Unfortunately, many companies lack a formal system hardening program because they have neither an accurate IT asset inventory nor the resources to holistically maintain or even begin a program. An ideal system hardening program can successfully track, inventory and manage the various platforms and assets deployed within an IT environment throughout their life cycles. Without this information, it is nearly impossible to fully secure configurations and verify that they are hardened.
New research has revealed that poor staff cybersecurity behaviors within organizations are getting worse, despite a greater focus on security awareness in the workplace.
Advances in machine learning are rapidly starting to alter digital reality.
In 40% of the phishing emails examined, the subject line was related to PayPal and read, “Your account will be locked.” Another 10% of phishing emails targeted FedEx and read “Info,” while the third-most popular headline, “August Azure Newsletter,” appeared in 8% of the phishing emails and targeted Microsoft.
A team of researchers is helping law enforcement crack down on email scammers, thanks to a new visual analytics tool that dramatically speeds up forensic email investigations and highlights critical links within email data. Email scams are among the most prevalent, insidious forms of cybercrime.
The Pentagon is testing technology that will let a smartphone identify you by the way you walk, as well as how you hold the device and swipe across the screen.
While it's unknown how long CPUs without AES support will be around, there will likely always be a "low end". it's immensely valuable to provide a software-optimized cipher that doesn't depend on hardware support. Lack of hardware support should not be an excuse for no encryption.
Attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations. Potential attacks could take complete control of the target computer. In addition to plug-in devices like network and graphics cards, attacks can also be carried out by seemingly innocuous peripherals like chargers and projectors that correctly charge or project video but simultaneously compromise the host machine. Computer peripherals such as network cards and graphics processing units have direct memory access (DMA), which allows them to bypass operating system security policies. DMA attacks abusing this access have been widely employed to take control of and extract sensitive data from target machines.
In the last ten years, the number of security vulnerabilities discovered in mutt has been infinitesimal compared to web browsers like Firefox and Chrome and email clients like Outlook and Thunderbird.
Most executives make the same five mistakes, according to the report. Senior executives fail to realize that they are prime targets for cybercriminals, which is potentially a result of their view that cybersecurity is an IT responsibility that doesn’t have anything to do with their executive positions.
The vast majority of UK businesses have suffered data breaches over the past 12 months, many of them multiple times, according to new research.
Across healthcare organizations in the US, malicious actors are successfully leveraging phishing attacks to initially gain access to networks.
Online photography network 500px has forced a password reset for all users after revealing this week that it suffered a data breach last summer. The stolen data includes: users’ names, email addresses, usernames, hashed passwords and birth date, gender and city/state/country if provided.
A technology partner of the three big credit reporting agencies has been breached in what appears to be a classic supply chain attack. Hackers may have had a two-week window in which to steal sensitive personal information including Social Security numbers, names, dates of birth and home addresses.
The dating app Coffee Meets Bagel confirmed that the accounts of approximately six million users were compromised in a breach. This was part of a larger breach affecting 620 million accounts that got leaked across 16 companies.
UK and US CISOs are facing burnout as they struggle to cope with escalating cyber-threats, insufficient budgets and a lack of engagement from the board.
A recently discovered trove of breached data is just a small part of a major 871GB haul up for sale on the dark web which could contain billions of records. The bottom line is that users need to invest in password managers to store and support long-and-strong unique credentials for all the main sites/accounts they have online, and to opt for multi-factor authentication where it’s available.
Using a new penetration testing tool to automate phishing attacks, hackers can potentially bypass two-factor authentication (2FA).
A new strain of yet another ransomware campaign has been discovered in which the malicious actors have expanded payment options beyond Bitcoin; they are instead offering alternatives (such as PayPal) that include a phishing link. The combination of two threat vectors makes this attack particularly dangerous for unsuspecting victims.
European commission says Enox Safe-Kid-One can easily be hacked and poses risk to children. In 2017, the German telecoms regulator, the Federal Network Agency, banned similar watches, describing them as “spying devices”.