What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-11 07:47:00 | Android phones can be hacked remotely by viewing malicious PNG image (lien direct) | Your Android could be pwned by simply viewing an innocent-looking image – be it from browsing the internet or an image received via text – according to the Android Security Bulletin issued this month. While this certainly doesn't apply to all images, Google discovered that a maliciously crafted PNG image could be used to hijack a wide variety of Androids – those running Android Nougat (7.0), Oreo (8.0), and even the latest Android OS Pie (9.0).The latest bulletin lists 42 vulnerabilities in total – 11 of which are rated as critical. The most severe critical flaw is in Framework; it “could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.” | |||
|
2019-02-07 03:54:00 | What is an advanced persistent threat (APT)? And 5 signs you\'ve been hit with one (lien direct) | Advanced persistent threat definition An advanced persistent threat (APT) is a cyberattack executed by criminals or nation-states with the intent to steal data or surveil systems over an extended time period. The attacker has a specific target and goal, and has spent time and resources to identify which vulnerabilities they can exploit to gain access, and to design an attack that will likely remain undetected for a long time. That attack often includes the use of custom malware.The motive for an APT can be either financial gain or political espionage. APTs were originally associated mainly with nation-state actors who wanted to steal government or industrial secrets. Cyber criminals now use APTs to steal data or intellectual property that they can sell or otherwise monetize. | Threat | ||
|
2019-02-07 03:00:00 | Power LogOn offers 2FA and networked password management for the enterprise (lien direct) | Like most humans, I'm more vocal about the things I don't like and less likely to crow about the things I do like. Since I wrote my popular 11 ways to hack 2FA article, I've been besieged by vendors eager to show me how their authentication solution defeats all the hacking issues I wrote about. | Hack | ||
|
2019-02-06 10:43:00 | Report: Over 59,000 GDPR data breach notifications, but only 91 fines (lien direct) | Since the European Union's General Data Protection Regulation (GDPR) came into effect in May last year, EU organizations have reported almost 60,000 data breaches, but so far fewer than 100 fines have been issued by regulators. [ Learn how to protect personally identifiable information (PII) under GDPR. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-02-05 06:12:00 | Phishing has become the root of most cyber-evil (lien direct) | Companies spend a huge amount of time and billions of dollars on security technology to keep threat actors out - on firewalls, IPS systems, endpoint security, and the like - and employees are letting those bad guys in by clicking on phishing links. In fact, a recent F5 Labs report says phishing was the root cause of 48 percent of the breaches they investigated.This corroborates my own research, as I have talked to many people that do penetration testing and they told me the number one way to breach a company is by stealing a user's credentials via phishing. Indeed, one of them showed me how quickly they could do up a mock email from the CEO that entices a user to click and enter user information. Another interesting thing he told me: In about 90 percent of the cases, he can get the credentials in under four hours. | Threat | ||
|
2019-01-30 03:00:00 | (Déjà vu) How to defend Office 365 from spear-phishing attacks (lien direct) | A recent Windows Defender Advanced Threat Protection (ATP) alert described an Adobe Flash zero-day vulnerability (CVE-2018-15982) that was used in a spear-phishing attack against a medical institution in Russia. Adobe released a patch on December 5, 2018. This vulnerability and attack sequence highlighted a number of mitigations that you can use to block such attacks. | Vulnerability Threat | ||
|
2019-01-30 03:00:00 | (Déjà vu) How to defend Office 386 from spear-phishing attacks (lien direct) | A recent Windows Defender Advanced Threat Protection (ATP) alert described an Adobe Flash zero-day vulnerability (CVE-2018-15982) that was used in a spear-phishing attack against a medical institution in Russia. Adobe released a patch on December 5, 2018. This vulnerability and attack sequence highlighted a number of mitigations that you can use to block such attacks. | Vulnerability Threat | ||
|
