Beware Windows 7 users: Malware campaign targeting IoT devices

Cnet | February 05, 2020

Beware Windows 7 users: Malware campaign targeting IoT devices
Windows 7 is officially dead, now that Microsoft has ended support for the operating system -- which means no more security updates or patches. Despite this, an estimated 200 million devices are still running the out-of-date system, and a malware campaign is targeting IoT devices still using it, according to a new report from TrapX Security. The malware used in the campaign is a self-spreading downloader, which runs malicious scripts as part of the Lemon_Duck PowerShell malware variant family. At this point, it has targeted a range of devices at manufacturing sites, including smart printers, smart TVs, and automated guided vehicles (AGVs), the report found.

Spotlight

Financial service organizations have been leery to embrace the enterprise mobility wave. Rightly so, as regulations from SOX, FINRA and PCI DSS have given financial IT professionals extra concern for caution. And with BYOD, consumerization, BlackBerry migration, and the changing needs of enterprise customers, a comprehensive mobility management strategy is top priority. But how do you meet the balance of open access for employees while ensuring adherence to the financial industry's stringent requirements for compliance?

Spotlight

Financial service organizations have been leery to embrace the enterprise mobility wave. Rightly so, as regulations from SOX, FINRA and PCI DSS have given financial IT professionals extra concern for caution. And with BYOD, consumerization, BlackBerry migration, and the changing needs of enterprise customers, a comprehensive mobility management strategy is top priority. But how do you meet the balance of open access for employees while ensuring adherence to the financial industry's stringent requirements for compliance?

Related News

DATA SECURITY

To speed up the distribution of cyber insurance for small companies, Cowbell Cyber Partners with Mylo

prnewswire | November 05, 2020

Cowbell Cyber, the business' first AI-controlled digital protection supplier for little to moderate sized organizations (SMBs), today declared it has cooperated with Mylo – the advanced specialist dispatched by the world's biggest free merchant, Lockton – to empower expanded dispersion of Cowbell's independent digital protection to the private company market, a territory customarily underserved by digital protection. Organizations of all sizes are getting more dependent on an advanced climate given the present far off setting, regularly leaving them presented to expanded online protection weaknesses including information penetrates, ransomware assaults, digital wrongdoing, and then some. Along these lines, the interest in digital inclusion has definitely expanded as organizations acknowledge digital protection is currently a need, not an extravagance. Mylo chose Cowbell Cyber in light of the fact that Cowbell Prime – Cowbell's independent, conceded digital protection programs – addresses the difficulties looked by private companies while considering protection including: Lucidity of the arrangement terms: entrepreneurs can now quickly comprehend the insurance they will get Importance: Quote and strategies are adjustable in a couple of snaps for higher significance for the policyholder Conceded program: Ensures that everything has been altogether verified by state level offices Prevalent danger the board apparatuses: Free danger appraisal and moderation devices increase the value of private venture on the very first moment of the strategy "We are excited to partner with Mylo to deliver on the promise of customized cyber coverage and easy-to-use risk management tools for their expanding client base," said Dan Law, Head of National Accounts at Cowbell Cyber. "Partnering with Mylo will allow us to better distribute cyber insurance to the currently underserved markets, ultimately helping customers with their cyber resilience." "As an advocate for small business owners, we care about helping them prepare for a cyberattack that could threaten everything they've worked so hard to build," said Mylo COO, Belen Tokarski. "Mylo and Cowbell Cyber are a great fit because we both focus on using technology to give businesses the protection they need to anticipate and recover from serious risks." The association carries critical efficiencies to Mylo's operators including: Speed: Cowbell Prime empowers operators to set up different, tweaked cites in a couple of snaps Usability and straightforwardness: Selling of digital protection is rearranged with inclusions that are introduced to policyholders in a straightforward way, alongside Cowbell Factors to recognize hazard deviation from the business normal No coupling delays: Every statement gave by Cowbell Prime can be momentarily bound About Cowbell Cyber Cowbell Cyber is dedicated to providing standalone, admitted, individualized and easy-to-understand cyber insurance for small and mid-size businesses. In its unique AI-based approach to risk selection and pricing, Cowbell's continuous underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Cowbell Insurance Agency is currently licensed in 34 U.S. states and provides SMBs with admitted cyber insurance on AM Best "A" rated paper with up to $15 Million in coverage. About Mylo Mylo is a digital one-stop-shop that makes it easy for businesses and individuals to compare and purchase top-rated insurance products from multiple carriers, including business, small group benefits, home, auto, life and individual health. Launched in 2015 by Lockton, the world's largest privately held independent insurance broker, Mylo offers expert insurance recommendations online or on the phone with licensed agents. Mylo can be easily integrated into a partner's customer experience, providing a proven boost in customer engagement.

