Businesses need to take security into account and make it a priority. In fact, security is so important that Verizon has compiled a report of the various types of attacks and data breaches that occurred in the past year. This is Verizon’s Data Breach Investigations Report, or DBIR, and it offers insights into how you can protect your business and secure your assets.
k_Street Consulting, LLC Blog
There’s a new augmented reality game on the market these days. Perhaps you’ve heard of it - a title called Pokemon Go, which lets you capture virtual monsters that “appear” on your smartphone’s camera. However, hackers have seized this opportunity to infect players’ mobile devices with a backdoor called DroidJack, which uses the mobile app’s immense popularity to its advantage.
“What’re you in for?” a prison inmate asks. “I shared my Netflix password with my sister,” you say. This conversation might be absurd, but according to a recent ruling in accordance with the Computer Fraud and Abuse Act, it’s one that could actually happen. Now, sharing your Netflix password to let someone catch up on their favorite TV show can be considered a federal offense.
A vulnerability has been discovered that affects all versions of Microsoft’s Windows operating system, including the long-unsupported Windows XP, going all the way back to Windows 95. The vulnerability, called BadTunnel, allows attackers to directly bypass system defenses and initiate a man-in-the-middle attack. The vulnerability isn’t limited to just Windows, either; it also affects Internet Explorer, Edge, and other Microsoft software.
When it comes to cybersecurity, maintenance is key. Whether you choose human-based security or an automated security solution, running into shortcomings is still possible. Human security tends to rely on the word of experts, and anything that doesn’t fit into the guidelines is missed and may therefore get through and wreak havoc. Network security can be a touch overzealous, in a way “crying wolf,” with an excess of false positives that ultimately require human analysis, leading to human frustration.
We often talk about how important it is that your business use the most recent and up-to-date versions of your software solutions, but it’s not often that we get to say that people using Internet Explorer 11 have the right idea. As it turns out, nearly a quarter of all Windows PCs are still using unsupported versions of Internet Explorer, with half of them being found on computers still running Windows XP. What has this world come to?
Hackers have proven to be a crafty and suspicious lot, and can take advantage of even the most benign technology to infiltrate networks. However, we don’t often associate them with objects in the physical world. Now, even something as simple as a decade-old communications device can be used to open the right garage doors.
With approximately 5.5 million new devices being connected to the Internet everyday, the Internet of Things presents the biggest security challenge to date for IT professionals. Essentially, an IoT device that’s not secured can easily fall prey to hackers, and with so many different devices being connected, it’s easy to overlook a device or two, like your security cameras.
The Internet of Things is practically omnipresent in today’s environment, and many commercial products not only connect to the Internet, but they also come with an app. Due to this type of integration growing more popular, the world is starting to see Internet-connected products that really don’t have much to gain from their connectivity.
The fact that so many businesses are rushing to take advantage of two-factor authentication displays how the password has lost its edge as a security credential. Passwords simply aren’t good enough anymore, and hackers are always finding ways to crack even the most complex passwords. This is why many businesses are looking to improve security through alternative means.
The average small and medium-sized business has trouble with the implementation of comprehensive IT solutions, mainly due to these organizations having fewer resources to allocate towards these solutions. This often leads to end-users implementing their own solutions, which can be dangerous under the wrong circumstances. By allowing this “shadow IT” to run rampant in your office, you’re putting business continuity, data storage compliance, and security on the line.
Direct denial of service attacks are a major problem for businesses. On one hand, they’re difficult to prevent entirely, incredibly annoying, and costly. Hackers are realizing just how annoying DDoS attacks can be, and are capitalizing on them in order to both make a quick buck, and to take jabs at organizations that aren’t necessarily doing anything wrong.
Cloud computing started out as a trend, but it’s become a staple in the modern business environment. A recent poll of IT and business executives by Harvard Business Review and Verizon shows that 84 percent of respondents have increased their use of cloud services in the past year, 39 percent of which “increased significantly.” The issue that comes from such an increase is the idea of employees accessing information that they aren’t supposed to.
Password security is quite the conundrum. We want our passwords to be easy to remember, but the problem is that passwords that are easy to remember are often simple and insecure. Therefore, it becomes a best practice to use complicated passwords with both upper and lower-case letters, numbers, and symbols to compensate. The “passpoem” might resolve this issue in the most obvious way.
