Home

now browsing by tag

 
 

#romancescams | FBI warns people stuck at home could be more vulnerable to online romance scams | romancescams | #scams

They send flowers. They spend months chatting online. They share poems expressing their love. For people forced to stay home during the pandemic, an online connection can offer solace and […] View full post on National Cyber Security

New wave of attacks aiming to rope home routers into IoT botnets | #corporatesecurity | #businesssecurity | #

A Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets. The report urges users to […] View full post on National Cyber Security

#computersecurity | #comptia | Ageing devices biggest threat to cybersecurity as work from home becomes norm – | #cybersecurity | #informationsecurity

Source: National Cyber Security – Produced By Gregory Evans

The IT companies are contemplating over extending this arrangement even after COVID-19 infections reduce. But, most companies agree to cybersecurity threat being a sword hanging over their heads

Rukmini Rao        Last Updated: June 10, 2020  | 18:54 IST

KEY HIGHLIGHTS:

  • In 2019, network infra assets of 47.9% businesses aged or turned obsolete
  • Ageing and obsolete devices in technology sector at 59.6%
  • Redirection of spend towards cloud services is resulting in decreased investment

Various sectors across the globe are slowing and in a staggered fashion opening up after nearly five months of lockdown, perhaps with the only exception of information technology sector, which adapted to a different working model to tide over the crisis. The IT companies are contemplating over extending this arrangement even after COVID-19 infections reduce. But, most companies agree to cybersecurity threat being a sword hanging over their heads. However, a recent report by NTT Ltd shows the root cause of cybersecurity threat having substantially increased is perhaps the obsolete or ageing devices.

“The assets of 47.9 per cent  organisations were ageing or turning obsolete as a weighted average, representing a significant surge from 2017, when this figure was just 13.1 per cent. Both connectivity and security are being compromised by enterprises leaving obsolete devices on the network,” the report  said. While the industry average in the use of obsolete and ageing devices is 47.9 per cent, public sector leads the way with 61.7 per cent, and surprisingly close second is the technology sector with 59.6 per cent of devices either ageing or turning obsolete. On an average, an obsolete device has twice as many vulnerabilities per device (42.2 per cent) compared to ageing (26.8 per cent) and current devices (19.4 per cent). Interestingly, the report says that around 2015-16,  businesses started investing and deploying new technology and spending on new devices peaked in 2017 when there were 86.9 per cent of organisations with current (latest) devices. Even as adoption of new wireless infrastructure is on the rise, with an average increase of over 13 per cent year-on-year, ageing and obsolete devices create security vulnerabilities and put businesses at risk of cyber attacks with people logging in from co-working spaces and remote work locations.

One of the biggest reasons behind the lower investment in  on-premises infrastructure, according to report, is the growth in cloud spend outpacing that in overall IT spend. This is what is leading to lower investments. Cloud adoption and spend were predicted to grow at a faster rate and in the region of 21-25 per cent CAGR until 2023. “The increase in on-premises, ageing and obsolete devices is partially due to a redirection of spend towards Software-as-a-Service (SaaS) and other cloud services, which results in a decrease in investment in on-premises infrastructure. However, we anticipate that there will be a significant increase in people working from home, even after pandemic reduction measures are lifted,” the report said.

Also Read: Coronavirus treatment cost: Tamil Nadu hospitals can’t charge above Rs 15,000 a day

Also Read: Vizag gas leak: Andhra govt forms committee to probe incident; seeks report by June 22

Source link

______________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

Posted in Computer Security, Hacking, Network Security, News Wire

Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The post #computersecurity | #comptia | Ageing devices biggest threat to cybersecurity as work from home becomes norm – | #cybersecurity | #informationsecurity appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberdegense | #computerhacking | GDPR Working from Home Checklist in The Light Of COVID-19 – | #cybersecurity | #informationsecurity

Source: National Cyber Security – Produced By Gregory Evans

Working from home in this pandemic period? Check some risk associated with it and Follow this step by step checklist that organizations need to take…

By Susan Alexandra, Contributing Writer

EU General Data Protection Regulation (GDPR) imposes strict checks and balances for any mishandling or accidental leakage of personal data. Companies and businesses have to take some mandatory measures to maintain GDPR compliance. The responsibility of the organizations for protecting data turns multifold in the current situation of work from home.

