CIOs and other IT professionals need to strategically manage the use of today's popular consumer messaging apps in the enterprise. While that process can be a challenge, it's possible to protect your business without blocking all rogue IT.
ShadowIT is a huge security risk. But it is also a symptom caused by too much lockdown and outdated tools and methods. Users are required to fulfill their job assignments and IT must support that to full extent. Otherwise the security strategy is flawed, since it leads to less control instead of better control.
Give the users the tools they need and like, or they will solve their own problems the best way they can, disregarding the problems they cause for IT security.
Behavioral biometrics has emerged as a reliable alternative for secure online user authentication.
A fingerprint is more like a permanent user ID than a a secret password. But combined with other biometric technologies, like behavior, it will provide stronger authentication, but with an easier usage, than the password based security of today.
RaaS has outgrown smaller targets and now threatens governments, NGOs, and SMBs.
Digital extortion is such a simple way to make some big bucks with very little risk of getting caught. You don't even have to meet your victim in an alley and threaten them with a lead pipe. You can do it all from the convenience of your desk. Street mugging going white collar criminality.
This is an attempt to collate all the information about ISIS comms within Europe, back to ISIS Syria. This is only operational terrorist…
Daesh (or ISIS) is NOT hiding behind encryption. We don't need a ban on encryption, we need better police work in the field. A ban on encryption will only hurt the common people and businesses that need to be safe from thiefs and cyber criminals.
Is the Big Data revolution dependent on security? Well, it's here, and security concerns may be holding it back.
Big Data Security isn't only about privacy. It is also about validity and correctness of that data. To be able to have trustworthy data for the analysis and decision-making you need to know the quality of the data. Is it correct? Not tampered with? is the read device actually the device you think it is? Classic questions from IT security.
En av svenska Försvarsmaktens servrar utnyttjades i en omfattande IT-attack som slog ut amerikanska storbankers webbsidor, rapporterar Dagens Nyheter. Servern blev ofrivilligt del av en överbelastningsattack, en så kallad ddos-attack, där mängder av datorer på kommando skickade stora datapaket till sidorna så att de låg nere, vissa i flera dygn. Händelsen utreddes av FBI. Försvarsmaktens server hade under en längre tid haft en säkerhetsbrist. Dess IP-adress fanns med i listor över sårbara servrar som låg ute på nätet. Det var först när Myndigheten för samhällsskydd och beredskap (MSB) hörde av sig som Försvarsmakten reagerade. – Vi har normalt bra koll på våra grejor. Detta misstag handlar om den mänskliga faktorn – vi har mycket folk som genomför drift. Det är viktigt att komma i håg att detta inte är en sårbarhet som går att utnyttja för att ta sig in i Försvarsmaktens IT-system, säger Dan Eriksson på Försvarsmakten till DN.
Att utnyttjas i attacker är mycket pinsamt. Man måste kunna ställa högre krav på en myndighet där säkerhet är högsta prioritet.
A scammer syndicate has been caught impersonating the services of cyber-security companies and charging high fees for doing very little.
Cyber Security is very much about trust, something that can be used by scammers. Always check if a web page has the correct links etc before you even trust what seems to be a security supplier home page.
Why do phishing attacks that are targeted at personnel and human vulnerabilities continue to succeed? Too often scams are successful because of people’s lack of security awareness training. Everybody is a target, regardless of role or industry. We live in a digital age where gathering of information has become much easier; phishing is a method that exploits this ease. It is often difficult to detect and prevent, and phishing and malware protection (in addition to using a firewall and anti-virus application) to guard against these scams, might be easily bypassed by savvy phishers. Security awareness training can equip enterprise employees with the knowledge and tools necessary for resilience against such attacks, if coupled with clear endorsement by management and a company culture that supports empowerment of employees.
Humans are the weakest link in any security strategy. People must be trained to be alert, like they are trained to spot strangers in the building. But scammers will always find ways to pass the reception or fool you into open a malware infested email attachment.
From an IT security point of view we need to take this into consideration and minimize the damage that can be done. Tools like encryption of all data at rest and in transit, advanced adaptive authentication, network segmentation, application based security, and so on, are all important pieces of the puzzle that spells: ZeroTrust.
The device can be tracked på the carrier and by anyone that can hack the vulnerable SS7 signalling system. The only way to protect the communication in mobile networks is through encryption and application based security. Secure voice calls should be protected by an encrypted VoIP app, and so on. Also, if you do not want anything stored you should select an app that provide end-2-end security, like WhatsApp or anything based upon https://apptimate.io.
Staggeringly out of date software supports the conclusion that documents from Mossack Fonseca were exfiltrated by a hacker. Learn what vulnerabilities could have been used.
The only security tech worth anything is the one that actually gets used. In this case it is even worse. Not even the simplest updates and patching was performed. Lesson learned: Don't trust crooks that don't know what they are doing.
We have been following reports for the last two days indicating that outages in the Swedish Air Traffic Control System between 4 and 9 November 2015 were actually caused by malicious, sustained cyber attacks from highly trained groups either supported by or under the direction of the Russian government. For now we have not seen …
Air Traffic Control is an important node in critical infrastructure, and as such, targeted by hackers in the escalating cyber war.
In this case the purpose was probably not malicious in the way that it was meant to destroy and kill, it was probably more an analysis of capabilities and response.
Sharing your scoops to your social media accounts is a must to distribute your curated content. Not only will it drive traffic and leads through your content, but it will help show your expertise with your followers.
How to integrate my topics' content to my website?
Integrating your curated content to your website or blog will allow you to increase your website visitors’ engagement, boost SEO and acquire new visitors. By redirecting your social media traffic to your website, Scoop.it will also help you generate more qualified traffic and leads from your curation work.
Distributing your curated content through a newsletter is a great way to nurture and engage your email subscribers will developing your traffic and visibility.
Creating engaging newsletters with your curated content is really easy.