European Banking Authority (EBA) Microsoft Exchange Servers Hacked

Paris Looks to Charm London's Brexiles

The European Banking Authority (EBA) has confirmed it has fallen victim to the ongoing Microsoft Exchange attacks.

With a total of four highly valuable zero-day exploits, previously unreported vulnerabilities that give cybercriminals a head start in any attack campaign, the attacks against on-premises Microsoft Exchange servers were always going to be a big deal. Those initial attacks, which prompted Microsoft to publish an emergency out-of-band security update, were attributed to a nation state-sponsored group identified as HAFNIUM. The nation in question is China. However, Microsoft has now confirmed that it “continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond HAFNIUM.”

As I reported on March 6, credible sources were suggesting that the attacks against vulnerable Microsoft Exchange servers were thought to have compromised ‘hundreds of thousands’ of servers, more than 30,000 in the U.S. alone.

One of those attacked outside of the U.S. was the European Union’s banking regulator, the European Banking Authority. On March 7, the EBA issued a statement confirming that it had “been the subject of a cyber-attack against its Microsoft Exchange Servers.”

While stating that a full investigation was underway, the EBA went on to add: “As the vulnerability is related to the EBA’s email servers, access to personal data through emails held on that servers may have been obtained by the attacker. The EBA is working to identify what, if any, data was accessed. Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects. As a precautionary measure, the EBA has decided to take its email systems offline. Further information will be made available in due course.”

Further information was, indeed, made available by way of an update on March 8. “The EBA investigation is still ongoing and we are deploying additional security measures and close monitoring in view of restoring the full functionality of the email servers,” it read. “At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers.”

“The exploitation of the 0days in question required some specific conditions and thus raises questions what exactly happened at the EBA,” Ilia Kolochenko, chief architect at ImmuniWeb, said. “Another key question is when exactly the EBA was compromised?” Kolochenko points out that if the intrusion happened after the disclosure but prior to the emergency patch, the vulnerable systems should have been immediately disconnected to prevent exploitation in the wild. “The EBA is likely not the last victim of this hacking campaign,” he warns, “and more public authorities may disclosure incidents stemming from exploitation of the same vulnerabilities.”

I have approached the EBA for further comment.

Meanwhile, Mark Bower, a senior vice-president at comforte AG, said that “the capacity for attackers to extract sensitive data from emails, spreadsheets in mailboxes, insecure credentials in messages, as well as attached servers presents an advanced and persistent threat with multiple dimensions.”

Although it should be reiterated that, at this point in the investigation, the EBA is saying that “no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers.” Bower, like Kolochenko, warns that more incidents will be reported. “Affected entities and their supply chain partners will see a persistent secondary impact as a result over a long period of time,” he said.

I’ll leave the final word to John Hultquist, vice-president of analysis with Mandiant Threat Intelligence. “Though broad exploitation of the Microsoft Exchange vulnerabilities has already begun, many targeted organizations may have more to lose as this capability spreads to the hands of criminal actors who are willing to extort organizations and disrupt systems.

The cyber espionage operators who have had access to this exploit for some time, aren’t likely to be interested in the vast majority of the small and medium organizations. Though they appear to be exploiting organizations in masses, this effort could allow them to select targets of the greatest intelligence value.”

Update March 9

The EBA has now published a third update, which I reprint here in full:

“The European Banking Authority (EBA) has established that the scope of the event caused by the recently widely notified vulnerabilities was limited and that the confidentiality of the EBA systems and data has not been compromised.

Thanks to the precautionary measures taken, the EBA has managed to remove the existing threat and its email communication services have, therefore, been restored.

Since it became aware of the vulnerabilities, the EBA has taken a proactive approach and carried out a thorough assessment to appropriately and effectively detect any network intrusion that could compromise the confidentiality, integrity and availability of its systems and data.

The analysis was carried out by the EBA in close collaboration with the Computer Emergency Response Team (CERT-EU) for the EU institutions, agencies and bodies, the EBA’s ICT providers, a team of forensic experts and other relevant entities.”

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

Source: European Banking Authority (EBA) Microsoft Exchange Servers Hacked

.

.

More Contents:

