Preventing Spear Phishing Attacks in 2020

With the world preoccupied by retrospectives on the calendar year gone by, a particularly problematic news story slipped out in the waning days of December. This Microsoft announcement smacks down domains associated with yet another state-backed cyberthreat. It’s one more warning to users of the continued threat posed by so-called spear-“phishing” attacks. Could 2019 be the last year we have to worry about this?

Continue reading

Subresource Integrity – The Cyber Defense of 2016 You Haven’t Heard Of

Padlock over circuit board layoutAs we make plans this New Year’s Eve to bid farewell to 2016, we’re continually beleaguered by headlines concerning cyber attacks. The stories range from the latest allegations of Russian malware found on a Vermont utility’s computer, to leaked e-mails ahead of the U.S. Presidential Election, and you could even include Apple’s refusal earlier this year to furnish U.S. Government law enforcement agencies with a backdoor they insisted upon to enable encrypted data access. Cybersecurity must go down as one of the leading themes of 2016, and likely will go on to concern us for years to come.

That’s why we should take a moment to recognize a most important development within the information security community during 2016: the publication of the Subresource Integrity (SRI) recommendation by the W3C. Continue reading