Tag Archives: Cybersecurity

US forms dedicated office to help avert cyberattacks at infrastructure

The vulnerability of critical infrastructure, including energy grids, to cyberattacks has been a growing concern worldwide. Many nations have been scrambling to improve their defenses vis-à-vis threats faced by services that are critical to the continuity of our daily lives.

The post US forms dedicated office to help avert cyberattacks at infrastructure appeared first on WeLiveSecurity

Read More

Chatbots and AI -are they dangerous?

In order to better serve customers, businesses are increasingly reliant on Artificial Intelligence (AI). These computerised systems collect information about customers, and then try and apply it to solving business problems.

AI is proving to be particularly helpful in the area of customer service. By monitoring conversations with customers, AI systems begin to detect patterns of behaviour that can be used to predict questions or problems in advance. Customer service agents can use these insights to “fix” issues more quickly, and to deliver a better quality of service to clients.

AI and chatbots – a match made in customer service heaven

Online retailers are also looking for ways to improve the shopping experience by making it easier for customers to access the information they need. Many are now using “chatbots” – automated systems that can answer questions in a text chat window on the website.

Initially chatbots are pretty dumb – they can only answer specific questions, which have to be worded exactly right or the system doesn’t understand. But when backed by AI, the system becomes much cleverer.

AI can be used to “learn” how customers think, and to answer vague questions. The more the system learns, the more questions it can answer, more quickly.

Good technology can be misused

Unfortunately AI and chatbots can be used for evil too. Because AI Is specifically designed to better understand us as individuals, it is an ideal tool for identity thieves. The more they know about you, the easier it is to impersonate you.

As a result, shoppers need to be extremely careful about the websites that they visit, and the systems they interact with. Talking with a malicious chatbot could be as dangerous as entering your credit card details into a phishing website.

As AI matures and becomes cheaper to operate, we expect to see more examples of criminals misusing the technology to commit more identity fraud-based crimes. Over time, these systems may even be able to pull together data from multiple sources, like your Facebook profile, as well as using information supplied to fake chatbots.

The more information the AI can access, the more detailed a picture hackers can build of you, your preferences and interests. Which means that when they do try and exploit your data, their efforts will be much more convincing – and likely to succeed.

How to protect against fake AI and chatbots

To help stay aware of these dangers, and to prevent being tricked my malicious AI and chatbots, you should install a robust anti malware toolkit like Panda Gold Protection. Not only will this help keep your computers virus free, but it will also alert you whenever you visit a dangerous site – or even block access completely.

Take a step towards protecting yourself today by downloading a free trial of Panda Security – you won’t regret it.

The post Chatbots and AI -are they dangerous? appeared first on Panda Security Mediacenter.

Read More

6 Things We Should Have Learned in 2017

This past year we bore witness to the sophistication of cyberattacks and their vertiginous growth. If we look at what happened in security in 2017, there are quite a few lessons that we should heed to, especially for businesses. These six lessons will help us to avoid making the same mistakes this year.

  1. Our response to incidents is as important as preventing them

One of the most important events of last year was the Uber incident. It came to light that Uber had concelead the fact that data corresponding to 57 million users had been pirated at the end of 2016. As the Uber CEO acknowledged, the criminals downloaded a database from servers used by Uber containing the personal information of users (name, email, and phone number) and data relating to 600,000 drivers in the United States. To prevent the attack from coming to light, the company paid the hackers $100,000.

The data theft at Equifax was the biggest hack of sensitive personal data in history. An organized group of cybercriminals took advantage of a security breach within their web application to steal information on 143 million customers, taking their social security numbers, postal addresses and even driving license numbers.

Whereas failure to notify users of the breach led to some legal entanglement for Uber (made worse by their payout to hackers), in the case of Equifax, their inconsistent statements about the vulnerability and their post-breach lack of commitment to consumers demonstrate a highly unprofessional approach.

