COVID-19: Latest Security News & Commentary

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

Dark Reading Staff, Dark Reading

November 19, 2020

37 Min Read
Image Source: CDC Newsroom Image library


Security Hiring Plans Remain Constant Despite Pandemic
Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.

Malware Hidden in Encrypted Traffic Surges Amid Pandemic
Zscaler says attacks involving the use of SSL/TLS encryption jumped 260% in the first nine months of 2020 compared to the same period last year.

Cloud Usage, Biometrics Surge As Remote Work Grows Permanent
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.

How COVID-19 Changed the VC Investment Landscape for Cybersecurity Companies
What trends can startups and investors expect to see going forward?

The One Critical Element to Hardening Your Employees' Mobile Security
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.

Prepare for the Unexpected: Costs to Consider in Security Budgets
Organizations that update business models to include cybersecurity as part of a strategic planning process may be able to better withstand unexpected disruptions.

6 Cybersecurity Lessons From 2020
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.

Fraud Prevention Strategies to Prepare for the Future
While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.

As Businesses Go Remote, Hackers Find New Security Gaps
Improper access control, information disclosure, and SSRF are among the most impactful, and most awarded, security flaws found this year.

Rethinking Security for the Next Normal -- Under Pressure
With more organizations shifting to cloud services in the pandemic, experts say the traditionally manual process of securing them will be replaced by automated tools in 2021 and beyond.

Need for 'Guardrails' in Cloud-Native Applications Intensifies
With more organizations shifting to cloud services in the pandemic, experts say the traditionally manual process of securing them will be replaced by automated tools in 2021 and beyond.

Dealing With Insider Threats in the Age of COVID
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.

Are You One COVID-19 Test Away From a Cybersecurity Disaster?
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.

Businesses Rethink Endpoint Security for 2021
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?

Building the Human Firewall
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?

NSS Labs Shuttered
The testing firm's website says it has "ceased operations" as of Oct. 15.

The Ruthless Cyber Chaos of Business Recovery Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.

Security Officers, Are Your Employers Practicing Good Habits from Home?
Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.

Cyberattacks Up, But Companies (Mostly) Succeed in Securing Remote Workforce
Despite fears that the burgeoning population of remote workers would lead to breaches, companies have held their own, a survey of threat analysts finds.

Key Considerations & Best Practices for Establishing a Secure Remote Workforce
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.

Do's and Don'ts for School Cybersecurity Awareness
Remote learning has introduced an array of new cyberthreats to American families and schools, but this can be an educational moment for all involved.

COVID-19 Creates Opening for OT Security Reform
Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.

Since Remote Work Isn't Going Away, Security Should Be the Focus
These three steps will help organizations reduce long-term work-from-home security risks.

Permission Management & the Goldilocks Conundrum
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."

Remote Work Exacerbating Data Sprawl
More than three-quarters of IT executives worry that data sprawl puts their data at risk, especially with employees working from insecure home networks, survey finds.

5 Steps to Greater Cyber Resiliency
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.

Mitigating Cyber-Risk While We're (Still) Working from Home
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.

Struggling to Secure Remote IT? 3 Lessons from the Office
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.

Most Organizations Plan to Make COVID-19 Changes Permanent
After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.

Taking Security With You in the WFH Era: What to Do Next
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.

More Printers Could Mean Security Problems for Home-Bound Workers
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.

Fraud Prevention During the Pandemic
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.

Cyber-Risks Explode With Move to Telehealth Services
The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.

Post-COVID-19 Cybersecurity Spending Update
Security spending growth will slow in 2020, but purse strings are looser than for other areas of IT.

Data Privacy Concerns, Lack of Trust Foil Automated Contact Tracing
Efforts to create a technology framework for alerting people to whether they have been exposed to an infectious disease have been hindered by a number of key issues.

How CISOs Can Play a New Role in Defining the Future of Work
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.

Higher Education CISOs Share COVID-19 Response Stories
Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.

74 Days From the Presidential Election, Security Worries Mount
With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election.

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy
COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.

