says

now browsing by tag

 
 

PRIMARY #CYBERSECURITY #THREAT TO #OMAN IS #EMAIL-BORNE #MALWARE, SAYS #EXPERT

Like most of government and private sectors and industries around the world, organisations in Oman also face the same cyberthreats, including ransomware, malware attacks as well as data privacy and protection challenges.

The primary cybersecurity threat to Oman is email-borne malware. Ransomware and phishing attacks are also on the rise, says an expert.

Speaking exclusively to Muscat Daily, Raj Sabhlok, president of ManageEngine, the brand known for making efficient and thoughtful IT management software and a division of the popular Zoho Corporation said, “Going forward, one of the key challenges Oman will face is risk that Internet of Things (IoT) and Artificial Intelligence (AI) pose to enterprise data and IT security. In the IT departments, those external threats compound the internal threat of poor IT management practices. The internal threats range from lax endpoint management such as failure to containerise enterprise data on employee-owned devices to inconsistent application patching, weak password management, and more. Healthcare and financial services are top targets of cyberattacks.”

Speaking on the integration to the role of IT management and cybersecurity in addressing the latest technology developments in global cloud, networking, and security management, he added, “Recent security breaches have made it clear that just about any IT element can become an attack vector, and improper IT management just paves the way for cybercriminals. With latest technology developments in cloud and elsewhere, organisations need to be proactive in IT management, so that the opportunities and benefits do not come at the cost of breaches, data theft, and other cyberattacks.

“Of course, the IT management tools must support that proactive posture, both as individual products as well as an integrated suite.”

On the safety of cloud, Sabhlok said, “Over the years, cloud companies have invested heavily in the security of their cloud infrastructure and applications. The investments include the resources needed to create redundant copies of data, encrypt data, authenticate users, and more. Amazon Web Services (AWS) has more than 1,800 security controls for its services, the BBC reports. And the exponential adoption of cloud technologies in the recent past is a testament to the overall security of the cloud.

“Meanwhile, cloud vendors continue to enhance the security of their offerings so that they comply with the growing array of data protection and data privacy laws such as EU’s General Data Protection Regulation, and South Africa’s Protection of Personal Information Act. Going forward, cloud vendors will have to scale their IT to accommodate relentless growth: Gartner predicts worldwide public cloud services revenue will reach US$411.4bn in 2020 compared to the 2017 revenue of US$260.2bn. Mobility will be another challenge for cloud vendors as well as keeping operating and capital expenses in check as demand for their services grow.”

advertisement:

The post PRIMARY #CYBERSECURITY #THREAT TO #OMAN IS #EMAIL-BORNE #MALWARE, SAYS #EXPERT appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Engineer says #Emirates is #virtually #handing #customer data to #hackers

Source: National Cyber Security News

A data security engineer has come out with the claim that Emirates is virtually handing customers’ sensitive information to hackers and marketers.

Konark Modi says he was booking tickets for his family on the Emirates website when he noticed a few things. Namely, that there were around 300 data points related to his booking and that the information was being shared with “approximately 14 different third-party trackers like Crazy egg, Boxever, Coremetrics, Google, and Facebook among others.”

While this kind of behavior on its own isn’t unusual, the URL included in Modi’s email used the HTTP protocol, which is notoriously insecure compared to HTTPS and can effectively make webpages that are supposed to be private easily accessible to hackers and other adversaries.

Anyone with access to these link can not only read but also edit the user and booking information. That includes stealing your identification details like email address, phone number and passport information, and changing or cancelling the flight.

Following the allegations from Modi, web security company High-Tech Bridge decided to check out the Emirates website with its free SSL/TSL Security Test. The results found that the majority of Emirates.com subdomains (including reservations) have very weak encryption or for some none at all.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Cyber #security #threats #pervasive says #APRA

Source: National Cyber Security News

The year 2017 was a rough one for cybersecurity. From the WannaCry ransomware attack to the Equifax hack, 2017 was a harsh reminder of the importance of having strong IT practices and an incident response plan.

So what does 2018 have in store? SecureWorks, one of our partners and the nation’s largest cybersecurity firm by number of clients, compiled some of the top 2018 predictions from various industry analysts. These cover everything from security services, IoT, integrated platforms, GDPR, skills shortage, detection and response, and machine learning, to automation and orchestration. Here’s a summary of the predictions:

1. Companies will be using vendors that offer an integrated platform approach to security.

advertisement:

It’s predicted that by 2020, 30 percent of security spending will be on vendors that provide an integrated platform approach to security. With countless security solutions, and the ever-evolving threat actor, organizations want to find solutions that most effectively mitigate risk and reduce complexity.

2. Machine learning and cognitive software will be utilized more by organizations.

By 2020, 50 percent of security telemetry will be made more useful through machine learning and cognitive software, which will ingest and curate it into actionable and intelligent data at record speed. By 2021, requirements for greater efficiency in threat response will drive 20 percent of buyers to heavily weight automation in buying criteria.

Read More….

View full post on National Cyber Security Ventures

The #Future Of #Company #Cybersecurity? #Pentesting, Says #CyberByte

Source: National Cyber Security News

Companies rank cybersecurity as one of their top priorities – yet, when enquired, their respective departments hard-pressed to identify the core steps that need to be taken in order to maintain it at top levels. CyberByte, the preeminent Romanian cybersecurity firm, has recently published an informative article, wherein it maintains that penetration testing – or pentesting- will define the future of company cybersecurity.

