What makes software supply chain attacks extremely dangerous?

The first advice any cybersecurity expert will tell you is to install the latest updates for your software and system. Updates prevent hackers from exploiting vulnerabilities on computers to carry out evil deeds such as spreading malware or stealing information.

But what do you do when the updates themselves contain malware? This is exactly what happened in mid-September, when an infected version of the famous security and maintenance tool CCleaner was widely distributed among its users. What made the attack especially noteworthy was the fact that the attackers pushed their malware through the hacked servers of Avast, the company that owns CCleaner. Continue reading

Advertisements

We need to rethink how we store our personal data

The data breach at credit reporting agency Equifax, the gory details of which became clear last week, is the latest installment in a series of cybersecurity disasters in which consumers have been at the receiving end of the miseries. The breached data affected the information of 143 million people. That’s not a big number when compared to some of the bigger data breaches of the past year, such as Yahoo’s 1 billion user account record breaker.

However, what made the Equifax breach especially damaging was the sensitivity of the data that attackers laid their hands on. This included Social Security numbers, driver’s license numbers, credit card information, birthdates and addresses, and more. The only data breaches that compared in terms of severity were Anthem (approx. 80 million people affected) and the Office of Personnel Management (approx. 21 million people affected).

What makes matters worse is that Equifax professes to be a company that protects its customers from identity theft, the same kind of cyberattack that the stolen data will enable. The company is now scrambling to make amends with customers, and is getting ready to face several lawsuits. But that won’t bring back the data that has slipped through its fingers. Continue reading

5 tips to keep your customers’ data safe

By Lisa Michaels

After many large businesses around the world became involved in data breach scandals, many other businesses of all sizes have begun paying more attention to data security and protection.

No matter what kind of business you run, protecting customer data is crucial to maintain your brand’s reputation and your bottom line. In some industries, businesses who fail to take proper measures to secure confidential information may expose themselves to fines and other penalties from regulatory authorities.

In order to prevent data leaks that carry huge financial costs and could have a huge negative impact on your reputation, you need to apply the following security tips. Continue reading

5 tips from experts on how to lock down your online security

By Maxwell Donovan, BestOnlineReviews.com

Passwords are essential. They are the only way that gives you a direct ticket to various sites any time you want to. However, only understanding and observing the basics of password protection is not enough for you to keep hackers away for good? Over just the basics protections such as two-factor authentication, password manager and of course ensuring that your password is secure from being easily guessed by hackers.  These are valuable tips for protecting your online security. However, you still need to go an extra mile beyond the standard. Here are a few tips from experts to ensure your online security is not compromised. Continue reading

Kuperman: home and IoT security will lead the way in the next generation of cybersecurity advances

Unfortunately, it is fair to say that the vulnerabilities of Internet of Things (IoT) are preceding its innovations and utilities. From the hacking of the Ukraine power grid, to last year’s DDoS attack against the Dyn DNS provider, IoT devices are behind security incidents of all sizes.

The IoT industry is exposing how putting connectivity into anything and everything opens up a Pandora’s box of vulnerabilities, and give cybercriminals limitless ways to hurt their victims. One area of concern are smart homes, where a slew of not-so-secure devices are finding their way and exposing their owners to unprecedented threats.

In this month’s interview, Leon Kuperman, CTO of smart firewall manufacturer CUJO, discussed IoT security threats and new approaches to securing the homes of the future. Continue reading

The cybersecurity risks of 3D printing

By Heather Redding

Today tech enthusiasts around the world appreciate the growing importance of 3D printing. This breakthrough technology has rapidly expanded beyond simple prototype creation and hobby design efforts to transform mainstream manufacturing processes. Currently, 3D printers assist with the production of numerous products, ranging from sophisticated medical devices to car parts and complex aviation components. Rapid advances in 3D manufacturing capabilities promise to augment cost-effective fabrication processes in a rapidly increasing number of industries in the near future.

Yet despite the fast pace of innovation, this nascent field has also begun to attract some potential cybersecurity threats. Understanding unique security challenges implicated by this technology will likely assist many progressive firms in optimizing their 3D printing processes. This brief article seeks to outline some possible 3D printing cybersecurity issues and suggest some potentially useful solutions. Continue reading

The ransomware that never was

Last Tuesday, a malware, initially suspected to be the Petya ransowmare, spread across thousands of computers, mostly in Ukraine. At first, the episode was thought to be the sequel to the WannaCry ransomware outbreak that infected hundreds of thousands of computers across the world in May.

But as the story unfolded and the details emerged, it became evident that this attack was something more, perhaps a cyberattack of political nature hidden behind the guise of a ransomware. The malware eventually acquired other names, including NotPetya, PetyaWrap and ExPetr.

Here’s what we know—so far—about the NotPetya “ransomware” attack that has been making the headlines of late. Continue reading