Showing posts from March, 2017

5 Cyber security Strategies your Businesses must Implement in 2017

Despite the prominence of cyber-attacks nationally, from politics-to-healthcare, most companies are doing little to protect themselves from hackers. According to Symantec, there were more than 429 million identities exposed in 2015 alone. Companies are at a higher risk of breaches now more than ever – 2016 breaches increased 40 percent from the last year.

If a business is hacked the consequences can be devastating. The National Cyber Security Alliance says that 60 percent of small businesses hit by a cyber attack go out of business in six months. Now more than ever before, it’s crucial that employers keep cyber security top of mind.

Here are five cyber security strategies businesses need to implement for 2017. These tips can also be applied to your personal information as well.

Refresh Your Data
Keeping data clean is a big commitment that requires regular data entry, a consistent style format, and constant monitoring. Having up-to-date, relevant, and properly formatted data means you …

Gmail phishing attack sees criminals hack

A newly-detected Gmail phishing attack sees criminals hack and then rifle through inboxes to target account owners' contacts with thoroughly convincing fake emails.

The new attack uses the file names of sent attachments and applies that name into new attachments that appear to be PDFs but are actually images that, when clicked, send victims to phishing pages.

Suitable subject lines stolen from sent emails are applied to the new phishing emails, making the mischievous messages more legitimate.

Even the URL to which the attachments point is crafted to appear legitimate, bearing the domain, says WordFence chief executive officer Mark Maunder who reported the attacks.

"You are probably thinking you’re too smart to fall for this: It turns out that this attack has caught, or almost caught several technical users who have either tweeted, blogged or commented about it," Maunder says.

"It is being used right now with a high success rate … this technique can be us…

Researchers Hacked A MacBook Pro And Hijacked Its Touch Bar

When they launched their new MacBook Pro last year, Apple revealed one of the biggest design changes ever to their top-of-the-line laptop. They ripped out all the function keys at the top of the keyboard and replaced them with a thin, touch-sensitive display: the Touch Bar.

The Touch Bar lets you interact with Mac apps in ways that weren't possible before. It also presents a unique target for hackers to go after when they set their sights on attacking your MacBook.

At this year's installment of Pwn2Own, a hacking competition that's been taking place since 2007, the duo of Samuel GroƟ and Niklas Baumstark did exactly that. They attacked a Safari on a MacBook Pro to gain deeper access to Mac OS, and then used that access to hijack the Touch Bar.

They didn't do anything too insidious, as you can see. After gaining control, they scrolled a message across the Touch Bar announcing their triumph.

It's not hard to imagine cybercriminals doing something much nastier if the…

Early warning system for mass cyber attacks

Mass attacks from the Internet are a common fear: Millions of requests in a short time span overload online services, grinding them to a standstill for hours and bringing Internet companies to their knees. The operators of the site under attack can often only react by redirecting the wave of requests, or by countering it with an exceptionally powerful server. This has to happen very quickly, however.
These mass cyber attacks, known as "Distributed Denial of Service" (DDoS) attacks, are considered to be one of the scourges of the Internet. Because they are relatively easy to conduct, they are used by teenagers for digital power games, by criminals as a service for the cyber mafia, or by governments as a digital weapon. According to the software enterprise Kaspersky, some 80 countries were affected in the last quarter of 2016 alone, and counting. Last October, for example, several major online platforms such as Twitter, Netflix, Reddit and Spotify were unavailable to Internet u…

SpaceX is pushing hard to bring the internet to space

For months, SpaceX has been quietly meeting with the FCC to advocate for one of its least-known projects. According to recent disclosures, the company met with FCC officials twice in recent weeks: first with a wireless advisor on February 28th and again on March 10th with Chairman Pai himself. The same two topics came up at each meeting: the first was a stalled proposal to ease the regulatory demands on commercial space launches. The second was far more ambitious: SpaceX is seeking a license for a lucrative, globe-spanning satellite network that would bring terrestrial internet into space. Musk didn’t attend either meeting, but SpaceX president and COO Gwynne Shotwell was there in his place. (SpaceX declined to comment beyond its public filing.

Musk has been batting around the idea of a "space internet" for years, initially proposing it as a way to connect SpaceX’s Martian colonists. In the near-term, the system can be adapted to deliver easy, continuous access to base stat…

Hacking through the years: a brief history of cyber crime

Cybercrime is often thought of as a type of modern warfare, but hacking practices have been around longer than you might expect.

Early telephone calls
In the early days of telephone calls operators were required to connect customers through switchboards. The first operators were teenage boys, the logical choice as they had operated the telegraph systems that came before. In practice, they proved a bit too unruly and were more interested in getting to know how the system worked and playing practical jokes than in making proper connections. In 1878, two years after the telephone had been invented by Alexander Graham Bell, the Bell Telephone Company was forced to kick a group of teenage boys off the telephone system in New York for repeatedly and intentionally misdirecting and disconnecting customer calls. From then on the company chose to only employ female operatives.