Microsoft Email Server Hacked? Cyber Attack Hits 30,000 US Organizations
technostaan.in – March 6
Microsoft Corporation was hit by a cyberattack that affected 30,000 US organizations. Small businesses and the Government were the victims of this attack.
1
MINECRAFT HACK FREE DOWNLOAD UNDETECTED 2021
p2pconnects.us – March 3
[…] to download minecraft client, wurst client, hacking, how to install wurst client, how install mod, server, hacked, wurst client download, how to download wurst client, minecraft griefing, griefing, tutorial […]
0
TwitLonger — When you talk too much for Twitter
http://www.twitlonger.com – February 17
[…] or dignity when being apart of servers including: Putting racial slurs, and pretend-having your server hacked, and a bunch of other annoying mischievous things (see here: https://i […]
0
Pune: NCP accuses PCMC officials, BJP of multi-crore fraud in name of setting Covid care centres | Cities News,
indianexpress.com – February 16
[…] Read |Pune-based private company’s server hacked, duped of Rs 1 […]
4
Quick tutorial CSS tip: How to show source code the easy way – DEV
dev.to – November 24, 2020
[…] I did use this in HTML slidedecks in the past with the result of getting my server hacked […]
N/A
The downfall of firewalls. Leveraging Crowd Power to recreate… | by philippe humeau | Nov, 2020
crowdsecurity.medium.com – November 17, 2020
[…] An IP that was behaving aggressively yesterday was probably used by a server hacked by someone recently […]
N/A
It: Gaiba municipality central server hacked
http://www.databreaches.net – November 11, 2020
The following is a Google translation: The Municipality of Gaiba informs all interested parties (residents and non-residents) that on the night of 6.11.2020 it…
N/A
Trump Campaign Site Hacked – What We Know & Lessons Learned
http://www.wordfence.com – October 28, 2020
[…] IV: Origin server hacked via FTP or SSH – Low Probability This is the least likely scenario since the attackers would nee […]
N/A
U.S. Center for SafeSport server hacked, sensitive documents potentially exposed –
theathletic.com – October 7, 2020
U.S. Center for SafeSport server hacked, sensitive documents potentially exposed
2
UL Foundation server hacked
http://www.katc.com – September 30, 2020
A server containing UL Foundation data has been hacked, officials said in an email sent to members today. The hack, which was of Blackbaud, a data management software vendor, may have compromised “names, addresses and other contact information” of alumni members, the letter states. The email was sent by John Blohm, vice president of university advancement and CEO of the UL Foundation. “Blackbaud has confirmed that your credit card information, bank account information and Social Security numbers were not compromised, since this database does not store such details,” the letter states. “Further, Blackbaud does not believe the information that was possibly exposed in the breach can be used for identity theft or financial fraud.” The email states that “Blackbaud, in conjunction with the FBI and other law enforcement agencies, conducted a full inquiry and found no evidence that the cybercriminals who gained access to the data shared it in any way. Your information was not made public or otherwise disseminated and was not misused.” It does not say when the hack occurred. The email states that “Blackbaud has already implemented several changes to strengthen its data protection and reduce the risk of future incidents.” Anyone affected doesn’t have to do anything, but it’s always a good idea to “remain vigilant,” the email says.
3
Michigan government server hacked #GSH – Pastebin.com
pastebin.com – August 14, 2020
Michigan government server hacked, over 20+ city/town websites hacked […]
1
Ghost Squad Hackers take over Michigan government websites
http://www.onyxmodsllc.com – August 13, 2020
[…] “Michigan government server hacked, over 20+ city/town websites hacked […]
1
Three Idaho State Websites Are Vandalized by Hackers
http://www.govtech.com – July 28, 2020
[…] “Idaho government server hacked with #FreeAssange message,” the tweet said […]
1
‘Free Julian Assange’: Trio of Idaho state websites taken over by hackers
http://www.eastidahonews.com – July 27, 2020
[…] “Idaho government server hacked with #FreeAssange message,” the tweet said. Idaho government server hacked with #FreeAssange message […]
24
State of Idaho server hacked by ‘ghost squad’
idahonews.com – July 27, 2020
A group calling itself Hacked by Ghost Squad Hackers has apparently hacked a State of Idaho server. There’s a message on the screen that reads, “Free Julian Assange. Journalism is not a crime. ” So far, CBS2 News has confirmed the state’s Parks and Recreation page and the Stem Idaho page have been…
272
Nepal Telecom Server Hacker arrested by CIB
http://www.nepalitelecom.com – July 17, 2020
[…] How was the Nepal Telecom server hacked? According to CIB, Deuja used untraceable internet technology to illegally access the company’ […]
1
‘It was as though we were sitting at the table’ – cartel server hacked – Herald.ie
http://www.herald.ie – July 9, 2020
An encrypted communications server that was hacked by European police forces and led to millions of messages between criminals being intercepted was also used by the Kinahan cartel.
12
Alexandre BLANC Cyber Security posted on LinkedIn
http://www.linkedin.com – June 3, 2020
[…] in/eWq6jZe “THE VOLLGAR CAMPAIGN: MS-SQL SERVERS UNDER ATTACK” Is your server hacked? Check this out, another years old attacks, active since May 2018, uncovered only recently […]
1
Cisco server hacked by exploiting SaltStack Vulnerabilities.
vednam.com – May 31, 2020
Cisco Server Hacked is mainly exploited by the two vulnerabilities and that was mainly fixed.The point of how this fall happens on cisco devices.Read…
1
6 tips on how to secure your email server
hostio.solutions – May 30, 2020
[…] Therefore, having your email server hacked has a lot of risks, each having a different impact: When spam lands in your subscribers’ inboxes it […]
2
Mitigating and securing hacked WordPress sites | Alkanyx Software Marketplace
alkanyx.com – April 13, 2020
[…] The reason I’m writing this article is because a couple weeks ago, I got a staging server hacked, that was hosting some old, un-updated wordpress installations […]
11
AMD’s Big Navi and Xbox Series X GPU ‘Arden’ Source Code Stolen and Leaked
http://www.tomshardware.com – March 26, 2020
[…] ” The hacker claims she found the unencrypted information in a computer/server hacked via exploits […]
2
Charlatans, Conspiracists And The Trump Boys Seize On Iowa Debacle
talkingpointsmemo.com – February 4, 2020
[…] A Short History Of @DNC: – Openly rigged elections/delegates against Bernie in ‘16 – Server hacked, *proving* that DNC rigged elections against Bernie – Paid for foreign interference in 2016 wit […]
80
Rolandsmartin: “1.17 TSU names acting prez; GA election server hacked; Poll: Blacks say #45 is racist; Women’s March”
http://www.pscp.tv – January 18, 2020
1.17 TSU names acting prez; GA election server hacked; Poll: Blacks say #45 is racist; Women’s March…
1
It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in the wild • The Register
http://www.theregister.co.uk – January 18, 2020
[…] ” Georgia election server hacked in 2014 A new revelation has emerged in the battle over paperless voting systems in the US state of […]
8
It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in the wild • The Register
http://www.theregister.com – January 18, 2020
[…] ” Georgia election server hacked in 2014 A new revelation has emerged in the battle over paperless voting systems in the US state of […]
N/A
Special Olympics Hacked for Phishing Emails | | IT Security News
http://www.itsecuritynews.info – December 31, 2019
Special Olympics of New York, a nonprofit organization that provides sports training and competition to more than 67,000 children and adults with intellectual disabilities, had its email server hacked and later used to launch a phishing campaign against previous donors. The malicious email was camouflaged as an alert of an impending transaction that purported to […]   Advertise on IT Security News. Read the complete article: Special Olympics Hacked for Phishing Emails
1
Special Olympics New York Hacked to Send Phishing Emails
http://www.bleepingcomputer.com – December 31, 2019
[…] organization focused on competitive athletes with intellectual disabilities, had its email server hacked around this year’s Christmas holiday and later used to launch a phishing campaign against previou […]
1
Hunter Biden Counterfeiting Involved Burisma, Crowdstrike, Filing Claims
pjmedia.com – December 30, 2019
[…] by mainstream media outlets as a conspiracy theory — that when CrowdStrike investigated the DNC server hacked in 2016, the company took them to Ukraine to hide them […]
821
Hunter Biden Accused of $156M Counterfeiting Scheme With Burisma, CrowdStrike, Legal Filing Claims
pjmedia.com – December 30, 2019
[…] by mainstream media outlets as a conspiracy theory — that when CrowdStrike investigated the DNC server hacked in 2016, the company took them to Ukraine to hide them […]
31
Internet Gov Weekly Brief (W1Y20): UN to draft treaty on cybercrime; California’s new data privacy law; Brazil fines Facebook; Microsoft takes down 50 domains; 18 central banks on digital currencies; ECB announces EUROchain | Internet Governance News
internetgov.news – December 27, 2019
[…] organization focused on competitive athletes with intellectual disabilities, had its email server hacked around this year’s Christmas holiday and later used to launch a phishing campaign against previou […]
13
Remember when MSM tried to claim that Trump being spied on was a “conspiracy theory” – Investment Watch
http://www.investmentwatchblog.com – December 21, 2019
[…] Paid $972,000 To Law Firm That Secretly Paid Fusion GPS In 2016 FBI docs: Study found Clinton email server hacked IG report – www […]
8
Virus Bulletin :: Newsletter
http://www.virusbulletin.com – December 19, 2019
[…] 2019: Stalkerware, VB2019 programme, Ryuk and LockerGoga, Emotet and Trickbot, Ocean Lotus, spam server, hacked home routers, etc […]
1
How to Manually Delete a WordPress Plugin Using FTP
seo-gold.com – December 8, 2019
[…] and someone manages to acquire your Filezilla XML file they have all your login details! I had a server hacked a while ago and reasonably confident they got the login details (they logged directly into site […]

