Good feedback from organisations running online systems. Worth a read...: [...] Technology alone cannot solve the problems that security teams face today. Education and awareness are essential components. The presenters made a simple request: Don’t assume that user behavior – employees or end-user customers – about passwords will change. Security teams must reduce or entirely remove the roadblocks to adoption. Organizations must also provide those best practices for users wi
When I was at university (a long time ago) the Chinese had a different approach to gathering intellectual property. They would send students to study and research then those students would go back to China with their experience and knowledge, which seems fair. Somehow, the espionage-led approach to gaining intellectual property seems like cheating...: [...] In its latest advisory published this morning, the National Cyber Security Centre has warned UK universities that "stat
Working from home or in small office? Relying on your ISP's router or a consumer-level one you installed yourself? Sharing files via a NAS? Read this article...: [...] Jake Moore, cyber-security specialist at ESET, told SC Media UK that if your employees are working from home, the devices the company provides them with, such as laptops and smartphones, will most likely be the most secure. "But their home routers can’t be monitored, nor are they supplied by or even known
I'm not sure if dwell times are over a year in these middle east attacks but this shows what a determined attacker can do and why you need a way of detecting lateral movement as these APT groups make their way around your network...: [...] Researchers at Symantec say the attackers have been operating since July 2018 and appear to be a previously unidentified threat group, which Symantec has christened Tortoiseshell. The group infiltrated at least 11 organizations, mostly in
Worth a read, if only to confirm how fallible we all are...: "People make mistakes" is a common and relatable phrase, but it's also a malicious one in the hands of cybercriminals, more of whom are exploiting simple human errors to launch successful attacks. The Information Security Forum (ISF) explored the topic in "Human-Centered Security: Addressing Psychological Vulnerabilities," a new report published today. Human vulnerabilities, whether triggered by work pressure or...
Given that EternalBlue has been patched for two years, it's a reflection on organisations' patching and update practises that this is still flying around...: [...] "The vulnerability that caused WannaCry to spread rapidly remains an ongoing threat," says Andrew Brandt, principal researcher at Sophos. "The enterprise tendency to defer patching for some kinds of critical updates may, in some limited cases, do more harm than what it attempts to prevent." [...]
In the absence of secure software development practises, it's still a case of "Plus ça change...": [...] There were no surprises in this year's Top 25, agree Buttner and Chris Levendis, MITRE CWE project leader. "A lot of the top weaknesses continue to be in the list, and we continue to see them even as 10 years have passed," Buttner notes. While weaknesses toward the end of the list have fallen out in favor of new ones, the top weaknesses generally remain the same. The h
As a 'Silver Surfer' I'm apparently better at cyber hygiene than the 'youngsters'...: [...] Survey results indicate that when it comes to cybersecurity, a consistently large portion of older respondents employ better cyber practices than younger generations. Per the survey, 77% of those over 55 delete suspicious emails, compared to half (55%) of respondents between 35 to 54 and just a third (36%) of respondents from 18 to 34. Similar patterns arise when looking at those enro
Here's one downside of the improvement in smartphone cameras...: [...] Speaking at an event promoting a national cybersecurity awareness campaign in Shanghai on Sunday, Zhang said photo magnifying and artificial intelligence-enhancing technologies meant it was possible to extract enough detail to make a perfect copy of the sensitive information. According to a report by online news portal Thepaper.cn, Zhang’s advice was that scissor-hand pictures taken closer than...
Doubleplus ungood. If we are going to encourage people to use strong, single-use passwords then we need tools like LastPass (and Apple's keychain) to be bulletproof. Glad to see that they pushed out an update, but I'd be interested to see if this contravened any organisations' update policies...: [...] Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the user