Banks and the New Abnormal
Banks have hesitated to adopt many strong security practices, and for understandable reasons. But now is the time to be bold.

Newly Patched Alexa Flaws a Red Flag for Home Workers
Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.

How to Control Security Costs During a Down Economy
Three key areas security professionals should watch when managing their budgets.

Cartoon: Zoom in the COVID-19 Era
Keeping your sense of humor during a pandemic.

7 Ways to Keep Your Remote Workforce Safe
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.

CISA Warns of Phishing Campaign with Loan-Relief Lure
Phishing emails and fake website promise help with the Small Business Administration's program that aids those affected by COVID-19.

Secure Development Takes a (Remote) Village
The shift to work from home isn't just about giving your Dev team the physical tools they need.

Using 'Data for Good' to Control the Pandemic
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.

IoT Security During COVID-19: What We've Learned & Where We're Going
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.

Retooling the SOC for a Post-COVID World
Residual work-from-home policies will require changes to security policies, procedures, and technologies.

3 Ways Social Distancing Can Strengthen your Network
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how

Dark Web Travel Fraudsters Left Hurting From Lockdowns
Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on.

Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.

As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.

Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.

7 Summer Travel Security Tips
With staying safe during the pandemic high priority, it's easy to let your guard down about the security of the devices you take along your travels

Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.

VC Investment in Cybersecurity Dips & Shifts with COVID-19
While the pandemic has infected funding for cybersecurity startups, it also has emboldened some startups with innovative tools that secure the wave of at-home work.

CISA Hires Security Experts to Boost COVID-19 Response
The agency brings in expertise from the private sector to improve its technical capabilities and engagement with industry partners.

COVID-19-Related Attacks Exploded in the First Half of 2020
COVID-19 as part of a cyberattack increased by more than 3,900% between February and June.

Cybersecurity Lessons from the Pandemic
How does cybersecurity support business and society? The pandemic shows us.

US Indicts 2 Chinese Nationals for Stealing IP & Business Secrets, Including COVID-19 Research
Pair working on behalf of themselves and China's Ministry of State Security, Justice Department says.

Number of Reported Breaches Decrease In First Half of 2020
With the pandemic as a backdrop, publicly reported US data breaches dropped as more employees and suppliers stayed home.

UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19
The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite the importance of contact tracing, its intent to ignore privacy legislation is extremely worrying.

Keys for a Safe Return to the Post-Quarantine Office
Security teams will need to keep these important considerations in mind as employees make their way back to the workplace.

Russian Cyberattacks Target COVID-19 Research, Vaccine Development
Government agencies in the US, UK, and Canada report Russian group Cozy Bear is targeting organizations developing coronavirus vaccines.

Zero-Trust Efforts Rise with the Tide of Remote Working
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.

A Paramedic's Lessons for Cybersecurity Pros
A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.

As Offices Reopen, Hardware from Home Threatens Security
Devices out of sight for the past several months could spell trouble when employees bring them back to work.

As More People Return to Travel Sites, So Do Malicious Bots
Attacks against travel-related websites are on the rise as the industry begins to slowly recover from COVID-19, new data shows.

Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.

Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.

COVID-19 Puts ICS Security Initiatives 'On Pause'
Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk.

CISA Issues Advisory on Home Routers
The increase in work-from-home employees raises the importance of home router security.

Profile of the Post-Pandemic CISO
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.

3 Ways to Flatten the Health Data Hacking Curve
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.

Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.

5 New InfoSec Job Training Trends: What We're Studying During COVID-19
With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not?

Good Cyber Hygiene in a Post-Pandemic World Starts with Us
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.

Contact Tracing & Threat Intel: Broken Tools & Processes
How epidemiology can solve the people problem in security.

Rethinking Enterprise Access, Post-COVID-19
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.

Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.

Employees Say They're Working From Home Without Security Guidance
Working from home is new for many enterprise employees, yet many say they've received little in the way of new training or technology to keep them safe.

Long-Term Effects of COVID-19 on the Cybersecurity Industry
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.