 

Entrepreneurs Beware: Remote Work Can be Fertile Ground for Cybercriminals

When the coronavirus wave took over the world and governments imposed lockdown and stay-at-home rules, entrepreneurs wondered how they were going to keep afloat. Everyone was trying to make sense of what was happening. Big tech companies took the lead when they permitted some of their employees to work remotely. Other businesses had no choice but to test this model of working. It was not a matter of choice. It was a necessity. The mantra was to save lives and businesses.

Somewhere in the shadows, I bet hackers were smiling. Christmas had come early for them. And we were only in the first quarter of the year. From my experience, I knew that the “cyber-crime business” was going to score big. Businesses were opening themselves to potential attacks. They still are.

Across the Atlantic, for example, more than half of the American workforce is working from home. This presents a huge opportunity for hackers to hit the jackpot. A recent IBM survey shows that the odds are stacked in favor of cyber-criminals. Eighty-three percent of employees pushed to work-from-home were not provided with a remote work model before the pandemic. More than 50 percent of the respondents said they were not updated on new security policies on how to securely work remotely. More than half are using their own devices and 61 percent pointed out that they have not been equipped with proper tools to secure those devices. 

Weak links in the chain.

As an entrepreneur, I know that my fight is not just keeping my business going. But also keeping it secure. Any organization is as strong as its weakest link. Which could be remote workers.

On July 11, Caasha, a U.K.-based crypto-friendly bank, lost 336 bitcoins (BTC) worth $3.1 million at the time in a hack. Caasha founder and CEO Kumar Gaurav told Cointelegraph that hackers exploited the personal computer of an employee. Criminals gained access to the company’s funds through an employee who used a private device. One can argue that this was an inside job. But it could have been prevented had the employee used the designated company computer. Hackers used several techniques such as phishing and viruses in the breach, according to Gaurav.

Social media giant Twitter was embarrassed by a coordinated social engineering attack in which hackers colluded with employees to gain internal controls. The perpetrators hijacked high-profile accounts and used them to engage in a bitcoin scam that netted $120,000 in bitcoins. Employees may have handed over information that enabled hackers to breach security protocols. This hack shows how internal employees can be a threat to a company. Remote workers have a higher risk of giving away the company’s security information, whether voluntarily or otherwise.

Another similar kind of attack involves the impersonation of tools and brands used for online work. Cybercriminals have been targeting Google-branded tools and domains to engineer attacks. Domains such as drive.google.com were targeted by criminals to try and trick remote workers into sharing login credentials. Sites such as onedrive.live.com were also used by criminals in attacking remote workers.

Face-to-face meetings are gone, or at least, kept to a minimum. Digital tools are used for communication, holding meetings, and tracking productivity. They are at the center of remote working. However, they also pose a security threat that criminals can exploit. The cybersecurity firm TrendMicro uncovered a campaign where cybercriminals tricked users into installing RevCode WebMonitor RAT, a software program that remotely controls computers.

Users downloaded Zoom software infected with the malicious code. Users unknowingly installed both Zoom and the remote access tool. The attackers got a back door to monitor all the activities of their victims. For companies, this means that hackers can easily have access to your passwords and sensitive information.

Entrepreneurs need to prioritize security.

There is a need for entrepreneurs and businesses of all sizes to take security seriously. It all starts with companies taking the initiative of teaching their employees to observe security protocols put in place. We all know that prevention is better than a cure.

Businesses should have cybersecurity experts to teach employees how to safeguard company data. The security teams can also check regularly to see if the company data and systems are not compromised. With a lot of incoming and outgoing emails, remote workers need to avoid phishing emails. Another issue to take note of is the management of incoming and outgoing employees.

When an employee leaves your company, change their login details so that they don’t have access to your systems. They might give the login credentials to nefarious people who will harm your business. Or the former employees may hurt your company by stealing your information. The security of your business matters. Know the risks and take the necessary steps to mitigate them.

By: Michael Jurgen Garbade Entrepreneur Leadership Network VIP

.

.

Kroll, a Division of Duff & Phelps

This 30-min webinar covers: • The most common and overlooked cyber risks associated with working remotely • Key steps to protect your organization and raise employees’ cyber awareness • Legal ramifications associated with working from home cyber risk • Insurance – am I covered? • How to plan for the return to the office environment For more tips, visit: https://www.kroll.com/en/insights/pub… For more information about our Cyber Risk Services, visit: https://www.kroll.com/en/services/cyb…

Windows 10 Users Beware New Hacker Attack Confirmed By Google, Microsoft

As Microsoft confirms a Google-disclosed and unpatched zero-day vulnerability is being targeted by attackers right now, here’s what you need to know.

