Today

now browsing by tag

 
 

#sextrafficking | Serial’s Sarah Koenig Visits Virtually with CGS Freshmen | BU Today | #tinder | #pof | #match | romancescams | #scams

If you’re interested in podcasting, who better to hear from than the cocreator and host of the mega hit Serial? Students in a College of General Studies freshman cohort, some […] View full post on National Cyber Security

#cyberfraud | #cybercriminals | Cyber Security Today – Oscar movie scams, and make sure you update these products

Source: National Cyber Security – Produced By Gregory Evans Movie scams, and make sure you update Windows, WhatsApp and Cisco products Welcome to Cyber Security Today. It’s Friday February 7th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com. To hear the podcast click on the arrow below:    On Monday’s podcast I warned […] View full post on AmIHackerProof.com

#deepweb | Powerless Again: Etseri, Svaneti – Georgia Today on the Web

Source: National Cyber Security – Produced By Gregory Evans BLOG Do you KNOW what it’s like, dear reader, when the electricity goes off? Several times a month if you’re lucky, up to several times a day if not? You’re trying to run a guest house. It’s winter, and you’re not in Mestia or Ushguli, so […] View full post on AmIHackerProof.com

Windows 7 computers will no longer be patched after today – Naked Security

Source: National Cyber Security – Produced By Gregory Evans Do you know what you were doing 3736 days ago? We do! (To be clear, lest that sound creepy, we know what we were doing, not what you were doing.) Admittedly, we didn’t remember all on our own – we needed the inexorable memory of the […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | How to Really ‘Own IT’ for National Cybersecurity Awareness Month – Homeland Security Today

Source: National Cyber Security – Produced By Gregory Evans

National Cybersecurity Awareness Month (NCSAM) is in its 16th year. The theme for 2019 – Own IT. Secure IT. Protect IT. – is focused on encouraging personal accountability and proactive behavior in security best practices and digital privacy. Considering that individually we are picking up our smartphones on average of 77 times a day and spending nearly 12 hours a day in front of a screen, the digital lines between work and personal lives are all but gone. With nearly every facet of our lives impacted by what we do online, NCSAM calls to action this year include:

  • Own IT. If you are reading this, you are using a digital device. Whether you own the device or not, we are all responsible for how we use them – from the data they store and transmit to the information we post online about ourselves and others, or share with other third parties. We are all responsible for our digital footprints, including the data apps collect and transmit from these devices.
  • Secure IT. If you own it, you must secure it, from strong credentials (unique usernames, passwords/passphrases, and multifactor authentication) to physical access. This includes securing computers, laptops, tablets, smartphones, apps, and website logins.
  • Protect IT. If you own it, you must protect it with security updates and safe browsing practices. Stored information, including personal and customer/consumer data that you gather from others, must also be protected. Every organization has a duty to safeguard the confidentiality, integrity, and availability of data obtained from other persons.

Struggle with Passwords Continues

After all of these years, we are still terrible at creating and managing passwords. Year after year the most commonly used (and breached) passwords still include – you got it – ‘password’ and ‘12345678.’ Variations like ‘p@$$w0rd’ are not any better as they contain common substitutions such as ‘@’ for ‘a,’ etc. Given these shortcomings, password hygiene is a leading topic any time of year, but as National Cybersecurity Awareness Month continues it is a good time for another reminder for organizations to do better at helping employees improve password management.

It is no secret that passwords alone are not the best method to safeguard our digital assets, especially weak passwords. Password security firm LastPass recently published its 3rd Annual Global Password Security Report, which highlights how employees’ continued poor password habits weaken the overall organizational security posture. To affect positive password changes, it is up to organizations to take action to improve password hygiene. Read on for three simple and effective low-cost and no-cost solutions companies and their employees should apply today to start improving overall security and reduce risk posed from stolen passwords.

Longer Passwords Take Longer to Crack

Enforcing the use of longer passwords or passphrases can go a long way. Depending on computing power (and other factors), it could take approximately 23 seconds to crack ‘football1’ (or similar) vs. over 10,000 centuries to crack ‘R73&nebp@98backyard45’ or ‘tHe!weatheriscoLd67outside?’. In addition to making passwords longer, not reusing them across multiple sites and services cannot be overstated. Even if a password is stolen, if it is only used for a single site or service, cyber thieves can only potentially compromise that single account, not the entire kingdom.

