The Babuk ransomware group's decryption tool is riddled with major coding errors that have "led to a situation in which files could not be retrieved, even if payment was made," report McAfee and Northwave security experts. These coding flaws appear to have forced Babuk's operation to avoid encryption and turn to data exfiltration-focused extortion efforts, experts report.
New artificial intelligence systems read people's lips by deciphering visemes -- the movements associated with speech. The technology can be useful for noisy situations, patients with vocal cord impairments and movie subtitling, but also raises concerns about corporate surveillance and deepfake production.
The Grief ransomware operation is reportedly the latest manifestation of DoppelPaymer, with security researchers citing striking similarities between the two, including a common file format and distribution channel. "Ransomware threat groups often rebrand the name of the malware as a diversion," notes a ZScaler blog post.
Osmos, a startup focused on streamlining data collaboration, has secured $13 million, emerging from stealth. "Companies are moving more infrastructure to the cloud and investing in more efficient systems to make their teams more productive, and Osmos helps streamline one of the most manual and inefficient processes for engineering teams -- dealing with external data on an ongoing basis," notes Kirat Pandya, Osmos CEO and co-founder.
Readers of Alison Green's "Ask a Manager" website explain why they'd quit, or have already done so, if forced back to offices full-time after experiencing the benefits of remote working. Green notes the pandemic has prompted a shift in employee expectations, their relationships with employers and their priorities in life.
Bryan Vorndran, assistant director of the FBI's cyber division, urged lawmakers not to ban ransomware payments to cybercriminals in a Senate Judiciary Committee hearing on the issue, saying a ban on paying ransoms would set up companies for blackmail. Sen. Sheldon Whitehouse, D-R.I., warned that cybersecurity regulations may be on the way if "critical infrastructure companies" continue failing to meet basic data protection standards.
The Cyber, Innovative Technology and Information Systems Subcommittee of the US House Armed Services Committee is calling for an audit of the Defense Department IT portfolio to pinpoint legacy systems, according to draft legislation. The proposal is a result of subcommittee members' discontent with how the Pentagon tracks its IT systems.
Penetration testing is an essential element of a comprehensive security program. It can find vulnerabilities, identify potential security issues and validate that security controls have been properly implemented and are operating in an effective manner. But as organizations expand their reliance on cloud technologies, the way penetration testing is executed must change. The CompTIA Blog explains how to address these new challenges.
More and more organizations support a distributed workforce and are rapidly transitioning to cloud applications, also known as software-as-a-service (SaaS), to provide anywhere access at any time. Despite a massive opportunity, many IT solution providers come up short when trying to bring SaaS applications to market. CompTIA's Business Applications Advisory Council has created "The Cloud Applications Playbook" to offer guidance to IT solution providers and SaaS vendors looking to distribute and sell cloud applications through the IT channel. Visit the CompTIA Resource Center to download the playbook.