Tag Archive for: management

HP Wolf Connect expands PC management to help close security gaps


HP has introduced HP Wolf Connect, a connectivity solution for IT management that offers a secure connection to remote PCs. This solution allows IT professionals to manage devices even when they are offline or turned off.

Using a cellular-based network, HP Wolf Connect’s robust connectivity helps ensure IT teams can readily manage a dispersed hybrid workforce. It can reduce the time and effort needed to resolve support tickets, secure data from loss or theft to mitigate a potential breach and optimize asset management.

“Hybrid work has made remote management at scale more complex, yet more essential,” comments Dr. Ian Pratt, Global Head of Security for Personal Systems, HP Inc. “The cloud has helped but hasn’t solved IT’s ability to manage devices that are powered down or offline. HP Wolf Connect’s highly resilient connection opens new doors to remote device management, enabling efficient and effective management of dispersed workforces.”

HP Wolf Protect and Trace with Wolf Connect is a software service capable of locating, locking and erasing a PC remotely, even when it’s turned off or disconnected from the Internet. This capability protects sensitive data on the move and helps lower IT costs by reducing the need for PC remediation or replacement.

Securing and managing the hybrid workforce is a top priority for organizations. New global research from HP Wolf Security found 82% of security leaders operating a hybrid work model have gaps in their organization’s security posture. The global study of 1,492 security leaders found:

  • 61% say protecting their hybrid workers will get harder in the year ahead.
  • 70% say that hybrid work increases the risk of lost or stolen devices.

“IT teams need a better way to deal with the increase in lost or stolen devices,” continues Pratt. “Before today, solutions relied on PCs being on or connected to the internet, but HP Wolf Connect now provides a highly resilient mobile connection to find, lock, and erase lost or stolen devices even if they are disconnected or powered down.

Pratt continues; “This is particularly crucial in industries where devices may contain PII (personally identifiable information) or…

Source…

55 zero-day flaws exploited last year show the importance of security risk management


Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available — the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don’t have a patch available — the zero-day flaws — requires a careful analysis of the types of actors exploiting them, the geography and industries they target, the malware payloads they deploy, the tactics they use, and the type of products they usually target.

According to an analysis by Google-owned threat intelligence and incident response firm Mandiant, attackers exploited 55 zero-day flaws last year, fewer than the 81 observed in 2021 but triple the number tracked in 2020 and higher than in any previous years. In fact, 2020 was an outlier because security vendors saw their normal workflows disrupted by the COVID pandemic that year, possibly impacting their ability to discover and track zero-day attacks.

“We anticipate that the longer term trendline for zero-day exploitation will continue to rise, with some fluctuation from year to year,” the Mandiant researchers said. “Attackers seek stealth and ease of exploitation, both of which zero-days can provide. While the discovery of zero-day vulnerabilities is a resource-intensive endeavor and successful exploitation is not guaranteed, the total number of vulnerabilities disclosed and exploited has continued to grow, the types of targeted software, including Internet of Things (IoT) devices and cloud solutions, continue to evolve, and the variety of actors exploiting them has expanded.”

From APTs to ransomware operators

Zero-day exploits have historically been a resource employed primarily by well-funded cyberespionage groups and commercial spyware vendors that sell their so-called surveillance software to government agencies. That’s because zero-day exploits are an expensive commodity with a short shelf-life. Once they’re detected in the wild, they’re quickly patched. This means to get the most out of them, threat groups use them in very targeted campaigns against a…

Source…

Data management company to pay $3 million in settlement with feds over 2020 ransomware disclosures


Blackbaud Inc., which sells donor data management software to nonprofits, agreed Thursday to pay the Securities and Exchange Commission $3 million in a settlement regarding disclosures of a 2020 ransomware attack.

The SEC charged that Blackbaud violated federal law in making misleading disclosures that failed to mention the full extent of customer information seized in the cyberattack. Part of that failure stemmed from company personnel neglecting to inform upper management that sensitive data had been taken.

On May 14, 2020, Blackbaud discovered that someone had been accessing their internal systems without authorization since as early as February 2020, and found messages from the perpetrator saying that customer data had been taken from the system. 

The attacker demanded ransom in exchange for deleting the stolen data. A third-party vendor was hired to investigate, and to arrange communications with the attacker to eventually arrange payment of the ransom.

By July 16, 2020,

Source…

Are You Prioritizing Digital Identity Management?


The rapid shift to remote working has created newfound challenges for organizations when it comes to digitizing their operations. One major hurdle is managing employees’ digital identities. So much so, that the vast majority of organizations (84%) report experiencing some form of identity-related breach within the past 12 months, which is undoubtedly a huge security risk.

A recent study found that nearly all organizations have seen an exponential increase in the number of identities they have to manage. This is because more applications and workloads are being moved to the cloud, while organizations are typically also working with more third-party software providers than ever.

Organizations must understand that they have a responsibility to protect their employees’ digital identities. Without a well-developed digital identity security strategy, they can face huge risks, such as operational disruption, negative publicity, and costly regulatory fines.

In this article we will examine some of the measures organizations can put in place to ensure the security of their digital infrastructure and regain control over employees’ digital identities.

Zero Trust Architecture – The ‘Be All and End All’ Solution? 

Security strategies have to evolve with the times. With the hybrid working boom, it’s no longer enough for organizations to just protect the perimeter of their networks. Employees are now often logging in from multiple locations and on different devices; all they need is a reliable internet connection. Organizations have to take this into account – and understand that traditional measures are no longer fit for purpose.

The evolving business landscape has created new challenges for enterprise network security. Zero trust architecture (ZTA) is becoming an increasingly popular approach, as it provides a higher level of security than a perimeter-centric model. ZTA assumes that all devices and users are potentially malicious and requires that they be authenticated as they move laterally within a network, making it more difficult for attackers to breach the system.

The effective management of users’ digital identities is the cornerstone of ZTA. Its…

Source…