Cybersecurity Matters

George Hulme lends his expert insight into the latest developments in cybersecurity

Negative consequences of IoT could extend beyond cybersecurity

Last week, the U.S. Government Accountability Office (GAO) published a 78-page technology assessment of emerging Internet of Things (IoT) technologies and their implications. Internet of Things: Status and Implications of an Increasingly Connected World was conducted at the request of Congress, and involved a review of current literature and expert input. Report authors named information security as […]

Stay safe: Massive database of stolen passwords surfaces

mobile security DXC Blogs

Every few months, it seems, a big trove of usernames and passwords surfaces somewhere. This week it was uncovered by Bob Diachenko of Kromtech Security Research Center. He wrote about a massive trove of emails and passwords appearing online. As Diachenko explains, the database of 560 million emails and passwords may have been curated from other exposures, […]

Lessons learned from the WannaCry ransomware attacks

cybersecurity DXC Blogs

While the waves of ransomware infections known as “WannaCry” have settled down, with a few scattered new infections reported in Asia (notably in South Korea and Taiwan), we can all learn an important lesson from the attacks. Unfortunately that lesson will be lost on many, if not most, organizations too quickly. Throughout the day Friday, May 12, malware managed to infect a […]

Leaked U.S. cybersecurity order focuses on workforce development

The latest draft of the Trump administration’s cybersecurity executive order focuses on modernizing federal IT systems and holding departmental heads responsible for maintaining adequate security. While hopes were high that the order would be signed earlier in the administration’s tenure, the date keeps getting pushed back. Rumors have picked up once again this week, following the latest […]

Hopes rise for U.S. executive order confronting cybersecurity

cybersecurity DXC Blogs

Speaking recently at the Georgetown cyber conference, former NSA cybersecurity expert and White House cyber coordinator Rob Joyce said the belated cybersecurity executive order is close to fruition. “I think the important focus on this is we want to make sure the cybersecurity [executive order] emerges … in sequence with other things that the administration is rolling out, […]

Business leaders still disconnected from cyber risks

security disconnect DXC Blogs

While it’s long been said that to successfully manage the risks in enterprise security, business leadership — executives, the CEO, up to the board of directors — needs to be engaged with security teams, it’s still not happening. A recent survey from the National Association of Corporate Directors (NACD) found that, while boards want to understand cybersecurity risks, […]

GameStop, Scottrade suffer data breaches

A duo of recent data breaches — one hitting a stock trading brokerage and another a videogame retailer — shows that more gains are needed to protect customer data, even with all of the progress made over the last 10 years. According to a story by colleague Steve Ragan, Scottrade Bank (a subsidiary of Scottrade Financial Services Inc.) […]

Windows server attack code in the wild

According to the United States Computer Emergency Readiness Team (US-CERT), there is active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0. Successful exploitation of this vulnerability may allow a remote attacker to control the at-risk system, US-CERT says. According to the National Vulnerabilities Database, the flaw, catalogued as […]

Password managers: Secure tool or single point of weakness?

Let’s face it: Passwords are not only a hassle, they also don’t make the most effective locks. The average person has dozens of username and password combinations to remember. People who are very active online have hundreds of such combinations. It’s just impossible to remember them all, and that’s a big reason why people tend to use the same password […]

Enterprises could (but often don’t) do this one thing to dramatically reduce risk

What is the one technique involved in almost every security breach? Phishing. Nearly every major breach starts with some sort of phishing attack, in which nefarious individuals send reputable-looking emails with the goal of getting the recipient to reveal information or click on a malicious link. Perhaps it’s an assistant opening what he or she thinks is a contract for […]