Cybersecurity should be a concern for all businesses -- large and small. Cybersecurity also should be a concern for consumers, government agencies, and basically anyone who relies on the Internet in our increasingly connected world. Among efforts to focus attention on the threatscape is designating October as National Cyber Security Awareness Month.

Users of a multi-cloud storage strategy may be twice as likely to face a security breach as those that use hybrid or single clouds, suggests a report from UK-based security specialist Nominet. Fifty-two percent of survey respondents who adopted a multi-cloud approach suffered a data breach over the past 12 months, compared to 24 percent of hybrid cloud users, and 24 percent of single-cloud users.

Hackers affiliated with the Chinese government have been making a concerted effort to steal medical research, particularly cancer research, from U.S. institutions. The step-up in medical research theft by Chinese APT hacker groups appears to be linked to China's growing concern over cancer mortality rates and increasing healthcare costs. Cancer in the leading cause of death in China.

They say that the key to good security is constant vigilance. As a practical matter, this means that it's important for security and network pros to pay attention to two things: changes in the threat landscape, so they can be on the alert for how their systems might be attacked; and changes and developments in the technologies they employ. These consequences matter quite a bit.

Owners of iPhones looking for an extra measure of protection when using applications and logging into websites can get it with a new dongle from Yubico. Its new YubiKey 5Ci, which retails for $70, supports both USB-C and Apple's Lightning connectors on a single device. The dual connectors can give security-conscious consumers and enterprise users strong hardware-backed authentication.

Numerous driver design flaws by 20 different hardware vendors expose Microsoft Windows users to widespread security compromises that can cause persistent malware attacks. A report titled "Screwed Drivers," which Eclypsium security researchers presented at DEF CON, urges Microsoft to support solutions to better protect against this class of vulnerabilities.

Researchers associated with vpnMentor, which provides virtual private network reviews, discovered a data breach involving nearly 28 million records in a BioStar 2 biometric security database belonging to Suprema. "BioStar 2's database was left open, unprotected and unencrypted," vpnMentor said. "After we reached out to them, they were able to close the leak."

The Russian hacking group known for stealing sensitive emails from the Democratic National Committee during the 2016 presidential election season has been cracking into printers, phones and video decoders to gain access to corporate networks, the Microsoft Security Response Center Team reported. The group is known by a number of names including "Strontium," "Fancy Bear" and "APT 28."

Capital One Financial Corporation has announced a data breach affecting some 100 million people in the U.S. and another 6 million in Canada. The FBI arrested the alleged perpetrator of the breach in Seattle. Capital One on July 19 discovered someone had accessed its data stored online and obtained personal information of credit card customers and people who had applied for credit card products.

The United States Federal Trade Commission announced that Equifax has agreed to pay a minimum of $575 million as part of a global settlement of claims against it arising from a 2017 data breach that affected 147 million Americans. The settlement with the FTC, the Consumer Financial Protection Bureau, and 50 states and territories potentially could reach $700 million.

Every day we read stories about data breaches and cyberattacks on business and government websites, and the resulting the loss of personally identifiable information. Cybercrime is on the rise, and given the ever-evolving methods of attack, meaningful relief and reliable measures to fend off cybercriminals are unlikely in the foreseeable future. Companies need to insure against cybertheft.

A security researcher has found a flaw in the popular video conferencing app Zoom that could be used to turn on the camera on a Macintosh computer without a user's permission. The vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without a user's permission, explained Jonathan Leitschuh, a senior software engineer at Gradle.

It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device. IoT device owners aren't the only ones fed up, though.

An AI technology called "deepfake" may be the next big threat we face as a society. Consider a recent video clip of Facebook CEO Marc Zuckerberg saying some outlandish things. You might think it is real -- but it's a deepfake. It's his image, and it sure sounds like him, but he never actually made that speech. "Can't be," you might think. "That has to be Zuckerberg talking." Wrong.

While good communication is pretty much universally beneficial, there are times when it's more so than others. One such time? During a cybersecurity incident. Incident responders know that communication is paramount. Even a few minutes might mean the difference between closing an issue vs. allowing a risky situation to persist longer than it needs to.

Chinese hackers likely are responsible for a series of cyberattacks against telecommunications companies around the world, security researchers have reported. The campaign, dubbed "Operation Soft Cell," has been active since 2012, according to Cybereason. There is some evidence suggesting even earlier activity against the telecommunications providers, all of whom were outside North America.