Passwords Aren’t Perfect, but MFA Could Save the Day

Adding multifactor authentication (MFA) is another quick win. MFA does not guarantee an account will not be compromised, but it does significantly reduce that likelihood. Authenticator apps like Duo, Authy, and Google Authenticator provide low-cost, no-cost, hassle-free options to add an additional layer of security to the authentication process. This extra step reduces the risk a malicious attacker would be able to successfully log in and compromise valuable accounts, even with a stolen password.

The “Problem” with Password Managers

Password managers store passwords and create strong (and long) passwords so you do not have to – what’s wrong with that? Skeptical about password managers? Password managers don’t have to be perfect, they just have to be better than not having one, says cybersecurity expert Troy Hunt (founder of haveibeenpwned). Other quips by Troy: The only secure password is the one you can’t remember, and when accounts are “hacked” due to poor passwords, victims must share the blame. There are several reputable password managers to choose from, but if you are looking for “go here, do this” for picking a “good” one, check out Troy’s post on why he partnered with 1Password. On a final note, the aforementioned LastPass Global Security Report found that password manager adoption increases when it is convenient. If employees can access and use password managers from their smartphone or other device of their choice, they are more likely to use it. So, what IS the “problem” with password managers? They simply are not used enough.

Cybersecurity Awareness All Year

While October is designated NCSAM, cybersecurity awareness is far from a once-a-year activity. NCSAM materials provide proactive awareness content to use throughout the year. So, while you are sipping that long-awaited (or 100th) pumpkin spice latte, review NCSAM materials for tips, resources, webinars, and workshops. In addition, it is not too late to demonstrate your cybersecurity awareness commitment by becoming an NCSAM Champion. Some of the best NCSAM Champions come from the information-sharing community – WaterISAC, Research & Education Networks ISAC (REN-ISAC), Information Technology ISAC (IT-ISAC), Retail & Hospitality ISAC (RH-ISAC), National Council of ISACs (NCI), Faith-Based ISAO (FB-ISAO), InfraGardNCR, and InfraGard Los Angeles – and they are ensuring organizations and consumers have the resources to stay safer and more secure online. Follow #BeCyberSmart and #CyberAware on social media for great security awareness tips from the NCSAM Champions and others.

Finally, NCSAM is a great time to bolster or jump-start your cybersecurity awareness program. Interested in a ready-made program to plug into your organization? The Cyber Readiness Institute (CRI) may have just the program! Founded by the CEOs of Mastercard, Microsoft, the Center for Global Enterprise, and PSP Partners, CRI’s Cyber Readiness Program is a no-cost, practical, step-by-step guide to help small- and medium-sized enterprises become cyber ready. Completing the program will help make your organization safer, more secure, and stronger in the face of cyber threats.

15 Steps to Keep Foes from Hacking and Hurting Our Water Infrastructure

(Visited 50 times, 1 visits today)

Source link

The post #nationalcybersecuritymonth | How to Really ‘Own IT’ for National Cybersecurity Awareness Month – Homeland Security Today appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Security and Privacy Experts on Cybersecurity Threats | BU Today

Source: National Cyber Security – Produced By Gregory Evans Approximately 70 percent of Americans use social media to connect with one another, engage with news content, and share information. Most users access social media platforms and consume content on their smartphone, just one of the many smart devices we use to monitor our health, fitness, […] View full post on AmIHackerProof.com

#cybersecurity | Cyber Security Today – Stalkerware and ransomware increasing, password advice and updates to watch for

Source: National Cyber Security – Produced By Gregory Evans

Stalkerware and ransomware increasing, password advice and updates to watch for.

Welcome to Cyber Security Today. It’s Friday October 4th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

A few months ago I warned about stalkerware, which are apps installed on a smartphone or tablet that lets another person keep an eye on what you’re doing. Usually this app gets installed when you’re not looking by a spouse, lover or friend who has access to your device. This is not a parental control app a parent installs on a child’s device. This is is an illegal snooping app. This week security vendor Kaspersky put out some numbers that may give an idea of how common their use is, based on the number of detections from its security software. In the first eight months of the year there were more than 518,000 cases where the software either registered the presence of stalkerware on users’ devices or detected an attempt to install it. And remember, that number is only for devices that use Kaspersky software. Huge numbers of people either don’t use antivirus software on their mobile devices, or use another brand. Some of these apps hide themselves on devices, so victims don’t know its there. Stalkerware has to be installed directly by someone. So think twice before letting a friend, or someone closer, use your phone.

