Tag : encryption

The Best VPN Services of 2018

“A virtual private network is the best way to stay anonymous online and to secure your web traffic. We’ve tested more than 50 VPNs, and these are our top performers” stated PC Mag’s, Max Eddy

Best VPN Services of 2018

 

What Is a VPN?

In the simplest terms, a VPN is used to create a secure, encrypted connection—which can be thought of as a tunnel—between your computer and a server operated by the VPN service. In a professional setting, this tunnel makes you part of the company’s network, as if you were physically sitting in the office—hence the name.

While you’re connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet. If you make sure to only connect to websites secured with HTTPS, your data will continue to be encrypted even after it leaves the VPN.

Think about it this way: If your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back. They might even be able to peek inside your car and learn more about you. With a VPN service, you are essentially driving into a closed parking garage, switching to a different car, and driving out, so that no one who was originally following you knows where you went.

VPNs Keep You Safe Online

Have you become so comfortable with the idea of transmitting your data via Wi-Fi that you’ve stopped worrying about the safety of said data—and of who else might be looking at it? You’re not alone. In fact, you’re probably in the majority. That’s a huge privacy and security problem. Public Wi-Fi networks, which are commonplace and convenient, are unfortunately also highly convenient for attackers who are looking to compromise your personal information. When even your ISP is allowed to sell your browsing history it’s time to begin thinking about protecting your data. That’s where virtual private networks, or VPNs, come in.

 

Who Needs a VPN?

The protection provided by a VPN offers users many advantages. First and foremost, it prevents anyone on the same network access point (or anywhere else) from intercepting your web traffic in a man-in-the-middle attack. This is especially handy for travelers and for those using public Wi-Fi networks, such as web surfers at hotels, airports, and coffee shops. VPNs also cloak your computer’s actual IP address, making it harder for advertisers (or spies, or hackers) to track you online.

 

How to Choose a VPN Service

The VPN services market has exploded in the past few years, and a small competition has turned into an all-out melee. Many providers are capitalizing on the general population’s growing concerns about surveillance and cybercrime, which means it’s getting hard to tell when a company is actually providing a secure service and when it’s throwing out a lot of fancy words while selling snake oil. In fact, since VPN services have become so popular in the wake of Congress killing ISP privacy rules, there have even been fake VPNs popping up, so be careful. It’s important to keep a few things in mind when evaluating which VPN service is right for you: reputation, performance, type of encryption used, transparency, ease of use, support, and extra features. Don’t just focus on price, though that is an important factor.

____________________________________________________________________

For the original content, please visit:

PCMag.VPN2018

Teenage hacker grabs massive data from 800,000 open FTP servers

hacker

Not all teenagers are sneaking out in the middle of the night, one is sneaking into nearly 800,000 open FTP servers. The story begins with a security researcher, Minxomat, scanning IPv4 addresses to find nearly a million open FTP servers needing no authentication for access. This scan revealed that not only is no authentication needed but that 4.32 percent of all FTP servers in the IPv4 space can be accessed by an anonymous user login with no password. Seriously!!

Shortly there after this report was released, reports surfaced that a young teen hacker by the name of “Fear” had gained access to and downloaded massive amounts of data from every state with a domain on .us, as well as some .gov domains. (In a report to Network World)

“I gained access to an FTP server that listed access to all the FTPs on .us domains, and those .us domains were hosted along with .gov, so I was able to access everything they hosted, such as public data, private data, source codes etc.,” Fear told DataBreaches.net. It was “very simple,” he said, “to gain access to the first box that listed all the .us domains and their FTP server logins.”

Network World

He later added to this claim, stating that the attack was a SQL injection (poorly coded web database that leaks information). Fear gained access to credit card information, social security numbers, email address, home addresses, phone numbers, and web-banking transactions. Fear claims there was no encryption to protect the data and that he could “read all of it in plain text form”

His message to those responsible for securing state and government FTP servers is: “5 char passwords won’t save your boxes.”

