now browsing by tag


#cybersecurity | Cyber Security Today – Stalkerware and ransomware increasing, password advice and updates to watch for

Source: National Cyber Security – Produced By Gregory Evans

Stalkerware and ransomware increasing, password advice and updates to watch for.

Welcome to Cyber Security Today. It’s Friday October 4th, I’m Howard Solomon, contributing reporter on cyber security for

A few months ago I warned about stalkerware, which are apps installed on a smartphone or tablet that lets another person keep an eye on what you’re doing. Usually this app gets installed when you’re not looking by a spouse, lover or friend who has access to your device. This is not a parental control app a parent installs on a child’s device. This is is an illegal snooping app. This week security vendor Kaspersky put out some numbers that may give an idea of how common their use is, based on the number of detections from its security software. In the first eight months of the year there were more than 518,000 cases where the software either registered the presence of stalkerware on users’ devices or detected an attempt to install it. And remember, that number is only for devices that use Kaspersky software. Huge numbers of people either don’t use antivirus software on their mobile devices, or use another brand. Some of these apps hide themselves on devices, so victims don’t know its there. Stalkerware has to be installed directly by someone. So think twice before letting a friend, or someone closer, use your phone.

As I mentioned on Wednesday, this is Cyber Security Awareness Month. As part of that Google released a public opinion poll that, if representative, shows a lot of Americans aren’t cyber aware. Twenty-four per cent of respondents said they use weak passwords like “admin” and “1234.” Fifty-nine per cent have used a name or birthday in an online password. Many people must know others use weak passwords because 27 per cent of respondents say they’ve tried to guess someone else’s password — and of those 17 per said they guess right. Well, if you can guess right, so can criminals. Look, it isn’t easy to have to remember lots of passwords. That’s why there are password managers. Google has one it just improved, which is why it released the survey. There are lots of password managers. Go online, do a search, use one of them.

The FBI this week issued a reminder to organizations that ransomware is crippling those who aren’t prepared. The latest hit were three rural hospitals in the same group in Alabama. For a time new patients had to be sent to Birmingham. Last week a major hospital in downtown Toronto was hit. The FBI urges organizations to regularly back up their data and verify its integrity. Ensure backups can’t be infected by being connected to live networks. Focus on employee awareness and training to recognize suspicious email. And make sure all software gets security patches as soon as they are available.

Finally, some product updates to watch for: If you use WhatsApp on an Android device running version 9 or 8 of the operating system, make sure you upgrade to the latest version of WhatsApp. There’s a serious bug that could let a hacker into your device by sending you a repeating video called a GIF. Like one of those videos of a cat doing something silly.

And Microsoft has put out another Windows update to fix a printing problem. This patch is to fix ones that were issued over a week ago. It also updates Internet Explorer.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Related Download
Sponsor: CanadianCIO

Cybersecurity Conversations with your Board – A Survival Guide

Download Now

Source link

The post #cybersecurity | Cyber Security Today – Stalkerware and ransomware increasing, password advice and updates to watch for appeared first on National Cyber Security.

View full post on National Cyber Security

#Cyber #Security Today: Jan. 7, 2019 — #iPhone call #scam, Germans #hacked and Android #spyware

Watch out for this iPhone call scam, prominent Germans hacked, Android spyware found and an Acrobat update.

Apple iPhone users should be on the lookout for a phone phishing scam. According to security writer Brian Krebs, it works like this: You get a call and when you look at the phone’s screen to see who it is, the Apple logo, real phone number and real address is displayed. The target in this case didn’t answer the call so a message was left asking her to call a 1-866 number. It probably led to a scammer who would have asked for personal information. So iPhone users, ignore calls purporting to be from Apple. Apple won’t phone you. And for those who use other phones, hang up on anyone who tries to get personal information or passwords.