2019-01-29 03:00:00 | OSCP cheating allegations a reminder to verify hacking skills when hiring (lien direct) | Few infosec certifications have developed the prestige in recent years of the Offensive Security Certified Professional (OSCP), an entry-level penetration testing certification with a reputation for being one of the most difficult out there. Run by Offensive Security (OffSec), the makers of Kali Linux, whose motto is "Try harder," the OSCP features a grueling 24-hour exam that requires students to hack a variety of machines on a test network. (Full disclosure: This reporter previously paid to self-study for the OSCP but did not take the exam. He plans to #TryHarder.) | Hack | ||
|
2019-01-28 08:02:00 | Privacy groups blast Google, IAB over data leak via ad auctions (lien direct) | Happy Data Privacy Day! You will likely be hearing a lot about how companies care about your privacy, but as the Washington Post pointed out, it's 2019 and “big tech firms still don't care your privacy.”Evidence: Websites need to make money, and many do that via ads that use your data for money. While you likely know ad tracking is creepy as can be, privacy-focused browser Brave added new evidence to an ongoing GDPR complaint that shows how ad categories used by Google and the Internet Advertising Bureau (IAB) profile you and apply potentially sensitive labels to you. This new evidence describes how “ad auction companies, including Google, unlawfully profile Internet users' religious beliefs, ethnicities, diseases, disabilities, and sexual orientation.” | |||
|
2019-01-28 03:00:00 | Why America is not prepared for a Stuxnet-like cyber attack on the energy grid (lien direct) | Opening circuit breakers is bad. Closing them again is worse. | |||
|
2019-01-25 10:21:00 | What is a supply chain attack? Why you should be wary of third-party providers (lien direct) | A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changes the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-01-24 08:36:00 | Millions of financial records leaked from server not protected by password (lien direct) | An ElasticSearch database misconfiguration exposed 51GB of sensitive financial data such as bank loans and mortgage documents. The server, which was not protected by a password, was discovered Jan. 10 by security researcher Bob Diachenko. He and TechCrunch traced the leak back to Ascension Data & Analytics.“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history, and other details which are usually part of a mortgage or credit report,” he said. Diachenko then called the exposed data a “gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loads or credit cards.” | |||
|
2019-01-24 00:05:00 | Multi-vector attacks target cloud-hosted technologies (lien direct) | The push to move everything into the cloud over the past several years has generated a large number of misconfigured and exposed deployments of various software stacks. This has attracted sophisticated attacks that destroy data or abuse server resources for cryptocurrency mining. [ Learn which interview questions to ask cloud security candidates. | Get the latest from CSO by signing up for our newsletters. ] In a new report released today, security researchers from Securonix warn of an increase in the number of multi-vector and multi-platform automated attacks against cloud infrastructure over the past few months. These often combine cryptomining, ransomware and botnet malware all in one. | Malware | ||
|
2019-01-23 07:49:00 | Hijacked Nest camera blares warning about North Korean missiles headed to U.S. (lien direct) | Imagine watching a football game on TV when your Sunday afternoon is ruined by a detailed warning being blasted out about “three North Korean intercontinental ballistic missiles headed to Los Angeles, Chicago and Ohio.” Except the emergency warning did not affect the TV – the football game kept going, CNN and other news station didn't mention it all. That's when a Bay Area family realized the warning came from the Nest security camera sitting on their TV. They hadn't even realized their Wi-Fi connected Nest camera had a speaker or a microphone.Regarding the nuclear attack warning, Laura Lyons told The Mercury News: | |||
|
2019-01-22 05:45:00 | IDG Contributor Network: The politics of \'Have I Been Pwned\' (lien direct) | Last week a new data leak dubbed “Collection 1” appeared online, exposing 773 million hacked email accounts and their credentials. The leak was reported by security researcher Troy Hunt and subsequently picked up by major news outlets across the globe.Understandably, a breach of this size is a cause for alarm. Digging deeper, however, one finds that this is an aggregated leak of previous breaches ranging from 2-3 years old. Speaking with Stan Bounev of VeriClouds, it was learned that over 90% of the data from Collection 1 already existed in his database. Similarly, Brian Krebs, who spoke with Alex Holden of Hold Security, reported that he previously gathered 99% of the data from this leak from other sources. | |||
