Enterprise Leadership News

Five Things Every Company Should Be Doing In 2021

A few years ago, only 3.6% of employees worked from home half-time or more. Today, the world looks very different, and it’s estimated that 25-30% of the workforce will be working from home multiple days of the week by the end of 2021. The COVID-19 pandemic has accelerated the Fourth Industrial Revolution, and it has created an enormous shift in the way we use technology in our work. By Business Connect I February 1, 2021

Largest compilation of emails and passwords leaked for free on public forum

More than 3.2 billion unique pairs of cleartext emails and passwords have just been leaked on a popular hacking forum, aggregating past leaks from Netflix, LinkedIn, Exploit.in, Bitcoin and more. This leak is comparable to the Breach Compilation of 2017, in which 1.4 billion credentials were leaked. By Bernard Meyer I February 2, 2021

Regulations, Frameworks, and Controls

New IoT Cybersecurity Improvement Act: Creating a Floor For IoT Security?

The IoT Cybersecurity Improvement Act doesn’t specify requirements, other than instructing National Institute of Standards and Technology to do so — and to do so by March. The act applies to any IoT device purchased with government money. In addition to establishing new mandatory minimum security standards for these devices, the bill requires that these standards and policies be updated at least once every five years. By Evan Schuman I February 2, 2021

Corsica Technologies: Navigating CMMC and NIST 800-171

One of the biggest misconceptions surrounding CMMC and NIST 800-171 is that they are essentially the same thing,” Johnson notes. “While they are closely related, they are distinct. NIST 800-171 is a series of cybersecurity standards that the government wants all of its contractors to adopt to protect controlled unclassified information (CUI). CMMC refers to a certification or auditing process that confirms whether a contractor is enacting all necessary security protocols. Some CMMC levels actually go beyond NIST 800-171 standards. By ERock Christopher I February 2, 2021

NIST SP 800-53: A Practical Guide to Compliance

Sure, you have probably heard of NIST SP 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations). If you’re like most in the cybersecurity industry, you recognize it as a security framework designed to help your organization select appropriate security controls to keep your data safe and your business off the regulator’s radar. By Hyperproof Team I February 2, 2021

Media Access - Video of the Week

Small Business Entrepreneur Cybersecurity News

Protecting Small Businesses Against Cybersecurity Threats

As we leave the 2010s behind and set sail towards new unknowns that await on the horizon of the 2020s, those of us that have any sort of affiliation with information technology will definitely remember how intense the last decade has been in this sector. This intensity particularly applies to cybersecurity concerns for small businesses. Cybersecurity has been tested beyond its limits, with the non-stop onslaught of cyberthreats. The global issue of rising cybercrime in general, has been troubling equally both the largest and the smallest businesses. By Jenna Walter I February 2, 2021

SMEs: Harnessing Innovation for Service Delivery, By Inyene Ibanga

NITDA must enable the digital economy by facilitating knowledge acquisition opportunities for SME operators. ByPremium Times February 2, 2021

Enterprise Technical Security That Matters

Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks

According to multiple security researchers who spoke with ZDNet, evidence suggests the attackers used CVE-2019-5544 and CVE-2020-3992, two vulnerabilities in VMware ESXi, a hypervisor solution that allows multiple virtual machines to share the same hard drive storage. By Catalin Cimpanu | February 2, 2021

So, What’s So Special About the Newest Ransomware?

The ransomware group mainly focuses on enterprise networks instead of individuals, and their ransom demands range from $60,000 to $85,000. Babuk Locker has already intruded on five corporate networks and one of them has agreed to pay the highest ransom amount. By Cyware I February 2, 2021

Trickbot Trojan Back from the Dead in New Campaign

Security researchers are warning of a resurgence of prolific Trojan malware Trickbot, which had its infrastructure disrupted by a Microsoft-led coalition late last year. By Phil Muncaster I February 1, 2021

FonixCrypter ransomware gang releases master decryption key

The cybercrime group behind the FonixCrypter ransomware has announced today on Twitter that they've deleted the ransomware's source code and plan to shut down their operation. By Catalin Cimpanu | January 30, 2021

This Linux malware is hijacking supercomputers across the globe

Kobalos is unusual for a number of reasons. The malware's codebase is tiny but is sophisticated enough to impact at least Linux, BSD, and Solaris operating systems. ESET suspects it may possibly be compatible with attacks against AIX and Microsoft Windows machines, too. By Charlie Osborne | February 2, 2021

MSP News

CISA Pushes Ransomware Public Awareness Campaign

MSSP Expel Launches Security Service for AWS

CrowdStrike Hires Former CyberArk Executive Marianne Budnik As CMO

Endpoint protection and security software provider CrowdStrike has hired CyberArk veteran Marianne Budnik as chief marketing officer (CMO). Budnik will be responsible for directing messaging, go-to-market strategies, demand generation and field sales support for CrowdStrike’s global product, customer and partner marketing teams. By Dan Kobialka I February 3, 2021

HelpSystems Acquires Digital Defense, Bolsters Security Assessment Tools

HelpSystems, an IT management solutions provider, has acquired vulnerability management and threat assessment solutions company Digital Defense. Financial terms of the deal were not disclosed. By Dan Kobialka I February 3, 2021

Android emulator supply-chain attack targets gamers with malware

ESET researchers have discovered that the updating mechanism of NoxPlayer, an Android emulator for Windows and macOS, made by Hong Kong-based company BigNox, was compromised by an unknown threat actor and used to infect gamers with malware. By Sergiu Gatlan I February 1, 2021

Data on 3.2 million DriveSure clients exposed on hacking forum

Hackers published data on 3.2 million users lifted from DriveSure data on the Raidforums hacking forum late last month. By Steve Zurier I February 1, 2021

Wind River Security Incident Affects SSNs, Passport Numbers

Wind River Systems is warning of a ‘security incident’ after one or more files was downloaded from its network. By Lindsey O'Donnell I February 1, 2021

New RegretLocker ransomware targets Windows virtual machines

A new ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. By Lawrence Abrams I November 03, 2020

Data on Thousands of Foxtons Customers Posted Online

Estate agent Foxtons Group is under pressure after a daily newspaper claimed that thousands of customers’ card and personal details have been uploaded to a dark web site. By Phil Muncaster I February 3, 2021

Netgain ransomware incident impacts local governments

The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, Minnesota, is informing clients of the Family Health Division program that the hackers may have accessed personal data. By Ionut Ilascu I February 2, 2021