Author: Security on TechRepublic

Immersed in the throes of a cyberattack is not the time to figure out how to respond. An expert offers suggestions on how to create a company-specific incident-response plan.

You don’t have to go back to school or blow your budget to train for a career in cybersecurity, which is in high demand right now.

From managing backups and Linux distributions to troubleshooting hard drive failure and protecting company data, it’s easy to see why IT pros are overwhelmed and overworked.

Adding a digital signature to your email is just one simple step you can take in your journey for more secure communications. Jack Wallen shows you how this is done in the latest version of Apple Mail.

Managing passwords and privileged access is bad enough for people—but that’s going to be dwarfed by the problem of dealing with non-human identities.

Tech support scams work because they try to trick people into believing there’s a serious security crisis with their computers, says Norton Labs.

The new CX 10000 integrates security services, like a firewall, directly into a one-unit network switch deployable anywhere security and other services need to reside.

Two out of three organizations surveyed by ThycoticCentrify were hit by a ransomware attack over the past 12 months, and more than 80% reportedly opted to pay the ransom.

Traditional security solutions are no longer enough to protect your organization from a data breach, Bitglass says.

Weather events and port issues have caused major disruptions in the global supply chain. Tom Merritt gives us five ways to deal with it.

Tom Merritt gives us five ways to deal with the uncertainty of weather events and port issues.

CIOs must prioritize the same business imperatives and find the IT force multipliers to enable growth and innovation, according to a Gartner analyst during Gartner’s IT Symposium.

While you’re sipping that pumpkin spice latte, make sure to review your company’s cybersecurity policies.

If you need to hide sections of text in Google Documents, give the handy DocSecrets add-on a try.

Make sure the Linux servers in your data center are free from vulnerabilities by scanning them immediately using Nessus.

This week the White House held a summit with various nations to address the threat of ransomware. Learn some of the takeaways and why certain nations were excluded.

A voice phishing campaign spotted by Armorblox tried to convince people to give the attackers access to their computer.

The new ransomware family, called Yanluowang, appears to still be under development and lacks some sophisticated features found in similar code. Nonetheless, Symantec said, it’s dangerous.

Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. But when SELinux is involved, you have to take a few extra steps. Jack Wallen shows you how.

CIOs have had their hands full since the start of the pandemic with three risk management and governance priorities weighing heavily on their minds.

More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.

A ransomware kit costs as little as $66, though it needs to be modified, while a spearphishing attack can run as low as $100, says Altas VPN.

How can you protect your network and data from consent phishing attacks? Microsoft’s new app compliance program can help.

You can develop the skills to qualify you for a variety of tech careers all online and on your own schedule.

Jack Wallen demystifies these two Linux admin tools because knowing which sudo or su command to run is important.

Though the final price for a cybercriminal’s services is usually negotiated, personal attacks are the most expensive, says Comparitech.

With more workers at home than ever before, security has become an even bigger concern. Tom Merritt shows us how to be extra safe.

Tom Merritt shows us how to be extra safe while more workers than ever before are working from their home offices.

In a survey by BlueVoyant, 97% of people said they’ve been impacted by a security breach that occurred in their supply chain.

Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says.

Let’s make issuing and installing SSL certificates less of a challenge. Tools like acme.sh can help. Jack Wallen shows you how to install and use this handy script.

With video use on the rise across the board, new technologies are being deployed to prevent it from being pirated or showing up in places it shouldn’t.

If you’ve already learned SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground.

Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises.

The addition of Reveal(x) Advisor services to the Reveal(x) 360 network detection and response tools helps organizations proactively manage cybersecurity hygiene and accelerate incident response.

Jack Wallen offers a different method of securing SSH that could be rather timely in helping to lock down your Linux servers.

How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.

Unrelated to other recent problems Facebook has had, this particular batch of data was scraped from profiles, meaning it’s publicly available knowledge. That doesn’t stop it from being dangerous.

Anyone who needs to hide away sections of text in Google Documents should give this handy add-on a try.

A flaw in Coinbase’s setup of SMS-based MFA allowed attackers to compromise a large number of accounts.

Retribution by hacking back might make you feel better, but experts urge caution and explain why it’s a bad idea.

A recent AtlasVPN report rounds up an inglorious cybersecurity top 10 of sorts, highlighting the companies that have amassed the most vulnerabilities in the first half of this year.

When change affects people in your organization, remember that you have a wealth of talent that needn’t go to waste. Consider re-skilling to meet the company’s needs as well as the employees’.

Many respondents are planning to continue remote operations for the next couple of years, but what strategies are they implementing to protect themselves in the age of remote work at scale?

More than half of consumers surveyed by Ping Identity said they ditched an online service when logging in proved too frustrating.

For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Here is how to do it.

Just a couple of years of IT experience is all that’s necessary to break into the cybersecurity field with this self-paced training.

Office 365 and Azure Active Directory’s security diagnostics are surprisingly useful tools.

A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.

An August Beyond Identity report takes a look at people’s password protection habits as well as their tendencies to guess other folk’s passwords.

Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.

Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds.

Canonical announced that its managed services had MSPCV Certification. Jack Wallen believes this milestone should help big businesses realize it is time to trust open source software.

The free decryption tool will help victims restore their encrypted files from attacks made before July 13, 2021, says Bitdefender.

By using an alternative means of authentication, you can now go passwordless on your Microsoft account.

One out of every two on-premises databases has at least one vulnerability, according to a study from Imperva Research Labs.

Tuesday is National Online Learning Day. To ring in the holiday, we’ve crafted a guide to help students of all ages stay safe online and protect the home network in the virtual classroom.

A Sonatype survey also found a 650% year-over-year increase in supply chain attacks aimed at upstream public repositories.

T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.

Some people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.

Social media is overflowing with quizzes, surveys and opportunities to tell the world about yourself. Learn why you should skip these to protect yourself and your identity.

Designed to combat zero-day flaws exploited in Apple’s operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac.

The smart home could be ripe for IoT device attacks as cybercriminals rake in record ransomware payments. Remote work may be responsible for the increase in attacks, Kaspersky says.

Jack Wallen shows you how to use mkcert. If you need to generate quick SSL certificates for test servers and services, this might be the fastest option available.

Endpoint detection and response (EDR) software detects and identifies threats on network-connected devices. Compare features of top EDR tools.

Most executives cite ransomware as their biggest security concern but few have run simulated attacks to prepare, says Deloitte.

Dark Web prices for fake COVID-19 vaccination cards shot up from $100 to $200 almost immediately after the U.S. president announced new mandates, says Check Point Research.

Biometrics are moving beyond banks and joining fingerprints and faceprints as a way to confirm employee and customer identities.

Despite economic optimism, many companies are concerned about the impacts of the coronavirus pandemic and have temporarily closed as they adapt to new tech tools and work models.

Some of these phrasings are standard day-to-day subject lines, but as one expert explained, “the attacker wants you to be moving too fast to stop and question if it’s legitimate.”

In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.

Chances are good you’re not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.

Cyberattacks have surged during the coronavirus pandemic as criminals rake in bountiful ransomware payouts. Malicious office docs have been on the rise for months, per a new report.

Two-step verification can better secure and safeguard your account. Here’s how to set it up.

IT teams are experiencing employee pushback due to remote work policies and many feel like cybersecurity is a “thankless task” and that they’re the “bad guys” for implementing these rules.

Technology is not the only answer: An expert suggests improving the human cyber capacity of a company’s workforce plus cybersecurity technology offers a better chance of being safe.

Supervised and unsupervised machine learning are good ways to detect threats. But what’s the difference?

Making predictions about data is the next frontier in terms of identifying risk in your infrastructure, expert says. But is it right for your organization?

Selling prices for stolen PayPal accounts have shot up by 194%, according to research by Comparitech.

Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.

Sites used by the infamous cybercrime group have mysteriously come back to life. Does that mean it’s back in business after a brief respite?

Only 33% of users surveyed by NordPass changed the default passwords on their IoT devices, leaving the rest susceptible to attack.

Does your company need a head of data privacy, a data breach response plan, blockchain technology or something else to keep its data safe? Here are some challenges and recommendations.

You can tell iOS and iPadOS apps not to track your activity. Here’s how.

Online fraud is getting sneakier and stealthier as mischievous operatives evolve their techniques. Learn some of the unique tricks afoot today and how to spot them.

Cybersecurity training is not the same across all companies; SMB training programs must be tailored according to size and security awareness. Here are an expert’s cybersecurity training tips.

Fail2ban should be on every one of your Linux servers. If you’ve yet to install it on either Rocky Linux or AlmaLinux, Jack Wallen is here to help you out with that.

After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.

The Labor Day holiday could be prime time for more than just barbecues and closing the pool for the year as the open season on ransomware continues.

Soft skills are just as important, if not more so, than technical skills in cybersecurity professionals. People with soft skills can be trained in tech skills, expert says.

Identity and access management is pushing application security past single-factor authentication (a password) and even multi-factor authentication to a risk management model says Ping Identity CEO.

Andre Durand, Founder and CEO of Ping Identity, talks about out how identity and access management is changing software development and application security in this Dynamic Developer episode.

Tom Merritt tells us the things that are getting in the way of autonomous car adoption.

Tom Merritt tells us about the things that are getting in the way of autonomous car adoption.

Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passé, it’s time to make the leap to better security.

Expert: Information management can also lead to a massive value proposition in being able to tap into governed data for business insights.

Bringing together siloed data from all parts of the business is a huge challenge to IT departments when meeting compliance requirements.

The EO is designed to protect federal networks, foster information sharing between the government and private sector, and better respond to cyber incidents. But will it do the trick?

Canonical has made it easy for admins to join Ubuntu Desktop to Active Directory domains. Jack Wallen walks you through the steps.

The administration, public and private sector leaders applaud the initial steps outlined but said more action needs to be taken.