|
2019-01-22 03:00:00 | 4 tips to mitigate Slack security risks (lien direct) | Slack, the popular enterprise workspace collaboration tool and IRC clone, does not offer end-to-end encryption, making any breach of Slack's servers potentially catastrophic for users around the world. If you or your organization would suffer severe damage if internal Slack conversations leaked, then it's time to either consider encrypted Slack alternatives or mitigate the risk by locking down your Slack workspaces. We caught up with Andrew Ford Lyons, a technologist working on digital security for at-risk groups at Internews in the UK, for his advice. | Tool | ||
|
2019-01-15 09:57:00 | IDG Contributor Network: Breaches, market volatility and the government shutdown: Security in the crosshairs (lien direct) | Last year ended with a number of high profile data breaches, tech stocks taking a massive tumble and the start of what has been to date the longest government shutdown on record. Marriott International's Starwood reservation system was hacked exposing the personal data of up to 500 million guests. Quora's data breach exposed up to 100 million users' names, email addresses, IP addresses, and more…Apple, Facebook and Google stocks took heavy hits in December 2018 as the global economy and privacy concerns took their toll, and investors worried about a looming bear market. And then came the government shutdown. For cybersecurity professionals looking ahead at the rest of 2019, these events present a trifecta of challenges. | Data Breach | ||
|
2019-01-14 03:00:00 | How to protect backups from ransomware (lien direct) | Despite a recent decline in attacks, ransomware still poses significant threats to enterprises, as the attacks against several major newspapers demonstrated this month. It is also becoming more capable. In particular, ransomware writers are aware that backups are an effective defense and are modifying their malware to track down and eliminate the backups. | Ransomware Malware | ||
|
2019-01-11 08:06:00 | IDG Contributor Network: What is the dark web? How to access it and what you\'ll find (lien direct) | The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity - and it is. Researchers Daniel Moore and Thomas Rid of King's College in London classified the contents of 2,723 live dark web sites over a five-week period a couple of years ago and found that 57 percent host illicit material. You can buy credit card numbers, all manner of drugs, guns, counterfeit money, stolen subscription credentials, hacked Netflix accounts and software that helps you break into other people's computers. Buy login credentials to a $50,000 Bank of America account for $500. Get $3,000 in counterfeit $20 bills for $600. Buy seven prepaid debit cards, each with a $2,500 balance, for $500 (express shipping included). A “lifetime” Netflix premium account goes for $6. You can hire hackers to attack computers for you. You can buy usernames and passwords. | |||
|
2019-01-10 03:00:00 | 2 critical ways regulations and frameworks weaken cybersecurity (lien direct) | I'm a big believer in regulations and frameworks. Early on I wasn't. When you're young, just starting to cybersleuth, you feel like you can take on the world. You can hack anything. You can prevent anyone from hacking you. Policies and frameworks were for the losers who couldn't secure their way out of a paper bag. | Hack | ||
|
2019-01-08 09:21:00 | Ethereum Classic cryptocurrency suspended after attackers steal nearly $1.1M (lien direct) | Coinbase delisted Ethereum Classic (ETC) after detecting “a deep chain reorganization of Ethereum Classic blockchain.” Put another way, nearly $500,000 was spent twice. As pointed out by ZDNet, Bitfly confirmed there had been a successful 51 percent attack on ETC. Coinbase later updated the post, saying, “The total value of the double spends that we have observed thus far is 219,500 ETC (~$1.1M).” | |||
|
