Category: Uncategorized

Data breaches can be prevented with one simple solution

There have been so many major data breaches over the past year or two that it’s hardly even news anymore when millions of customer accounts are compromised. We’ve become jaded, and just expect that attackers will find a way to penetrate our networks and steal our data. The reality, however, is that there is one simple thing companies—and individuals—can do that will prevent the vast majority of data breaches: two-factor authentication.

“While people may claim that the attackers in these breaches are advanced, sophisticated, or state-sponsored, their actual execution is quite simple in nature,” declared Jon Oberheide, co-founder and CTO of Duo Security. “Simple phishing and other credential theft attacks have not only been the initial entry vector to these companies, but also how attackers move laterally within an organization to reach their eventual target.”

Oberheide warns that companies are setting themselves up for attack if they don’t implement two-factor authentication. “It’s expected that attackers will take advantage of that and find the path of least resistance.” Continue reading “Data breaches can be prevented with one simple solution”

Vicious new ransomware takes your money and still deletes your files

There’s a new form of ransomware—apparently built by amateurs—that takes your money but deletes your personal files anyway. Security research firm Talos recently published a blog post about a new form of malware dubbed Ranscam.

This ransomware follows the basic premise of previous variants. It claims your files have been encrypted, and thus inaccessible to you, then threatens to delete all your files if you don’t pay up. Ransomware’s scary premise prompts many people to fork over the dough in order to save their photos and other content.

Ranscam ignores conventional ransomware behavior, however, and deletes the victim’s content long before they have a chance to pay up. In typical ransomware scams the user is usually prompted to pay up in Bitcoin, which is harder to trace than other forms of payment. After they pay it, and the transaction is verified, the files are decrypted and the ransomware deletes itself.

The Ranscam authors, however, don’t bother with all those technical details and just hope for the easy payout without regard to the user’s files.

The impact on you at home: The good news is Ranscam is still in its early days and doesn’t appear to be widespread. Nevertheless, it’s an important reminder that you shouldn’t trust that you’ll get your stuff back if you end up paying a ransomware scam. Continue reading “Vicious new ransomware takes your money and still deletes your files”

Cisco unveils three DNA network security technologies

Cisco has announced three new technologies for its Digital Network Architecture (DNA) solution to enable network engineers, application developers, channel partners, and IT customers to embed improved and simplified security within their network infrastructure layer: Umbrella Branch, Stealthwatch Learning Network License, and Meraki MX Security Appliances with Advanced Malware Protection (AMP) and Threat Grid.

All three are designed to improve mobility and cloud security threats, according to the networking giant.

The first technology, Cisco’s Umbrella Branch cloud-delivered security software, provides businesses with increased control over guest Wi-Fi usage via content filtering. It can be activated on the Cisco Integrated Services Routers (ISR) 4,000 series, and works to filter and block malware, command and control (C2) callbacks, and phishing threats before they reach the network.

The company’s second new DNA security technology, the distributed machine-learning Cisco Stealthwatch Learning Network, was acquired as part of Cisco’s $452 million Lancope purchase. Continue reading “Cisco unveils three DNA network security technologies”

Cisco boasts 100 percent security coverage

Cisco has said it will do whatever it takes, including working alongside competitors, in order to ensure that it has the best security offering that covers customers 100 percent of the time.

Admitting that the 100 percent statement is a “bold claim”, Scott Harrell, VP of Product Management in Cisco’s Security Business Group, explained that it means Cisco will provide protection for customers whether they are on business premises or working remotely.

“What we’re talking about is the fact that you as customers, you as network administrators, as partners, who are trying to find and deploy these complex networks, your problem’s not just a firewall at the edge … your problem’s more than that,” Harrell, speaking at the second day of Cisco Live Las Vegas, said.

“You have diverse infrastructures, you have campuses, you have datacentres, you have branches, you have users that are sales personnel that never come back on-prem, they spend their whole life off-prem and seldom connect back into the VPN, you have applications that you’re being pushed to move to the cloud by your line of business. Continue reading “Cisco boasts 100 percent security coverage”

Homeland Security warns of hackers exploiting SAP security flaw

Homeland Security has warned that hackers are exploiting a security vulnerability in SAP business software — a flaw that dates back to 2010.

The department’s Computer Emergency Readiness Team (CERT) sent an alert on Wednesday warning that at least 36 unnamed organizations are running misconfigured or outdated software, which could leave them prone to remote attacks by hackers.

One of the affected enterprises is said to be one of the top-ten highest annually grossing global companies, and more than a dozen generate over $10 billion in annual revenue per year.

According to the alert, a hacker that successfully exploits the vulnerability can gain full access and complete control to an affected SAP platform — that includes business information and processes on those systems.
Continue reading “Homeland Security warns of hackers exploiting SAP security flaw”