Guru's Picks

By Javvad Malik, security awareness advocate at KnowBe4 A colleague of mine is attending RSA for the first time (hi James). I was going to write him some tips on preparing and surviving RSA, but thought that like him, many others may be attending RSA for the first time. Therefore, as someone who has attended many times, I feel like it’s my duty to prepare you for what is to be expected. The Prequel At...

Data privacy is at the center of core issues that governments are trying to solve this year. Privacy advocates have been requesting more stringent privacy laws and governments have responded. The European Union’s General Data Protection Regulation (GDPR) has served as an effective blueprint for new privacy laws. This year, we are seeing new privacy laws come into effect, such as Brazil’s LGPD, the United States’s CCPA, and more. Under GDPR, there have been over...

With 2FA and MFA being adopted across the board, cybercriminals have devised a way to circumvent this security measure with a simple technique. By leveraging the easy security questions that mobile providers ask users when they wish to swap operator but maintain their phone number, threat actors are able to impersonate unsuspecting victims by effectively stealing their mobile number. One study conducted by researchers at Princeton found that North American prepaid telecom companies, in most...

What is it? A man-in-the-middle/spoofing vulnerability exists in Windows 10, Windows Server 2016/2019 – when an authenticated attacker is on the target system, they can use a spoofed code-signing certificate to sign malicious executables making the file appear as if it’s from a trusted source. This vulnerability is post-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could conduct man-in-the-middle attacks and decrypt encrypted traffic such as traffic sent over the...

A word that has become synonymous with suspicious, illegal or unscrupulous online activity, it is hard to avoid bots being mentioned in one capacity or another in 2020. Now accounting for 50% of online traffic, bots and the legality of bots remains a misunderstood subject. Defined in layman’s terms as an automated tool that mimics human behaviour in order to generate a large amount of traffic, bots can be used for almost anything online, most...

Tim Mackey, Principal Security Strategist for the Synopsys CyRC (Cybersecurity Research Centre): Politicians, be weary of digital assistants Cyber-attacks on 2020 candidates will become more brazen. While attacks on campaign websites have already occurred in past election cycles, targeted attacks on a candidate’s digital identity and personal devices will mount. With digital assistants operating in an “always listening” mode, an embarrassing “live mic” recording of a public figure will emerge. This recording may not be...

What if I told you that 1.5% of publicly leaked passwords were still being used to sign in to Microsoft accounts? It doesn’t sound like much, but it actually equates to 44 million users still using leaked passwords for their Microsoft accounts. This is what the Microsoft research team found when it performed a scan of its user and Azure AD accounts versus the three billion publicly leaked credentials for the first quarter of the...

Black Friday is here, and deals are popping up all over the internet. Consumers are browsing for the most generous discounts, their inboxes flooded with promotional emails alerting them of cheap flights to exotic locations available for a fraction of the cost. But while the prospect of acquiring a new smartphone at a slashed price may appealing, the cybersecurity community is all but confident that things will run smoothly for customers, who will be targeted...

A study of more than 1,000 IT security professionals by Dimensional Research found that of the 94% that give third-party users access to their network, a whopping 61% are unsure if those users are attempting to access unauthorised data.

4iQ, the leader in Identity Intelligence, today released data from recently completed research focusing on Americans' attitudes about cybersecurity breaches and the efforts that organizations make to mitigate breaches' effects on identity theft. The findings indicate that a large proportion of Americans (44%) believe their personally identifiable information (PII) has been stolen as a result of a data breach. A strong majority (63%) are concerned that prior breaches could lead to future identity fraud, and a significant number (37%)...