2019-01-07 06:05:00 | IDG Contributor Network: Managing identity and access management in uncertain times (lien direct) | If we remember one thing from 2018, it is that we are all victims now through one breach or another. Every day, we hear more news about another data breach affecting millions of users with significant financial and reputational consequences to its victims. With massive breaches like Equifax, Facebook, Deloitte, Quora and Yahoo, it is clear that breach notification services and multi-factor authentication (MFA) are not enough to prevent the next data breach headline from appearing in tomorrow's newspapers.Organizations have started thinking holistically, and rightly so, about risk and approaches to security using frameworks such as CARTA, Zero Trust, NIST SP 800 and IDSA. These frameworks offer progressive thinking and valuable approaches to modern identity strategy, but there is no one size fits all. These frameworks are akin to buying furniture from IKEA; assembly required, but with a lot more complexity and a lot more at stake. | Data Breach | Equifax Deloitte Yahoo | |
|
2019-01-04 10:26:00 | Hacking skills on display at the 35th Chaos Communication Congress (lien direct) | If you have some time on your hands, you should really dig into the presentations given at 35th Chaos Communication Congress (35C3), as there is likely something to be found for your particular security or privacy interests. The following roundup of 35C3 presentations are just a drop in the proverbial bucket compared with the amount of talks given.Facebook tracks Android app users even if they don't have a Facebook account Privacy International gave a presentation (report) explaining how Facebook infuriatingly tracks people via mainstream Android apps whether or not you even have a Facebook account (video). It doesn't matter if you went out of your way to not ever be sucked into Facebook or if you had an account but later quit the social network; Facebook is still collecting your data and tracking “users, non-users and logged-out users outside its platform through Facebook Business Tools.” | |||
|
2019-01-03 09:09:00 | Hacker posts ransom demand on Dublin\'s Luas tram system site (lien direct) | Visitors to the website for Dublin's tram system Luas were met with a message that the site had been hacked. The hacker threatened to leak the company's private data if the ransom demand of one bitcoin was not paid within the next five days. One bitcoin currently equals about $3,836.87.The hacker's note/ransom demand defacing the site on Thursday read: “You are hacked. Some time ago I wrote that you have serious security holes. You didn't reply. The next time someone talks to you, press the reply button. You must pay 1 bitcoin in 5 days, otherwise I will publish all data and send emails to your users.” | |||
|
2019-01-03 03:00:00 | How automation enables a proactive security culture at Bank of England (lien direct) | Cyber attackers continue to single out the financial industry. The UK Financial Conduct Authority found that the number of attacks and incidents reported by financial organizations has doubled over the last 12 months. These attacks are costly, too. According to Accenture the average attack cost financial organizations over $18 million in 2017. | |||
|
2019-01-02 10:49:00 | 5 steps to simple role-based access control (RBAC) (lien direct) | Despite all of the advanced attack scenarios we face in cybersecurity today, it seems like we continue to shoot ourselves in the proverbial feet with the simple things. | |||
|
2019-01-02 08:16:00 | Major US newspapers crippled by Ryuk ransomware attack (lien direct) | Ryuk ransomware is believed to be the culprit behind printing and delivery issues for “all Tribune Publishing newspapers” - as well as newspapers that used to be part of Tribune Publishing.The malware was discovered and later quarantined on Friday, but the security patches failed to hold when the servers were brought back online and the ransomware began to re-infect the network and impact servers used for news production and manufacturing processes. A Tribune spokesperson said the malware “impacted some back-office systems, which are primarily used to publish and produce newspapers across our properties.” | Ransomware Malware | ||
|
2018-12-27 03:00:00 | The most interesting and important hacks of 2018 (lien direct) | Each year a few hackers do something new that begs further examination. The general public and Hollywood paints most hackers as these uber-smart people who can take control of entire city's infrastructure and crack any password in seconds. The reality is that most hackers are fairly average people with average intelligence. Most don't do anything new. They just repeat the same things that have worked for years, if not decades, using someone else's tool based on someone else's hack from many years ago. | Hack Tool | Uber | |
|
2018-12-26 03:00:00 | How to set up data loss prevention rules in Microsoft Office 365 (lien direct) | Email is one of the easiest ways that information can leak out of your organization. Microsoft Office 365 has data loss prevention (DLP) policies for certain subscription levels that, if set up properly, can help prevent data leakage. If you have an E3 or E5 license, you can set policies and show tips reminding users that they shouldn't be sending sensitive information. | |||
