Hancitor (AKA CHanitor, Tordal) is a popular macro-based malware distributed via malicious Office documents delivered through malspam. In the latest campaigns, particularly active between October and December 2020, the malware has been distributed via DocuSign-themed emails asking the victims to review and sign a document. The fake DocuSign link downloads a Microsoft Word document whose malicious macro, once enabled, installs the Hancitor malware.

Every cloud has its own identity and access management system. AWS and Google use a bunch of JSON files specifying various rules. Open source projects like Kubernetes support three concurrent access control models - attribute-based, role-based and a webhook access control, all expressed using YAML. Some teams are going as far as inventing their own programming language to solve this evergreen problem.

The key to successfully implementing DevOps practices is relationships. It’s about breaking down the existing silos between different functions that deliver software, like development and operations. These functions need to work toward a common goal, efficient software delivery.

To celebrate International Women’s Day on March 8 and the upcoming Day of Shecurity conference on March 23, I guest hosted the Lookout podcast Endpoint Enigma for an episode. I enlisted the support of my colleague Victoria Mosby to share our experiences navigating the cybersecurity sector. In addition to working as a federal sales engineer at Lookout, Victoria is also an active member of the Lookout Foundation and the Day of Shecurity initiative.

Business Email Compromise (BEC) scammers, who have made rich returns in recent years tricking organisations into transferring funds into their accounts, have found a new tactic which attempts to swindle Wall Street firms out of significantly larger amounts of money. According to a newly published-report by Agari, scammers are seeking to defraud Wall Street businesses and their customers out of US $809,000 on average per incident.

Yieldstreet is an alternative investments platform that strives to democratize access to financial products historically only available to institutional investors. With Yieldstreet, there are investment opportunities available to both accredited and non-accredited investors looking to invest in funds in the litigation finance, marine finance, and art finance asset classes.

Video game security risks are on the rise. Building security into your software development life cycle can help protect your reputation and customers. You’re supposed to have fun and relax when you’re playing video games—maybe with a bit of self-generated competitive stress. What you’re not supposed to do is have to worry about a hacker stealing your personal and financial information.

Workplace collaboration has been steadily evolving from sharing of information through simple email attachments to more sophisticated cloud-based applications sharing. In the business world, where every organization is garnering unique business practices to gain a competitive edge, data is the king. This means that data has to be shared between organizations, where both mutually benefit. Access to the right information adds clarity and helps in faster decision-making.

Any organization with data assets is a possible target for an attacker. Hackers use various forms of advanced cyberattack techniques to obtain valuable company data; in fact, a study by the University of Maryland showed that a cyberattack takes place every 39 seconds, or 2,244 times a day on average. This number has increased exponentially since the COVID-19 pandemic forced most employees to work remotely, and drastically increased the attack surface of organizations around the world.

ESG research on cyber risk management, which involved 340 cybersecurity professionals, revealed that 40 percent felt tracking patch and vulnerability management over time was their biggest challenge.