Company

now browsing by tag

 
 

#hacking | Ethical Hacking is Evolving – Here’s How Your Company Can Keep Up

Source: National Cyber Security – Produced By Gregory Evans

With the global cost of cybercrime expected to surpass $2 trillion by the end of 2019, it’s no surprise that organizations have sought out unconventional cybersecurity strategies. For years, businesses have encouraged — and even hired on — hackers to unearth their digital vulnerabilities.

To be clear, these hackers aren’t bad guys turned good. Ethical, or white hat, hackers use their computer security expertise to hack into organizations’ digital infrastructure and identify cybersecurity weaknesses, rather than exploit them. The profession isn’t necessarily new, but the ethics surrounding it have begun to evolve.

While 75% of white hat hackers say that no amount of money could turn them into black hat hackers, that leaves 1 in 4 ethical hackers who would switch their hats for the right price — or more recently, the right cause.

While that isn’t to say that all ethical hackers are easily swayed, the promise of a hefty payout or even “hacktivist” glory can be attractive. With this knowledge in mind and sensitive data on the line, businesses must reassess their ethical hacking practices. Before communicating with outside ethical hackers or bringing an ethical hacker onto your team, consider how you can best ensure this practice isn’t endangering your organizations’ data.

Before you continue reading, how about a follow on LinkedIn?

How to hire an ethical hacker

Companies have offered bug bounties to outside hackers for years, but it’s different to invite a white hat into the office — and behind your security perimeter. When hiring an ethical hacker, organizations should reinforce all of the precautions usually taken during the onboarding process to ensure their data and their customers’ is protected.

Remember, ethical hacking is an increasingly accepted and legitimate profession. Therefore, be careful not to treat an ethical hacker like a former (or current) criminal. While the nature of their duties is historically “bad,” that doesn’t warrant a set of guidelines separate from their coworkers. Doing so makes an already traditionally solitary role even more isolating and could make them feel like they are doing something wrong when they are actually helping your business.

Just as you would for any employee that handles or has access to sensitive company data, be sure to make it clear in the ethical hacker’s contract that legal action or other serious consequences are possible should they misuse company data and information. Be sure to thoroughly check their references and obtain a comprehensive history of their career to cover your bases.

Companies should indicate in ethical #hacker’s contract that legal action or other serious consequences are possible should they misuse company data. #respectdata Click to Tweet

It’s also critical that you make an effort to ensure that other employees do not perceive their new coworker as dangerous or untrustworthy because of the nature of their work. Encourage trust and familiarity with team-building exercises throughout the company and education initiatives that help everyone understand the projects the ethical hacker is working on. When there is visibility into what the ethical hacker actually does, the employee feels supported and accepted — and leadership has extra reassurance that the hacking remains ethical.

Approach outside ethical hackers with a set protocol

While you’re rethinking your organization’s policies toward hiring ethical hackers, it’s worth considering how you deal with outside white hats too. Some organizations offer “bug bounties” to those who can find previously unnoticed vulnerabilities in their digital infrastructure. It could be dangerous to overlook these independently operating hackers — over 70% of cyber attacks are financially motivated, so having some sort of compensation is a best practice.

Organizations must be open to all security opportunities

In an environment where cyberattacks are only set to increase, being open to the latest cybersecurity strategies is essential to protecting the digital infrastructure of your organization. While there are some risks that come with ethical hacking, having someone who thinks like and is equipped with the same skills as the bad guys might be the best way to keep your information safe from them.

 


Source link

The post #hacking | Ethical Hacking is Evolving – Here’s How Your Company Can Keep Up appeared first on National Cyber Security.

View full post on National Cyber Security

When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company

When hackers get hacked” should become the tagline of 2018. After several other similar incidents, it is now the turn of an Android spyware maker that advertises its spyware to be used against children and employees. A target of a vigilante hacker, the company known as SpyHuman offers surveillance software for Android devices that enables its users to intercept phone calls, text messages, track GPS locations, read messages on WhatsApp and Facebook, and use the target device’s microphone.