As I mentioned on Wednesday, this is Cyber Security Awareness Month. As part of that Google released a public opinion poll that, if representative, shows a lot of Americans aren’t cyber aware. Twenty-four per cent of respondents said they use weak passwords like “admin” and “1234.” Fifty-nine per cent have used a name or birthday in an online password. Many people must know others use weak passwords because 27 per cent of respondents say they’ve tried to guess someone else’s password — and of those 17 per said they guess right. Well, if you can guess right, so can criminals. Look, it isn’t easy to have to remember lots of passwords. That’s why there are password managers. Google has one it just improved, which is why it released the survey. There are lots of password managers. Go online, do a search, use one of them.

The FBI this week issued a reminder to organizations that ransomware is crippling those who aren’t prepared. The latest hit were three rural hospitals in the same group in Alabama. For a time new patients had to be sent to Birmingham. Last week a major hospital in downtown Toronto was hit. The FBI urges organizations to regularly back up their data and verify its integrity. Ensure backups can’t be infected by being connected to live networks. Focus on employee awareness and training to recognize suspicious email. And make sure all software gets security patches as soon as they are available.

Finally, some product updates to watch for: If you use WhatsApp on an Android device running version 9 or 8 of the operating system, make sure you upgrade to the latest version of WhatsApp. There’s a serious bug that could let a hacker into your device by sending you a repeating video called a GIF. Like one of those videos of a cat doing something silly.

And Microsoft has put out another Windows update to fix a printing problem. This patch is to fix ones that were issued over a week ago. It also updates Internet Explorer.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.


Related Download
Sponsor: CanadianCIO


Cybersecurity Conversations with your Board – A Survival Guide

A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now

Source link

The post #cybersecurity | Cyber Security Today – Stalkerware and ransomware increasing, password advice and updates to watch for appeared first on National Cyber Security.

View full post on National Cyber Security

#Cyber #Security Today: Jan. 7, 2019 — #iPhone call #scam, Germans #hacked and Android #spyware

Watch out for this iPhone call scam, prominent Germans hacked, Android spyware found and an Acrobat update.

Apple iPhone users should be on the lookout for a phone phishing scam. According to security writer Brian Krebs, it works like this: You get a call and when you look at the phone’s screen to see who it is, the Apple logo, real phone number and real address is displayed. The target in this case didn’t answer the call so a message was left asking her to call a 1-866 number. It probably led to a scammer who would have asked for personal information. So iPhone users, ignore calls purporting to be from Apple. Apple won’t phone you. And for those who use other phones, hang up on anyone who tries to get personal information or passwords.

Hackers somehow have gotten access to private emails, memos and financial information of hundreds of German politicians, reporters, comedians and artists. The information was then published through a Twitter account. At this point no one knows if this was the work of a mischievous activist or a foreign country, or exactly how it was done. But British security writer Graham Cluley suspects victims fell for a phishing lure and gave away a password to one of their email or social media accounts. The hacker then went from there. Victims may have also used the same password for different accounts, which also makes a hacker’s job easier. If so, it’s another example of why you shouldn’t use the same password on more than one site, and, where possible enable two-factor authentication to make sure someone else can’t log into your account. Two factor authentication usually sends a six-digit number to your smart phone that you have to enter in addition to your password. Check your applications’ settings to see if you have it.

UPDATE: According to the Associated Press, a popular German YouTube contributor who was victimized said the perpetrator somehow first gained access to his email account and then convinced Twitter to disable a second security check — presumably two-factor authentication — required to take control of his account on the social networking site.

Twitter didn’t immediately respond to a request for comment and it wasn’t clear how many of those affected by the leak had such “two-factor authentication” enabled for their email or social media accounts, and whether the hacker similarly managed to bypass it.

As hard as Google tries to keep malware out of the Google Play store, criminals manage to find ways to evade detection. Trend Micro reports it discovered spyware hidden in six seemingly legitimate Android applications including a game called Flappy Bird, a presumably copycat called Flappy Birr Dog, FlashLight, Win7Launcher and others. All have been removed from the app store. The spyware would have stolen information like user location, text messages, contact lists and device information as well as try to phish for passwords. Owners of any computing device have to be cautious when deciding what to download, advises Trend Micro.

Finally, Adobe usually issues security updates on the second Tuesday of the month, which is tomorrow. However, it has already issued an emergency patch for Acrobat and Acrobat Reader. So if you use either of these applications check you have the latest versions.