Risks of Working from Home

COVID-19 has forced the corporate industry to opt for remote working in place of an office setting. This has increased the risk of a data breach. The major causes of this increase in risk are:

  • Work from home means that several devices are connected to the company’s database. This increases the chances of data theft and leakage.
  • The flow of data to and fro the company’s system is carried out through multiple networks with varying security levels. This eases the work of predators and cybercriminals.
  • Most of the employees working in a traditional setting are not familiar with the usage of online tools. This increases the chances of human error and the mishandling of data.
  • Unprotected devices are always an easy target for phishing emails and malware. Just one risky device or a single random click by any employee can risk the whole system.

Checklist for GDPR Compliance

Here are some necessary measures that your company or organization must take, especially in this current situation of remote working, to maintain their compliance with GDPR.

  • The company must update its privacy policy for employees working from home.
  • New agreements must be made with third parties and outside vendors to maintain compliance with GDPR.
  • All the employees should be provided with secured devices by the company.
  • If employees are using their own devices, they must be well protected with an up to date version of antimalware and firewall.
  • The encrypted network is a must for data security. Therefore, the company should provide VPN protected Wi-Fi devices to all the employees working from home.
  • If the employees are using their own Wi-Fi, they must be restricted to use password-protected Wi-Fi only. They must avoid using shared or public Wi-Fi for accessing and sharing the company’s data.
  • Limit access to important files and data.
  • Two-factor authentication must be used for allowing access to the company’s database.
  • All the tools and software used for communicating and data transfer must be encrypted.
  • Employees must be asked to limit their online activities on the devices that are used for accessing the company’s database.
  • Employees must be restricted from sharing any details and passwords with unauthorized people. The company’s data should not be shared with anyone, not even with the family members.
  • Employees must be trained for the usage of online tools and software to decrease the chances of human error.
  • Employees must also be educated about online safety and how to stay safe from phishing emails and invading malware.
  • Companies should have a proper IT infrastructure to monitor remote devices connected with their system.
  • Notifications must be set to get an alert in case of any security risk from any device connected with the system. This device should be immediately removed from the system and denied access for the time being.
  • Companies must have taken Data Processing Impact Assessment (DPIA) to detect any issue in the security system.
  • If there are any loopholes in security, they must be dealt with on an urgent basis.
  • Companies must have prepared an alternate plan in case of a data breach.
  • Employees must also be trained to urgently deal with any security issue at their end.

These are some crucial steps that every organization must take to maintain GDPR compliance and avoid any fines by GDPR. According to a report by PrivacyAffairs, “the total number of GDPR fines are 256 yet”.

Maintaining GDPR compliance has become challenging for organizations in this work from home situation. GDPR is detecting more data breaches than ever and is actively imposing fines on the companies not following a proper data security regime. The time demands companies to be extra vigilant about their data security. They must revise their policies and devise new strategies for safer handling and storage of confidential and crucial data.

About the Author

Susan Alexandra Author

Susan Alexandra is an independent contributing author at SecurityToday and Tripwire. She is a small business owner, traveler, and investor in cryptocurrencies.

Source link

______________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The post #cyberdegense | #computerhacking | GDPR Working from Home Checklist in The Light Of COVID-19 – | #cybersecurity | #informationsecurity appeared first on National Cyber Security.

View full post on National Cyber Security

Working from Home? These Tips Can Help You Adapt

Source: National Cyber Security – Produced By Gregory Evans

COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.

So, you’re working from home …

For a while.

You’ve probably worked remotely before, and you’re thinking, “I’ve got this!”

Odds are, you’re mistaken. You don’t have this. That’s OK; this is an opportunity to learn new skills.

You can think of working from home much like someone moving into an entirely new environment. Your patterns of work might be optimized for working in an office, and they might not quite fit at home. You can think of this post as moving you from accommodating yourself to including yourself — reducing the friction that misspends your energy just to exist.

