Boulevard

now browsing by tag

 
 

#cybersecurity | #hackerspace | Coronavirus and cybersecurity crime – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

Consumers and businesses alike have been scrambling to take steps to protect themselves from the coronavirus, from flocking to stores to buy out supplies of hand sanitizer, to encouraging workers to avoid large gatherings and work remotely. While we hope our customers are taking the necessary steps to stay healthy (check out best practices from the World Health Organisation here), in addition to health risks, there are increased cybersecurity risks, too. The European Central Bank recently issued a warning to banks about the heightened potential for cybercrime and fraud, as many users are opting to stay at home and use remote banking services during the coronavirus outbreak. At a time of uncertainty and vulnerability for many, hackers and fraudsters are taking advantage of fear surrounding the virus as it continues to spread across the globe. We pulled together the following tips to help you improve your cybersecurity hygiene during this time:

1) According to recent PCI Pal research, almost half (47%) of Americans use the same password across multiple sites and apps. We all know this is a big cybersecurity no-no, but it’s especially important during times of heightened risk that we ensure our passwords are unique and secure. Consider updating your passwords and using a password manager tool to improve account security.
2) In addition to varying passwords, consider adopting two-factor authentication for accounts – most services offer some sort of two-factor authentication, yet 23% of Americans report they have never used these tools to protect passwords or payments! Take advantage of these tools – especially if you’re going to be engaging with more digital services while you stay home to wait out coronavirus.
3) In addition to online fraud, there’s also an increased risk for phone fraud – whether you’re engaging with a customer service agent from your bank over the phone or simply ordering takeout. When speaking with a customer service representative, make sure you double check their credentials and only use the phone number provided by the company’s website.
4) For businesses looking to protect customer data during this time, consider PCI compliance, the strongest standard for payment security. PCI compliance standards can help protect your customers from data breaches and hacks – even when they ignore the above steps to protect themselves!
5) Phishing scams relating to Coronavirus will be prevalent, including emails pretending to offer advice from governments and the World Health Organisation. Scammers will use such techniques to infect your laptop/PC and gain access into your systems. Every care should be taken before opening such communications.

Contact us today to learn how PCI Pal’s solutions can help ensure your customers’ sensitive payment information is safe from opportunistic fraudsters.

The post Coronavirus and cybersecurity crime appeared first on PCI Pal.

*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Stacey Richards. Read the original post at: https://www.pcipal.com/en/knowledge-centre/news/coronavirus-and-cybersecurity-crime/

Source link

The post #cybersecurity | #hackerspace |<p> Coronavirus and cybersecurity crime – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | More on Crypto AG – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

One follow-on to the story of Crypto AG being owned by the CIA: this interview with a Washington Post reporter. The whole thing is worth reading or listening to, but I was struck by these two quotes at the end:

…in South America, for instance, many of the governments that were using Crypto machines were engaged in assassination campaigns. Thousands of people were being disappeared, killed. And I mean, they’re using Crypto machines, which suggests that the United States intelligence had a lot of insight into what was happening. And it’s hard to look back at that history now and see a lot of evidence of the United States going to any real effort to stop it or at least or even expose it.

[…]

To me, the history of the Crypto operation helps to explain how U.S. spy agencies became accustomed to, if not addicted to, global surveillance. This program went on for more than 50 years, monitoring the communications of more than 100 countries. I mean, the United States came to expect that kind of penetration, that kind of global surveillance capability. And as Crypto became less able to deliver it, the United States turned to other ways to replace that. And the Snowden documents tell us a lot about how they did that.

*** This is a Security Bloggers Network syndicated blog from Schneier on Security authored by Bruce Schneier. Read the original post at: https://www.schneier.com/blog/archives/2020/03/more_on_crypto_.html

Source link

The post #cybersecurity | #hackerspace |<p> More on Crypto AG – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | What is ISO 27701? – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

If you have a familiarity with any information security frameworks and certifications, it’s more than likely you have heard of International Organisation for Standardisation (ISO) and possibly the International Electrotechnical Commission (IEC). From my experience, the most commonly referred to business-level security related certifications are ISO/IEC 27001 and ISO/IEC 27002. These industry-recognized certifications for information security management systems (ISMS) have been either required or mentioned for all Request for Proposals (RFP) I have ever worked on. Simply put, these certifications indicate that organizations have theoretically taken preemptive action to design their infrastructure with foundational security practices in mind.

