Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Dem bill would ban federal law enforcement from using facial recognition technology

Democrats in the House and Senate today introduced legislation banning federal law enforcement from using facial recognition technology. “Facial recognition technology doesn’t just pose a grave threat to our privacy, it physically endangers Black Americans and other minority populations in our country,” said Sen. Edward J. Markey, D-Mass., who introduced the bill along with Sen.…

Mobile ransomware disguised as upcoming Canadian Covid-19 contact tracing app

Capitalizing on a Canadian government announcement pertaining to the development of a nationwide, voluntary Covid-19 contact tracing app, malicious actors this month created a fake version of such an app that in reality infects Android users with mobile ransomware. According to a new blog post from ESET, the ransomware, dubbed CryCryptor, was found being distributed…

Zoom taps Salesforce’s Jason Lee as CISO

As Zoom completes its ambitious 90-day security and privacy plan, the teleconferencing company has tapped seasoned veteran and former Salesforce Senior Vice President of Security Operations Jason Lee as CISO. Lee will report directly to Zoom COO Aparna Bawa. Zoom had suffered a number of growing pains – most of them around privacy – exploded…

OneClass unsecured S3 bucket exposes PII on more than one million students, instructors

An unsecured database belonging remote learning platform OneClass has exposed information associated with more than a million students in North America who use the platform to access study guides and educational assistance. “By not securing its users’ data, OneClass has created a goldmine for criminal hackers, jeopardizing the privacy and security of over a million…

Frost & Sullivan employee, customer data for sale on dark web

A group is hawking records of more than 12,000 Frost & Sullivan’s employees and customers on a hacker folder. “The breach occurred to a misconfigured backup directory on one of Frost and Sullivan public-facing servers,” Cyble CEO Beenu Arora said in a BleepingComputer report. “The backup directory had its employees and customers records, along with…

Ex-CIA exec: Covid-19 has created ideal ‘crisis’ conditions for malicious hackers

Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference. In essence, the coronavirus has created ideal…

Triage plan can fend off insider threats, Latson says

Insider attacks doubled last year from two years ago, according to recent Ponemon Institute research, and most likely most of those insiders’ network behavior could have foreshadowed a preventable attack only if their data access were properly monitored. That’s where a proactive strategy comes in, advised InfoSec World 2020 featured speaker Velma C. Latson, who…

Party City celebrates IT risk assessment program; reveals keys to success

At InfoSec World 2020 on Tuesday, a pair of risk officers from Party City offered an inside glimpse into how the $2.1 billion specialty retailer pulled off its first-ever top-down enterprise-wide IT risk assessment. Among the chief success factors they cited were: executive buy-in, the collaboration of skilled partners, assuring adequate resources, well-planned project scoping,…

Triangle of network security management requires formalized process, Rodrigue says

Why do we care about cyber hygiene? For starters, security pros want to ensure operating effectiveness of basic controls and put in a system of checks and balances between processes. Companies also want to offer a foundation for more advanced technical security mechanisms, their effectiveness becomes limited otherwise. They also want to detect blind spots…

Next post in InfoSec World 2020