It now appears that a hacker has stolen customer text messages and call metadata from the spyware company. Call metadata includes phone numbers the target devices dialled or received calls from along with their duration and dates. Hackers managed to access over 440,000,000 call details through exploiting a basic security flaw in the website.

advertisement:

nso-pegasusRELATEDControversial Israeli Spyware Firm Robbed by Its Own Employee Who Tried Selling Code for $50 Million!

“These spy apps should be out of market, most people spy on girls and [their] data image […] always sensitive,” the hacker wrote in a message that was obtained by Motherboard. “No one have rights to do that and same these apps and provider making money by doing this.”

While SpyHuman sells its spyware as a tool to monitor children and employees, it’s mostly used to illegally spy on partners and spouses without their consent. “Several review websites and social media posts do push the app for such purposes, and archives of particular SpyHuman pages include phrases such as ‘know if your partner is cheating on you,’ and suggests monitoring your husband’s texts in case he is having an affair,” the publication reports.

The company gave the following (non)explanation when asked about how it makes sure its software isn’t being used for illegal surveillance:

staff-surveillance-2RELATEDMicrosoft Exposes FinFisher Gov Spyware – Says Windows Defender ATP Can Now Detect the Notorious Spyware

“As a precaution, at an initial stage of our app installation, we always ask users that for what purposes they are installing this app in the target device. If they select child or employee monitoring then our app stays hidden and operate in stealth mode. Otherwise, it will create visible Icon so that one can know that such app is installed on his/her devices.”

As is apparent, since its users can always select a child or an employee – which in itself raises several questions – they don’t necessarily have to reveal if they are using the product for spying on people, mostly partners, without their consent.

– If you are a victim of spyware or technology-facilitated abuse, this is a very comprehensive resource list offering guidelines and help.

The post When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Facebook #secretly deleted #some of Mark Zuckerberg’s private #messages over fears the #company could be #hacked

Want to delete that embarrassing message you just sent? WhatsApp will let you, and so will Instagram — but if you’re using Facebook, then you’re out of luck.

Unless you’re Mark Zuckerberg, the CEO and cofounder of Facebook.

TechCrunch reported Thursday that some old messages sent by Zuckerberg and senior executives have disappeared from recipients’ Facebook Messenger inboxes, proven by the original email receipts sent at the time.

The company appeared to confirm the unique arrangement, telling TechCrunch the change was made in response to an uptick in hacking.

“After Sony Pictures’ emails were hacked in 2014 we made a number of changes to protect our executives’ communications. These included limiting the retention period for Mark’s messages in Messenger. We did so in full compliance with our legal obligations to preserve messages,” the company said.

The Sony hack targeted the emails of Sony film executives, which revealed a side of Hollywood rarely seen by outsiders, and the decision to name the event as a catalyst for Facebook’s message purge indicates how troubling the incident was in Silicon Valley — and that Facebook was concerned about being hacked.

The company also raised the idea of a “retention period,” though there is no such thing for normal users. If a user long presses a private message on Facebook a “Delete Message” pop up confirms that the function will “delete your copy of the message,” and the recipients’ copy will remain.

Facebook-owned Instagram has long had the option to “unsend” direct messages, while Facebook-owned WhatsApp recently launched a deletion function where unread messages can be deleted “for everyone.” A message is then displayed to all participants that content has been deleted.

But Zuckerberg’s deleted messages didn’t leave behind any such message, probably because they had already been read, many years ago.

The messages were originally sent to former employees and people outside of Facebook. According to TechCrunch, the recipients of the now-deleted messages were not informed at any stage that correspondence they received had been erased.

Zuckerberg may be the CEO of Facebook, but it’s unclear how the decision to remove senior executives’ messages would be allowed under the company’s terms of service. The terms only allow Facebook to remove content if the company believes “that it violates this Statement or our policies” or for infringing copyright.

