One year from today, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses that work with personal data of citizens and residents of the EU. GDPR was approved a year ago and will be going into effect in another year. It applies directly to organizations within the EU, but also applies to organizations outside the EU if they 1) offer goods and services to the EU, 2) monitor the behavior EU subjects, or 3) process or retain personal data of EU citizens and residents. And the regulation can place very serious fines and sanctions for non-compliance.
A couple of weeks ago, possibly every security manager in the world was dealing with the repercussions of WannaCry, a ransomware worm that screamed across the internet and flooded the media. IT and security departments, placed on high alert, had to scramble — whether or not any of their systems had been infected. I was no exception.Trouble Ticket
At issue: The WannaCry ransomware outbreak was cause for concern even at companies not immediately affected.
Action plan: Make sure that every device, including remote PCs, is patched, has antivirus protection and is backed up, and remind all employees that they play a big role in keeping the company safe.
Deploying password quality checking on your Debian-base Linux servers can help to ensure that your users assign reasonable passwords on their accounts, but the settings themselves can be a bit misleading. For example, setting a minimum password length of 12 characters does not mean that your users' passwords will all have twelve or more characters. Let's stroll down Complexity Boulevard and see how the settings work and examine some settings worth considering.
First, if you haven't done this already, install the password quality checking library with this command:apt-get -y install libpam-pwquality
The files that contain most of the settings we're going to look at will be:
Well, well, well, the NSA may not waltz away legally unscathed after spying on Americans’ private communications due to the dogged determination of the Wikimedia Foundation, the ACLU, the Knight First Amendment Institute at Columbia University and eight other co-plaintiffs.
The 4th US Circuit Court of Appeals ruled to give Wikimedia a chance to legally challenge the NSA’s mass surveillance as being unconstitutional. The government has previously argued that the NSA’s Upstream warrantless spying is authorized under Section 702 of the Foreign Intelligence Surveillance Act. Thanks to Upstream surveillance, the NSA sucks up and searches through American’s international internet communications.
BOSTON -- Retired Gen. Michael Hayden held nothing back when speaking to cybersecurity pros today at the ZertoCon business continuity conference.
It's been more than a decade since he led the National Security Agency (NSA), but that didn't stop Hayden from asserting that the Russians were involved in last year's U.S. presidential election. His view: Only two presidents doubt that the Russians were involved in the 2016 election -- Donald Trump and Vladimir Putin.
"They [the Russians] had an affect on the election, there is no question that this happened," Hayden said. "The question is if there was collaboration with the campaign."
A few days ago, Microsoft’s top lawyer took the NSA to task over WannaCry, saying that problem was the agency’s creation because it built and stockpiled such malware for its own use.
Now WikiLeaks has revealed more government-created malware and this one is a nasty piece of work.
Codenamed “Athena,” the spyware targets all version of Windows from Windows XP to Windows 10, and was released in August 2015. It was created in part by a private New Hampshire-based cyber security firm called Siege Technologies.
While blockchain may have cut its teeth on the cryptocurrency Bitcoin, the distributed electronic ledger technology is quickly making inroads across a variety of industries.
That's mainly because of its innate security and its potential for improving systems operations all while reducing costs and creating new revenue streams.
David Schatsky, a managing director at consultancy Deloitte LLP, believes blockchain's diversity speaks to its versatility in addressing business needs, but "the impact that blockchain will have on businesses in various industries is not yet fully understood."
Every company has workaholics who can’t leave their duties behind when heading out on vacation. They're kind of worker who, if the hotel doesn’t have Wi-Fi, will rush to the closest coffee shop or eatery to stay connected, check email and jump onto a video conference call.
Those are the kinds of insecure wireless networks that make IT security managers nervous.
And for good reason. Public Wi-Fi networks at cafes and coffee shops are open to, and can be accessed by, anyone, according to mobile security vendor iPass. They require neither security keys and passphrases nor firewall protection. That leaves employees vulnerable to man-in-the-middle attacks.
The global WannaCry ransomware attack, which crippled hospitals, government organizations, companies and individuals around the world, didn’t have to happen. It was no grand technological feat perpetrated by genius hacker masterminds. Instead, it took advantage of the lazy, patchwork way organizations handle security and the seamy roles that the National Security Agency (NSA) and big tech companies play in undermining security in the internet age.
And that, in fact, is a piece of good news. Because it means that stopping the next global malware attack needn’t be impossible. Here are five steps that can do it.
The global WannaCry attack that started 10 days ago touched just a handful of Windows XP PCs, a security expert said Monday, contradicting the narrative that the aged OS was largely responsible for the ransomware's crippling impact.
"There were no real WannaCry infections of Windows XP," said Costin Raiu, director of Kaspersky Lab's global research and analysis team, in an interview Monday. "We've seen only a handful of cases, less than a dozen, and it looks like most of them were testers [self-infecting systems]."[ Further reading: Fighting ransomware: A fresh look at Windows Server approaches ]
Raiu's claim countered an assertion made by virtually every media report and blog post published after "WannaCry" emerged June 12. Countless news stories blamed Windows XP, which Microsoft retired three years ago, for falling victim to the attack because the vulnerability that WannaCry exploited had not been patched in the obsolete OS.
