With Facebook now counting over 1.7 billion monthly users and LinkedIn another 467 million, it was only a matter of time until criminal hackers turned their attention to exploiting social media as an attack vector. The current attack is being waged to introduce ransomware into these environments. Dubbed “Imagegate”, it’s a clever way of sneaking malware into your environment. It typically runs this way: While on Facebook, a user sees an Instant Message. It appears … More
Source: helpnetsecurity

When the FBI announced the arrest of a Russian hacker in October, it was notable – but maybe not for the reason you’d expect. Yevgeniy N., who was picked up in Prague, is implicated in the 2012 megabreach at LinkedIn. That cyberattack exposed the usernames and passwords of 117 million people, and led to a fire sale of login data on the open market. The size of the hack was extraordinary, but the arrest of … More
Source: helpnetsecurity

My name is Kai Roer and I am a co-founder of European security startup CTLRe, and these are my confessions. I hope you will learn from my struggles, and appreciate the choices startups make when security matters. I will share experiences from my own startups (my first was in 1994), and things I have learned by watching and advising numerous other startups around the world. Running a startup is an amazing experience, and a lot … More
Source: helpnetsecurity

There has been a lot of activity since October’s Patch Tuesday. During that short period of time, Oracle released its quarterly CPU, including an update for Java JRE; Adobe resolved a zero-day in Flash Player; a security researcher identified a new form of attack called Atombombing, and there has been some rising discussion around the Server 2016 servicing model. The week following Patch Tuesday, the week of October 17th, Oracle released its quarterly CPU, resolving … More
Source: helpnetsecurity

Businesses are often encouraged to take risks. These can fuel innovation, excite customers and set them apart from competitors. However, while many parts of a business may benefit from occasional risks, security is one area that businesses cannot afford to compromise. While trying something new should be encouraged, this should only be done when it can be assured that company and customer data won’t be exposed. One example is the old-school belief that security is … More
Source: helpnetsecurity

If you were online on Friday October 21st, you were probably affected by the DDoS attack against managed DNS provider Dyn. Dyn observed that tens of millions of IP addresses participating in the attack were from IoT devices infected by the Mirai botnet. But what exactly is an IoT botnet? What was so different about this DDoS attack and why does it have security professionals so worried? A botnet is a collection of connected devices … More
Source: helpnetsecurity

It has been said that an ounce of prevention is worth a pound of cure. In the case of disaster recovery, however, businesses tend focus on prevention without anticipating the need for a cure. It may be painful to admit, but disaster in some form is nearly unavoidable, whether due to severe weather, an accident or a data breach. Every good prevention strategy should include a continuity plan for rapid recovery when the inevitable hits. … More
Source: helpnetsecurity

Everyone is increasing the attention of cybersecurity given the continued parade of hacking incidents. Just last week, the three main prudential regulators for financial institutions—Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC)—released new proposed cybersecurity risk mitigation standards called, Enhanced Cyber Risk Management Standards. Cybersecurity is a critical aspect of all global financial transactions as the financial sector operates through a network of interrelated markets … More
Source: helpnetsecurity

Security and compliance is at the top of every IT pro’s mind, yet much of that effort is focused on protecting data within the organization that’s “at rest.” While it’s important to protect all data, data in-motion is when it’s at its most vulnerable point and needs to be more of a focus of your efforts. Data in-motion has to contend with human error, network failures, insecure file sharing, malicious actions and more. In today’s … More
Source: helpnetsecurity

As the IoT industry matures, it’s safe to say we’re well past “early adopter” phase and seeing broader development and deployment. While the prospect of a more established and stable IoT environment is exciting, we’re not there yet. What we are seeing is that the space is showing its youth, and along with it, its insecurities. Many new concepts and technologies skyrocket to peak interest and popularity before all of the appropriate security measures are … More
Source: helpnetsecurity