Virus Bulletin small talk: Diversity in tech
Ahead of next week's Virus Bulletin conference, ESET's Lysa Myers offers a teaser of what to expect of her "small talk" with colleague Stephen Cobb.
Cybersecurity
5 child geniuses destined for a career in cybersecurity
There is a huge shortage of skilled professionals in cybersecurity. We take a look at five young geniuses who may be the future of the industry.
White House unveils NIST Framework for Improving Critical Infrastructure Cybersecurity
The U.S. government has released the NIST Framework for Improving Critical Infrastructure Cybersecurity, a set of voluntary standards designed to help companies in industries critical to the nation to defend against cyber threats. ESET experts comment.
Cyber-warriors, your country needs you: Governments hit by “shortage” of experts
Governments around the world are recruiting “cyber warriors” to fight against the growing threat of both cybercrime and state-sponsored attacks - but there aren’t enough experts to go round.
New British Cyber defense force will protect industry – and “if needed, strike in cyberspace”
A new cyber defense force is being set up in the UK to protect critical private and government computer networks from attack - “if necessary, to strike in cyberspace,” Britain’s Defense Secretary Philip Hammond has said.
Lost in space? NASA “fell short” on cloud security, report finds
NASA is no stranger to peering into nebulae in space - but the space agency found itself perplexed by the more Earthbound puzzle of cloud computing security, according to a report by the Office of the Inspector General.
Obama uses TV interview to raise cyber awareness
President Obama has used a TV interview to further raise public awareness of the growing cyber security threat against the United States.
UK’s new Cyber Security Champion announced
The winner of the 2103 UK Cyber Security Challenge, launched two years ago as part of a government and industry backed initiative to encourage people to choose a career in information security, has been announced.
Securing Your Holiday Tech Gifts, Part 1: Windows PC Guide
[UPDATE #1: (21 Dec 2012, 5:30PM) ESET Researcher Cameron Camp has just published the second part of this series on securing your Android device. Read it here on the ESET Threat Blog at Securing Your Holiday Tech Gifts, Part 2: Android Guide. AG] December is upon us, and whether you have a Christmas tree, menorah,
Study finds 90 percent have no recent cybersecurity training
A new study finds that only 1 in 10 consumers have had any classes or training about protecting their computer and/or their personal information during the last 12 months. Indeed, a shocking 68 percent say they have never had any such training, ever. These and other findings, first revealed by ESET at the Virus Bulletin
Apache/PHP web access holes – are your .htaccess controls really safe
If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw yesterday at Blackhat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler described in their session is not some rare
Cybercrime and the small business: Basic defensive measures
Evidence that criminals are targeting the computer systems of small businesses continues to mount. The Wall Street Journal recently drew attention to the way cybercriminals are sniffing out vulnerable firms. The article highlighted the fact that about 72% of the 855 data breaches world-wide last year that were analyzed in Verizon's Data Breach Investigation Report
SMSmishing Unabated: Best Buy targeted by fake gift card campaign
News of SMS (text) phishing scams are nothing new to readers of this blog. ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen
Guarding against password reset attacks with pen and paper
With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics. In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem: How to guard
SMB cyber security: we feel your pain – RSA day two
Day two of the show, and we ask vendors and participants what the pain points are for Small and Medium Businesses (SMB), especially in the category from 25 to 250 member organizations, even narrowing that to 100 employees or less. It seems this sector is largely missed by the large vendors on the show floor
Security awareness, security breaches, and the abuse of "stupid"
Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better. Consider the
Facebook/app data privacy – sharing gone wild
So you browse your favorite restaurant review site and settle on a great Mediterranean restaurant, and “magically” a variety of preferences get fed back to your Facebook profile, to be shared, re-shared and re-shared, ricocheting around the internet to form purportedly value-added experiences elsewhere you visit. That’s great news if you want your preferences bounced
Your Children and Online Safety
Do you know what your children are doing online, and do they know the risks out there?
Now you can be forced to decrypt your hard drive?
Awhile back we noted a case where Ramona Fricosu, a woman accused of involvement in a mortgage scam, was asked, following a law enforcement raid in which her laptop was seized, to decrypt data on the device for use as evidence, potentially incriminating her. She pleaded the 5th Amendment protection against self-incrimination and refused to
EU – data breaches to be reported within 24 hours
In an escalation of the tendency to require companies to be forthright with their users following a breach, a European Union proposed bill intended to overhaul a 17-year old law is making progress. This week EU will outline the overhaul to the existing rules, hoping to encourage more expedient communication efforts following a breach, in