What's cyber security?

Computer security, cybersecurity or information technology security (IT security) is the security of computer systems in the theft of or damage to their own hardware, applications, or digital information, in addition to in the disruption or misdirection of their solutions they supply. The area is becoming more important because of greater reliance on computer technologies, the web and wireless system standards like Bluetooth and Wi-Fi, and as a result of development of "smart" devices, such as televisions, smartphones, and the numerous devices which constitute the"Internet of things". Due to its complexity, both regarding science and politics, cybersecurity can also be one of the significant challenges in the modern world.

What's cyber security?

Organizations face many threats to their data systems and information. Knowing all of the fundamental elements to cyber safety is the first step to fulfilling these threats.

Types of cyber security.

The reach of cyber protection is broad. The core regions are explained below, and some other fantastic cyber security plan must take all of them into consideration.

Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Critical infrastructure.
Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
Network security.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Cloud security.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Application security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Internet of things (IoT) security.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals. There’s no magic wand that can make a ransomware attack simply disappear with no impact at all on an organisation, but you can lessen the problem by carefully following tried-and-trusted steps in the immediate aftermath of an attack. Read more in my article on the Tripwire State of Security blog.

Imagine being contacted by a complete stranger via Facebook, and them telling you that they have complete control over the security system in your new home. Read more in my article on the Hot for Securiy blog.

Coffee machines catching ransomware, Blacklight shines a torch on website tracking, and a woman is freaked out that a complete stranger can turn off her home's security system. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.

Shibu Philip has done a great service. Now everyone knows to steer well clear of working for him or his company Transcend.

The Coronavirus pandemic has pretty much killed off office romances, and the chances of a snog in the stationery cupboard, but now at least one firm might be pooping over romance outside of the workplace as well. Do you think relationships outside the office should be vetted for whether they pose a cybersecurity threat?

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the past week. Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open … Continue reading "Elite security intelligence at zero cost – use Recorded Future Express… for FREE!"

The confirmation that US President Donald Trump has been infected by the Coronavirus, and had to spend time this weekend in hospital, has – understandably – made headlines around the world. And there are plenty of people, on both sides of the political divide, who are interested in learning more about his health status. It’s no surprise, therefore, to discover that cybercriminals are exploiting that interest with the intention of infecting users’ computers. Read more in my article on the Tripwire State of Security blog.

An internet-connected adult toy could leave its users encaged, the official NHS COVID-19 contact-tracing app alarms users, and would you be happy if a robot interviewed you for a job? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Zoe Kleinman.

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the past week. Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open … Continue reading "Recorded Future Express gives you elite security intelligence at zero cost"

Anti-virus veteran John McAfee has been arrested in Spain on US tax evasion charges. According to the US Department of Justice, McAfee is charged with failing to file tax returns despite making millions of dollars promoting cryptocurrencies.

Graham Cluley will be delivering a keynote address at (ISC)²'s tenth annual Security Congress. And the entire event is virtual - so there's no excuse not to show up!

Some 16,000 Coronavirus cases in the UK went missing after the Excel spreadsheet they were being recorded in reached its maximum limit, and did not allow the automated process to add any more names.

Google has announced it will be publicising security issues it finds in third-party Android devices, in the hope that they will be fixed more quickly.

Gay dating app Grindr had a serious security vulnerability that could have allowed anyone to hijack control of a Grindr user's account. All you would need to seize control of a user's account would be their email address.

Cybercriminals have sent out thousands of malware-laden emails, using lures related to the US elections, to companies across America.

The Bluetooth Qiui Cellmate attaches itself to a man's penis, allowing a remote partner to lock up your proverbials if they think you don't deserve to use them for a while. And with no umm.. manual over-ride, you could find your pickle in a right pickle if an unauthorised third-party exploits the flaws to lock the cage without your permission. Built from a mixture of polycarbonate and toughened steel, removal is non-trivial and might involve taking an angle grinder or bolt cutters to a delicate part of your anatomy. That's not when you want to find out that there is a security flaw in the sex toy's API that means anyone can hijack your cock lock.

I received a direct message (DM) on Twitter, bearing some worrying news. Apparently my @gcluley Twitter account is in danger of being permanently deleted due to copyright violation. Crikey!

I'm sure their food is lovely, but I don't think they're going to deliver to me in Oxford, England, are they? Or if they did I'd have to give the delivery driver a stonking tip.

Google gets in a muddle about its stalkerware policy, after making an unfortunate typo.

When a ransomware attack knocked out systems at a major hospital in Düsseldorf, Germany, there were tragic consequences.

Despite repeated warnings Dunkin' Donuts failed to investigate evidence of a significant data breach, didn't reset passwords, and didn't warn customers... for years.

US authorities have charged two Russian men with allegedly defrauding cryptocurrency exchanges and their customers out of at least $16.8 million. Read more in my article on the Tripwire State of Security blog.