Healthcare CISOs Share COVID-19 Response Stories
Cybersecurity leaders discussed the threats and challenges that arose during the pandemic, and how they responded, during a virtual roundtable

Most Contact-Tracing Apps Fail Basic Security
A survey of 17 Android applications for informing citizens if they had potential contact with a COVD-19-infected individual finds few have adopted code-hardening techniques.

7 Tips for Employers Navigating Remote Recruitment
Hiring experts explain how companies should approach recruitment when employers and candidates are working remotely.

Collaboration Undermined When Security Teams Work Remotely, Some Argue
Knowledge workers are perfectly suited for remote work, but the benefits of collaboration — and the requirements of proving identity — make fully remote security teams problematic.

IoT Security Trends & Challenges in the Wake of COVID-19
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.

The Future Will Be Both Agile and Hardened
What COVID-19 has taught us about the digital revolution.

What COVID-19 Teaches Us About Social Engineering
Unless we do something proactively, social engineering's impact is expected to keep getting worse as people's reliance on technology increases and as more of us are forced to work from home.

Employees Stream Entertainment on Enterprise Systems During Pandemic
Employees aren't limiting use of their work computers to business purposes while working from home.

The Telehealth Attack Surface
Amid the surge in digital healthcare stemming from the coronavirus pandemic, security is taking a backseat to usability.

Fake COVID-19 Contact-Tracing Apps Infect Android Phones
Researchers find 12 Android applications disguised as official COVID-19 contact tracing apps installing malware onto devices.

3 Ways the Pandemic Will Affect Enterprise Security in the Future
While CISOs have been focused on immediate threats, it's time to look ahead to what a post-COVID-19 future will look like.

CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.

Safeguard Your Remote Workforce
DDoS attacks on VPN servers can not only bring remote work to a standstill but also cut off admins from accessing their systems. Here are three ways to stay safer.

Q&A: Eugene Spafford on the Risks of Internet Voting
Allowing people to cast their ballots online to circumvent coronavirus-related health concerns introduces problems that we simply don't know how to manage, says the Purdue University professor and security leader.

Local, State Governments Face Cybersecurity Crisis
Ransomware hit small government organizations hard in 2019. Now they have to deal with budget cuts, pandemic precautions, social unrest, and the coming election cycle.

The Privacy & Security Outlook for Businesses Post-COVID-19
Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.

Malware Campaign Hides in Resumes and Medical Leave Forms
The campaigns have been part of the overall increase in coronavirus-related malware activity.

Social Distancing for Healthcare's IoT Devices
Security pros need to double down around prevention of lateral movement by attackers, especially if IoT devices are connected to the network.

10 Tips for Maintaining Information Security During Layoffs
Insider cyber threats are always an issue during layoffs -- but with record numbers of home office workers heading for the unemployment line, it's never been harder to maintain cybersecurity during offboarding.

Risk Assessment & the Human Condition
Five lessons the coronavirus pandemic can teach security professionals to better assess, monitor, manage, and mitigate organizational risk.

Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
For now, security teams face freezes in projects and hiring - and budget cuts, security industry analysts say.

Banking on Data Security in a Time of Insecurity
How banks can maintain security and data integrity in the middle of a pandemic.

Bank of America Security Incident Affects PPP Applicants
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.

Digital Distancing with Microsegmentation
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.

Data Loss Spikes Under COVID-19 Lockdowns
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.

Stay-at-Home Orders Coincide With Massive DNS Surge
A variety of sites saw as much as seven times the number of domain requests in late March and early April, suggesting attackers attempted massive denial-of-service attacks.

GDPR Enforcement Loosens Amid Pandemic
The European Union has given some organizations more breathing room to remedy violations, yet no one should think regulators are planning to abandon the privacy legislation in the face of COVID-19.

How to Pay a Ransom
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your organization has fallen victim and is going to pay. Here's how to handle it.

Q&A: Eugene Kaspersky on Tourism, the Pandemic, and Cybersecurity
The CEO and co-founder of eponymously named security vendor has launched a new travel accelerator program amid the COVID-19 crisis.

