Graham Cluley makes the valid point that, if phishing is the most common cause of breaches, then you should deal with phishing first...: [...] If you were to make a list of the most common causes of security breaches, it is phishing attacks that would surely dominate. A recent study of 100 UK-based CISOs confirms that phishing is a major concern, with nearly half of respondents blaming the phenomenon for the biggest security incidents they had suffered in the last 12 m
Epic fail...: The US Department of State has confirmed that it has suffered a data breach which exposed the personally identifiable information of some employees. News of the breach was first reported by Politico, who pointed out that the department has often been a target for state-sponsored hacks. (Perhaps the most notable incident occurred in 2014 when attacked by Russian hackers, where an NSA Deputy Director described the battle for control over the State Departmen
It's got to the point where I assume all cameras are either already compromised or easily taken over. Even my children put blu-tac on their webcams out of habit...: Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware. According to a Tenable Research Advisory issued Monday, the bugs are rated critical and tied
Even if you pay up, you're not getting your data back. Note the comment about using decoys/honeypots with a DNS entry...: Adding to the rapidly growing list of multi-functional malware, a particularly nasty – and unique — data-destroying malware tool has been discovered that combines botnet, coin mining, ransomware, and self-propagation capabilities. The malware, which researchers at Palo Alto Network's Unit 42 group has named Xbash, is targeting Linux and Windows servers...
Tried the link this morning. Yes, it crashes my fully up to date iPhone X. At this stage, this is a nuisance rather than a security risk. Someone is bound to include this into a social engineering attack though...: A security researcher has revealed a method of crashing and restarting iPhones and iPads, with just a few lines of code that could be added to any webpage. Sabri Haddouche tweeted a link to webpage containing his 15-line proof-of-concept attack, which exploits
Many industry bodies offer security services to their members. I usually recommend Qualys' excellent scanning service as the free option gives you the full results, encouraging you to sign up for regular scans and reports, and couple that with CloudFlare for filtering out the bad guys. The Law Society seem to have a similar thing going with SharkGate...: Law Society members have been offered a free check to see if their online presence is vulnerable to website hacking. Attac
This is a long article with some mildly scary examples of what can go wrong. It ends with this advice, which is all good stuff, but most consumers will just ignore...: [...] 10 tips to make your smart home more secure Norton, the US company which provides antivirus and digital security software, has advice for improving the protection of your personal data. 1. Give your router a name The name the manufacturer gave it might identify the make or model. Choose an unusual nam
We know that email is the most-used attack vector, but did you know which day of the week the different types of attack are most likely to occur...? Muscat: One in every 101 emails in the first half of 2018 had malicious intent, according to an Email Threat Report released on Sunday by the FireEye, an intelligence-led security company. Based on the analysis of a sample set of over half-a-billion emails from the first half of 2018, FireEye found that less than a third
If you're using a Mac, here's a simple method for checking Office documents that get mailed to you before opening them. Right click the attachment, then 'Quick Look' the document. If it looks something unexpected (like the screenshot below), delete it. Read on to find out how popular this method of delivering bad stuff is...: The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitra...
The big issue here is the update habits (or ability) of many smartphone users. I've heard "I turn off updates because they kill the phone" many times....: One year after security vendor Armis disclosed a set of nine exploitable vulnerabilities in Bluetooth, some 2 billion devices — including hundreds of millions of Android and iOS smartphones — remain exposed to the threat. Armis disclosed the vulnerabilities — collectively dubbed "BlueBorne" — last September, describing ...