What's cyber security?

Computer security, cybersecurity or information technology security (IT security) is the security of computer systems in the theft of or damage to their own hardware, applications, or digital information, in addition to in the disruption or misdirection of their solutions they supply. The area is becoming more important because of greater reliance on computer technologies, the web and wireless system standards like Bluetooth and Wi-Fi, and as a result of development of "smart" devices, such as televisions, smartphones, and the numerous devices which constitute the"Internet of things". Due to its complexity, both regarding science and politics, cybersecurity can also be one of the significant challenges in the modern world.

What's cyber security?

Organizations face many threats to their data systems and information. Knowing all of the fundamental elements to cyber safety is the first step to fulfilling these threats.

Types of cyber security.

The reach of cyber protection is broad. The core regions are explained below, and some other fantastic cyber security plan must take all of them into consideration.

Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Critical infrastructure.
Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
Network security.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Cloud security.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Application security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Internet of things (IoT) security.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.

You may have missed it amongst the many news reports of the denial-of-service attacks troubling Labour, but that wasn’t the only reason the UK political party made the cybersecurity headlines this week.

With a drama-filled general election campaign underway in the United Kingdom, the Labour Party says that its systems suffered a “sophisticated and large-scale cyber-attack.”

Check out the talk I gave in Dublin about whether we should really consider cybercriminals to all be evil geniuses…

Hundreds of millions of Twitter users now have an improved way to better safeguard their accounts from being compromised.

A bank has some of the worst password advice ever, travellers are told to be wary when USB charging their smartphones and laptops, and a gamer has his YouTube account hacked.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Geoff White.

Security researchers have uncovered a vulnerability in Android smartphones that could allow an attacker to secretly take photos and record videos without any permissions being granted.

Read more in my article on the Hot for Security blog.

The Conservative Party press office posed as an independent fact-checking service on Twitter, abusing its verified status in an attempt to fool British voters.

I find it hard to see it any other way…

British businessman Arron Banks, one of the self-styled “Bad Boys of Brexit” and a leading figure of the Leave.EU campaign, has had his Twitter account hacked.

A 21-year-old man who made half a million dollars running DDoS-for-hire services has been sentenced to prison for 13 months.

Read more in my article on the Hot for Security blog.

Ransomware hit Louisiana’s state government hard yesterday, shutting down multiple websites and email systems after it fell victim for the second time in just a few months to a ransomware attack.

Read more in my article on the Tripwire State of Security blog.

I’m off to Dublin this week to join the galaxy of security superstars speaking at IRISSCON 2019. Find out more about the conference and see you there!

Yet another company has been found woefully lacking when it comes to securing consumers’ data.

Read more in my article on the Tripwire State of Security blog.

The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”

But is this something worth losing any sleep over?

The UK’s Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple’s credit card is accused of being sexist, and what is Google up to with Project Nightingale?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.

Read more in my article on the Tripwire State of Security blog.

For a long time it has been regarded as one of the security industry’s urban myths, but now law enforcement agencies have confirmed that they are investigating whether thieves have been identifying which cars might be carrying high tech gadgets through the use of Bluetooth scanners.

Read more in my article on the Bitdefender BOX blog.

Hackers have once again successfully compromised the website of Chinese phone manufacturer OnePlus, opening up opportunities for online criminals to target the company’s customers.

Read more in my article on the Hot for Security blog.

Imagine you’re in an abusive relationship, and things have turned violent.

You leave him, block his Facebook account, and update the name on your profile to hide your identity.

Would you expect your ex-partner to be able to see what your new name is?

Listen up if you’re still using an iPhone 5 – you need to update to iOS 10.3.4 before Sunday November 3, or you may find your smartphone loses access to the internet.

Read more in my article on the Hot for Security blog.

I’m delighted to announce that I will be moderating NISC 2019 in Cheshire next week. It’s a great conference with some terrific cybersecurity speakers. Find out more about how you can participate too.

Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves.

But that may be about to change…

Read more in my article on the Tripwire State of Security blog.

It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of stemming the threat.

Unfortunately, it seems that’s not the case – at least not for users of the Mac version of Microsoft Office.

Read more in my article on the Hot for Security blog.

The cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.

Nikkei, one of the largest media companies in Japan, with an empire spanning broadcasting, digital media, magazines, and newspapers such as the Financial Times, says that its US subsidiary, Nikkei America, has been scammed out of $29 million.

Read more in my article on the Hot for Security blog.

