A business is always at risk of being destroyed, be it online or offline. According to a study by 1&1, 67 percent of people confirmed that someone they know has had information stolen from them while online. In order to prevent your business from joining this statistic, there are several features you should look for when considering your network’s security.
It’s the holiday season… for everyone but Sony, at least. The tech/entertainment supergiant has been experiencing a ton of security issues lately. Last month, someone hacked into Sony’s databases and stole a lot of information (including unreleased movies, which were later released to the world). This December, it was revealed that Sony stored their passwords in a folder on their server titled “Passwords.”
The Internet is infested with threats of all kinds, some of the most annoying are bots. These consist of systems which potentially gather information from a variety of sources. While primarily used by search engines to gather data from websites (these are the good kinds), there are others who may have fallen into the hands of hackers which steal information or send spam.
‘Tis the season for technology vulnerabilities and exploits. In addition to Sandworm and Cryptowall 2.0, another flaw has been found in Microsoft Office. This particular threat allows a hacker to gain control of a computer system, making it a dangerous and potentially threatening gamble for your business to ignore it. Thankfully, the issue has been patched, and the fix is now available to the public.
It doesn’t take much to disrupt your company’s network and cause downtime. Whether it’s from something major like a natural disaster, or something minor like forgetting your network login credentials, you need to have a plan in place that gets your network up and running as soon as possible. Here are three common scenarios that you need to plan for.
It’s flu season, and just like office workers around the country are taking preventive health measures like stocking up on tissues and vitamin C, so too are IT technicians doing everything they can to stop the spread of computer viruses on their company’s network. Although, unlike the flu, computer viruses are more than a seasonal threat.
A while back we discussed the POODLE vulnerability found in SSL 3.0 SSL encryption technology. This vulnerability is found in all operating systems, as it is found within the web browser’s abilities to process SSL encryption. Thankfully, major companies are stepping up to tackle the issue, and Microsoft has released a basic solution to fix the vulnerability in Internet Explorer.
The POODLE vulnerability itself is used to obtain information encrypted with SSL technology by analyzing web traffic. This technique is used to steal information such as credit card numbers, Social Security numbers or other private information. In non-tech speak, SSL (Secure Socket Layers) is an encryption protocol used to keep data safe on the web through security certificates. This method of encryption has long since been replaced by the more secure protocol TLS (Transport Layer Security), but several systems will revert back to their old SSL certificates in the event something has gone wrong with their TLS. TLS isn’t vulnerable to this issue, so in theory, a hacker could force their way into a network, exploiting the traffic coming in and out of the network for any worthwhile information.
According to the Microsoft security advisory, hackers exploit a man-in-the-middle attack to take advantage of this vulnerability:
In a man-in-the-middle (MiTM) attack, an attacker could downgrade an encrypted TLS session forcing clients to use SSL 3.0 and then force the browser to execute malicious code. This code sends several requests to a target HTTPS website, where cookies are sent automatically if a previous authenticated session exists. This is a required condition in order to exploit this vulnerability. The attacker could then intercept this HTTPS traffic, and by exploiting a weakness in the CBC block cipher in SSL 3.0, could decrypt portions of the encrypted traffic (e.g. authentication cookies).
Due to the nature of POODLE as a design flaw, it’s not something that can easily be patched. Therefore, most experts are saying that you’re better off disabling SSL 3.0 for their web browsers. Most servers don’t rely on SSL 3.0 anymore, which makes it obsolete. In fact, most major browsers are looking to disable SSL 3.0 completely within the next few months. Firefox is fixing the issue with the November upgrade, while Google is working to disable SSL 3.0 on all of its products. This makes the vulnerability obsolete for two of the biggest browsers, but what about Internet Explorer?
Though not everyone believes them, we all know about the horror stories of the spirits of the dead that linger in this world, haunting locations where no one dares to tread. Every culture, though their beliefs vary, contains them to some degree. Their purpose is unknown, and they are thought to be caused by unfulfilled desires or regrets. But regardless of whether or not you believe in them, you better believe that your business can very well be haunted by ghost servers.
As a business owner, you want to take every precaution against the latest threats that can affect your way of life. An updated threat called Cryptowall 2.0 (previously known as Cryptolocker) has been cut loose by malware developers, and it's capable of dealing irreparable damage to your business's network and data. This spear-phishing variant has the power to grind your network's files to dust, and in turn, your productivity.
In a survey by Cyber-Ark, close to half of employees interviewed admitted that if they were fired tomorrow, they would take with them their former company's proprietary data. This is a shocking revelation considering how much you trust your current staff, maybe even to the point of referring to them as "family." What can you do to protect your business from a former employee with ill intentions?
We've got yet another major data breach to report that affects millions of users, this one of a very personal nature. This week, it was revealed that Chinese hackers compromised 4.5 million medical records from Community Health Systems, a hospital network with 206 facilities in the United States. Ask your doctor today if identity theft prevention is right for you.
Yes, you read that title right. If your WiFi isn't protected, you can be hacked by the furry little creature that wanders around your backyard when you're not home. Coco, a Siamese cat from Washington, D.C., was able to discover dozens of weak or unprotected WiFi networks in his neighborhood with his high-tech collar.
Your office is likely full-to-bursting with devices utilizing USB technology. It's been a popular way to connect external devices to PCs since the 1.1 version was released in 1998. However, it may be the technology's popularity that will cause its downfall as hackers develop ways to use the device to their advantage.
All of the recent vulnerabilities and bugs over the past few months, such as Heartbleed, GameOver Zeus, and the zero-day Internet Explorer vulnerability have many people thinking - just how strong is antivirus in the face of such threats? Symantec told The Wall Street Journal their opinion on the subject: Antivirus is "dead."
Smartphone users routinely cycle out their old device for a new one every two years or so. When it's time to upgrade, many users see an opportunity to sell their old phone for extra cash. However, a device that's improperly wiped of its data could lead to identity theft if the data is recovered by the new owner.
On Saturday, July 21st 2014, the Hackers on Planet Earth (HOPE) conference took place in New York City. It's a place where hackers discuss ways to improve the society in which we live. One of the more controversial panelists, Edward Snowden, has suggested hackers pool their efforts into creating anti-surveillance technology to decrease government espionage.