Requesting a ransom from victims is an unfortunate trend gaining momentum in the hacking world. This is typically done using ransomware (where hackers encrypt data and request money for the key) and distributed denial of service attacks (where hackers threaten to overwhelm a system with traffic, thus knocking it offline). In both scenarios, hackers are looking for the victim to pay up, or else. Should they?
These days, mobile exploits aren’t anything to be surprised about. Most people consider their smartphones to be more secure than their desktops or laptops, but the fact remains that there are just as many exploits, if not more, for mobile devices as there are for PCs. One of the latest mobile threats that can infiltrate your iPhone or Android device takes advantage of Siri and Google Now.
With new threats emerging all of the time, it’s no wonder that cybersecurity is such a major part of any technological endeavor. Your should be using the most powerful security solutions on the market in order to avoid intensive hacks. Despite the emphasis that our society places on security, it takes a high-notoriety hack to truly shake the public into action; for example, what if the Central Intelligence Agency were hacked by a teenager?
Attention people of the Internet, October is Cyber Security Month! Make sure that you share this information with everyone on the Internet that you know. In a situation like this, sharing content with everyone to raise awareness of a worthy cause is perfectly fine. Although, what’s not alright is the sharing of your personal information online.
With social media playing such an important role in everyone’s day-to-day lives, one has to wonder to what degree this affects the security of online accounts and profiles. Social media might have revolutionized the way we communicate with others, but it’s also revolutionized the way that hackers stalk their victims. How vulnerable are you and the people you love when it comes to your Facebook settings?
Can you believe it’s already been two years since Cryptolocker, a particularly nasty strain of ransomware, was released into the online environment? By encrypting files on a victim’s computer, and forcing them to pay a fee for their safe return, Cryptolocker has been a significant threat to both business and personal environments. Now, however, a particular strain of Cryptolocker is making gamers look like cybersecurity rookies.
Spam emails often contain viruses leading to any number of potentially threatening situations for your company’s network. Therefore, it’s essential that your network has a security solution in place that acts as a sort of virtual sheriff, blocking malicious messages from accessing your network, while granting passage to the good guys.
Any user of technology knows that it’s important to optimize security on all fronts of your business. The only problem with this is that passwords aren’t as secure as they used to be. Many businesses have moved in the direction of two-factor authentication, which requires a secondary credential in order to access an account. Did you know there’s a security method that uses your mouse’s behavior to authorize your login?
As a business professional, you have a responsibility to ensure that your company’s network and data is protected from hacking attacks. It can be difficult to remember to take all of the necessary precautions, but with our help, you can easily outline all of the measures that should be taken to maximize security for corporate data.
You might recall how the Silk Road, an illegal online drug market, was recently shut down. Similar to the Silk Road, there’s another distributor of sensitive information out there; this one dealing with zero-day vulnerabilities. These types of cyber threats sell for top-dollar, and hackers are willing to pay in order to access your network.
The nature of hacking is to take advantage of weak points and exploit them for some kind of profit. This is usually seen in flaws or vulnerabilities found within the code of a program or operating system, but these flaws can be psychological, too. Hackers are increasingly taking advantage of a concept known as “social engineering” to fool users into handing over sensitive information that can be used against them.
You might be aware that some websites collect personal data from you depending on your mobile device’s location, your browsing history, and several other factors. This information is generally used for marketing, but it could have unforeseen effects on the way you browse the Internet. It can be fairly revealing about your personality, or possibly even incriminating. Therefore, you should be aware of how this personal information is gathered from you without you even knowing it.
Hackers make life difficult for even the most innocent Internet user, and it’s all thanks to a nasty little trick called reverse-engineering. This is when a hacker picks apart the code that makes up a program, then scans it for vulnerabilities or exploitations. A new type of security measure is being developed to protect against the reverse-engineering of software.
There are a lot of different threats out there: Viruses, malware, spyware, adware, the list goes on. While all of these threats are certainly problematic, some are more dangerous than others. In particular, advanced malware can be exceptionally devastating if they manage to inflict damage on your technology.
One of the most publicized hacks we have seen is last December’s breach of Sony Pictures Entertainment by the Guardians of Peace. In addition to the hackers exposing Sony’s budget, plans for layoffs, and 3,800 SSNs, they leaked personal emails from company executives. This incident should make every business owner a little nervous.
