Tag Archive for: Don’t

Don’t ignore the Apple security updates

/in


This week, Apple warned customers of security flaws in its devices which could allow hackers to take complete control of a person’s devices. Experts say this exploitation is something to take seriously.

“This is not just kind of a run-of-the-mill bug that maybe you’re hoping your malware program is going to screen out,” Scott Shackelford, Executive Director at IU’s Center for Applied Cybersecurity Research, said.

Apple acknowledged hackers could get into phones and computers and take complete control which is why immediately patching the device is so important.

No one knows when the vulnerabilities were exploited, and Apple has not released how or by whom the issues were discovered.

“There are types of vulnerabilities that nobody knows about until they are actually released,” Mark Ostrowski, Head of Engineering at Check Point, said. “Those are the dangerous ones that you want to be sure you patch right away.”

Cybersecurity experts say it’s important people have turned the automatic patches on within the phone or computer’s settings.

“The issue is, not everybody has those automatic patches turned on or we keep clicking remind me later and as a result, these systems remain vulnerable, usually for some time,” Shackelford said.

Ostrowski said this recent security flaw does not automatically victimize a user.

“You would still have to fall victim to a phishing attack where you’re providing information or going somewhere that someone is luring you to, or I would have had to have gone to a malicious website for this vulnerability to actually take action,” Ostrowski said.

Apple said those with iPhone 6s and later and many iPad models should all immediately patch their devices. Experts advise everyone to keep an eye on their accounts.

Source…

Just Because You Don’t See Hackers, Doesn’t Mean They’re Not In Your Network

/in


David Schiffer is the CEO of RevBits and formerly of Safe Banking Systems (SBS). RevBits develops cybersecurity software for organizations.

An enterprise trying to protect its digital resources from hackers is in some ways like a ship trying to avoid an iceberg. What you see above the waterline may appear unscathed from malware, ransomware and the fileless breaches we read about every day. However, underneath may lurk malicious activity and dozens, if not hundreds of hacking attempts that at some point will successfully breach business operations.

While the enterprise tries to navigate what it can easily view on the surface, bad actors may have already penetrated the corporate network, lying in wait for the opportune time to unleash their payload.

Cybersecurity must be as agile as today’s workforce. It must ensure continuous and consistent protection and an optimal user experience, regardless of where users and devices are located. Disparate, siloed technologies with different configuration and management dashboards cobbled together create security gaps, visibility blind spots, and slow mitigation and recovery.

From a security standpoint, the massive base of the iceberg represents the amount of cybersecurity risk organizations face as they expand their computing perimeter. It also characterizes the growing amount of network and security device sprawl organizations adopt to protect their business resources and data. Just as difficult as it is to navigate around the unseen part of an iceberg, planning and navigating the security technology required to support an enterprise has many of its own challenges.

When It Comes To Cybersecurity, You Can Never Be Too Safe

Organizations that have a culture based upon “it’s always been done this way” are vulnerable due to their lack of vigilance. This mentality can establish a reluctance to change, placing them in a position of unnecessary risk. Those who deploy diverse security products often become complacent, thinking they’re fully protected from cybersecurity incidents.

The money involved in ransomware demands is growing the attraction to this type of cyberattack. The entry of organized crime and state-sponsored…

Source…

Hack Post-Quantum Cryptography Now So That Bad Actors Don’t Do It Later

/in


In February, a researcher sent a shock wave through the cryptography community by claiming that an algorithm that might become a cornerstone of the next generation of internet encryption can be cracked mathematically using a single laptop. This finding may have averted a massive cybersecurity vulnerability. But it also raises concerns that new encryption methods for securing internet traffic contain other flaws that have not yet been detected. One way to build trust in these new encryption methods—and to help catch any other weaknesses before they are deployed—would be to run a public contest to incentivize more people to look for weaknesses in these new algorithms.

 The new encryption algorithm that was just cracked was designed to be secure against quantum computers. A large-scale quantum computer may eventually be able to quickly break the encryption used to secure today’s internet traffic. If internet users don’t take any countermeasures, then anyone in possession of such a computer might be able to read all secure online communications—such as email, financial transactions, medical records, and trade secrets—with potentially catastrophic impacts for cybersecurity that the U.S. National Security Agency has described as “devastating to … our nation.”

 One defense against this future threat is post-quantum cryptography or PQC—a set of new cryptography algorithms that are expected to resist attacks from quantum computers. Since 2015, the U.S. National Institute for Standards and Technology (NIST) has been evaluating algorithms to design a new standard for this type of cryptography, which will likely be adopted eventually by communication systems worldwide. Although quantum computers powerful enough to threaten encryption are unlikely to arrive before 2030, upgrading to PQC will take years and cost billions of dollars. The U.S. government considers the swift and comprehensive adoption of PQC across its own communication systems to be an important national security imperative: Over the past two months, the White House has issued a National Security Memorandum directing all federal agencies to begin preparing for the transition. And related bills have

Source…

WhatsApp boss warns users: Don’t download this app

/in


Issuing a stern warning to users, WhatsApp has asked them to beware of the fake versions of the messaging app. The instant messaging app’s CEO, Will Cathcart has urged users on Twitter to not use the modified version of WhatsApp as they could end up in big trouble by doing so.

Stating that the security research team of the company found some malicious apps that claim to offer services similar to WhatsApp, Cathcart warned that apps like “Hey WhatsApp” from a developer called “HeyMods” are dangerous and people should avoid downloading them. 

He further said that the company’s team discovered that these apps promise to offer some new features to users, but that is just a scam to steal personal information stored on people’s phones.

He said that mobile phone malware is a pernicious threat that must be countered and the security community continues to develop new ways to prevent it from spreading.

Do keep in mind that the modified or fake versions of WhatsApp can offer features similar to WhatsApp but they don’t offer the end-to-end encryption feature that you get with the original version of the messaging app. This helps protect your chats and personal data, so no one can access your details, not even WhatsApp.

The new fake version of WhatsApp is not visible on Play Store, but users who try to download the apps…

Source…