Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication (2FA) than SMS (which is vulnerable to SIM swap attacks and phishing), and apps that generate codes or push noti

Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check.These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to use remote

On January 13 the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about several recent successful cyberattacks on various organizations’ cloud services. What methods did the attackers use? In the initial phase, the victims were targeted by phishing emails trying to capture the credentials of a cloud service account. Once the at

Malwarebytes recently received a report about a fresh spate of Bitcoin sextortion scam campaigns doing the rounds. Bitcoin sextortion scams tend to email you to say they’ve videoed you on your webcam performing sexual acts in private, and ask you to pay them amount in Bitcoin to keep the video (which doesn’t exist) private. This type of blackm

A team of researchers working for vpnMentor has found a treasure trove in the form of an unsecured Elasticsearch database containing over 380 million records. The trove contained login credentials and other data belonging to Spotify users. So what’s Spotify doing leaving its user data hanging around on an unsecured database? Answer: It’s not.

Every organization in the financial industry needs to meet certain regulatory obligations, even if it’s just filing a tax return or submitting an annual report. In certain industries, such as financial services, they’ve added their own additional sets of rules that must be adhered to. For example, organizations who take and process credit card payments

Prior to the global pandemic, we were beginning to see a shift in companies realizing the need for mobile device and app security. Private and public sector organizations alike, began to see how hackers were breaching and compromising mobile devices and – in turn – putting their employees and the companies themselves at risk.  And then came COVI

Lock-downs and social distancing may be on, but when it comes to addressing the need for IT support—whether by current of potential clients—it’s business as usual for MSPs. And, boy, is it a struggle. On the one hand, they keep an eye on their remote workers to ensure they’re still doing their job securely and safely in the comfort of their own homes.

byJohn E DunnThe menace of Business Email Compromise (BEC) is often overshadowed by ransomware but it’s something small and medium-sized businesses shouldn’t lose sight of.Bang on cue, the FBI Internet Crime Complaint Center (IC3) has alerted US businesses to ongoing attacks targeting organisations using Microsoft Office 365 and Google G Suite.Warnings

byJohn E DunnCybercriminals compromise 0.5% of all Microsoft enterprise accounts every month because too few customers are using multi-factor authentication (MFA), the company has revealed.In a presentation uploaded to YouTube from the recent RSA Security Conference, director of Identity Security Alex Weinert said 1.2 million accounts were compromised in Jan

In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must be considered suspect—questioned, investigated, and cross-checked—until we can be absolutely sure it is safe to be allowed. Zero Trust is a concept created by John Kindervag in 2010 during his

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware’s got its hooks in global businesses and shows no signs of stopping. That includes a malware family known as Phobos ransomware, named afte

Or perhaps I should have asked, “Can we ever get rid of passwords for good?” The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or users simply can’t keep up with having to re

Trust is an important part of online business today, especially in light of so many high profile data breaches and stolen identities. Most recently, according to ARS Technica, an anonymous hacker made a series of posts to Pastebin, claiming that the posts contained login credentials for hundreds of Dropbox users. The hacker also claimed that near