A common assumption is that Macs are more secure than Windows PCs, but the discovery made by Developer Lemi Ergan may be causing people to rethink. A flaw in High Sierra (macOS 10.13), allows users to gain admin rights by logging in as 'root'... without a password.
The popular PC cleanup tool, CCleaner has been hijacked by hackers in the latest widespread malware attack. The hack, identified by security researchers at Cisco Talos, found that anyone who downloaded or updated the CCleaner app between mid-August to mid-September also potentially downloaded malware without realising.
So many times, I have seen security become an afterthought, rather than being an integral part of a design from the outset. Good security design is not always visible and therefore often not very well understood by the c-suite, who pile on the pressure to release systems or improve user freedom.
Last week marked the 50th anniversary of the ATM, a device that changed the face of personal monetary transactions forever. According to the ATM Industry Association (ATMIA) there are now close to three million of them worldwide, with over 70,000 in the UK alone where it all began. On 27th June 1967, the world's first "hole in the wall" was revealed at Barclays Bank in Enfield, London. Celebrations aside, I’d like to look at exactly what’s going on under the hood from a software perspective. Is securing them through industry best practice is realistic and practical?
On June 27, 2017 a number of organisations across Europe began reporting significant system outages caused by a ransomware strain referred to as Petya. The ransomware is very similar to older Petya ransomware attacks from previous years, but the infection and propagation method is new, leading to it being referred to as NotPetya. Due to the sudden and significant impact of the attack, it was immediately likened to the WannaCry outbreak causing concerns globally.
Firms across the globe have been hit by a variant of the Petya or Petwrap strain of ransomware impacting Windows servers, PCs, and laptops. Initial reports suggest this latest attack struck The Ukraine initially but it has quickly spread to many other countries including Russia, Spain, France, the UK, The Netherlands, and the US. Currently the attackers are asking for $300 worth of Bitcoins to retrieve access to data, however, there are reports that a business in South Korea has paid $1m to get access.
Many, if not all organizations that I work with have been on a PAM journey of some description – some successful, some not so much, but all have had considerable investment along the way. In this blog, I want to explore the value-add of PAM, its principles, and ultimately the security posture delivered by the approach.
In part 1, I discussed the importance of understanding your company’s culture when embarking on a security project as this can be the key to success or failure. In this blog, I’ll take a closer look at the five key areas you should pay particular attention to.
In this blog post, I want to share some of my experiences on how company culture can kill a security project, especially when removing admin rights.
Least privilege was first put forward as a design principle by Jerry Saltzer and Mike Schroeder 40 years ago . Avecto, along with many others, has championed least privilege and our 5 reasons to love least privilege shows that it is key to mitigating attacks.