|
2018-12-20 05:01:00 | The 18 biggest data breaches of the 21st century (lien direct) | Data breaches happen daily, in too many places at once to keep count. But what constitutes a huge breach versus a small one? CSO compiled a list of 18 of the biggest or most significant breaches of the 21st century.This list is based not necessarily on the number of records compromised, but on how much risk or damage the breach caused for companies, insurers and users or account holders. In some cases, passwords and other information were well protected by encryption, so a password reset eliminated the bulk of the risk. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2018-12-18 03:00:00 | 13 data breach predictions for 2019 (lien direct) | Data breaches are inevitable at any organization. But what form will those breaches take? How will the attackers gain access? What will they steal or damage? What motivates them to attempt the attacks? CSO has gathered predictions from industry experts about where, how and why cyber criminals will attempt to break into networks and steal data during the coming year. | Data Breach | ||
|
2018-12-17 03:00:00 | Fear and loathing defending ICS security at DoE\'s CyberForce Competition (lien direct) | "The HPC is down!""But the competition just started!"Our high-performance computing cluster (HPC) blinked red on the big screen. Minutes ticked by."Get it up! Get it up! We're losing points!""Working on it!"[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ] Red team had been circling since the day before, hawks swooping and diving. They'd been scanning and probing all day Friday, but weren't allowed to attack until the checkered flag dropped Saturday morning at 8 a.m. We'd hoped to evade their talons, but they wasted no time, and now one of our critical assets blinked out--a meal for a hungry predator. | |||
|
2018-12-11 11:50:00 | Researchers find over 40,000 stolen logins for government portals (lien direct) | Russian cybersecurity firm Group-IB discovered login credentials for over 40,000 accounts that unlock government services in more than 30 countries. The credentials were harvested via phishing attacks that distributed spyware tools such as Pony Formgrabber, AZORult, and Qbot. It is believed the logins may have already been sold on underground hacking forms.As the researchers pointed out, “Even one compromised government employee's account can lead to the theft of commercial or state secrets.” | Guideline | ||
|
2018-12-10 06:19:00 | 8 old technologies that still play roles in security (lien direct) | It's easy to assume newer is better, but technology that has been around for decades or longer still has a place in cybersecurity. In some cases, it is difficult to hack and therefore less vulnerable. In others, it just continues to be the best option for a very specific purpose. | Hack | ||
|
2018-12-10 05:23:00 | BrandPost: A Layered Approach to Cybersecurity: People, Processes, and Technology (lien direct) | Cybercrime is an ever-present threat facing organizations of all sizes. In order to safeguard themselves against a successful data breach, IT teams must stay a step ahead of cybercriminals by defending against a barrage of increasingly-sophisticated attacks at high volumes. In Q3 of 2018 alone, FortiGuard Labs detected 1,114 exploits per firm, each representing an opportunity for a cybercriminal to infiltrate a network and exfiltrate or compromise valuable data.What complicates this challenge further is that the strategies and attack vectors that cybercriminals rely on are always evolving. It's the classic problem of security teams having to cover every contingency, while cybercriminals only need to slip past defenses once. Because of this, IT teams must continuously update their defenses based on current threat trends. Today, IoT, mobile malware, cryptojacking, and botnets are top focuses for cybercriminals, but they may have moved on to new threats by Q4. | Threat | ||
|
2018-12-07 06:55:00 | IDG Contributor Network: A look back at cybercrime in 2018 (lien direct) | Last year IBM's securityintelligence.com predicted that: Internet of things would make the news. Orchestration & Automation would be a top priority. Business would rush to prepare for GDPR These were very accurately predicted as areas of great impact!Symantec's 2018 cybersecurity attacks report reported that IOT experienced a 600% increase in attacks in 2017 over the 2016 period. An astonishing 8500% increase in malware coin miner detections, Coin miners not only slow down devices but can overheat batteries and sometimes render a device useless. These are browser-based attacks so no need to download the malware to a victim's PC. | Malware | ||
|
2018-12-03 09:09:00 | Risk-based vulnerability management a better form of cyber defense (lien direct) | Protecting an organization from threats is becoming increasingly difficult, as the number and sophistication of threats continues to increase exponentially. A big issue is finding, prioritizing, and fixing vulnerabilities before they are exploited.That has always been a top priority for security professionals, but the growing number of vulnerabilities makes it difficult, if not impossible, for legacy vulnerability assessment tools to be effective.Many security tools, such as anti-malware and intrusion detection systems, have used artificial intelligence (AI) as a way to modernize and keep up with current trends, but the vulnerability assessment market has not. Infusing AI into this market would shift the market from treating all vulnerabilities as equal to enabling businesses to evaluate and prioritize them based on risk. However, one approach doesn't replace the other, but rather complements, as both are required to protect against the widest range of attack vectors. | Vulnerability | ||
|
2018-12-03 07:08:00 | BrandPost: Understanding the Attack Chain (lien direct) | Today's security teams are struggling to keep pace with the changes in their networks. Multi-cloud, virtualization, the explosion of IoT and BYOD devices, agile software development, and the crushing volume and speed of data-not to mention Shadow IT- have resources stretched thin. Meanwhile, cybercriminals have been undergoing their own digital transformation. Machine learning and agile development, new sophisticated attacks like ransomware and cryptomining, combined with Dark Web crime-as-a-service offerings mean that attacks are faster, harder to detect, and better at finding and exploiting vulnerabilities. | Ransomware | ||
|
2018-11-28 11:43:00 | It\'s time for a new cyber risk management model (lien direct) | The cyber risk management model in its current form is broken. While cyber risk management is more important than ever for business executives, it's more difficult for CISOs and cybersecurity teams to do thanks in part to an overwhelming attack surface, a huge number of vulnerabilities and sophisticated threats.[ Keep up with 8 hot cyber security trends (and 4 going cold). | Sign up for CSO newsletters. ] New ESG research, which is about to be published, shows that what has worked in the past is no longer an option. I'm an employee at ESG, and I've been knee-deep in the data for the past month. Here are a few of my initial impressions of the findings: | |||
|
2018-11-27 02:57:00 | DDoS protection, mitigation and defense: 8 essential tips (lien direct) | DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. According to Verizon's latest DDoS trends report, the first half of 2018 saw an increase of 111 percent in attack peak sizes, compared to last year. "The attackers are getting their hands on more and more machines that they can misuse for DDoS attacks," says Candid Wueest, threat researcher with Symantec Security Response at Symantec. | Threat | ||
|
2018-11-26 08:21:00 | What is a cyber attack? Recent examples show disturbing trends (lien direct) | Cyber attack definition Simply put, a cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. Cyber attacks can be broken down into two broad types: attacks where the goal is to disable the target computer or knock it offline, or attacks where the goal is to get access to the target computer's data and perhaps gain admin privileges on it. [ Get a deeper look at the business impact of a cyber attack. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2018-11-26 03:00:00 | Who is responsible for IoT security in healthcare? (lien direct) | The next big challenge in cybersecurity will undoubtedly be to secure the billion-plus (and growing) internet-of-things (IoT) devices around the globe, which exponentially expand the attack vector across the increasingly interconnected IT sector. Based on statistics from Symantec, attacks that leverage internet-connected cameras, appliances, cars, and medical devices to launch attacks or infiltrate networks soared by 600 percent from 2016 to 2017. | |||
|
2018-11-20 04:04:00 | 6 mobile security threats you should take seriously in 2019 (lien direct) | Mobile security is at the top of every company's worry list these days - and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is a whopping $3.86 million, according to a 2018 report by the Ponemon Institute. That's 6.4 percent more than the estimated cost just one year earlier. [ Learn how SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2018-11-19 03:00:00 | The 7 deadly sins of endpoint detection & response (lien direct) | Many different elements need to come together for an organization to secure its data properly. Most companies adopt a security strategy that focuses on prevention, but the idea that you can completely lock down your systems and prevent all incursions is a fallacy. Data breaches are every bit as inevitable as death and taxes; almost all organizations are going to suffer a breach at some point. | |||
|
2018-11-15 12:50:00 | IDG Contributor Network: Small Business Saturday means it\'s time for an annual cyber refresh (lien direct) | As we approach Small Business Saturday, it's a good time of year for small and mid-sized businesses to refresh their thinking around data security and incident response planning. In the same way that we are taught to change the batteries in our smoke detectors twice a year at Daylight Saving Time, Small Business Saturday should trigger an instinctive “cyber refresh” for SMBs everywhere.If the idea of an annual review isn't exactly motivating, think on this. According to the 2018 Verizon DBIR, 58% of malware attack victims were categorized as small businesses. Further, the Poneman 2017 State of Cybersecurity in Small and Medium-Sized Businesses reported that cyberattacks cost small and medium-sized businesses an average of $2,235,000. When you're small, the cost of a cyber event – both in real dollars and in broken trust with your customers – can be devastating. | Malware | ||
|
2018-11-15 05:11:00 | What is the cyber kill chain? Why it\'s not always the right approach to cyber attacks (lien direct) | As an infosec professional, you've likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is a recap of what the cyber kill chain approach to security is and how you might employ it in today's threat environment. | Threat | ||
|
2018-11-13 09:46:00 | Get 90% Off Your First Year of RemotePC, Up To 50 Computers for $6.95 (lien direct) | iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. If you've been thinking about remote access solutions, now is a good time to consider RemotePC. Learn more about it here. | Guideline | ||
|
2018-11-12 09:04:00 | Cylance researchers discover powerful new nation-state APT (lien direct) | When a Belgian locksmith attacked the Pakistani Air Force, researchers at Cylance sat up and took notice. The locksmith probably never knew his website had been taken over by a nation-state hacking group as a command-and-control server, nor that exploit-laden Microsoft Word documents crafted to spear-phish Pakistani Air Force officers were hosted there for more than six months.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] The Belgian locksmith was just a pawn in a global game of cyberespionage fought by a new nation-state hacking group, and while the target in this operation was Pakistan - both nuclear-armed and a haven for terrorists in the region - the incredibly sophisticated layers of misdirection used by the malware to mislead and delay forensics analysis worries security researchers, who say these attack tools could be deployed against anyone else in the world at any time. | Guideline | ||
|
2018-11-12 02:47:00 | (Déjà vu) Best Android antivirus? The top 13 tools (lien direct) | The following are the 13 best antivirus tools for Android, according to AV-TEST's September 2018 evaluations of 20 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.) All but two of the 12 Android antivirus software app listed below received perfect protection and usability scores of 6.0. Two apps, Alibaba Mobile Security and F-Secure Safe, received 6.0 protection scores but 5.5 usability scores, while a third, Avira Antivirus Security, earned a 5.5 protection score and a 6 usability score. The apps are in alphabetical order. | |||
|
2018-11-08 11:52:00 | Doctored Jim Acosta video shows why fakes don\'t need to be deep to be dangerous (lien direct) | After much hullabaloo earlier this year about "deep fakes," the machine-learning based fake videos that Senator Marco Rubio called the modern equivalent of nuclear weapons, it turns out that low-tech doctored videos can be just as effective a form of disinformation, as a fake video promoted by the White House this week demonstrates-an attack that could just as easily be deployed against you or your enterprise. [ Learn what makes these 6 social engineering techniques so effective. | Get the latest from CSO by signing up for our newsletters. ] |
To see everything:
Our RSS (filtrered)