As with other security-minded persons, I do not believe being compliant makes you secure, it’s also important to note, organizations can choose to limit the scope of compliance within their infrastructure. However, compliance shouldn’t be seen as a negative, either, and an organization should not be put down for actively seeking to enhance its infrastructure and align it with best practice. Having worked with organizations going through the certification process for 27001, I can attest to some essentials of a security program addressed within these required controls.

Most recently, ISO and IEC have come out with a new addition, ISO/IEC 27701:2019 (27701). This is not a completely new framework; consider it more like an expansion pack to a game. It adds amendments and controls that address privacy by design and by default. The language varies slightly from the General Data Protection Regulation (GDPR), but 27701 was designed in response to GDPR’s privacy needs with the idea of transforming an organization’s ISMS into a Privacy Information Management System (PIMS). Instead of referring throughout to “information security management,” 27701 reminds organizations to also consider “Information security and privacy management.”

At this time, organizations cannot become certified with 27701 but can receive (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> What is ISO 27701? – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Cloud Security that Performs – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

We heard from another customer today that their incumbent cloud security vendor keeps going down. And when it is not down, DLP scans take hours, if they complete at all.   What is going on?

https://securityboulevard.com/

*** This is a Security Bloggers Network syndicated blog from Bitglass Blog authored by Nat Kausik. Read the original post at: https://www.bitglass.com/blog/cloud-security-performance-1

Source link

The post #cybersecurity | #hackerspace |<p> Cloud Security that Performs – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Huawei: The Backdoor Papers – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

via Jon Brodkinwriting at Ars Technica – and detailing the latest salvo (chatted up in a Wall Street journal piece) in the United States Government versus Huawei Tug of Networks. We’are calling it The Backdoor Papers. Stay Tuned.

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2020/2/14/huawei-the-backdoor-papers

Source link

The post #cybersecurity | #hackerspace |<p> Huawei: The Backdoor Papers – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | WMI 101 for Pentesters – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

PowerShell has gained popularity with SysAdmins and for good reason. It’s on every Windows machine (and now some Linux machines as well), has capabilities to interact with almost every service on every machine on the network, and it’s a command line utility. For the same exact reasons, PowerShell has also become a favorite method of attackers interacting with a victim machine. Because of this, organizations have gotten wise to this attack vector and have put measures in place to mitigate it’s use. But there’s another way! Many don’t know of another built-in Windows utility that actually pre-dates PowerShell and can also help them in their hacking pentesting engagements. That tool is Windows Management Instrumentation (WMI). This tutorial will be a small introduction to not only understand the usage of WMI to enumerate information from local and remote machines, but we’ll also show you how to start and kill processes! So let’s jump into WMI 101 for pentesters.

Background on WMI

I will keep this article at an introductory level to understand how to enumerate information in a high level. But as most tutorials, let’s define some terms and provide some historical background. This may get dry but stick with me.

Windows Management Instrumentation (WMI) is Microsoft’s implementation of Web-based Business Management Standards (WBEM), the common information model (CIM) and the Distributed Management Task Force (DMTF). Microsoft has officially stated:

Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems.

So what does that mean? Simply, WMI stores a bunch of information about the local machine and allows you to access tat data as well as manage Windows computers locally and remotely.