 

Source: https://www.itworldcanada.com/article/cyber-security-today-jan-7-2019-iphone-call-scam-germans-hacked-and-android-spyware/413736

 

 

View full post on National Cyber Security

Digital #billboards in the #UK will today start #showing #hacking #attempts

Source: National Cyber Security News

The campaign, sponsored by an insurance company, intends to demonstrate how often hacking attempts are made on a typical small business site.

A variety of recent campaigns have employed digital billboards to show imagery in response to data from weather, traffic conditions, social posts from passersby and commute times.

Today, a new week-long campaign launches in the UK: Dozens of digital displays will demonstrate the frequency of hacking attempts on a typical small business’s website.

Called the Honeypot Poster by campaign sponsor Hiscox insurance, the displays show dots that demonstrate live hacking attempts on custom, “honeypot” proxy servers of the sort that might host a typical small business website, except there was no virus or firewall protection. The servers hold some data but no personal or sensitive info.

The displays show changing dots inside the words “Cyber Attack,” with each dot representing a hacking attempt and a numerical counter showing the daily attacks thus far. During the trial period for the campaign, the hacking attempts averaged 23,000 daily, sometimes peaking as high as 60,000, from Russia, Vietnam, the UK and elsewhere around the world.

The point, Hiscox Head of Marketing and Partnerships Olivia Hendrick said in a statement, is to make “small businesses more aware of the very real threat that cybercrime poses and challenging the belief that cyber criminals only target larger organisations.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Eight #cybersecurity tools your #healthcare facility needs #today

Source: National Cyber Security – Produced By Gregory Evans

As hackers become smarter and healthcare facilities rely more and more on the cloud and technology to share and store personal and sensitive information, we’ve seen an increase in security breaches in businesses across the country. In fact, the Identity Theft Resource Center found that breaches are up 25 percent this year.

Many companies are simply not investing enough in IT security, despite the obvious threats. The lack of investment in security infrastructure, professional services and employee training makes them extremely vulnerable. What’s more is that basic security features like firewalls and antivirus protection aren’t enough in today’s “smart” marketplace.

But where should businesses start if they want to avoid the repercussions of a major data breach? Here are 8 tools for businesses to consider to stay ahead of the game and help protect sensitive data and private information in 2018.

Microsoft EMET

Developed specifically for Windows (sorry, Mac users!), the Enhanced Mitigation Experience Toolkit is a tool to help keep a software’s vulnerabilities from being exploited by outside hackers. Often employees unaware of proper security protocols compromise a business’s security. This toolkit helps to prevent these leaks.

ExactTrak

With the increase of sensitive data on the move, it’s important to protect the information stored on laptops, external hard drives and IoT devices. ExactTrak uses embedded security to take data protection beyond basic encryption. Both system- and Internet-independent, the technology works to protect information, even when devices are turned off.

MailControl

Supported on Exchange Online, Office365, G Suite, and Exchange, MailControl works to protect email accounts from Spyware hidden in emails. Spymail can be used to track location, email open rates and browser information through metadata. MailControl works to detect remove and report spymail to protect customer’s private information and data.

Comodo

If you’re a small business owner just dipping your toes into cybersecurity, and worried about making too large of an initial investment, Comodo is a great place to start. They offer multiple solutions, all either free or low cost, that meet the needs of different businesses. Some include malware prevention, IT management platforms, security for POS systems and SSL certificates.

Evident ID

If you operate a business that is responsible for handling other people’s personal data, you know the stress and risk that comes with the handling of secure data. There is also the added responsibility of organizing and managing this sensitive data. Evident ID serves business by taking them out of the middle of the process. Businesses are able to verify users’ and customers’ information with minimum disclosure, and minimize their security risks.

CryptoStopper

A recent cybersecurity concern for many businesses is a hacker’s use of ransomware, a malicious software that holds a computer system “hostage” until the ransom is paid.If Ransomware is a concern for you, Cryptostopper is a great line of defense. CryptoStopper uses Watcher Files to detect ransomware in real time and stop the software from running.

Lookout Mobile Security

If mobile security is your main concern, Lookout Mobile Security should be on your list. Lookout recognizes that there are multiple threats to mobile security, and uses 10 years of research to provide threat remediation and app security assessments.

The post Eight #cybersecurity tools your #healthcare facility needs #today appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures