now browsing by tag


#parent | #kids | Is It Safe to Go Back to the Dentist During Covid-19? | #parenting | #parenting | #kids

Dental practices are high-risk during the pandemic. Here’s what to know before making an appointment. Photo: Oscar Del Pozo/Getty Images In the early days of the Covid-19 pandemic, when almost […] View full post on National Cyber Security

#childsafety | Is Trick-or-Treating Safe Amid the COVID Pandemic? We Asked a Pediatrician For Advice | #parenting | #parenting | #kids

Like most events and holidays that have taken place amid the COVID pandemic, Halloween is going to look a lot different this year. Obviously, kids trick or treat outside, which […] View full post on National Cyber Security

#cybersecurity | #hackerspace | DEF CON 27, Crypto And Privacy Village – Sarah McCarthy’s ‘Quantum Safe Instantaneous Vehicle Comms’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.


The post DEF CON 27, Crypto And Privacy Village – Sarah McCarthy’s ‘Quantum Safe Instantaneous Vehicle Comms’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27, Crypto And Privacy Village – Sarah McCarthy’s ‘Quantum Safe Instantaneous Vehicle Comms’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Snatch ransomware reboots PCs in Safe Mode to skirt antivirus defenses

Source: National Cyber Security – Produced By Gregory Evans Russian-speaking gang are big fans of Mockney heist caper. Blimey! Cybercriminals have developed a strain of ransomware that circumvents security protections by rebooting Windows machines in the middle of its infection routine. The Snatch ransomware forces a compromised Windows machine to reboot into Safe Mode before […] View full post on

#cybersecurity | #hackerspace | Staying Safe when Shopping this Holiday Season: Bricks and Clicks Edition

Source: National Cyber Security – Produced By Gregory Evans The shopping season is upon us, and like it or not there are lots of individuals who would love to replace your happiness with their sadness. Thus, at this festive time of the year, it is imperative to give some thought and prep time to you […] View full post on

Stay safe this National Cyber Security Awareness Month

Source: National Cyber Security – Produced By Gregory Evans

October marks National Cyber Security Awareness Month, a time that acts as a valuable reminder for organisations to evaluate their cybersecurity. In this year alone, 55 per cent of UK businesses have been targeted by cybercrime, which is up by 15 per cent on last year. There has never been a better time to address cybersecurity and bring awareness to the forefront of people’s minds.

Taking this opportunity to highlight key concerns, eight IT experts have weighed in to explain the risks of cybercrime and how best to improve cybersecurity.

Employee awareness

In this day and age, a cyberattack is, unfortunately, more of an inevitability than just a mere threat. So, businesses need to accept the fact that mitigation technology is a necessity.

Steve Nice, Chief Security Technologist at Node4, continued, “This Cyber Security Month, it’s important for organisations to recognise how to strengthen their security to prevent potentially devastating attacks from harming them. It’s the responsibility of the IT team to ensure that the business’ security is up to speed, and so a Vulnerability Testing programme can help the team understand where the weaknesses are and support these areas. This means that valuable time – and money – can be saved from being spent on unnecessary security infrastructures before knowing where the holes in the defence really lie.”

“However, it’s not just the technology that needs to be supported. Regardless of how many layers of protection IT teams implement, the weakest link is the people involved. Managing this is essential in any cybersecurity strategy, so it’s vital to ensure that all employees are fully up-to-date with the latest security protocols and processes in the company. This is a key part of cybersecurity, and even more so because the human element is the hardest to control and measure effectively.”

As Avi Raichel, CIO at Zerto agreed, “Cyberthreats such as ransomware can be a huge threat to businesses, and even just a single employee clicking a malicious link in their emails will mean a ransom must be paid for all business data encrypted. Cybercriminals often exploit vulnerabilities in employee emails, so it is crucial to have the right cyberdefences in place to avoid a disaster where customer data, and a lot of money, could be at risk.”

“Having an extensive tiered security model and instilling a strong cybersecurity-aware culture across all employees will help minimise risk. But, the attack itself is only half of the problem because, without sufficient recovery tools, the resulting outage will cause loss of data and money, as well as reputational harm.       

Paradigm shift

Paul Rose, CISO at Six Degrees, suggested that it is time for a paradigm shift in the way we view cybersecurity.