Wireless telegraphy
The discovery of electromagnetic waves in the late 19th century paved the way for Gugliel…

How to Prevent DDoS Attacks on a Cloud Server Using Open Source Software

A Distributed Denial of Service Attack (DDoS) is, unfortunately, an increasingly common form of premeditated attack against an organization’s web infrastructure.

Typically, it involves using multiple external systems to flood the target system with requests with the intention of overwhelming the system with network traffic. These attacks work because an unprotected system may find it difficult to differentiate between genuine traffic and DDoS traffic.

If you are using a Virtual Private Server (VPS) or Cloud Server, then this article will help you understand which open source software you can use to prevent DDoS attacks.

DDoS Deflate

DDos Deflate is a lightweight open source shell script that you can easily implement on your server and configure to mitigate most DDoS attacks.

Here are some of the features of DDoS Deflate:

It can automatically detect rules within iptables or an Advanced Policy Firewall (APF).
Ability to block IP addresses temporarily (the default setting is 30 mins).

What the CIA WikiLeaks Dump Tells Us: Encryption Works

If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works, and the industry should use more of it.
Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks.
"We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption," said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago."
Four years ago is when former NSA contractor Edward Snowden …

US-CERT Warns HTTPS Inspection May Degrade TLS Security

Recent academic work looking at the degradation of security occurring when HTTPS inspection tools are sitting in TLS traffic streams has been escalated by an alert published Thursday by the Department of Homeland Security. DHS’ US-CERT warned enterprises that running standalone inspection appliances or other security products with this capability often have a negative effect on secure communication between clients and servers. “All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected,” US-CERT said in its alert. HTTPS inspection boxes sit between clients and servers, decrypting and inspecting encrypted traffic before re-encrypting it and forwarding it to the destination server. A network administrator can only verify the security between the client and the HTTP inspection tool, which essentially acts as a man-in-the-middle proxy. The client cannot verify how the inspection tool is validating certificates, or whether there is an att…

How you can combat SQL and XSS cyber-attacks

Just because it’s an old hat doesn’t mean cyber-criminals give it up. Structured Query Language (SQL) the long-standing international standard for database manipulation, can still be part of a cyber-attack. SQL injection and Cross-Site Scripting (XSS) attacks enables cyber-attackers to inject client-side script, JavaScript, or Hypertext Markup Language HTML into web pages so other users can see them.
JavaScript’s an object-oriented programming language for creating interactive effects in web browsers. HTML’s a standardised system for tagging text files to achieve font, colour, graphic, and hyperlink effects on web pages. SQL injections are common for Hypertext Preprocessor (PHP) applications, usually on Linux servers and with MySQL, and Active Server Page (ASP), Microsoft’s web server technology for creating dynamic, interactive sessions with users. Code Project has a post describes a small, sample code to deal with the vulnerabilities and combat these attacks. It’s available to downl…

Programs that have saved me 100+ hours by automating repetitive tasks

Along the year I've been working on several web platforms where repetitive tasks are usually the norm. From batch optimising a thousand images, to changing from this obscure format to CSV or JSON. What if you need to critically update a file in your client's and you aren't fancy enough to use some kind of continuous integration tool I'll give you some tips and tricks to be productive. 1. PhotoBulk A client comes by, dumps you a folder of 10 GB of pictures in 4000x4000 and each one of them weighs 30MB in JPEG format. The client needs all these images tomorrow on the web page, watermarked and with specific names. As you mop tears from the floor, you read this guide and discover PhotoBulk for Windows and Mac.  Photobook lets you resize, watermark, optimise and rename images in bulk, or in batches. This was one of the main tools that have saved me hours and hours, so I widely recommend it. I know some of this things could be done via console, or via a photoshop action. Bu…

Cybercrime costs the global economy $450 billion: CEO

Less than half of the businesses in the U.S., U.K. and Germany are prepared to deal with cyberattacks, a new report from specialist insurer Hiscox reveals. The Hiscox Cyber Readiness Report 2017, published Tuesday, surveyed 3,000 companies across the three countries to assess their readiness to deal with cyber crime in terms of strategy, resourcing, technology and process. The report found 53 percent of the companies assessed were ill-prepared to deal with an attack, and just 30 percent were rated "expert" in their overall cyber readiness. In 2016 "cybercrime cost the global economy over $450 billion, over 2 billion personal records were stolen and in the U.S. alone over 100 million Americans had their medical records stolen," said Steve Langan, chief executive at Hiscox Insurance, told CNBC. "This is an epidemic of cybercrime, and yet 53 percent of businesses in the U.S., U.K. and Germany were just ill-prepared." U.S. firms are most prepared in case of …