Is the password an outdated type of security measure? This question seems to be getting asked around quite a bit, especially with more powerful threats loose all over the Internet. Unfortunately, the fault in passwords generally lies in the fact that humans generally don’t pick passwords that are secure enough. Thanks to a new method called “spaced repetition,” it seems there might be some hope left for the password after all.
Malware often takes the form of certain unrecognizable web entities, which can make detecting threats tricky at times. New features in popular web browsers, most notably Google Chrome, are making progress toward identifying these threats before they cause your business harm. Chrome’s “Safe Browsing” feature is a good tool to augment your current network security practices.
Technology plays a crucial role in the healthcare industry, and thanks to the Health Information Technology for Economic and Clinical Health Act (HITECH), healthcare providers and insurance companies in the United States have to abide by a specific set of regulations when it comes to handling patient data.
After a long 19 years, a critical vulnerability found in the Windows series of operating systems has been patched. IBM informed Microsoft of the flaw back in May 2014. The flaw, which allows for remote code execution via a packet to a Windows server, is found in every Windows operating system since Windows 95.
Passwords are slowly becoming obsolete in the face of more powerful security solutions. This is especially true considering how a hacker can input millions of characters every second in an attempt to break into your account and unleash who knows what into your business’s network. While using a password is still a good idea, professionals are working tirelessly to bring the new face of two-factor authentication to light.
Naturally, if you saw your lamp levitate, you would believe it to be the work of a ghoul and you would cry out in terror. What then would you believe if you saw your PC’s cursor begin to move on its own? In a spooky scenario like this, your computer isn’t haunted. It’s hacked. In the real world, the latter is the scarier of the two.
Sometimes it seems like the Internet is plotting against you, and nothing is safe, ever. Even if you don't have any thugs waiting to steal your data, there are hackers - thieves - who will steal it anyway, waiting to take it when you least expect it. One of the most secure ways to protect your company's digital assets is to enact a "zero trust" policy for your network.
A cyber espionage campaign called "Sandworm" has been discovered recently. The hacking attack, said to be based in Russia, has been targeting government leaders and organizations since as early as 2009. The researchers responsible for the discovery, iSight Partners, came to this conclusion after examining the code used in the campaign.
In a survey by Cyber-Ark, close to half of employees interviewed admitted that if they were fired tomorrow, they would take with them their former company's proprietary data. This is a shocking revelation considering how much you trust your current staff, maybe even to the point of referring to them as "family." What can you do to protect your business from a former employee with ill intentions?
We've got yet another major data breach to report that affects millions of users, this one of a very personal nature. This week, it was revealed that Chinese hackers compromised 4.5 million medical records from Community Health Systems, a hospital network with 206 facilities in the United States. Ask your doctor today if identity theft prevention is right for you.
Yes, you read that title right. If your WiFi isn't protected, you can be hacked by the furry little creature that wanders around your backyard when you're not home. Coco, a Siamese cat from Washington, D.C., was able to discover dozens of weak or unprotected WiFi networks in his neighborhood with his high-tech collar.
Your office is likely full-to-bursting with devices utilizing USB technology. It's been a popular way to connect external devices to PCs since the 1.1 version was released in 1998. However, it may be the technology's popularity that will cause its downfall as hackers develop ways to use the device to their advantage.
All of the recent vulnerabilities and bugs over the past few months, such as Heartbleed, GameOver Zeus, and the zero-day Internet Explorer vulnerability have many people thinking - just how strong is antivirus in the face of such threats? Symantec told The Wall Street Journal their opinion on the subject: Antivirus is "dead."
Smartphone users routinely cycle out their old device for a new one every two years or so. When it's time to upgrade, many users see an opportunity to sell their old phone for extra cash. However, a device that's improperly wiped of its data could lead to identity theft if the data is recovered by the new owner.
On Saturday, July 21st 2014, the Hackers on Planet Earth (HOPE) conference took place in New York City. It's a place where hackers discuss ways to improve the society in which we live. One of the more controversial panelists, Edward Snowden, has suggested hackers pool their efforts into creating anti-surveillance technology to decrease government espionage.
When it comes to hackers, they are shrouded in darkness and treachery. They lurk in the shadows, waiting for us to make a mistake and to steal our life savings, or other equally nefarious things. But there are a few assumptions that they make concerning their prey, and they wish to hide these from us at all costs.