now browsing by tag


Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Source: National Cyber Security – Produced By Gregory Evans Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | This Is What Is Really Happening Right Now

Source: National Cyber Security – Produced By Gregory Evans Getty A week on from the U.S. killing of Iran’s Qassem Suleimani on January 3, media warnings around the cyber threat now facing the U.S. and its allies show no signs of diminishing. On January 8, the New York Times warned that even as “Iran’s military […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | DEF CON 27, Blue Team Village, @Lak5hmi5udheer’s, @dhivus & @NarayanGowraj’s ‘Who Dis Who Dis: The Right Way To Authenticate’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.


The post DEF CON 27, Blue Team Village, @Lak5hmi5udheer’s, @dhivus & @NarayanGowraj’s ‘Who Dis Who Dis: The Right Way To Authenticate’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27, Blue Team Village, @Lak5hmi5udheer’s, @dhivus & @NarayanGowraj’s ‘Who Dis Who Dis: The Right Way To Authenticate’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | The one issue where Democrats are to the right of Trump

Source: National Cyber Security – Produced By Gregory Evans There are almost no issues where Democratic presidential candidates want to run to the right of Donald TrumpDonald John TrumpClyburn to White House: ‘I am not going to be intimidated’ Trump to headline event for evangelicals in the new year Brazil’s Bolsonaro says Trump won’t pursue […] View full post on AmIHackerProof.com

#school | #ransomware | Ryuk Ransomware Is Making Victims Left and Right

Source: National Cyber Security – Produced By Gregory Evans While doing some open-source intelligence (OSINT), a security researcher discovered that a provider of end-to-end solutions for emergency care facilities in the U.S. fell victim to Ryuk ransomware. The company hit by the malware is T-System based in Dallas, Texas, and it is currently working to […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | G Suite Vs Office 365: How do you Pick the Right One?

Source: National Cyber Security – Produced By Gregory Evans

G Suite’s Advantages

Built for Mobile Usage
G Suite was built with a mobile-first design ethos. It works OOTB on a browser with a seamless device-agnostic UX from desktop to mobile devices. Owing to its leanness, it works at a high speed even with slow connectivity and low device processing power. 

Designed for Distributed Workforces
G Suite pioneered cloud-based document collaboration — view comments and edits made by your distributed team in real-time. Documents, spreadsheets, and presentations can be viewed directly from your email, without opening separate apps.

Rapid Adoption
G Suite’s star quality would be usability. It’s intuitive enough for employees to use from the get-go with minimal training. Moreover, as personal GMail has such ubiquitous adoption, there will be existing familiarity with the UI and workings of G Suite. This is particularly helpful for SMBs, educational institutions and non-profits with non-technical users and stretched IT teams.

Office 365’s Advantages

Built for Occasionally Connected Users
The “origin” of Office 365 is Microsoft Office, a set of desktop tools that remains the gold standard for personal productivity. Consequently, Office 365 has robust desktop clients for both Windows and Mac, providing powerful productivity tools that allow users to work anywhere. This combined with the offline capabilities of OneDrive for Business helps employees to easily work offline on documents. 

Seamless Transition to the Cloud
On-premises versions of Exchange and SharePoint have been the enterprise’s de-facto email and collaboration platform for decades, and employees who have been using it will be familiar with its cloud-based counterpart’s solutions. When using the desktop office applications or their web-based counterparts, users will be able to work the same way they always did,.

Support for Scalability
Office 365 comes with in-built integration with Azure and a centralized Admin Center with powerful management and compliance tools. It can thus effortlessly scale as your organization grows. Office 365 for business and enterprise options also have a spectrum of pricing options and provisions such as mixing licenses, suitable for a growing organization.

Picking the One That Fits

As with any org-wide platform, for it to be successfully adopted, what matters most is picking the solution that fits best in the organization, as opposed to picking the solution with maximum perceived features. 

  • Start with a detailed analysis of your current landscape — software stack, data requirements, business workflows and goals, nature of workforce (remote/co-located, mobile/desktop users), etc. 
  • Then understand the reasons why your organization is migrating. This will help you accurately gauge the ROI that the SaaS platform will bring to your organization by. 
  • Map the business benefits you expect with the features in the SaaS platform that will accelerate/deliver them. 
  • Reality-check their feasibility with the detailed analysis of your organization.

This will also help with planning the type of migration (phased rollout, email only, etc.), drawing accurate timelines and prioritizing the various phases of the migration. 

Don’t Forget to Secure your Move to the Cloud

After you select the SaaS platform that’s right for your organization and move to it, don’t forget to secure it. SaaS data requires protection too. The best-in-class platforms cannot protect you from data loss at your end due to human/malicious errors, sync errors or malware.

Secure your migration with Spanning’s top-rated backup solutions for both Office 365 and G Suite.

See Why SaaS Needs Protection

Source link

The post #cybersecurity | #hackerspace |<p> G Suite Vs Office 365: How do you Pick the Right One? <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | Pegasus like spyware could be snooping on you right now!!

