Enterprises face a dilemma when it comes to defence against today’s modern DDoS attacks: do they trust the surgical precision of an on-premise DDoS protection solution or go with a DDoS cloud scrubbing solution? It’s a tough decision for IT managers to make, as whichever option chosen will be the companies way of protecting themselves from cyberattacks. But, why even choose between the two?
Security researchers from Cisco said today that they’ve detected a giant botnet of hacked routers that appears to be preparing for a cyber-attack on Ukraine.
The souk, or marketplace, keeps buzzing in Sulaimani, a provincial capital in Iraq’s semi-autonomous Kurdish region, even though the national power grid has just gone off-line. Merchants like Mohamad Romie emerge from shops to fire up their generators or switch over to commercial backup power suppliers.
Mozilla is rolling out support for a two-step authentication process for Firefox Accounts, the credentials system that protects bookmarks, passwords, open tabs and other data synchronized between devices via the Firefox Sync feature.
“If you want to change the world, start with yourself.” In the case of security research this can be rephrased to: “If you want to make the world safer, start with the smart things in your home.” Or, to be more specific, start with your router – the core of any home network as well as an interesting research object. And that router you got from your ISP as part of your internet contract is even more interesting when it comes to research.
[unable to retrieve full-text content]
—–BEGIN PGP SIGNED MESSAGE—–
By David Carver on May 23, 2018
In the context of scoping out research for reports over the years, I’ve occasionally heard the phrase, “I can’t find any data regarding ‘X’.” The person making this statement usually offers it in a spirit of resignation, as if the lack of data signifies a deficiency in their toolset, their methodology, or the research request itself.
Now that we’ve very nearly reached the deadline for General Data Protection Regulation (GDPR), insider threat management is more crucial than ever. What is an insider threat? It’s when an insider’s credentials and access are used — either directly by malicious actors or indirectly by criminals with stolen or acquired credentials — to obtain sensitive data from an organization.
This year, Verizon outlined in its annual Data Breach Investigations Report that 81 percent of hacking-related data breaches involved either stolen or weak passwords. This means that password protection is a real pain in the neck for security officers at enterprises. They can’t be complacent about the processes and controls they rely on for password management as cyber criminals are continuously improving their hacking strategies. Here is a list of 10 password protection best practices that will help enterprises (or anyone, really) strengthen their security against current threats.
Protesters demonstrate the purchase of local NBC 10 station by conservative Sinclair Broadcast Group on March 19, 2018 in Cranston, Rhode Island. Image: Shutterstock.
This post is part of a weeklong series to help our readers improve their digital security. Follow along here.
In the aftermath of a cyber breach, the costs of disruption, downtime and recovery can soon escalate. As we have seen from recent high profile attacks, these costs can have a serious impact on an organisation’s bottom line. Last year, in the wake of the notPetya attack, Maersk, Reckitt Benckiser and FedEx all had to issue warnings that the attacks had cost each company hundreds of millions of dollars. Whilst the full extent is not yet known, it has underlined the financial impact that such breaches can have.
Once again, we are humbled and honored to be recognized as a leader in the Gartner Magic Quadrant for Managed Security Services, a title we have held five consecutive times. Last year was another significant and transformational period for IBM Security, especially for our managed security services (MSS) business.
Welcome to FiveThirtyEight’s weekly politics chat. The transcript below has been lightly edited.
Last month, I spoke to an audience of sales and marketing professionals at the General Data Protection Regulation (GDPR) Summit in London. I thoroughly enjoyed the experience. My presentation and live demo focused on data security and how basic defense measures can help with several of the key GDPR obligations.
At the Black Hat security conference last August, researchers from the security firm Kryptowire announced that they’d discovered Amazon’s #1-selling unlocked Android phone, the BLU R1 HD, was sending Personally Identifiable Information (PII) to servers in China. The culprit was a piece of firmware update software created by AdUps Technologies, a company based in Shanghai.
Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven’t yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild.
Excited to announce that this year’s The Europas Unconference & Awards is shaping up! Our half day Unconference kicks off on 3 July, 2018 at The Brewery in the heart of London’s “Tech City” area, followed by our startup awards dinner and fantastic party and celebration of European startups!