Review: The best password managers for PCs, Macs, and mobile devices. June 18, 2014 Credit: iStockphoto Thanks to high-profile computer security scares such as the Heartbleed vulnerability and the Target data breach, and to the allegations leveled at the government and cloud providers by Edward Snowden, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too. A password manager won't shield you against Heartbleed or the NSA, but it's an excellent first step in securing your identity, helping you increase the strength of the passwords that protect your online accounts because it will remember those passwords for you.
A password manager will even randomly generate strong passwords, without requiring you to memorize or write down these random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables, or brute-force attacks. Beware Keyloggers at Hotel Business Centers. The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.
A DHS/Secret Service advisory dated July 10, 2014. In a non-public advisory distributed to companies in the hospitality industry on July 10, the Secret Service and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) warned that a task force in Texas recently arrested suspects who have compromised computers within several major hotel business centers in the Dallas/Fort Worth areas. “The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts,” the warning continues. Hotel business center computers see uptick in keylogger malware. More in News DefCon: You cannot 'cyberhijack' an airplane, but you ...
In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible. DefCon: Panel discusses diversty in security and just ... Being yourself and being able to be yourself were topics discussed at a panel on diversity in information security at DefCon 22. DefCon: Stolen data markets are as organized as ... In order to cause disruption within the stolen data markets of the dark web, its organizational structure must be analyzed, according to one expert at DefCon 22 in Las Vegas. Hackers Attack Shipping and Logistics Firms Using Malware-Laden Handheld Scanners. China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world. The attack, dubbed "Zombie Zero," has been analyzed by cybersecurity solutions provider TrapX, a company formerly known as CyberSense.
According to TrapX, the attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory the items they're handling. The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices. Additionally, the threat is also distributed via the company's support website, the security firm noted in its report (PDF). The scanners transmit the data they collect (origin, destination, value, contents, etc.) via the customer's wireless network. The malware used by the Zombie Zero attackers is highly sophisticated and polymorphic, the researchers said. Previous Columns by Eduard Kovacs: Insurers struggle to get grip on burgeoning cyber risk market | Reuters.
No money, no problem: Building a security awareness program on a shoestring budget. Implementing a security awareness program seems rather straightforward, until you actually start to implement one - factoring in things like resources and the people (users) to be trained. At that point, it can seem complicated, costly, and unnecessary. However, the process doesn't have to be a logistical and expensive nightmare, and it's certainly worth it in the long run. Organizations both large and small have implemented awareness programs for next to nothing, and while they're not perfect, many of them are able to show measurable results. The key to these successes however, is based on understanding what it is that the organization is actually trying to accomplish.
[Related: Seven things that will destroy a security awareness program] While doing topical research for this story, CSO discovered a common thought among the experts and executives that were consulted, including some who spoke to us during two regional security conferences this summer (B-Sides Detroit and CircleCityCon). Beef up your security and avoid being a victim on vacation this summer. It's summer, so chances are good that you're planning on taking a trip sometime in the next couple of months. While the prospect is exciting, it can also be daunting for those who aren't sufficiently prepared to protect themselves and their assets while they're traveling.
"When people go away on vacation, it's more likely that they'll be the target of an attack," says Ryan Jones, a managing consultant for Lares. "Is it a guarantee? Of course not. But it's more likely. " [Phishing, football and frauds: 15 ways to safeguard yourself during the World Cup] The likelihood of an attack increases both as a result of the fact that people are away from home and because of risky behavior on the vacation itself. "A number of people today are breached, physically or electronically, as a result of placing their vacation plans or info online," he says.
That being said, such systems can, in their own way, introduce even more risk to the equation. On the road "Encrypt anything mobile," says Jones. How to recover files from a CryptoLocker attack, without paying! If you're new here, you may want to subscribe to the RSS feed, like us on Facebook, or sign-up for the free email newsletter which contains computer security advice, news, hints and tips. Thanks for visiting! Here’s some genuine good news to brighten the day of anyone who has had their computer hit hard by one of the most pernicious threats to hit internet users for a long time. Boffins at Fox-IT and FireEye have teamed up to provide a free service – decryptolocker.com – to help anyone has fallen foul of the notorious CryptoLocker malware that encrypts computer files and demands a ransom be paid for the decryption key.
To use the DecryptoLocker service, CryptoLocker victims will need to: Identify a single, Cryptolocker-encrypted file that they believe does not contain sensitive information, and upload it to the DecryptoLocker portal. Sounds neat – and if the service wasn’t supplied by trusted, established security experts like Fox-IT and FireEye I would tell people to be suspicious. 92% of brands fail email security test. Posted on 06 August 2014. The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust and empower users, announced the results of its 2014 Email Integrity Audit report, including its Email Trust Scorecard.
