What's cyber security?

Computer security, cybersecurity or information technology security (IT security) is the security of computer systems in the theft of or damage to their own hardware, applications, or digital information, in addition to in the disruption or misdirection of their solutions they supply. The area is becoming more important because of greater reliance on computer technologies, the web and wireless system standards like Bluetooth and Wi-Fi, and as a result of development of "smart" devices, such as televisions, smartphones, and the numerous devices which constitute the"Internet of things". Due to its complexity, both regarding science and politics, cybersecurity can also be one of the significant challenges in the modern world.

What's cyber security?

Organizations face many threats to their data systems and information. Knowing all of the fundamental elements to cyber safety is the first step to fulfilling these threats.

Types of cyber security.

The reach of cyber protection is broad. The core regions are explained below, and some other fantastic cyber security plan must take all of them into consideration.

Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Critical infrastructure.
Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
Network security.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Cloud security.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Application security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Internet of things (IoT) security.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.

Over 2000 accounts on the Roblox gaming platform have been hacked…

…not to make money or steal information, but to support Donald Trump’s re-election as US President.

Accounts on the popular online gaming platform keep getting hacked. So, how can you better protect your Roblox account?

Beware if you’re paying your bills for local government services – the payment information you type into that web form may be heading straight to cybercriminals.

Hackers are once again finding unsecured MongoDB databases, wiping their contents, and leaving ransom demands.

So far, so normal. But what’s different this time is that they’re also threatening to report their victims for violating GDPR.

Read more in my article on the Tripwire State of Security blog.

Who’s been dressing Robox players up in red baseball caps? Which ransomware victim’s negotations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels…

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.

An anonymous tip-off to BBC News enabled them to watch in real-time as an American medical university attempted to negotiate with the hackers who had infected its systems with ransomware.

A smartphone app, disguised as a regular app delivering the top world, sports, and entertainment news, containing a secret feature that allows victims of domestic abuse to send a covert distress call for help at the touch of a button.

What could possibly go wrong?

Read more in my article on the Hot for Security blog.

Google has announced that from August 2020 it will be prohibiting ads for stalkerware products and services.

But a loophole means that the companies behind creepy stalkerware apps will still be able to advertise themselves.

Things just got serious.

Business Email Compromise is no longer solely the province of chancers. Organised criminal gangs with a high level of professionalism have seen the opportunity and seized it.

Read more in my article on the Tripwire State of Security blog.

A high-rolling Hushpuppi gets extradited to the United States, Carole details her problems with clipboards and Disposophobia, and our guest becomes the subject of fake news during the Senegalese election.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast with Graham Cluley and Carole Theriault, joined this week by investigative journalist Michelle Madsen.

A former employee of Yahoo has been sentenced and ordered to pay a fine after exploiting his privileged access to hack into the personal accounts of thousands of Yahoo users, in his hunt for naked photographs and videos of young women.

Read more in my article on the Hot for Security blog.

Early last month Ron Eddings and Chris Cochran were kind enough to invite me back on their podcast, “Hacker Valley Studio” – and now the episode has been published!

Take a listen.

A hacked Russian government Twitter account offers to sell a tourist database for 66 bitcoins (approximately US $499,000).

58-year-old Danielle Bulley may not look like your typical cybercriminal, but the act of revenge she committed against a company had just as much impact as a conventional hacker breaking into a business’s servers and causing havoc.

Read more in my article on the Hot for Security blog.

18-year-old Blaze Angel Roberts is a talented surfer with 40,000 Instagram followers.

Unfortunately, her popularity also seems to have drawn the unwanted attention of hackers, who successfully tricked her into clicking on a phishing link, and handing over the password to her email account.

Fraudsters stole more than $3.2 million from the banking division of South Africa’s post office, after – in a catastrophic breach of security – employees printed out the bank’s master key.

Read more in my article on the Tripwire State of Security blog.

A TV gameshow with cash prizes if you’re obeying Coronavirus lockdown rules, ex-Ebay staff charged in crazy cyberstalking case, and when the wrong cyclist was accused by the internet bearing pitchforks.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Apple Mac users are warned of a new in-the-wild malware threat which masquerades as an installer for Adobe Flash Player.

A former MP warns that she received a message intended for someone else, with the results of their Coronavirus test.

On March 20th, the Claire’s accessories retail chain beloved by young girls around the world made the sensible decision to close all of its physical stores in response to the Coronavirus Covid-19 pandemic.

A nuisance for shoppers, certainly. But also an opportunity if you were a malicious hacker.

Read more in my article on the Bitdefender Business Insights blog.

Lisa Forte interviews me about how someone once turned me into a computer virus, some of the ethical issues that come out of blogging about security, and what you say when hackers contact you asking for help in blackmailing their victims.

The City of Florence in northern Alabama has agreed to pay a ransom of US $300,000 worth of Bitcoin to hackers who compromised its computer systems and deployed ransomware.

And they’re not the only US city finding themselves dealing with the aftermath of a ransomware outbreak this week…

Read more in my article on the Hot for Security blog.

The Guardian offers relationship advice over an unwise password choice, but fails to give any good password advice.