Microsoft has confirmed that an unpatched ‘zero-day’ vulnerability in the Windows operating system, affecting every version from Windows 7 through to Windows 10, is being actively targeted. Microsoft was first informed of the vulnerability by Google’s Project Zero team, a dedicated unit comprised of leading vulnerability hunters, which tracks down these so-called zero-day security bugs.

Because Project Zero had identified that the security problem was being actively exploited in the wild by attackers, it gave Microsoft a deadline of just seven days to fix it before disclosure. Microsoft failed to issue a security patch within that hugely restrictive timeframe, and Google went ahead and published details of the zero-day vulnerability, which is tracked as CVE-2020-17087.

The bug itself sits within the Windows Kernel Cryptography Driver, known as cng.sys, and could allow an attacker to escalate the privileges they have when accessing a Windows machine. The full technical detail can be found within the Google Project Zero disclosure, but slightly more simply put, it’s a memory buffer-overflow problem that could give an attacker admin-level control of the targeted Windows computer. Recommended For You

While attackers are known to be actively targeting Windows systems right now, that doesn’t mean your system is going down. Firstly, I should point out that, according to a confirmation from Shane Huntley, director of Google’s Threat Analysis Group, the attackers spotted exploiting the vulnerability are not targeting any U.S. election-related systems at this point. That’s good news, and there’s more.

While Microsoft has confirmed that the reported attack is real, it also suggests that it is limited in scope being targeted in nature. This is not, at least as of yet, a widespread broad-sweep exploit. Microsoft says that it has no evidence of any indication of widespread exploits.

PROMOTED Civic Nation BrandVoice | Paid Program Election Day On College Campuses: Not A Day Off, A Day On MORE FROM FORBESNew Windows 10 Remote Hacking Threat Confirmed-Homeland Security Says Update NowBy Davey Winder

Then there’s the attack itself which requires two vulnerabilities to be chained together for a successful exploit to happen. One of them has already been patched. That was a browser-based vulnerability, CVE-2020-15999, in Chrome browsers, including Microsoft Edge. As long as your browser is up to date, you are protected. Microsoft Edge was updated on October 22 while Google Chrome was updated on October 20.

There are no known other attack chains for the Windows vulnerability at this point. Which doesn’t mean your machine is 100% safe, as an attacker with access to an already compromised system could still exploit it. However, it does mean there’s no need to hit the panic button, truth be told. Microsoft has also confirmed that the vulnerability cannot be exploited to affect cryptographic functionality.

I reached out to Microsoft, and a spokesperson told me that “Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers.”

As for that seven-day disclosure deadline from the Google Project Zero team, the Microsoft spokesperson said that “while we work to meet all researchers’ deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.”

Although Microsoft has not commented on the likely timing of a security patch to prevent exploitation of this Windows vulnerability, the Project Zero technical lead, Ben Hawkes, has tweeted that it is expected as part of the Patch Tuesday updates on November 10.

How big a threat is this to your average Windows user? That remains to be seen, but currently I’d classify it as a be aware but don’t panic situation. Hang-fire, ensure your web browsers are bang up to date, and you should be fine. There are far more significant risks to your data than this zero-day attack, in my never humble opinion. Risks such as phishing in all forms, password reuse, lack of two-factor authentication and software that isn’t kept up to date with security patches.

MORE FROM FORBESHacker Uploads Own Fingerprints To Crime Scene In Dumbest Cyber Attack EverBy Davey Winder Follow me on Twitter or LinkedIn. Check out my website

Davey Winder

Davey Winder

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

.

.

Business News

As Microsoft confirms a Google-disclosed and unpatched zero-day vulnerability is being targeted by attackers right now, here’s what you need to know. Microsoft has confirmed that an unpatched ‘zero-day’ vulnerability in the Windows operating system, affecting every version from Windows 7 through to Windows 10, is being actively targeted. Microsoft was first informed of the vulnerability by Google’s Project Zero team, a dedicated unit comprised of leading vulnerability hunters, which tracks down these so-called zero-day security bugs. Because Project Zero had identified that the security problem was being actively exploited in the wild by attackers, it gave Microsoft a deadline of just seven days to fix it before disclosure.

Connect with CNBC News Online Get the latest news: http://www.cnbc.com/ Find CNBC News on Facebook: http://cnb.cx/LikeCNBC Follow CNBC News on Twitter: http://cnb.cx/FollowCNBC Follow CNBC News on Google+: http://cnb.cx/PlusCNBC Follow CNBC News on Instagram: http://cnb.cx/InstagramCNBC

#vulnerability #newsupdate #newstodayheadlines #newsworldnow #newstodaybbc #newstodayoncnn #newstodayusa

A Business Leader’s beginner Guide to Cybersecurity

According to Statista, there are about 4.57 billion active internet users globally as of July 2020. This number is great for businesses, especially those that are powered by the digital economy.

As businesses continue to embrace the tech age as well as the opportunities that come with it, the presence of cybercriminals is increasing, too. The activities of these criminals cannot be ignored, as they are capable of crashing any business. Business leaders who wish to remain in business must pay better attention to cybersecurity.

Related: The Real Cost of a Data Breach for Your Brand (and How to Best Protect Yourself)

Whilst there is no definitive solution to what is seen as the biggest threat to modern businesses – cybercrime — business owners like you can take advantage of available cybersecurity solutions and knowledge to protect your business and its digital assets. Below are three things to help you get started:

1. Get everyone involved

The days when cybersecurity was seen as just the job for the IT team are over. Business leaders all over the world are realizing this and you need to do the same.

In a Harvard Business Review, cybersecurity experts Thomas J. Parenty and Jack J. Domet insist that no amount of technology, resources, or policies will reverse the trend that has seen cybercrimes rise. “Only sound governance, originating with the board, can turn the tide. Protection against cyberattacks can’t be treated as a problem solely belonging to an IT or cybersecurity department. It needs to cast a wide and impenetrable net that covers everything an organization does–from its business operations, models, and strategies to its products and intellectual property.”

