As we’ll see in a moment, design flaws and other weaknesses in the central processing unit or CPU of a computer or mobile device can create and have in fact produced a number of vulnerabilities that are causing concern to hardware manufacturers and users the world over. They have reason to worry because, in the assessment of Google, “effectively every” … Read More
TLS 1.3 – How Will It Impact Secure Web Communications?
Building on the legacy of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption protocols, the recently ratified TLS 1. 3 looks to set a new standard for secure web communications and online application deployment. As we’ll see, improvements in security aren’t all that TLS 1. 3 has to offer. But there are technical considerations which are likely … Read More
Big Tech – A Look at How Big Firms, Employers and Governments Violate Privacy
Big tech companies, major employers, and government agencies all have a vested interest in monitoring activities and collecting data – but the privacy of the people concerned in these information gathering exercises may often be disregarded, or abused. Players in the “big tech” arena have had a checkered history with regard to data privacy matters. But recent changes in European … Read More
How to Prevent Web Browsers from Cryptojacking
In what’s become a worrying and growing trend, private and corporate web browsers are increasingly being co-opted as tools for generating cryptocurrency, via a process known as cryptojacking. This trend comes in response to the massive growth of cryptocurrencies – digital units of exchange that use encryption and blockchain technology to authenticate currency owners and validate transactions. The sometimes ridiculously … Read More
IoT DoS Attacks – How Hacked IoT Devices Can Lead To Massive Denial of Service Attacks
Ever since its inception, the IoT or Internet of Things has drawn widespread criticism for the lack of consideration given to security matters, in the design and deployment of its hardware, software, and infrastructure components. This negligent attitude has resulted in various weaknesses, which hackers and cyber-criminals have already successfully exploited to compromise IoT elements so that they can be … Read More
How Two Factor Authentication, or 2FA, Can Help Thwart Phishing Attacks
Two Factor Authentication or 2FA, is now widely accepted as the required minimum for increasing the safety of users against the threat of phishing attacks. For some years now, hackers, cyber-criminals, and identity thieves have used phishing tactics to lure unsuspecting victims into downloading booby-trapped file attachments, visiting bogus websites, and divulging sensitive information. Account profiles and credentials such as … Read More
Cybersecurity Compliance Frameworks
In order to observe best practices, and to meet with technical and other requirements, organizations often use frameworks for cybersecurity compliance and regulatory compliance. These frameworks provide best practices and guidelines to assist in improving security, optimizing business processes, meeting regulatory requirements, and performing other tasks necessary to achieve specific business objectives such as breaking into a particular market niche … Read More
Social Engineering Attacks – How to Avoid Becoming a Victim
Cyber-attacks have increased in sophistication – not only in the technology and resources available to hackers but also with the evolution of techniques like social engineering. Just as a galvanized steel chain is only as strong as its weakest link, the security of your business is only as good as its most vulnerable elements. And for the majority of businesses, … Read More
Web Cache Poisoning – How Hackers Are Weaponizing Web Caches
In a recently discovered (but yet to be fully publicized) attack, security researcher James Kettle has apparently succeeded in cache poisoning, the hacking and weaponizing of the web caches of several major websites and online platforms. The victims include online stores, a software product, a video game, a popular cloud platform provider, a hosting platform provider, an investment company’s investor … Read More
Leaked Credentials – An Insidious Problem for the Enterprise
Though data breaches have the potential to expose corporate secrets, finances, and intellectual property to prying eyes, a more insidious problem for the enterprise is the issue of leaked credentials. Email and network usernames, passwords, and related information may also form a major part of the corporate data leakage that follows a serious breach. And since these identifiers may be … Read More