7 Cybersecurity Threats That Can Sneak Up on You
There's a certain kind of security threat that catches the headlines—the massive data breach, or the malware that hijacks your computer for a ransom—but it's also important to keep your guard up against some of the lesser-known attacks out there too.
These threats may not have the same high-level profile as an unfixable iOS bug, but they can still do some serious damage as far as your data and privacy goes. Here's what to look out for, and how to make sure you aren't caught out.
Rogue USB Sticks
A small USB stick may not look very dangerous, but these portable drives can carry a major threat—particularly if they've been specially engineered, as some are, to start causing havoc as soon as you plug them in. You should be very, very wary of connecting a USB drive to your computer if you're not absolutely sure where it's from.
Even if the USB stick isn't configured to release some kind of payload as soon as it's attached, it can carry disguised viruses as easily as email attachments—and experiments have shown that we're often far too curious when coming across USB sticks we don't know the origin of, so apply some common sense.
Besides being cautious, the usual rules apply to stay safe against this sort of threat: Keep your computer operating system right up to date, make sure effective security tools are installed, and keep them updated as well. If you're not sure about files on a USB drive, run a virus scan on them before doing anything.
In this fast-paced, hyperconnected age, it's all too easy to forget about all the social media, language-learning, job-finding apps and sites that we've downloaded and used. But every account you leave behind gathering dust is another one that could potentially be hacked into.
As we've previously explained in detail, it's important to take the time to shut down these accounts rather than just uninstalling the associated app from our phones and then forgetting about them. If any of them should then suffer a data breach, for example, your data won't be included if you've scrubbed the account.
It's also worth running a regular audit on the third-party apps and services linked to your main accounts, like dating apps you might have hooked up to Facebook, or email apps connected to your Google account. These give hackers more targets to aim at, which is why you should regularly disconnect and delete the ones you aren't actively using.
Untrusted Browser Extensions
The right browser extensions are able to add useful functionality and features to your daily window on the web, but these add-ons need to be vetted like any other piece of software—after all, they have the privilege of being able to see everything you're doing online if they want to.
Pick the wrong extension and you could find it selling your browsing data, harassing you with pop-up advertising, or installing extra software that you don't actually want. We'd recommend keeping the number of browser extensions you have installed down to a minimum and sticking only with the extensions you know and trust.
Identify safe extensions the same way you would identify safe apps: Look into the background of the developers, check the permissions that they ask for, read up on reviews left by other users, and stick to extensions that are actually useful.
Bogus Online Quizzes
You've probably seen friends and family take quizzes on Facebook to find out which Hogwarts house they'd get into, or which celebrity they're most like, and so on. They may seem like harmless fun—and some are—but they can also be used to harvest personal data that you don't really realize you're giving away.
These quizzes can and have been used to build up more detailed profiles of people and their friends, collecting not just the answers to the quizzes themselves but also other information stored in the linked Facebook accounts. Note too how often these fun quizzes ask for personal data, like the first road you lived on or the name of your pets, which could be used to impersonate you in some way.
Be wary of anything that requests personal information or personal photos from you—like the recently viral FaceApp app—or that requires a connection to one of your social media accounts: Knowing which president you're most like probably isn't worth it.
Leaky Photo Uploads
There's nothing wrong with posting photos to your favourite social channels but think twice about the information that other people can glean from any pictures you make public—particularly the places where you might live and work.
While a lot of apps, like Instagram and Facebook, automatically strip out the location data saved with photos, some, like Google Photos, can keep this data embedded in the file after it's been shared. Plus, whether you keep the original location data with the image, an associated check-in on social media can add the location right back in.
How is this dangerous? Well, information such as knowing where you work or which road you live on can help someone run an identity theft scam, or get past security questions on your online accounts, or visit you in person when you'd rather not see them. The less your public photos say about you, the better.
Smart Home Snooping
Our homes are getting smarter, which gives hackers and malware peddlers a whole new set of devices to try and target—the end result could be doors that don't stay locked or home security camera footage that's viewed by more people than you'd like.
Keeping your smart home secure starts with what you buy: It's a good idea to stick to well-known, established brands with a strong track record in hardware, as much as possible. After that, make sure both your smart home devices and your router—which acts as a gateway to them all—are kept up to date with the latest software. Most reputable smart home devices do this automatically, another good reason to stick with brands you trust.
If your smart home devices and accounts do need passwords, make sure you don't stick with the default. Instead, pick a long and difficult-to-guess password that you aren't using anywhere else, and turn on two-factor authentication, if available, as an extra layer of protection.
Malicious Charging Cables
The standard charging cables that come with your gadgets are designed to power them up, and perhaps sync some music when needed—but specially engineered cables that look very similar can do much more than that.
Take a look at these fake Lightning cables now capable of being mass-produced, cables that look just like the genuine products but which can give hackers remote access to a device once they're plugged in. All that the end-user has to do is use a doctored cable, then agree to "trust this computer," a common alert that's easy to dismiss without a thought.
The fix is to only use the cables that come with your devices, or from reputable sources—something you should do anyway for the well-being of your gadgets. As with USB sticks, don't assume any cable that you find lying around is legit.source wired
- Outside IR 35 CONTRACT SC CLEARED Cyber Security Operations Analyst SPLUNK ES- UK REMOTE- £500 a day.
6 month contract Outside IR35 Operational Cyber Security Analyst. Hands on Splunk Security Enterprise and Security clearance is required As is someone that holds SC clearance. SOC and Vulnerability management experience. Vulnerability Analysis / Management - Tenable
- SailPoint Consultant
- Upto €80,000
SailPoint Consultant is need for this rapidly expanding global business, The business is currently in the middle of a SailPoint Deployment, they require an experienced Consultant who is able to help them on this Journey You will be responsible for helping to configure and deploy SailPoint as well as on board applications onto the platform You will also work with the business to understand workflow and process to help align the way the business works to ensure that the business gets the most from the deployment We are looking for an experienced SailPoint consultant who has experience with both Deployment and BAU work and is interested in joining a business which is at the start of an interesting IAM Journey
- SOC Manager Security Operations. SIEM, Threat / Vulnerability, IR, SOC Service- Exclusive
- United Kingdom
SOC Manager- SIEM, Threat / Vulnerability, Incident response. Exclusive Project. Management and on growth growth of Security Operations Centre capability. Managing and maturing the team, technical services line and fronting client engagements where needed. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; evolving the technical process, building operational capability, managing and hiring team, involved at a high level overviewing policy/playbooks, fine turning of the go-to-market collateral etc.
- Contact 12 month- Security Operations- Tanium Engineer / Analyst.
- United Kingdom
- Dependent on experience
Security Operations engineer / Analyst with Tanium for a 12 month contract. Experience configuring using, managing, supporting troubleshooting Tanium's suite of end point solutions is essential. The opportunity is due to a client expanding its international capability to a follow the sun model. To be involved in spinning up a European capability. Based in the UK. English essential and ideally being fluent in French.