Read More

DATA SECURITY

Synack launches an app store experience for more flexible, smarter cybersecurity solutions

Synack | October 20, 2021

Synack, the premier crowdsourced platform for on-demand security expertise, today is giving customers the easiest, most flexible and most innovative approach for deploying critical cybersecurity solutions to defend against today's digital threats. Synack Campaigns empowers organizations with on-demand access to a community of 1,500 skilled and trusted ethical hackers to perform a range of tasks, from targeted security checks to cloud configuration assessments. Customers can take advantage of Campaigns through the Synack Catalog, which provides customers with an app store-like experience, to deploy Security Operations activities. These additions complement Synack's market-leading approach to crowdsourced cybersecurity with unparalleled abilities to integrate penetration testing — and other key security tasks — into organizations' security operations. This expansion lets customers extract more value from the Synack Platform and the Synack Red Team (SRT), Synack's network of the world's most skilled and trusted ethical hackers. This is a game changer,Cybersecurity shouldn't ever be a one-size-fits-all solution. We're expanding our platform to make it truly customizable, on-demand and seamless. Some customers need vigorous penetration testing while others may want a hacker to perform an emergency assessment. Now, they can do all of that on one easy-to-use platform. Jay Kaplan, Synack CEO SYNACK CAMPAIGNS Synack Campaigns give customers on-demand access to the SRT to meet specific needs and solve unique security issues. Campaigns deliver actionable security intelligence for application security, compliance, vulnerability management and more. Each Campaign consists of a group of Missions, or security tasks, which researchers perform. These can range from checking for OWASP Top 10 vulnerabilities, to cloud configuration checks, to get a hacker's perspective on an asset. SYNACK CATALOG The Synack Catalog allows customers to browse, launch and track Campaigns directly in the Synack Portal. It also enables organizations to take full advantage of SRT talent through the Synack Platform and gain critical security insights and knowledge to improve security across the entire enterprise. SYNACK CREDITS With Synack Credits, customers will have more flexibility than ever to purchase Campaigns that best suit their testing needs and take advantage of new and existing offerings at any given time. The options built into this approach mean organizations can utilize Synack's integrated and controlled platform as needed to supplement their own teams and technologies. "It's a simple, smarter, more agile and manageable approach to security," said Peter Blanks, Chief Product Officer at Synack. "We looked at what customers needed, and we delivered. This is a better approach to cybersecurity that's the most adaptable and accessible. We'll continuously innovate at the scale and speed our clients require to accommodate the dynamic threat landscape. Ultimately, this will make organizations more secure and, as a result, improve cybersecurity for everyone." ABOUT SYNACK: Synack is the premier crowdsourced platform for on-demand security expertise. The Synack Platform delivers 24/7 penetration testing, vulnerability management, and vulnerability assessment from a global network of trusted researchers, enabled by smart technology, to accelerate global organizations' critical cybersecurity missions. Headquartered in Silicon Valley with regional teams around the world, Synack protects leading global banks, federal agencies, DoD classified assets, and more than $6 trillion in Fortune 500 and Global 2000 revenue. A 4-time CNBC Disruptor 50 company, Synack was founded in 2013 by former NSA security experts Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO.

Read More

ENTERPRISE SECURITY

McAfee Enterprise Named a Worldwide Leader in IDC MarketScape for Cloud Security Gateways

McAfee Enterprise | November 25, 2021

McAfee Enterprise and FireEye today announced that the company has been named as a leader in the IDC MarketScape: Worldwide Cloud Security Gateways 2021 Vendor Assessment (doc #US48334521, November 2021) for its MVISION Cloud technology, which is part of its MVISION Unified Cloud Edge (UCE) portfolio. McAfee Enterprise received this distinction based on its robust cloud registry and analytics, data loss prevention (DLP) and threat detection capabilities. The IDC MarketScape defines a cloud security gateway (CSG) as a security enforcement point that monitors cloud application usage by organizations to provide discovery, monitoring, and protection. CSGs incorporate multiple security controls, including policy enforcement, threat detection, data loss prevention and user behavior analysis. Typical use cases for CSGs are data protection, shadow IT discovery, visibility and control of unmanaged devices, threat protection, compliance and security operations in infrastructure as-a-service (IaaS) environments. According to the report, “McAfee Enterprise has a strong ecosystem of security solutions, including Secure Web Gateway, CSG and endpoint security that it can integrate to enable customers in their data loss prevention, User Behavior Analytics, XDR and threat prevention goals. McAfee has focused on providing robust protection and DLP, with the scale and speed necessary to support large user bases." “We believe this recognition is yet another validation of McAfee Enterprise’s cloud-native approach to helping businesses overcome the security challenges of adopting a multi-cloud or hybrid-cloud environment,MVISION Cloud aims to transform the way IT security is deployed and managed. Together with McAfee Enterprise’s next-generation secure web gateway and MVISION Private Access products, it delivers the industry's most comprehensive security services edge solution—the security element of the Secure Access Service Edge framework.” Anand Ramanathan, Senior Vice President of Product Management, McAfee Enterprise and FireEye Additional resources: MVISION Unified Cloud Edge McAfee Enterprise and FireEye blog About IDC MarketScape IDC MarketScape vendor assessment model (idc.com) is designed to provide an overview of the competitive fitness of ICT (information and communications technology) suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of IT and telecommunications vendors can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective vendors. About McAfee Enterprise and FireEye McAfee Enterprise and FireEye combined in October 2021, bringing together their portfolios and expert teams to create a market-leading security company. With proven technology and unrivaled experience, the company serves more than 40,000 enterprise, commercial, and government customers worldwide. The new company blends innovative technology, intelligence, and automation to help solve the most complex cybersecurity problems for its customers.

Read More