Have you recently received any of the popular scam phone calls from someone claiming to be from Microsoft offering to fix your computer? Or the IRS scam call, alerting you that you owe taxes and that you must pay immediately? Or a representative from a utility company, threatening to shut off your electricity if you don’t immediately pay with a pre...

If malware on your Android phone doesn't steal any of your information, doesn't spy upon your activities, doesn't infect any of your files, and remains invisible... can we still consider it a bad thing? I think the answer is yes, but some security measures appear to turn a blind eye to a Trojan that security researchers at ESET have dubbed "Porn...

A distributed denial-of-service (DDoS) group has claimed responsibility for a series of global outages to Xbox Live, Microsoft's online gaming network for the Xbox console. Recently, members of the group, which calls itself the New World Hackers, sat down with Newsweek to explain the motivation behind its alleged attacks. “Well, didn’t even take as...

Endpoints are more important than ever in today's connected world. As business increases, most organizations find it necessary to connect a variety of new devices to their networks to keep up with the demands of competing in a global economy. Each of these endpoint nodes may be devices with which employees interact on an ongoing basis, but they...

Access control is one of those topics that often means different things to different people. In its most basic form, it is simply the “restriction of access to a resource." Unfortunately, as you drill down into what that actually means for your organization, things usually get muddy. For some people, it is simply selectively granting user access to...

Unless you’ve been living out in the remotest frontier of some Data Protection Wild West, you will no doubt be aware that a ‘supervisory authority’ Sheriff will soon be riding into town, clutching a lengthy new scroll of law and order in the form of the General Data Protection Regulation (GDPR). ICYMI or simply passed over it as not particularly...

Despite the existence of a number of advanced authentication mechanisms, such as Single Sign-On (SSO), different types of Biometrics, multi-factor authentication, etc., the use of passwords is still the most popular means of authenticating users. The need to generate, and hopefully to remember these passwords, has become even more demanding due to...

A recent experiment conducted at an airport demonstrates that smartphone users are prone to "reckless" behavior when connecting to public WiFi hotspots. In an effort to demonstrate how at risk people are when they connect to public WiFi, security researchers at Avast Software created three open networks next to the Mobile World Congress (MWC)...

Securing the Internet of Things (IoT) has become increasingly difficult. Devices are often shipped with out-of-date operating systems and unmaintained code, which is littered with vulnerabilities. To add to the frustration, traditional security tools cannot be installed on many of these devices. For many users, especially home and SMBs, there are...

With a continued interest in software-as-a-service (SaaS) as a cloud model, concerns about SaaS security are also growing. Total cost of ownership (TCO) used to be the most frequently cited roadblock among potential SaaS customers. But as cloud networks become more frequently used for strategic and mission-critical business applications, security...

Celebrating its 25th anniversary this year, the RSA Conference creates invaluable opportunities for attendees to connect with top security leaders, discover innovative technologies and deliberate the industry’s most pressing issues. With over 30,000 attendees, this annual event continues to help drive the information security agenda worldwide, and...

Even if you are not a developer, you should be familiar with GitHub. If you are not familiar, then consider this blog post your introduction. GitHub is a large cloud-based software repository that uses the git protocol. Creating a GitHub account is painless and free for anyone who is interested. You don’t even need to supply a valid email address to...

IT and software development, departments that have historically had a somewhat contentious relationship, are on a collision course – and at the center of this convergence is security. The rapid adoption of public cloud infrastructure is enabling new levels of cost efficiency, business agility and development capability for organizations of all sizes...

It’s the new byword in federal cyber security: “Act as though your network is already compromised.” But what does it mean? DHS’s big cybersecurity programs focus on solutions that either catch the bad guys at the perimeter (Einstein), or harden individual assets to make compromise more difficult (CDM investments in asset management, vulnerability...

Exactly half of all Americans who have fallen victim to ransomware have fulfilled the attackers' demands and paid the ransom. This is just one of the findings of Ransomware. A Victim's Perspective: A study on US and European Internet Users (PDF), a report conducted by Bitdefender in November of last year. For its study, the security firm spoke with...

Fuzz testing is one of the most powerful tools in the bug hunter’s toolset. At a basic level, fuzzing is the art of repeatedly processing crafted test inputs while checking for ill-effects, such as memory corruptions or information disclosures. One of the main advantages of fuzz testing is that it works 24x7 without a break and with no need for...

Developers today recognize the importance of secure software development. Indeed, security was one of the key topics at this month's DeveloperWeek conference in San Francisco. This level of focus should be applauded. At the same time, however, we must recognize that planning for secure software development is not the same thing as implementing it....

A hospital located in Southern California has paid $17,000 for the restoration of its system following a ransomware attack. News first broke last week about how staff at the Hollywood Presbyterian Medical Center began noticing issues in the hospital's IT system in early February. The Center decided to temporarily suspend its computer system, which...

Since the Middle Ages, chess has been used to teach strategic and tactical concepts to military leaders. For the same reasons, chess can be a great tool for today’s security leaders. We’re going to take a look at the parallels between chess and security in a series of blog posts. In Part 1, we will consider the specific elements that make up the...

In today's interconnected world, computer crime knows no age requirements. People of all ages are capable of committing malicious acts online. That includes teenagers. For example, in October 2015, a teenager allegedly breached the email account of CIA Director John Brennan. UK authorities now believe that they have arrested that same individual,...