To avoid situations like these, it is crucial for security updates to be a part of your business strategy — and notifying authorities, though unpleasant, should always be the first step to take after a breach. What happened at Uber can also teach us another lesson: sharing credentials via code is not such a great idea. This bad practice is what gave hackers access to the servers, having obtained the credentials thanks to the code that Uber developers published on Github.

  1. Attacks are not just a matter of malware

Not everything is ransomware (although, if you follow cybersecurity in the media, it may sometimes feel that way). With malwareless attacks, attackers assume the identity of the administrator after having obtained their network credentials using non-malicious tools on the company’s devices. Malwareless attacks are sure to be a trend in 2018, so we would do well to learn from these cases.

PandaLabs detected a case in which the attackers used Sticky Keys to sneak through the back door, accessing the computer without entering credentials. This remote access can then be monetized by generating online traffic that can be sold to third party websites or by auctioning access to the compromised machines. Another example is the use of Powershell for cryptocurrency mining.

To combat these attacks, advanced tools combined with Threat Hunting methods based on user behavior are essential. Monitoring the corporate network in real time and giving visibility to the activities in the teams, we can discover what legitimate tools are being violated and protect our companies.

  1. Secure passwords do not have to be hard to remember

Despite the suggestions of Bill Burr, which for years governed the policy of password creation in the online environment, a secure password should not be difficult to remember. This year we learned that even those that combine alphanumeric, uppercase and lowercase, and special characters can often be guessed by a computer. Given that human behavior is predictable, computer algorithms allow cybercriminals to detect weaknesses and patterns, and with them they manage to decipher our passwords.

In 2017, we witnessed a radical change in the recommendations of the National Institute of Standards and Technology (NIST) to create a secure password. Now we are encouraged to use compound sentences with random words that are easy for us to remember; that way, a bot or a computer can not crack the password by means of countless combinations. The password, then, can still be easily remembered by the user, but it will be difficult for a cybercriminal to decipher it.

  1. The malware tries to go unnoticed

Malware is growing exponentially. PandaLabs registered 15,107,232 different malware files that had never been seen before. Only a small part of ¡ total malware is truly widespread. That is, most malware changes every time it infects, so each copy has a very limited distribution and always tries to go unnoticed.

Having a limited life, the malware attacks the smallest possible number of devices to reduce the risk of being detected. In this sense, it is essential to choose an advanced cybersecurity platform to recognize and respond to attacks in real time.

  1. Be quick to implement patches

When it comes to patches, it’s never too early. The idea is to implement a method of action according to the characteristics of the architecture of our company (its systems, services and applications) in which we evaluate the implications of patching >(or failing to patch). Once this is taken into account, acting quickly is essential. Equifax, to give just one example, was first attacked in May 2017 because they hadn’t patched a vulnerability detected in March.

  1. Neglecting Shadow IT can be very expensive

The systems, solutions and devices used in a company, but which have never been explicitly recognized by the organization, are known as Shadow IT. This enemy in the shadows represents an overwhelming number of blind spots for the security of the company, since it is very difficult to protect something whose existence we aren’t even aware of. According to an EMC study, annual losses caused by Shadow IT reach up to 1.7 trillion dollars. Therefore, it is necessary to design affordable policies that cover the needs of workers, preventing them from resorting to unauthorized solutions. Prioritizing security awareness and evaluating why users turn to applications and tools not provided by the company could even help to improve workflows.

To start the year on the right foot, we can take 2017, internalize it, and move forward. External threats continue to grow, so our attention to basic tasks and lessons learned should do so in turn.

The post 6 Things We Should Have Learned in 2017 appeared first on Panda Security Mediacenter.

Read More

What will 2018 bring to the world of cryptocurrencies?

