Trump Plans To Build Anti-Hacking Team
US President-elect Donald Trump has announced he will set up a team to guide the government on how to ward off cyberattacks within 90 days of taking office, reports Reuters. He said this soon after a “constructive” meeting with members of US intelligence agencies on January 6 to discuss the agencies’ report on last year’s…
After a terrible year for cybersecurity, will 2017 be any better?
From a cybersecurity perspective, 2016 was a very devastating year for companies, schools, government agencies, organizations and even presidential campaigns. What we’ve learned from a record year for breaches, hacks, phishing, malware, and ransomware is what we’ve known all along: cyber criminals are clever and they are not bound by any rules or real strategy….
The Four Leading Security Threats of 2017
The security landscape is constantly evolving and will continue to evolve in 2017. Long-standing security threats will take on new dimensions. Social engineering, for example, will become an output as well as an input. At the same time, the Internet of Things (IoT) continues to open new threat vectors. The new year will certainly bring…
The Coolest Hacks Of 2016
In a year when ransomware became the new malware and cyber espionage became a powerful political propaganda tool for Russia, it’s easy to forget that not all hacking in 2016 was so ugly and destructive. Sure, cybercrime and cyber espionage this past year turned the corner into more manipulative and painful territory for victims. But…
User Behavior Analytics: Perfect for Analysis but Not Security
How many times have you read or heard about user behavior analytics (UBA)? Today this term applies to security managers and auditors but not to security administrators. User behavior analytics enable IT teams to track and quickly analyze user behavior anomalies and monitor watch-lists, trends and many other factors relative to users. UBA is a…
Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes
In recent months, the X-Force Application Security Research Team has discovered several previously undisclosed Android vulnerabilities. The November 2016 and January 2017 Android Security Bulletins included patches to one high-severity vulnerability, CVE-2016-8467, in Nexus 6 and 6P. Our new paper, “Attacking Nexus 6 & 6P Custom Bootmodes,” discusses this vulnerability as well as CVE-2016-6678.
Tech support scam page triggers denial-of-service attack on Macs
Tech support scammers have been using various themes to push fake alerts to scare users into calling for assistance. These fall into the ‘browlock’ category if they are via the browser and into the screen lockers category if they are actual malware that runs on the system. Recently, there has been a trend for scammers to cause…
7 tips for better security awareness training sessions
At their worst, security awareness training sessions are boring wastes of time, both for employees and the IT people responsible for them. At their best, however, they are interactive, discussion-driven, and genuinely helpful opportunities to raise security issues and lay the groundwork for better habits. How do you steer your own training sessions closer to…
IDG Contributor Network: Defensive regression in cybersecurity
What is defensive regression? There has been a lot of talk lately about defensive regression in cybersecurity. But what exactly is defensive regression? It’s not the regression that Sigmund Freud talks about, although there are plenty of folks that don’t act like adults in our industry – long live office ball pits :-). Perhaps the simplest…
FTC Seeks Tools for Securing Home IoT Devices
The U.S. Federal Trade Commission (FTC) announced on Wednesday the launch of a contest that aims to find solutions for securing the Internet of Things (IoT) devices deployed in consumers’ homes. The IoT Home Inspector Challenge seeks a technical solution for addressing vulnerabilities in IoT devices. The FTC said the tool can be a physical…