The Need for Compliance in a Post-COVID-19 World
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.

Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens
The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.

Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
As COVID-19-themed spam rises, phishing—not so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.

Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.

Long-Term Remote Work: Keeping Workers Productive & Secure
The pandemic has changed how we get work done. Now, data security must catch up.

The 3 Top Cybersecurity Myths & What You Should Know
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.

Templates Make Coronavirus Phishing Campaigns Easy
Ready-made website templates make it simple for criminals to create fake government and NGO websites for COVID-19-related phishing campaigns.

Microsoft Open Sources Its Coronavirus Threat Data
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.

Facebook Fails to Staunch Coronavirus Misinformation
The social media giant in April affixed warning labels on 50 million pieces of content

Ensuring Business Continuity in Times of Crisis
Three basic but comprehensive steps can help you and your organization get through adversity.

More Tips for Staying Safe While Working from Home
While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.

Secure Contact Tracing Needs More Transparent Development
Experts worry that without proper planning, today's decisions about developing contact-tracing apps could have unforeseen consequences in the years to come.

Coronavirus, Data Privacy & the New Online Social Contract
How governments can protect personal privacy in contact tracing while saving peoples' lives.

6 Free Cybersecurity Training and Awareness Courses
Most are designed to help organizations address teleworking risks related to COVID-19 scams.

As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints
A majority of firms expect to keep more employees working remotely post-pandemic, forcing businesses to undertake more comprehensive digital and cloud transformations.

DocuSign Phishing Campaign Uses COVID-19 as Bait
The newly discovered campaign lures victims with a supposed file concerning the coronavirus pandemic.

Malicious Bots Infiltrate Online Food Delivery
With grocery delivery in higher demand than ever, new add-ons have emerged to secure slots for consumers, presenting a new pathway for bad bots to wreak havoc.

Now More Than Ever? Securing the Software Life Cycle
The more things change, the more they stay the same. That's true for software security, even in these turbulent times.

Cybersecurity Home School: Garfield Teaches Security
The famous cartoon cat can help kids ages 6 to 11 learn to be more secure when they're online.

7 Ways Parents Can Better Protect Their Online-Gamer Offspring
It's 11 a.m. Are your kids locked in their rooms playing games online?

The Price of Fame? Celebrities Face Unique Hacking Threats
Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.

Half of Companies Have Suffered a Cybersecurity Issue Amid COVID-19 Crisis
Survey shows 49% expect to experience a data breach or cybersecurity incident in the next month.

Attackers Adapt Techniques to Pandemic Reality
Over the past several months, threat actors have quickly shifted their tactics to take advantage of interest in the coronavirus, two studies find.

Post-Pandemic Presentation Plans
Coming to a conference near you -- who knows when.

Stay-at-Home Students Offered Lessons to Boost Cybersecurity
Stuck at home with a primary- or secondary-school student? Organizations from professional training groups to national governments are teaming up to offer virtual cybersecurity training for teens -- in some cases, for free.

How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic
Security pros are banding together to ensure healthcare facilities can focus on saving lives instead of defending against cyber attacks. Here are a few places you can volunteer your services.

7 Tips for Security Pros Patching in a Pandemic
The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.

Fake Microsoft Teams Emails Phish for Credentials
Employees belonging to organizations in industries such as energy, retail, and hospitality have been recipients, Abnormal Security says.

DHS CISA Launches Site for Teleworking Security
The new website is intended to be a one-stop source for information on securing teleworkers and their employers.

Best Practices for Managing a Remote SOC
Experts share what it takes to get your security analysts effectively countering threats from their home offices.

Apple Makes It Easier to Unlock iPhone While Wearing a Mask
The beta release of iOS 13.5 brings an updated FaceID so that users wearing masks can bypass facial recognition and unlock their phone with a code

Industrial Networks' Newest Threat: Remote Users
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.

86% of Companies Report Network Disruption Amid Remote Work Shift
Nearly two-thirds say disruptions were at least moderate in severity, and more have seen VPN connectivity issues as employees work from home.

