What's cyber security?

Computer security, cybersecurity or information technology security (IT security) is the security of computer systems in the theft of or damage to their own hardware, applications, or digital information, in addition to in the disruption or misdirection of their solutions they supply. The area is becoming more important because of greater reliance on computer technologies, the web and wireless system standards like Bluetooth and Wi-Fi, and as a result of development of "smart" devices, such as televisions, smartphones, and the numerous devices which constitute the"Internet of things". Due to its complexity, both regarding science and politics, cybersecurity can also be one of the significant challenges in the modern world.

What's cyber security?

Organizations face many threats to their data systems and information. Knowing all of the fundamental elements to cyber safety is the first step to fulfilling these threats.

Types of cyber security.

The reach of cyber protection is broad. The core regions are explained below, and some other fantastic cyber security plan must take all of them into consideration.

Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Critical infrastructure.
Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
Network security.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Cloud security.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Application security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Internet of things (IoT) security.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
In their attempt to extort as much money as quickly as possible out of companies, ransomware gang know some effective techniques to get the full attention of a firm's management team. And one of them is to specifically target the sensitive information stored on the computers used by a company's top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom. Read more in my article on the Tripwire State of Security blog.

The cybercrime gang behind the PYSA ransomware has released files which they claim to have stolen from the London borough council of Hackney during an attack last year.

Have you been emailed a file claiming to be video evidence of a Donald Trump sex scandal? Don't click!

Please join me on Tuesday 12 January, for a live webinar where I will be discussing ransomware, with the lovely folks from Cloudian.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and … Continue reading "Elite security intelligence at zero cost – use Recorded Future Express!"

TransLink, Metro Vancouver’s public transportation agency, has warned its staff that hackers accessed their personal bank account details and other information. The warning came in an internal email to workers approximately one month after Translink was struck by the Egregor ransomware and passengers had their journeys disrupted. Read more in my article on the Hot for Security blog.

T-Mobile says that its security team recently discovered that hackers had managed to access information related to T-Mobile accounts. And it's not the first time...

The US Department of Justice has announced that Ticketmaster has been fined $10 million for repeatedly accessing a competitor’s computer systems in order to gain a commercial advantage.

The details of Ledger hardware wallet customers provide a golden opportunity for criminals to scam the unwary. Read more in my article on the Hot for Security blog.

Many thanks to the great folks at AV-Comparatives, who have sponsored my writing for the past week. Anti-malware testing lab AV-Comparatives carries out independent intensive tests of security software, and has just published its long-term test report into the performance of business and enterprise endpoint security products, taking a close look 19 products designed to … Continue reading "Business and enterprise anti-virus products put through a long-term test – which performed the best?"

It’s scary to receive a ransom demand from a cybercriminal, but I would argue it’s even more frightening to receive a threatening phone call from your attackers if you refuse to pay. Read more in my article on the Hot for Security blog.

Watch out for Santas wearing hoodies! A rogue employee takes down WebEx for thousands of people, and Apple forces apps to show a privacy health warning. All this and much much more is discussed in the final episode of the "Smashing Security" podcast for 2020, with computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Norwegian shipping and cruise line Hurtigruten has revealed it is the latest maritime firm to suffer at the hands of cybercriminals, following a crippling ransomware attack that it sustained leaving its systems down around the world. Read more in my article on the Hot for Security blog.

The United States Department of Commerce, Treasury, State Department, National Institutes of Health, Homeland Security, and Pentagon have had their networks compromised in what appears to have been a massive supply-chain attack on American government systems.

They say buying a house is one of the most stressful things that you might experience in your life (along with getting divorced, or dealing with the death of a loved one). So you probably don't want ransomware throwing a spanner in the works if you're planning a house move.

Following the popularity of the YouTube livestream we did to celebrate 200 episodes of the “Smashing Security” podcast a couple of months ago, Carole Theriault and I have made the bold and some would say foolhardy decision to hold a live Christmas party this Thursday (December 17th). And you are invited!

The FBI, working with law enforcement agencies across Europe, have seized three web domains and the server infrastructure used by a VPN service to allegedly help cybercriminals compromise networks around the world, and evade detect by police. Read more in my article on the Hot for Security blog.

EXMO says that it is the latest in a longer line of cryptocurrency exchanges to have suffered at the hands of hackers, having spotted suspicious activity in the early hours of yesterday morning, where client's accounts were accessed and large amounts withdrawn.

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the past week. If 2020 taught the security industry anything, it is this: There has never been a better time to be a cybercriminal. From extortion ransomware to cyberespionage campaigns, adversaries are capitalizing on uncertainty, causing chaos, and cashing in. … Continue reading "You too can be a security intelligence expert, with these free tools from Recorded Future"

Fertility clinics across the United States have been struck by a ransomware attack that has not only encrypted networks, but also stolen patients' sensitive personal and medical information. Read more in my article on the Hot for Security blog.

Cybersecurity firm FireEye has admitted that it has fallen foul of hackers, who stole secret tools used by the company to test the security of its customers.

The world’s largest electronics manufacturer, Foxconn, has suffered a cyber attack and extortionists are reportedly demanding a $34 million ransom be paid for the recovery of its data. Read more in my article on the Hot for Security blog.

One of the world’s leading recruitment agencies has found itself the victim of ransomware. In a statement published on Thursday last week, Randstad said that it had “recently become aware of malicious activity” on its network. That “malicious activity” was the Egregor ransomware, and although Randstad says that its operations have not been compromised by the security breach it does acknowledge that the hacker accessed – and have subsequently published – sensitive data.

A hacking gang calling itself Black Shadow has demanded a giant insurance firm pay a US $3.8 million ransom after encrypting and stealing sensitive data and documents about its clients. Customers of the victim, Israel’s Shirbit insurance company, have been advised to consider obtaining new identity cards and driving licenses due to the risk of identity theft after the hackers released a third wave of stolen data this past weekend.

This weekend visitors to the Australia Post website may have seen a somewhat eyebrow-raising message. For where the site normally displays "Latest news", it was instead suggesting that postal workers were trying out a new technique for coping with the Christmas rush: "We're smoking meth."

A food bank in Philadelphia has ended up out of pocket after scammers successfully tricked it out of almost one million dollars.

Passengers on Vancouver's transit system were unable to use their credit and debit cards for ticket payments after the service was badly hit by a ransomware attack. TransLink, the public transport operator in Vancouver, Canada, first indicated its IT systems were suffering problems on 1 December, when it said it was "investigating an issue." That "issue" turned out to be the Egregor ransomware, which hijacked TransLink's printers and spewed out a ransom note. Read more in my article on the Hot for Security blog.

Embraer, a Brazilian manufacturer of aircraft, has disclosed that hackers managed to breach its computer systems, and steal data in what sounds like a ransomware attack. Read more in my article on the Tripwire State of Security blog.

The FBI has warned businesses of the threat posed by cybercriminals who create auto-forwarding rules on their victims' web-based email services, in an attempt to make them more susceptible to Business Email Compromise (BEC). Read more in my article on the Bitdefender Business Insights blog.

Fears are raised about cyber bioterrorists, there's a widespread blackout for IoT devices caused by a cloud cock-up, and what role do strippers play in a revamp of the United States's computer crime laws? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Security researchers have warned of the latest incarnation of a backdoor trojan horse that has been used in the past to target Mac users. If you're a Mac user, I really hope you're running anti-virus software.

The world's largest maker of industrial computers, Taiwan's Advantech, has reportedly been hit by a ransomware attack - with cybercriminals demanding a ransom worth approximately US $14 million for a decryption key, and to prevent the public leaking of stolen data. Read more in my article on the Hot for Security blog.

The same username and password was shared with all employees... and the entire internet.

It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing the final scheduled release of Flash Player, Adobe has confirmed that it will no longer be supporting the software after December 31 2020, and will actively block Flash content from running inside Flash Player from January 12 2021. Read more in my article on the Tripwire State of Security blog.

Was hidden treasure found with help from a hack? What security lessons can be learnt from a controversial police raid in Florida? And are you ready for safer online get-togethers this Christmas? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! There has never been a better time than 2020 to be a cybercriminal. From extortion ransomware to cyberespionage campaigns, malicious hackers are capitalizing on uncertainty, causing chaos, and cashing in. The best … Continue reading "These free tools from Recorded Future can make you a security intelligence expert"

Watch out for a whole different type of shoulder-surfing, researchers uncover the CostaRicto hackers-for-hire gang, and we take a peek at who is behind Parler. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Cochran from the Hacker Valley Studio podcast.

In the early hours of Monday morning, Managed.com - a major provider of managed web hosting solutions - discovered it was the victim of a co-ordinated ransomware attack. Such is the severity of the attack that Managed.com has taken client websites offline out of "an abundance of caution" as a $500,000 ransom is demanded by the attackers.

Cryptocurrency exchange Liquid has revealed that it was hacked last week, after a malicious attacker managed to seize control of its DNS records, seized control of some internal email accounts, and gained access to the firm's document storage infrastructure. And, as a consequence, personal details of customers may now be in the hands of hackers.

WildWorks, the developer of Animal Jam, has confirmed that early last month a hacker broke into its systems and stole 46 million Animal Jam records. Read more in my article on the Hot for Security blog.

The video game company's investigation into precisely how much data might have been exfiltrated from its network has been hampered by its servers being encrypted by the targeted ransomware attack, and access logs being deleted by the hackers.

An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts. Read more in my article on the Tripwire State of Security blog.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! There has never been a better time to be a cybercriminal. From extortion ransomware to cyberespionage campaigns, malicious hackers are capitalizing on uncertainty in 2020, causing chaos, and cashing in. The best … Continue reading "Free tools from Recorded Future that can make you a security intelligence expert"

Microsoft says you would be better off using a smartphone authentication app or hardware security key to generate your one-time-password instead. Read more in my article on the Hot for Security blog.

At least one cybercrime gang appears to have found a new method to raise the pressure on those companies they are blackmailing. Read more in my article on the Hot for Security blog.

There's been a cybersecurity goof in the wake of the US presidential elections, the US fingers the hackers responsible for disrupting the Winter Olympics in South Korea, and we take a long hard look at long hard legal mumbojumbo... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jack Rhysider from Darknet Diaries.

Three men have been arrested in Nigeria, suspected of being members of an organised cybercrime gang that has targeted over 500,000 government agencies and private sector companies around the world. Read more in my article on the Tripwire State of Security blog.

Author and broadcaster Tim Harford joins us as we discuss the merits of robotic canine security guards, deepfakes, and the curious tale of an art forgery. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault. And don't miss our special featured interview with James Moore from CultureAI.

Security firm Sophos is contacting "a small subset" of its customers warning that their details have been exposed following a breach in security.

If you or your kids are fans of Minecraft then take care before installing apps that modify the immensely popular game. Security researchers say that they have discovered over 20 fake ‘modpack’ apps that are actually designed to bombard users with adverts in such an intrusive and aggressive fashion that using the phone becomes virtually impossible.