Don’t be a ransomware victim

Ransomware is making the news more and more, and I suspect this will continue to happen for the next few years at least. Attackers mostly exploit neglect and a lack of expertise, and it’s a sure bet that their sights will turn to the cloud in time.

One of the reasons we’re not seeing more attacks within public clouds is that they are well maintained and updated and have much better security than their on-premises counterparts. However, as most security experts will tell you, nothing is 100% secure, and cloud security still has some evolving to do before it’s close to optimized.

To read this article in full, please click here


Source: Infoworld.com | Security

Cloud security is still a work in progress

As a cloud architect, I am amazed that cloud security is still so hard. We’ve had identity access management (IAM) for more than a decade. Now we have deep encryption services, key management, and most recently, zero trust and secure access service edge (SASE). Note that zero trust and SASE are terms defined by Forrester Research and Gartner, respectively, and not by groups of security solutions providers.

Despite all this security technology, security solutions have become more complex and difficult to operate as cloud deployments themselves become more complex. As the technology and technology concepts (such as SASE) add more big ideas to the problem, the growth of cloud, Internet of Things, edge computing, and now work from anywhere quickly outpaces our ability to provide workable and cost-effective security. Our deployments become less secure rather than more.

To read this article in full, please click here


Source: Infoworld.com | Security

Google abandons URL shortening in Chrome

Google has called quits on the notion of truncating URLs in Chrome, according to a note from earlier this month in the Chromium project’s bug database.

“This experiment didn’t move relevant security metrics, so we’re not going to launch it,” Emily Stark, a staff software engineer on the Chrome team, wrote in the June 7 entry.

Android Police first reported on Stark’s note June 10.

To read this article in full, please click here


Source: Computerworld.com | Security

Fake News

Fake news is a false narrative that is published and promoted as if it were true. People (and organizations) create fake news to control and manipulate your thoughts and actions. Be skeptical of what you read on the Internet, use trusted sources that are vetted, check their motivations and funding.
Source: SANS Security Awareness

Securing Your Wi-Fi Access Point

The first step to creating a cybersecure home is to start by securing your Wi-Fi Access Point. Change your Wi-Fi Access Points default administrator password to something only you know. Many Wi-Fi Access Points or Wi-Fi routers are shipped with default administrator passwords that are publicly known and posted on the Internet.
Source: SANS Security Awareness

Finding a USB Drive

Be very careful of any lost USB drives you may find (such as in the parking lot or local coffee shop) or USB drives you are given at public events, like conferences. It is very easy for these devices to be infected with malware. Never use such devices for work, use only authorized devices issued to you by work.
Source: SANS Security Awareness

Identity Theft

Identity theft is when someone steals information about you and then uses that information to pretend to be you and commit crimes, such as credit card fraud. One of the key steps to protecting yourself is monitoring your financial, credit score and credit card accounts. The sooner you detect fraud in any of these accounts, the sooner you can minimize the damage.
Source: SANS Security Awareness

Major News Events

When a major news event happens, cyber criminals will take advantage of the incident and send phishing emails with a subject line related to the event. These phishing emails often include a link to malicious websites, an infected attachment or are a scam designed to trick you out of your money.
Source: SANS Security Awareness

Installing Mobile Apps

Only install mobile apps from trusted places, and always double-check the privacy settings to ensure you are not giving away too much information. Does that mobile app really need access to contacts or need to know your location at all times?
Source: SANS Security Awareness

Predict – Prevent – Detect – Analyse – Respond | Cyber Security