7 Secure Remote Access Services for Today's Enterprise Needs
Secure remote access is a "must" for enterprise computing today, and there are options for you to explore in the dynamic current environment.

7 Fraud Predictions in the Wake of the Coronavirus
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion

Phishers Start to Exploit Oil Industry Amid COVID-19 Woes
While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.

5 Big Lessons from the Work-from-Home SOC
Accustomed to working in the same room, security teams now must find ways to operate effectively in the new remote reality.

Increased Credential Threats in the Age of Uncertainty
Three things your company should do to protect credentials during the coronavirus pandemic.

Security Pros Reassigned to IT Tasks in Coronavirus Pandemic
Most security practitioners surveyed say their job functions have changed during the pandemic, and 90% are now working remotely full time.

Will the Pandemic Complicate Cyber Insurance Claims?
While quarantined workers are keeping safe at home, they could be jeopardizing your insurance policy.

COVID-19 Quarantine: A Unique Learning Opportunity for Defenders
Use these spare moments at home to master new skills that will help protect your organization and enhance your career.

WHO Confirms Email Credentials Leak
Washington Post had identified the group as one among several whose passwords and emails were dumped online and abused.

Why Consumers, SMBs Are Likely to Fall for Coronavirus Scams
Data reveals both a lack of skepticism and a willingness to engage with emails crafted to seem like government communications.

5 Ways to Prove Security's Worth in the Age of COVID-19
Tightened budgets are placing jobs at risk, but security pros say they're armed with ways to demonstrate that what they're doing merits keeping them employed.

Resiliency: The Trait National Sporting Leagues Share with Security & IT Teams
During unprecedented times such as these, both businesses and professional sports are forced to go back to basics.

White-Hat Hackers Help 'Fold' COVID-19 Proteins
A grassroots effort provides scientists with computing power to help simulate the novel coronavirus' proteins and come up with therapeutic solutions for the disease.

11 Tips for Protecting Active Directory While Working from Home
To improve the security of your corporate's network, protect the remote use of AD credentials.

Domain Registrars Under Pressure to Combat COVID-19-Related Scams
A huge increase in malicious website registrations has prompted concern from US lawmakers.

Is COVID-19 Intensifying the Need for Security Staffing?
Overall, security practitioners should find themselves in a better working situation than many other professionals. However, we are not immune.

Microsoft Proposes Privacy Controls for COVID-19 Contact Tracking, Tracing
As governments broaden use of digital technologies to stem pandemic, sensitive health and location data need to be protected, company says.

Work-from-Home Exposes Already-Infected Machines in 50K US Organizations
Researchers find massive spike in infected enterprises worldwide.

Stimulus Payments Are Popular Leverage for Cyberattacks
More than 4,300 domains related to stimulus and relief packages, many of them malicious, have been registered since January.

COVID-19 Caption Contest Winners
It was a tough choice! And the winner is…

Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.

COVID-Themed Phishing Messages Fill Phishing Filters on Gmail
In the past week, Google says it identified more than 18 million daily phishing messages featuring coronavirus themes.

Cybersecurity Home-School: The Robot Project
This fun project can teach your homebound children and teens about cybersecurity (and keep them occupied for at least a little while).

'Look for the Helpers' to Securely Enable the Remote Workforce
CISOs and CIOs, you are our helpers. As you take action to reassure your company, your confidence is our confidence.

4 Cybersecurity Lessons from the Pandemic
An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus.

Post Pandemic, Technologists Pose Secure Certification for Immunity
Going digital with immunity passports could speed rollout and allow for better warnings of potential hot spots. But security and privacy issues remain.

5 Things Ransomware Taught Me About Responding in a Crisis
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.

Which InfoSec Jobs Will Best Survive a Recession?
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a "cost center." Are infosec careers vulnerable now?

Will Gentler HIPAA Rules on Telehealth Now Protect Us From Breach Litigation Later?
Edge Ask-the Experts Patricia Calhoun and Patricia Carreiro, attorneys at Carlton Fieldsr espond to a reader question. 

