News, Article, and Solution in Cybersecurity Realms.

If you work in cybersecurity, the saying does not apply and will get you into trouble at some point. Nobody expects you to know everything, but they expect you to know what assets you have on your corporate networks plugged into your IT infrastructure. It's the first thing I look for when speaking to an organisation for the first time. Generally speaking, the more that an organisation can tell you about their inventory of PC's, tablets, smartphones, servers, wireless access points and wireless access points, the better they are at cybersecurity. It may surprise you to discover that most organisations do not have a firm handle on their asset inventory. This is shocking in itself because asset discovery is a foundational IT security measure and it's impossible to defend your IT infrastructure unless you have an up-to-date list of what you are defending. When you learn that most companies do not maintain an active list of their assets, it's not at all surprising that so many get breached. When I

How can we know this? Just like how we can learn about most global cyber threats, the techniques used, the timing chosen, and the tools utilized, the answer lies in honeypots. Honeypots are information system resources whose value lies in the unauthorized or illegal use of those resources, meaning they prove their worth when a hacker attempts to interact with them. Honeypot resources are typically disguised as network servers, appearing and feeling like legitimate servers, but in reality, they are traps used to lure unauthorized intruders. How did analysts discover EternalRocks? It happened because of the presence of honeypots. It's a creative game of cat and mouse that sets clever traps. The adversaries who come either try to outsmart the trap or recognize something suspicious and avoid it, or in some cases, sabotage it. This was humorously responded to by one researcher who wrote a tweet entertaining many, saying, "For those of you who know my honeypot is a honeypot, can you stop placing Pooh bear (honey) pictures on it?" Please

I got hooked on computers when Oregon Trail was first released. Back then, if you wanted your computer to be useful, you had to manually code all your applications in BASIC or endure the tedious process of "blipping" sounds at it. The only alternative to typing hundreds of lines of code was to load pre-recorded cassette tapes with a series of "beeps," whistles, and instructions for your computer to follow when played back. You know, those pre-recorded "beep" sounds were EXACTLY what the internet sounded like when I first heard it. No, it's not a typing mistake. I heard the internet before I actually saw it. So much so that I still believe my cable internet is fake because it's always so quiet. No, I didn't hear the internet because I'm some kind of internet whisperer. We ALL heard the internet before we actually used it. Its arrival was heralded by a series of high-pitched screeches and digital buzzing that came through your telephone line. That's how