Company News

09-29-16

A Massive Wave of Cybercrime Coming

TMCnet

Get ready for biggest year yet in cybercrime. We have learned over the last few years that hackers have honed their penetration skills to the point that any targeted company can easily become a victim. Most business owners have accepted that being connected to the Internet means that they can and probably will be compromised regardless of the defensive measures taken. It is more than just a game of probability. Every company in every country that is connected to the Internet will definitely get compromised but, how, when and what will be taken is the big question. Today, it seems that most business owners are willing to take the chance and they probably have to in order to stay competitive.

09-28-16

The companies you trust are stealing from you

BrightTALK

With the recent formal notice to Microsoft by France’s National Data Protection Commission (CNIL), it is apparent that Microsoft is taking too many liberties with user data.

Mike Patterson, founder and CEO security analytics firm Plixer, noticed that even after disabling everything he could find to stop this data transfer, some form of metadata is still sent to Microsoft every 5 minutes.

Further research found that:

  • The content was encrypted in a way that made it impossible to determine what was being sent. This extra effort to encrypt indicates that Microsoft not only didn’t want non-authorized users of the machine from accessing the data—they also didn’t want the end-user knowing what was being sent.
  • There is a group policy feature called Allow Telemetry, which is a setting that determines how many telemetry details are sent back to Microsoft.
  • The only way to disable this entirely, unfortunately, is to purchase an Enterprise version of Windows 10.

In addition to Microsoft Windows 10, Patterson’s research also found that electronics company Plantronics and antivirus firm McAfee are doing this, too:

  1. Plantronics were sending encrypted data over HTTP port 80 every minute
  2. McAfee would send data using a DNS look-up that in many companies bypasses security mechanisms.

Tune into this webinar to get a look at how the research was conducted, exactly what information these companies take from you and why the practice of DIGing (Dubious Information Gathering) is bigger than cybercrime.

09-28-16

Cisco Battles Shadow Broker Exploits

TechNewsWorld

Cisco has swung into action to combat a hacker group's exploitation of vulnerabilities in its firmware. The group, known as the "Shadow Brokers," released online malware and other exploits it claimed to have stolen from the Equation Group, which is believed to have ties to the United States National Security Agency.

09-28-16

State officials warn Congress: don't damage public confidence in election systems

SC Magazine

An association of state officials has published an open letter that seeks to strengthen public confidence in the electoral process, in light of research that has raised questions about the security of voting machines.

09-26-16

Email is a terrible technology but its users are the bigger problem

International Business Times

Email is a communication standard that is almost 50 years old. It is the number one vector that cybercriminals use to hack into our computers and it is a hugely outdated and unwieldy tool for modern communication.

09-22-16

Education sector bullied by ransomware and can barely defend itself, report

SC Magazine

As ransomware activity has continued to increase across every industry over the last year, BitSight researchers found the education sector has been bullied by the highest rates of attack while having the least protected systems among the sectors researchers observed.

09-21-16

Shadow Brokers' Cisco vulnerability exploited in the wild

Tech Target

Cisco released a security advisory for another vulnerability exposed by the Shadow Brokers' cyberweapons dump, which is currently being used to exploit affected systems.

09-16-16

Researcher believes major DDoS attacks part of military recon to shut down internet

SC Magazine

Security researcher Bruce Schneier spotted a series of DDoS attacks which may be part of a larger effort to learn how to take down the internet on a national or even global scale.

09-16-16

Nation States May Be Plotting Internet Takedown, Warns Cybersec Pro

Tech News World

Unknown attackers have been testing the defenses of companies that run critical parts of the Internet, possibly to figure out how to take them down, cybersecurity expert Bruce Schneier warned Tuesday.

09-08-16

Congressional report faults OPM over breach preparedness and response

SC Magazine

The massive breach at the U.S. Office of Personnel Management (OPM), announced in June 2015, might have been prevented had the agency followed basic cybersecurity guidelines, according to the findings of a congressional investigation.

