You might imagine nuclear power facilities to have state-of-the-art security, with locked-down computers that can only run software that the installers authorized. Well, this doesn’t seem to be the case in some facilities. At a nuclear power-plant 75km from Munich, Germany, employees discovered serious pieces of malware, including Conficker and Ramnit. In addition, they discovered 18 USB drives that had malware on them in the facility. And this isn’t the only case.
Google is offering an innovative messaging product called Allo to compete with other mobile messaging apps. It has features like suggesting responses to messages from your friends, to save you time. But to do this, it needs access to all of the message content. On the other hand, you will have an option to turn on end-to-end encryption, which uses the secure SIGNAL protocol... On the other hand, if you do turn on the end-to-end encryption feature, you won't get the "sizzle" features like the message reply suggestions. So, let's just be clear about privacy versus convenience.
If you think companies you trust have good security practices for authenticating their customers in phone support calls, you may be right. But the security of call-centre support processes is becoming a serious issue. Every call-centre rep is human, and humans respond to emotional situations in different ways. This is what many attackers are learning to exploit.
Many organizations are now starting to do internal employee phishing assessments to determine how vulnerable their team is to targeted phishing attacks. This is because phishing is one of the primary ways that ransomware makes its way into corporate networks - through emails targeted at employees who click on links or attachments. Your IT Security team can assess your organization's vulnerability in this area by simulating attack emails, but with harmless links or attachments that can provide feedback to IT Security.
But when your IT Security team undertakes an employee phishing assessment initiative, there are many subtle decisions that must be made that can have in impact not only on the validity of the results, but on employee morale and trust. So, I'm creating a list of dangerous pitfalls to be avoided when implementing an employee phishing assessment program. Not fully considering the employees' responses to these emails is probably the easiest landmine to step on, which can cause serious employee backlash, and put the program in jeopardy. Here's the problem and the solution.
Ransomware has evolved as a very dangerous threat to computers and networks. Becoming infected with ransomware is especially costly for businesses that rely on databases of constantly changing information for their daily operation, like hospitals and universities. So, we tend to think that only databases with very sensitive information are likely to be targeted for this kind of extortion by attackers.
On desktop computers, there were many ways in which attackers can get malware to encrypt your files and hold your computers hostage. But, while it’s somewhat harder for attackers to encrypt critical data on your mobile device there are a couple of new kinds of extortion that could hit you closer to home – forcing you to pay up to regain access to your mobile phone or tablet.