Source: National Cyber Security – Produced By Gregory Evans Estimated reading time: 4 minutes The recent news of Pegasus spyware attack via WhatsApp that targeted lawyers, journalists and human rights activists, offers an astonishing revelation on the kind of havoc such spyware can create. We covered the topic extensively, recently. The frequent media buzz about […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Cyber threats in financial institutions: Getting the basics right

Source: National Cyber Security – Produced By Gregory Evans

Murali Urs

The WannaCry Ransomware which hit businesses including banks globally didn’t spare India, which was the second-worst affected country in APAC according to reports. It was a reality check for financial institutions as the attack was estimated to have affected more than 150 countries and caused millions of dollars in damage. The banking system often emerges as a sitting duck since it is the softest and most effective target.

In India too, cyber frauds are on the rise. According to a report by the Reserve Bank of India, a total of 2,059 cases of cyber fraud were reported in 2017-18 amounting to Rs 109.6 crore. The recent frauds at Cosmos Bank and State Bank of Mauritius branch based in Mumbai are only the beginning, with rise in digital transactions and their spread to the interiors of the country, cyber frauds at banks are on the rise.

Why Financial services?

The financial services industry is naturally a lucrative target for cyber criminals. The primary targets which are usually compromised in cyberattacks on banks are the SWITCH and SWIFT systems. SWITCH is a group of servers that are responsible for sending approval request from the ATM to the core banking system. SWIFT, on the other hand, is a global provider of a secure inter-banking messaging solution.

The SWITCH and SWIFT are the most sensitive components of the banking infrastructure, as they are responsible for the authorization of fund transfers. Each piece of information hacked—whether it is the data stored on the network, competitive intelligence, access to confidential email or trading strategies–typically has different types of buyers and methods for selling. Many forums and dark web sites exist for this purpose.

It is estimated that over 90% of all successful hacking scams start with a phishing attack. CFOs and finance staff are one of the most targeted employees in the company when it comes to email fraud. Hackers choose finance employees due to their access to company finances and other sensitive information.

Fighting the threat

The industry needs to start thinking cybersecurity from the ground-up and not as an afterthought. Organisations must act more aggressively, constructively and comprehensively to address security threats. There needs have better understanding about simple vulnerabilities such as weak endpoint security and lack of security awareness.

100 percent security is impossible for any organisation; however, the below approach will go a long way in combating financial hacking:

  • Installing Threat Detection: Organizations in India can improve their cybersecurity systems with more focused monitoring of critical servers and the usage of powerful detection technologies.
  • Automation: Automating to optimize incident response and building resiliency.
  • Initiate checkpoints for large fund transfers with manual inspection: As we have seen in the case of multiple financial heists, there are few common errors that could have been easily caught using manual inspection.
  • Train the employees: Employees are primary concern in cyber security. Lack of skilled cybersecurity professionals, unprepared security operations team are all proving to be great challenges. Training the workforce and creating awareness will help prevent a lot of cyber incidents.

The best way to fend off and respond to an attack is to internalize cyber-resiliency and cyber-agility tactics. Additionally, financial services companies must prioritize the value of information assets. Allocating additional budget towards company crown jewels is a good place to start. Leading technologies are only as effective as the company’s cyber-risk culture. Financial institutions must be aware of evolving risks and establish a plan for business continuity.

The author is Country Manager – India at Barracuda Networks. Views are personal.The Great Diwali Discount!
Unlock 75% more savings this festive season. Get Moneycontrol Pro for a year for Rs 289 only.
Coupon code: DIWALI. Offer valid till 10th November, 2019 .

Source link

The post #cyberfraud | #cybercriminals | Cyber threats in financial institutions: Getting the basics right appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Bernie Sanders is right, it’s time to redistribute economic power | Mathew Lawrence | Opinion

Source: National Cyber Security – Produced By Gregory Evans

Oligarchy rules the United States: the republic has been ransacked, its commonwealth privatised, and rentierism runs amok. The richest 10% of Americans capture an estimated 97% of all capital income – including capital gains, corporate dividends and interest payments. Since the financial crisis of 2008, almost half of all new income generated in the US has gone to the top 1%. The three wealthiest people in the US now own more wealth than the bottom 160 million Americans. And the richest family in America – the Walton family, which inherited about half of Walmart’s stock – owns more wealth than the bottom 42% of the American people.

The case for bold action is clear and overwhelming. Only a deep reconstruction of economic and political rights can challenge oligarchic power and halt runaway environmental breakdown. Fortunately, Bernie Sanders has just announced a new plan that matches the scale of the crisis.

His announcement on Monday of the corporate accountability and democracy plan is the latest and boldest proposal for economic democracy in America to emerge from the Democratic presidential race. At its core, it seeks to democratise the company by redistributing economic and political rights within the firm away from external shareholders and executive management toward the workforce as a collective. This is about redistributing wealth and income, but critically, it is also about redistributing power and control. Democratising the company would transform it from an engine of wealth extraction and oligarchic power toward a genuinely purposeful, egalitarian institution, one where workers would have a collective stake and say in how their company operates, and would share in the wealth they create together.