09-08-16

Benefits of the Gigamon and Plixer Joint Solution

Gigamon

Plixer Director of IT & Services Tom Pore discusses the benefits of the Plixer & Gigamon joint solution.

09-07-16

Experts split on whether we're in a cyber arms race or open conflict

TechTarget

While President Obama said we can still defuse a potential cyber arms race, some experts believe we are already in such competition or already past it and in open conflict.

09-06-16

Why colleges and universities are easy targets for hackers

eCampus News

(Page 6) The complexity of College campus computer networks combined with the number of users and the need for unrestrained access, opens the door for hackers to try their skills. Unlike business owners who can make decisions on what is and isn’t blocked from the internet, colleges and universities must operate a bit differently. These schools in many cases are essentially internet service providers for their students who access very few resources on the local network. Almost every web site they visit and email they receive is from a source that resides outside the LAN.

09-02-16

Will our home devices be the next DDoS?

IDG Connect

You would think - if the greater internet community has learned anything leading up to the Internet of Things (IoT) wave of products, it is that security needs to be built into the device from the get-go, but for some vendors, this hasn’t happened. With recent headlines including a serious vulnerability affecting over 120 D-Link products and an IoT botnet launching 400Gbps DDoS attack, it is clear that consumers are on their own when it comes to securing IoT devices. Who should be held liable for the internet attacks being launched from the IoT devices in our homes, our cars or even in our bodies?

08-31-16

Hitler ‘ransomware’ offers to sell you back access to your files – but just deletes them

The Register

Cybercrooks have put together Hitler-themed ransomware that simply deletes files on encrypted PCs.

08-26-16

The Increase and Impact of Cybercrime’s Costs

IT Business Edge

In 2005, cybercrime cost the average company $24,000. In 2015, the average cost jumped to $1.5 million. Certainly some of that is due to inflation – everything costs more today – but the skyrocketing costs are also in line with the overall increase in cybercrime. According to BTB Security, in 2005, there were only four data breaches that affected more than 30,000 records, compared to 26 breaches in 2015. That still seems like a low number, but how about this: In total records compromised, the numbers went from 44 million to 190 million.

08-23-16

Doubts Arise Over Recent NASA Hack

MeriTalk

A recently discovered hack on NASA data that exposed username and password information of the agency’s employees is actually a copy of information that was exposed in 2013, according to NASA. “NASA officials have looked into the alleged data hack recently posted to a website where such information is shared publicly, and confirmed that the data set is, in fact, a duplicate of a 2013 post on this same website,” the NASA Office of Communications told MeriTalk.

08-23-16

Companies That You Trust Are Stealing From You

InfoSecurityBuzz

When we purchase something new, in most cases there is an unspoken understanding about the transaction. For example, if it is food, you can read what is in it and purchase it. If you don’t end up liking the taste, it probably won’t kill you. If we buy a car, it is assumed that it will meet all safety standards. If we purchase a widget of some sort for a specific purpose, it will do what it advertises else we will return it for a refund. When it comes to software, the rules are generally the same; however, there seems to be an emerging twist in the market: data theft.

08-22-16

Who really has control of your data?

The Charles Tendell Show

Companies are taking liberties with your data in all new ways. Some to provide a better service or software experience most to sell you more and other we just don’t know. Joining the conversation is Michael Patterson, CEO of Plixer to shed some light on the situation.

08-22-16

Hackers Ghosting the Trail

Infosec Island

If you're a professional hacker looking for the victim of your next big heist, one thing you are going to do is cover your tracks. Eliminating the evidence is a primary concern in many criminal activities. In the physical world, it is finger prints, bullet casings, blood, hair, camera footage, etc. In the virtual world of cyber crime, it largely all comes down to logs. Criminals want to find, delete or alter them and the gate keepers want to save, archive and protect them from the bad guys. After the theft has occurred, if there is going to be any tracking down of the assailant, it will come down to how well the organization has archive and protected the logs and traffic patterns.

Page 1 of 17