Week in security with Tony Anscombe
The first week in security video round-up from WeLiveSecurity
Cybersecurity
Canada tackles malicious online advertising
Federal agency issues Notices of Violation to Datablocks and Sunlight Media for allegedly facilitating the installation of malware through online advertising
Going on vacation? Five things to do before you leave
You’ve set up an out-of-office auto-responder and packed your stuff, but have you done all of your “homework” before you rush out the front door for that well-deserved time off?
The principle of least privilege: A strategy of limiting access to what is essential
The principle of least privilege is a security strategy applicable to different areas, which is based on the idea of only granting those permissions that are necessary for the performance of a certain activity
Trends 2018: Critical infrastructure attacks on the rise
Healthcare sectors, critical manufacturing, food production and transportation also said to be targets for cybercriminals
Inside fake Interac transfer and tax refund SMS phishing
It’s tax season in Canada and scammers are using fake tax refund forms to lure victims into supplying their personal information via phishing pages
What’s the deal with session-replay scripts?
Some aspects of online tracking go beyond just website analytics
Anti-Malware testing needs standards, and testers need to adopt them
A closer look at Anti-Malware tests and the sometimes unreliable nature of the process.
The 5 IT security actions to take now based on 2018 Trends
Implementing the five actions described in this article can help reduce your organization's cyber risk and bolster its security defenses
Lazarus KillDisks Central American casino
The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.
Oil & gas industry in Middle East found lagging in security
The oil and gas industry is the target of as much as one-half of all cyberattacks in the Middle East
Critical Infrastructure Interview with David Harley
WeLiveSecurity sat down with David Harley to get a better understanding of Critical Infrastructure and the role he has played in the area throughout his career.
Pirate websites expose users to more malware, study finds
The study found that the more time users spent on pirate sites the higher the likelihood that some type of malware would compromise their computers.
Employers’ best bet for appealing to security pros? Value their opinions
The report also sheds light on how not to go about attracting new hires. Vague and inaccurate job descriptions along with job postings that include insufficient qualifications were found to top the list of turnoffs for many jobseekers
New DDoS attack method breaks record again, adds extortion
DDoS mitigation service Arbor Networks has announced that an undisclosed US company has suffered an attack fueled by internet-facing Memcached servers that clocked in at 1.7 terabits per second (Tbps), beating the previous record of 1.35 Tbps.
GitHub knocked briefly offline by biggest DDoS attack ever
At its peak, inbound traffic reached a staggering 1.35 terabits per second (Tbps), outflanking the previously record-setting assault of 1 Tbps at French web hosting provider OVH in September 2016.
The rise of AI needs to be controlled, report warns
The experts urge policy-makers to work closely with technical researchers, computer scientists and the cybersecurity community to investigate, understand and prepare for possible malicious uses of AI.
Major reform of cybersecurity policies in France
This document, which is described by its authors as a “real white paper on cyber-defense”, is divided into three parts, followed by approximately 20 priority recommendations summarizing the central elements of the document.
One-third of organizations sacrifice mobile security for business performance
Only one in seven organizations have put in place all four basic cybersecurity practices specified by Verizon – changing all default passwords, encrypting data transmitted over public networks, granting employee access on a need-to-know basis, and testing security systems regularly.
Friendly warnings left in unsecured Amazon S3 buckets which expose private data
Ethical hackers are warning businesses who use Amazon S3 cloud storage if they have left data exposed for anyone to access... by leaving "friendly warnings" on the servers.