Now it’s time to adapt. You need to adapt, your workday needs to adapt, and your environment needs to be adapted. So what can you do? Below is some advice — take it in the spirit of unsolicited advice on self-improvement. Some of these things will work for you; some of them won’t. Many of these ideas work for me or people near me; they might or might not work for you. Give them a try, and be willing to learn and adapt.

Your Workspace
Maybe you’ve been getting by with sitting on the couch or on the floor in the corner of your bedroom. Those might be all the choices you have, but you should consider some changes:

  • Use an external monitor. One of the biggest productivity gains comes from useful screen real estate, so finding a way to get more is incredibly helpful to you. Paired with an external keyboard and mouse, you’re also on your way to better ergonomics.
  • Use a desk and a chair. Sitting on a couch for a long period is probably not healthy in a lot of ways. Can you fit in a sit/stand desk? Maybe you do need a different ergonomic choice, but make it deliberately.
  • If you can dedicate a workspace, that’s ideal. If you can’t, consider a space that you can set up at the start of the workday, then tear it back down in the evening — so you have clearly delineated boundaries of when you’re “in the office” instead of just chilling.
  • Even if you can’t dedicate a workspace, make a conscious effort to not take a meal (be it lunch, dinner, etc.) from where you are working. If you have a dedicated workspace, leave it and go to your kitchen, another room, or, if possible, outside for your meal. This should be time to mentally recharge as much as physically recharge. If you don’t have a dedicated space, still take the time to close your laptop and do something that is not work. Your brain (and your similarly stressed co-workers) will thank you.
  • Do you have a headset with a microphone to take meetings with? Gaming headsets can be an affordable and high-quality solution, or possibly Bluetooth earbuds. Anything is an improvement over just using your laptop’s speakers. But also think about how your ears might feel after multiple hours using a device you’re not familiar with. Maybe change between earbuds and a headset … or even just take a long break from videoconferencing.   
  • Wired Ethernet makes an enormous difference for videoconferencing — and for many of our other tools. Even if the cable has to get unplugged when you roll up your desk at the end of the day, this can be worth the trouble.

Your Family
There’s a good chance you’re sharing your space with other people — a partner, some children, maybe roommates. Their needs will matter, too, and it’s better for you to plan ahead with your schedules so that no one is disappointed.

  • Do you have to homeschool small children? What does your plan look like for that, and how are you trading it off with your partner?
  • Do you need to add daily household meetings to identify any issues?

Your Commute
You might be really excited about not having to waste time getting to the office because you can just hit work running. But take a moment to think about what you also do during your commute. Are you thinking about your schedule for the day? Working on a hard problem? Thinking about your kids? That’s valuable mental time, which you should consider how to keep in your day so that you can gracefully transition between parts of your life.

  • Can you go for a walk around the block (or further)?
  • Can you set aside quiet time at the start and end of your day, before you dive into email?
  • Make sure you take time for lunch. This might make a good time to check in with your colleagues in your co-working space or take quiet time for yourself. You might want to think about planning for those lunches to make sure you’re making healthy choices rather than just grabbing whatever is available.
  • Make a hard break. “Bye, kids, I’m headed to work!” can be a really powerful boundary to set.

Your Meetings
Meeting culture is very location-centric, especially when that location is your headquarters. Some of that is a product of enterprise tools (many video solutions makes it hard to see more than a few participants at once, and the slight added latency over the Internet interacts with the human desire to jump in as the next speaker), some is a product of our organizations (meetings where 80% of the attendees are physically in one place), and some is a product of habit (sitting in a circle, which then excludes the video participants). This is an opportunity to work on more-inclusive meeting structures.

