What's cyber security?

Computer security, cybersecurity or information technology security (IT security) is the security of computer systems in the theft of or damage to their own hardware, applications, or digital information, in addition to in the disruption or misdirection of their solutions they supply. The area is becoming more important because of greater reliance on computer technologies, the web and wireless system standards like Bluetooth and Wi-Fi, and as a result of development of "smart" devices, such as televisions, smartphones, and the numerous devices which constitute the"Internet of things". Due to its complexity, both regarding science and politics, cybersecurity can also be one of the significant challenges in the modern world.

What's cyber security?

Organizations face many threats to their data systems and information. Knowing all of the fundamental elements to cyber safety is the first step to fulfilling these threats.

Types of cyber security.

The reach of cyber protection is broad. The core regions are explained below, and some other fantastic cyber security plan must take all of them into consideration.

Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Critical infrastructure.
Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
Network security.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Cloud security.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Application security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Internet of things (IoT) security.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.

The makers of a popular iOS email app have warned their users that their accounts may have been compromised after a buggy software update made it possible to see strangers’ emails.

Read more in my article on the Hot for Security blog.

Recent weeks have seen a spate of scams and attacks associated with the Coronavirus pandemic, and there is little evidence of the end being in sight.

Newly-discovered zero-day vulnerabilities may make the biggest headlines, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.

This week, US-CERT has published its list of the “Top 10 Routinely Exploited Vulnerabilities”.

Read more in my article on the Tripwire State of Security blog.

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.

Sensitive documents about the UK’s Coronavirus-tracing app have reportedly been carelessly leaked via a publicly accessible Google Drive link.

If you were one of the many EasyJet customers who received an email from the airline disclosing that your personal information may have been accessed by hackers, you might be eligible for compensation.

Here’s one way you might try to do that.

You can have a strong, unique password, you can have multi-factor authentication in place, but good luck preventing a member of your social media team ‘going rogue’.

Meal kit and food delivery company Home Chef has confirmed that hackers breached its systems, making off with the personal information of customers.

But only after a hacking group put the stolen data up for sale…

Read more in my article on the Hot for Security blog.

Let’s take a closer look at the email EasyJet is sending to customers affected by its recent security breach.

Including a brief exploration of how EasyJet’s definition of “recent” might differ from yours or mine…

For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history.

Read more in my article on the Tripwire State of Security blog.

Hackers exploited vulnerabilities in one of Trend Micro’s anti-virus products last year to steal information from Japanese manufacturer Mitsubishi Electric.

Now, the Japanese Defense Ministry believes the state-sponsored hackers may have been after details of a prototype missile.

Apps that belch out sensitive military information, what could the world learn from South Korea’s digital response to the Coronavirus pandemic, and who has been deepfaking Bill Clinton, Jay-Z, and Donald Trump… and why?

All this and much much more is discussed in the latest episode by computer security veterans Graham Cluley and Carole Theriault, joined this week by Brian Klaas of the “Power Corrupts” podcast.

The personal details of nine million customers of budget airline EasyJet have been accessed by hackers in what the budget airline is describing as a “highly sophisticated attack.”

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential threats and vulnerabilities? You need Recorded Future Express, a new browser extension from the experts at […]

Norfund, the Norwegian state-owned investment fund for developing countries, has revealed that it has been swindled out of $10,000,000 intended for an institution in Cambodia.

Read more in my article on the Bitdefender Business Insight blog.

Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack.

Journalists spying on their rivals, the NHS rejects Apple and Google’s approach to Coronavirus-tracing, and universities are hit by an old-fashioned sexy lady attack.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Rik Ferguson.

Even if you can’t pay the ransom and don’t have a backup, don’t destroy your garbled data believing that you’ll never be able to recover it. Maybe one day someone will build a tool that can do a job, or a ransomware gang will have a change of heart.

A critical vulnerability has been patched in the Microsoft Teams work collaboration platform after security researchers discovered a way in which hackers could compromise accounts and steal data with a seemingly harmless .GIF image.

Read more in my article on the Bitdefender Business Insights blog.

The seventh annual European Cybersecurity Blogger Awards are now open to the public vote. Let them know what your favourite security blogs, podcasts, Twitter accounts etc are…

Here’s my explanation of why you shouldn’t vote for me in various categories.

When researchers investigate suspected malware on an IoT device they normally expect to find a cryptominer to earn a hacker digital cash or perhaps botnet code to launch DDoS attacks against websites.

But that wasn’t the case with the Cereals botnet.

Read more in my article on the Bitdefender BOX blog.

Imagine you’re the UK Government in the middle of the biggest crisis the country has faced since World War II.

How are you going to instill some confidence that citizens should install a new Coronavirus tracing app?

The National Cyber Security Centre (NCSC), which tasks itself with “helping to make the UK the safest place to live and do business online,” is making impressive inroads against scam websites.

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.

Read more in my article on the Tripwire State of Security blog.

What can X Æ A-12 Musk teach us about passwords? How did our guest finally hunt down in Manila the author of one of history’s biggest virus outbreaks? And what on earth is a hacker doing breaching Roblox security?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.

Kaiji, a new botnet campaign, created from scratch rather than resting on the shoulders of those that went before it, is infecting Linux-based servers and IoT devices with the intention of launching distributed denial-of-service (DDoS) attacks.

Read more in my article on the Bitdefender BOX blog.

French flooring company Tarkett has revealed that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result.

It was twenty years ago today, that the Love Bug hit computer systems worldwide.

Which means I know what I was doing exactly twenty years ago!

James Griffiths at CNN interviewed me about my memories of that historic day…

The UK’s National Cyber Security Centre (NCSC) has said that it will be changing the terminology it uses on its website, causing some to describe it as “political correctness gone mad.”

Here’s what I think…

Scary stuff as hackers exploit Salt vulnerability in attempt to mine cryptocurrency on breached blogging platform’s servers.

Security researchers say that they are seeing cybercriminals deploying Google’s reCAPTCHA anti-bot tool in an effort to avoid early detection of their malicious campaigns.

Read more in my article on the Hot for Security blog.

Security researchers are warning of a new mobile banking trojan that steals details from over 200 financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms.

Read more in my article on the Tripwire State of Security blog.

If you have been trying to find love on the Zoosk app I’ve got some bad news for you.

Hackers are offering for sale what they claim is the stolen account information of millions of online daters who have used the popular app.

A hacking group known as ShinyHunters is claiming to be responsible for the security breach, and is offering to sell stolen customer records for US $3,500 via an underground web marketplace.

Read more in my article on the Hot for Security blog.

Hackers have been using Google Ads to target unsuspecting cryptocurrency investors into installing malicious browser extensions, with the aim of stealing passphrases and private keys and draining funds from their wallets.

Read more in my article on the Hot for Security blog.

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support! LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – […]

World-chess-champion-turned-activist Garry Kasparov joins us as we discuss celebrity lookalikes, smartphone fleeceware, the impact Coronavirus is having on security, and how a popular new video game is being used for political ends.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

The Coronavirus pandemic has forced many people to work from home for the first time, and use video conferencing apps that they’re not familiar with.

Guest contributor Philip Le Riche takes a closer look at what you can do to better protect your Zoom meetings.

UK DIY, electricals, and houseware chain Robert Dyas has revealed that malicious code on Robert Dyas’s payment page was secretly skimming the credit card details of customers and sending them to hackers.

Cybercriminals have sent out emails attempting to trick remote workers into believing they need to join a Zoom meeting to discuss their future employment.

An innocent-looking message, containing characters in the Sindhi language, can cause your iPhone to crash without warning.

Read more in my article on the Hot for Security blog.

Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organisations around the world, demanding a cryptocurrency payment be made in return for the safe recovery of encrypted data.

But what makes Maze so dangerous is that it also steals the data it finds, and threatens to publish it if the ransom is not paid.

Read more in my article on the Tripwire State of Security blog.

Will deepfake disguises hit a video conference near you, can Coronavirus-tracing apps be trusted, and should Facebook shut down anti-quarantine events?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

The Welsh Assembly had a Zoom meeting today to discuss the government’s response to the Coronavirus pandemic.

It… err.. didn’t go entirely to plan. See what happened and how you can prevent it from happening to you.

Nintendo, like many other companies, offers two-step verification (2SV) to help users protect their online accounts from hackers.

Here’s what you need to know.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Access real-time security intelligence from any web-based SIEM, vulnerability solution, or webpage. Stop opening multiple browser tabs and pivoting between them to collect all of your data manually. Recorded Future Express does […]

The Maze group’s attacks see corporate victims not only infected with file-encrypting ransomware, but also threatened with the publication of stolen data if extortion demands are not met.

Read more in my article on the Hot for Security blog.

The Google Play Store has announced new policies that aim to kick out “free trial” Android apps that you use underhand techniques to trick unsuspecting users into signing-up for expensive subscriptions.

Imagine marooning your worst enemy on a desert island, along with the four most terrible records ever made.

That’s the premise of a brand new podcast, hosted by technology journalist Geoff White.

And I’m his first guest! Not on the island, you understand. But I get to choose who I send to the island, and what tunes I torture them with.

Yeah, this isn’t security-related – but I figure we all could do with a break right now.