What's cyber security?

Computer security, cybersecurity or information technology security (IT security) is the security of computer systems in the theft of or damage to their own hardware, applications, or digital information, in addition to in the disruption or misdirection of their solutions they supply. The area is becoming more important because of greater reliance on computer technologies, the web and wireless system standards like Bluetooth and Wi-Fi, and as a result of development of "smart" devices, such as televisions, smartphones, and the numerous devices which constitute the"Internet of things". Due to its complexity, both regarding science and politics, cybersecurity can also be one of the significant challenges in the modern world.

What's cyber security?

Organizations face many threats to their data systems and information. Knowing all of the fundamental elements to cyber safety is the first step to fulfilling these threats.

Types of cyber security.

The reach of cyber protection is broad. The core regions are explained below, and some other fantastic cyber security plan must take all of them into consideration.

Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Critical infrastructure.
Critical infrastructure includes the cyber-physical systems which society is based on, for example, electricity grid, water purification, traffic lighting and hospitals. Plugging a power plant to the world wide web, as an instance, makes it vulnerable to cyber attacks. The solution for associations accountable for critical infrastructure would be to carry out due diligence to safeguard recognize the vulnerabilities and protect from them. Everyone else must evaluate the way an attack on critical infrastructure that they rely on could impact them and develop a contingency plan.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
Network security.
Network security guards against malicious intrusion in addition to malicious insiders. Ensuring network security frequently requires trade-offs. By way of instance, access controls like additional logins may be required, but slow down productivity. Tools used to track network safety create a great deal of information -- so much that legitimate alarms are often overlooked. To help better handle network security monitoring, safety teams are using machine learning how to flag abnormal traffic and alert to risks in real time.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Cloud security.
The business's move to the cloud generates new safety challenges. By way of instance, 2017 has seen nearly weekly information breaches from badly configured cloud cases. Cloud suppliers are creating new safety tools to help business users secure their information, however, the bottom line remains: Moving into the cloud isn't a panacea for performing due diligence in regards to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Application security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing. Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
Internet of things (IoT) security.
IoT describes a huge array of crucial and non-critical cyber physiological systems, such as appliances, sensors, printers and safety cameras. IoT devices often ship in an insecure condition and give little to no security, posing risks to not just their customers, but also to other people online, since these devices frequently find themselves part of a botnet. This presents special security challenges for the home users and society.
A Bitcoin bungle causes one user to lose millions, hackers attempt to bribe a Tesla employee into infecting the company's network, and are we ready for a sky full of drones? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

Hackers are exploiting a critical vulnerability that may be affecting hundreds of thousands of websites running WordPress. The vulnerability lies in versions of the popular third-party plugin WordPress File Manager, which has been installed on over 700,000 websites. Read more in my article on the Hot for Security blog.

Whoops! Apple accidentally approved malware posing as an update for Adobe Flash Player, allowing it to run unhindered on macOS.

Running a security blog means that I’m always interested in receiving tips about data breaches, vulnerabilities, malware attacks, and the like. But I do explain that I’m not available to help troubleshoot PC problems or provide technical support – there simply aren’t enough hours in the day, and it doesn’t put any crumbs on the dining room table. This morning, however, I received a very polite message from a reader of the blog.

UK water service supplier Southern Water made it all too easy for unauthorised parties to view customers' billing documents and account details.

Whatever happened to Crackas with Attitude, perfidious Albion College's approach to locking down Coronavirus, and the Bridgefy mesh messaging app falls down when it comes to security. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

The state-sponsored BeagleBoyz hacking group is targeting banks in over 30 countries, possibly to fund North Korea's nuclear weapons ambitions.

European cryptocurrency exchange platform Eterbase has announced that it has suffered a security breach which saw hackers access its network and steal funds worth US $5.4 million. Read more in my article on the Tripwire State of Security blog.

The Gadget Show's Jon Bentley joins us to discuss the mystery of a Facebook friend you never requested, software updates for the Mercedes S-Class, and risks in the online classroom. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast hosted by computer security veterans Graham Cluley and Carole Theriault.

A reader got in touch with me regarding a suspicious email they had received claiming to come from Facebook. What I expected to be a simple phishing email turned out to be something much more curious...

Graham Cluley Security News is sponsored this week by the folks at Immersive Labs. Thanks to the great team there for their support! Attacks and breaches are a fact of life. They happen. What’s most important is how well your organisation responds. And technology isn’t enough. Your staff must be ready too. Immersive Labs delivers … Continue reading "Free ebook: Aligning cyber skills with the MITRE ATT&CK framework"

India’s leading online shopping app has sent a legal notice to a US security firm demanding that they stop spreading "false" claims that it has been hacked...

Newcastle University, in the North East of England, has confirmed that it has suffered a cyber attack after several days of disruption to its IT services. And, the university warns, it will “take several weeks” to get systems up and running again

Someone working for the BBC appears to have made a disastrous blunder while trying to remain anonymous on the internet...

Security researchers at Slovak security firm ESET have discovered a new family of malware that they say has been using a variety of techniques to steal cryptocurrency from unsuspecting users since at least December 2018. Read more in my article on the Tripwire State of Security blog.

The hackers used the platform to deny that they had hacked Paytm Mall, India's leading online shopping app. Read more in my article on the Hot for Security blog.

According to Dutch magazine, three ethical hackers were able to determine Donald Trump's Twitter password while he was running his US Presidential campaign. A password that had been exposed years before following the notorious LinkedIn hack.

