UK’s new Cyber Security Champion announced

The winner of the 2103 UK Cyber Security Challenge, launched two years ago as part of a government and industry backed initiative to encourage people to choose a career in information security, has been announced.

Securing Your Holiday Tech Gifts, Part 1: Windows PC Guide

[UPDATE #1:  (21 Dec 2012, 5:30PM) ESET Researcher Cameron Camp has just published the second part of this series on securing your Android device.  Read it here on the ESET Threat Blog at Securing Your Holiday Tech Gifts, Part 2: Android Guide.  AG] December is upon us, and whether you have a Christmas tree, menorah,

Study finds 90 percent have no recent cybersecurity training

A new study finds that only 1 in 10 consumers have had any classes or training about protecting their computer and/or their personal information during the last 12 months. Indeed, a shocking 68 percent say they have never had any such training, ever. These and other findings, first revealed by ESET at the Virus Bulletin

Apache/PHP web access holes – are your .htaccess controls really safe

If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw yesterday at Blackhat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler described in their session is not some rare

Cybercrime and the small business: Basic defensive measures

Evidence that criminals are targeting the computer systems of small businesses continues to mount. The Wall Street Journal recently drew attention to the way cybercriminals are sniffing out vulnerable firms. The article highlighted the fact that about 72% of the 855 data breaches world-wide last year that were analyzed in Verizon's Data Breach Investigation Report

SMSmishing Unabated: Best Buy targeted by fake gift card campaign

News of SMS (text) phishing scams are nothing new to readers of this blog.  ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen

Guarding against password reset attacks with pen and paper

With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics.  In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem:  How to guard

SMB cyber security: we feel your pain – RSA day two

Day two of the show, and we ask vendors and participants what the pain points are for Small and Medium Businesses (SMB), especially in the category from 25 to 250 member organizations, even narrowing that to 100 employees or less. It seems this sector is largely missed by the large vendors on the show floor

Security awareness, security breaches, and the abuse of "stupid"

Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better. Consider the

Facebook/app data privacy – sharing gone wild

So you browse your favorite restaurant review site and settle on a great Mediterranean restaurant, and “magically” a variety of preferences get fed back to your Facebook profile, to be shared, re-shared and re-shared, ricocheting around the internet to form purportedly value-added experiences elsewhere you visit. That’s great news if you want your preferences bounced

Your Children and Online Safety

Do you know what your children are doing online, and do they know the risks out there?

Now you can be forced to decrypt your hard drive?

Awhile back we noted a case where Ramona Fricosu, a woman accused of involvement in a mortgage scam, was asked, following a law enforcement raid in which her laptop was seized, to decrypt data on the device for use as evidence, potentially incriminating her. She pleaded the 5th Amendment protection against self-incrimination and refused to

EU – data breaches to be reported within 24 hours

In an escalation of the tendency to require companies to be forthright with their users following a breach, a European Union proposed bill intended to overhaul a 17-year old law is making progress. This week EU will outline the overhaul to the existing rules, hoping to encourage more expedient communication efforts following a breach, in

Merchants push back on credit card breach fines

We've noted the often staggering fees associated with a credit card breach, normally accompanied by a slew of bad press. We've seen Stratfor, in light of their recent hack, dealing with public exposure issues due, in part, to unencrypted payment card information (for which, to their credt, they’ve publicly apologized for). Now we see a

New Year's resolutions for securing your new tablet

Okay, you got the wrapping paper off the new tablet hotness, fired it up and now cannot put it down. But what should you be doing in the New Year to properly feed, protect, and care for your newly found addiction? Well here are some of the basics – things that are easy to do

Could hackers break into your Wi-Fi wireless router?

You just got a new wireless router for Christmas, but when you set it up it asks about wireless security. Do you want WEP, WPA, WPA2 or any of the other alphabet soup options they give? While it’s easiest to just pick the default setting, are you setting yourself up for trouble from aspiring hackers?

Stratfor hack – lessons learned

Recently we noted that unencrypted credit card storage was on the rise in 2011, and also highlighted the expense involved to the company in the event of a credit card breach. Now we see personal data – including unencrypted credit card information – being paraded out as a part of the recent Stratfor hack. Also,

Ransomware stoops to new lows – fake law enforcement

Ransomware, the practice of providing fake notifications that “you’re infected” and then selling a fake solution that removes the fake malware they just installed, has been a boon for scammers. Now, they’re taking it a step farther, throwing in a law enforcement scare. In this latest scam, an official-looking banner appears on infected machines, purporting

What would a credit card breach cost your company?

We’ve noted recently that many companies store credit card information in an unencrypted form, sometimes several years' worth. So what happens if your systems get hacked before you get around to securing that credit card data? Sure, there’s the embarrassment of telling your customers their data has been exposed–a legal requirement in more than 40

Unencrypted credit card storage on the rise

More websites stored unencrypted credit card payment information than ever this year, according to a recent report. I thought we had this figured out? Obviously this is a direct violation of Payment Card Industry Data Security Standard (PCI DSS) requirements. But seriously, this stuff is simple for the developers to fix, so why don’t they?

Follow us

Copyright © 2015 ESET, All Rights Reserved.