Earlier this week, I wrote about some analysis conducted by Symantec that suggested WannaCry was likely linked to threat actors from North Korea. But there's further evidence now that has people wondering what is really going on.
WordPress blogs are complex pieces of software with a threat surface that expands with each plug-in or theme you install. Whenever I set up a new WordPress site, one of the first things I install is Wordfence - a security plug-in that provides a number of services that help me monitor and manage those sites. Wordfence has launched a WordPress Security Audit service.
One of the primary vehicles used by bad guys to access our systems is stealing log-in credentials in order to impersonate real users. All the security processes and tools in the world are circumvented when someone has your username and password. That's where two-factor authentication (2FA) comes into play. 2FA works by adding another authentication challenge to the equation. It's not just about what you know - your password, it's also about something you have. That's where the authenticator apps from Microsoft and Google come into play.
A new piece of research from Data 61, the digital research arm of CSIRO, has found the energy patterns we generate when we walk can be used to power mobile devices and to authenticate our identity. It turns out we have, in Star Trek parlance, unique energy signatures.
Symantec's researchers have uncovered a potential link between the WannaCry ransomware worm, that hit systems just over a week ago, and code used by the Lazarus Group, the hackers that attacked Sony in 2015 and $81M theft from the Bangladesh Central Bank and are believed to be based in North Korea.
It's a sad reality that privacy comes at a premium in our data-driven world. With trackers and snoopers stalking our online movements, the only way to be sure your browsing stays confidential is to invest in the right software, and that's where Disconnect comes in.
Cloud syncing of data is one of those things we've come to rely on. But we also trust cloud services to protect our data. And that extends to deletions. ElcomSoft has proven that it is possible to retrieve deleted notes after the 30-day window that Apple has set for getting notes back.
Backing up data to tape remains a viable path for many businesses. And even though it seems to be old school, it's still being developed even though disk-based backup has been gaining in popularity. IBM recently upped their tape capacities to 15TB. However, with more and more systems being managed remotely through private, public and hybrid cloud services, it's getting harder to justify tape as traditional deployments struggle to capture a complete snapshot of all your business data. That's why tape as a Service is appearing.
With WannaCry garnering a lot of attention over the last few days, it's easy to forget that the root cause of the damage it wreaked is still out there. The vulnerability it exploited was a weakness in Windows' file-sharing protocol. And while the threat of WannCry has been largely contained, if the vulnerability, dubbed EternalBlue by the NSA, remains unpatched, it can be exploited by others. And that's something being identified in the wild.
Microsoft's President and Chief Legal Officer, Brad Smith, says this week's WannaCry attack "provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem". And while Smith says Microsoft and other tech companies need to take the lead on combatting these widespread attacks, he highlights the shared responsibility required to protect, detect and respond to threats.
Krebs on Security reports that the WannaCry ransomware attack has netted the bad guys a total of just US$26,000. That might not sound like much, but it's probably a drop in the ocean compared to what it has cost businesses around the world.
By now, you'll know all about WannaCry - a ransomware attack that ran rampant late last week and over the weekend. While ransomware attacks suck - they can cost a lot to recover from whether you measure that in ransoms or time lost in recovery - the worrying thing about WannaCry was the attitude of many organisations when it comes to updates and patching.
There's been so much noise regarding the "WannaCry" ransomware that it can be difficult to get a straight answer about what it does and how to fix (or avoid) it. Fortunately, Gold Coast-based Microsoft security MVP Troy Hunt has been able to shed some light on the situation for those in the dark.
These days, government agencies and hackers alike are trying to dig into your online behaviors. Thankfully, VPN.asia is here to protect your privacy without breaking your budget.
Wordfence is one of the first plug-ins I install when I set up a Wordpress site. And their blog is a great source of information on current vulnerabilities and exploits. They have posted a list of 22 Abandoned WordPress Plugins with Vulnerabilities. And while the list is interesting, some of the other data they have unearthed is a cause of concern.
Cybercrime is no joke, and companies are willing to pay a pretty penny for security experts to keep their networks safe. And while the payoff is high, the barriers to entry are low, thanks to the web and its trove of online resources, like the Four Volume Cyber Security Bundle.
New research released today by Telsyte says the IoT market is set to soar with more than 300 million connected devices in Australian homes by 2021. That's more than ten devices for every man, woman and child - and excludes commercial devices and applications. While managing and securing those devices will be a massive challenge, keeping them connected and remotely accessible will also see our telcos scrambling as they seek to further embed themselves in our lives
It's been a rough week in Mac security. First, Checkpoint warned users of a Trojan spreading in Europe that was the first of its kind. And now, one of the most prominent video transcoding apps for Mac has a malware problem.