  • Consider nonverbal cues for meeting participants to use to call for attention. If everyone is visible, that can be a raised hand; if that’s not the case, then a chat backchannel can help.
  • Work more on pauses between speakers. There is rarely a need to jump in instantly, and that’s often seen as a behavior that is exclusionary anyway, so this is a good opportunity to evaluate it. Past three people, a moderator helps enormously — perhaps defaulting to whomever called the meeting or wrote the agenda.
  • Consider working off a shared document with an agenda and notes so that some information flows can be faster-than-verbal. This might rely on everyone having more screen real estate.
  • Think about the lighting. You should be able to clearly see your face, which generally means lights and windows should be in front of you, not behind you. It’s always possible to learn from one call and revise or improve for the next one.
  • Thirty-minute blocks are not fundamental to the universe. You can meet for 5 minutes or 15 — and jumping from chat to a video call for 5 minutes can unlock great work for you or your colleagues.
  • As a last resort, disabling video can improve audio distortions, jitter, and latency in meetings.

Your Physical Wellness
When working from home, it can be really easy to fall into a rut with no physical activity. Perhaps you roll out of bed, grab a quick bite, and hop on a call. For a day, that’s only a little bad, but that’s a bad long-term pattern. Schedule your exercise time.

  • Maybe take that long walk at the start of your day or after lunch.
  • If you’re fortunate enough to have a treadmill or stationary cycle in your house, maybe you take a walking meeting with a colleague.
  • Look at how you can keep your body from stiffening from a lack of movement or poor ergonomics. Take stretch breaks. Take a 20-second break every 20 minutes and look out at something at least 20 feet away to prevent eyestrain. Consider how to incorporate physical wellness into your everyday routine.

(Story continues on next page.)

Andy Ellis is Akamai’s chief security officer and his mission is “making the Internet suck less.” Governing security, compliance, and safety for the planetary-scale cloud platform since 2000, he has designed many of its security products. Andy has also guided Akamai’s IT … View Full Bio

Previous

1 of 2

Next

More Insights

Source link

The post Working from Home? These Tips Can Help You Adapt appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Malproxying: Leave your malware at home

Source: National Cyber Security – Produced By Gregory Evans

Endpoint protection plays a critical role in
the modern organizational security stack. Yet the very nature of this security
model is fundamentally flawed. Endpoint security solutions, and the malicious
actors trying to breach them, are locked into a perpetual game of cat and
mouse. Each side must continually adapt and react to the tactics of the other.
And, unfortunately for organizational security specialists, the playing field
is radically unbalanced.

Security solutions and professionals need to
maintain perfect endpoint protection; hackers, meanwhile, need only a single
successful attempt to wreak extraordinary damage. Yet security solutions do
have one point in their favor: The most common endpoint security evasion
techniques require constant updating which limits the pool of attackers and the
scale at which attacks are launched.

This leads to a troubling
question — what if a technique existed that allowed attackers to evade defense
mechanisms while requiring little in the way of adjustments to malicious code?
That was the topic of a well-received recent presentation I gave along with my
colleague security researcher Hila Cohen at DEF CON 27 in Las Vegas, Nevada.

Let’s take a closer look at this technique
and its implications for endpoint security.

The Current State of Endpoint Security

Existing security solutions use three
mechanisms to maintain protection:

  • Static signatures — these can be a simple hash from a sequence
    of bytes in a file. Signatures sign file segments (or memory blocks), enabling
    a check against common IOCs (Indicators of Compromise) to see if the file is
    infected.
  • Heuristic rules — these rules can inspect the imported
    function list, executable uses, its sections sizes and structure, and many more
    properties including entropy. Heuristic rules attempt to discern properties
    that are common among malicious files yet don’t exist in safe executables. They
    are not based on IOCs and don’t examine binary sequences or hashes included in
    the static signature category.
  • Behavioral signatures –these
    signatures attempt to identify, evaluate and block all malicious activity.
    Because of the limitations of static signatures and heuristic rules, infected
    files are often miscategorized as safe. Behavioral signatures take a different
    approach, as they are based on an operational sequence executed in the system,
    rather than the implementation of malicious logic.

As mentioned above, endpoint protection
solutions have a variety of weaknesses. Attackers can change the IOCs,
properties and behavior of malicious files, allowing them to evade detection
and quarantining. However, these techniques are highly manual and require significant
expertise, making it difficult for attackers to implement at scale.

