The microscope has been on TikTok in recent months and has come under increased scrutiny due to fear is that user data from the app owned by Beijing-based company ByteDance could end up in the hands of the Chinese government.

The ban is in place with immediate effect following a security review ordered by ministers and is part of a wider range of restrictions brought in for third-party apps on government devices. The strict measures have been brought in to improve cyber hygiene, protect sensitive data that government officials have access to as well to prevent location data harvesting.

In recent months, many countries have brought in law to ban TikTok from government-owned devices including the US, Canada and the European Commission.

When the announcement was made, the cybersecurity community was quick to provide thoughts and insight…

Javvad Malik, lead security awareness advocate at KnowBe4:

It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties. 

Tom Davison, Senior Director Engineering International at Lookout:

Chris Handscomb, EMEA Solutions Engineer at Centripetal: 

Just a decade ago, the notion of corporate managers and government officials possessing smart mobile devices that could instantly access work information was a novelty. Today, these devices are ubiquitous, internet speeds have vastly improved, enabling individuals to consume copious amounts of high-quality content at the click of a finger.However, with this heightened connectivity, communication, and entertainment, there is the possibility of malicious actors exploiting device vulnerabilities and gathering sensitive data. This sometimes very personal data can then be on-sold to the highest bidder creating a risk factor for companies and government agencies where (potentially compromised) individual contributors are handling sensitive trade or state secrets and may now be vulnerable to blackmail.It is therefore imperative that companies and government agencies prioritise their security measures, safeguarding their employees and enterprises from potential threats.

The post TikTok to be banned from UK Government Phones appeared first on IT Security Guru.

Read Full Story 

ORIGINAL SOURCE: The Sun

The post Snapchat Phishing Scam: 55,000 users Compromised appeared first on IT Security Guru.

View Full Story 

ORIGINAL SOURCE: IB Times

The post Turla Targets Post Soviet States appeared first on IT Security Guru.

View Full Story 

ORIGINAL SOURCE: The Guardian

The post Data Protection Bill Amended to Protect Security Researchers appeared first on IT Security Guru.

Reports demonstrate a marked technique shift by attackers who favor obfuscation techniques that evade standard perimeter controls. The data, collected from eSentire’s best-in-class threat monitoring technologies, spans thousands of private and public cloud sources across the company’s 600+ client base, and includes primarily mid-sized businesses in the finance, legal, healthcare, technology, and insurance industries.

“It’s not that businesses don’t need prevention technologies, rather, you need to be able to detect when those technologies are being bypassed and intervene immediately,” said J.Paul Haynes, eSentire CEO.

In its 2017 Market Guide for Managed Detection and Response Services, Gartner states that: “Organizations are looking to improve real-time threat detection and incident response capabilities; however, they often struggle to invest limited resources in the required people, processes and technology. Managed detection and response improves threat detection monitoring and incident response capabilities via a turnkey approach to detecting threats that have bypassed other controls.”¹

“Last year’s monster breaches, like WannaCry, affected countless mid-sized businesses, and since those attacks, we’ve seen a steady rise in organizations proactively seeking measures to safe-guard against similar attacks,” said Haynes. “Mid-sized enterprises have similar cyber risk profiles to large enterprises, yet a fraction of the budget to invest in detection and responses capabilities.”

MDR is the fastest growing segment in cybersecurity as firms of all sizes struggle to acquire and retain the threat hunting skills, advanced cyber technologies, and threat intelligence processes to continuously anticipate the next move the ‘school of fish’ is making.

“This new data supports an existential problem when it comes to defending against threats,” said Haynes. “Early breach indicators are measured in minutes and hours, and countermeasures need to be deployed in near real-time. In our world, it is not the 200+ days to detect which you read in the headlines, it’s now!”

As the largest pure-play MDR provider, eSentire saw significant market expansion in 2017, with in excess of 60% year-over-year revenue growth. Today, the company maintains a 97% customer retention rate.

“At the end of the day, while the volume of attacks continues to rise, combining endpoint, network, and threat intelligence data equips eSentire’s threat hunters with the richest possible data allowing faster decision making, investigations, and the ability to disrupt attacks,” said Haynes. “Ultimately, businesses need to avoid greater financial losses and need more than traditional prevention technologies to achieve that.”

About eSentire:
eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24×7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $5 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.com and follow @eSentire.

The post Hackers adopt ‘school of fish’ approach as they sharpen focus on mid-sized businesses appeared first on IT Security Guru.

The post Perth Airport Hacked appeared first on IT Security Guru.

The post Millions of Brit's Unaware their Details have been Hacked appeared first on IT Security Guru.

The post 20,000 Patients Compromised by Henry Ford Data Breach appeared first on IT Security Guru.

The post Mecklenburg County held to Ransom appeared first on IT Security Guru.

The post Employer is Liable for Data Breach caused by Employee appeared first on IT Security Guru.