Back in the ‘70s, the United States suffered a severe oil shortage.
Lines at the gas station filled city blocks. Thieves siphoned gasoline not to save money but time. In response, the federal government created a measurement, miles per gallon. Since then, MPG has become a factor in many car purchase decisions. Today, fuel efficiency has improved threefold, and we have hybrid and electric cars.
We are facing another crisis that threatens our way of life — ransomware. Cybercriminals hold hostage individual, public sector and enterprise data with remarkable ease and frequency. Although paying ransoms may solve a short-term problem, it almost guarantees that attacks will continue creating a larger threat to our digital society.
Facebook allows users to livestream self-harm, post videos of violent deaths and photos of non-sexual child abuse, but comments which threaten to harm President Donald Trump are to be deleted, according to Facebook’s secret rule books for monitoring what its 2 billion users can post.
The Guardian got hold of leaked copies of over 100 internal Facebook manuals and documents that tell moderators how to handle content which includes violence, sex, hate speech, terrorism, nudity, self-harm, revenge porn and more controversial content – even cannibalism.
Antivirus software to protect corporate systems from malware is like a flu shot. You should have it, but it won't likely protect you from every strain of the flu.
Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry/WannaCrypt were running Windows 7. Since, once it gets a foothold, the malware can infect an entire network, most of the attention was focused on LAN based attacks. My previous blog was about using the Windows firewall as a defensive measure.
But any malware can spread in multiple ways so there is always a need for anti-malware software on Windows PCs. The May 12th blog post, Customer Guidance for WannaCrypt attacks, in which Microsoft announced the release of a bug fix for Windows XP, mentioned that
Image by Reuters
While ransomware isn't new, this once-simple criminal hacker tactic has morphed into a devastatingly effective weapon wielded by more advanced cyber-criminals -- as seen with the recent Wannacry outbreack. These sophisticated attackers are highly motivated by the profitable nature of their efforts. Dan Larson, technical director at CrowdStrike, looks at the current state of ransomware, why organizations should take threats seriously and how to build a strong defense.
Despite all the attention currently focused on Windows computers being infected with WannaCry ransomware, a defensive strategy has been overlooked. This being a Defensive Computing blog, I feel the need to point it out.
The story being told everywhere else is simplistic and incomplete. Basically, the story is that Windows computers without the appropriate bug fix are getting infected over the network by WannaCry ransomware and the Adylkuzz cryptocurrency miner.
We are accustomed to this story. Bugs in software need patches. WannaCry exploits a bug in Windows, so we need to install the patch. For a couple days, I too, ascribed to this knee-jerk theme. But there is a gap in this simplistic take on the issue. Let me explain.
Are you ready for the next cyber disaster? You may not ever be fully ready. Given the ever-increasing number and variety of threats out there, it's hard to imagine the many ways in which you could be hit. Twenty years ago, who would have imagined 9/11 or ransomware or the sophistication of today's social engineering techniques? But even if you can't be fully prepared, you can avoid being totally unprepared.
There are many things that you can do to be more likely to recover from a major attack or limit how hard it hits you. Being more in touch, more aware, and more prepared are key. Given the proliferation and variety of the threats today, avoiding disaster is a big deal and limiting impact a worthy goal. What are those who deal these issues everyday trying to tell us and how can we put their insights to good use?
When internet pioneer Vinton Cerf was 10, he was working on advanced math, and by the time he was 17, he was tinkering at programming at UCLA and beginning a lifelong "love affair" with computing.
Today, Cerf, known as the father of the internet, says software bugs are among the biggest dangers to enterprise IT and warns of the mounting challenges the IT community must face in what he calls the "digital dark age."
Widely recognized for his contributions to technology, Cerf, 73, was awarded the U.S. National Medal of Technology for co-founding and developing the internet. He also was the recipient of the Presidential Medal of Freedom, the A.M. Turing Award and 29 honorary degrees.
Panda security solutions will fully protect you against the newly released malware and ransomware attacks, and Panda is offering 55% off all security products for home users using the coupon code ANTIRANSOMWARE at checkout. See Panda's Internet Security product here, or their Antivirus Pro product here, and enter the code at checkout to activate the 55% savings. This code will work for all Panda Security products for home users.
In an extremely fortunate bit of timing, I visited my parents just as my father nearly fell for one of the worst scams floating around on the Internet. He had inadvertently clicked on a bogus link that popped up an equally bogus blue screen claiming his computer had been compromised and he needed to call a toll free “Microsoft” support line to get help.
Of course it wasn’t Microsoft and the pop up was fraudulent, but he didn’t know that. I practically screamed “hang up!” at him and explained why after he did.
These tech support scams have always been growing in frequency and severity, and the fact that they have an 800 number (or some derivative) not only gives them validity and makes people more willing to call, but also shows they are flying under the radar and using legitimate means against their victims.