On Sunday, someone in Florida attempted to secure the data, taking down the FTP server before password-protecting it and bringing it back up, but Fear said, “Too bad they don’t know its backdoored LOL…. they legit suck at security.”

Network World

Security professions are questioning the reliability of the claim.

“We can’t state unequivocally that he did not hack something, but only because it’s impossible to prove something didn’t happen,” said Neustar Senior Vice President Rodney Joffee.

But as Fear states “It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen,”

The Hill 


If you would like to learn more about the infomration presented in this blog post please visit: www.networkworld.com  www.thehill.com 

 

Protect your HR department against Cyber Attack

Human resources management concept business man selecting virtual interface

Human Resources is often the target of malicious attacks via hackers and fraudulent email, simply because of the wealth of information available in your HR department. Employee names, birth dates, Social Security numbers, W2 forms and addresses will snag a high price tag on the dark net. The most common means for obtaining this information is phishing emails that appear to be from a trusted employee or head executive asking for sensitive company data, financial records, or access to employee information. In most cases the employee on the receiving end of the email cannot recognize that the email is fraudulent, and will pass on the information without hesitation. HR departments from numerous organizations have reported W-2 tax form whaling scams. After receiving a spoof letter from a company executive requesting employee information, Seagate Technology said employees handed over thousands of current and past employee W-2 forms. Snapchat has reported a similar story, stating that a scammer posed as CEO Evan Speigel and asked for payroll data and an employee in the payroll department complied thinking the request was legitimate.

The hackers are not going to stop asking for your information so you might as well protect your company from vulnerabilities. This means educating employees, storing data in the cloud, encrypting such data in the cloud storage, and bringing in Identity Management Software. As always I recommend a highly capable IT department as well.

Train your employees about the elements and characteristics of company emails. Teach them to pay attention to the person requesting the information as well as the information in question. Let them get used to asking “Why?” before pressing send. For example, the head of the financial department has access to all financial data and probably does not need to email employees in the financial department for additional access. This may sound like pure common sense, but it never hurt to reiterate the importance. Let employees see what a fraudulent phishing email lots like. Cybersecurity training company KnowBe4, has taken a hands on approach to teaching employees to recognize phishing emails. Sending over 300,000 fraudulent emails to employees at 300 client companies over the course of the year, using the example emails to educate staff on key elements to spot an attack email. According to KnowBe4 founder and CEo Stu Sjouwerman, before the training 16 percent of employees clicked on links in the simualted phishing emails, after a year of education only 1 percent of employees clicked on the links.

Regardless of how much training you provide for your employees, all it takes to create chaos is one simple mistake.

A viable way to double the protection in this case would be to encrypt data and store it in the cloud, rather than in document folders on the desktop or laptop. If an employee were to accidentally release information to a non-credible source, the hacker would be lead to a link they could not open because additional information needed to open the link would not be in the hands of the hacker.

San Francisco identity management company, OneLogin, has banned the use of files in their office entirely. CEO Thomas Pedersen gives us his reasoning, “It’s for security reasons as well as productivity,” said David Meyer, OneLogin’s cofounder and Vice President of Product Development. “If an employee’s laptop is stolen, it doesn’t matter because nothing’s on it.” Not a bad idea.

Identity Management Software that controls log-ins and passwords is a great tool to protect your HR department. Rather than trusting that HR staff are protecting usernames and passwords for each platform they use for payroll, benefits, recruiting, scheduling and such, the single log-in allows access to everything. This helps the employees, as only one password needs to be remembered, eliminating the need to write down passwords or save them elsewhere. The identity management software you choose should use a multi-factor authentication, which ensures even if the password got into the wrong hands, additional approval from another device will be needed to access the log-in. Companies can also employ geofencing to restrict log-ins so admins can only sign in from specified areas, such as the office.