He continued, “The threats are known, documented and evidenced. But the fact remains that even mentioning the word ‘cybersecurity’ in the boardroom can elicit eye rolls, shuffling in seats and muttered excuses to leave.

This year’s National Cybersecurity Awareness Month is all about each and every one of us doing our part to make sure that our online lives are kept safe and secure. Effective cybersecurity requires continual top-down engagement throughout the organisation, and that starts in the boardroom. Cybersecurity needs to be put on the executive agenda; it should be placed in the context of the continuing success of the organisation in terms of the impact of any breach.”

Sascha Giese, Head Geek at SolarWinds supports this point, and stated, “With every passing year, the public sector is becoming increasingly aware of the onslaught of cyberattacks it faces, with an increase in the number of organisations reporting over 1,000 cyberattacks in 2018 compared to 2017, as revealed this year through a SolarWinds FOI request. Public sector IT professionals are working every day to ensure the data their department holds is kept secure. While tools and technology are of course the most solid defence against security threats, public sector IT pros should also consider the following three steps to achieving a stronger security posture: leadership setting the right example; regular and effective training for all teams; and ensuring security policies are revised frequently to keep up with the latest threats.

“U.K. government IT professionals are trusted with data by citizens, and so to give them confidence this information is being kept safe, organisations in this sector must adhere to strict security policies. And, to keep on top of security, having initiatives supported by everyone – not just the IT team – are the crucial part of the puzzle.”

Security processes

Hubert da Costa, Senior Vice President at Cybera identifies the importance of embedded security in modern businesses. “The adoption of mobility, big data, social media, cloud and the Internet of Things is extending traditional enterprise perimeters, making them complex and difficult to secure,” he said.

“Far too often, application security is an afterthought if it is addressed at all. The solution is to embed security directly into the fabric of the network, striking a balance between user experience, security, and affordability. This approach combines defence-in-depth, micro-segmentation and continuous network monitoring.”

John Ford, CISO at ConnectWise added to this discussion, stating, “The simplest thing SMBs can do to protect themselves from cyberthreats is to enable multifactor authentication. Essentially, that means having more than just a password. Most people use it all the time and never even think about it. For instance, when logging into your bank account from something other than your primary computer, and the bank sends a text message to your phone with a code. You enter the code and you’re in. That’s all multifactor authentication is. In cybersecurity, we call it “something you have and something you know.”

While there are all kinds of complex products and technologies companies use to protect themselves – many of them excellent – the fact is, most ransomware attacks can be prevented by this easy-to-deploy process. Yet, multifactor authentication has only recently become widely adopted, despite having been around close to 20 years.”

Additionally, Stephen Gailey, Head of Solutions Architecture at Exabeam, commented, “Almost all of the huge breaches we read about in the news involve attackers leveraging stolen user credentials to gain access to sensitive corporate data.  This presents a significant problem for security teams.  After all, an attacker with valid credentials looks just like a regular user.  Identifying changes in the behaviour of these credentials is the key to successfully uncovering an attack.  But in an age of alert overload, security teams are often overwhelmed and can struggle to make sense of the data in front of them.

Applying User and Entity Behaviour Analytics (UEBA) to the data already collected within most organisations can help security teams connect the dots and provide a useful profile of network user activity.  By connecting the dots and creating a map of a user’s activities, even when the identity components are not explicitly linked, security teams can create baselines of normal behaviour for every user on the network.  This makes it easier to identify when a user’s activity requires further investigation.  It may not stop you being breached, but it will tell you about it before the damage is done.”

Filling the breach

Matthew Buskell, Area Vice President at Skillsoft lent his insight regarding the skills gap within cybersecurity.

“Cybersecurity is one of the most diverse and thrilling fields, open to anyone with an inquisitive, analytical or determined mind. Perhaps paradoxically, it is also facing a significant talent shortage. Research by (ISC)² estimates that almost three million cybersecurity positions remain unfilled. With organisations crying out for new cybersecurity professionals, how can you make the leap?”

“A career in cybersecurity is no longer as elusive as it once was. The path to cybersecurity success is about learning and – crucially – demonstrating drive and passion.

“For anyone with an IT background, there are plenty of training options to support a transition into a cybersecurity role. However, for those currently in non-technical positions, mid-ladder career changes are becoming easier than ever. Indeed, much of the training needed is available online. If you’re thinking about a move into the industry, Cybersecurity Awareness Month might be the perfect time to kick-start your career change.”

With the constantly evolving threat of cybercrime, Cyber Security Awareness Month provides the opportunity for organisations to take stock of the security systems they have in place, the training provided and the importance placed on countering these ever-changing threats.

IT Experts

Source link

The post Stay safe this National Cyber Security Awareness Month appeared first on National Cyber Security.

View full post on National Cyber Security

Cybersecurity: Is #anything really #safe?

Source: National Cyber Security – Produced By Gregory Evans

2017 was a spectacular year for cyberattacks, including some previous ones only recently and reluctantly disclosed by embarrassed victims. They include a veritable who’s who of government, business and technology, including some of the world’s most technically sophisticated organizations.

Their misfortune raises a critical question: Is anything really safe?

Read More….

The post Cybersecurity: Is #anything really #safe? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers to #Help Make #Voting #Machines Safe Again

Source: National Cyber Security – Produced By Gregory Evans

Following the recent declaration by the U.S. National Security Agency that Russian hackers tried to infiltrate the electronic voting machines used in the last U.S. presidential election, many people are calling for a lot of things especially for the electronic voting machines to be scrapped. Although the Russians did not succeed, more questions are still left on the table.

Bipartisan bill to secure voting machines

U.S. senators looking for answers have constituted a committee and is hoping to pass a bipartisan bill called the Securing America’s Voting Equipment (SAVE) Act. The bill will enlist help from the Department of Homeland Security to organize an event like the one held at the DEFCON hackers conference in July, themed the “Voting Machine Hacking Village.”

That DEFCON event exposed vulnerabilities in the electronic voting machines used in the last U.S. election. Hackers took less than two hours to break into the 25 voting machines that were brought to the DEFCON conference, and the first machine was penetrated in minutes. The results of the findings released at an event at the Atlantic Council in October was one of the key provocations for the US senators to introduce the SAVE bill.

Interestingly, some of the significant findings after the alleged Russian breach were centered on the use of foreign materials in the production of these voting machines. Hackers at the DEFCON event pointed to the possibility of having malware embedded into the hardware and software along the entire supply and distribution chain. It was also believed that hackers could have tampered with voters’ registration on the touch screen voting machines.

Hackers enlisted to hunt for vulnerabilities in voting machines

Called the “Cooperative Hack the Election Program”, the initiative mirrors the bug bounty programs previously ran by the U.S. Department of Defense (DoD) where friendly hackers were invited to hack the Pentagon, Army and Air Force. The program is set to swing into motion one year after the bill is in play.

The stated objective of the program is “to strengthen electoral systems from outside interference by encouraging entrants to work cooperatively with election system vendors to penetrate inactive voting and voter registration systems to discover vulnerabilities of, and develop defenses for, such systems.”

Just like past U.S. DoD programs, the “Hack the Election” competition will offer incentives for hackers to find security weakness in the election system. Hackers playing by the rules will also be waived from the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).

Hackers to replicate past successes against voting machines

Looking at past results, we can expect excellent outcomes for the new program. The first of these bug bounties was the ‘Hack the Pentagon’ program where hackers found 138 vulnerabilities. This was quickly followed by the ‘Hack the Army’ program which yielded 118 vulnerabilities and ‘Hack the Air Force’ program with a bountiful harvest of 207 vulnerabilities.

While it is not clear if the hacking program is a one-off event, the bill does propose a requirement for integrity audits to be performed every four years on the voting machines starting from 2019. There is also the provision for grants to be given to help states enhance the security of their voting systems.

The post Hackers to #Help Make #Voting #Machines Safe Again appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers are locking people out of their MacBooks – here’s how to stay safe

Source: National Cyber Security – Produced By Gregory Evans

Hackers using stolen iCloud credentials have been able to use Apple’ Find My Device features to remotely lock down computers and demand Bitcoin ransoms from affected users. However, that doesn’t mean Apple’s iCloud was hacked. Instead, hackers are likely trying their luck with some of the many available username and…

The post Hackers are locking people out of their MacBooks – here’s how to stay safe appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

LOSD creates detailed plan to keep kids safe

To Purchase This Product/Services, Go To The Store Link Above Or Go To Lake Oswego School District has worked with police, fire officials to forge a comprehensive strategy for emergency response. For many years, the Lake Oswego School District has had emergency plans and procedures in place for dealing…

The post LOSD creates detailed plan to keep kids safe appeared first on

View full post on