Tag: teams | Page 8

Airlock Allowlisting Solution Blocks Ransomware And Reduces Operational Overhead For IT And Cybersecurity Teams

March 23, 2021/in Internet Security

Wednesday, 24 March 2021, 1:24 pm
Press Release: Airlock Digital

Auckland, New Zealand – 24 March 2021:
Australian cybersecurity pioneer Airlock Digital
continues to enhance its industry-leading allowlisting
solution to more effectively block malware, ransomware and
zero-day attacks, help comply with cybersecurity standards,
and reduce the allowlisting operational effort for IT and
cybersecurity teams.

Allowlisting – also referred to
as application whitelisting or application control – is
documented in a number of government cybersecurity standards
and/or regulations worldwide, including the ACSC Essential
Eight Strategies to Mitigate Cyber Security Incidents, U.S.
Top 10 Mitigations, NIST 800-171, CMMC, Center for Internet
Security Basic Six, Canadian Top 10 IT Security Actions, and
New Zealand Critical Controls.

Many cybersecurity
solutions exist today that can block the execution of files
on endpoint systems. Almost none offer the granular
centralised control, the workflow support, or the
operational flexibility required to cost-effectively support
allowlisting in dynamic, enterprise computing
environments.

“There are many security products that
can allow or block files. That isn’t the challenge,”
says Airlock Digital Co-Founder, David Cottingham. “The
challenge is how you instrument the allowlisting process to
operationalise pro-active security
controls.”

Airlock reduces the support burden of
allowlisting, utilising easy-to-use workflows that prevent
disruption to users. If a required application is blocked,
IT teams, including non-cybersecurity staff, can simply and
easily grant permissions to users with a range of one-time
password (OTP) options.

In addition to one-time use
and mobile OTP, the latest Airlock version 4.7 release
provides a new codeless self-service capability, helping to
maintain user productivity without compromising on security.
Codeless self-service allows privileged users to
self-administer temporary access to applications and scripts
restricted to the general user base.

“Codeless
self-service aims to reduce friction and enables users to
handle exceptions as quickly as possible, reducing…

Source…

Malware Exploits Security Teams’ Greatest Weakness: …

February 15, 2021/in Computer Security

Users’ distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.

In early January, Colin McMillen, the lead developer at SemiColin Games, tweeted a warning about a popular Google Chrome extension, The Great Suspender. The utility came under fire after McMillen learned the developer sold it to a third party that silently released a version that could spy on a user’s browsing habits, inject ads into websites, or even download sensitive data.

After a community outcry, the new owner removed the offending code. Now aware of the change of ownership and breach of trust, many savvy users removed the extension.

Even so, The Great Suspender remained available in the Chrome Web Store until Feb. 3, when Google finally pulled the plug. Many of the extension’s 2 million users found out when they received a warning that simply stated, “This extension may be dangerous. The Great Suspender has been disabled because it contains malware.”

While Google eventually set things right, it took too long. McMillen’s tweet shone a bright light on this in January, but comments on the extension’s issue tracker indicate users reported the problem to Google as early as October 2020. This left Chrome users in a potentially vulnerable position for over three months.

How Personal Computers Put Work Devices at Risk
Sometimes, Google Chrome extensions installed on personal computers are automatically installed and synchronized to work devices. This brings their problems into the security team’s purview, which then must make difficult decisions because:

The risks associated with running suspicious extensions like The Great Suspender usually impact the employee, not the company, more.
Before the extension was banned in February, end users had no official indication the extension was potentially malicious.
Despite the risks associated with the extension, users intentionally installed it and, presumably, were happily using it.

Security teams are accustomed to wielding impressive tools that can block, contain, and remediate clear threats. They work best in a world of absolutes, where software is either good or bad, and systems are either secure or vulnerable. In the case of The Great…

Source…

AWS Teams with the National Hockey League to be the Official Cloud Infrastructure Provider of the NHL

February 10, 2021/in Mobile Security

SEATTLE–(BUSINESS WIRE)–Feb 10, 2021–

Today, Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company (NASDAQ: AMZN), announced that it has entered into an agreement with the National Hockey League (NHL) to become the Official Cloud, Artificial Intelligence, and Machine Learning Infrastructure Provider of the NHL.

This press release features multimedia. View the full release here:

AWS will help the NHL bring fans closer to the ice with new viewing experiences and in-depth stats and analytics built on AWS services. (Graphic: Business Wire)

By tapping into the breadth and depth of AWS services, the NHL will be able to automate video processing and content delivery in the cloud and leverage its Puck and Player Tracking (PPT) System, which runs on AWS cloud infrastructure, to better capture the details of game play for its fans, teams, and media partners. The NHL will also build an enterprise video platform on AWS to aggregate video, data, and related applications into one central repository that will enable easier search and retrieval of archival video footage, give broadcasters instant access to NHL content for syndication and licensing, and facilitate the creation and delivery of new in-game analyses, predictions, and video highlights to enhance mobile, online, and broadcast experiences.

The NHL will work with the Amazon Machine Learning Solutions Lab to apply AWS’s deep portfolio of machine learning services to game video and official NHL data – including data from the NHL’s new Puck and Player Tracking (PPT) System and from the NHL’s Hockey Information & Tracking System (HITS) real-time stats – to develop and share advanced game analytics and metrics that take fans deeper into the game. In addition, the NHL intends to use AWS Elemental Media Services to develop and manage a cloud-based HD and 4K video content delivery system that will provide a complete view of the game to NHL officials, coaches, players, and fans. Powered by AWS, the system will encode, process, store, and transmit game footage from a series of new camera angles to provide continuous video feeds that capture plays and events outside the field of…

Source…

The Insecure State of Microsoft Teams Security

January 18, 2021/in Computer Security

Microsoft Teams has quickly become the go-to application for remote work, accelerating dramatically in usage over the last year. Despite inherent trust, hacking activity in Teams is apparent, and businesses that use Teams need to secure it from DLP, malicious files and links, protecting it in a similar way they secure email.

As firms and workers across the globe went remote, Microsoft Teams saw the bulk of growth for chat and collaboration.

That growth of Microsoft Teams has been exponential and stunning. Teams usage in December 2020 is estimated to be 115 million daily users, growing from 32 million in early March 2020. After what appeared to be an early pandemic rivalry with Slack, Teams quickly became the de facto communication and collaboration app for anyone using Microsoft 365. According to an Avanan analysis, as of December 2020, only one in four users within an organization that has Microsoft 365 will actually use Teams on a daily basis, and therefore our assumption is that the major adoption of this platform within Microsoft 365 customers still has a lot of adoption ahead of it.

The success of Microsoft Teams has also made it ripe for hackers. In fact, as this year of explosive growth comes to an end, we’ve begun to see and learn how hackers are targeting this platform for data, personal and corporate information, and as a jump-board for other attacks.

Avanan analyzed nearly 200 enterprise customers for two months. In doing so, we were able to uncover current hacking activities and trends in Teams, as well as assess the overall cybersecurity risk involved in using the service.

The first and perhaps most important thing to know about Microsoft Teams is that, by default, it is not protected:

With one click, sensitive information can be forwarded outside the organization, either by user error, insider threat or hackers that compromised an account.
External members might be added to a channel and team members may not realize that there are external members on a certain channel, and share proprietary or confidential information.
Compromised partner’s accounts could be used by hackers to attack the organization’s end-users, while the organization has no control over the…

Source…

Tag Archive for: teams