YOU'RE USING STRONG and unique passwords. You're on the lookout for phishing emails. And you've set up two-factor authentication on every account that offers it. Basically, you're acing Personal Cybersecurity 101. But with new threats popping up all the time, you may be looking for other proactive steps you can take to protect yourself. Here's an easy one: Clean up your digital junk.

Most people have old email accounts floating around, forgotten thumb drives in a drawer, and years-worth of crap in a downloads folder. All that stuff is a liability. Saving data that you want or that will someday come in handy is...sort of the whole point of the digital revolution, but holding on to accounts and files that you don't actually want anymore needlessly exposes you to all sorts of risks. Your devices can be lost or stolen (or hacked) and big companies can suffer data breaches that incidentally expose your information. So the less there is out there, the better off you are.

"The physical presence of data is so small that sometimes we don’t think about it as being clutter," says Michael Kaiser, the executive director of the National Cyber Security Alliance. "But we accumulate massive amounts of it and some of it can be harmful if it gets lost or stolen."

Here's some tips from the experts on how to clean that clutter before it comes back to haunt you.

Digital Dumping Ground

First, address your physical devices. Destroy old CDs, thumb drives, and external hard drives you don't need anymore. (Don't forget the box of floppy disks in your basement. Seriously.) Consider old PCs, gaming consoles, and smart home gadgets, and back up anything you want from those devices before wiping them.


Next, deal with your current devices. Sort through your desktop and clean out your documents folder. Eliminating old PDFs of credit card statements or medical forms that you no longer need will go a long way toward keeping you safer. And it's a good opportunity to make a plan for sensitive documents that you do want to hold on to. You might back them up to a cloud service or a password-protected external hard drive and then take them off the devices you use every day that could be lost or stolen.

 source: Carmen Middleton,

There has been growing discussion about the importance of open source information – both in terms of the power and potential of creating and disseminating news and narratives worldwide, whether genuine or fake, and for the pressing need to evolve the open source intelligence (OSINT) discipline.

“Devaluing OSINT has become a more significant problem as Russia and China use social media as an arena to wage disinformation operations,” wrote Dana Priest, commenting in the New Yorker about the Russian meddling in the U.S election.

Europe has been sensitized not only to the speed by which information, including disinformation, can be conveyed to its citizenry, but also to the power of such messaging to create confusion, mistrust and even a distortion of attitudes and actions.

In response to this threat, Denmark announced in July that it had begun to train its troops, designated for deployment in Estonia, in combating disinformation. And on Nov. 13, the European Commission launched a public consultation on fake news and online disinformation and set up a High-Level Expert Group representing academics, online platforms, news media and civil society organizations.

The open source landscape continues to evolve at a head-spinning pace, and this dynamic evolution is challenging, in earnest, long-held perceptions of what practitioners fondly refer to as the “’INT’ of first resort.”

“I don’t think it has had its heyday,” Jason Matheny, director of IARPA, recently told The Cipher Brief about the state of open source intelligence. “We don’t invest very much in open source intelligence compared to classified sources of intelligence as the intelligence community.”

As a former director of the Open Source Center, now the Open Source Enterprise, I cannot agree more with this statement. Over the course of its 76-year history, the U.S. government’s OSINT venture has experienced all-too-fleeting moments of high-level attention and committed investment only to fall back into longer periods of disinterest and flattened or reduced budgets.


 IoT devices are rapidly populating enterprise networks but 82% of IT and line of business professionals struggle to identify all the network-connected devices within their enterprise.

According to a new Forrester study that queried 603 IT and business decision-makers across the globe with 2,500 or more employees, a key contributor to the IoT visibility problem may be confusion over who is responsible for IoT management and security.

While 50% of survey respondents - which include line of business (LoB) and IT security operations center professionals - say the SOC is responsible for default configurations and management of the devices, confusion exists when it's time to configure the devices, according to the survey, which was commissioned by ForeScout Technologies.

LoB personnel, who are responsible for operational technology (OT)  that runs specific lines of business, often find their role falling under the broad category of connected devices, or IoT. 

But when drilling down further on the question of which job titles should be responsible for IoT default configurations, 54% of LoB survey respondents feel it should be overseen by device manufacturers or LoB staff. And 45% of IT respondents agree.

As a result, according to the report, LoB users are deploying devices under the assumption all proper controls are in place without touching base with the SOC. Without SOC professionals involved in the initial setup of the IoT devices, it's difficult to get a clear view into what devices are actually riding on the network. 

"There is a lot of confusion and lack of clarity of who should own the security of IoT devices and determine what should happen," says Pedro Abreu, chief strategy officer for ForeScout. "LoBs, like plant managers, have a lot of devices that connect to the network. But they tend to think of health and safety first and not security."


Hackers who get hold of some OnePlus phones can obtain virtually unlimited access to files and software through use of a testing tool called EngineerMode that the company evidently left on the devices.

Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the "Mr. Robot" TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. Researchers at security firm SecureNow helped figure out the tool's password, a step that means hackers can get unrestricted privileges on the phone as long as they have the device in their possession.

The EngineeerMode software functions as a backdoor, granting access to someone other than an authorized user. Escalating those privileges to full do-anything "root" access required a few lines of code, Baptiste said.

"It's quite severe," Baptiste said via a Twitter direct message.

OnePlus disagreed, though it said it's decided to modify EngineerTool.

"EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support," the company said in a statement. Root access "is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device. While we don't see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb [Android Debug Bridgecommand-line tool] root function from EngineerMode in an upcoming OTA."