What's cyber security?

Computer security, cybersecurity or information technology security (IT security) is the security of computer systems in the theft of or damage to their own hardware, applications, or digital information, in addition to in the disruption or misdirection of their solutions they supply. The area is becoming more important because of greater reliance on computer technologies, the web and wireless system standards like Bluetooth and Wi-Fi, and as a result of development of "smart" devices, such as televisions, smartphones, and the numerous devices which constitute the"Internet of things". Due to its complexity, both regarding science and politics, cybersecurity can also be one of the significant challenges in the modern world.

What's cyber security?

Organizations face many threats to their data systems and information. Knowing all of the fundamental elements to cyber safety is the first step to fulfilling these threats.

Types of cyber security.

The reach of cyber protection is broad. The core regions are explained below, and some other fantastic cyber security plan must take all of them into consideration.

Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Critical infrastructure.
Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
Network security.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Cloud security.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Application security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Internet of things (IoT) security.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.

Friends don’t share virus hoaxes with their friends. They spend five minutes checking their facts before sharing poppycock on social media.

A massive database, containing more than five billion records derived from past security breaches between 2012 and 2019, has been left unprotected, without any password protection on the internet.

And who left it exposed? A security firm.

A couple of years ago it felt like you couldn’t turn your head in any direction without seeing another headline about cryptomining and – its more evil sibling – cryptojacking.

So, what happened?

Read more in my article on the Tripwire State of Security blog.

It’s a self-isolated Coronavirus special as we discuss with our quarantined special guest how COVID-19 is making itself felt in the world of cybersecurity, and we offer tips on how to better protect yourself if you’re unexpectedly working from home.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault, joined this week by Malicious Life’s Ran Levi from his attic.

In the last few days it has come to light that blender manufacturer NutriBullet and guitar tuition website Truefire fell foul of hackers who planted Magecart-style malicious code on their sites which went undetected for months, stealing the credit card details and personal information from users.

Read more in my article on the Bitdefender Business Insights blog.

Can you believe it’s very nearly exactly 20 years since the Love Bug virus spread around the world, infecting millions of computers? No, I can’t either…

A few weeks ago it was my pleasure to be interviewed by the BBC’s Gabriela Jones for a World Service “Witness History” documentary all about the Love Bug virus (aka ILOVEYOU or LoveLetter), and now you can listen to it too!

A division of GCHQ (Britain’s equivalent to the NSA) has warned the public to be on their guard against cybercriminals exploiting the Coronavirus outbreak.

Read more in my article on the Hot for Security blog.

A malicious Android app that pretends to warn users about those nearby infected with the COVID-19 Coronavirus actually locks devices, and demands a $100 payment in Bitcoin.

As millions of people across Europe choose to work remotely rather than head into the office in the wake of the Coronavirus pandemic, a widely-used communication and collaboration tool has gone down.

Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users.

Read more in my article on the Tripwire State of Security blog.

How one guy’s exercise routine made him a burglary suspect, how multi-factor authentication can cause headaches as well as stop hacks, and how Virgin Media got itself in a pickle over its sloppy data security.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider.

Read more in my article on the Tripwire State of Security blog.

Blackmailers are threatening to infect your family with Coronavirus, trolls are making Zoom an unsafe place for those of a sensitive disposition, and what is the mysterious Dr Negrin audio message spreading on WhatsApp?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.

The public is being warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic.

Read more in my article on the Hot for Security blog.

Unpatched IoT gadgets, smartphones, tablets, laptops, Wi-Fi access points and routers with Broadcom chips are all at risk from the KrØØk vulnerability.

Read more in my article on the Bitdefender BOX blog.

The Israeli health ministry released a smartphone app which takes location data from users’ phones in an attempt to determine if they might have been exposed to the COVID-19 Coronavirus.

Should you be worried about your privacy? Perhaps not.

Vulnerability-reporting platform HackerOne has come clean about a critical security flaw on its own website that could have been used to expose the email addresses of users.

Scammers from Africa are preying on US businesses, a drug dealer makes a mistake when hiding his Bitcoin fortune, and the Coronavirus pandemic is causing scams to soar and raising questions about facial recognition.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault, joined this week by Naked Security’s Anna Brading.

Well done on training your staff not to wire money into the accounts of criminal fraudsters. Unfortunately they’re sending the money by check instead.

Read more in my article on the Bitdefender Business Insights blog.

Nearly 200,000 customers in the United States, who thought they were paying Comcast Xfinity to keep their information safely out of the public eye, have had their details exposed on the company’s online directory… putting their safety and privacy at risk.

Security researchers have found malicious code hiding behind a website that claimed to show an up-to-date global heatmap of Coronavirus reports.

One of the UK’s largest internet providers has admitted that it left a database containing the unencrypted details of more than 900,000 UK residents – including existing and potential customers – freely accessible to anybody on the internet, with no password required.