Hackers somehow have gotten access to private emails, memos and financial information of hundreds of German politicians, reporters, comedians and artists. The information was then published through a Twitter account. At this point no one knows if this was the work of a mischievous activist or a foreign country, or exactly how it was done. But British security writer Graham Cluley suspects victims fell for a phishing lure and gave away a password to one of their email or social media accounts. The hacker then went from there. Victims may have also used the same password for different accounts, which also makes a hacker’s job easier. If so, it’s another example of why you shouldn’t use the same password on more than one site, and, where possible enable two-factor authentication to make sure someone else can’t log into your account. Two factor authentication usually sends a six-digit number to your smart phone that you have to enter in addition to your password. Check your applications’ settings to see if you have it.

UPDATE: According to the Associated Press, a popular German YouTube contributor who was victimized said the perpetrator somehow first gained access to his email account and then convinced Twitter to disable a second security check — presumably two-factor authentication — required to take control of his account on the social networking site.

Twitter didn’t immediately respond to a request for comment and it wasn’t clear how many of those affected by the leak had such “two-factor authentication” enabled for their email or social media accounts, and whether the hacker similarly managed to bypass it.

As hard as Google tries to keep malware out of the Google Play store, criminals manage to find ways to evade detection. Trend Micro reports it discovered spyware hidden in six seemingly legitimate Android applications including a game called Flappy Bird, a presumably copycat called Flappy Birr Dog, FlashLight, Win7Launcher and others. All have been removed from the app store. The spyware would have stolen information like user location, text messages, contact lists and device information as well as try to phish for passwords. Owners of any computing device have to be cautious when deciding what to download, advises Trend Micro.

Finally, Adobe usually issues security updates on the second Tuesday of the month, which is tomorrow. However, it has already issued an emergency patch for Acrobat and Acrobat Reader. So if you use either of these applications check you have the latest versions.





View full post on National Cyber Security

Digital #billboards in the #UK will today start #showing #hacking #attempts

Source: National Cyber Security News

The campaign, sponsored by an insurance company, intends to demonstrate how often hacking attempts are made on a typical small business site.

A variety of recent campaigns have employed digital billboards to show imagery in response to data from weather, traffic conditions, social posts from passersby and commute times.

Today, a new week-long campaign launches in the UK: Dozens of digital displays will demonstrate the frequency of hacking attempts on a typical small business’s website.

Called the Honeypot Poster by campaign sponsor Hiscox insurance, the displays show dots that demonstrate live hacking attempts on custom, “honeypot” proxy servers of the sort that might host a typical small business website, except there was no virus or firewall protection. The servers hold some data but no personal or sensitive info.

The displays show changing dots inside the words “Cyber Attack,” with each dot representing a hacking attempt and a numerical counter showing the daily attacks thus far. During the trial period for the campaign, the hacking attempts averaged 23,000 daily, sometimes peaking as high as 60,000, from Russia, Vietnam, the UK and elsewhere around the world.

The point, Hiscox Head of Marketing and Partnerships Olivia Hendrick said in a statement, is to make “small businesses more aware of the very real threat that cybercrime poses and challenging the belief that cyber criminals only target larger organisations.

Read More….


View full post on National Cyber Security Ventures

Eight #cybersecurity tools your #healthcare facility needs #today

Source: National Cyber Security – Produced By Gregory Evans

As hackers become smarter and healthcare facilities rely more and more on the cloud and technology to share and store personal and sensitive information, we’ve seen an increase in security breaches in businesses across the country. In fact, the Identity Theft Resource Center found that breaches are up 25 percent this year.

Many companies are simply not investing enough in IT security, despite the obvious threats. The lack of investment in security infrastructure, professional services and employee training makes them extremely vulnerable. What’s more is that basic security features like firewalls and antivirus protection aren’t enough in today’s “smart” marketplace.

But where should businesses start if they want to avoid the repercussions of a major data breach? Here are 8 tools for businesses to consider to stay ahead of the game and help protect sensitive data and private information in 2018.

