By consolidating data from different sources, XDR positions itself as an attack-centric tool and not a role-centric tool, which Prateek Bhajanka, senior principal analyst at Gartner, says helps it to detect attacks from anywhere.
Enterprises should have an incident response plan with a continuous monitoring threat intelligence sharing mechanism to help protect critical infrastructure from nation-state attacks, says Jayesh Ranjan, principal secretary-IT, government of Telangana
Networks are fundamentally changing as a result of data being used across cloud environments. So security must be built into networks to improve mitigation of cyberthreats, says Nick Savvides, senior director of strategic business, APAC, at Forcepoint.
France's privacy regulator has hit retail giant Carrefour with a $3.7 million fine for violating privacy laws, including GDPR. It's accused of failing to make privacy policies easy to understand, placing advertising cookies without consent and retaining customer data for unreasonable periods of time.
This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act.
Trickbot malware has been updated with a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities, according to a report from the security firms Eclypsium and Advanced Intelligence. These flaws, if exploited, can give an attacker the ability to brick a device.
CISA, citing a new report by IBM, is warning organizations involved in COVID-19 vaccine production and distribution of a global phishing campaign targeting the cold storage and transport supply chain. Many vaccines in development must be kept at low temperatures before being administered.
It's not yet clear what action the state of Kerala will take now that it has abruptly withdrawn Section 118A of the Kerala Police Act, which was intended to help prevent social media abuses, including attacks on women and children.
Microsoft is revamping its controversial "productivity score" in Microsoft 365 so that individual workers can no longer be tracked. The move follows warnings by privacy advocates that the feature was a step too far into the realm of workplace surveillance.
Twenty-five countries are likely using spyware sold by a company called Circles that can snoop on mobile phone calls and text messages, according to The Citizen Lab, a research organization based at the University of Toronto.
Social media poses special risks for minors. Data scientist David Stier, who has discovered leaks of minors' personally identifiable information on Instagram, shares insights on how social media companies should better protect PII.
Interpol the international law enforcement organization, is warning of a potential surge in organized crime activity tied to COVID-19 vaccines. The alert follows recent reports of spikes in alleged cyberattacks by suspected North Korean hackers against companies working on vaccines and treatments.