5 tips: Choosing the best cloud vendor
When it comes to cloud security, know the difference between a great--or just okay--cloud vendor.
Author Archives: Security on TechRepublic
How to set the AppArmor mode for a service in Ubuntu Server
If you work with a service outside of its standard behavior, you may need to change its AppArmor profile mode.
How to regenerate certificates on VMware host servers
Regenerating certificates may securely resolve authentication traffic, which is not being properly encrypted.
5 workplace technologies that cause the most employee data breaches
Some 83% of US security professionals said employees have accidently exposed sensitive customer information, according to an Egress survey.
Best practices for handling gaps in cloud security
Establishing sufficient cloud security is a complex challenge. Learn where your attention is best directed to achieve the best results.
How to help CISOs understand their role in cloud security
Some 90% of CISOs are confused about their role in securing a SaaS environment, according to an Oracle and KPMG report.
How to use RoboForm to create and secure your website passwords
RoboForm is an effective tool for creating and managing your website passwords. Learn how to use this password management tool.
Network recovery advice: Experts weigh in
In the old days, you just had redundant everything, and disaster recovery meant switching over. Not so in the world of cloud computing, security nightmares, and virtual everything.
Photos: 10 privacy apps that help mobile users feel safer
If you're worried about privacy on your personal or company-issued mobile device, these 10 apps can help protect your data.
The year 2018 was the second most active year on record for data breaches, report says
Despite a slight dip in the total number of breaches it was still a banner year for hackers focused on stealing data from websites, according to a Risk based Security report.
Report: Industrial control systems face uphill security battles in 2019
A trio of reports from ICS security firm Dragos point out what was learned in 2018 and give industrial security teams some tips for making 2019 less dangerous.
How to create a hidden admin account in macOS
Keep local administrative accounts from being a malicious user's target by creating an invisible account.
Pirates found abusing Apple Developer Enterprise Program to distribute modified apps
Following revelations that Facebook, Google, Amazon, as well as purveyors of illicit content are abusing the Developer Enterprise Program, new reports show pirates are as well. Who's left?
Burnout warning: High stress levels impacting CISOs’ physical, mental health
Increasing pressure, hefty workloads, and budgetary deficits have significant negative effects on CISOs worldwide, according to a Nominet report.
How to create a home office VPN server with Microsoft Azure
Creating a do-it-yourself VPN that you manage and access on your own terms is not as difficult as you might think.
How to protect and secure your web browsing with the Brave browser
The Brave browser offers built-in protection against ad trackers, third-party cookies, and other potential threats to your privacy. Here's how to use it and tweak it.
More developers are abusing Apple Developer Enterprise Program to distribute illicit apps
Apple has less of an iron grip over iOS than first thought, as organizations are using the Developer Enterprise Program for apps that would not be allowed in the App Store.
4 ways your company can avoid a data breach
Only one in three organizations say they are confident they can prevent data breaches, according to Balbix.
Have tech companies taken two-factor authentication too far?
Apple is facing a lawsuit from a user claiming that two-factor authentication is a "waste of their personal time." Here's why businesses shouldn't ignore the security measure.
5 blockchain terms business leaders need to know
Blockchain technology is critical to business security, according to a Globant report. Here are the important blockchain terms to get accustomed with.
Cryptocurrency-stealing Clipper malware caught in Google Play Store, here’s how to avoid it
Cybercriminals are modifying wallet IDs copied to the clipboard in hopes that users will accidentally transfer funds to the wrong account.
How to use SSH to proxy through a Linux jump host
Make your networks more secure by using an SSH to proxy through a jump host from one machine to another.
Help! Need VPN recommendations for Android
What VPN would you recommend for an Android user who uses public WiFi quite often and wants to buff up their security?
Longest DDoS attack since 2015 lasts 329 hours
While the number of DDoS attacks have declined, they have become much more sophisticated, according to a Kaspersky Lab report.
Infographic: The death of passwords
Enterprises need to start preparing for a future without traditional passwords, according to LoginRadius.
Malicious URLs outnumbered attachments in emails 3 to 1 last year
The end of 2018 saw a spike in malicious attachments which businesses need to be wary of, according to a Proofpoint report.
Attention developers: Google wants to pay you $15,000 to improve cloud security
Google's Confidential Computing Challenge aims to make it easier to achieve end-to-end encryption of data in the cloud.
3 things businesses need to know about customer privacy expectations
After a data breach, 57% of consumers blame companies above everyone else, even hackers, for the event, according to an RSA Security report.
Data breaches, GDPR lead 54% of companies to increase IT security spending
One in three companies is still unprepared for many potential cybersecurity threats, according to an eSecurityPlanet.com report.
4 tips to keep your business safe online, according to Google
Most people still lack an understanding of best practices for passwords and other security measures, Google found.
Why your business needs to work with the government to fight cyber warfare
The US government will not be able to mitigate a cyber-enabled economic warfare attack without help from the private sector, according to a report from FDD and the Chertoff Group.
3 ways state actors target businesses in cyber warfare, and how to protect yourself
State-sponsored groups are leveraging weaknesses in IoT devices to build botnets, and attacking private industry and public infrastructure in attacks, according to a Booz Allen report.
How to lock a user account on Cent OS 7
You can easily prevent unwanted users and attacks from gaining access to your CentOS 7 server.
Spectre and Meltdown explained: New variants and more efficient patches
Learn about these uniquely dangerous vulnerabilities as TechRepublic's James Sanders discusses up-to-date info on the latest variants and best mitigation strategies to minimize performance impact.
How to secure NGINX with Let’s Encrypt
If you run NGINX and want to use free certificates, it's possible with Let's Encrypt.
Why you need to use DMARC and SPF on mail servers to prevent phishing and fraud
Open-source, industry standard specifications are available to protect your business, but real-world deployment is still lower than optimal.
Spectre and Meltdown explained: A comprehensive guide for professionals
Staying up to date on Spectre and Meltdown can be challenging. This guide includes in-depth explanations about these uniquely dangerous security vulnerabilities and the best mitigation solutions.
How to stay safe from Super Bowl-related cybersecurity risks
From counterfeit tickets to live streaming deals, Super Bowl 53 can generate a slew of cybersecurity risks. Learn how to protect yourself.
6 reasons hackers target businesses: Is your organization in the line of fire?
Cyberattacks are increasing, and your organization may be making itself a high-profile target for attackers, according to a Radware report.
Mac malware steals cryptocurrency exchange cookies, text messages for 2FA authentication
The CookieMiner malware attempts to extract credentials for cryptocurrency wallets and exchanges, as well as stored password and credit card information.
Apple revokes Facebook’s ability to deploy apps internally amid privacy scandal dispute
What happens when you get kicked out of Apple's Enterprise Developer program? Facebook is finding out the hard way.
Centrally manage account security by joining ESXi hosts to Active Directory
VMware host servers require advanced software to manage them en masse. Admins can restrict access using AD services to authenticate and manage user account security.
Why you should use a Managed Security Service Provider instead of in-house security
MSSPs provide flexibility, expertise, and efficiencies in scale. Learn about more advantages below.
New DDoS campaign serving four times the number of packets as 2018’s major GitHub attack
The potency of DDoS attacks lies in the number of packets being sent rather than the relative bandwidth involved in the attack.
Apple disables Group FaceTime function that was allowing callers to listen and view without your consent
Apple iPhone users discovered a serious FaceTime bug that lets you hear audio from another iPhone or even view live video without the recipient's knowledge.
57% of IT workers who get phished don’t change their password behaviors
Despite the wide-ranging effects of the Facebook data privacy scandal, only one-fifth of people are concerned over privacy issues related to social media use, according to a Yubico study.
Top 5 ways people are okay sharing data
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.
The Japanese government plans to hack into unsecured IoT devices. Will it work?
Ahead of the 2020 Tokyo Olympic Games, the Japanese government is planning to access unsecured Internet of Things devices to identify users and request they change their passwords.
How to use SSH through a Linux Jump Host
Jack Wallen shows you how you can use SSH to proxy through a jump host from one machine to another.
5 ways to enforce company security
There are several actions companies can take to improve overall employee awareness about security. View the top five below.
Major vulnerability found in Android ES File Explorer app
Popular application ES File Explorer for Android has a significant vulnerability, putting your data at risk. Learn what's involved and how to remediate the threat.
7 bug bounty myths, busted
Interest in bug bounty programs is exploding, as companies look to crowdsourcing to combat hackers. But several misconceptions remain.
How to integrate SSH key authentication into KeePassXC
Make using SSH key authentication a snap with the new ssh-agent feature found in KeePassXC.
Hackers are still using cloud services to mask attack origin and build false trust
Using Google App Engine to mask the destination of links is a staggeringly easy way to conduct a phishing campaign, but Google claims it is not their problem.
Rise of multicloud: 58% of businesses using combination of AWS, Azure, or Google Cloud
Multicloud is much more popular than hybrid cloud, with only 33% of professionals using a hybrid model, according to a Kentik report.
IoT credential compromise attacks open your devices up to spying
Security updates for the lifespan of a given device are critical to protecting your connected device against hackers, according to a Barracuda report.
Photos: The top 10 computer security applications of 2019
These apps will help keep your enterprise safe from malware and other cybersecurity threats.
3 enterprise cybersecurity trends CISOs must pay attention to
With the CISO at the table, organizations must focus on products, processes, and people to stay secure, according to the executive director of the National Cyber Security Alliance.
How to reset local user passwords from the macOS recovery partition
Mac admins or users savvy around Terminal can easily reset a password and have the affected account back to work within minutes.
Phishing and spearphishing: A cheat sheet for business professionals
When criminals use technology to propagate social engineering attacks, securing your organization can become complicated. Here's what you need to know about phishing and spearphishing.
Modular Anatova ransomware encrypts data as quickly as possible before detection
The new malware is being propagated on P2P networks, and demands a ransom equivalent to $725 USD, according to McAfee Labs.
How to Lock a User Account After X Number of Incorrect Logins on Cent OS 7
Jack Wallen shows you how to lock out users after failed login attempts in CentOS 7.
Security is the no. 1 IT barrier to cloud and SaaS adoption
More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.
How to authenticate a Linux client with LDAP server
With OpenLDAP, you can manage users on a centralized directory server and then configure each desktop to authenticate to that server.
Hackers impersonate these 10 brands the most in phishing attacks
Phishers often spoof major tech brands in their efforts to gain payments from individuals and businesses, according to a Vade Secure report.
Trojan malware is back and it’s the biggest hacking threat to your business
Old school but effective, hackers are shifting aware from in-your-face ransomware to attacks that are much more subtle.
Hackers turn to data theft and resale on the Dark Web for higher payouts
Selling personal information and compromised accounts of popular Instragram users has become more lucrative than ransomware and cryptojacking campaigns.
Rushing to patch? Here’s how to prioritize your security efforts
When addressing security vulnerabilities, enterprises should focus on those with publicly available exploit code, according to a Kenna Security report.
Bug bounty programs: Everything you thought you knew is wrong
One common criticism of bug bounty programs is that very few hackers actually make money. Not only is this untrue, but it misses the point.
5 blockchain trends to expect in 2019
Blockchain may finally be ready to move from hype to reality, with continued IoT integrations and tokenization, according to KPMG.
Microsoft launches Azure DevOps bug bounty program, $20,000 rewards on offer
The Redmond giant is keenly interested in remote code execution and privilege escalation flaws.
4 strategies for your IT wearables policy
Without a formal plan or policy, wearables may introduce your company to a security breach.
Over 87GB of email addresses and passwords exposed in Collection 1 dump
An 87GB dump of email addresses and passwords containing almost 773 million unique addresses and just under 22 million unique passwords has been found.
How to connect to VNC using SSH
If your network doesn't allow connections into the default VNC port 5901, you can tunnel it through SSH.
4 ways to prepare for GDPR and similar privacy regulations
Data privacy is no longer a nice-to-have security commodity, but a must-have commodity.
Malware can now evade cloud security tools, as cybercriminals target public cloud users
Refined malware payloads from Chinese threat actor Rocke Group are sidestepping security tools to install cryptocurrency miners on cloud systems.
To stay competitive, MSSPs need to grow and evolve
Managed Security Service Providers can alleviate many of the headaches suffered by in-house security, but they need to remain nimble and focused to retain their edge.
Top 10 app vulnerabilities: Unpatched plugins and extensions dominate
Despite the existence of patches, the proliferation of unpatched installations are enticing targets for malicious actors, according to a WhiteHat report.