HR tech platforms and cybersecurity firms are working together to improve the security of HR departments, fingerprint log-in is one of the safer means of logging in, but that technology is not available across all platforms. Until these needs can be met, the best protection is prevention.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com

Why You Need to Deploy Encryption and How

encryption

Encryption is the transformation of data from plain text to ciphertext. In other words, basically taking data that is easy to read and placing it into a riddle that has no rhyme or pattern so that only those that know the riddle, can read your data. Still with me?

Encryption alone is not enough to guarantee the safety of your data. An endpoint protection software is necessary to monitor for malware, especially making sure you aren’t hit with ransomware which will most certainly blackmail you for the encryption key, bringing us back to square one. It is known however, that hackers don’t particularly like encrypted data, and are much less likely to continue along once they learn you’ve employed encryption throughout your business.

“The best reason to encrypt your data is that it lowers your value,” said Mike McCamon, President and CMO at SpiderOadk. “Even if [attackers] got in, all the data stored is encrypted. They’d have no way to do anything if they downloaded it.”

Passwords are a great start, but lets take it one step further. If an attacker were to get into your network they most likely can navigate around and find where all your passwords are kept, again back to square one. No point in a password if hackers can find it without breaking a sweat. Password encryption allows you to put an extra layer of protection on your passwords. Any password you use to log in to a portal, will be encrypted as soon as you press Enter. The password will be scrambled and saved on your company’s endpoint in the same matter explained above, a riddle so to speak. The only way to get past the encryption is to have the encryption key.

Protect the house, with database and server encryption. Anyone who can gain access to your network can see information in plain text. If the house of all your data is in plain text, that is a surefire road to disaster.

Secure Sockets Layer (SSL) Encryption  protects the transfer of data from the browser to the website. This will encrypt and protect the data employees and clients exchange via browsers to your company website. This is a safeguard against the interception of information as it is being transferred from the browser to the endpoint. However, once the data has reached your company server the information will be in plain text, and yet another encryption method should be used.

Email identity encryption provides employees with a complex key, known as a Pretty Good Privacy (PGP) key. This key is given to all email recipients, so that if and possibly when one of your clients receives an email without the decryption prompt, such as one claiming to be from your company’s CEO, the client knows to ignore the email.

Device Encryption is critical to the safety of your organisation. Device encryption should be required of all employees. IT management can significantly help in this process, and can also set up mobile device management software for all mobile devices. This will protect your employees and your business from avoidable and preventable vulnerability.

End-to-End and Zero-Knowledge Encryption is the most comprehensive form of encryption. Before your data can reach the end-point it is manipulated, jumbled, bamboozled – including all log ins, device passwords, application information, files. The only way to decipher the code and gain access to the information is with an encryption key that only your IT management company has, along with the software company that works to encrypt the data.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com

How to scrub data from your device

Delete

You may be surprised to hear that “Delete” is not an end all function for wiping data clean from your machine. To ensure you data doesn’t get into the wrong hands, perform a secure erase. Whether you are selling an old computer or just want to wipe some sensitive data off your machine completely, Secure Erase is an easy way to get the job done.

SECURE ERASE

When you hit Delete, you most likely expect that all of your data is actually deleted. Unfortunately, this is not the case. Delete doesn’t actually delete your data, what this function does is erase a file’s reference information in the disk directory and marks the blocks as free for reuse. Your operating system might not be able to see it, but your data is still there deep down. Hence the use of file recovery programs, these programs look for blocks that the directory says are not in use, and searches for your data. There is something called bad blocks as well, which is when data is left from partly overwritten blocks, and other actions. Secure Erase command overwrites every track on the disk, meaning, there is no data recovery from a Secure Erase. This is great for data security if you know what you are doing, which most of us don’t, which is why the Secure Erase command has been disabled on most motherboards.

ENCRYPT, REFORMAT, ENCRYPT.