Out of nearly 800 top consumer websites evaluated, OTA found only 8.3 percent of consumer facing web sites passed and thus 91.7 percent failed. The overwhelming majority of businesses and government agencies are not following adequate steps to help ensure consumers and business partners can discern if emails coming from their domain are genuine or forged. The Scorecard measures the adoption of three critical email security protocols: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC). “Over 400 million Microsoft users worldwide are realizing the benefits of SPF, DKIM and DMARC. The U.S. state of cybercrime takes another step back. When it comes to cybercrime, it seems no enterprise goes unscathed. There are more breaches happening, the associated costs are rising, and business leadership grows increasingly concerned that information security remains a challenge that is out of control.
Those are the headline findings of the 2014 U.S. State of Cybercrime Survey, an annual survey by CSO Magazine with help from the U.S. Secret Service, the Software Engineering Institute at Carnegie Mellon University, and PwC. The 12th survey of cybercrime trends, released this week, found on average, the number of security incidents detected by enterprises reached 135 per organization. Unfortunately, more than two thirds of organizations that detected breaches are unable to place a cost on the incidents, and for those that could the average loss totaled $415,000. Bob Bragdon, vice president and publisher, CSO says things are getting worse despite efforts in the right direction. [Related: The sorry state of cybercrime] New Data Sheds Light on Shifting Cybercriminal Tactics - Microsoft Security Blog. New data released today suggests that the security mitigations that Microsoft has included in newer software has helped make malicious cyber acts more difficult for would-be attackers.
Effective security mitigations raise the cost of doing business for cybercriminals. The data also indicates that cybercriminals are increasingly utilizing deceptive tactics in their attempts to compromise systems. This is a key finding of our latest cybersecurity report, that we publish twice a year to help our customers, partners, and the broader cybersecurity community understand the tools, tactics and threats posed by cybercriminals. This knowledge is essential for IT and security professionals trying to better protect themselves and their organizations from cyber-attacks. Foremost among the tactics many attackers are using is “deceptive downloads.” In more than 95% of the 110 countries/regions we studied, deceptive downloads were a top threat. The new report contains a lot of valuable information. 2014-05-05 Global Cost of Data Breach Increases by 15 percent, According to Ponemon Institute.
Traverse City, MI - 05 May 2014: Today Ponemon Institute released its ninth annual Cost of Data Breach Study: Global Study, sponsored by IBM (NYSE: IBM). According to the study of 314 companies spanning 10 countries, the average total cost of a data breach increased 15 percent in the last year to $3.5 million Local currencies were converted to U.S. dollars for comparison purposes.. The study also found that the cost incurred for each lost or stolen record containing sensitive and confidential information increased more than nine percent to $145. The ninth annual study involved the collection of detailed information about the financial consequences of a data breach. For purposes of this research, a data breach occurs when sensitive, protected or confidential data is lost or stolen and put at risk. All those interviewed are knowledgeable about their organization’s data breach and the costs associated with resolving the breach. The State of Advanced Persistent Threats study.
Malware Breaks All Records in Q1 2014. If it feels like threats are snowballing out there, it’s not your gut deceiving you: malware creation has broken all records during the first quarter of the year, with a figure of more than 15 million new samples appearing for the period, and more than 160,000 new samples appearing every day. Panda Security’s PandaLabs quarterly report for Q1 2014 has concluded that trojans are still the most abundant type of new malware, accounting for 71.85% of new samples created during Q1. Trojans are followed by worms, at 12.25%, and viruses, at 10.45%. So far in 2014, trojans are still the malware most commonly used by cybercriminals to infect users. According to data from PandaLabs, four out of five infections around the world were caused by trojans, which translates to 79.90% of the total. Viruses are in second place, accounting for 6.71% of infections, followed by worms, with a ratio of 6.06%. The global infection rate during the first three months of 2014 was 32.77%.
Cybercrime shopping list study points to falling prices. 16 December 2013Last updated at 19:47 ET By Paul Rubens Technology reporter The price of a hacking victim's personal details are becoming cheaper to buy, says a study Fancy a bank account with $300,000 (£184,000) in it? If you know where to look and you don't mind dealing with cybercriminals then the going rate is just $300, a study of the hacking underworld suggests.
For that you'll get the bank account details, plus online username and password providing you with full access to the money. For criminal buyers that price is a steal compared with the sums they were paying as little as two years ago. The investigation was carried out by Joe Stewart, director of malware research at Dell SecureWorks, and David Shear, an independent researcher. Continue reading the main story “Start Quote Hackers have got smarter and are now able to target places where a wide range of personal data is warehoused” End QuoteJoe StewartDell SecureWorks The glut in supply could continue for some time. Secrets for sale. Want better passwords? Follow the lead of 1Password and make it easier for people. As the spate of password breaches continues, the challenge is how quickly news of each new attack fades into the background as noise.
It makes it even harder to connect with people and convince them to take action. After the latest password breach, Nick Owen (@wikidsystems) (aside: did you read the interview with Nick), Kurt Wismer (@imaguid), and I engaged in a brief twitter conversation on the economics of password choice. The argument was made that the people with the weakest passwords "win" because they needed to expend the least amount of energy prior to the breach. Tongue-in-cheek? It was a way to point out the failure of password authentication had less to do how people choose passwords than the reality that companies are failing to both implement password authentication properly and protect password databases.
Blaming people is a smokescreen. The winning strategy is encouraging better company and individual action. Pivot: place focus on value (for yourself and others) Is it worth it? FOCUS Magazine Online: Articles. As we conduct more and more business online, the digital world has become a hacker’s paradise. To combat the growing threat of cyber attacks, many companies are hiring chief information security officers (CISOs) whose main responsibility is to make sure data is secure. Recent high-profile data breaches have demonstrated that it is not a role for the faint of heart. “We’re like sheep waiting to be slaughtered,” said David Jordan, the CISO for Arlington County in Virginia.
“We all know what our fate is when there’s a significant breach.” IT research firm Gartner predicts that by 2020, 30 percent of Global 2000 companies will have been directly compromised by independent cyber activists or cyber criminals. In order to protect information assets, CISOs and other security professionals are facing a difficult challenge: they have to keep up with cyber criminals, check off a growing list of compliance boxes, and keep close tabs on the security practices of their partners and employees. 1. 2. 3. Women Gain in Some STEM Fields, but Not Computer Science.
With 1.6 million smart phones stolen last year, efforts under way to stem the losses. Inside The Massive Global Black Market For Smartphones. BYOD and Mobile Security Report 2013. 123456: Millions of Adobe hack victims used horrible passwords. 96% of businesses are unprepared for a cyber attack. Cyber-Security Insurance Adoption Grows. What kind of target are you? Upgrading to Windows 8.1: Your new OS survival guide. Study: The cost of cyber crime continues to rise. The Digital Age Of Cyber Insurance - Live Insurance NewsLive Insurance News.
Best security tools for under $3,000. Top 20 Free Digital Forensic Investigation Tools for SysAdmins. Defending against web-based malware: Spot the smoke, don’t wait for fire. Medical ID Theft Spreads - Watch out for Waterhole Web Attacks. Half of organizations targets of cyberattack in last year. After Twitter, NY Times hacks, top Internet brands remain at risk. Social engineering: Study finds Americans willingly open malicious emails. Rogue antivirus makes users an 'offer they can't refuse' Top Ten Tips for Companies Buying Cyber Security Insurance Coverage - Association of Corporate Counsel (ACC) XP's retirement will be hacker heaven | Microsoft Windows. Detect the undetectable: Start with event logs | Security. DHS Grants Can Boost Cyber Preparedness. DHS Grants Can Boost Cyber Preparedness. Should you create a separate, supersecure network? | Security.
Stop 80 percent of malicious attacks now | Security. What else can Congress bungle? Their passwords, for starters | Cringely. Security Response Publications, Internet Security Threat Report. Gartner's 2012 Magic Quadrant recognizes SafeNet's leadership position in Authentication. Calif. attorney general: Time to crack down on companies that don't encrypt | Data security. CSIS: 20 Critical Security Controls. 5 Safeguards From 'Watering Hole' Attacks, Chinese Hackers. Why business is losing the war against cybercrime.
Five steps to ultimate Firefox security | Security. Cybercrooks target SMBs with new types of attacks. Know thy cyber enemy: Who's attacking and what they want | Security. 5 hot security defenses that don't deliver | Security. Welcome to San Francisco: Here's where the cellphone thefts are. New startups are prime targets for cyberattacks - May. 23, 2013. Cyberattacks devastated my business! - Hacked by Anonymous (1) Study Shows Cyber Attacks Target Small Businesses. Most Data Breaches Caused by Human Error, System Glitches. Too many CSOs ignore the reality of today's threats. New Survey Shows U.S. Small Business Owners Not Concerned About Cybersecurity; Majority Have No Policies or Contingency Plans. Negligence and glitches create 64% of data breaches.