Big tech companies, major employers, and government agencies all have a vested interest in monitoring activities and collecting data – but the privacy of the people concerned in these information gathering exercises may often be disregarded, or abused. Players in the “big tech” arena have had a checkered history with regard to data privacy matters. But recent changes in European … Read More
How to Prevent Web Browsers from Cryptojacking
In what’s become a worrying and growing trend, private and corporate web browsers are increasingly being co-opted as tools for generating cryptocurrency, via a process known as cryptojacking. This trend comes in response to the massive growth of cryptocurrencies – digital units of exchange that use encryption and blockchain technology to authenticate currency owners and validate transactions. The sometimes ridiculously … Read More
IoT DoS Attacks – How Hacked IoT Devices Can Lead To Massive Denial of Service Attacks
Ever since its inception, the IoT or Internet of Things has drawn widespread criticism for the lack of consideration given to security matters, in the design and deployment of its hardware, software, and infrastructure components. This negligent attitude has resulted in various weaknesses, which hackers and cyber-criminals have already successfully exploited to compromise IoT elements so that they can be … Read More
How Two Factor Authentication, or 2FA, Can Help Thwart Phishing Attacks
Two Factor Authentication or 2FA, is now widely accepted as the required minimum for increasing the safety of users against the threat of phishing attacks. For some years now, hackers, cyber-criminals, and identity thieves have used phishing tactics to lure unsuspecting victims into downloading booby-trapped file attachments, visiting bogus websites, and divulging sensitive information. Account profiles and credentials such as … Read More
Cybersecurity Compliance Frameworks
In order to observe best practices, and to meet with technical and other requirements, organizations often use frameworks for cybersecurity compliance and regulatory compliance. These frameworks provide best practices and guidelines to assist in improving security, optimizing business processes, meeting regulatory requirements, and performing other tasks necessary to achieve specific business objectives such as breaking into a particular market niche … Read More
Social Engineering Attacks – How to Avoid Becoming a Victim
Cyber-attacks have increased in sophistication – not only in the technology and resources available to hackers but also with the evolution of techniques like social engineering. Just as a galvanized steel chain is only as strong as its weakest link, the security of your business is only as good as its most vulnerable elements. And for the majority of businesses, … Read More
Web Cache Poisoning – How Hackers Are Weaponizing Web Caches
In a recently discovered (but yet to be fully publicized) attack, security researcher James Kettle has apparently succeeded in cache poisoning, the hacking and weaponizing of the web caches of several major websites and online platforms. The victims include online stores, a software product, a video game, a popular cloud platform provider, a hosting platform provider, an investment company’s investor … Read More
Leaked Credentials – An Insidious Problem for the Enterprise
Though data breaches have the potential to expose corporate secrets, finances, and intellectual property to prying eyes, a more insidious problem for the enterprise is the issue of leaked credentials. Email and network usernames, passwords, and related information may also form a major part of the corporate data leakage that follows a serious breach. And since these identifiers may be … Read More
Employee Security Awareness Training – Management Side
As many organizations have learned to their regret, a policy for cybersecurity – however comprehensive, proactive, and technologically sound it may be – is doomed to failure if its terms aren’t adhered to by stakeholders of the enterprise, across the board. This emphasizes the need both for eliciting buy-in to the concept and culture of security awareness, and for management … Read More
Microsoft Implementing JavaScript In Excel: What Are The Potential Threats?
Since its arrival on the computing scene in 1995, JavaScript has emerged as a “consumer level” programming language capable of powering common website features like multimedia modules and form submissions. And given its long history, JavaScript code snippets are currently available across the internet, in a number of freely accessible libraries and resource bases. It provides convenient automation – for … Read More