Deleting the last little bit of your data can be easier than you think with the right knowledge. Windows uses an encryption tool called BitLocker, which usually requires a system with a Trusted Platform Module (TPM) chip. Without a TPM you won’t be able to access BitLocker or when you attempt to access BitLocker it will pop up with an error message. Full disk encryption is built into Windows and Mac OS X.

To try BitLocker, go the Control Panel, click System and Security, and then click on BitLocker Drive Encryption. Select the drive and start the process. Encryption will take hours on a large disk, but you should be able to do other work on the system while encryption completes. – Robin Harris, writer for Storage Bits

In order to perform this on a Mac, you will need to access the Mac OS File Vault 2 (10.7 and later) function. Open System Preferences, Find Security and Privacy, and FileVault. Choose Turn On FileVault, select a password option, enable any other accounts you want to access the drive – in this case none – and click Restart. The encryption process will begin and, like Windows, will take some hours if you have a large drive. – Robin Harris, writer for Storage Bits

Once you have your drives encrypted, you need to reformat the drive as a new drive and encrypt it again. The drive is now empty so you won’t be met with long wait times as you did with the previous encryption. The purpose of the second encryption is to ensure that your first encryption key is overwritten, because a really great decrypter could recover the key and decrypt your data, which would make all that work for nothing. The second encryption eliminates that possibility.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

 

 

5 Ways to Spy a Hacker in Your Network

download

1. Search for the telltale signs of a breach. 

Port Scans? Excessive failed log-ins? When a hacker infiltrates an unfamiliar network they need to learn the topology of the network, looking for vulnerable points of access in servers. From this point they can pinpoint administrative users and data stores.

2. Look for a “normal” user performing administrative tasks. 

By using native tools on computers and servers, hackers can stay under the radar for much longer than if they were to use known attack tools. Anti-virus software should pick up on malware and attack tools, but not normal administrative tools. Determining who the admins with the organization are can significantly lessen the worry. Active Directory aids in establishing user roles and privileges with which you can then use to see the applications and devices used by administrators or that are managed by administrators. Awareness about what the administrators within the organization are using, should make it easier to spot when an attacker is looming in the background.  If a hacker takes control of a administrator machine and begins performing tasks, you’ll be able to identify if this is normal or suspect activity.

3. Look for a device using multiple accounts and credentials to access network resources. 

Hackers, both internally and externally, generally steal user account information or generate fake accounts in order to gain access to the network. In order to spy indicative markers of of attack activity, analyze credential usage. Make sure to monitor network traffic and analyze log from the authentication and authorization infrastructure in your network. Extract data and look carefully to see how many systems each user interacts with, and monitor abnormalities.

4. Look for an attacker trying to find valuable data in file servers. 

By figuring out what Windows file shares are accessible, attackers hunt for important data such as intellectual property and banking information, or once they find important data they will encrypt it and the rest is history. A valuable signal would be to spot abnormalities in file share access. This is a preventative measure for spotting both hackers and employees considering insider theft.

5. Look for the command and control activity or persistent access mechanisms. 

Keep an eye on outbound communication. Attackers need to be able to communicate between the Internet and endpoints they control within your network. There could be malware and Remote Access Trojans in your network, so be mindful of indications of malicious software phoning home.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:Five signs an attacker is already in your network

Threats That Are Spoofing Mobile Enterprise Apps

Nicht jede App ist vertrauenswürdig. Manche installieren Schadsoftware, andere klauen Dokumente oder Passwörter. Von diesen sollte man besser die Finger lassen.

Malware has taken to mobile applications, namely those in the enterprise. Enterprise employees use mobile applications to share data, send packages, manage email, and otherwise juggle the needs of a functioning business. Spoofing applications such as Cisco’s Business Class Email app, ADP, Dropbox, FedEx Mobile, Zendesk, VMware’s Horizon Client, and Blackboard’s Mobile Learn app, makes for very dangerous territory. These spoofed applications are nearly identically to the real counterpart, without serious knowledge of information technology you would never know that the FedEx app you are using is really malicious malware. By impersonating these types of enterprise applications, using the brand and packaging name, unsuspecting users become the host of dangerous malware.