There is, however, another approach enabling
the circumvention of endpoint security without the need for extensive labor or
expertise: Malproxying.

How Malproxying Works

The core operational model of endpoint
security solutions is simple: Identify and analyze code, then classify and
(potentially) block. Yet what if an attacker could obscure that code entirely?

That’s the premise of the malproxying
technique, which avoids deploying malicious code on target machines and
therefore separates that code from any interaction with the target operating
system. Here’s how it works:

A piece of code interacts with its operating
system and environment through a set of API calls. The attacker redirects those
API calls, and instead of running them on his operating system, he proxies them
over the network to the target machine. So, the malicious code resides on the
attacker side, where it is not monitored by any security solution (as the
attacker completely controls the environment), but the actions performed by
that malicious code actually interact with the target environment, allowing it
to bypass common endpoint security protection mechanisms. The malicious code,
meanwhile, cannot tell that it has not been executed on the targeted machine.

On a deeper level, the technique involves two
key components: attacker and target stubs. The attacker code loads and executes
malicious instructions, controls its API function calls and redirects them over
a network tunnel to the target stub.

The target code appears innocent and has no
malicious activity pre-coded. It receives the API requests and parameters,
executes those requests and returns the results back to the attacker stub.
These results are returned to the malicious code, in the exact way they would
be returned if the malicious code had called the API functions locally. The
malicious code is totally unaware of the long journey the response went through
until it arrived at its destination.

Countering Malproxying

The malproxying technique is designed to
evade the primary mechanisms used by endpoint detection solutions. The target
stub contains no malicious logic in its base form, rendering it hard to
identify and easy to modify if caught. Static signatures and heuristic rules
are easily bypassed.

Behavioral signatures, however, are another
matter. In the bottom line, a “malicious” sequence of API calls must be
executed on the target machine to achieve the attacker’s malicious goals. A
sophisticated monitoring tool can detect that malicious flow and trigger an
alarm. This merely invites another protracted cat and mouse battle, as the
attackers have to find new ways to make it very hard for monitoring tools to
assemble the trace of their malicious actions.

For example, an attacker could trigger each
API function call in a different thread, making it harder for security
solutions to identify a single code flow to check whether it is malicious or
not. Second, the attacker could bypass the detection points, where the security
solution tracks the activity of our process. Once those detection points are
bypassed, the security solution is blind to any API-based activity.

Continual improvement and refinement of
behavioral detection capabilities represent a better option. Actions triggered
by malicious logic can be tracked using various techniques to ensure that calls
are fully tracked. By building a more robust log of executed system function
calls — and the signatures that define malicious behavior — organizations can
develop a more viable line of defense against this novel attack technique.

Amit Waisel, Senior Technology Lead in Security Research, XM Cyber

The post Malproxying: Leave your malware at home appeared first on SC Media.

Original Source link

The post #cybersecurity | hacker | Malproxying: Leave your malware at home appeared first on National Cyber Security.

View full post on National Cyber Security

How to Secure Your Wi-Fi Router and Protect Your Home Network

Source: National Cyber Security – Produced By Gregory Evans If you’re lucky, the process will be automatic; you might even get alerts on your phone every time a firmware update gets applied, which usually happens overnight. If you’re unlucky, you might have to download new firmware from the manufacturer’s site and point your router towards […] View full post on AmIHackerProof.com

#cybersecurity | hacker | Inside the connected home and its implications for cybersecurity and privacy

Source: National Cyber Security – Produced By Gregory Evans

Over
the last few years, the introduction of connected devices into our homes has
become a boon for consumer convenience and entertainment. But this dynamic has
important cybersecurity and privacy considerations. The astounding increase of
connected devices has not only given attackers new points of entry but also
allows more of our information to be collected and potentially shared than ever
before.

To
find out how consumers address cybersecurity and privacy risks of connected
devices in their homes, ESET, in September 2019, surveyed 4,000 people – 2,000 in the United
States, 2,000 in Canada. Overall, the results show a large disconnect between
what people say they do to protect themselves and what they are actually doing
in practice.

