Docker containers are filled with vulnerabilities: Here’s how the top 1,000 fared

An analysis of the 1,000 most popular Docker containers uncovered a variety of security vulnerabilities, some of which are critical. Following the publication of CVE-2019-5021—an issue relating to the use of a blank (null) password for root accounts in Alpine Linux Docker images—security researchers have turned their attention toward Docker in earnest, uncovering similar issues of unprotected root accounts in other containers. Because Docker containers are essentially inert when not…

June 26, 2019
Read More >>

How to view your privacy settings for Microsoft Office 365

You can and should review your privacy settings for Microsoft Office 365. Learn how in this step-by-step tutorial. Image: James Martin/CNET Microsoft tracks your use of Office 365, just as it does with Windows and other products and services. The purpose of such data collection, says Microsoft, is to improve the software and give you a more personalized experience. The collection of certain data is also necessary for specific features…

June 22, 2019
Read More >>

How to prepare for and navigate a technology disaster

Technology emergencies can be the most stressful moments of an IT professional’s career. But they don’t have to if you plan ahead. When it comes to a technology disaster, you can never be too prepared. More for CXOs I provided some tips several years back on how to survive a critical system outage, which still remain relevant. Examples include staying calm, notifying users, handling the politics involved, proceeding in a…

June 19, 2019
Read More >>

Security breaches: 4 business impacts

The average cost of a cyberattack is approximately $4.6 million, according to a Radware report. More about cybersecurity Cybersecurity is now a joint responsibility among C-suite members in an organization, according to a recent Radware report. The 2019 C-Suite Perspectives: From Defense to Offense, Executives Turn Information Security Into a Competitive Advantage report detailed how cybersecurity is a key business driver for executives, as 75% of executives cited security as…

June 18, 2019
Read More >>

How organizations can better defend against DNS attacks

DNS has become a primary target for cyberattacks, causing downtime and financial loss for many businesses, according to a new report from EfficientIP. By resolving hostnames with IP addresses, the Domain Name System (DNS) plays a critical role for organizations by ensuring that users are directed to the right sites, servers, applications, and other resources. But DNS is beset by certain weaknesses that make it vulnerable to hackers and cyberattacks….

June 18, 2019
Read More >>

Business travelers, beware: Hackers looking over your shoulder can cause data breaches

Some 80% of business travelers say visual hacking is a threat, according to a 3M report. Visual hacking—when someone can see information on your screen over your shoulder without your knowledge—is a major cybersecurity threat to business travelers, especially in the GDPR era, according to a Monday report from 3M and SMS Research. Some 80% of the 1,000 business travelers surveyed worldwide said they consider visual hacking to be a…

June 17, 2019
Read More >>

Magecart attack: What it is, how it works, and how to prevent it

Learn how to combat this web-based card skimming attack.  Every day we hear about some new threat or vulnerability in technology, and the data harvesting attack known as “Magecart” is the latest threat. I discussed this threat with Peter Blum, vice president of technology at app delivery provider Instart. Magecart attack: Defined More about cybersecurity  Scott Matteson: What is a Magecart attack? Peter Blum: Magecart is a form of data…

June 13, 2019
Read More >>

Evernote Chrome extension vulnerability allowed attackers to steal 4.6M users’ data

A cross-site scripting vulnerability was discovered popular note-taking application Evernote, though the company patched it in under a week. A cross-site scripting vulnerability in Evernote’s Web Clipper Chrome extension allowed hackers access to active sessions of other websites in the same browser, according to security company Guardio. The vulnerability—designated as CVE-2019-12592—allowed attackers to bypass Chrome’s same-origin policy, creating a situation in which “code could be executed that could allow an…

June 12, 2019
Read More >>