Ever since its inception, the IoT or Internet of Things has drawn widespread criticism for the lack of consideration given to security matters, in the design and deployment of its hardware, software, and infrastructure components. This negligent attitude has resulted in various weaknesses, which hackers and cyber-criminals have already successfully exploited to compromise IoT elements so that they can be … Read More
How Two Factor Authentication, or 2FA, Can Help Thwart Phishing Attacks
Two Factor Authentication or 2FA, is now widely accepted as the required minimum for increasing the safety of users against the threat of phishing attacks. For some years now, hackers, cyber-criminals, and identity thieves have used phishing tactics to lure unsuspecting victims into downloading booby-trapped file attachments, visiting bogus websites, and divulging sensitive information. Account profiles and credentials such as … Read More
Cybersecurity Compliance Frameworks
In order to observe best practices, and to meet with technical and other requirements, organizations often use frameworks for cybersecurity compliance and regulatory compliance. These frameworks provide best practices and guidelines to assist in improving security, optimizing business processes, meeting regulatory requirements, and performing other tasks necessary to achieve specific business objectives such as breaking into a particular market niche … Read More
Social Engineering Attacks – How to Avoid Becoming a Victim
Cyber-attacks have increased in sophistication – not only in the technology and resources available to hackers but also with the evolution of techniques like social engineering. Just as a galvanized steel chain is only as strong as its weakest link, the security of your business is only as good as its most vulnerable elements. And for the majority of businesses, … Read More
Web Cache Poisoning – How Hackers Are Weaponizing Web Caches
In a recently discovered (but yet to be fully publicized) attack, security researcher James Kettle has apparently succeeded in cache poisoning, the hacking and weaponizing of the web caches of several major websites and online platforms. The victims include online stores, a software product, a video game, a popular cloud platform provider, a hosting platform provider, an investment company’s investor … Read More
Leaked Credentials – An Insidious Problem for the Enterprise
Though data breaches have the potential to expose corporate secrets, finances, and intellectual property to prying eyes, a more insidious problem for the enterprise is the issue of leaked credentials. Email and network usernames, passwords, and related information may also form a major part of the corporate data leakage that follows a serious breach. And since these identifiers may be … Read More
Employee Security Awareness Training – Management Side
As many organizations have learned to their regret, a policy for cybersecurity – however comprehensive, proactive, and technologically sound it may be – is doomed to failure if its terms aren’t adhered to by stakeholders of the enterprise, across the board. This emphasizes the need both for eliciting buy-in to the concept and culture of security awareness, and for management … Read More
Microsoft Implementing JavaScript In Excel: What Are The Potential Threats?
Since its arrival on the computing scene in 1995, JavaScript has emerged as a “consumer level” programming language capable of powering common website features like multimedia modules and form submissions. And given its long history, JavaScript code snippets are currently available across the internet, in a number of freely accessible libraries and resource bases. It provides convenient automation – for … Read More
What is WireGuard? A Closer Look at a New VPN Technology
A new VPN (Virtual Private Network) technology called WireGuard that’s being billed as perhaps “the most secure, easiest to use, and simplest VPN solution in the industry” is currently gaining traction. It’s especially popular among application developers working for companies that are looking to build their backend infrastructure (administration, archives, and other non-customer facing business units or applications) on the … Read More
The Benefits of Real-Time Cyber Threat Intelligence
To protect their personnel, assets, and sensitive information from being compromised, hijacked, or stolen by malicious actors, organizations are often advised to adopt security best practices, and to deploy the latest in secure technologies. But these things can’t be pulled out of thin air, or identified and adopted without knowledge of what they are, how they should be used, and … Read More