Related: Why IT Security Will be a Prime Concern for Businesses in the Next Decade

A cyberattack can occur when an innocent employee clicks a malicious link from a device belonging to the business. The drill has to affect the least person associated with the business. There is a real threat out there, your business and her assets are at stake. Everyone in your business needs to understand this as much as you do.

2. Develop a policy on cybersecurity

Preaching about the importance of cybersecurity alone may not get the job done, a policy that spells out your business’ protocols with regards to cybersecurity is necessary. A cybersecurity policy sets the standards of behavior for activities such as the encryption of email attachments and restrictions on the use of social media.

Non-IT employees are usually the weakest links in cybersecurity efforts. These employees typically share passwords, click on links, download attachments, with little knowledge about encrypting data. All of these open the door to cyberattacks and can comprise the security of your business.

Setting up a policy on cybersecurity would help your employees and third parties with access to your digital assets understand how to keep your data secured and safe from the prying eyes of cybercriminals. You must take responsibility for creating a culture that prioritizes security; this would enhance the credibility status of your business.

Related: Why Small Businesses Must Deal With Emerging Cybersecurity Threats

According to FCC, adhering to the following tips would help to ensure the security of your business and her digital assets:

  1. Protect information, computers, and networks from cyber attacks
  2. Create a mobile device action plan
  3. Make backup copies of essential business data and information.
  4. Control physical access to your computers and create user accounts for each employee
  5. Secure your Wi-Fi networks
  6. Employ best practices on payment cards
  7. Limit employee access to data and information, limit authority to install software
  8. Passwords and authentication

Setting up a policy on cybersecurity for your business might seem like another tedious task or process to execute, but the benefits outweigh the cost: do it now!

3. Get a trusted Virtual Private Network (VPN)

The risks of going online are enormous. The reality is this: if you are not online then cybercriminals stand no chance with you. A Virtual Private Network (VPN) is a tool that allows you to interact with the internet anonymously, thereby drastically reducing your exposure to cybercrimes.

With leading VPN providers like Express VPN, Nord VPN, and Switcherry offering unlimited speed, unlimited Bandwith, and free servers in the US help individuals and businesses tackle the prevalent cyber threats and keep their digital assets free from prying eyes by providing a secure connection from all types of tracking.

Cybersecurity is necessary for the survival of your business in the world of today. Get started on your journey to cybersecurity with the vital tips shared in this post.

By: James Jorner / Entrepreneur Leadership Network Contributor

Join our community and stay up to date with computer science ******************** Join our FB Group: https://www.facebook.com/groups/cslesson Like our FB Page: https://www.facebook.com/cslesson/ Website: https://cslesson.org Table of Contents: Why cyber Security (0:00) Cyber Security Terminology (6:33) Demystifying Computers (19:40) Demystifying Internet (40:00) Passwords and Hash Function (01:15:40) Common Password Threat (01:30:30) Creating strong password How email works (02:14:22) Email Security Types of Malware (02:40:00) Functions of Malware Sources of Malware Layers of defense against malware How web browsing works Safely navigating the web Online Shopping Wireless Network basics Wireless internet security threats Public wireless network administering wireless network Social media and privacy Reading URLs

Advertisement
advertisement
Advertisement

Fake Accounts Are Constantly Manipulating What You See on Social Media Here’s How

1

Social media platforms like Facebook, Twitter and Instagram started out as a way to connect with friends, family and people of interest. But anyone on social media these days knows it’s increasingly a divisive landscape.

Undoubtedly you’ve heard reports that hackers and even foreign governments are using social media to manipulate and attack you. You may wonder how that is possible. As a professor of computer science who researches social media and security, I can explain – and offer some ideas for what you can do about it.

Bots and sock puppets

Social media platforms don’t simply feed you the posts from the accounts you follow. They use algorithms to curate what you see based in part on “likes” or “votes.”

A post is shown to some users, and the more those people react – positively or negatively – the more it will be highlighted to others. Sadly, lies and extreme content often garner more reactions and so spread quickly and widely.

But who is doing this “voting”? Often it’s an army of accounts, called bots, that do not correspond to real people. In fact, they’re controlled by hackers, often on the other side of the world. For example, researchers have reported that more than half of the Twitter accounts discussing COVID-19 are bots.

Fake accounts like this are called “sock puppets” – suggesting a hidden hand speaking through another identity. In many cases, this deception can easily be revealed with a look at the account history. But in some cases, there is a big investment in making sock puppet accounts seem real.

For example, Jenna Abrams, an account with 70,000 followers, was quoted by mainstream media outlets like The New York Times for her xenophobic and far-right opinions, but was actually an invention controlled by the Internet Research Agency, a Russian government-funded troll farm and not a living, breathing person.

Sowing chaos

Trolls often don’t care about the issues as much as they care about creating division and distrust. For example, researchers in 2018 concluded that some of the most influential accounts on both sides of divisive issues, like Black Lives Matter and Blue Lives Matter, were controlled by troll farms.

More than just fanning disagreement, trolls want to encourage a belief that truth no longer exists. Divide and conquer. Distrust anyone who might serve as a leader or trusted voice. Cut off the head. Demoralize. Confuse. Each of these is a devastating attack strategy.

Even as a social media researcher, I underestimate the degree to which my opinion is shaped by these attacks. I think I am smart enough to read what I want, discard the rest and step away unscathed.

Still, when I see a post that has millions of likes, part of me thinks it must reflect public opinion. The social media feeds I see are affected by it and, what’s more, I am affected by the opinions of my real friends, who are also influenced.

The entire society is being subtly manipulated to believe they are on opposite sides of many issues when legitimate common ground exists.

I have focused primarily on US-based examples, but the same types of attacks are playing out around the world. By turning the voices of democracies against each other, authoritarian regimes may begin to look preferable to chaos.

Platforms have been slow to act. Sadly, misinformation and disinformation drives usage and is good for business.

Failure to act has often been justified with concerns about freedom of speech. Does freedom of speech include the right to create 100,000 fake accounts with the express purpose of spreading lies, division and chaos?

