, which…

Microsoft fixes 129 flaws, 23 critical, in massive Patch Tuesday

In a Patch Tuesday to rival June’s security update,  Microsoft fixed 129 new software vulnerabilities, including 23 critical flaws, impacting multiple platforms, including the Windows Graphic Device Interfaces (GDI), Microsoft SharePoint and Microsoft Exchange Server. Justin Knapp, Automox product marketing manager, attributed the patch laundry list to a remote workforce not going back to offices en masse…

No more excuses: how to build a diverse workforce now

For such a vibrant, innovative industry, cybersecurity isn’t as diverse and inclusive within the executive ranks as it should be. And some leaders say that reality is to the detriment of the community. Industry luminaries Camille Stewart from Google, Microsoft’s Edna Conway and former NASA technology chief Jerry Davis will draw on their substantial private…

How to use cybersecurity to accelerate growth

Cybersecurity often – and rightly – has been viewed as a point of friction and a cost center, but more recently organizations are using it to accelerate growth. When considered early on – in everything from design and development through planning and execution – security can help companies lower risk and get applications and services…

Slack users unwittingly phished with malicious payloads

Since late June, the platform’s file storage domain – slack-files.com – appeared to pop up with far more regularity on the Phish Alert Button, leading KnowBe4 researchers to surmise that Slack users using the referral URL domain, slack-redir.net, are being duped with malicious payloads, raising concerns. And if an attacker can penetrate an organization and take…

Box security chief: Define your boundaries of trust

Digital transformation can bring new capabilities. But it can also introduce vulnerabilities, requiring security leaders to redefine the “boundaries of trust,” says the global chief information security officer at Box. Lakshmi Hanpal, who previously worked for SAP, Ariba, PayPal and Bank of America, will address that delicate balance between digital enablement and increased risk during…

LinkedIn and Gusto security chiefs talk about their roles as ‘social worker’

Cybersecurity leaders want a reputation overhaul from law enforcer, to social worker. At least that’s the perspective of Geoff Belknap, chief information security officer of LinkedIn, and Frederick “Flee” Lee, chief security officer at Gusto. The two trade notes on the increasingly complicated role of security teams during the Sept. 16 panel, The Resilient Enterprise:…

Estonia ambassador to connect dots from cyberwar to security culture

It often takes a significant event – perhaps a pandemic or a major cyberattack  – to test an organization’s cybersecurity chops and provoke its transformation into a security culture that builds resiliency. For Estonia, the journey to transformation and resilience came after one of the most notorious series of devastating cyberattacks executed by Russian operatives…

Next post in RiskSec 2020