With the vast amounts of people suddenly becoming millionaires, the chances of you not hearing about Bitcoin are almost nil. The success stories are all over the internet. Even the already rich rap-star 50 Cent added his name to the ever-growing list of Bitcoin millionaires. He claims that over the last few years he has been sitting on a “forgotten” fortune of 700 virtual coins that he made selling his album back in 2014. Is he a smart investor or a lucky guy? No one knows, but the truth is that he is now worth $7 million more than last year. Cheers, 50 Cent, this is what we call a flying start to the new year!

In 2017 Bitcoin managed to become so popular that it is an absolute rarity to live in the western world and not to have at least one friend or a relative who is somehow engaged in cryptocurrency trading. User-friendly virtual money exchanges such as Coinbase started gaining speed making the purchase of cryptocurrency as easy as requesting an Uber ride. People who wanted to invest no longer had to wire money to exchange sites but use a simple app to purchase some of the crypto-gold with a credit card. Last year was also the year that saw Bitcoin increase its value 20 times and become the 6th most valuable currency in the world.

While Bitcoin’s price kept surging, there were a ton of leading economists such as Jamie Dimon, chairman and CEO of JPMorgan Chase, and billionaire investor Warren Buffett, who said the crypto-world might be doomed. Jamie called it a fraud and Warren kept warning everyone that the craze over Bitcoin and other cryptocurrencies won’t end well. Even Jordan Belfort, also known as the real Wolf of Wall Street and the man who predicted the 2008 financial crisis, called Bitcoin a “huge danger.” Things are never perfect, Bitcoin lost half of its gains but still managed to close 2017 about ten times more valuable than it started it.

Love it or hate it, there is no doubt, 2017 was the year of Bitcoin! Over the last 13 months, Bitcoin has been a subject of enormous attention and is rapidly changing the landscape of the financial world boldly paving the way for other cryptocurrencies such as Ethereum, Ripple, Bitcoin Cash, Litecoin, Monero, and Zcash. While Bitcoin was the primary currency making the news, it’s contenders had a good year too as almost all of them registered even better growth percentages than Bitcoin.

What about 2018?

High volatility and the lack of understanding have been scaring many investors away from the crypto-world. While governments are trying to regulate the market, it still feels like it is the wild west. Exchanges have been prone to hacks, investors have been afraid to jump in due to the lack of regulations and regular folks have been avoiding the crypto-world because of the lack of non-user friendly crypto exchanges. However, things are changing – governments from all over the world are starting to realize that instead of fighting the new currencies, they can tax the transactions and get their piece of the pie. New and stricter laws are making Initial Coin Offerings more and more transparent and regulated, and in 2018 exchanges in the US will most likely be forced to report every account trading more than $20k to the IRS. Exchanges are continually trying to increase security, and there are user-friendly exchanges like Coinbase who are allowing everyday people to participate. Cryptocurrencies will continue to be part of our lives in 2018.

What is the future of cryptocurrencies?

In 2018 we will see more and more governments trying to regulate cryptocurrencies, we will witness the creations of more altcoins, and we will see how Bitcoin’s main competitors Ethereum; Monero; ZCash; and Ripple, try to take a shot at Bitcoin. The new 2018 may be the year that will see Bitcoin being taken down from its throne. This wouldn’t be a first for the tech world – Nokia’s Symbian was the primary modern mobile OS, but later it got overshadowed by better mobile operating systems such as Android and iOS. This might be the case with Bitcoin too. The time will show!

On the other hand, Bitcoin has been known as the gold of the cryptocurrencies. It may stick around, but it won’t be the game-changer technology that will transform the financial world. The cashier at Stater Brothers won’t be happy if you try to pay for the groceries with gold bullions – you will most likely be asked to use a credit card or cash instead. This is what is happening with Bitcoin. Stripe, one of the first firms to help users do financial transactions with Bitcoin, recently announced that they would be stopping the support of Bitcoin payments saying the fees are too high. And people do not blame them for their decision, Bitcoin transaction fees can easily reach amounts of $20+, while transactions with currencies such as Ethereum and Ripple only cost a few bucks.