Taking control

So what can you do about it? You probably already know to check the sources and dates of what you read and forward, but common-sense media literacy advice is not enough.

First, use social media more deliberately. Choose to catch up with someone in particular, rather than consuming only the default feed.

You might be amazed to see what you’ve been missing. Help your friends and family find your posts by using features like pinning key messages to the top of your feed.

Second, pressure social media platforms to remove accounts with clear signs of automation. Ask for more controls to manage what you see and which posts are amplified. Ask for more transparency in how posts are promoted and who is placing ads. For example, complain directly about the Facebook news feed here or tell legislators about your concerns.

Third, be aware of the trolls’ favorite issues and be skeptical of them. They may be most interested in creating chaos, but they also show clear preferences on some issues.

For example, trolls want to reopen economies quickly without real management to flatten the COVID-19 curve. They also clearly supported one of the 2016 US presidential candidates over the other. It’s worth asking yourself how these positions might be good for Russian trolls, but bad for you and your family.

Perhaps most importantly, use social media sparingly, like any other addictive, toxic substance, and invest in more real-life community building conversations. Listen to real people, real stories and real opinions, and build from there. The Conversation

By: Jeanna Matthews, Full Professor, Computer Science, Clarkson University

Source: https://www.sciencealert.com/

bevtraders-2

Anonymous Hackers Target TikTok

1

This has been a week that TikTok—the Chinese viral video giant that has soared under lockdown—will want to put quickly behind it. The ByteDance-owned platform was under fire anyway, over allegations of data mishandling and censorship, but then a beta version of Apple’s iOS 14 caught the app secretly accessing users’ clipboards and a backlash immediately followed.

Whether India had always planned to announce its ban on TikTok, along with 58 other Chinese apps, on June 29, or was prompted by the viral response to the iOS security issue is not known. But, as things stand, TikTok has been pulled from the App Store and Play Store in India, its largest market, and has seen similar protests from users in other major markets around the world, including the U.S.

One of the more unusual groups campaigning against TikTok is the newly awakened Anonymous hactivist group. As ever with Anonymous, it’s difficult to attribute anything to the non-existent central core of this loosely affiliated hacker collective, but one of the better followed Twitter accounts ostensibly linked to the group has been mounting a fierce campaign against TikTok for several weeks, one that has now gained prominence given the events of the last few days.

The account linked to a story that has been doing the rounds in recent days, following a Reddit post from an engineer who claimed to have “reverse engineered” TikTok to find a litany of security and privacy abuses. There has been no confirmation yet as to the veracity of these allegations, and TikTok did not provide any comment on the claims when I approached them.

The original issue that prompted Anonymous to target TikTok appears to be the “misrepresentation” of Anonymous on TikTok itself, with the setting up of an account. “Anonymous has no TikTok account,” the same Twitter account tweeted on June 6, “that is an App created as spyware by the Chinese government.”

Those affiliated with Anonymous take exception to copycat accounts, which is complicated by the lack of any central function. In the aftermath of the Minneapolis Police story, someone affiliated with the group took exception to a Twitter account that was monetising the brand, telling me: “We do not appreciate false flag impersonations. There will be consequences.”

This has now become an interesting collision of two completely different viral stories in their own right. Anonymous hit the headlines a month ago, when the “group” seemed to mount a comeback in the wake of the killing of George Floyd. A video posted on Facebook threatened to “expose the many crimes” of the Minneapolis Police unless the officers responsible were held to account.

There have been various stories since then, with reports of DDoS attacks on police service websites, the hacking of data and even the compromise of radio systems. But, as ever, with Anonymous, it is always critical to remember that you are seeing that loose affiliation of like-minded individuals, with Anonymous used as a rallying cry and an umbrella for claims and counter-claims. Attribution, as such, is not possible.

This also puts TikTok in the somewhat unique position of having united various governments, including the U.S., and Anonymous behind the same cause.

For TikTok, whether there is any hacking risk following these social media posts we will have to wait and see. Again, you have to remember the way this works. A rallying call has gone out to like-minded hacking communities worldwide. A target has been named and shamed. It would not be a surprise if claims of hacks or DDoS website attacks followed. That’s the patten now.

So, why does this matter? Well, it’s one thing for the U.S. government or even the Indian government to warn hundreds of millions of users about the dangers of TikTok, but various celebrities and influencers have also been swayed by the latest claims and have publicly expressed their concerns. Anonymous is a viral movement that is targeting some of the same user base that has driven TikTok’s growth. It is campaigning against TikTok, and that campaign will drive its own viral message.

And while until now that user base has remained steadfastly resilient to any of those warnings, sticking with the video sharing app in droves, you can start to get the feeling now that come of this might stick. It’s subtle, and it’s always risky to judge the world by the twitter-sphere, but there’s a change now in the wind.

Follow me on Twitter or LinkedIn.

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, and analyze breaking security and surveillance stories. Contact me at zakd@me.com

Source: https://www.forbes.com

GM-980x120-BIT-ENG-Banner

Today we’re talking about the anonymous organization, what is it, and why they’re back for the Minneapolis police department…don’t forget to like, comment, and subscribe for new videos twice a week! STALK ME! ♡ (no seriously…do it)

FCC Calls Chinese Telecom Giants Huawei, ZTE Threats To National Security

1

The Federal Communications Commission has officially designated Chinese telecommunications companies Huawei and ZTE as threats to U.S. communications networks, claiming the companies have close ties to the Chinese government and its military services.

In a statement, FCC Chairman Ajit Pai noted that the two telecom equipment makers posed a risk to America’s 5G future “based on the overwhelming weight of evidence.”

Pai added that both companies are “broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services.”As a result of the order, U.S. telecom companies cannot use the FCC’s $8.3 billion subsidy fund to purchase any equipment made by the two companies.

 

The move is likely to affect rural network providers who rely on the FCC’s subsidies and have purchased equipment from the Chinese makers in the past, as it can be cheaper than ones built by European companies like Ericsson and Nokia.

In May, the agency had invited public comments on how it could reimburse carriers who chose to remove and replace existing Huawei and ZTE products in their networks.