The Heart of the Connected Home

Starting at the central point of a connected home, the router, ESET polled respondents if they had changed their router username and password, either directly or through a technician when it was first acquired. About 57 percent of Americans either said the username and password were not changed or they do not know if they were changed. In a similar vein, 57 percent either could not or do not know if they could name every device connected to their home network.

A
secure router is the basis of an effective home network. The router is both the
heart of the network and is in the majority of scenarios the single internet-facing
device, taking ineffective security measures (or taking none at all) makes
every device connected to it more vulnerable. At a minimum, passwords and usernames
should be changed from either their factory or ISP/cable provider default. As
the public-internet facing device attackers may be able to gain some
information by default and even the slightest knowledge about a device will
open the opportunity to try connecting to it using the default administrative
credentials, making the device an incredibly easy target.

The devices connected to that network pose a risk as well. Almost 44-45 percent of respondents have between one and five connected devices, which one would think should be easy to keep track of. The respondents that have more than 10 devices is where keeping track of them all starts to get tricky. Giving each device a recognizable name is a must to make it easier to keep track of the authorized vs. unauthorized devices on a network.

Connected Device Security

Consumers claim to be worried about cybercriminals targeting connected home devices, yet 42 percent of respondents are not worried about something they sit in front of for hours every week – their connected TVs.

When
connected to the internet a connected TV can potentially be taken attacked by
ransomware, the resources abused by coinminers or the credentials used to
access your favorite streaming service could be stolen. Anything connected to
your home router can be targeted by cybercriminals.

Interestingly, about 17 percent of total respondents have connected devices (not just smart TVs) that they did not connect to the internet. Some didn’t have time to set up the features, while others simply don’t care enough about the additional features to connect the devices to the internet.

We found that more than half (61 percent) of Americans don’t turn off features that they do not use. Keeping with the television example, consumers may buy a smart TV for its streaming features only to realize after-the-fact that there are certain apps they want to use to connect to these services are not available on the device. The consumer purchases an additional streaming device, such as Apple TV or uses a gaming console to stream, but they never turn off the internet connection on the TV. That device is now connected to the home network and is likely not monitored or updated. That’s a hazard to home network security.

Start with the Basics

It’s
clear there is still a learning curve for many consumers with connected homes.
A whole host of problems can be avoided simply by changing the default username
and password on the router and keeping the software up to date. This is
especially important as consumers add new types of devices to their networks
every year, a trend this set to continue.

Consumers would do well to remember the saying, “an ounce of prevention is worth a pound of cure.” Our survey found that, even though 35 percent of Americans and 37 percent of Canadians said they were concerned about the security of their connected homes, only 20 percent of Americans and 29 percent of Canadians did any type of research on the data collection and storage policies of connected home device manufacturers.

Consumers
who spend hours evaluating price, features and the aesthetics of their home
devices would do well to spend a few minutes researching the reputation of the
manufacturer, the security of the device, known issues and vulnerabilities and
the degree to which their data is shared or sold to third parties.

Original Source link

The post #cybersecurity | hacker | Inside the connected home and its implications for cybersecurity and privacy appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | How HIPAA-Compliant Communication Tools Can Prepare Home Healthcare for PDGM

Source: National Cyber Security – Produced By Gregory Evans The new home healthcare Patient-Driven Groupings Model (PDGM) released by the Center for Medicare & Medicaid Services (CMS) goes into effect after January 1, 2020. With it, payment periods will be cut in half and therapy volume will no longer be considered when determining home health […] View full post on AmIHackerProof.com

#deepweb | Stocks making the biggest moves premarket: Home Depot, Boeing, Disney

Source: National Cyber Security – Produced By Gregory Evans Check out the companies making headlines in the premarket Tuesday: Home Depot — Home Depot shares dropped more than 5% in the premarket after the home improvement retailer reported disappointing same-store sales. The company said global same-store sales rose 3.6% in the previous quarter. Analysts polled […] View full post on AmIHackerProof.com