Deleting messages quietly, and selectively, also appears to fly in the face of Facebook’s campaign to “make the world more open and transparent.” Its own policies say that the company “should publicly make available information about its purpose, plans, policies, and operations.”

Facebook appears to have not followed these policies in this instance, and it raises questions about the recipient’s right to privacy.

The news comes just weeks after the Cambridge Analytica scandal which has seen Zuckerberg admit that tens of millions of users probably had their data scraped.

advertisement:

The post Facebook #secretly deleted #some of Mark Zuckerberg’s private #messages over fears the #company could be #hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #Future Of #Company #Cybersecurity? #Pentesting, Says #CyberByte

Source: National Cyber Security News

Companies rank cybersecurity as one of their top priorities – yet, when enquired, their respective departments hard-pressed to identify the core steps that need to be taken in order to maintain it at top levels. CyberByte, the preeminent Romanian cybersecurity firm, has recently published an informative article, wherein it maintains that penetration testing – or pentesting- will define the future of company cybersecurity.

The term pentesting refers to “a series of ethical hacking attacks on IT systems”, which are made with the ultimate goal of uncovering system vulnerabilities and potential cybersecurity issues. In addition to helping calculate the chances of a potential cyberattack succeeding, pentesting provides an overview of the efficacy of a company’s cybersecurity measures that are already in place, with its results acting as a guide for further improvements that need to be made in order to bolster existing cybersecurity strategies.

“Pentests are classified according to the information available for each system. The two most commonly used methods of pentesting, the Penetration Testing Execution Standard or PTES, and the OWASP method, are not particularly innovative. The same applies for the Open Source Security Testing Methodology Manual, or OSSTMT, which has now become an industry standard – despite the fact that, much like the aforementioned methods, it represents a very primordial approach to a universal cybersecurity structure,” said Mr.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Large #Green Bay #company hit by #hackers

Source: National Cyber Security – Produced By Gregory Evans

GREEN BAY, Wis. (WFRV) – Green Bay police say hackers broke into the computer system of a large local employer this past week, leading to the theft of a significant amount of money. Investigators told CBS 58 affiliate, WFRV, the hackers may have got in through a security flaw that could have been corrected.

Read More….

The post Large #Green Bay #company hit by #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How Your Company Can Close The Cybersecurity Skills Gap

Source: National Cyber Security – Produced By Gregory Evans

There is a significant skills gap in the United States today, and one particular area that is feeling the pain of the gap is cyber security. This gap isn’t just a concern for large technology companies, if the latest Equifax hack or WannaCry news is any indication: It’s a gap…

The post How Your Company Can Close The Cybersecurity Skills Gap appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

This Company is ready to pay you $500,000 if you can hack WhatsApp

Source: National Cyber Security – Produced By Gregory Evans

A company named Zerodium has recently announced that they are ready to pay you $500,000 if you can find an exploit in WhatsApp and Signal, two popular messaging apps with hundreds of millions of users across the world. A huge prize money like that is irresistible for hackers. To avail…

The post This Company is ready to pay you $500,000 if you can hack WhatsApp appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CHINESE HACKERS ATTACK GURUGRAM COMPANY

Source: National Cyber Security – Produced By Gregory Evans

The Millennium City witnessed its first case of Ransomware attacks by Chinese hackers with two cases coming to light recently. A city-based clothing company has reported to the Gurugram police that the hackers had demanded Rs 25 lakh from them as ransom. The other case involved a ransom demand of…

The post CHINESE HACKERS ATTACK GURUGRAM COMPANY appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Your Company Has Been Hacked; Should You Call the Government?

Source: National Cyber Security – Produced By Gregory Evans

U.S. companies’ vulnerability to data security incidents through computer hacking has garnered unprecedented public awareness in the last 12 months. Given our increasing volume of user data generated in business and its significant value, hacking will remain a common feature in the data landscape. In one respect, the most sophisticated…

The post Your Company Has Been Hacked; Should You Call the Government? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures