In my last post, I briefly summarized the evolution of network security. I will now discuss how network security strategies are no longer meeting the needs of organizations’ increasingly complex IT environments.A Different StrategyTechnological innovation has changed the nature of the network itself. No longer are employees limited to their workstation

You probably remember the massive iCloud breach in 2014 that resulted in compromised celebrity photos spreading through the internet like wildfire. That egregious invasion of privacy caused great embarrassment and damage to the reputations of nearly 100 A-list stars.Fortunately, these bad deeds did not go unpunished. In 2016, two men were brought to justice

Data privacy is a concern for many Americans, but the U.S. Senate is on its way to putting your data at even higher risk of privacy issues. Current laws have broadband privacy rules in place that require Internet Service Providers to receive explicit consent from consumers before they can share or sell private information, such as web browsing data, to adver

Otherwise known as the measuring stick by which your GDPR compliance will be assessed, the six core principles of the GDPR are the basic foundations upon which the regulation was constructed.Unquestionable and pure in nature, they are rarely acknowledged for one simple reason: five of the six have no real application in helping you in peddling products and s

Network security has been around almost as long as we’ve had networks, and it is easy to trace the various elements of network security to the components of networking that they try to mitigate. Over the past 30-35 years or so, the expansion of networking, especially the increased reliance on the Internet both as an avenue for commerce and as the corporate b

If there’s one day of the year when everyone has their guard up, it’s April Fool’s Day.After all, who can put their hand up and say that they have never been duped by an April Fool’s trick?Some of the classic April Fool’s stunts have gone down in history, such as the BBC’s news report from 1957 showing the annual spaghetti

The private IP space defined by RFC 1918 contains almost 18 million IP addresses. A customer was interested in having me do host discovery on this entire space for their private IP space. This is interesting data for network owners because it:Increases awareness to the size of the network attack surface, such as the number of accessible hosts and servicesCan

This is my first blog in an ongoing “It’s Not Rocket Science” series featuring articles on Information security.“Security is not an absolute, it’s a continuous process and should be managed as such. Security is about risk reduction, not risk elimination, and risk will never be zero. It’s about employing the appropriate security controls tha

The Russian author of the notorious Citadel malware which infected over 11 million PCs and stole an astonishing $500 million from bank accounts has pleaded guilty to his crimes.29-year-old Mark Vartanyan, who went by the online handle of “Kolypto”, was arrested in the Norwegian town of Fredrikstad in 2015 at the request of the FBI. His extraditio

Funny how kids have an affinity for toys we enjoyed as kids. Like Legos. They will spend hours creating the biggest “thing”, often leading to a parent’s near universal response, “Johnny! That is the biggest tower I have ever seen! Great job!” Children (and we) love Legos because they foster imagination, offering a limitless way to create something “gigantic!

Almost everything you read or hear about routers includes a sentence or two about router security. The focus is generally on this essential piece of hardware as the first line of defense in an internet-connected world. Many medium-sized companies and large corporations take this into account when they purchase and set up their network infrastructure.They ten

Digital attackers have many different strategies for infiltrating a target organization. That even goes for companies with robust perimeter defenses. Bad actors simply need to find a soft target they can exploit. Oftentimes, they find what they’re looking for along a target’s supply chain.We can best understand the supply chain as a network of pe

When hard disk drives contain super sensitive data, cybersecurity professionals like myself will usually recommend that they shouldn’t be placed in any computers that have an operational TCP/IP stack. There are various ways that internet-connected computers can secure themselves against attack, such as firewalls, IPS devices, antivirus software, and OS

Do you own an internet-connected DVR, CCTV or IP camera?You may want to check who manufactured it, as proof-of-concept code has been released capable of automating attacks against devices made by Dahua Technology.The firm has issued a security bulletin after a vulnerability researcher claimed that he had uncovered what he believed to be a backdoor into the d

NextGEN Gallery is an extraordinarily popular plugin for self-hosted WordPress websites, having been downloaded over 16.5 million times.The software’s widespread popularity (it claims to have been “the industry’s standard WordPress gallery plugin” since 2007) makes it an seemingly obvious choice for website owners looking to add image