We’ve said it once, we’ve said it twice, we’ve said it one hundred times. Hardening the security of your accounts with two-factor authentication (2FA) can dramatically reduce their chances of being hacked. Read more in my article on the Hot for Security website.

The famous World War II code-cracking site of Bletchley Park announces a data breach, following a ransomware attack at Blackbaud.

During a broadcast interview conducted via a Zoom video chat, the cameraman no doubt imagined they were getting a terrific angle pointing over the reporter's shoulder. However, what ended up on screen could have put security at risk...

If you're going to lean a flipchart against a window, you had better make sure you haven't scrawled any passwords on it first...

Can a video game help your company's staff choose stronger passwords? Why might satellite-based internet communications be bad for security? And what are the alternatives to TikTok? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.

I was delighted to be invited onto Chris Parker's "Easy Prey" podcast to discuss scams, the recent Twitter hack, and much else besides.

A scam involving restaurant bookings at The Ritz is suitably sophisticated, the second wave of UK coronavirus testing apps, and we take a look at one of the biggest studies ever into the scourge of robocalls. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Rory Cellan-Jones.

Similar "voice phishing" techniques have been used against banks, web hosts, and cryptocurrency exchanges, in recent weeks.

Garmin’s online services are beginning to come back to life after it was hit badly by ransomware last week.

But did it pay a ransom to its attackers or not?

As Twitter and law enforcement agencies investigate the high profile attack against Twitter accounts, there is a clear lesson for other businesses to learn.

Read more in my article on the Bitdefender Business Insights blog.

The good news is that if scammers are having to use techniques like this to get in front of potential victims, anti-spam defences and user awareness about email scams must be better than ever.

The bad news is that if such letters continue to be sent, someone somewhere obviously thinks scams like this can still make them a tidy profit.

Uh-oh… someone didn’t lock their Zoom meeting down properly. That’s probably particularly important when the person charged is an alleged hacker.

Special guest Geoff White can’t resist using the podcast to promote his new book, “Crime Dot Com”, but other than that we also discuss the creepy (and apparently legal) way websites can find out your email and postal address even if you don’t give it to them, take a look at how the alleged Twitter hackers were identified, and learn about Fawkes – the technology fighting back at facial recognition.

What’s a phone spear phishing attack? Twitter shares some more details related to its serious security breach earlier this month which saw celebrity accounts tweeting a cryptocurrency scam.

Zoom has patched a security hole that could have allowed attackers to break their way into password-protected private calls.

Read more in my article on the Hot for Security blog.

Why are students faking their own kidnappings? What’s the story behind Garmin’s ransomware attack? And a genetic genealogy website suffers a hack or two.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray REDACTED.

A critical vulnerability in a third-party comments plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely.

If you’re using the wpDIscuz commenting plugin, make sure you’ve kept it up to date – or your website might be hijacked… or wiped.

Read more in my article on the Hot for Security blog.

The European Bank for Reconstruction and Development (EBRD) found itself very publicly tussling with a hacker on its Twitter account this morning.

If you want to find out how different business anti-virus products performed in the tests, and how the one that protects your business fared, check out the report right now.

One of Ireland’s largest banks, Bank of Ireland, has been fined almost €1.7 million after regulators discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account.

Read more in my article on the Hot for Security blog.

If you searched on Google for details of your nearest train station in parts of New York state, you might be in for a rude surprise.

Cybercrime reporter Thomas Brewster has written a fascinating exposé of the activities of Mitre Corporation, which has taken on some eyebrow-raising projects for the US government.

The folks behind The Cyberwire podcast interviewed me for a new series of shows, looking at how people joined the cybersecurity industry.

IoT devices could be banned from sale and destroyed if they fail to meet basic security standards, according to proposals put forward by the UK Government.

Read more in my article on the Bitdefender BOX blog.

The real worry of the Twitter hack is not the cryptocurrency scam that was spammed out, but that attackers might have accessed private messages sent and received by the rich and powerful.

Multiple Twitter accounts have been hacked as part of a Bitcoin scam, and it’s one of the biggest security disasters in Twitter’s history.

Read more in my article on the Tripwire State of Security.

Login chaos for England’s contact tracing service, our drill-down on the Britain’s Huawei 5G ban, MGM’s blockbuster breach, and how to pronounce “Gigabyte.”

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault, and special guest Maria Varmazis.

I’m in the latest episode of the “Stroke of Genius” podcast, which looks at passwords and how researchers are exploring ways to use brain patterns as a way to unlock devices.

I’m on hand to describe the workings of some notorious password-stealing malware, and also share some stories of how computer games helped me get a job in the cybersecurity industry.

Yevgeniy Nikulin lived the high life, funded by a life of cybercrime.

Now he faces a significant prison sentence after stealing millions of user records from the likes of LinkedIn and Dropbox.

Read more in my article on the Hot for Security blog.

Researchers claim to have found evidence that cybercriminals are offering for sale a database containing the personal details of 3.4 million users of an online art and antiques auction website, as well as three million cracked passwords.

LiveAuctioneers, the online website which broadcasts live auctions selling antiques, art, and collectibles, has warned that user details have fallen into unauthorised hands following a security breach.

Google has announced that from August 2020 it will be prohibiting ads for stalkerware products and services.

But a loophole means that the companies behind creepy stalkerware apps will still be able to advertise themselves.

Things just got serious.

Business Email Compromise is no longer solely the province of chancers. Organised criminal gangs with a high level of professionalism have seen the opportunity and seized it.

Read more in my article on the Tripwire State of Security blog.