Last year, the interconnectedness of cybercrime was demonstrated by a variety of supply chain hacks and other well-known cybersecurity issues that coalesced to create massive botnets powered by compromised Internet-of-Things (IoT) devices. The events from the first half of 2017 highlight another long-developing issue, which has been made worse by a variety of data dumps from actors such as WikiLeaks, TheShadowBrokers, and others: the leakage of state-sponsored and cybercriminal hacking tools and exploits.

Much like leaked personal data, once those vulnerabilities, exploits, and tools are exposed, they forever remain in the cybercriminal public domain. The May outbreak of WannaCry ransomware and the June outbreak of the data-destroying malware NotPetya both leveraged leaked NSA exploits to disrupt numerous organizations across the globe.

Continue reading →

If you work in the cybersecurity industry or are interested in getting into the field, it’s important to stay up to date with the latest trends, developments and advancements. One of the best ways to stay updated with the most recent industry changes is to follow the top giants in the security industry.

The cybersecurity industry is a quickly expanding market, growing in response to the increasing number of cyber crimes. According to the most recent report of Cybersecurity Ventures, its spending is expected to reach $1 trillion over the next 5 years.

Continue reading →

There is a lot of nasty talk about cloud security solutions on the web. From calling them "inherently insecure" to branding them a as a source of imminent risk, the "folding arms gang," or CISOs/CSOs in favor of maintaining legacy solutions and the on-premise model, have surely gone to town to cast a cloud over cloud security solutions.

As a result, a number of myths about cloud security are spreading though the information security industry. Now’s the time to set the story straight and debunk the top cloud security myths once and for all.

Continue reading →

Apple recently removed some VPN clients from the App Store in China at the request of the Chinese Government. Why? That country is largely anti-privacy, and it does not want its citizens bypassing its censorship of the web. If you live in China, the government can decide what you can and can't view online. If you get caught circumventing these controls, the government can harshly punish you. Sad, right? This is why it is imperative that Linux-based privacy-centric open source operating systems such as Tails continue their development -- you never know when it might be needed (including in the USA).

If you aren't familiar with Tails, please know that it is a "Live" Linux distro that focuses on security and privacy. In other words, it can potentially cover your tracks from heavy-handed governments and other entities. Today, Tails achieve a minor point update, making the newest stable version 3.1. While it is hardly monumental from a feature perspective, it is urgent that all users upgrade as some serious vulnerabilities have been patched.

Continue reading →

Traditional methods of securing endpoints rely on installed agents and are affected by network dependencies.

Endpoint security specialist Absolute is launching a new version of its solution that's always connected to every endpoint. Absolute 7 uses Persistence technology that’s embedded in the firmware of many popular endpoint devices, to deliver always-connected visibility and control with a tether to every device both on and off the corporate network.

Continue reading →

Although other forms of authentication are gaining traction, the password is still the most common method of identifying yourself to websites. Levels of password security should therefore be an important consideration for online businesses, especially in eCommerce.

But a Password Power Rankings survey out today from password manager Dashlane shows that 46 percent of consumer sites, including Dropbox, Netflix, and Pandora, and 36 percent of enterprise sites, including DocuSign and Amazon Web Services, are failing to implement the most basic password security requirements.

Continue reading →

Privileged accounts allow access to all aspects of a company's IT infrastructure, so if they fall into the wrong hands the consequences can be disastrous.

A new hardware appliance solution from identity management specialist One Identity aims to make it easy for businesses to deploy, operate and maintain their privileged password systems.

Continue reading →

New data protection rules are due to come into effect in Europe next year, and Google is highlighting the rights and obligations that are being introduced. The General Data Protection Regulation (GDPR) comes into force in May and Google, like other businesses, will need to comply.

While Google needs to ensure that its own products and services fulfill legal requirements, the company also points out that "customers and partners have significant obligations under these new laws." A new website serves to explain everything that you need to know, including detailing how to control how your data is used and shared.

Continue reading →

With security breaches and theft of sensitive data on the increase, enterprises are searching for ways of keeping their information secure.

One technique that can be used is data sanitization but it's still relatively unknown and often misunderstood within the technology and IT security industry. To try to change this a new independent network, known as the International Data Sanitization Consortium (IDSC), is launching to champion and promote data sanitization best practices.

Continue reading →

The impact of the recent HBO hack continues to be felt. We've already seen scripts and spoilers leak online and now there's a new cache of leaks along with a ransom demand from those responsible.

The data dump includes details of the script for episode five of the current season, and a video directed at HBO CEO Richard Plepler in which the unknown hackers -- who sign off as "Mr. Smith" -- give the company three days to pay up a ransom in Bitcoin.

Continue reading →

Season seven of Game of Thrones has been something of a disaster for HBO. Not in terms of interest or viewing figures, of course, but in terms of hacking, leaks, spoilers and piracy.

Last night saw the official airing of episode four of season seven but this particular episode, The Spoils of War, leaked some days ago. Distribution partner Star India has admitted the leak came from its website, and HBO has called in the FBI to investigate the hack that lead to a number of episode and script leaks.

Continue reading →

WikiLeaks has published the latest installment of its cache of CIA documentation known as Vault 7. This time around we learn about Project Dumbo, a hacking tool which allows for the control of webcams and microphones.

Wired, Bluetooth and wireless devices can all be detected by Dumbo. In addition to this, Dumbo gives the CIA the ability to delete or corrupt recordings that have been made. WikiLeaks has published user guides for three versions of Dumbo, the most recent of which is dated June 2015.

Continue reading →

A bipartisan group of US senators have introduced a new bill to better secure Internet of Things (IoT) devices and to protect security researchers as they attempt to find vulnerabilities in these devices.

The Internet of Things Cybersecurity Improvement Act 2017 will require manufacturers that supply the US government with connected devices to comply with industry-wide security practices.

Continue reading →

Whether or not password managers are a good idea is up for debate. I understand the concerns about storing all of your login credentials in a single place -- in the cloud no less. With that said, the benefits outweigh the negatives. Look, it is impossible to remember a unique password for countless web sites nowadays. One alternative to a password manager is reusing the same password on numerous sites, and that is foolish behavior. Right now, a solution like LastPass or 1Password is the best we have, and I suggest it wholeheartedly.

LastPass in particular is great, as it is free to use and is cross-platform. It even works on Linux desktop operating systems such as Ubuntu, Fedora, and Chrome OS. For a single dollar every month, you can opt for a premium account that supports the developer and gives you a few exclusive features. Well, guess what? LastPass is doubling the monthly fee for the Premium tier from one dollar to two. Yes, rather than $12 a year, it is now $24. Still extremely inexpensive, right? No one would complain about that, right? Wrong. Many LastPass users are stupidly complaining.

Continue reading →

LogMeIn has revealed a major new deal which it says will help its services become smarter and more personalized than ever.

The privacy firm has announced that it will acquire the digital self-service, chatbot and virtual assistant company Nanorep to provide more personalized experiences for its customers.

Continue reading →