Uber in Legal Crosshairs Over Hack Cover-up

Two US states on Wednesday confirmed they are investigating Uber’s cover-up of a hack at the ride-sharing giant that compromised the personal information of 57 million users and drivers. Uber purportedly paid data thieves $100,000 to destroy the swiped information — and remained quiet about the breach for a year. That decision evidently came despite…

5 cloud storage predictions for 2018

At this point, the cloud is old news. This does not, however, diminish its continuing impact on individuals and businesses worldwide. As cloud-based services strive towards ubiquity, their impacts will likewise scale, as will their effects. In fact, 74 percent of CTOs today believe that cloud computing will have the most measurable impact on their…

Double Whammy: When One Attack Masks Another Attack

In some contexts, a double whammy can mean a good thing: when your favorite team wins two games in a row, when two candy bars fall from the vending machine, etc. However, in the context of cyber security, a double whammy may translate to being attacked while still reeling from the impact of another threat….

Predictions for 2018: Cyberthreats in the financial sector

Kaspersky Lab always keeps a very close eye on the changing cyberthreat landscape. Knowledge of past and present makes the future more predictable and allows us to make annual forecasts for various verticals. Today we want to talk about the financial sector. Businesses and individuals alike make use of financial services. And wherever there’s money,…

Why Smart Devices Need Even Smarter Security

The introduction of a new generation of connected, intelligent devices into the workplace has helped businesses become more productive, serve customers more efficiently and expand into new markets. But as more smart devices join the burgeoning Internet of Things (IoT), the transition has scrambled the historical notion of the corporate endpoint. We’ve moved beyond the…

White House Cyber Chief Provides Transparency Into Zero-Day Disclosure Process

The U.S. government Wednesday introduced greater transparency into its Vulnerabilities Equities Policy (VEP) program. This is the process by which government agencies decide whether to disclose or stockpile the cyber vulnerabilities they discover. In a lengthy statement, White House Cybersecurity Coordinator Rob Joyce explained why not all discoveries are disclosed. That will not change; but in introducing greater transparency into…

Steganography: A Safe Haven for Malware

Steganography, or the practice of concealing a file, message, image or video within another file, message, image or video, may be an older technique, but it continues to be an incredibly versatile and effective method for obscuring or hiding information in plain sight. In 2017, IBM X-Force has identified three different malware samples in network…

Don’t Let a Retail Vulnerability Cause Holiday Havoc

Retail data breaches have historically occurred during the holiday season. The high volume of transactions and management’s focus on sales and inventory distract attention from a potential retail vulnerability, exposing opportunities for cybercriminals to infiltrate point-of-sale (POS) systemsand online transaction streams.

Data Storage and Encryption Should Top the CISO’s To-Do List

In today’s digitized world, data storage and encryption are surely top of mind for most chief information officers (CIOs). But given the increasing regulations and privacy implications surrounding data security, these measures should also be on the chief information security officer (CISO)’s agenda. Most organizations need to house massive amounts of data to comply with…

Windows Defender Immune to AVGater Quarantine Flaw: Microsoft

A recently disclosed vulnerability that allows an attacker to abuse the quarantine feature of anti-virus products to escalate privileges doesn’t affect Windows Defender, Microsoft says. Dubbed AVGater, the new attack method relies on a malicious DLL being quarantined by an anti-virus product and then abuses the security program’s Windows process to restore the file.