Spectre and Meltdown explained: What they are, how they work, what’s at risk

In the first days of 2018, published research revealed that nearly every computer chip manufactured in the last 20 years contains fundamental security flaws, with specific variations on those flaws being dubbed Spectre and Meltdown. The flaws arise from features built into chips that help them run faster, and while software patches are available, they may have impacts on […]

Intel AMT security issue gives attackers complete control over a laptop

F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists […]

AI in Cybersecurity: Where We Stand & Where We Need to Go

With the omnipresence of the term artificial intelligence (AI) and the increased popularity of deep learning, a lot of security practitioners are being lured into believing that these approaches are the magic silver bullet we have been waiting for to solve all of our security challenges. But deep learning — or any other machine learning […]

Microsoft: How the Threat Landscape Will Shift This Year

Unlike security professionals, who have stressed over digital threats for years, most average consumers didn’t recognize the importance of security until 2017. “Grandmothers and grandfathers and moms and dads are now aware of cyber intrusions,” says David Weston, principal security group manager for the Windows Enterprise and Security team at Microsoft. “It’s amazing, but it […]

5 mobile security threats you should take seriously in 2018

Mobile security is at the top of every company’s worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The […]

New Spider ransomware threatens to delete your files if you don’t pay within 96 hours

A new form of ransomware has emerged and is being distributed through malicious Office documents, infecting victims with file-encrypting malware. Uncovered by researchers at Netskope, the ‘Spider Virus’ ransomware campaign was first detected on December 10 and is ongoing. Like many ransomware schemes, the attack begins with malicious emails to potential victims. The email subjects and […]

Android vulnerability allows attackers to modify apps without affecting their signatures

Among the many Android vulnerabilities patched by Google this December is one that allows attackers to modify apps without affecting their signatures. The vulnerability (CVE-2017-13156) can be exploited to replace any kind of app, even a system app, without the user noticing anything or Android preventing the installation. Read more about the Android vulnerability on Help Net […]

The key to success with prevention strategies like remote browser isolation

It is tempting as a security practitioner to think you can prevent every attack. Especially in a people-strapped industry, why wouldn’t you want to? If we could just use technology and prevent attacks, we wouldn’t need that many new security practitioners after all. Prevention is definitely a good strategy, and has prompted much investment from […]

Five key trends to watch in 2018 as cybercriminals continue to innovate

The McAfee Labs 2018 Threats Predictions Report identifies five key trends to watch in 2018. This year’s report focuses on the evolution of ransomware from traditional to new applications, the cybersecurity implications of serverless apps, the consumer privacy implications of corporations monitoring consumers in their own homes, long-term implications of corporations gathering children’s user-generated content, and the […]

Beyond Security Event Feeds: Using Threat Intelligence Strategically

Read Oliver Rochford explain how companies can use threat intelligence strategically on Infosec Magazine : Threat Intelligence (TI) has become a must-have weapon in the cybersecurity professionals arsenal, with a huge variety of TI sources available, from open source feeds to specialized commercial service providers. Read his full article here.