The Sanders plan would transform and democratise economic and political rights by fundamentally rewiring ownership and control of corporate America. Companies would be required to share corporate wealth with their workers, transferring up to 20% of total stock over a decade to democratic employee ownership funds. The monopoly on voting rights that private external shareholders and their financial intermediaries have benefited from would be ended; employees would be guaranteed the right to vote on corporate decision-making at work, and have a voice in setting their pay, regardless of the kind or size of company or firm they work for. Corporate boards would be democratised, with at least 45% of the board of directors in any large corporation directly elected by the firm’s workers. And the outrageous power of asset management – whose actions have done so much to accelerate the climate crisis by continuing to invest heavily in fossil fuel companies – would be ended. Asset managers would be banned from voting on other people’s money – the collective savings of millions of ordinary workers – unless following clear instructions from the savers.

Taken as a whole, Sanders’s plan would radically re-engineer how the company is controlled and for whom. The echoes with Labour’s agenda for democratising economic power is obvious, particularly John McDonnell’s inclusive ownership fund proposal, and further evidence of an increasingly fertile transatlantic pollination of ideas and practice, from the Green New Deal to movement building. Common Wealth, the thinktank that I am the director of, is another example of this, committed to designing ownership models for the democratic economy on both sides of the Atlantic. In this, at least, there is much to learn from the right; Anglo-American conservatism and the new right have long shared intellectual and organisational resources and common aims, from the incubation of neoliberalism, to current salivations over a disaster capitalism-style US-UK trade deal. It is time progressives did the same.

An emphasis on reimagining ownership and governance is a vital step forward. We face two deep crises – environmental breakdown and stark inequalities of status and reward – both sharing a common cause: the deep, undemocratic concentration of power in our economy. Working people lack a meaningful stake and a say in their firm. Corporate voting rights are near-monopolised by a web of extractive financial institutions. The needs of finance are privileged over the interests of labour and nature. Tinkering won’t address this deep imbalance in power. To build an economy that is democratic and sustainable by design, we need to transform how the company operates and for whom.

For the left, remaking corporations must be at the heart of a radical agenda. The company is an extraordinary social institution, an immense engine for coordinating production based on a complex web of relationships. The critical question is who controls how it operates and who has a claim on its surplus. Today, the answer is a combination of shareholders, institutional investors and executive management; the company has been captured by finance and extractive economic practices, but it doesn’t have to be that way.

The company – and the distribution of rights within it – are neither natural nor unchangeable. There is nothing inevitable about the existing, sharply unequal distributions of power and reward within them. The company is a social institution, its rights and privileges publicly defined. We can organise it differently: through social control, not private dominion, via democracy, not oligarchy. Sanders’s announcement is an important step toward that democratisation, and the deeper economic reconstruction that both people and planet deserve.

Mathew Lawrence is director of the thinktank Common Wealth

Source link

The post #deepweb | <p> Bernie Sanders is right, it’s time to redistribute economic power | Mathew Lawrence | Opinion <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says

Source: National Cyber Security – Produced By Gregory Evans

After eight months of maintaining his innocence in a massive data breach at Yahoo, Karim Baratov feels like he’s now, his lawyer says, doing the right thing by pleading guilty to charges stemming from his role as a hacker.

Baratov, who is from Hamilton, is scheduled for sentencing in February, after pleading guilty, in a U.S. court on Tuesday, to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft.

“He’s feeling like he’s doing the right thing … he’s happy that he’s doing the right thing, he’s happy that he’s opening up, and he’s not holding back,” said Amedeo DiCarlo, one of Baratov’s lawyers. “I think that’s what the justice system expects of him.”

Authorities say the hack affected at least a half billion user accounts, and was directed by two Russian intelligence agents. U.S. law enforcement officials call the 22-year-old Baratov a “hacker-for-hire” and say he was paid by members of Russia’s Federal Security Service to access more than 80 accounts.

DiCarlo wouldn’t say if Baratov turned over information on the two Russians linked to the case, but did say he has been “very forthcoming with his information” and “very transparent.”

“He told them everything they needed to know,” DiCarlo said.

Another one of his attorneys, Andrew Mancilla, echoed that sentiment outside of court after the guilty plea was made. “He’s been transparent and forthright with the government since he got here,” Mancilla said.

The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses, according to prosecutors.

Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, were also named in the indictment filed in February, though it’s not clear whether they will ever step foot in an American courtroom since there’s no extradition treaty with Russia.

Yahoo user accounts began being compromised at least as early as 2014. Prosecutors say Dokuchaev and Sushchin turned to Baratov after learning that one of their targets had accounts at webmail providers other than Yahoo.

After Baratov’s arrest, his parents said that their son was a “scapegoat.” DiCarlo said they are now finally seeing some sense of closure.

“It’s a big strain on everybody — it’s kind of like you’re biting your fingernails, waiting for the result. Now, here is a final result in their opinion … they see an end in the future.”

Baratov’s sentencing is set to happen in February, and the threshold for how much jail time he could face ranges from zero to 20 years, DiCarlo said — though he would not disclose what sentence the defence will submit as appropriate. It’s also not clear if Baratov would serve a sentence in Canada or the United States.

“We’ve got our ranges to work with, and that’s where the lawyering takes place,” DiCarlo said.

The post Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures