Temporary micropatch available for zero-day Windows exploit
Microsoft has left two publicly known vulnerabilities unpatched in Windows this month, but researchers have stepped in and created temporary patches that can be easily applied to protect systems until an official fix becomes available.During the last two weeks...
Get 3 Years of NordVPN Service for Just $2.99 Per Month – Deal Alert
NordVPN promises a private and fast path through the public internet, with no logs, unmetered access for 6 simultaneous devices and access to 5,232 servers worldwide. They are currently running a promotion, but you'll have to use this link...
Rocke coinminer disables cloud protection agents
A group of hackers that specializes in infecting servers with cryptocurrency mining software has started disabling security software agents used in cloud environments to evade detection. Known as Rocke in the security industry, the group has been active since...
Hook Up Your Business with Award-Winning Video Conferencing For As Little As $19.99/mo
If you’re still using a business landline, you’re likely not doing much business in 2018. Video conferencing is as commonplace as sending an email, and remote team members are increasing by the minute, making internet-based communication systems essential for...
Security executives on the move and in the news
The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for...
BrandPost: Do Not Underestimate the Challenge of Securing SD-WAN
Historically, the branch office of an organization was the red-headed stepchild of the network. Locally cached data tended to be out of date and connections to the central data center were often slow and unreliable. This was fine when...
Building your forensic analysis toolset
A solid toolset is at the core of any successful digital forensics program. Although every toolset is different depending on an organization’s needs, some categories should be in all forensics toolkits. Two near encyclopedic sources provide listings of these...
I can get and crack your password hashes from email
A few months ago, I participated in a public debate on password policy with my co-worker and friend, Kevin Mitnick. It was a heated back and forth discussion, with Kevin arguing for far longer passwords than most expert sources,...
How to enable audit logs in Microsoft Office 365
Ensuring that audit logs are enabled for Microsoft Office 365 can help you investigate and determine exactly how, why, when and possibly who did what (including, but not limited to, questions from management) when conducting forensic investigations of attacks....
Why AI-based threat detection hasn’t taken over the market … yet
According to Nicole Eagan, CEO of software company DarkTrace, only two out of every ten cybersecurity experts typically embrace artificial intelligence (AI) as a key component of threat detection. The others, she explains, tend to be "totally resistant" or...
IDG Contributor Network: Breaches, market volatility and the government shutdown: Security in the crosshairs
Last year ended with a number of high profile data breaches, tech stocks taking a massive tumble and the start of what has been to date the longest government shutdown on record. Marriott International’s Starwood reservation system was hacked...
Police can’t force you to unlock your phone with face, finger or any biometrics
Hey, hey, there’s actually some good news for privacy! A judge in California ruled that feds can’t force people to unlock their smartphones with a finger or thumbprint, facial recognition, or even an iris. Although the government had shown...
Three encrypted Slack alternatives worth a look
It might come as a surprise that Slack, the ubiquitous collaboration tool that found success by slapping a slick GUI on top of IRC, is not end-to-end encrypted, creating a mounting pile of sensitive data on Slack's servers —...
How cyber competitions can help fill the cybersecurity talent shortage
A cyber intelligence firm offers a new service in the form of secure storage for cryptographic keys. It partners with a cryptocurrency firm to offer key hosting, but one of the crypto firm’s applications is painfully insecure, and as...
Don’t let social media get you in trouble
As individuals, a great many of us use social media on a daily basis. Facebook, Twitter, Snapchat, LinkedIn, Instagram, etc. These platforms all provide us with a way to share experiences and interact with our friends and business associates....
Vulnerabilities found in building access system used by schools, governments
Tenable Research discovered four zero-day vulnerabilities in PremiSys access control system from IDenticard (PremiSys IDenticard). The first, a hardcoded backdoor account, “allows attackers to add new users to the badge system, modify existing users, delete users, assign permission, and...
How to protect backups from ransomware
Despite a recent decline in attacks, ransomware still poses significant threats to enterprises, as the attacks against several major newspapers demonstrated this month. It is also becoming more capable. In particular, ransomware writers are aware that backups are an...
What is a CISO? Responsibilities and requirements for this vital leadership role
CISO definition
The chief information security officer (CISO) is the executive responsible for an organization's information and data security. While in the past the role has been rather narrowly defined along those lines, these days the title is often used...
IDG Contributor Network: What is the dark web? How to access it and what you’ll find
The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King's...
Women in identity management: 4 newcomers to watch
Digital Identity – just the phrase leaves you thinking this must be important; after all, our identity is about who we are and what we do. Digital identity is a big technology space too. It encompasses a variety of...
Websites can steal browser data via extensions APIs
Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
6 Reasons We Need to Boost Cybersecurity Focus in 2019
Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency
Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information as well...
DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week
Trump dominated security headlines this week, but there's plenty of other news to catch up on.
Bulgaria Extradites Russian Hacker to US: Embassy
Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday.
read more