While governments are desperately racing each other to find ways to regulate the decentralized virtual currencies, they are also exploring opportunities of creating their national cryptocurrencies too. So the next groundbreaking virtual money might have not even been invented yet. The masses are more likely to support a government-backed cryptocurrency than the ones associated with the dark web that we see now.

If you are thinking of entering the world of crypto, or you are already in, you have to bear in mind that it is an extremely risky investment and there is no insurance for your assets. Hackers are lurking around so securing your digital wallet should be a high priority. Always make sure you have antivirus software on all your devices. Having another layer of security can prevent cybercriminals from gaining access to your digital coins. It only takes seconds for hackers to send your virtual money away from your wallet, and once it leaves your digital portfolio, there is no way of getting it back. Be prepared!

Download your Antivirus

The post What will 2018 bring to the world of cryptocurrencies? appeared first on Panda Security Mediacenter.

Read More

Cybersecurity Certification Courses – CISA, CISM, CISSP

Cybersecurity Certifications Training Courses

The year 2017 saw some of the biggest cybersecurity incidents—from high profile data breaches in Equifax and Uber impacting millions of users to thousands of businesses and millions of customers being affected by the global ransomware threats like WannaCry and NotPetya.

The year ended, but it did not take away the airwaves of cybersecurity incidents, threats, data breaches, and hacks.

The scope and pace of such cybersecurity threats would rise with every passing year, and with this rise, more certified cybersecurity experts and professionals would be needed by every corporate and organisation to prevent themselves from hackers and cyber thieves.

That’s why jobs in the cybersecurity field have gone up 80 percent over the past three years than any other IT-related job. So, this is the right time for you to consider a new career as a cybersecurity professional.

But before getting started, you need to gain some valuable cyber security certifications that not only boost your skills but also verify your knowledge and credibility as a cybersecurity expert.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will help you master three elite cybersecurity certification exams—CISA, CISM, and CISSP.

Online Cyber Security Courses for CISA, CISM, CISSP Certifications

This online training course provides you with the best-selling study materials to pass the CISA, CISM, and CISSP certification exams. It dives deep into the most proven and practical methods for protecting vulnerable networks in any business environment.

From the fundamentals of cryptography and encryption to the security holes in computer networks and mobile apps, this online course will help you learn about information security audits, assurance, guidelines, standards, and best cybersecurity practices in the industry.

At the end of this course, you would develop the expertise to manage, design, oversee, and assess an enterprise’s information security, as well as maintain a secure business environment using globally approved Information Security standards.

If you do not know what CISA, CISM, and CISSP certifications are, below, you can find brief information about the courses and their importance in the IT industry.

1) CISA – Certified Information Systems Auditor

The CISA certification is renowned across the world as the standard of achievement for those who audit, monitor, access and control information technology and business systems.

Being CISA-certified showcases candidates for their audit experience, skills, and knowledge, and signifies that you are an expert in managing vulnerabilities, instituting controls and ensuring compliance within the enterprise.

2) CISM – Certified Information Security Manager

The demand for skilled information security managers is on the rise, and CISM is the globally accepted certification standard of achievement in this area.

The uniquely management-focused CISM certification ensures you are re-equipped with the best practices in the IT industry and recognises your expertise to manage, design, and oversee and assess an enterprise’s information security.

3) CISSP – Certified Information Systems Security Professional

The CISSP certification is a globally-recognised certification in the field of information security and has become a standard of achievement that is acknowledged worldwide.

Offered by the International Information Systems Security Certification Consortium, commonly known as (ISC)², CISSP is an objective measure of excellence, which requires a broad level of knowledge.

THN Offer: How To Avail 93% Discount on Cybersecurity Certification Training

If you want to select the best and cost-efficient course to pass CISA, CISM, and CISSP certifications, the Cybersecurity Certification Mega Bundle course is the one for you to begin with.

You can get Cybersecurity Certification Mega Bundle for just $69 (after 93% discount) at the THN Deals Store.