Even after being charged, Kenneth Schuchman continued to create and operate a DDoS botnet, and communicate with his co-conspirators.

Read more in my article on the Hot for Security blog.

Do you think you have found a vulnerability in the Sony PlayStation 4 or the PlayStation Network?

You could be heading towards a sizeable sum of money, after Sony announced details of its new bug bounty program. Just be sure to play by the rules…

Read more in my article on the Tripwire State of Security blog.

Gavin Ashton was an IT security guy working at Maersk at the time of it was hit hard by the NotPetya ransomware. Now he’s written an article about his experiences, and shares advice for others.

A conspiracy spreads on social media about Coronavirus tracing apps, US police find decades’ worth of sensitive data leaked online, and is there a Bitcoin bonanza to be had from watching Elon Musk YouTube videos?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by Graham Cluley and Carole Theriault, joined this week by the BBC’s Zoe Kleinman.

The activist group Distributed Denial of Secrets, perhaps better known by their shorter but clumsy moniker DDoSecrets, has been permanently banned from Twitter.

Read more in my article on the Hot for Security blog.

HEY, a new service which aims to revolutionise users’ inboxes, admits it made a mistake which could have made it too easy for private messages to be exposed.

In just ten days, the UK Government says English pubs, restaurants, and cafes can open again for business.

However, they are told that they should collect contact information about every customer and visitor to their premises. But what they’re not told is how they should do this in a way that protects people’s security and privacy.

More than one million players of the video game Stalker Online have been put at risk after hackers offered them for sale on the darknet.

Some members of the UK public will soon start receiving text messages and emails claiming to come from the NHS Test and Trace Service, as part of the country’s fight against the Coronavirus pandemic.

The problem is that many of them won’t know if the communication is genuine, or from a scammer.

And the UK Government’s advice isn’t helping.

As YouTubers warn the public not to buy smartphones from Escobar Inc, the notorious drug lord’s brother orchestrates a publicity stunt.

Read more in my article on the Hot for Security blog.

Hacker VandaTheGod didn’t realise he was leaving clues scattered across Facebook and Twitter that helped security researchers uncover his true identity.

Malware experts at Microsoft have warned businesses to be on their guard against hackers plotting to plant the PonyFinal ransomware on compromised IT systems.

Read more in my article on the Hot for Security blog.

The NetWalker gang are infecting corporations’ computer systems, encrypting and stealing data, and holding it to ransom.

And they’re looking for criminals to join their affiliate scheme.

Read more in my article on the Tripwire State of Security blog.

On this special splinter episode of the podcast, we’re joined by actor and comedian Clare Blackwood in the hope of convincing her that cybersecurity is no laughing matter.

Hear what happens in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

On underground criminal marketplaces the email addresses and plaintext passwords of over 26 million LiveJournal blogging accounts are being traded, despite LiveJournal’s owners refusing to acknowledge that any security breach has occurred.

Read my article on the Hot for Security blog.

Babylon Health, makers of a smartphone app that allows Brits to have consultations with NHS doctors, has admitted that a “software error” resulted in some users being able to access other patients’ private video chats with GPs.

Read more in my article on the Tripwire State of Security blog.

Graham finds himself in hot water with a security firm after a data breach, Carole discusses credit card fraud, and we have a pleasant surprise for Thom Langford, who appears to have mostly agreed to be a guest to promote his own podcast.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Thom Langford.

Video gaming firm Nintendo has warned customers to not reuse passwords on different services after releasing an increased tally of compromised accounts since April.

UK security company Keepnet Labs has finally publicly confirmed that a database it had collated containing more than five billion records from past data breaches was “briefly exposed” on the internet.

Are you itching for an internet fridge? Hankering for a smart washing machine? Thirsting for an IoT-enabled thermostat?

Well, think twice before you make a potentially costly mistake when deciding what appliance you will be next be purchasing for your home.

Read more in my article on the Bitdefender BOX blog.

Two men who ran a service making it easy for anybody to launch distributed denial-of-service attacks, capable of knocking websites offline, have been given a six month community service sentence by an Israeli court.

The Naked Security blog is part of my history.

Now, as Sophos makes cut-backs, it might be history for all of us.

A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies, including Electrolux, out of hundreds of thousands of dollars.

Read more in my article on the Tripwire State of Security blog.

Police are hoping to stop kids becoming cybercriminals by bombarding them with Google Ads, phishers rub their hands in glee at the NHS track and trace service, and just how does a nano-layer of quantum holographic catalyzer technology make a USB stick cost hundreds of pounds?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast.

Japanese cryptocurrency exchange Coincheck has announced that earlier this week hackers managed to access some emails sent to the firm by its customers, after its domain name registrar account was compromised.

Read more in my article on the Hot for Security blog.

I’m concerned that fraudsters will disguise themselves as the NHS Test and Trace Service, and trick people into giving over sensitive personal information – and maybe even some money.

Maybe something could be learnt from the banks?

The makers of a popular iOS email app have warned their users that their accounts may have been compromised after a buggy software update made it possible to see strangers’ emails.

Read more in my article on the Hot for Security blog.