Tag Archive for: harder

Security Breach: Patches, PLCs and Making it Harder for Hackers

/in


Pa

When it comes to assessing the threat landscape for OT cybersecurity environments, the challenge has become less about identifying possible sources of attack, and more about prioritizing them. Protection from external sources gets a lot of attention, and rightfully so. However, another source of these threats, which can be just as detrimental, lies within the walls of your facility.

Joining us today to discuss some of these internal vulnerabilities, and a tremendous report that details them, is Carlos Buenano, the chief technology officer of OT at Armis.

We’re also excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security.

To catch up on past episodes, you can go to Manufacturing.netIEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected]

To download our latest report on industrial cybersecurity,  The Industrial Sector’s New Battlefield, click here.

Source…

How safe are your passwords? Make yours harder to hack on May 4, World Password Day

/in


World Password Day is Thursday, May 4, and although it’s not cause for celebration, you might want to mark the occasion by taking a look to see if you’re the target demographic.

Internet safety is a must, especially when it comes to keeping the safety of your personal accounts uncompromised or avoiding a company data breach.

Making sure your backup accounts are up to date and enabling multi-step security measures are all worthwhile efforts, but the most important step is to make sure you have a strong password. Many people don’t.

How safe is your password?

Are your online passwords safe? Celebrate World Password Day on May 4 by checking their strength.

Are your online passwords safe? Celebrate World Password Day on May 4 by checking their strength.

Compared to data from 2021, 73% of the 200 most common passwords in 2022 remain the same. Eighty-three percent of the most common passwords used in 2022 can be cracked in less than a second, according to a study by NordPass, a password manager for businesses and consumers, that analyzed password data.

What are the most popular passwords?

In 2022, “guest” was the most common password in the United States, followed by “123456.”

The rest of the top 20 are as follows:

  • password

  • 12345

  • a1b2c3

  • 123456789

  • Password1

  • 1234

  • abc123

  • 12345678

  • qwerty

  • baseball

  • football

  • unknown

  • soccer

  • jordan23

  • iloveyou

  • monkey

  • shadow

  • g_czechout

If you don’t see any of your passwords used on this list, congratulations! But you’re not out of the woods just yet.

Sales up in smoke NJ legal weed: Medical marijuana numbers plummeting, so where are patients going?

What do I need to know about creating a safer password?

NordPass found that pop culture heavily influences the passwords people choose around the world, and the most common categories people pull from include fashion brands, swear words, sports, movies, foods, video games, artists and cars.

Weak passwords for apps on your phone or other online accounts can make it easier for hackers to breach your accounts and potentially steal your information.

Weak passwords for apps on your phone or other online accounts can make it easier for hackers to breach your accounts and potentially steal your information.

“Tinder” was used 36,384 times for Tinder users. Creative, right?

We’ll raise that with 8,547,304 appearances from “fish,” 8,118,950 appearances from “kia” and 2,210,441 appearances from “nike.”

“Oscars,” yes, like the coveted award ceremony each year, was used…

Source…

Fixing American Cybersecurity is Harder than it Looks

/in


BOOK REVIEWFixing American Cybersecurity: Creating a Strategic Public-Private Partnership

by Larry Clinton, Editor / Georgetown University Press

Reviewed by Glenn S. Gerstell

The Reviewer – Glenn S. Gerstell is a Cipher Brief Expert and Senior Adviser at the Center for Strategic & International Studies.  He served as the General Counsel of the National Security Agency and Central Security Service from 2015 to 2020 and writes and speaks about the intersection of technology and national security and privacy.

REVIEW — A book describing the difficulty of keeping up with the pace of digital innovation can itself fall victim to that very problem.

This isn’t to say that Fixing American Cybersecurity isn’t an excellent and useful book. It is just that – a thoughtful, well-researched, crisply organized, carefully resourced and insightful description of our current state of cyber insecurity.

Edited and partly co-authored by Larry Clinton, the highly regarded head of the Internet Security Alliance, the book comprises two parts.

The first is a perceptive and intelligent analysis of the American approach to cybersecurity, contrasting it with that of the People’s Republic of China; the second (written mostly by top-notch corporate CISO’s) is a sector-by-sector discussion of the state of cyber vulnerabilities and the mitigations employed in the health, defense, financial services, energy, retail, telecommunications and information technology industries.

Clinton’s starting observation is “[w]e are losing the fight to secure cyberspace, and losing it badly.”  He blames this on our historical approach to cybersecurity:

“The US cybersecurity effort over the past thirty years largely comes down to a series of modest, disjointed, incremental tactics. Unlike the Chinese, we have not operated from a thoughtful, comprehensive strategy that appreciates the extent of the impact digitalization has on everything and leverages our economic advantages, technical expertise and political philosophy in a pragmatic effort to secure our nation.”

Stay on top of what’s top of mind for cyber experts from the public and private sectors by subscribing to The Cyber Initiatives Group

Source…

Phones May Become Harder to Hack ButTotal Security is a Myth 

/in


Let’s just get things out of the way. There is no such thing as a secure, hundred-percent hack-proof network device. At least, not yet. However, that did not stop Apple from testing this theory most recently. The tech giant announced a specialized additional protection layer for its customers who are worried about cyberattacks.

Particularly customers who are worried about state-sponsored cyberattack software such as Pegasus. Apple calls it Lockdown Mode. In short, it is an added layer of protection that turns off possible points of invasion, but it seriously limits the device’s usability.

Let’s see where the supposed future of total digital security is faring.

What is Lockdown Mode?

Lockdown Mode is a feature on the newest iPhones that will be released this fall with the new iOS 16, iPadOS 16, and macOS Ventura. According to Apple, Lockdown Mode is an extreme, optional security layer for specific users whose digital privacy needs extra protection.

Apple itself cited the NSO Group, which developed Pegasus, as an example. The company mentioned that these users could feel threatened because of the work they do or the kind of life they lead, which will cause them to be targeted by state-sponsored spyware. 

Think, journalists, and political and human rights workers that have been targets of state-sponsored attacks and violence across the world. 

The feature is essentially a more simplified operating system and needs to be turned onmanually from the phone’s settings. Once selected, a reboot initiates the device in Lockdown Mode.

But this added simplicity comes at a cost, namely, convenience and performance. Navigating webpages with Lockdown Mode turned on feels drastically slower and janky as per initial hands-on reviews on the feature. 

Preemptive compilation of webpages with the help of Just In Time JavaScript is turned off in Lockdown Mode, making webpages load much slower. However, this exception can be manually deselected for trusted websites.

Certain Apple services will be restricted too such as incoming invites and service requests for FaceTime calls unless the receiver initiated the call or sends a request. Messages will block link previews and will block…

Source…