So, to Sign-up for the Cybersecurity Certification Mega Bundle course, click on this link and get your online course now.

Buying this course will not be a wrong decision. In case, you are not satisfied with this course for any reason, our training partner also provides a 15-day money back guarantee and will issue a refund.

So, what you are now waiting for? Grab the course Now!

World Economic Forum: Cyberthreats rising in prominence in global risk landscape

The latest survey marks a shift from optimism regarding technological risks in the previous years. The heightened levels of worry come on the back of an escalation in cybersecurity threats, which, as noted by the WEF, are growing in prevalence and in disruptive potential alike.

The post World Economic Forum: Cyberthreats rising in prominence in global risk landscape appeared first on WeLiveSecurity

Read More

Are VPN services only for hackers and tech junkies?

What Is a VPN, and Why Would I Need One?

You may have heard about VPN services that allow you to have an extra layer of security; access geographically restricted content; hide your traffic from your internet service provider and hide your location and browsing habits from the rest of the world. Your employer might be the one requesting you to use one when you are away from your office, but you still need safe access to your company servers.

Channeling your traffic through a VPN encrypts the outgoing traffic of your device making sure your online presence is anonymous to your ISP, employer, marketers, government, and anyone interested in your online behavior. All they see is that your traffic is going to a specific VPN hub and nothing else.

The flexibility and the anonymity that such VPN services provide make them an excellent tool for hackers who do not want to leave any traits that could potentially reveal their identity. Being a skilled hacker is not about cracking a system, but making sure that once you do, you do not leave traits that can lead back to you.

While hackers and tech junkies are known to use VPNs for the many reasons, there are a whole lot of regular folks from all over the world who enjoy the benefits of VPN.

So who are they and why they do it?

Security conscious people

Security-conscious travelers never connect to public WiFi networks unprotected. Hackers, or the admins of such networks, could be monitoring them. Instead, they connect to VPN that encrypts all incoming and outgoing traffic from their connected device. This is one of the ways that guarantees you that the admin, nor skilled hackers, will be spying, and possibly even recording, the data that goes through the router.

Bargain hunters

Grabbing an airline ticket at a lower price has never been easier. Sometimes there are significant price differences for flights that are offered to the US buyers when compared to British for example. While the currency exchange may add up, when you are looking for affordable plane tickets, it is always a good idea to check the fares from multiple locations so you can make sure you are getting the biggest bang for your buck.

Travelers

There is nothing more frustrating than being in a hotel on the other side of the world and not being able to watch your favorite TV show due to geographical restrictions. And if paying $30 for a pay per view movie does not sound appealing, you can use VPN to access your Netflix account and play your desired content on your laptop from the comfort of your hotel bed.

Dissidents and people who want to communicate with people living in the free world

While here in the US, freedom of speech is a human right, this is not always the case in some foreign states such as Russia, China, Iran and North Korea. Using VPN allows people from such countries to access content that is usually prohibited. Staying in touch with relatives living abroad could also be a challenge from time to time. If Facebook is your preferred way of communication, VPN may be your only solution for accessing it while in China.

Bored employees

The last thing you want is letting your employer know that over the last few days you’ve been spending all your mornings looking for new shoes on Amazon. Access to social media websites at work is also a distant dream for many employees. Using VPN service could let you bypass the restrictions and let you safely check out your Facebook feed from the comfort of your office PC or Mac. While it is understandable that employers want you to work all the time, sometimes people want their freedom, and having access to VPN might be the solution.

VPN is not only for hackers and technology-savvy people.

There are all sorts of people who use it, and the global usage is not showing any signs of slowing down. However, using VPN comes with some risks and not all VPNs are equal. While you might be anonymous when using VPN, you might want to make sure that you are aware of the risks, especially if you need to visit sketchy websites. Check out our suggestions for safe use of VPN.

The post Are VPN services only for hackers and tech junkies? appeared first on Panda Security Mediacenter.

Read More