Inside the Briefcase
CryptoWall 4.0 has been released that displays a redesigned ransom note, new filenames, and now encrypts a file’s name along with its data. We were alerted to this new variant by various members who have posted about being infected by what was being called the help_your_files ransomware. Once we were able to analyze a sample, though, it was quickly determined that this was in fact a new version of CryptoWall.
Before using any standard Internet service provider for e-mail (i.e., Gmail, AOL, Yahoo), you must agree to the site’s terms of use by clicking a seemingly innocuous “I Agree” button. Most users fail to actually read the terms and simply click the button without a second thought. Without knowing it, that simple act may be waiving an important Constitutional right toprivacy.
A cybersecurity breach can happen at any moment. That’s why it’s important for small and mid-sized businesses to take the time to assess and review their business continuity plan. For many, these plans will include disaster recovery solutions that prevent detrimental data loss if and/or when malware attacks their security. Small businesses are more attractive targets for cybercriminals because their data tends to be less secure.
National Cyber Security Awareness Month and Halloween are both in October. Coincidence? Maybe. But, executives do have a lot to fear when it comes to cyber security. While many executives and IT teams are working hard to keep the bad actors out, there are still A LOT of vulnerabilities out there dressed up as the good guys. Today many agencies are being fooled by cyber threats hiding in plain sight – disguised in Secure Sockets Layer (SSL) traffic.
In the last five years, Cloud hosts such as Amazon Web Services, Google, Microsoft, Box and Dropbox have become increasingly popular and cost effective for storing and sharing data. That said, data theft has never been greater with network and cloud security becoming more porous. As the need for information sharing increases, the network domain and cloud-based model become more inadequate.
Today’s IT Needs Heroes to Keep Sensitive Data Safe & Protected. Over 78% of data breaches occur from employee negligence or maliciousness according to a recent study.
As the new holiday cybercrime season rolls in, we wanted to take a look at the scams of yesteryear. These scams or variations of them will come back around, so it’s important for IT departments to give employees a refresher course on what to keep out for. It’s becoming more important as online shopping increases and much of that happens on work computers or the devices that employees use for office communication.
When it comes to both online and offline systems, many business owners know that it’s important to think seriously about the security of their company. However, a large number of business owners also often lack the funds or time needed in order to take the necessary steps to ensure that their systems are as secure as possible. The fact is, however, that security can be as costly or as inexpensive as you make it, and there are certainly a number of security related steps that you can implement into the running of your business without having to spend a lot of money. Here we have listed a number of cost-effective ways in which you can improve the security of your business both online and offline.
The Cyber Security for Healthcare Exchange is the premier platform for proactive CISOs to network, benchmark, and discuss innovative solutions. April 3rd – 5th, 2016 – Atlanta, GA
by Agathe Caffier, DMIThese days, there’s just no telling who’s accessing your data. It could be a social network, an ad retargeting campaign, or even a cyber criminal who’s bought your private information on the dark Web. Read More >>>
Daniel Joseph Barry, NapatechIn this interview, Dan Joe Barry speaks with IT Briefcase about the results of a recent Heavy Reading survey of communications service provider (CSP) and network equipment provider (NEP) registrants regarding the current use of both traditional hardware and virtualized network appliances. Read More >>>
Fewer than half of all payment cards and PoS terminals in the US are currently EMV-ready. Moreover, US merchants and card issuers have been slow to migrate to the new technology. In the wake of EMV’s worldwide implementation, a wave of technologies – including near-field communication (NFC), tokenization and cloud-based wallets – is having an accelerating impact on the industry.
The internet has made positive changes in people’s loves but security risks have been a major threat to personal and financial privacy. Restricting your exposure online is necessary for ensuring that unknown people do not access or steal your data.
The Christmas shopping rush is soon upon us and the only thing we can be certain of, is that online shopping of gifts will continue to increase. But also that many e-customers will be disappointed with their online shopping experiences. “Response time is money”, claims Sven Hammar, CEO of Apica, a company offering solutions for testing, monitoring, and optimizing the performance of cloud and mobile applications like e-commerce platforms.
by Rob Quiros, SohaAs the move to hybrid cloud infrastructure causes the Internet and corporate network to meld, enterprises need a new approach to ensure all of their applications and network resources remain secure. But that is easier said than done, since traditional network perimeters and VPNs simply don’t work in this new cloud-based environment. Read More >>>
Technology is very much a part of our everyday lives. From smart watches to desktop computers, technology, and specifically the Internet has connected us to information in a way that many never thought possible. However, despite the overwhelming positives of the Internet, it has seen the way in which criminals act change as well. Hackers dedicate endless amounts of time to steal payment and personal information from Internet users and if you don’t have the necessary security on your system you could well see your world turned upside down due to cyber fraud.
