Opinions & Analysis

Privacy Day, or Data Protection Day in Europe, was instituted to raise awareness on the importance of upholding data protection best practice. The recent institution of privacy regulations such as GDPR and CCPA made organisations reflect on how they store and use consumers' personal information across the board, marking a significant milestone in the way data is handled in the digital era. Here's what experts had to say: Corin Imai, Senior Security Advisor at DomainTools:...

Cyber defence is often focused on protecting the digital assets of an organisation, such as its networks, endpoints and databases, as well as assets exposed on the internet, such as company websites. However, what many fail to realise is that there is yet another class of assets that need to be considered – company executives. In fact, some hackers find that targeting the chief executive officer (CEO), chief operating officer (COO), or chief financial officer...

Data privacy is at the center of core issues that governments are trying to solve this year. Privacy advocates have been requesting more stringent privacy laws and governments have responded. The European Union’s General Data Protection Regulation (GDPR) has served as an effective blueprint for new privacy laws. This year, we are seeing new privacy laws come into effect, such as Brazil’s LGPD, the United States’s CCPA, and more. Under GDPR, there have been over...

DevOps culture makes things happen faster. Faster delivery, faster testing, faster release. On one hand, it adds control over what is going on in the infrastructure. You can recover faster. You can redeploy your compromised app components. You can roll back to the previous build. On the other hand, fast changes mean fast decisions. Some security vulnerabilities can pass through automatic testing. Some DevOps tools may be compromised also. We experienced a security issue when...

By John Conwell, data scientist at DomainTools   The security industry is in constant flux. As attackers move the goal posts in order to further their own nefarious aims, the security industry scrambles to keep up. As we approach the beginning of a brand-new year, and a brand-new decade, I have outlined some areas where I believe we will see security threats developing into 2020 and beyond.   DeepFake-Driven Phishing:   DeepFake Driven Phishing: DeepFake is a...

Tim Mackey, Principal Security Strategist for the Synopsys CyRC (Cybersecurity Research Centre): Politicians, be weary of digital assistants Cyber-attacks on 2020 candidates will become more brazen. While attacks on campaign websites have already occurred in past election cycles, targeted attacks on a candidate’s digital identity and personal devices will mount. With digital assistants operating in an “always listening” mode, an embarrassing “live mic” recording of a public figure will emerge. This recording may not be...

What if I told you that 1.5% of publicly leaked passwords were still being used to sign in to Microsoft accounts? It doesn’t sound like much, but it actually equates to 44 million users still using leaked passwords for their Microsoft accounts. This is what the Microsoft research team found when it performed a scan of its user and Azure AD accounts versus the three billion publicly leaked credentials for the first quarter of the...

2019 has been the year of the data breach with over 10 billion records estimated to have been leaked. The news headlines have been flooded with unfortunate attacks with enterprises on both sides of the Atlantic suffering. Whether it’s ransomware, phishing or endpoint attacks, there’s always something on the horizon waiting for its turn in the spotlight. Yet, with 2020 now on our doorstep, cyber security professionals are concerned with what new threat vectors may...

This week, the Labour Party reported a "sophisticated, large scale cyber attack" hitting its digital platforms. What is believed to have been a Distributed Denial of Service attack was blocked by the party's cybersecurity systems. The Labour Party reported the attack to the National Cyber Security Centre, and the party leader, Jeremy Corbyn, admitted to the Independent that the event made him "very nervous" about the upcoming elections. Here's what cybersecurity experts had to say...

By Tarik Saleh, Senior Security Engineer at DomainTools Advanced Persistent Threats are long term patterns of network exploitation that go undetected for extended periods of time and are usually aimed at high profile targets such as governments, higher education institutions, political activists, and companies. They are often motivated by economic, political, and financial reasons, and the attacks tend to be highly targeted, resourceful, and risk tolerant.   The typical APT involves several phases:   Infiltration/Initial compromise:  This...