Road Map To A $200,000 Cybersecurity Job
Looking to get ahead in cybersecurity? Here are four areas to keep in mind as you make a five-year career plan. The economics of supply and demand shape today’s cybersecurity job market. Each year, US employers post more than 120,000 openings for information security analysts and roughly one-third go unfilled. Hiring managers are bracing for…
Which countermeasures improve security and which are a waste of money?
If you want to know about which cyber defenses are most effective and which are a waste of money and resources, ask a hacker. And that’s just what Nuix researchers did. “During Black Hat USA and DEF CON 24 in 2016, we conducted a survey of known hackers, professionally known as penetration testers, and asked…
Firefox Users Fingerprinted via Cached Intermediate CA Certificates
An attacker can discover various details about Firefox users due to the manner in which the browser caches intermediate CA certificates, a researcher has discovered. When the server doesn’t deliver the complete certificate chain, Firefox loads the website if the intermediate CA certificate is cached, security researcher Alexander Klink discovered. By determining which websites use…
Can the World Economic Forum’s Cyber Security Principles Advance Cyber Resilience?
A few weeks ago, the World Economic Forum (WEF) met in Davos, Switzerland where an expert working group issued a report “Advancing Cyber Resilience: Principles and Tools for Boards.” It is touted as a first-of-its-kind resource to support board of directors and CEOs on cyber security and cyber resilience strategy. The WEF’s principles and tools…
Hard Drive LED Allows Data Theft From Air-Gapped PCs
Researchers at Ben-Gurion University of the Negev in Israel have disclosed yet another method that can be used to exfiltrate data from air-gapped computers, and this time it involves the activity LED of hard disk drives (HDDs). Many desktop and laptop computers have an HDD activity indicator, which blinks when data is being read from…
6 Tips for Preventing Laptop Data Theft
Experts point to stronger passwords, full-disk encryption, and multi-factor authentication as ways to stop data theft in the event a laptop is lost or stolen. Anybody can have their laptop stolen. It happened to Hillary Clinton’s campaign last fall, when three laptops were stolen from campaign workers in Philadelphia. In that case, the devices were…
Why We Need To Reinvent How We Catalogue Malware
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button. To understand how the bad guys have become so adept at producing the flood of uniquely hashed malware, we need to look at what our adversaries have been doing the past few…
Java and Python FTP attacks can punch holes through firewalls
The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks. On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.
Cisco deepens enterprise network virtualization, security detection of DNA suite
Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers. The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco’s overarching Digital Network Architecture plan. DNA offers integrated networking software—virtualization,…
Preparing Security For Windows 7 End-Of-Life Support
Moving to Microsoft’s latest OS may give you flashbacks to when XP support ended. Last month, Microsoft announced it will end support for Windows 7 in 2020, giving customers three years to upgrade their systems to Windows 10. In the short term, computers running Windows 7 will still work, and Microsoft will still share security…