Archive for the ‘Information Security’ Category

DISC InfoSec shop

Leave a Comment

Security Recommendations 2021: Taking Stock For The Long Term

Leave a Comment

Five signs a virtual CISO makes sense for your organization

Here are five signs that a virtual CISO may be right for your organization. 1. You have a lot to protect Companies produce more data than ever, and keeping track of it all is the first step to securing it. A virtual CISO can identify what data needs to be protected and determine the negative […]

Leave a Comment

Alan Turing’s £50 banknote officially unveiled

Regular Naked Security readers will know we’re huge fans of Alan Turing OBE FRS. He was chosen in 2019 to be the scientist featured on the next issue of the Bank of England’s biggest publicly available banknote, the bullseye, more properly Fifty Pounds Sterling. (It’s called a bullseye because that’s the tiny, innermost circle on a dartboard, also known as […]

Leave a Comment

Chrome to Enforce HTTPS Web Protocol (Like It or Not)

If you type in securityboulevard.com, Chrome version 90 will send you directly to the secure version of the site. Surprisingly, that’s not what it currently does—instead, Google’s web browser relies on the insecure site to silently redirect you. That’s slow. And it’s a privacy problem, potentially. This seemingly unimportant change could have a big—if unseen—impact. So long, cleartext web. In […]

Leave a Comment

Best Practices for Data Hygiene

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also […]

Leave a Comment

The MITRE Att&CK Framework

A recent article from Gartner states that, “Audit Chiefs Identify IT Governance as Top Risk for 2021.” I agree that IT governance is important but I question how much does the IT governance board understand about the day to day tactical risks such as the current threats and vulnerabilities against a companies attack surface? How […]

Leave a Comment

Dirt Cheap DDoS for Hire, via D/TLS Amplification

A new way of sending powerful denial of service traffic emerged this week. Malefactors are now misusing servers that talk Datagram Transport Layer Security (D/TLS). Typified by Cisco’s Netscaler ADC product, before a patch was released in January, some D/TLS servers don’t check for forged requests. That allows scrotes to misuse these high-bandwidth servers to deny internet service […]

Leave a Comment

Ransomware Payments Jumped 171% In 2020: Report

A new report has emerged stating that average ransomware payments jumped by more than 171% in 2020, suggesting that cybercriminals have benefitted from an extremely lucrative period throughout the pandemic.  The numbers come from Palo Alto Networks, who noted an 171% increase in ransomware payments from organisations and individuals that had been hit by the […]

Leave a Comment

Serious Security: Mac “XcodeSpy” backdoor takes aim at Xcode devs

Remember XcodeGhost? It was a pirated and malware-tainted version of Apple’s XCode development app that worked in a devious way. You may be wondering, as we did back in 2015, why anyone would download and use a pirated version of Xcode.app when the official version is available as a free download anyway. Nevertheless, this redistributed version of Xcode […]

Leave a Comment

Hackable: How to Do Application Security Right

If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk too. Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you may […]

Leave a Comment

Magecart hackers hide captured credit card data in JPG file

Cybercriminals have devised a new method to hide credit card data siphoned from compromised online stores, experts from Sucuri observed Magecart hackers hiding data in JPG files to avoid detection and storing them on the infected site. The new exfiltration technique was uncovered while investigating a Magecart attack against an e-store running the e-commerce CMS Magento 2. […]

Leave a Comment

Forget Covid, The Global Elites are Now Warning us About a Cyber Pandemic

The exercise/event is called “Cyber Polygon” and it will take place this July. It is being sponsored by the WEF (World Economic Forum) and this is what they will focus on during the simulated cyber attack. This is from their website. “Cyber Polygon 2021 will draw together leading global experts to discuss the key risks posed by digitalisation […]

Leave a Comment

Developing a Strong Security Posture in the Era of Remote Work

Leave a Comment

Getting your application security program off the ground

“Application security was traditionally very low on CISOs’ priority list but, as the attacks targeting applications increase in frequency, it’s getting more attention,” Eugene Dzihanau, Senior Director of Technology Solutions at EPAM Systems, told Help Net Security. “The application layer is quickly becoming more exposed to the outside world, drastically increasing the attack surface. Applications are […]

Leave a Comment

Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws

On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant reported that at least one China-linked APT group, tracked as HAFNIUM, chained these vulnerabilities to access on-premises Exchange servers to access email […]

Leave a Comment

How a push to remote work could help fix cybersecurity’s diversity problem

When Rinki Sethi heard that her 7th grade daughter applied to take a technology innovation class as an elective, she was thrilled. Sethi, who joined Twitter in September as its chief information security officer, said one of her passions is getting more young women interested in technology. But when her daughter found out that she […]

Leave a Comment

Starting your cybersecurity career path: What you need to know to be successful

A comprehensive guide to getting started in cybersecurity

Leave a Comment

Distance Learning Training Courses

Get 50% Off Our ITIL Distance Learning Training Course ITIL qualifications are in high demand! We’re currently offering 50% off our ITIL 4 Foundation distance learning training course with promo code ITIL50. https://tidd.ly/3eb99n8 Get 30% Off Distance Learning Training Courses ITG distance learning courses let you train at a time and place that suits you! […]

Comments (1)

Cybersecurity Best Practices for 2021

CYBERSECURITY: It’s not just a good idea. Register to learn more.

Leave a Comment