Payment processing company Stripe has launched Chargeback Protection, a machine learning-based system to limit the impact of fraudulent credit card transactions on merchants. A chargeback is a demand by a credit card provider for a retailer to make good on a fraudulent or disputed transaction by repaying the full purchase amount plus a chargeback fee.

Building and sustaining a brand has gotten more challenging. The global marketplace, empowered by the Internet, has delivered a raft of opportunities to businesses, but it also has opened the door for challenges. These challenges include increased competition as the result of a wider market, and increased possibilities for brand abuse. Added to that mix is the ever-present cyberthreat.

Is anyone surprised to learn that in just the first quarter of 2019 more than $1.2 billion worth of cryptocurrency was stolen? Probably not. This story follows the old line from bank robber Willie Sutton who is credited with saying that he robbed banks "because that's where the money is." So not much has changed. Cryptocurrencies are not exactly money, though, even if they do have a market value.

In IT, we've been hearing about the "cybersecurity skills shortage" for a few years. There is no shortage of statistics and data about it: More than 70 percent of participating organizations reported being impacted by the skills shortage, according to an ESG/ISSA research report. Likewise, more than half of the organizations surveyed for an ISACA report noted unfilled cybersecurity positions.

The high-tech industry once again is in a tizzy over flaws discovered in Intel CPUs -- four new MDS vulnerabilities have come to light. MDS is a sub-class of previously disclosed vulnerabilities that sample data leaked from small structures within the CPU using a locally executed speculative execution side channel. The practical exploitation of MDS flaws is a very complex undertaking, however.

Many users of Facebook's WhatsApp messaging software are scrambling to patch the program in response to news of a flaw that allowed spyware to be installed on mobile phones running Android and iOS. "This new type of attack is deeply worrying and shows how even the most trusted mobile apps and platforms can be vulnerable," said Mike Campin, vice president of engineering at Wandera.

Spring may be my favorite time of year. The snow is melting, the sun is shining, and the air smells just a little bit fresher. It's as though the world is setting an example for the rest of us, letting us know that it's time to start fresh. It's time for spring cleaning -- and in the security world, spring cleaning means more than just wiping down countertops and lighting a few scented candles.

Almost two years after the infamous Equifax breach, many organizations still struggle to identify and manage open source risk across their application portfolios. Meanwhile, the latest report tracking open source security shows a 40 percent rise in the average number of open source components detected in each codebase analyzed. The scanned software includes commercial applications.

Tesla sure didn't have a good week last week, given the kind of press coverage it got. I'm not that worried about Tesla going away, though, as its products are far too popular for it to disappear. On the other hand, management clearly needs to be fixed. What got me started looking at Tesla last week was that it pretty much announced that Nvidia was its Kryptonite.

Cybersecurity experts at Microsoft's Windows Defender Security Intelligence Team this week reported their discovery of two new email-based phishing campaigns. One targets Amex users while the other targets Netflix customers. Both campaigns reportedly are very well-crafted, featuring legitimate logos and even fill-in forms that closely mimic those on the respective company's own websites.

Microsoft has been urging customers to upgrade from its Windows 7 operating system, while attempting to ease the transition with several options for extended support. It will stop providing routine fixes and security patches effective January 2020. Regular support for Windows Server 2008 also will end at that time. Windows 7 enterprise customers can subscribe to Extended Security Updates.

Following a natural disaster that causes property damage to businesses and homes -- say a hurricane, fire or flood -- how often do you hear suggestions that the victims were at fault for their misfortune, or that they could have done something to prevent the event from occurring in the first place? Not often, right? We all know that events like that are possible. We plan around those possibilities, and we don't blame the victims.

A new cryptovirus called "B0r0nt0K" has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain's files. The new ransomware threat and the ransom of 20 bitcoins -- about $75,000 -- first came to light last week in a forum post. A client's website had all its files encrypted and renamed with the .rontok extension appended to them, the forum user indicated.

JPMorgan Chase on Thursday announced that it has created and successfully tested a digital coin. Each JPM Coin represents $1 in funds held in designated accounts at JPMorgan Chase N.A. The token was created using Quorum, a variant of Ethereum developed by JPMorgan Chase, to enable instantaneous payment transfers between its clients' institutional accounts.