Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.
Here are the most interesting articles we’ve found this week that could be helpful to you:
When 2900 cybersecurity experts voice their opinions, we listen. This article gives you valuable insights into what these experts are thinking – and how it can impact the security of your organization.
Believe it or not, basic cybercrime does not win the top spot as the worst threat to organizations, according to respondents; in fact it’s not even in the top three. Social engineering is number one (52.26%), followed by insider threats (40.34%) and advanced persistent threats (38.84%) — all ahead of cybercrime, malware, and distributed denials of service.
Two factor authentication is a vital line of defense against attacketrs. Here is a good list of sites that support two factor authentication that you should enable as soon as possible.
Some of the most popular websites have added another layer of security that makes it a lot harder for attackers to get to your stuff. The cool part is that these same websites have worked really hard to make sure this extra layer of security isn’t a huge hassle for legitimate users.
Another great article with lots of good insights into what top security pro’s are worried about in 2016.
To help give a bit of perspective to what top security experts are gearing up for this year, we asked eight of the world’s top security experts in various roles, including a pentester, several CISOs, a secure developer, a security engineer and an international speaker on security topics, to share their thoughts with us.
A new type of attacks has recently been spreading itself around the internet. This form of attack ads malicious code to otherwise good websites (which you might visit).
…malvertising, short for malicious online advertising, which is where usually-trustworthy sites temporarily go rogue because one of the ads they display turns out to be booby-trapped, and tries to foist malware or potentially unwanted content on your computer.
This is a scary situation: attackers have managed to plant a phishing site within the EBay domain. Most phishing scams just try to replicate the website’s look and feel. This criminal was able inject this malicious webpage into the eBay.com domain. This particular presentation would have fooled almost all casual observers. There are two key take always:
- Have Two Factor Authentication (2FA) enabled for every site possible, especially ones with access to critical data or information about yourself (eBay, bank accounts, credit cards, etc…)
- These scams start out as a standard phishing scam where the attacker sends an email to you and tries to get you to click on a link that will lead you to the compromised site.
This is a common web bug, also known as XSS, which attackers can exploit to inject malicious code into a website. Several websites in the past have been hit with XSS vulnerabilities. Perhaps the most well-known case of XSS is when a teenage Samy Kamkar, now a well-known security researcher, was able to trick one million MySpace users into becoming his friend thanks to a self-replicating worm that took advantage of an XSS bug on the social network. That incident, which put Kamkar in the law’s cross hairs, changed the internet for
This is another interesting new way scammers found to send spam without being detected by the normal filtering process. The normal phishing rules don’t protect you against this one.
Everyone always said that the Mac’s day for security issues was coming. I think it has finally arrived. Mac users: you’re not as secure as you think.
While Gatekeeper carries out several checks on apps before they are launched on a Mac, it does not prevent apps from running or loading other apps or dynamic libraries from an alternate directory. This is because Gatekeeper only verifies the first application that the user launches.
The security researcher that found the Gatekeeper Vulnerabiltiy has released a tool that fixes the issue until Apple release a patch.
Wardle has released a personal tool named Ostiarius that would do a better job than Gatekeeper in the prevention of such attacks for the protection of OS X users, as it could block the execution of all unsigned Internet binaries.
Finally, one of the buggiest pieces of software has deprecated all version except the latest: Internet Explorer 11.
…the Internet Explorer cumulative update that was published by Microsoft on Tuesday 12 January 2016 (MS16-001) is the last ever update for Windows 7 that will patch IE 8, 9 and 10.