Exposed data included records which could have linked users to pornographic websites.

More than one billion Android devices are at risk of being hacked or infected by malware, because they are no longer supported by security updates and built-in protection.

That’s the conclusion of an investigation which found that at-risk smartphones are still being sold, despite the range of malware and other threats to which they are vulnerable.

Read more in my article on the Hot for Security blog.

Hot on the heels of Tesco warning that hackers had attempted to access the accounts of Clubcard users, another UK high street retailer has warned that it has similarly been attacked.

Fraudsters steal millions from those hoping to jump on the Bitcoin bandwagon, Twitter verifies a fake US politician, and it’s another face palm for facial recognition.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

An indepth investigation by online vigilantes has exposed the activities of an Indian tech support scam centre.

Extraordinarily, fraudsters had the tables turned on them as YouTuber Jim Browning was able to hack into the call centre and access recordings of scam phone calls and even watch live CCTV footage exposing the criminals at work.

The UK’s Information Commissioner’s Office (ICO) has fined Cathay Pacific for “a number of basic security inadequacies” which resulted in hackers stealing the data of 9.4 million people worldwide – including 111,578 from the UK.

Read more in my article on the Hot for Security blog.

Over 600,000 Tesco Clubcard owners are being sent new cards after the supermarket giant determined hackers had attempted to access accounts.

In an email sent to affected Clubcard users, Tesco said it had spotted fraudulent activity related to some customers’ Clubcard vouchers.

Who doesn’t love the idea of receiving an email with a subject line like “I love you”?

Read more in my article on the Tripwire State of Security blog.

Barbara Corcoran, one of the business moguls who head up the judging team on US TV’s “Shark Tank” investment show, has lost nearly $400,000 to an email scammer.

Read more in my article on the Hot for Security blog.

Don’t forget, if you’re a scammer you shouldn’t hesitate to reach out to me on Twitter at @gcluley with your business or marriage proposal.

Security researchers raised the alarm after discovering that hundreds of millions of Whisper users’ intimate messages, tied to their locations, had been left publicly available since the app’s launch in 2012.

Read more in my article on the Hot for Security blog.

If there’s one clear message you can take away from the latest real-world test of Android security products, it’s that relying upon Google to protect your smartphone isn’t really good enough.

Samsung has apologised after it accidentally sent a bizarre notification to smartphone owners’ devices.

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support! LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The report helps you explore changes in password security practices worldwide, and see where businesses are still putting themselves […]

It’s not the first time Israeli soldiers have been targeted with Hamas honeytraps to infect their smartphones with spyware.

The International Olympic Committee and FC Barcelona are the latest victims of a spree of Twitter account hijacks orchestrated by the notorious OurMine gang.

Read more in my article on the Hot for Security blog.

As if Puerto Rico wasn’t having a hard enough time as it attempts to recover from recession, the damage caused by devastating hurricanes in recent years, and a damaging earthquake last month, it now finds itself being exploited by cybercriminals.

Read more in my article on the Tripwire State of Security blog.

Some US users of the Tutanota have been unable to access the secure email service while out and about on their smartphones since the end of January.

The common demoninator? They all use AT&T for their internet access.

Wi-Fi hopping malware, the return of Ashley Madison extortion scams, and should social media be doing anything about cheapfakes?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

If a Google Nest account is compromised by a malicious hacker that’s not bad news for the legitimate owner of the account, it’s also bad news for Google.

So that’s why they’re trying to do something about it…

Read more in my article on the Bitdefender Box blog.

It’s one of the largest Patch Tuesday updates ever issued by Microsoft, and includes fixes for 12 security vulnerabilities that have been given the highest severity rating of “critical.”

The clock is ticking. IT teams should waste no time in readying themselves for a roll-out across the Windows computers for which they’re responsible.

Google is warning users that ToTok is unsafe. ToTok says that users shouldn’t trust Google’s warning…

How to stop dick pics on Twitter, and a new way bad guys are extorting money from websites earning cash from Google ads.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Over 10 million people who have stayed at MGM Resorts hotels – including Twitter boss Jack Dorsey and pop idol Justin Bieber – have had their personal details posted online by hackers.

Read more in my article on the Tripwire State of Security blog.

If you want to find out how different consumer anti-virus products performed in the tests, and whether yours won the prestigious Product of the Year Award – only given to solutions which demonstrate excellence in all categories – check out the report right now.

Facebook’s official Twitter account started posting message from the OurMine hacking gang just before midnight UK time on Friday.

Maastricht University has admitted paying a 30 bitcoin ransom to hackers who compromised its network in the immediate run-up to Christmas 2019, and infected it with the Clop ransomware.

Apple has been hit with a 25 million Euro fine (US $27.5 million) after it added battery management features to iOS that slowed down the performance of older iPhones.

Hackers could exploit a flaw on unpatched Android 8.0 and 9.0 phones to run malicious code such as a worm, with no user interaction required.