You are here

Home » Cybersecurity

Cybersecurity

NIST Launches Small Business Cybersecurity Corner

The National Institute of Standards and Technology (NIST) has launched the “Small Business Cybersecurity Corner,” a website intended to disseminate consistent, clear, concise, and actionable resources – all of which are free – to small businesses. Currently the website contains resources that provide overviews of types of cyber risks and threats; offer recommendations for how to manage risks; help create, evaluate, and improve security plans; provide guidance for responding to a cyber incident; and list training resources like educational courses, webinars, and videos.

Vulnerability Management – What to Do When There Is No (or will never be a) Patch

Patching is a fundamental process of every OT/ICS vulnerability management strategy. Determining which patches to (or not) apply is crucial to addressing known exploits. But how are you addressing vulnerabilities that do not (or will never) have a patch? Ralph Langner, arguably the world's foremost expert on Stuxnet, posits that the worst OT/ICS vulnerabilities will never be disclosed, let alone patched. Therefore, solely relying on public vulnerability disclosures will result in gaps in your protection strategy. Mr.

National Consumer Protection Week

National Consumer Protection Week (NCPW) is March 3–9. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft.

Everything You Need to Know about IP Spoofing

An article from Privacy PC discusses the types of IP spoofing, the kinds of attacks it’s used for, and how to protect yourself against this activity. IP spoofing is the name given to what might otherwise be called IP forgery or IP fraud. It’s a process whereby an attacker uses a fake IP address to hide their identity and carry out things like Distributed Denial of Service (DDoS) attacks and identity thefts.

IoT Devices Attacked Faster than Ever and DDoS Attacks Up Dramatically, according to Report

In its most recent Threat Landscape Report, cybersecurity firm Netscout reports the second half of 2018 “revealed the equivalent of attacks on steroids” with greatly increased attacks on Internet of Things (IoT) devices and Distributed Denial of Service (DDoS) attacks. Specifically, it found IoT devices are under attack five minutes after being plugged in and targeted by specific exploits within 24 hours.

Annual IBM Threat Intelligence Report Finds More than Half of Cyber Criminal Attacks Pivot Away from Ransomware and Towards Cryptojacking and BEC Campaigns

In its just released X-Force Threat Intelligence Index, IBM summarizes the most prominent threats raised by its research teams from over the past year Some of the major shifts IBM observed include decreased reliance on malware, and on ransomware in particular, and increased numbers of cryptojacking attacks - the illegal use of an organization's or individual's computing power without their knowledge to mine cryptocurrencies - and business email compromise (BEC) scams.

Dragos Offers Its Perspectives on ICS Security, State of Cybersecurity in the Water Sector

In a recent article, threat analysts from Dragos respond to a series of questions they received from members of the information security and IT communities on the topic of industrial control systems (ICS) security. The analysts answered questions about the differences between IT and OT security operations skill sets, how to scan ICS environments during assessments, and the ICS threats that keep them up at night, among others.

Hacked? Unplug Networks, Not Power

An article from F-Secure cautions cyber attack victims from following the natural urge to turn machines off and then on. Killing the power wipes out any data stored on the RAM, which in invaluable to investigators. “Turning off the computer is like destroying evidence – evidence that can help uncover who the attackers are and what they’ve done,” says Janne Kauhanen, a member of F-Secure’s Cyber Security Services team. Instead, F-Secure recommends disconnecting all networks, including Ethernet, Wi-Fi, Bluetooth, NFC, and Mobile Data Network connections.

Mobile Device Security Guidance from NIST

The National Institute of Standards and Technology has released Special Publication 1800-5, Mobile Device Security Cloud and Hybrid Builds, a guide for how organizations can secure mobile devices used for work. As observed by the guidance, while mobile devices like smartphones and tablets have enabled employees to do their jobs more effectively and efficiently, the security controls that go along with them have not kept pace with the risks they can introduce.

Pages

Subscribe to Cybersecurity