Shuanet is a family of malware that automatically roots a device and installs itself on the system. After Shuanet installs itself on the system it proceeds to install more applications without the permission of the user. These applications are pushed to the phone with the intention to continue installing even more applications and more opportunities to fill the unsuspecting device with malware. With each installation of more applications comes aggressive marketing tactics to try to get a user to bite. Rooted devices are essentially in an altered state, when a device is rooted it is usually for the gain of customization, however in order to remain secure one must know how to configure the security, if they do not configure the device properly the device will no longer receive important software updates. Factory resetting a device infected with malware that installs itself on the system partition, such as Shuanet, will not wipe the malware completely from the device. Apps like these continue to download applications that also house malware, which only adds fuel to the fire.

Examples of apps it spoofs: ADP Mobile Solutions, CamCard Free, Cisco Business Class Email (BCE), Duo Mobile, Google Authenticator, VMWare Horizon Client, Zendesk, Okta Verify.

AndroRAT is another family of malware spoofing enterprise applications. Originally AndroRAT was developed by university students for a class project. It was used as a remote administration tool, as it allows a third party to control the device. Well controlling the device also means allowing the software to collect information from the device such as contacts, call logs, text messages, audio from the microphone, and even device location. Not exactly a comforting piece of information. Hidden remote access software allows attackers the ability to control the device and extract data with nearly nothing standing in their way. Most compromising to the enterprise is the continued remote access to a mobile device. This mobile device is carried throughout the day and it is only a matter of time before the device connects to a business network, allowing an attacker to infiltrate Wi-Fi networks and VPNs.

Examples of apps it spoofs: Dropbox, Skype, Business Calendar

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:5 active mobile threats spoofing enterprise apps

Businesses Beware- FBI warns Ransomware is on the rise

ransomeThe FBI released statements of warning this week about the rapid growth of ransomware attacks. As attacks become more frequent and sophisticated, it is crucial that businesses are proactive about ransomware prevention. The influx of attacks against hospitals has made ransomware a major threat to the U.S. healthcare industry this year and will only continue without proper protection.

Years prior, ransomware was delivered through email. Now that email systems have evolved, and spam settings have become more sensitive, cyber criminals have stepped away from email delivery. Seeding legitimate websites with malicious code and taking advantage of unpatched software on end-user computers, there is no need for an individual to click on a link in order to be infected. In a usual email attack, a user may see an email addressed to them and open it. Unsuspectingly clicking on the attachment that appears no different than any other attachment, the malware code is then able to access the victims machine and the rest is history.

Once the machine has been infected, the malware begins encrypting the files and folders on local drives, including attached drives, backups and even other computers on a shared network. As seen many times this year, organizations are often unaware of the attack until they are unable to open their files and retrieve data. Sometimes organizations are not made aware of the encryption until messages start to display ransom payment in exchange for a decryption key.

Whether or not to pay the ransom is still under debate. The FBI does not encourage payment, only because paying the bitcoin does not guarantee the safe return of sensitive data. Morally, payment would be frowned upon, as it is most certainly funding illicit criminal activity and encouraging more attacks. However, it is understandable why many have been forced to pay, simply put businesses need their data in order to survive. Unfortunately ransomware criminals know that all too well.

Prevention Measures 

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

If you would like to educate yourself in more detail about the information presented in this blog post please visit: FBI: Ransomware threat at all-time high; how to protect company jewels

What to do if you suspect Malware? We have the answers

Most often one does not know that they are infected with Malware until it is indefinitely too late. A few signs can lead you too believe you might be infected, such as incredibly slow PC performance, browser pop-ups when no browser is open, and security warnings from security programs that have never been installed on your computer, can make you feel uneasy about your machine. Try these tools to kick Malware in the butt. malware-microsoft

Update Antivirus

The software IDs within antivirus software identify existing malware based on what has come before and the latest updates available. Make sure your antivirus software is current, with all of the latest installs. Having software that is even one day out of date leaves your machine at risk for encryption. Antivirus vendors offer updates based on viruses they encounter both in the lab and in the field.

Find Safe Mode

Most malware, when designed correctly, is ready to evade System Restore points set in Windows. Perhaps this might be enough to fix the problem, but say that its not, as it most likely won’t be, try running a program designed to kill any known malware process in progress, such as RKill. The other option in this case is to boot Windows in a way that will not allow malware to get started, aka Safe Mode. By first restarting your PC (Windows 8 or 10), hold down the shift key during the boot sequence, and choose Safe Mode within the troubleshooting options.

Delete Hiding Places

You should then delete all temp files that could hide malware. To delete temp files, open the Start menu, type Disk Cleanup into the search bar and it will check the C:drive for all temp files that can be safely deleted. The software IDs within antivirus software identify existing malware based on what has come before and the latest updates available. Make sure your antivirus software is current, with all of the latest installs. Having software that is even one day out of date leaves your machine at risk for encryption. Antivirus vendors offer updates based on viruses they encounter both in the lab and in the field. After this process it is advised that you run an antivirus on-demand scanner, such as Malwarebytes Anti-Malware. This program is a great line of second defense against malware because it often comes to the rescue if your initial antivirus fails.

No Connection

A RAT, means that someone is remotely accessing your PC. Your first step in this case is to get off the internet. Turn off the Wi-Fi, remove the Ethernet cable, turn off the router, whatever needs to be done in order to detach from the internet. Now, being disconnected from the internet ensures that you are no longer able to be controlled, but it makes it a great deal harder to receive the latest antivirus without access to the internet. The latest software will need to be retrieved from a third party PC, at a different location preferably, then transferred to the RAT PC via USB flash drive. Another option would be to reboot the computer with a CD. Running a full anti-malware utility, these CDs are sometimes called “rescue CD” and can be used without internet connection. Of course, in order to use this option, a CD player will be necessary.

Portable Help

If all other options have failed, it may be the Operating System that has already been infected, making it impossible to even download the newest antivirus software. In order avoid the OS and let the antivirus do its job, you will need to utilize portable apps through a USB flash drive. These portable apps do not require a direct installation. Apps like this consist of Microsoft Safety Scanner, CLamWin, McAfee Stinger, or Kaspersky Security Scan. You can also try a mix of many portable apps since they will not conflict as you have to run each scan individually. There are also other software options such as Spybot and Symantec’s Norton Power Eraser that specifically target a type of malware called crimeware, that run scams. Although this is measure is aggressive, and often times deletes files that might not be malware, all in the effort of safety of course.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: How to Remove Malware From Your PC

DDoS Attacks are Making Cybercriminals Very, Very, Rich

Actually, $100,000 richer to be exact.

By sending just an email, the group called Armada Collective is easily shaking down companies and pulling in the cash. Distributed denial-of-service, better know as DDoS attacks, consist of little technical experience other than causing a website to crash by flooding it with traffic. Usually the threatening email alone is enough to get companies to pay up in Bitcoin.

This is not the first time we have heard of the Armada Collective group. Back in 2015 they became nonactive, and in 2016 alleged members were arrested. It is believed that a separate group has decided to use the Armada name in order to capitalize on previous DDoS presence.

The email looks something like this:

Capture

Over 100 businesses have received the email threats according to CloudFlare CEO Matthew Price. However, not one case of Armada actually launching a DDoS attack has been reported. Price weighs in by saying, ” In fact, because the extortion emails reuse Bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundred of thousands of dollars in extortion payments. ”

The Bitcoin fee ranges between 10-50 Bitcoin which is about $4,600-$23,000. There seems to be no rhyme or reason to how the collective determines Bitcoin amounts per company.


If you would like to educate yourself in more detail about the information presented in this blog post please visit: How cybercriminals earned $100,000 just by sending a DDoS threat email