New laws passed in Utah and Virginia provide consumers with the right to access and delete some of their personal data and opt out of data collection under certain circumstances. In this blog post for Avast, I examine the differences among the various states that have enacted data privacy laws.
Enterprise choices for virtual private networks (VPNs) used to be so simple. You had to choose between two protocols and a small number of suppliers. Those days are gone. Thanks to the pandemic, we have more remote workers than ever, and they need more sophisticated protection. And as the war in Ukraine continues, more people are turning to VPNs to get around blocks imposed by Russia and other authoritarian governments,
A VPN is still useful and perhaps essential to a modern mostly remote workplace. In this post for CSO, I describe these scenarios, what security researchers have found about how VPNs leak data or have other privacy issues, and what you should look for if you intend to deploy them across your enterprise.
The Payment Card Industry Data Security Standards (PCI DSS) organization has made a series of updates to its standards with its latest version 4.0. It contains several important improvements, perhaps the most important change is the expansion of encryption and MFA requirements to protect all accounts that have access to cardholder data. I describe these developments in my post for Avast’s blog here.
Since I last wrote about the NSO Group’s Pegasus mobile spyware last summer, there have been several new developments that show just how insidious the software is and how pervasive its use around the world.
Pegasus can be placed directly onto a target’s smartphone without any user interaction and can then start tracking a phone’s location and operations. Last year a consortium of journalists revealed who was using the spyware after doing extensive forensic research on dozens of phones. This resulted in the US Commerce Department putting NSO on a block list, the DoJ beginning investigations and Apple suing the company. Then we saw two developments from last December: first, Apple notified a bunch of US State Department employees in Uganda that their phones have been hacked. And Pegasus was found to be used to track Jamal Khashoggi and residue was found on one of his wives’ phones.
There were other reports that the FBI had tried out Pegasus but didn’t actively use it, or at least not that anyone could prove. And that a security researcher had decompiled several code samples and documentation.
Just recently, the Citizen Lab — one of the research groups involved in last summer’s project — found more cases of Pegasus used on dozens of Catalan phones, probably at the direction of various government entities in Spain. One of the researchers found a previously-unknown iOS zero-click exploit. The more we find out about Pegasus, the more I am convinced this tool spells trouble.
Again, I want to emphasize that your chances of getting infected with Pegasus are very, very low. But it does seem to crop up frequently enough, and now in places that you would think would be curious as they are free, democratic countries. NSO representatives continue to maintain that they carefully vet their potential customers and say its software is intended to investigate terrorists and potential criminals. But given that its residue has been found on phones of political figures, journalists and human rights workers, I wonder how careful this vetting process really is.
In this post for Avast’s blog, I provide details about the problems with this SDK and things to watch out for when you download your next app.
Malware group FIN7 is once again on the move, leveraging software supply chains, remote program execution methods, and stolen credentials to deliver ransomware to enterprise networks. The group goes by several different names and is adept at using various backdoor tools to worm their way into corporate networks. You can see the various malware programs that have been attributed to FIN7 over the past two years in the diagram below from Mandiant.
You can read more about their exploits in my latest blog for Avast here.
Security researchers have uncovered a new series of threats that are targeting uninterrupted power supply (UPS) units. These threats can result in malware attacking the computers connected to the same networks through a variety of clever mechanisms.
The three threats affect most of the Smart UPS line of APC backup power supplies that are widely used by larger enterprise customers. I write about this for Avast’s blog here.
Not every organization that needs a security operations center can afford to equip and staff one. If you don’t currently have your own SOC, you are probably thinking of ways you can obtain one without building it from scratch. The on-premises version can be pricey, more so once you factor in the staffing costs to man it 24/7. In the past few years, managed security service providers (MSSPs) have come up with cloud-based SOCs that they use to monitor your networks and computing infrastructure and provide a wide range of services such as patching and malware remediation.
Since I first wrote this piece back in 2019, the SOC-as-a-service (SOCaaS) industry has matured to the point now where the term is falling into disfavor as managed services vendors have become more integral to the practice. As cloud-based security tools have gotten better, data centers and applications have migrated there as well. Some of the services I discuss in this updated article fo CSOonline call themselves SOCaaS, while others use other managed services designations. I cover what they offer and how to pick the right supplier for your particular needs.
And to help you evaluate your own SOCaaS providers, I wrote this 2019 article that outlines what you should have in your RFPs.
A marketing firm asked 1,250 small business owners (with fewer than 500 employees) about their cybersecurity practice, and the results are pretty staggering. They largely show that most aren’t doing much to prepare for potential attacks, and for those that have done some work, it often falls far short.
Nearly half of the business owners surveyed don’t have any defensive measures in place, and a third have no protection whatsoever against cyberattacks. And less than a third have implemented regular data backups or made use of secured networks, two of the reasons why ransomware continues to be effective. You can read my analysis in Avast’s blog here.
A man-in-the-middle (MITM) attack consists of a victim, a website the victim would like contact with (such as a bank), and the attacker. The attacker inserts themselves between the victim and the targeted website with the intention to steal personal information such as login credentials, or bank account and credit card numbers. MITMs have consistently been an active development strategy for hackers.
I wrote about this for Avast’s blog here. One way to prevent this exploit is to use a secure browser (such as one from Avast or Brave).