The BlueKeep vulnerability, discovered by the UK’s NCSC, is being exploited at scale in an attempt to install a cryptocurrency miner on unpatched Windows PCs.

I was honoured to be invited as a guest onto the inaugural episode of the “ITPro podcast” hosted by reviews and community editor Adam Shepherd and features editor Jane McCallion.

Give it a listen.

Two hackers face up to five years in prison after pleading guilty to their involvement in a scheme which saw them attempt to extort money from Uber and LinkedIn in exchange for the deletion of stolen data.

Read more in my article on the Tripwire State of Security blog.

The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer.

Read more in my article on the Hot for Security blog.

What’s the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.

Medical data is being broadcast unencrypted by hospitals across the UK, as ambulances are directed to respond to 999 emergency calls.

A website that promises to jailbreak your iPhone using the Checkm8 exploit actually installs apps with the intention of generating click-fraud revenue.

An alleged hacker has appeared in a US federal court to answer charges related to the theft of at least $1.4 million in cryptocurrency from the EtherDelta cryptocurrency exchange platform in December 2017.

Read more in my article on the Hot for Security blog.

An obsessed fan assaulted J-Pop star Ena Matsuoka after determining where she lived by zooming in on selfies she had posted on social media, and examining the reflection in her eyes.

We take a trip to Staten Island, New York, to hear how a case of cyberstalking resulted in the arrest of 20 alleged mobsters, learn about the nude photo-loving insider threat at Yahoo, and discover how fraudsters might be boosting Match.com’s profits.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by Graham Cluley and Carole Theriault, joined this week by Ran Levi of “Malicious Life.”

A victim of the Muhstik ransomware paid his attackers money to recover his files, but then wrought his revenge by hacking them right back.

Read more in my article on the Tripwire State of Security blog.

Multi-factor authentication is one of the simplest steps you can take to harden your security. It would be an enormous mistake to think it is worthless just because it’s not a perfect solution.

Read more in my article on the Bitdefender Business Insights blog.

Footwear retailer Toms has had its email newsletter compromised by someone who calls himself “a nice man”.

And he has strong opinions on the behaviour of other hackers…

A flaw in WhatsApp could have allowed hackers to snoop upon your chat history just by tricking you into opening a boobytrapped GIF image.

If you’re going to run WhatsApp, make sure that it’s properly updated.

A former Yahoo software engineer has admitted hacking into thousands of Yahoo users’ accounts in a search for naked images and videos of young women.

Read more in my article on the Hot for Security blog.

Significant amounts of sensitive data about employees of the US government military personnel data could now be in the public domain following its exposure in a data leak.

Read more in my article on the Hot for Security blog.

A Texas man has been sentenced to over 12 years in prison after being found guilty of hacking into the computer system of the Los Angeles Superior Court, and then using it to send two million phishing emails.

Read more in my article on the Tripwire State of Security blog.

Remember how the City of Baltimore was badly hit by ransomware earlier this year? Turns out that wasn’t the end of their problems. Also, Carole takes a look at how smart speakers can be hacked to trick you into giving criminals your passwords or even credit card details. And we discuss the findings of the LastPass global password security report.

All this, and much much more, in the latest “Smashing Security” podcast.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published “The Threat Intelligence Handbook.” It’s aimed at helping security professionals realize the advantages of threat […]

In recent months serious questions have been raised about whether victims of cybercrime are getting the support they deserve from the UK’s national fraud reporting centre.

Researchers have shown just how easy it is for third-parties to exploit the so-called “smart” speakers that many home owners have purchased to eavesdrop on conversations and even steal passwords and credit card details.

Read more in my article on the Bitdefender BOX blog.

Czech anti-virus firm Avast has been targeted for a second time by hackers seemingly attempting to plant malware inside a malicious CCleaner update.

Plenty of headlines are warning about anyone’s fingerprint being able to unlock a Samsung Galaxy S10, but I’m not sure it’s quite as simple as that…

Footballers’ wives go to war over Instagram leaks, it turns out fake news is fine on Facebook (just so long as it’s in a political ad), and things take a horrific turn in Japan, as a stalker uses a scary technique to find out where his pop idol lives.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dave Bittner.

Global shipping and mailing service Pitney Bowes has fallen foul of a ransomware attack that has encrypted data on its computer systems and disrupted customer access to its online services.

Read more in my article on the Hot for Security blog.

A Japanese hotel chain has had to update its in-room robots, after a security researcher discovered they could be easily hacked to allow anyone access to their camera and microphone.