dcsimg

Misleading cybersecurity lessons from pop culture: how Hollywood teaches to hack

In pop culture, cybercrimes are often portrayed as mysterious and unrealistic. Hackers are enigmatic and have extraordinary tech abilities. They can discover top secrets in a short time and type at breakneck speed to hack into a database. In real life, though, hacking is not that straightforward. Hackers may have technical capabilities and high intelligence, but they are otherwise normal human … [Read more...]

A decade in cybersecurity fails: the top breaches, threats, and ‘whoopsies’ of the 2010s

This post was co-authored by Wendy Zamora and Chris Boyd. All opinions expressed belong to your mom. Back in the days before climate change stretched frigid winter months directly into the insta-sweat of summer, there was a saying about March: in like a lamb, out like a lion. The same might be said about the last decade in cybersecurity fails. What kicked off with a handful of stories about … [Read more...]

Report: Organizations remain vulnerable to increasing insider threats

The latest data breach at Capital One is a noteworthy incident not because it affected over 100 million customer records, 140,000 Social Security numbers (SSNs), and 80,000 linked bank accounts. Nor was it special because the hack was the result of a vulnerable firewall misconfiguration. Many still talk about this breach because a leak of this magnitude, which we’ve historically seen … [Read more...]

As Internet turns 50, more risks and possibilities emerge

This op-ed originally appeared in the San Francisco Chronicle on October 28, 2019. We occupy a richly-connected world. On the Internet, we collapse distance and shift time. But this Internet that delivers mail, connects us with friends, lets us work anywhere, and shop from the palm of the hand, is a mere 50 years old, slightly younger than Jennifer Aniston and Matt Perry. On October 29, … [Read more...]

When can we get rid of passwords for good?

Or perhaps I should have asked, “Can we ever get rid of passwords for good?” The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or users simply can’t keep up with having to remember 27 different passwords for … [Read more...]

Europol: Ransomware remains top threat in IOCTA report

The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment (IOCTA) report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also seen and documented—remains the most prominent threat in terms of prevalence and financial … [Read more...]

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

Those who are familiar with Bluetooth BR/EDR technology (aka Bluetooth Classic, from 1.0 to 5.1) can attest that it is not perfect. Like any other piece of hardware or software technology already on market, its usefulness comes with flaws. Early last week, academics at Singapore University of Technology, the CISPA Helmholtz Center for Information Security, and University of Oxford released … [Read more...]

How to get your Equifax money and stay safe doing it

Following the enormous data breach of Equifax in 2017—in which roughly 147 million Americans’ suffered the loss of their Social Security numbers, addresses, credit card and driver’s license information, birthdates, and more—the company has agreed to a settlement with the US Federal Trade Commission, in which it will pay at least $650 million. Much of that settlement—up to $425 million—is … [Read more...]

Hi, honey. It’s mom. My phone is acting funny again.

Whether it’s setting up access to a Netflix account on a smart TV or enabling personal email on an iPhone, some people—of all ages—have a hard time figuring out user-friendly technology. However, often times it’s older generations that have to turn to their progenitors for everything from uploading pictures to the cloud to deciding whether it’s safe to open an attachment. Despite results … [Read more...]

Cooperating apps and automatic permissions are setting you up for failure

“Hey you. Someone from HR has invited you to a meeting on Thursday. Would you like me to add the appointment to the calendar?” Receiving an email notification when someone has invited you to a meeting is a feature that many professionals would not like to miss. Being able to log in at certain sites with your Facebook profile might be less indispensable, but nevertheless, it’s a heavily-used … [Read more...]