When it comes to password hygiene, many of us are still ignoring the basics.Password management specialist, SplashData has released its eighth ‘Worst Passwords of the Year’ list: a roundup of the most commonly used and easily guessable passwords. The list is
The value of encryption is hard to overestimate. When it works, it means that even if your data is accessed without authorisation, it cannot be read (and by extension, cannot be exploited) by the attacker; something that makes encryption an essential layer of
Antivirus (AV) is a commonly relied upon security control. But it’s worth remembering that there’s nothing inherently “hack-proof” about this type of software. After all, no program (AV included) is immune to outside attack!That said, if you can run your
If a direct attack on a particular network isn’t viable, then what’s the hacker’s next move? In many instances, it’s a case of going upstream: i.e. identifying an application trusted by the target – and using that software as a backdoor means of malware
It’s versatile, it works on a minimum of code - and it’s also relatively easy to put to work: three factors which go a long way in explaining why Python is currently being touted as the “world’s most popular coding language”.Black hat hackers are drawn to
We’ve been reminded that when it comes to malware delivery, threat actors tend to prefer tried and tested methods.A recent roundup from Cofense Intelligence included a breakdown of malware loaders analysed by volume for the month of August 2018. It found that
A business merger or restructure can leave existing Internet domains suddenly surplus to requirements. So what’s the harm in simply allowing them to expire? Recent research highlights the perils of letting old domains slip out of your control…Domain registry
Most enterprises have suffered at least one data breach through their printers. Meanwhile, researchers have recently highlighted the fact that many 3D printers are routinely being exposed online without any adequate access controls.Here’s the problem: too many
For any cyber security specialist who’s due a pay review, recently published threat reports make worthwhile reading. The latest annual roundup from FireEye confirms the Cyber Security Skills Gap as one of the biggest risks facing businesses. Specialists in
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails. (UPDATE - This attack targets buggy email clients.)The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME
Listen (above) to my interview on the Secure Talk podcast where I discuss career advice for aspiring and existing cyber security professionals. Talk about security education, share my thoughts on the industry, credentials, certifications, advanced
The U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) have today issued a joint Technical Alert about malicious cyber activity carried out by the Russian government. To
Another promising DNS resolver with a security and privacy focus is the new free offer from Cloudflare called 1.1.1.1.Olafur Gudmundsson, director of engineering at Cloudflare, said: “Our goals with the public resolver are simple: Cloudflare wants to operate
Heads up about 13 vulnerabilities within AMD’s RYZEN and EPYC processors that could make some data breaches even worse. Note requires attackers to first gain administrative rights on a targeted network or computer.CTS Labs, a Tel Aviv-based security