Mozilla: IoT a growing security concern, social fraud hitting ‘epidemic proportions’

Access to the internet has grown exponentially in the last 10 years and will continue to play an outsized role in our lives as more and more people and activities move to the digital realm. With more than 3.57 billion people now using the internet and efforts to digitize a panoply of processes well underway, […]

5 myths of API security

Monday last week, Krebs on Security revealed that over an eight-month period, Panera Bread ignored the leak of more than 37 million customers’ data. Then Wednesday night, news broke of a September breach at customer interface provider [24]7.ai. Its full extent is still unknown, but as of this writing, [24]7 customer Delta Airlines says “several […]

The eternal struggle: Security versus users

There’s an old joke that a job in security is a safe place to be grumpy. From what Ray Pompon, Principal Threat Researcher Evangelist at F5 Labs, has seen over his career, that is often true. Security people seem to cherish their reputation for being pessimistic and untrusting. Some take it further and cast their disdain […]

100% of web applications vulnerable to attack, despite billions spent on security efforts

Companies will spend an estimated $96 billion on cybersecurity efforts in 2018, but 100% of web applications remain vulnerable to attack, according to Trustwave’s eleventh annual Global Security Report, released this week. The report examined how the cyber threat landscape has evolved in the past decade. In 2008, the largest cyber threats were opportunistic, with attackers trying […]

Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider

Several cybersecurity experts this week cautioned against underestimating the seriousness of a cyberattack on an EDI service provider that disrupted data communication services at four major US interstate gas pipeline companies in the last few days. The attack does not appear to have interrupted gas pipeline operations or cause any damage to operational systems at any […]

Only 1% of media companies are ‘very confident’ in their cybersecurity

As more consumers cut the cable cord, media companies are increasingly transitioning to over-the-top (OTT) content, offering online-based shows and information. However, increasing cyber threats may halt media organizations’ online services and ability to innovate in the space, according to a report from security firm Akamai. Slow site performance and downtime are the industry’s top security-related […]

How to detect and prevent crypto mining malware

Hackers are turning to cryptojacking — infecting enterprise infrastructure with crypto mining software — to have a steady, reliable, ongoing revenue stream. As a result, they’re getting very clever in hiding their malware. Enterprises are very much on the lookout for any signs of critical data being stolen or encrypted in a ransomware attack. Cryptojacking is stealthier, […]

Iran ‘the New China’ as a Pervasive Nation-State Hacking Threat

Of the four new advanced persistent threat (APT) groups christened by FireEye last year, three were out of Iran. Mandiant, the incident response services arm of FireEye, witnessed a major increase in nation-state hacking activity by Iranian attackers in 2017, especially on the cyber espionage side of things. Iranian groups now are maintaining and keeping […]

New Attack Vector Shows Dangers of S3 Sleep Mode

Two researchers at Black Hat Asia last month gave computers a reason to sleep with one eye open in their demo of “S3 Sleep,” a new attack vector used to subvert the Intel Trusted eXecution Environment (TXT). A flaw in Intel TXT lets hackers compromise a machine as it wakes up. Intel TXT is the […]

Cybersecurity: How to devise a winning strategy

In 2017, as in previous years, cybersecurity incidents made the news on a regular basis. Already in 2018 we’ve seen the Meltdown/Spectre CPU vulnerabilities and a huge row over the governance and usage of Facebook data. Beneath these headlining cyber-incidents is a continuous background level of activity that is the inevitable result of organisations failing to monitor and protect their networks, […]