The death of passwords has been announced many times. When my mum stops using them, I'll be convinced that we've finally moved on to something better...: Keeping track of user names and passwords sounds easy, but it is not. In a world where protected network resources are accessed by employees on mobile devices, outside contractors, web applications and internet of things (IoT) devices – passwords just don’t cut it anymore. The stakes are high: Eighty-one percent of confi
The challenge here is that IoT devices are flying off the shelves and being installed by all manner of suppliers, not just IT companies which should know about securing them...: “Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data
There's a very good reason that we talk about "People, Process, and Technology" in that order. If you can't find, recruit, and retain skilled people your projects will fail...: Companies are suffering from a lack of resources, both in terms of people and technology (79 percent), and 72 percent have considered leaving their jobs for this reason, Censornet research reveals. Security professionals believe their jobs and the overall security of their organizations would benef
She's not being very nice about Microsoft...: [...] Because the exploits cannot be used remotely, they are not as dangerous as some attacks, says Tripwire's Young. "Similar to past SandboxEscaper releases, these exploits are also local privilege escalations, meaning that attackers would use these only after gaining a foothold on a targeted system," he says. SandboxEscaper has gained a reputation for releasing LPE exploits with no warning. The researcher has posted repeated
All together now (in best Scotty accent) "You cannae change the laws of physics". The secondary point about rising complexity of security 'solutions' is well made. I suggest you send the next 'magic bullet' vendor away with a flea in their ear (unless it's my company)...: Driven by the laws of physics, economics, and land, the future of enterprise computing will head towards a multi-cloud era and technology vendors will have to step up to help businesses manage these environ
There's a big debate about splitting advisory from audit in the Big Four. It hasn't stopped the recruiting drive...: KPMG and PwC are now the UK’s top cyber recruiters, according to new data released by the world’s largest job site, Indeed. Both companies are hiring a large proportion of cyber security specialists, with cyber roles accounting for one in every 17 (5.95 per cent) new KPMG recruits and one in 20 (5.08 per cent) new hires at PwC. The two other members of the acc
Looks like I'm moving my clients away from Magento at the right time...: [...] The software, discovered by researcher Jérôme Segura at Malwarebytes, takes advantage of the popular retail practice of using a third-party credit card payment organization to facilitate credit card use. In this case, the software targets companies using Magento as their financial processing service provider. The malicious software inserts an iframe around the display code that would send the cust
The sound of (digital) sabres being rattled...: North Korea has condemned plans by the Japanese military to develop a counter-attack computer virus as symptomatic of Tokyo’s “war hysteria”, with an analyst warning the move could fuel a cyber arms race. The Japanese government announced this month that it is planning to create malware designed to break into an enemy’s computer systems and cripple its military forces’ ability to communicate and launch attacks against Japan.