GM-980x120-BIT-ENG-Banner

Critical Quote

“We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure,” FCC Chairman Pai said in a press release.

Key Background

The FCC had voted unanimously last year to prevent telecom equipment makers it deemed to be threats from receiving money from its Universal Service Fund, which is earmarked for expanding internet access to underserved regions of the country. The Trump administration has pushed countries around the world to not use network equipment from Chinese manufacturers in their next-generation 5G wireless networks. Following pressure from Washington, the U.K. government on Tuesday indicated that it would reconsider its decision to allow Huawei to supply 5G technology to the country.

Following the U.K. government’s initial decision in February, Attorney General William Barr had suggested that the U.S. should consider acquiring a controlling stake in European telecom equipment makers Nokia and Ericsson to “blunt” Huawei’s “drive to domination.” Later in February, the U.S. Senate had voted unanimously to pass a bill that banned the purchase of telecom equipment from Chinese manufactures like Huawei and ZTE. The bill, which was signed and enacted by the President in March, also included $1 billion in funding to help rural telecom providers “rip and replace” existing equipment from the Chinese manufacturers.

Follow me on Twitter. Send me a secure tip.

I am a Breaking News Reporter at Forbes, with a focus on covering important daily news stories, tech policy and digital media platforms. Graduated from Columbia University with an MA in Business and Economics Journalism in 2019. Worked as a journalist in New Delhi, India from 2014 to 2018. Have a news tip? DMs are open on Twitter @SiladityaRay.

Source:

FCC chairman Ajit Pai talks to FOX Business’ Lou Dobbs about telecom using taxpayer money to buy from companies that pose security risks to the United States FOX Business Network (FBN) is a financial news channel delivering real-time information across all platforms that impact both Main Street and Wall Street. Headquartered in New York — the business capital of the world — FBN launched in October 2007 and is the leading business network on television, topping CNBC in Business Day viewers for the second consecutive year. The network is available in more than 80 million homes in all markets across the United States. Owned by FOX, FBN has bureaus in Chicago, Los Angeles, Washington, D.C., and London.
Subscribe to Fox Business! https://bit.ly/2D9Cdse
Watch more Fox Business Video: https://video.foxbusiness.com
Watch Fox Business Network Live: http://www.foxnewsgo.com/
Watch full episodes of FBN Primetime shows Lou Dobbs Tonight: https://video.foxbusiness.com/playlis…
Follow Fox Business on Facebook: https://www.facebook.com/FoxBusiness
Follow Fox Business on Twitter: https://twitter.com/foxbusiness
Follow Fox Business on Instagram: https://www.instagram.com/foxbusiness

Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users

1

As I reported on June 23, Apple has fixed a serious problem in iOS 14, due in the fall, where apps can secretly access the clipboard on users’ devices. Once the new OS is released, users will be warned whenever an app reads the last thing copied to the clipboard. As I warned earlier this year, this is more than a theoretical risk for users, with countless apps already caught abusing their privacy in this way.

Worryingly, one of the apps caught snooping by security researchers Talal Haj Bakry and Tommy Mysk was China’s TikTok. Given other security concerns raised about the app, as well as broader worries given its Chinese origins, this became a headline issue. At the time, TikTok owner Bytedance told me the problem related to the use of an outdated Google advertising SDK that was being replaced.Well, maybe not.

With the release of the new clipboard warning in the beta version of iOS 14, now with developers, TikTok seems to have been caught abusing the clipboard in a quite extraordinary way. So it seems that TikTok didn’t stop this invasive practice back in April as promised after all.

According to TikTok, the issue is now “triggered by a feature designed to identify repetitive, spammy behavior,” and has told me that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.” In other words: We’ve been caught doing something we shouldn’t, we’ve rushed out a fix.

TikTok also told me that the platform “is committed to protecting users’ privacy and being transparent about how our app works.” No comment on that one. TikTok added that it “looks forward to welcoming outside experts to our Transparency Center later this year.”

According to TikTok, the issue is now “triggered by a feature designed to identify repetitive, spammy behavior,” and has told me that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.” In other words: We’ve been caught doing something we shouldn’t, we’ve rushed out a fix.

728x90

TikTok also told me that the platform “is committed to protecting users’ privacy and being transparent about how our app works.” No comment on that one. TikTok added that it “looks forward to welcoming outside experts to our Transparency Center later this year.”

When I covered the original TikTok clipboard issue, the company was adamant it was not their problem and related to an outdated library in their app. “The clipboard access issues,” a spokesperson told me, “showed up due to third-party SDKs, in our case an older version Google Ads SDK, so we do not get access to the information through this (presumably they do but we cannot speak to that). We are in the processes of updating so that the third-party SDK will no longer have access.”

TikTok assured me it was being fixed and questioned coverage that suggested this was an issue. “It’s a Google Ads SDK issue,” they assured again in a later email, “so we need to make the change in which version of that SDK we use. TikTok does not get access to the data, but we are updating regardless to resolve it.”

Now Apple’s welcome iOS 14 security and privacy changes have caught them red-handed still doing something they shouldn’t. Something they said was fixed. TikTok isn’t alone—other apps will now need to change deliberate or inadvertent clipboard access. But TikTok is the highest profile and most totemic of the apps caught out, given its prior coverage and wider issues.

The most acute issue with this vulnerability is Apple’s universal clipboard functionality, which means that anything I copy on my Mac or iPad can be read by my iPhone, and vice versa. So, if TikTok is active on your phone while you work, the app can basically read anything and everything you copy on another device: Passwords, work documents, sensitive emails, financial information. Anything.

Earlier in the year, when TikTok was first exposed, the security researchers acknowledged that there was no way to tell what the app might be doing with user data, and its abuse was lost in the mix of many others. Now it’s feeling different. iOS users can relax, knowing that Apple’s latest safeguard will force TikTok to make the change, which in itself shows how critical a fix this has been. For Android users, though, there is no word yet as to whether this is an issue for them as well.

“Apple dismissed the risks that we highlighted and explained that iOS already had mechanisms to counter all of the risks,” the researchers told me earlier this week. “But the mechanisms that Apple provided were not effective to protect user privacy.” Following their initial report, they explained, “there was a tremendous public interaction with the topic—not only iOS users, but also Android users demand more restriction and transparency about the apps that use the system-wide clipboard.”