Insecure Home Office Networks Heighten Work-at-Home Risks
Nearly one in two organizations has one or more devices accessing its corporate network from a home network with at least one malware infection, BitSight says.

How Company Cultures Dictated Work-from-Home Readiness
Companies large and small are discovering just how prepared they were for all employees to work remotely

7 Ways COVID-19 Has Changed Our Online Lives
The pandemic has driven more of our personal and work lives online – and for the bad guys, business is booming. Here's how you can protect yourself.

Pandemic Could Make Schools Bigger Targets of Ransomware Attacks
Most have had to implement distance learning, making them much more vulnerable, Armor says.

Network Data Shows Spikes, Vulnerability of Work-at-Home Shift
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.

8 Phishing Lures Preying on Pandemic Panic
Phishing campaigns and scams are skyrocketing to take advantage of people concerned about COVID-19 impacts. Here are some key examples in action.

Emails Impersonating Trump, White House Seek to Exploit Pandemic Fears
The phishing campaign is only the latest among many related to COVID-19, INKY says.

Zoom, Microsoft & NTT Data Leaders Share Work-from-Home Security Tips
Tech leaders encourage organizations to maintain security awareness training and offer advice on how to protect their information.

Microsoft Releases COVID-19 Security Guidance
Information includes tips on how to keep IT systems infection-free.

Keeping Vigilant for BEC Amid COVID-19 Chaos
FBI and security experts warn that attackers are particularly targeting cloud-based email systems at the moment.

After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers
While coronavirus-themed emails and files have been used as a lure for weeks, attackers now are searching for ways to actively target VPNs and remote workers to take advantage of weaker security.

The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.

71% of Security Pros See Threats Jump Since COVID-19 Outbreak
Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.

COVID-19 Omdia Analyst Advisory: Security
A listing of free security products and services collected for Dark Reading by Omdia analysts to help you meet the challenges of the coronavirus pandemic.

Phishers Try 'Text Direction Deception' Technique to Bypass Email Filters
With COVID-19 concerns running high, attackers are trying new tactics to get to users.

A Hacker's Perspective on Securing VPNs As You Go Remote
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful.

Bad Bots Build Presence Across the Web
Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.

Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls?
If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.

The SOC Emergency Room Faces Malware Pandemic
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.

Patching Poses Security Problems with Move to More Remote Work
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say

Why Third-Party Risk Management Has Never Been More Important
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.

Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.

Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely
The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.

How Zoom, Netflix, and Dropbox are Staying Online During the Pandemic
Inside the efforts to keep the quarantined world's popular Internet services running smoothly.

COVID-19: Getting Ready for the Next Business Continuity Challenge
What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.

Cybercriminals' Promises to Pause During Pandemic Amount to Little
As pandemic worsens, online profiteering -- from frausters to ransomware operators to cybercriminal hacking -- continues unabated, despite some promises from the underground. 

FBI Warns of Fake CDC Emails in COVID-19 Phishing Alert
Fraudsters exploit concerns by claiming to offer virus-related information or promising stimulus checks.

8 Infosec Page-Turners for Days Spent Indoors
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.

Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.

DDoS Attack Targets German Food Delivery Service
Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service.

VPN Usage Surges as More Nations Shut Down Offices
As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.

Attorney General Directs DoJ to Prioritize Coronavirus Crime
Criminal activity related to the pandemic cannot be tolerated, William Barr states in memo.

Security Lessons We've Learned (So Far) from COVID-19
Takeaways about fighting new fires, securely enabling remote workforces, and human nature during difficult times.

Privacy in a Pandemic: What You Can (and Can't) Ask Employees
Businesses struggle to strike a balance between workplace health and employees' privacy rights in the midst of a global health emergency.

Working from Home? These Tips Can Help You Adapt
COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.

COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks

Malware Campaign Feeds on Coronavirus Fears
A new malware campaign that offers a "coronavirus map" delivers a well-known data-stealer.

Coronavirus Raises New Business Continuity, Phishing Challenges for InfoSec
What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones?





About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights