Hackers stole this engineer's 1Password database. Could it happen to you?
A software engineer for the Disney Company unwittingly downloaded a piece of malware that turned his life upside down. Was his password manager to blame?
An iCloud Backdoor Would Make Our Phones Less Safe
Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyone’s cyber-risk in an already dangerous world. If you’re an iCloud user, you have the option of turning on something called “advanced data protection,” or ADP. In that mode, a majority of your data is end-to-end encrypted. This means that no one, not even anyone at Apple, can read that data. It’s a restriction enforced by mathematics—cryptography—and not policy. Even if someone successfully hacks iCloud, they can’t read ADP-protected data...
The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and something we in the security community have worried was coming for a while now. The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment...
Insider Threats: The Overlooked Risks of Departing Employees and Sensitive Data Theft
Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who
The Psychology of Phishing: Why Smart People Fall for Scams
Do you know that feeling of dread when you realize you’ve clicked on a suspicious link? I know it perfectly. It has happened to me several times in the last year! The positive aspect of it is that it…
Is End-User Cybersecurity Training Useless? Spoiler Alert: It’s Not!
Chris Clements, VP of Solutions Architecture Because of the frequency of phishing attacks landing in user mailboxes and the severity of the consequences of a user falling for a lure, any improvement at all can make the difference between an organization suffering a breach. Detrimental Best Practices One of my biggest pet peeves is compulsory The post Is End-User Cybersecurity Training Useless? Spoiler Alert: It’s Not! appeared first on CISO Global.
It can be difficult to remember complex passwords across so many online services. A good password manager will do this for you. We tested the best password managers, which keep your credentials safe and simplify your login process.
Introduction If you are an attorney covering cybersecurity, not only do you have to stay on top of ever-evolving legal obligations and risks, you have to
Costs associated with ransomware attacks are skyrocketing
According to figures included in the report, ransomware attacks are causing CNI companies and organizations to pay significantly more than in the past. The median ransom payment...
Enhancing Security in Law Firms: The Imperative of Multi-Factor Authentication
In today's digital age landscape, where 27% of law firms experience security breaches, protecting sensitive client information is paramount for legal professionals. Sheila Grela explains how multi-factor authentication (MFA) and Privileged Access Management (PAM) can help secure legal departments.
A few binged seasons of Law & Order will teach you that you have a Constitutional right, under the 5th Amendment to remain silent: you have the right to refuse to give any self-incriminating statement or testimony. With this constitutional right available to individuals and companies alike, how does the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) lawfully impose certain reporting requirements?Passed in 2022, CIRCIA requires the Cybersecurity and Infrastructure Security Agen
The Human Element in Cybersecurity: Understanding Trust and Social Engineering
Human Trust Most people associated with information technology roles understand the application of technical controls like the use of firewalls, encryption, and security products for defenses against digital threats. Proper […]
Imposter scams were the most prevalent consumer fraud last year, the Federal Trade Commission said. Criminals dupe victims by posing as a trustworthy source.