On Monday, ZecOps released a report about a couple concerning vulnerabilities with the Mail app in iOS. These vulnerabilities would allow an attacker to execute arbitrary code in the Mail app or the maild process that assists the Mail app behind the scenes. Most concerning, though, is the fact that even the most current version…

There have been significant changes in web attack and traffic trends as a result of COVID-19, according to Imperva. The monthly report also revealed that the Cyber Threat Index remains at a ‘high’ level and the financial services sector has been suffering the most from cross-scripting site (XSS) attacks, and a continued increase in attacks…

The only thing worse than getting hit with a cyberattack is getting hit with a cyberattack and not having a strong security incident response plan in place. Sophisticated Advanced Persistent Threat (APT) attacks are typically aimed at high-value targets like credit card companies, banks, retailers, healthcare facilities and hotel chains that store large volumes of…

Employees are the weakest link in any corporate security system. Anyone whose job it is to protect information systems can confirm: No matter how advanced a security technology is, a careless or clueless employee can always stumble into a way to put the infrastructure at risk. If you recently switched your employees to home-working mode…

I switched from epidemiology to network security as my day job years ago, but today’s pandemic reminds me of the similarities between the two fields. There are many lessons we can take from the real-world virus and apply them to security in the online world. It may not be obvious, but the spread of information…

Highlighting the diminished opportunities for Chinese telecom and technology providers in the US, the Department of Justice (DOJ) announced last week that the Trump Administration would seek to revoke and terminate the licenses of mobile operator China Telecom. China Telecom is authorized to provide communications, data, television and business services in the US as a…

Threat modeling explained: A process for anticipating cyber attacks

Threat modeling definition Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate attack and protect IT resources. This broad definition may just sound like the job description of a cybersecurity professional, but the important thing about a…

Apple was the brand most commonly used in spoofing attacks during the first quarter of 2020, when 10% of all brand phishing attempts related to the tech giant, researchers report. Check Point’s “Brand Phishing Report” for the first quarter of 2020 highlights the brands that cybercriminals most frequently imitate to steal personal and financial data….