Apple originally dismissed the clipboard vulnerability as an issue, and only provided a fix after significant media coverage of the security research. This latest news shows just how important a fix that will be.

All iPhone users should update to the latest version of TikTok as soon as it’s released—and given it is actively reading your clipboard, you might want to bear that in mind while using the app ahead of that update.

Follow me on Twitter or LinkedIn.

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection

Source: https://www.forbes.com

Senators call for a security probe into TikTok and Trevor takes issue with a new version of the “Alphabet Song”.
Subscribe to Comedy Central UK: http://bit.ly/1gaKaZO
Check out the Comedy Central UK website: http://bit.ly/1iBXF6j
Get social with Comedy Central UK: Twitter: https://twitter.com/ComedyCentralUK Facebook: https://www.facebook.com/comedycentraluk

Google Cloud BrandVoice: Building IT Security Requires Improving Teams

But when technology improves, enterprises aren’t the only ones to experience innovation increases. Hackers and other bad actors can be pretty innovative too. This is one reason it’s hard to go more than a few weeks without seeing some new data breach, malware risk, or cybercrime in the headlines.

Successful digital transformation boils down to leveraging technology to produce business outcomes, which is a simple idea. But deploying, connecting, protecting, and maintaining those technologies can be enormously complex, making it easy to accidentally expose security vulnerabilities or to react too slowly to a sudden advance in attackers’ capabilities.

As much as conversations about digital transformation can focus on finding the right kinds of programmers or the right kinds of data scientists, it’s equally important to emphasize that digital transformation requires the right kind of security professionals.

The right people can be hard to find

The need for security professionals is not new. In fact, security is one of the fastest growing job fields, and not just in IT. According to the 2019 (ISC)² Cybersecurity Workforce Study, going forward, there will be 10,000 cybersecurity professionals for every 100,000 U.S.-based establishments.

And yet, for all of this need, this CSIS survey showed that 82% of employers report a shortage of cybersecurity skills, with 314,000 additional cybersecurity professionals needed as of January 2019, despite the 716,000 such professionals already in the field.

Think about that: It’s as if every single person in Denver were already working in IT security, but because the job is so big, we need everyone in St. Louis to pitch in as well. That is a huge need and a huge shortage.

So what’s causing this shortfall? A large part of it is that the professionals in these roles are bogged down by manual work. Between patching servers, maintaining security infrastructure, updating security configurations, and collecting and analyzing data, there’s hardly any time left to design proactive cybersecurity.

Free your cybersecurity professionals with the cloud

As with so many issues in the modern workplace, improvements to this “people problem” lie in the cloud. Most notably, cloud providers maintain and secure the underlying infrastructure, relieving you of some of the more time-consuming manual tasks of infrastructure management.

The cloud provides security by default with systems that simplify IT resource configuration, deployment, and operation throughout the organization. This frees security professionals to concentrate on tasks that are a better use of their time and skills, like designing and modifying security policies, auditing access to critical systems, classifying business-critical content, and investigating anomalous activity through a business lens.

But the cloud offers more than just time. Many cloud providers offer tools and guidance to help users secure their apps and data by letting security teams determine which data is sensitive, who should have access to what, and how to translate the organization’s security and regulatory policy to controls. And since the cloud is exposed to users as software and APIs, automation becomes much simpler, resulting in more consistency at scale with fewer opportunities for human errors.

But the cloud offers more than just time. Many cloud providers offer tools and guidance to help users secure their apps and data by letting security teams determine which data is sensitive and who should have access to what. Moreover, since the cloud is exposed to users as software and APIs, automation becomes much simpler, resulting in more consistency at scale with fewer opportunities for human errors.

Overcoming the skills gap

In addition to the “people problem,” modern security workforces also find themselves facing a “skills problem.” Security threats are always evolving, as are the solutions and tools, which means that many established security professionals can’t keep up with the skills they need to detect and address new types of attacks. The longer it takes to find solutions, the more productivity may suffer across the organization.

On a deeper level, knowledge of the latest skills is essential to strong DevSecOps. The basic concept of DevSecOps is to build apps with security in mind from the start, rather than the traditional tactic of designing security in toward the end of development or bolting it on after systems and apps are built. Executing this requires a deep knowledge of security skills and tools that grows throughout the development process.

The cloud helps overcome these issues by providing access to the latest technological advancements and giving professionals access to the latest tools without the constant need to acquire and retrain.

Security professionals can also use the cloud to drive DevSecOps by embracing the best practices embedded into cloud-based tools. For example, Google Cloud offers vulnerability scanning, deploy-time controls, and configuration management—tools that underpin Google’s own best practices for develop-and-deploy processes. With tools like these, security experts can set up strong security practices from the start that persist throughout the project’s life cycle.

Building better security professionals

IT security is only going to become more essential as businesses rely more on technology for innovation and competitive advantage, and the need for professionals who are equipped for the challenge is going to grow as well.

Fortunately, with cloud-based security tools and a healthy amount of security by default, not only can security professionals continue to do their jobs effectively even as the landscape changes, but the next generation of experts will likely already be trained on cloud-based tools. That leaves the major people and skills problems in the IT landscape to those who haven’t taken advantage of the cloud.

Discover how the highest performers scale DevOps to maximize success. Get the latest “Accelerate State of DevOps Report.”

Rob Sadowski is the Trust & Security Product Lead for Google Cloud at Google. He is responsible for creating and delivering Google Cloud’s security message, spanning platforms, applications, and connected devices. Prior to joining Google, he held multiple senior roles in strategy and marketing at RSA Security, a Dell / EMC Company and came to RSA as part of the team that drove the creation of EMC’s Security division. He is a former member of the PCI Security Standards Council Board of Advisors and has been an expert commentator on security issues to global media outlets including CNN, USA Today, the Financial Times, NPR, Fox Business, and CNBC.

Source: Google Cloud BrandVoice: Building IT Security Requires Improving Teams

Please follow my instagram: http://instagram.com/arminhamidian67

%d bloggers like this: