General

General

Deepfake Technology Is a Rising Cyberthreat

Zac Amos

More artificial intelligence (AI) and machine learning (ML) use cases are emerging, and cybercriminals are leveraging these technologies to create highly sophisticated attacks. Cyberattack detection and prevention can be more challenging for individuals and businesses when hackers use innovative methods.
Cybersecurity professionals are already grappling with data breaches, ransomware attacks and phishing scams. Recently, another growing threat has kept them awake at night — the rise of the deepfake and the challenge of spotting one in an increasingly digital world.
Here’s more on the rapid advancement of deepfake technology, the cybersecurity implications of these attacks and what the future holds.

Read More
General

The Expansion of Malware to the Cloud

Bar Kaduri

As more organizations move their assets to the cloud, malware distributors are turning their attention to the cloud as well. In this blog, we will discuss the main malware types you may encounter in your cloud with examples and ways to detect and protect your cloud from them.
But first, how does malware find its way into cloud assets?

Read More
General

OT/ICS Security Training

Tom Madsen

This article is inspired by a recent article on the Computerworld site for Denmark, where one of the CISO’s for a big energy company lamented the lack of formal skills in the cybersecurity community on the security requirements for Operational Technology (OT) and Industrial Control Systems (ICS). This triggered light research from me on the options out there for relevant trainings and certifications.

Read More
General

It’s Time to Secure the Water Sector from Cyber Threats

Trevor Logan

he Biden administration is reportedly considering a first-ever integrated action plan for global water security, linking global access to clean, reliable water to U.S. national security for the first time. At home, the linkage between national security and security of the water and wastewater sector is self-evident by its very definition as critical infrastructure. Yet decades of chronic underinvestment and under-resourcing of federal support to the industry has left this life-supporting and life-sustaining infrastructure vulnerable to cyber threats.

Read More
General

A Standard for Home Gateway Security

Scott Cadzow

ETSI’s recently published TS 103 848 is one of a number of standards that ETSI is developing that derive from the security template for Internet of Things devices defined in ETSI EN 303 645. The reason that a standard for the security of Home Gateways is so important is embedded in its title. It protects our homes from the digital thief and burglar in the same way that our front doors protect our homes from the more traditional thief and burglar.

Read More
General

Is Fully Homomorphic Encryption now a reality?

Nigel Smart

We all know the problems with users picking weak passwords, whether it is “PassW0rd123” or “JamesBond007”. We also know that there are lists of passwords which have been obtained from hacks into websites, and from these we can work out what are the most commonly used weak passwords in circulation. Surely there must be a way of checking, when a user chooses a new password for a website, whether the password lies on the known list of common weak passwords? There are two obvious solutions to this problem: Firstly, the browser could maintain the list of weak passwords locally on the user’s computer. This solution however does not scale as the list is huge, and needs to be continually updated. The second solution is for the new password to be sent to a central site and compared against the list of common weak passwords. But this solution then leaks the new (potentially strong) password to the central site doing the checking. Is there a better way?

Read More