Security

2

Back when I was a uni student, I used to do tech support on the side. And I saw things. I wasn't the only one. The people who work tech have heard every excuse and seen every horror your mind can conjure. Here are seven things you should never say to an IT staff member trying to fix your computer.

Shared from Gizmodo

0

Look, I have some harsh news for y'all. We suck at security. We choose terrible passwords, fail to put pin codes on our phones, and don't even think about encryption when using public Wi-Fi.

But that's all going to change, right? We're all going to get better at this stuff, yeah? If you need a hand getting started, and owe your allegiance to the cult of iOS, here's 10 apps that might help.

0

Cybercrime is no joke. In fact, the global cost of cybercrime is expected to reach more than $2 trillion by 2019, which means it's in everyone's best interest to learn how to defend themselves from malicious hacking attacks. That's where the Zero to Hero Cyber Security Hacker Bundle comes in handy. Whether you're looking to make a career out of hunting hackers or simply better your own online defenses, this collection trains you in the best tactics and strategies to defend yourself in less than 15 hours.

0

VPNs have become a staple for surfing on the web without compromising your privacy. However, many tend to bog down your browsing speed in exchange for the browsing security — but not Disconnect Premium. This VPN sets itself apart from the crowd by blocking trackers and malware across your entire device, allowing you to browse up to 44% faster, while keeping your online footprint incognito.

0

Many businesses invest heavily in Data Loss Prevention (DLP) systems that prevent users from intentionally or accidentally leaking sensitive data. But a recent incident at Heathrow Airport highlights the challenges. An unencrypted USB stick containing security arrangements from the queen and other information was found on a street by a man in West London.

0

Harassment and abuse on social media freaking suck. What also sometimes sucks: various platforms' inability or reluctance to effectively deal with it. But sometimes you've got to focus on what you can control and let go of the rest, which in this case means reporting harassment.

0

McAfee will no longer allow governments to review their source code. Russian defence agencies have been reviewing the code for some time, in order to certify that the software is safe. But fearing that any vulnerabilities that are found and kept secret and then weaponised by intelligence agencies, the company is stopping the practice.

0

It seems that we can't get through a week without some new cyber-nasty rearing its ugly head. I'm finding the best part of all this is the imaginative names that new threats come with. It's like the bad guys have marketing departments. So, this week, the ransomware marketing machine has dredged up BadRabbit.

3

A survey of 900 IT workers by One Identity found that Australian infosec professionals are among the worst when it comes to snooping with almost two-thirds admitting they have searched for information that is not necessary to their jobs. If you ask most CSOs and CISOs what they are most worried about and most will say internal threats are significant. But I wonder if they worry enough about their own departments.

0

According to Netlab, a new IoT botnet, that dwarfs last year's Mirai attack, is building. Reaper takes advantage of nine different vulnerabilities and over 100 DNS open resolvers to take over IoT devices and launch attacks. Although the botnet hasn't been deployed in a major attack yet, it is building .

0

A flaw in a widely used code library has undermined the security of millions of encryption keys used in national identity cards, code-signing, and other platforms protecting. The weakness lets bad actors calculate the private portion of a vulnerable key so they can impersonate key owners, decrypt data and sneak malicious code into signed software.

2

As the dust settles on the KRACK vulnerability and vendors distribute patches to decrease our exposure to this challenge, I've been thinking about whether KRACK was really about exploiting a vulnerability and what that means about securing systems. Over the last four years or so, there have been some significant milestones or events when it comes to infosec. I think KRACK is one of those pivot moments.

5

Eugene Kaspersky, the CEO and chairman of Kaspersky has revealed that the company will be opening their code to an independent review and they will be opening a number of “transparency centers” in order to try and mend its broken reputation. The company has been accused of either being complicit with or the victim of Russian agencies who have used their end-point security software as a way of injecting spyware onto computers.

0

We're getting to the pointy end of the year when holiday plans are being made and last minute work trips are being organised as jobs that need to be finished before year's end rush on and deals are closed before everyone is away on holidays. That means thinking about how you're going to secure your devices, network connection and all your other tech. Here are my five tips.

0

Threat actors, Group 74, have targeted people attending the Cyber Conflict US Conference being held in Washington next month. They have distributed a flyer that delivers a VBA payload. Cleverly, the bad guys copied the text from the real flyer from the conference website and used that to craft their attack. While this isn't a new technique it's interesting that they are specifically focussing on security experts, presumably as a way of boosting their credibility in the hacker community.

0

While it might sound like shooting fish in a barrel - Google Play is working with HackerOne on a bug bounty program to find vulnerabilities in "in-scope" applications distributed through the Play Store. The number of apps in scope is limited but is expected to expand over time and covers remote-code-execution vulnerabilities and corresponding Proofs of Concept that work on Android 4.4 devices and higher.

0

IDC says spending on security hardware, software and services will hit almost $120B by 2021. That's good news for anyone working in the market who wants to ensure some career longevity. And spending on security products and services for 2017 will total $83.5 billion , an increase of 10.3% over last year.