Attacks on business computers and data are more prevalent today than a few years ago. Hackers can use malicious software embedded in emails, websites and downloadable files to infect your computer, or to steal valuable financial information, business records, and research data. Therefore, protecting your companies network, computers, and mobile devices must be a top priority. Here are some things you can do to shield your business from hackers and malicious software.
In this webcast, authentication and fraud experts from Gartner and Verint Systems discuss passive authentication for the contact center.
It is one thing to create a fully-functional, attractively designed and easy-to-use website for your business. However, if you’ve done this, it’s important to note that the work does not stop there. Maintaining your website and ensuring that it is secure should be a top priority, more so if you run an online store where customers can enter their personal information and banking details. Even if your website is simple or ‘static’, it’s still crucial that it is properly updated and maintained and that the security is kept up to date in order to protect yourself and your visitors from hackers and malicious malware. Read on to learn more about the importance of developing and maintaining a secure business website.
Is the FTC now going to sue the Pentagon because they did not protect consumer information? Hackers infiltrated the Pentagon food court’s computer system, compromising the credit and debit card info of an unknown number of employees. Lt. Col. Tom Crosson, a Defense Department spokesman, said on Tuesday that employees were notified that hackers may have stolen bank account information from people who paid for concessions at the Pentagon with a credit or debit card.
Criminals are using fake domains and emails to pose as CEOs, and convince employees to send them money, in some cases millions of dollars. The FBI calls this scam business email compromise (BEC), or CEO fraud. In January 2015, the FBI warned that cyber thieves stole nearly $215 million from businesses in the previous 14 months through such scams, which start when crooks spoof or hijack the email accounts of business executives or employees.
Tales of cyberespionage pervade mainstream media with new breaches being reported almost weekly. While cyberwarfare is a reality, sometimes the biggest breaches are not the work of spy agencies, organized crime syndicates or even sophisticated hackers, but rather the act of a former employee or business competitor. Today’s IT departments need not be on the look out for James Bond – it’s James the disgruntled former product manager with an axe to grind that they should be concerned with.
The identity and access management (IAM) industry is currently one the fastest growing IT sectors with more than a 500 percent growth expected by the start of the next decade. This market expansion will likely remain steady as companies of all sizes, from small startups to large enterprise entities, are seeing and experiencing the benefits of these solutions. The (obvious) return on investment is evident, they are finding, and those from all industries including healthcare, education, the financial sector, government agencies, manufacturing and others, to name a few.
September is National Preparedness Month, which in part, is designed to help businesses plan for and protect against natural or human-caused disasters. Certainly, CISOs and information security pros working in the healthcare industry know that the importance of preparedness extends to the management and security of networks, systems and assets. Aggressive cloud adoption in the U.S., in particular, requires awareness of a specific set of challenges and opportunities in order to build a secure and resilient cloud program.
Expedient’s new guide, 6 Steps to Disaster Recovery Preparedness, outlines key ways that IT leaders can prepare for a disaster before it strikes. More than 70 percent of companies are not currently confident in their ability to restore data in the case of an outage. Collectively, companies cited $754 billion in data loss and $954 billion in downtime in 2014. Are you really ready for disaster recovery?
When we outsource any aspect of our business we are naturally reducing our own control over the outcome and with electronic data our exposure comes from two distinct angles. First, we are putting our trust in people who are not direct employees of our company and we are allowing more individuals access to our business systems. Second, we will often store data off-site on hardware which we do not have direct control over in terms of security.
The SANS Institute recently released its latest report, “Insider Threats and the Need for Fast and Directed Response[1],” based on responses from more than 770 IT/security professionals in a range of industries. The report makes the case that although external attacks have been getting more press, attacks from within often cause the most damage: insiders typically have unfettered access to sensitive data—and with most companies not set up to detect such attacks, they can continue undetected for long periods of time, doing significant damage.
Researchers have detected Russian hackers operating in plain sight using the cover of legitimate services including Twitter, Github and cloud storage services to steal data from organizations during the work day. Recently, a cyber gang known as APT29 created malware called Hammertoss which is very hard to detect. Using a variety of Twitter handles daily, they are able to send commands to infected machines using images embedded with encrypted command information, these commands allow them to upload the stolen information to cloud storage services. They also infect legitimate web servers and usethem as part of their command and control infrastructure.
Perhaps the most valuable thing about your computer is the data and files that you have saved on it. After all, the main reason for having your PC or laptop is in order to store the data that is on it, and it’s the main priority for putting a protective strategy in place, such as anti-virus software. Whilst operating systems and downloadable software can always be re-downloaded or re-installed, unique, user created data has the potential to be lost forever. Let’s look at some simple steps that can be taken in order to protect your computer or laptop from data loss.
with Israel Lifshitz, NuboIf you’ve been tracking the evolution of our BYOD work culture, you’ll know that most enterprises are at some stage of getting a grip on a myriad of issues, including employee adoption, compliance, Shadow IT and user privacy just to name a few. Read More >>>
