Samsung says it will offer its secure element for storing passwords on the Galaxy S20 series smartphones to other smartphone vendors.  The secure element consists of Samsung’s S3K250AF chip, a microcontroller, hardware-level protection and a locked-down operating system. The technology is designed to store users’ secrets, including PINs, passwords, and cryptocurrency details in a way […] More

Microsoft has released two new Windows 11 previews to the Windows Insider Beta Channel with improvements to Defender for Endpoint’s ransomware protections and other fixes. Microsoft’s latest Windows 11 Beta Channel builds have included two releases: a higher build number with features rolling out, and a lower build number with features off by default. In this case, build 22622.450 and 22621.450 don’t appear to be very different as both builds received fixes and other improvements. “We enhanced Microsoft Defender for Endpoint’s ability to identify and intercept ransomware and advanced attacks,” Microsoft’s Insider Program managers explained. That’s all Microsoft has to say about the enhancement for Defender for Endpoint, Microsoft’s endpoint security solution for enterprise to prevent, detect, investigate, and respond to advanced threats. Microsoft has several Windows tools to protect against ransomware, such as Controlled folder access for Windows, which can be configured with Defender for Endpoint to display a notification when an app tries to make changes to a file in a protected folder. The Windows 11 previews also improved storage replication over low bandwidth or congested wide area networks (WANs). For organizations that have configured Server Message Block (SMB) compression, Windows now compresses the file no matter its size. The updates fix issues with IE Mode in Edge, a process that causes a high amount of CPU usage, and tablet mode bugs. Microsoft’s August update to the Windows Subsystem for Android (WSA) targets improvements for those who’d like to use Android games on a Windows PC. The primary WSA gaming updates are improvements to the Settings app for compatibility for games with joysticks, gamepad, aiming in games with arrow keys, and sliding in games with arrow keys. There are also WSA improvements to scrolling, networking, windows sizing, and security updates.  More

<!–> Alpaben Rathod/Getty Images Bitwarden is one of the best password managers on the market. It has tons of features, uses end-to-end encryption, is regularly updated, and is one of the few open-source solutions available that’s perfectly suited for individual users all the way up to enterprise businesses. One of Bitwarden’s many features you may […] More

The operators of the RagnarLocker ransomware are installing the VirtualBox app and running virtual machines on computers they infect in order to run their ransomware in a “safe” environment, outside the reach of local antivirus software. This latest trick has been spotted and detailed today by UK cyber-security firm Sophos and shows the creativity and […] More

A new survey suggests the majority of US executives have encountered a cybersecurity incident but this has not translated into the creation of incident response plans.

On Tuesday, Deloitte published the results of a new survey, taking place between June 6 and August 24, 2021, which includes the responses of 577 C-suite executives worldwide (159 in the US) on today’s cybersecurity threats.  The research — including insight from those in CEO, CISO, and other leadership roles — suggests that nearly all US executives have come across at least one cybersecurity event over the past year, 98%, in comparison to 84% internationally.  The COVID-19 pandemic has led to an increase in cybersecurity incidents and it appears that the event rate may disproportionately have impacted organizations in the United States.  According to Deloitte’s research, 86% of US executives have noticed an uptick in attack attempts, a higher climb than that experienced by 63% of leadership worldwide.  Despite the ongoing risk of cyberattacks, US enterprise firms are not up to par when it comes to implementing defense and incident response initiatives. In total, 14% of US executives have no such plans, in comparison to 6% of non-US executives.  Problems including data management issues, infrastructure complexities, failures to keep up with technological advances, and missteps in prioritizing cybersecurity are all cited as challenges in coming up with workable cybersecurity plans. 

Over 2021, incidents including the Microsoft Exchange Server hacking wave, the ransomware incidents at JBS and Colonial Pipeline, and the DDoS attack against KT have highlighted the severe business disruption caused by successful attacks.  Of interest is that rather than malware, phishing, or data breaches being a top concern, 27% of executives said they were most worried about the actions of “well-meaning” employees who may inadvertently create avenues for attackers to exploit.  However, only 41% of organizations say they have implemented solutions to track and monitor the risk factors associated with staff access and behavior.  The research suggests that the common consequences experienced by today’s firms after an incident include disruption (28%), a drop in share value (24%), intellectual property theft (22%), and damage to reputation that prompts a loss in customer trust (22%).  In addition, in 23% of cases, a cyberattack can lead to a change in leadership roles. “No CISO or CSO ever wants to tell organizational stakeholders that efforts to manage cyber risk aren’t keeping up with the speed of digital transformations made, or bad actors’ improving tactics,” commented Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal. “Aggressive organizational digital transformations and continued remote work for some seem to be shining more of a spotlight on the human side of cyber events — both the cyber talent gap and the potential risk well-meaning employees can pose. We see leading organizations turning to advanced technologies to help bridge those gaps.”
Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More