Cybersecurity Matters

George Hulme lends his expert insight into the latest developments in cybersecurity

Business leaders still disconnected from cyber risks

security disconnect DXC Blogs

While it’s long been said that to successfully manage the risks in enterprise security, business leadership — executives, the CEO, up to the board of directors — needs to be engaged with security teams, it’s still not happening. A recent survey from the National Association of Corporate Directors (NACD) found that, while boards want to understand cybersecurity risks, […]

GameStop, Scottrade suffer data breaches

A duo of recent data breaches — one hitting a stock trading brokerage and another a videogame retailer — shows that more gains are needed to protect customer data, even with all of the progress made over the last 10 years. According to a story by colleague Steve Ragan, Scottrade Bank (a subsidiary of Scottrade Financial Services Inc.) […]

Windows server attack code in the wild

According to the United States Computer Emergency Readiness Team (US-CERT), there is active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0. Successful exploitation of this vulnerability may allow a remote attacker to control the at-risk system, US-CERT says. According to the National Vulnerabilities Database, the flaw, catalogued as […]

Password managers: Secure tool or single point of weakness?

Let’s face it: Passwords are not only a hassle, they also don’t make the most effective locks. The average person has dozens of username and password combinations to remember. People who are very active online have hundreds of such combinations. It’s just impossible to remember them all, and that’s a big reason why people tend to use the same password […]

Enterprises could (but often don’t) do this one thing to dramatically reduce risk

What is the one technique involved in almost every security breach? Phishing. Nearly every major breach starts with some sort of phishing attack, in which nefarious individuals send reputable-looking emails with the goal of getting the recipient to reveal information or click on a malicious link. Perhaps it’s an assistant opening what he or she thinks is a contract for […]

Suspected botnet author arrested

A 29-year-old man thought to have been involved in the Mirai botnet malware used in a series of devastating attacks during the second half of last year has been arrested. As the BBC reports in Router hacker suspect arrested at Luton Airport, the man was arrested under a European Arrest Warrant at the request of the […]

Clouds cast long security shadow over enterprise IT

cloud shadow IT CSC Blogs

If you need more evidence that shadow IT is taking hold in enterprises, look no further than the most recent Intel Security Cloud Report. The headline finding is that roughly 40% of cloud services are bought and used without the involvement of enterprise IT. We’ve known that shadow IT has been a problem for quite awhile, but I […]

New Mac malware on the loose: What you need to know

In the past week, two relatively crude threats to Mac users have surfaced. The malware targets Apple’s operating system, now called MacOS. The first piece of malware, analyzed by researchers Claudio Guarnieri and Collin Anderson and dubbed MacDownloader, was used as part of an attack that targeted the U.S. defense and aerospace industries. The attackers created a fraudulent […]

Cloud spend outpacing traditional IT, spurring security investments

According to a newly released report from IDC, the share of cloud IT infrastructure sales in the third quarter of 2016 has climbed to 39.2% of all IT infrastructure spending, up from 34.7% a year ago. According to IDC: Revenue from private cloud infrastructure sales grew 8.2% to $3.3 billion, and public cloud 8.0% to $5.1 […]

Ransomware attacks strike Elasticsearch servers hard

On the heels of a ransomware attack on the MongoDB, which hit thousands of MongoDB databases accessible on the Web, thousands of users of Elasticsearch now find themselves under attack. Based on a thread in the public Elasticsearch support forum, the attack on poorly secured clusters began last week: Today I found that all indices on our Test […]