Yes, the passwords users choose *really* matters

Posted by:

Earlier this month, we celebrated that little-known tribute day known as World Password Day.

Responsible security organizations should use this opportunity to share best practice advice to help people understand just how darn easy it is for fraudsters to cause havoc if they can access privileged accounts authorized to change, edit and delete files, settings, apps or data.

Sadly, it seems that it is also a day where marketing people, who might be less au fait with cybersecurity, ...

Read More →
0

Lessons learned from the Equifax Breach – Part 1

Posted by:

First, Props to @briankrebs for the evil Equifax logo. 

While those unaffected by the Equifax breach have been stuffing their faces with proverbial popcorn as they watch the latest unveilings and press announcements, those worried that their most sensitive and identifying details have been leaked simply look on in horror, unknowing how to proceed.

The exact details of how the hackers made off with so much data remain fairly obscure. Equifax has

Read More →
1

We’ve all got password fatigue, but are NIST’s new policies wise?

Posted by:

Ah the necessary evil of passwords.

Those of us who have worked in organizations that require users to change passwords at set intervals know what I mean.

Typically every three to six months, users are requested to perform a password change – maybe in the form of an annoying pop-up alert. In some setups, the user is lock out of the system until a new memorable password (but one that follows the complex password creation guidelines) is set.

A ...

Read More →
0

IoT and DDOS: security advice following the Marai botnet attack on Brian Krebs

Posted by:

A giant botnet made up of zombie internet-connected devices (or IoT devices) was used to strike a massive Distributed Denial-of-Service attack (DDoS) against Brian Krebs’ website, the site of a well-known cybersecurity blogger, last month.

Some have estimated the botnet’s size may have been a million strong.

Worse, as Krebs reported on the 1 Oct:

 “The source code that powers the “Internet of Things” (IoT) botnet responsible for launching ...

Read More →
0

Yes, turning on multi-factor authentication (aka 2FA) is really important

Posted by:

When you work within an industry like IT security, you can sometimes get blindsided. Perhaps you feel untouchable by the bad stuff out there, simply because you know it exists, and you know how to secure against it.

Here’s a good example: many who are knowledgeable about IT security KNOW that multi-factor authentication (2FA) is a vital security measure, yet many haven’t turned it on for the majority of their apps (not that all apps offer 2FA, and you should reconsider ...

Read More →
0
})
SEC Cybersecurity Exams