WMI came pre-installed in Windows 2000. It was made available as a download for Windows NT and Windows 95/98. For historical (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> WMI 101 for Pentesters – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Milestone Boulevard Is Closed At Nine Mile. Here’s A Look At The Work. : NorthEscambia.com

Source: National Cyber Security – Produced By Gregory Evans Milestone Boulevard is closed at Nine Mile Road for drainage work that is part of the Nine Mile widening project. Crews have demolished a section of the roadway. After digging a trench that is about 4-feet deep, 30-inch pipes will be put in place. The roadway […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Google Cloud Identity Pricing – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans Google Cloud Identity is free to some extent, but if interested in the broader features of Google Cloud Identity, it can be quite expensive over time. The post Google Cloud Identity Pricing appeared first on JumpCloud. *** This is a Security Bloggers Network syndicated blog from […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | The Training Evaluation Conundrum – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

Stakeholders expect to see a return on their investment in training. In some cases though, they struggle to conceptualize the best way to evaluate the effectiveness of their security awareness training. They are in good company. Training evaluations can be complex, expensive, elusive, and baffles even seasoned pros.

Many busy program leaders instinctively reach for the knowledge check at the end of training. A standardized, graded test is an easy way to measure learning and compare performance, right? Maybe so, but at PhishLabs, we argue against only relying on knowledge checks for a couple of key reasons.

First, knowledge checks can collide with key learning principles. As adults, we are goal-driven and focused on practicality and relevance. These knowledge checks can feel rote and tedious. With all of the competition for your employees’ time, we can’t afford to waste it by inviting them to phone it in during training.

Without delving too deeply into learning theory, here’s the takeaway: measuring knowledge with a test immediately after training is one of the least impactful forms of training evaluation. This is because it only measures how much information the learner has absorbed and can recall immediately. So, let me ask the following: Are you worried about immediate or lasting results? Are you concerned with knowledge or behavior?

The purpose of phishing training or any other security training, is to change behavior. We want to see employees practicing good security behaviors more frequently. It stands to reason then that a more meaningful way to measure the effectiveness of these trainings is with behavioral data over time rather than a knowledge check immediately after a module is complete.

Consider ways to measure the effectiveness of your other security training programs. Are there metrics around data security, password vigilance, or other key behaviors that you can gather to measure the effectiveness of your training programs?

In the context of phishing training, we recommend focusing on phishing simulation results. Has the click rate decreased? Has the report rate increased? The results of your regular phishing simulations offer the best insight into program effectiveness.

https://securityboulevard.com/

*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Kimber Bougan. Read the original post at: https://info.phishlabs.com/blog/training-evaluation-conundrum

Source link

The post #cybersecurity | #hackerspace |<p> The Training Evaluation Conundrum – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Sync AD with macOS – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

By Zach DeMeyer Posted December 25, 2019

Managing user access to Mac® laptops and desktops has historically been a challenge, particularly when using Microsoft® Active Directory® (AD) for identity and access management (IAM). The problem has been a constant issue for IT admins. Thankfully, from the cloud comes a new way to sync AD with macOS® systems.

The Active Directory Stronghold

Most organizations have centralized their IAM program around Microsoft Active Directory. Of course, AD was created in the era of on-prem, Windows®-based networks, so adapting it to modern environments has been a difficult process that is rife with growing pains.

In general, many modern IT networks are heterogeneous with regard to systems, given the rise of macOS and Linux usage in the enterprise. Beyond that, recent explosions of cloud-based applications and infrastructure have put AD-centric organizations in a tough spot.

Historically, IT admins have leveraged on-prem directory extensions or identity bridges to sync AD with macOS systems. In recent days, mobile device management (MDM) tools have joined the mix to manage systems, tablets, and smartphones. These solutions were generally effective, but came with some drawbacks. For some, directory extensions presented a lot of work in terms of installing, implementing, and integrating them. The other challenge with these solutions is that they are generally expensive and ultimately further entrench an organization on-prem. In our increasingly cloud-forward era, this might not be the best strategy for IT admins looking to scale with efficiency.

Syncing AD with macOS from the Cloud

Now, IT admins are at a crossroads. It seems like IT admins have to choose between the lesser of two evils. One route is to continue using their directory extensions and deal with the overhead and budget involved with maintaining them. The other is to find an alternative to Active Directory and replace it altogether, which might involve tedious and potentially painful migration efforts. 

The good news is that there is a third option: a cloud identity management solution that can extend Active Directory not only to Macs but also to Linux servers at (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Sync AD with macOS – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security