Kalashnikov unveils its “smart” shotgun, San Diego struggles with its street lights, and a researcher reveals how he found a way to hack every Tesla on the planet. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined … Continue reading "Smashing Security podcast #196: Smart guns, smart cars, and smart street lights – oh my!"

This weekend US Customs and Border Protection at New York’s JFK airport seemed proud to announce that it had “seized 2,000 counterfeit Apple AirPods” coming in from Hong Kong. But take another look...

Do you think you can crack Monero's layers of privacy? The IRS would like to hear from you. Read more in my article on the Hot for Security blog.

If there are active attacks in the wild, if the DHS is ordering federal agencies to defend themselves, and if Zerologon is so easy to exploit, don't you think your business should be patching itself as soon as possible?

A critical vulnerability in Instagram's Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. Read more in my article on the Tripwire State of Security blog.

Why are Zoom and Twitter making some people disappear? How are Counter-Strike: Global Offensive cheats getting their just desserts? And the founder of a anti cyber-fraud firm is charged with fraud. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Shopify, the major ecommerce platform which powers many online stores, has revealed that it suffered a serious breach of security at the hands of two rogue employees. Read more in my article on the Hot for Security blog.

A ransomware attack detected and blocked at ArbiterSports, but only after sensitive data was exfiltrated. Read more in my article on the Hot for Security blog.

Reusing passwords is a recipe for disaster, as hackers will use a password breached in one place to break into other online accounts. Password reuse is one of the biggest mistakes you can make on the internet. Always use unique passwords and (whenever available) enable two-factor authentication.

If you're a business which has a website that customers access via a password, spend a few minutes create your own .well-known/change-password which points users to the correct place. Read more in my article on the Bitdefender Business Insights blog.

Various media outlets are reporting that the source code for the legacy operating systems Windows XP and Windows Server 2003 have leaked online. Do they pose a risk?

A Bitcoin bungle causes one user to lose millions, hackers attempt to bribe a Tesla employee into infecting the company's network, and are we ready for a sky full of drones? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

Hackers are exploiting a critical vulnerability that may be affecting hundreds of thousands of websites running WordPress. The vulnerability lies in versions of the popular third-party plugin WordPress File Manager, which has been installed on over 700,000 websites. Read more in my article on the Hot for Security blog.

Whoops! Apple accidentally approved malware posing as an update for Adobe Flash Player, allowing it to run unhindered on macOS.

Running a security blog means that I’m always interested in receiving tips about data breaches, vulnerabilities, malware attacks, and the like. But I do explain that I’m not available to help troubleshoot PC problems or provide technical support – there simply aren’t enough hours in the day, and it doesn’t put any crumbs on the dining room table. This morning, however, I received a very polite message from a reader of the blog.

UK water service supplier Southern Water made it all too easy for unauthorised parties to view customers' billing documents and account details.

Whatever happened to Crackas with Attitude, perfidious Albion College's approach to locking down Coronavirus, and the Bridgefy mesh messaging app falls down when it comes to security. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

The state-sponsored BeagleBoyz hacking group is targeting banks in over 30 countries, possibly to fund North Korea's nuclear weapons ambitions.

European cryptocurrency exchange platform Eterbase has announced that it has suffered a security breach which saw hackers access its network and steal funds worth US $5.4 million. Read more in my article on the Tripwire State of Security blog.

The Gadget Show's Jon Bentley joins us to discuss the mystery of a Facebook friend you never requested, software updates for the Mercedes S-Class, and risks in the online classroom. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast hosted by computer security veterans Graham Cluley and Carole Theriault.

A reader got in touch with me regarding a suspicious email they had received claiming to come from Facebook. What I expected to be a simple phishing email turned out to be something much more curious...

Graham Cluley Security News is sponsored this week by the folks at Immersive Labs. Thanks to the great team there for their support! Attacks and breaches are a fact of life. They happen. What’s most important is how well your organisation responds. And technology isn’t enough. Your staff must be ready too. Immersive Labs delivers … Continue reading "Free ebook: Aligning cyber skills with the MITRE ATT&CK framework"

India’s leading online shopping app has sent a legal notice to a US security firm demanding that they stop spreading "false" claims that it has been hacked...

Newcastle University, in the North East of England, has confirmed that it has suffered a cyber attack after several days of disruption to its IT services. And, the university warns, it will “take several weeks” to get systems up and running again

Someone working for the BBC appears to have made a disastrous blunder while trying to remain anonymous on the internet...

Security researchers at Slovak security firm ESET have discovered a new family of malware that they say has been using a variety of techniques to steal cryptocurrency from unsuspecting users since at least December 2018. Read more in my article on the Tripwire State of Security blog.

The hackers used the platform to deny that they had hacked Paytm Mall, India's leading online shopping app. Read more in my article on the Hot for Security blog.

According to Dutch magazine, three ethical hackers were able to determine Donald Trump's Twitter password while he was running his US Presidential campaign. A password that had been exposed years before following the notorious LinkedIn hack.