A week in security (July 9 – July 15)

A roundup of the security news from July 9 – July 15, including sextortion, Spectre, cryptomining, mobile malware, ICO scams and more.

Read more

So you’ve been asked to start a threat intel program

What are the bumps in the road you can expect and avoid when setting up a threat intel program for your business?

Read more

Tech support scams: what are other people doing?

We’ve talked a lot about tech support scams over the past few years, typically focused on what we see ourselves, and the scammers who like to pose as Malwarebytes. But tech support scams are much bigger than that, targeting every tech company under the sun. So what are other people doing about it? Let’s take a look at some of the other players working to keep you safe.

Read more

OWASP top ten – Boring security that pays off

OWASP recently published a draft list of the top 10 security vulnerabilities of 2017. While intended for developers seeking to code more secure applications, the top 10 list is based on actual survey data of threats seen in the wild and serves as a great starting point for organizations struggling with security priorities. Let’s take a look and see how long they’ve been around prior to publication.

Read more

Why do I care about someone else’s data breach?

As the size of your organization increases, the probability that an individual employee’s company email is in that breach rises to 1. So how do you go about plugging leaks? A three-point strategy can get you started.

Read more

How do I get my employees to stop clicking on everything?

If you’ve been given responsibility for network security in a non-technical area of the business, there’s one eternal question that has been bedeviling. How do you get your employees to stop clicking on everything?

Read more

Attribution Part II: Don’t overthink it

In Part II of this three-part series, we take a deeper look into the mistakes one easily makes in terms of cyber attack attribution.

Read more

Attribution, and when you should care: Part 1

Attribution is the practice of taking forensic artifacts of a cyber attack and matching them to known threats against targets with a profile matching your organization. If this seems overly complicated, that is intentional. There are degrees of attribution that map to very specific contexts and painting over that context with a simplistic reading accomplishes very little other than frightening decision makers into unnecessary expenditures.

Read more

Threat modeling: What are you so afraid of?

There are many, many threat models available on the internet with extensive documentation on how to apply them to your organization. Most are designed to map out data flow, identify soft points in organizational processes, and assign mitigations based on specific type of probable attacker and their identified motivations. These models are great, they are thorough, and nobody ever uses them.

Read more

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language