Microsoft EMET

Developed specifically for Windows (sorry, Mac users!), the Enhanced Mitigation Experience Toolkit is a tool to help keep a software’s vulnerabilities from being exploited by outside hackers. Often employees unaware of proper security protocols compromise a business’s security. This toolkit helps to prevent these leaks.


With the increase of sensitive data on the move, it’s important to protect the information stored on laptops, external hard drives and IoT devices. ExactTrak uses embedded security to take data protection beyond basic encryption. Both system- and Internet-independent, the technology works to protect information, even when devices are turned off.


Supported on Exchange Online, Office365, G Suite, and Exchange, MailControl works to protect email accounts from Spyware hidden in emails. Spymail can be used to track location, email open rates and browser information through metadata. MailControl works to detect remove and report spymail to protect customer’s private information and data.


If you’re a small business owner just dipping your toes into cybersecurity, and worried about making too large of an initial investment, Comodo is a great place to start. They offer multiple solutions, all either free or low cost, that meet the needs of different businesses. Some include malware prevention, IT management platforms, security for POS systems and SSL certificates.

Evident ID

If you operate a business that is responsible for handling other people’s personal data, you know the stress and risk that comes with the handling of secure data. There is also the added responsibility of organizing and managing this sensitive data. Evident ID serves business by taking them out of the middle of the process. Businesses are able to verify users’ and customers’ information with minimum disclosure, and minimize their security risks.


A recent cybersecurity concern for many businesses is a hacker’s use of ransomware, a malicious software that holds a computer system “hostage” until the ransom is paid.If Ransomware is a concern for you, Cryptostopper is a great line of defense. CryptoStopper uses Watcher Files to detect ransomware in real time and stop the software from running.

Lookout Mobile Security

If mobile security is your main concern, Lookout Mobile Security should be on your list. Lookout recognizes that there are multiple threats to mobile security, and uses 10 years of research to provide threat remediation and app security assessments.

The post Eight #cybersecurity tools your #healthcare facility needs #today appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How #Sutton’s #Law applies to #cybersecurity today

Source: National Cyber Security – Produced By Gregory Evans

How #Sutton’s #Law applies to #cybersecurity today

In my previous article, I raised a red flag about the diminishing practical returns of “mom and pop” threat research as a proxy for mitigating vulnerabilities and bad consequences. Threat assessment is often both difficult and incomplete, and sometimes best left to those who have timely access to the best possible data (and the even then, left to those with the military and intelligence means to act on it).

In that piece, I also begged an obvious question.

If chasing threats are not the best allocation of an organization’s security resources, what is? Where should we be focused and how can we best translate that attention to more effective—and efficient—cybersecurity?

Allow me to answer that with a brief portrait of a driven, iconoclastic, 20th century American financial entrepreneur named William Francis Sutton, Jr. Beginning in the early 1930s, Sutton began his extremely successful and profitable 40-year career—as a bank robber. Not only did his particular skill set net him an estimated $2 million and earn him the nicknames “Slick Willie” and “Willie the Actor,” his most famous insight also left us with a truism that is now referred to as “Sutton’s Law.”

Upon arrest, the legend goes, Sutton was asked by a newspaper reporter why he robbed all those banks. Sutton replied, “Because that’s where the money is.”

Which is why we should consider Sutton’s quote as particularly relevant to cybersecurity today: Why do threat actors go after cyber assets? Because that’s where the consequences of significance are.

From financial information and personal data, to access to trade secrets, customer information and patterns—data has become the most consequential asset for many organizations, and the most valuable target for threat actors. Whether their motive is financial gain or maliciousness, they are hoping for two things: easy access to what they are after and maximum impact for their efforts.

Which aligns directly to the cybersecurity risk paradigm: a triangle comprising and illustrating three components of risk: Threat, Vulnerability and Consequence. We have already established it is challenging for individual companies to accurately characterize threat, or successfully mitigate it even if characterized. That leaves Vulnerability and Consequence.

Vulnerability and Consequence are the two components of cybersecurity that organizations have the most control over and can most efficiently use to dramatically improve their level of protection.

Not necessarily in that order though—unfortunately, many organizations are not nearly focused enough on closing known vulnerabilities that allow breaches. I won’t name names here—any news site on any day will give plenty of examples, and many CISOs breathe silent sighs of relief that it’s not their turn today. It’s remarkable to think about how much damage can be prevented with just fundamental, basic security hygiene. Most people would be stunned at how much that inattention to vulnerability management is responsible for the data breaches we so often hear about.

That said—and for the sake of discussion, assuming basic hygiene protocols are indeed followed and signature-based blocking of known threats is employed—let’s apply Sutton’s quip of “that’s where the money is” to the most-overlooked aspect of cybersecurity risk: avoiding bad consequences.

We need to identify the most destructive potential results of a realized threat or exploited vulnerability, and engineer-out those consequences so they cannot happen or so the damage incurred is not as big if they do. Either can be effective threat mitigation—because threat actors will quickly conclude that their attempts require too much difficulty, or there would be little or no return on investment for their efforts even if they successfully penetrate a system.

Were he alive today, Willie would surely advise us: Don’t make it easy to get to the money, and don’t put the money all in one place. When we focus our attention on the things we can control—Vulnerabilities and Consequences —we create a dramatic increase in protection, and fully comply with Sutton’s Law.

Next time, we will use these principles to explore some fundamental best practices of cybersecurity—some obvious, some not and some controversial—that can greatly improve the security of any network.

The post How #Sutton’s #Law applies to #cybersecurity today appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Windows 10 users need to update their PC TODAY, or hackers could take control

Source: National Cyber Security – Produced By Gregory Evans

Windows 10 users at a risk from a “critical” vulnerability that lets cybercriminals take over their PCs, unless they update their computers now, Microsoft have patched dozens of major security vulnerabilities that affect all supported versions of Windows. One “critical” vulnerability enabled a hacker to exploit how Windows Search handles…

The post Windows 10 users need to update their PC TODAY, or hackers could take control appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

5 things marketers should do today to reduce their cybersecurity risk

5 things marketers should do today to reduce their cybersecurity riskSource: National Cyber Security – Produced By Gregory Evans RSA’s chief marketing officer talks about why marketers are now in the business of IT security and how to minimise risk in the face of digital marketing transformation Marketers must … The post 5 things marketers should do today to reduce their cybersecurity risk appeared first […]

The post 5 things marketers should do today to reduce their cybersecurity risk appeared first on

View full post on | Can You Be Hacked?

Preregister Today And Get Half Off!

Preregister Today And Get Half Off!

To Purchase This Product/Services, Go To The Store Link Above Or Go To Pre-register today and get $150 instead of $300. View full post on Cyber Security Ventures, Corp – Payments Processing

The post Preregister Today And Get Half Off! appeared first on .

View full post on

Pre-Register Today And Get 50% Off!

Pre-Register Today And Get 50% Off!

To Purchase This Product/Services, Go To The Store Link Above Or Go To View full post on

The post Pre-Register Today And Get 50% Off! appeared first on .

View full post on

Hacking a Celebrity’s Phone in the 1930s Was Actually Similar to Today


Source: National Cyber Security – Produced By Gregory Evans

Hacking a Celebrity’s Phone in the 1930s Was Actually Similar to Today

Myrna Loy was a huge movie star in the 1930s and 40s. She starred in classic films like The Thin Man (1934), Manhattan Melodrama (1934), and The Best Years of Our Lives (1946). Ed Sullivan crowned her “Queen of the Movies.” But celebrity always has a dark side. Loy was the focus of unwanted attention […]

The post Hacking a Celebrity’s Phone in the 1930s Was Actually Similar to Today appeared first on National Cyber Security.

View full post on National Cyber Security