CyberSecure Specialist

Akamai to boost network-layer DDoS protection with new scrubbing centers

Content delivery network (CDN) provider Akamai said Tuesday that its Prolexic DDoS protection service will become able to handle DDoS attacks of up to 20Tbps, thanks to a new wave of construction of so-called scrubbing centers. The company’s announcement said that this will effectively double its current capacity to handle network-level DDoS attacks, with rollouts planned for “all major regions,” which includes US East and West, Canada, Italy, Spain, Switzerland, India, Japan, Hong Kong and…

Read More

8 hallmarks of a proactive security strategy

CISOs have long been tasked with building response and recovery capabilities, the objective being to have teams that can react to a security incident as quickly as possible and can restore business functions with as little damage as possible. The need for those activities is certainly not going to go away, but many security chiefs are seeking to take more proactive steps to balance out reactive ones. “On the proactive side, you’re trying to predict…

Read More

Blockchain security companies tackle cryptocurrency theft, ransom tracing

According to data from the Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in today’s value. Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and exploits of cryptocurrency,…

Read More

ESET research into new attacks by Lazarus – Week in security with Tony Anscombe

The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021 This week, the ESET Research team has published the results of their analysis of recent attacks carried out by the Lazarus APT group. Using spear-phishing emails that contained malicious Amazon-themed documents, the group targeted an employee of an aerospace company in the Netherlands and a political journalist in Belgium. Notably, one of the tools…

Read More

8 questions to ask yourself before getting a home security camera

As each new smart home device may pose a privacy and security risk, do you know what to look out for before inviting a security camera into your home? Security cameras were once the preserve of the rich and famous. Now anyone can get their hands on one thanks to technological advances. The advent of the Internet of Things (IoT) has created a  major new market – for manufacturers of devices like connected doorbells and…

Read More

5 reasons to keep your software and devices up to date

Next time you’re tempted to hold off on installing software updates, remember why these updates are necessary in the first place Technology enables us to do wonderful things. The PCs and mobile devices at the center of our digital world are an indispensable part of our personal and working lives. They offer us a gateway to social media, online banking, media streaming, instant messaging, fitness tracking and much else besides. Depending on your circumstances they…

Read More

Serious Security: You can’t beat the house at Blackjack – or can you?

by Paul Ducklin Cryptoguru Bruce Schneier (where crypto means cryptography, not the other thing!) just published an intriguing note on his blog entitled On the Randomness of Automatic Card Shufflers. If you’ve ever been to a casino, at least one in Nevada, you’ll know that the blackjack tables don’t take chances with customers known in the trade as card counters. That term is used to refer to players who have trained their memories to the…

Read More

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

by Paul Ducklin Apple’s latest collection of security updates has arrived, including the just-launched macOS 13 Ventura, which was accompanied by its own security bulletin listing a whopping 112 CVE-numbered security holes. Of those, we counted 27 arbitrary code execution holes, of which 12 allow rogue code to be injected right into the kernel itself, and one allows untrusted code to be run with system privileges. On top of that, there are two elevation-of-privilege (EoP)…

Read More

Apple Fixes Exploited Zero-Day With iOS 16.1 Patch

Apple on Monday shipped a major iOS update with fixes at least 20 documented security defects, including a kernel flaw that’s already being actively exploited in the wild. The Cupertino device maker confirmed the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this…

Read More

Typosquatting Campaign Impersonates Brand-Name Websites

It is recommended that organizations focus on cybersecurity awareness training for its personnel as one security control to avoid typosquatting attacks. Users should only navigate to trusted sites from their own links or by identifying a reputable site from a search engine. In addition, users should be aware that they cannot trust links in advertisements or in email from untrusted parties. Due to the proliferation of Business Email Compromise (BEC), users should also be cautious…

Read More