As recent research shows, 25% of employees have lost important assets relating to their job. But is there more than just the cost of replacement? With mobile phones and memory sticks being two of the main assets lost or stolen, what are the other implications for businesses and what effect does this have on them and other employees?
Last week I passed the EC-Council Certified Ethical Hacker exam. Yay to me. I am a professional penetration tester right? Negatory. I sat the exam more as an exercise to see if I “still had it”. A boxer returning to the ring. It is over 10 years since I passed my CISSP. The 6-hour multi-choice horror of an exam, that was still being conducted using pencil and paper down at the Royal Holloway University. In honesty, that was a great general information security bench mark and allowed you to go in multiple different directions as an “infosec pro”. So back to the CEH…
The sound of lapping ripples, the hypnotic blue depths, the sunlit sparkles on wavetops—these elements, and more, make Earth’s seas a serene and enchanting environment. If you feel like you could use some of this premium aquatic inspiration right now, you’re in luck, because the BBC just released a full ten hours of continuous open “oceanscapes” on YouTube.
You’re reading Significant Digits, a daily digest of the numbers tucked inside the news. I’m Oliver Roeder, a staff writer here and your humble new Significant Digits host. I also live on the internet here.
Whilst data breaches can result in substantial fines that can hit company finances hard, they have many, often more immediate, impacts. Businesses that do not respond quickly and decisively at the first sign of a data breach will find themselves constantly struggling to play catch-up. This means that when the fine hits they are often in such a weakened state that they cannot recover. The brutal truth is that 66% of small to medium businesses go out of business after a data breach.
A North Korean cyber-espionage group has exploited an ActiveX zero-day to infect South Korean targets with malware or steal data from compromised systems, local media and security researchers have reported. The perpetrators of these attacks are known as the Andariel Group. According to a report authored by South Korean cyber-security firm AhnLab, the Andariel Group is a smaller unit of the larger and more well-known Lazarus Group —North Korea’s cyber-espionage apparatus, believed to be a unit of its military.
A new survey from Imperva has revealed that 27 percent of today’s security teams receive over 1 million security alerts every day, which leaves 53 percent of IT professionals struggling to identify critical security incidents over false positives. As a result of the huge volume of alerts security teams are faced with today, the study also revealed that 30 percent of IT professionals have flat-out ignored certain categories of alerts, while four percent have turned off the alert notifications altogether.
You can reach Dean via email – firstname.lastname@example.org
Feedback, as they say, is a gift. Research bears this out, suggesting that it’s a key driver of performance and leadership effectiveness. Negative feedback in particular can be valuable because it allows us to monitor our performance and alerts us to important changes we need to make. And indeed, leaders who ask for critical feedback are seen as more effective by superiors, employees, and peers, while those who seek primarily positive feedback are rated lower in effectiveness.
Summer is officially here, reminding us once again to appreciate the air conditioned offices that allow us to aggregate and track open source security vulnerabilities without breaking into a sweat.
The Hack the DTS bug bounty program uncovered dozens of vulnerabilities in the Defense Travel System serving the Department of Defense.On 30 May, vulnerability coordination platform HackerOne revealed the results of Hack the DTS. Nineteen trusted security researchers participated in the 29-day program and submitted 100 vulnerability reports over the course of the exercise. Their findings uncovered 65 unique security weaknesses in the Defense Travel System, which facilitates the travel requirements of the U.S. Department of Defense (DoD). Nearly half (28 bugs) contained a high or critical severity warning.For helping to make the DTS more secure, the researchers received $78,650 in reward money.Hack the DTS proceeded under the auspices of Hack the Pentagon, one of the 10 essential bug bounty programs of 2017. The Department of Defense partnered with HackerOne to run the pilot of Hack the Pentagon in the spring of 2016. After the success of the program, DoD officials announced it would expand its contract with HackerOne to other departments. Hack the Army was the first of these initiatives, with Hack the DTS following approximately two years later..Reina Staley, chief of staff and Hack the Pentagon program manager at Defense Digital Service, said she’s happy with the results of the Hack the DTS program. As quoted by BusinessWire:Securing sensitive information for millions of government employees and contractors is no easy task. No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS. We’d like to thank the participating hackers for contributing their time to help us safeguard sensitive information.Staley shared additional thoughts about working with white hat hackers in the video posted below.
Encrypted messaging app Telegram is feeling the squeeze out of Russia, where regulators are not letting up in their ongoing attempts to block the app because its publishers refuse to provide regulators with access to messages on the platform. Pavel Durov has announced that Telegram app for iOS is no longer updating after the iOS 11.4 update this week: updates are being “prevented” by Apple after the Russian regulator ordered Apple to remove Telegram from the App Store altogether. Durov said this has also meant that Telegram has not been able to issue its GDPR update to comply with the new European regulations that went into effect last week.
The Europas Unconference & Awards is back on 3 July in London and we’re excited to announce more speakers and panel sessions as the event takes shape. Crypto and Blockchain will be a major theme this year, and we’re bringing together many of the key players. TechCrunch is once again the key media partner, and if you attend The Europas you’ll be first in the queue to get offers for TC events and Disrupt Europe later in the year.
A North Korean cyber-espionage group has exploited an ActiveX zero-day to infect South Korean targets with malware or steal data from compromised systems, local media and security researchers have reported.
The dawn of the European Union General Data Protection Regulation (GDPR) is upon us, but organizations are overlooking the risk of mobile devices. The cost for non-compliance is steep. For example, if the Equifax breach occurred under GDPR, it is estimated that its fine would have been more than $120 million.
What makes a DDoS attack different from an everyday data breach? The answer is embedded in the term: denial of service. The motive of a DDoS attack is to prevent the delivery of online services that people depend on. Financial institutions, gaming and e-commerce websites are among the top targets of DDoS attacks, as are cloud service providers that host sites or service applications for business customers. Even a brief disruption of service delivery can cost an enterprise millions in lost business, not counting the after-effects of alienated customers and reputational damage.
Being a hacker isn’t nearly complete if you’re unfamiliar with common Hacking terms.
It has been reported that NewSky Security has uncovered a security vulnerability across all routers from Singapore’s leading internet service provider, SingTel. The uncovered vulnerability could potentially give access to all devices connected to the affected routers. Natan Bandler, CEO & Co-Founder at Cy-oT commented below.
The Office of Management and Budget reports that the federal government is a shambles — cybersecurity-wise, anyway. Finding little situational awareness, few standard processes for reporting or managing attacks and almost no agencies adequately performing even basic encryption, the OMB concluded that “the current situation is untenable.”