Trump’s Executive Order: What It Means for US Cybersecurity
The provisions are all well and good, but it’s hardly the first time they’ve been ordered by the White House. The WannaCry ransomware attack has dominated headlines recently, and with good reason – it has infected hundreds of thousands of computers in close to 100 countries, shutting down hospitals in the UK, causing problems for…
How Smart Cities Can Minimize the Threat of Cyber Attacks
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities. In the not-so-distant future, smart cities will weave the Internet of Things (IoT) and interconnected devices into existing technology infrastructure to bring entire communities online. Singapore, for example, recently launched its Smart Nation program, deploying citywide…
Flying Under the Radar: How Hackers Use Protection Strategies for Attack
It’s a recurring theme in sports movies, war stories and crime stories alike: In order to defeat the enemy, one must think like the enemy. This approach has been taken – oftentimes quite successfully – in an array of settings, including the cybersecurity realm. Security researchers are constantly working to pinpoint and better understand the…
Week in review: PowerPoint malware delivery, dark web fraud guides, security through APIs
Here’s an overview of some of last week’s most interesting news and articles: UK ICO offers grants for practical privacy research The programme is open to academic institutions, civil society groups, trade and industry associations and organisations with a genuine commitment to public benefit outcomes. Proposals do not need to be technology based but must…
How vulnerability research benefits both vendors and customers
Zero-day vulnerabilities – newly discovered exploits that haven’t been previously identified – are now emerging more often. Worse still is the fact that these dangerous flaws sometimes aren’t pinpointed until hackers have already exploited them. According to a prediction from Cybersecurity Ventures founder and Editor-in-Chief Steven Morgan, the frequency of zero-day exploits – which were a…
IDG Contributor Network: “Security should be invisible”
In the world of security startups, there are those crazy ones. As that Apple ad goes, they are the misfits, the rebels, the troublemakers. The round pegs in the square holes. The ones who see things differently. They’re not fond of rules. And they have no respect for the status quo. Society should celebrate entrepreneurs…
After a cyberattack, companies remain vulnerable. What CIOs can do to protect their brands
Here’s a security scenario that’s all too common: A company suffers from a cyberattack, then responds to it promptly and alerts its customers, warning them to change their passwords. But the company remains vulnerable through the very means it uses to alert those customers: Email. In fact, attackers can exploit that vulnerability using email that…
Week in review: Hacking through subtitles, new class of attacks against Android
Here’s an overview of some of last week’s most interesting news and articles: How to build a better SOC team There’s no scarcity of discussion around the reasons for the infosec skills shortage or ideas for how we can narrow the gap. Few discussions, however, take an honest look at the contrasting career paths of…
APT3 hackers linked to Chinese intelligence
The APT3 hacker group, which has been attacking government and defense industry targets since 2010, has been linked to the Chinese Ministry of State Security, according to a report by Recorded Future. Other attackers have been linked to the Chinese military, but this is the first time a group has been connected to Chinese intelligence,…
Week in review: WannaCry decryptor available, stealing Windows credentials using Google Chrome
Here’s an overview of some of last week’s most interesting news and articles: DocuSign breached, stolen info used for targeted phishing campaign Phishing emails impersonating electronic signature technology provider DocuSign are not an unusual sight, but the latest campaign has the added advantage of specifically targeting registered DocuSign users. There’s now a WannaCry decryptor tool…