The term pentesting refers to “a series of ethical hacking attacks on IT systems”, which are made with the ultimate goal of uncovering system vulnerabilities and potential cybersecurity issues. In addition to helping calculate the chances of a potential cyberattack succeeding, pentesting provides an overview of the efficacy of a company’s cybersecurity measures that are already in place, with its results acting as a guide for further improvements that need to be made in order to bolster existing cybersecurity strategies.

“Pentests are classified according to the information available for each system. The two most commonly used methods of pentesting, the Penetration Testing Execution Standard or PTES, and the OWASP method, are not particularly innovative. The same applies for the Open Source Security Testing Methodology Manual, or OSSTMT, which has now become an industry standard – despite the fact that, much like the aforementioned methods, it represents a very primordial approach to a universal cybersecurity structure,” said Mr.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Park Hill #parent says #school #laptop was used for #inappropriate #relationship with #student

Source: National Cyber Security News

A metro school district is making big changes in cybersecurity. It comes after a parent says things got so bad for her daughter, she was forced to pull her child out of school and move her out of state.

41 Action News sat down with a concerned mother who wished to remain anonymous. Her daughter once attended the Park Hill School District.

She said the problems began shortly after her daughter was issued a laptop by the district. She said her daughter then set up a Facebook account with her school email address, on her school laptop.

“This Facebook account was used by her boyfriend to help groom her for an inappropriate, sexual relationship,” said the mother. “Over a 6-week period, there’s 650 printable pages of him talking to her and trying to teach her about bondage relationships.”

The mother said her daughter’s personality changed abruptly and feels the inappropriate relationship would’ve been caught sooner if district leaders put more safeguards on those laptops.

“She got physically violent with me one time. If they’re searching for guns, violence, porn, then someone should be alerted to this. Whether it’s inside the school or not.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Salaries Will #Increase for #Cybersecurity #Jobs, Survey #Says

Source: National Cyber Security – Produced By Gregory Evans

After another record-setting year for cybercrime, security professionals are in line for a well-deserved raise, according to recent research.

The “Robert Walters Salary Survey 2018” predicted that salaries for cybersecurity jobs around the world will rise by 7 percent in 2018. In addition, the recruitment firm estimated that all IT roles will see an average increase of 2 percent in salary.

Read More….

The post Salaries Will #Increase for #Cybersecurity #Jobs, Survey #Says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Bad #moods weaken #cybersecurity, UD research #says

Source: National Cyber Security – Produced By Gregory Evans

Firms like Wilmington’s The Fun Dept. have been saying that happy employees equal more profitable companies for years. Now, according to a report by the University of Delaware’s John D’Arcy, it appears that the crabbier the employees, the less secure their computing behavior.

UDaily’s Sunny Rosen reports on the associate professor’s findings:

Read More….

The post Bad #moods weaken #cybersecurity, UD research #says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Iranian #Hackers Have Set Up a #News Outlet to #Court Possible #Targets, #Security Firm Says

Iranian #Hackers Have Set Up a #News Outlet to #Court Possible #Targets, #Security Firm SaysAn Iranian cyber espionage group known as Charming Kitten is believed to be behind a campaign targeting academic researchers, human rights activists, media outlets and political advisors focusing on Iran, according to a report published earlier this week by Israel-based threat intelligence company ClearSky Cyber Security. The group has also set up a news outlet […] View full post on AmIHackerProof.com | Can You Be Hacked?

Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says

Source: National Cyber Security – Produced By Gregory Evans

After eight months of maintaining his innocence in a massive data breach at Yahoo, Karim Baratov feels like he’s now, his lawyer says, doing the right thing by pleading guilty to charges stemming from his role as a hacker.

Baratov, who is from Hamilton, is scheduled for sentencing in February, after pleading guilty, in a U.S. court on Tuesday, to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft.

“He’s feeling like he’s doing the right thing … he’s happy that he’s doing the right thing, he’s happy that he’s opening up, and he’s not holding back,” said Amedeo DiCarlo, one of Baratov’s lawyers. “I think that’s what the justice system expects of him.”

Authorities say the hack affected at least a half billion user accounts, and was directed by two Russian intelligence agents. U.S. law enforcement officials call the 22-year-old Baratov a “hacker-for-hire” and say he was paid by members of Russia’s Federal Security Service to access more than 80 accounts.

DiCarlo wouldn’t say if Baratov turned over information on the two Russians linked to the case, but did say he has been “very forthcoming with his information” and “very transparent.”

“He told them everything they needed to know,” DiCarlo said.

Another one of his attorneys, Andrew Mancilla, echoed that sentiment outside of court after the guilty plea was made. “He’s been transparent and forthright with the government since he got here,” Mancilla said.

The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses, according to prosecutors.

Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, were also named in the indictment filed in February, though it’s not clear whether they will ever step foot in an American courtroom since there’s no extradition treaty with Russia.

Yahoo user accounts began being compromised at least as early as 2014. Prosecutors say Dokuchaev and Sushchin turned to Baratov after learning that one of their targets had accounts at webmail providers other than Yahoo.

After Baratov’s arrest, his parents said that their son was a “scapegoat.” DiCarlo said they are now finally seeing some sense of closure.

“It’s a big strain on everybody — it’s kind of like you’re biting your fingernails, waiting for the result. Now, here is a final result in their opinion … they see an end in the future.”

Baratov’s sentencing is set to happen in February, and the threshold for how much jail time he could face ranges from zero to 20 years, DiCarlo said — though he would not disclose what sentence the defence will submit as appropriate. It’s also not clear if Baratov would serve a sentence in Canada or the United States.

“We’ve got our ranges to work with, and that’s where the lawyering takes place,” DiCarlo said.

The post Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures