InfoSec News


Secure Information Management

 

Penetration (pen) testing is a critical tool in the IT security of a company. Knowing what, if any, vulnerabilities exist in your applications will help to prevent the potential damage caused by hackers. A good penetration test should identify what harm could be done to applications, or the company, should they successfully identify any vulnerabilities and capitalise on them.


Read More →

Although private VPNs are a way to let employees connect to their business networks remotely and securely, they continue to be popular for individual use. With all of the hacking and identity theft incidents we hear about daily, having extra protection to encrypt the data that is transmitted via the internet is a plus for anyone. Virtual Private Networks provide extra security by encrypting data as it is transmitted through your ISP or Internet Service Provider. They also provide protection from hackers while surfing the internet using public wifi.


Read More →

A popular new type of scam (that has allowed Cyber criminals to milk companies out of billions over the last three years) is rooted in unauthorised access to CEO and C-suite executive address books.


Read More →
 
Media sources reported recently on the  Yahoo hack, the biggest cybersecurity breach to date.  Recode and the Washington Post's Daily 202 are among the first sites that commented on Yahoo's then-pending confirmation that a 2014 cyber attack affected over 500 million Yahoo users.

Read More →

We've all heard of the phrase "possession is nine-tenths of the law". However, when it comes to USB sticks, especially those that are "found", this law couldn't be farther from the truth. Put simply, if you're not 100% sure where it came from and what is on it - don't expose your sensitive data to it. In a study this year, people left USB sticks in a parking lot and found that half of them got picked up and put into computers.


Read More →

Electronic medical records are some of the most personally sensitive information in society.  Health care professionals may not be aware that private medical records are being sold daily on the dark web and are a financially attractive asset. Health care professionals need to take the insider threat seriously as exfiltration of personal health records could occur through mistake or malice. Insecure sharing or storage of health care information can lead to this sensitive information either being stolen by a disgruntled staff member or inadvertently shared with an unauthorised third party. The reputational loss for the provider in the event of a data breach can be severe, resulting in loss of business.


Read More →

Access control and identity management are at the core of ensuring that users have access to just the material they require for their job. The access control and identity management life cycle ensures that users get precisely the access to sensitive data that they need while it's necessary for their job.


Read More →

End Point Data Loss Prevention (DLP) is a key technical control that should be part of any enterprise information protection solution designed to prevent an Insider Threat data breach. Some debate often occurs about whether a detected breach in policy should cause a pop-up notification to be generated for the user. There are good points to be made regarding not immediately letting a user know they've violated a security policy however I believe most events should generate a pop-up.


Read More →

Be careful what you plug into your USB slot.

This has always been good advice, as malware-loaded USB devices have been around for years. That's not the only risk, though, as a device called "USB Kill" demonstrates. It's a simple design; it charges its capacitors from USB power, then discharges them rapidly. This results in higher current than the computer can handle, and will do serious damage to most devices that it's plugged into. It does its work in a few seconds.


Read More →


The idea of identity theft is a modern, computer age nightmare. In the old days, stealing identities was mainly associated with elections, voter registration, and ballot stuffing. Then, in the 1930s, it was about stealing identifications to gain access to drinking establishments by underage people. In the mid-1960s, identity theft was about illegal immigration and gaining access to the job market in the United States. The current concern of identity theft is much more serious theft of credit and the fraudulent use of banking services.


Read More →
Insider Threats Prevention Guide - The hidden risk of business collaboration

Popular Posts

INFOSEC INSIGHTS