Microsoft Buys Corp.com So Bad Guys Can’t

Credit to Author: BrianKrebs| Date: Tue, 07 Apr 2020 12:34:48 +0000

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing have shown whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. This week, Microsoft Corp. agreed to buy the domain in a bid to keep it out of the hands of those who might abuse its awesome power.

Read more

Do’s and don’ts of videoconferencing security

Credit to Author: Keith Shaw| Date: Tue, 07 Apr 2020 03:00:00 -0700

When any technology sees its popularity increase quickly, the number of bad actors taking advantage of new and untrained users also grows. The world is seeing this now with videoconferencing services and applications, as reports about the popular Zoom app being hijacked — known as “Zoom-bombing” — have surfaced.

With multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language, the FBI’s Boston office recently issued a warning for users of videoconferencing platforms about the incidents. Security expert and investigative journalist Brian Krebs provided details on Zoom’s password problems and how hackers were able to use “war dialing” methods to discover meeting IDs and passwords for Zoom meetings.

To read this article in full, please click here

Read more

Dumb luck?

Credit to Author: Sharky| Date: Tue, 07 Apr 2020 03:00:00 -0700

This pilot fish is an engineer setting up control systems for power plants, and one day he has a disagreement with an IT manager at one of his clients. Topic: complex passwords. There’s a push on throughout the IT world to make passwords more complex.  

But fish’s point is that that advice isn’t valid when you have an air gap between the control systems and any other network. In fact, fish tells the manager, when it comes to internal hacking, complex passwords are more risky than no password at all because people never remember complex passwords and have to write then down on sticky notes. The manager says that would never happen at his plant — people know better.

To read this article in full, please click here

Read more

Zoom clamps down further on security weaknesses

Credit to Author: Matthew Finnegan| Date: Mon, 06 Apr 2020 11:45:00 -0700

Zoom, which on Friday stopped development of new product features so it could focus on fixing various privacy and security issues, clamped down even further on security weaknesses over the weekend.

The company on Saturday switched on default password settings and waiting rooms for users of its Free Basic tier and those with a single account on its cheapest paid tier, such as K-12 eduction accounts. All meetings that use a Personal Meeting ID (PMI) will now need a password, and password settings that had been disabled will be re-enabled. As a result, passwords will be required for instant meetings, for participants joining by phone and when a new meeting is scheduled.

To read this article in full, please click here

Read more

Protecting your data and maintaining compliance in a remote work environment

Credit to Author: Todd VanderArk| Date: Mon, 06 Apr 2020 16:00:44 +0000

Business continuity is an imperative, and you must rely on your employees to stay connected and productive outside of the traditional digital borders of business. In doing so, identifying and managing potential risks within the organization is critical to safeguarding your data and intellectual property (IP), while supporting a positive company culture.

The post Protecting your data and maintaining compliance in a remote work environment appeared first on Microsoft Security.

Read more

Turning collaboration and customer engagement up with a strong identity approach

Credit to Author: Todd VanderArk| Date: Mon, 06 Apr 2020 16:00:03 +0000

Balancing friction-less collaboration and highly targeted engagement with privacy and security is not easy, but you don’t have to go it alone.

The post Turning collaboration and customer engagement up with a strong identity approach appeared first on Microsoft Security.

Read more