Here are five signs that a virtual CISO may be right for your organization. 1. You have a lot to protect Companies produce more data than ever, and keeping track of it all is the first step to securing it. A virtual CISO can identify what data needs to be protected and determine the negative […]

Regular Naked Security readers will know we’re huge fans of Alan Turing OBE FRS. He was chosen in 2019 to be the scientist featured on the next issue of the Bank of England’s biggest publicly available banknote, the bullseye, more properly Fifty Pounds Sterling. (It’s called a bullseye because that’s the tiny, innermost circle on a dartboard, also known as […]

If you type in securityboulevard.com, Chrome version 90 will send you directly to the secure version of the site. Surprisingly, that’s not what it currently does—instead, Google’s web browser relies on the insecure site to silently redirect you. That’s slow. And it’s a privacy problem, potentially. This seemingly unimportant change could have a big—if unseen—impact. So long, cleartext web. In […]

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also […]

A recent article from Gartner states that, “Audit Chiefs Identify IT Governance as Top Risk for 2021.” I agree that IT governance is important but I question how much does the IT governance board understand about the day to day tactical risks such as the current threats and vulnerabilities against a companies attack surface? How […]

A new way of sending powerful denial of service traffic emerged this week. Malefactors are now misusing servers that talk Datagram Transport Layer Security (D/TLS). Typified by Cisco’s Netscaler ADC product, before a patch was released in January, some D/TLS servers don’t check for forged requests. That allows scrotes to misuse these high-bandwidth servers to deny internet service […]

A new report has emerged stating that average ransomware payments jumped by more than 171% in 2020, suggesting that cybercriminals have benefitted from an extremely lucrative period throughout the pandemic.  The numbers come from Palo Alto Networks, who noted an 171% increase in ransomware payments from organisations and individuals that had been hit by the […]

Remember XcodeGhost? It was a pirated and malware-tainted version of Apple’s XCode development app that worked in a devious way. You may be wondering, as we did back in 2015, why anyone would download and use a pirated version of Xcode.app when the official version is available as a free download anyway. Nevertheless, this redistributed version of Xcode […]

If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk too. Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you may […]

Cybercriminals have devised a new method to hide credit card data siphoned from compromised online stores, experts from Sucuri observed Magecart hackers hiding data in JPG files to avoid detection and storing them on the infected site. The new exfiltration technique was uncovered while investigating a Magecart attack against an e-store running the e-commerce CMS Magento 2. […]

The exercise/event is called “Cyber Polygon” and it will take place this July. It is being sponsored by the WEF (World Economic Forum) and this is what they will focus on during the simulated cyber attack. This is from their website. “Cyber Polygon 2021 will draw together leading global experts to discuss the key risks posed by digitalisation […]

“Application security was traditionally very low on CISOs’ priority list but, as the attacks targeting applications increase in frequency, it’s getting more attention,” Eugene Dzihanau, Senior Director of Technology Solutions at EPAM Systems, told Help Net Security. “The application layer is quickly becoming more exposed to the outside world, drastically increasing the attack surface. Applications are […]

On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant reported that at least one China-linked APT group, tracked as HAFNIUM, chained these vulnerabilities to access on-premises Exchange servers to access email […]

When Rinki Sethi heard that her 7th grade daughter applied to take a technology innovation class as an elective, she was thrilled. Sethi, who joined Twitter in September as its chief information security officer, said one of her passions is getting more young women interested in technology. But when her daughter found out that she […]

A comprehensive guide to getting started in cybersecurity

Get 50% Off Our ITIL Distance Learning Training Course ITIL qualifications are in high demand! We’re currently offering 50% off our ITIL 4 Foundation distance learning training course with promo code ITIL50. https://tidd.ly/3eb99n8 Get 30% Off Distance Learning Training Courses ITG distance learning courses let you train at a time and place that suits you! […]

CYBERSECURITY: It’s not just a good idea. Register to learn more.