CSO, from IDG, provides news, analysis and research on a range of security and risk management topics. Areas of focus include information security, data protection, social media security, social engineering, security awareness, business continuity and more.
Mobile security is at the top of every company's worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is a whopping $3.86 million, according to a 2018 report by the Ponemon Institute. That's 6.4 percent more than the estimated cost just one year earlier.
In honor of President's Day, HP's online store has slashed prices up to 56% on various items, with free shipping included. On the list is the HP Pavilion Laptop - 15T which has been discounted $420 down to $579.99. The budget-friendly 14z laptop is even budget-friendlier at just $189.99, down from $329.99. The HP Probook 640 G4 Notebook PC is slashed 53% from $1310 to just $609. There are many more discounts as well, so browse the full list of deals at HP's online store right here.
The original online communities were developed by those that did not fit in, those that did not belong and those escaping bullying, oppression, racism and social pressure.
The late James Spradley and David McCurdy, in their seminal book, Conformity and Conflict: Readings in Cultural Anthropology, cited that practitioners of non-mainstream religions such as Wicca increasingly used online communities to congregate and associate, well before the internet was popular. Online communities such as Bulletin Board Systems (BBSs) and chat systems such as Diversi-Dial (Ddial for short) catered to outsiders, the unpopular and outcasts. The LGBTQ (especially Trans) community also flocked to online communities, as did many others.
Meet the new man-in-the-room attack, which exploited vulnerabilities in the Bigscreen virtual reality (VR) app, allowing attackers to invisibly eavesdrop in VR rooms. Attackers could also exploit the flaws to gain complete control over Bigscreen users’ computers, to secretly deliver malware, and even to start a worm infection spreading through VR. Breathe easy – it’s been fixed, but it’s still freaky.
Bigscreen Beta, a free and popular VR app available on Steam – which has support for HTC Vive, Oculus Rift, and Windows Mixed Reality – is like a hangout and more. It has more than 500,00 users and allows those users to make their avatars, chat in the lobby, hang out, make private rooms, watch movies together in an amphitheater-style cinema, collaborate on projects, and more. With an NSF-funded Virtual Reality Security & Forensics project, University of New Haven researchers Ibrahim Baggili, Peter Casey and Martin Vondráček totally pwned it thanks to security vulnerabilities in the Bigscreen game development platform.
Conventional wisdom in IT security has long taught us that zero-day exploits are rare and that we need to be far more concerned with non-zero-days, which make up the vast majority of attacks. This paradigm was challenged recently by Microsoft security researcher Matt Miller in an awesome presentation he did on the evolution of Microsoft Windows exploits and defenses for Microsoft’s last Blue Hat event on February 7.
New digital threats that could topple business, government, military and political institutions is moving cybersecurity to the top of the congressional agenda. The newly seated 116th Congress has so far seen 30 bills introduced in the House of Representatives and seven bills introduced in the Senate that directly deal with cybersecurity issues. That does not include other pieces of legislation that have at least some provisions that deal with information and digital security.
A key problem in grappling with such a complex issue as cybersecurity in Congress — and in Washington in general — is the diffused responsibility spawned by the wide-ranging, interconnected nature of the topic. Representative Jim Langevin (D-RI), a member of the Armed Services and Homeland Security Committees, and one of the founders of the Congressional Cybersecurity Caucus, flagged this stumbling block at the 2019 State of the Net conference in January by calling for consolidation in Congress over cybersecurity.
Companies have been adding internet of things (IoT) devices to their networks over the past few years, often increasing their exposure on the internet. This has led to a rise in botnets that specialize in exploiting insecure configurations and vulnerabilities to take control of network-attached storage boxes, surveillance cameras, digital video records and more recently, video conferencing systems.
Cyber attackers would likely unanimously agree that using “social engineering” to exploit human vulnerabilities where software and hardware cannot limit all threats is one of the top tools of the trade.
These methods of human deception have become uncomfortably widespread. Phishing attacks can range from basic individual financial theft (such as stealing credit card numbers) to sophisticated campaigns against organizations, companies, or people of interest. This article will help to raise awareness of the threat landscape and introduce six common problems and solutions that can prevent you from minimizing risk for your company.
Most companies buy tools that promise to filter out a majority of nefarious email traffic and adopt “ethical phishing” programs that teach employees not to click on links or attachments. Despite these two common investments, companies still experience significant successful attacks. Tools and phishing programs can also create false confidence that prevents leaders from adapting to change or thinking about the bigger picture.
Two of the biggest challenges that CISOs face today are ensuring that security and business strategies are in alignment and that security solutions are focused on solving the right problems. More often than anyone wants to admit, security teams spend significant resources trying to resolve a specific set of security challenges only to find out that they either don’t support critical business objectives or that the organization has been compromised by an attack coming from an unrecognized threat vector.
Having a sense of urgency but not knowing where the threat is coming from is the equivalent of frantically wading around through flood water carrying a fire extinguisher. As it turns out, getting security right is just as important as having it in place. And ensuring that you have the right tool for the job starts by asking three key questions.
For the first time, the North Korean APT Lazarus group seems to be participating in coordinated attacks against Russian-based companies. According to CheckPoint Research, the attacks over the past several weeks were likely launched by the Lazarus subdivision “Bluenoroff, whose main focus is monetization and global espionage campaigns.”
The North Koreans choosing to cyber-attack Russia is an “unusual choice,” CheckPoint said, as “usually, these attacks reflect the geopolitical tensions between the DPRK and nations such as the U.S, Japan and South Korea. In this case, though, it is probably Russian organizations who are the targets.”